CSCI 4531 Lecture Notes - Lecture 11: Public Key Infrastructure, Multilevel Security, Certificate Authority

The set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography. Developed to enable secure, convenient, and efficient acquisition of public keys. A list of ca"s and their public key. Certificate authorities need to speak to each other. Anyone who wants to verify the certificate, you need the public key of the certificate authority who signed it. The certificate authority (of bob) gets a certificate from the person who owns the certificate (alice) requested and it will be signed by the person requesting the certificate (bob). That way, this says the person (bob) is trusted, and then they can access the public key from that certificate authority (of alice) All complex software systems have eventually revealed flaws or bugs that need to be fixed. It is extraordinarily difficult to build computer hardware / software not vulnerable to security attacks. Led to development of formal security models.