170 7.1 PKI and you
PKI and you
In Chapter 6, we briefly covered Public Key Infrastructure (PKI). This
chapter is devoted to this topic. We have discussed SSL, encryption, and
certificates. Now we are going to focus on Public Key Infrastructure. PKI is
slowly immersing itself into the business enterprise. Lotus Notes has had a
PKI since Release 1.0. For an effective PKI to be implemented, however,
you will need to have some idea of what this beast is. As you might guess,
public key cryptography requires a public key infrastructure. What is driv-
ing this use of PKI are applications and access to those applications. Busi-
nesses around the world are deploying new generations of business-critical
applications, and in many cases, these are distributed applications. These
applications are serving the following types of environments: customer to
business; business to business; and employees to business.
7.1.1 Customer to business
This environment is one in which the customer will use the Internet to
interact with a business. Customer-to-business access is not only to "buy"
something. Following are a few examples of other uses this type of access
provides. It can:
• Look up information on a product or service
• Inquire or make a change to an order
• Place an order
• Send an e-mail with a question regarding the company's offerings
There are a lot of reasons for a customer to use the Internet. Do you
have to authenticate with each of these reasons? No, you only need to
authenticate in those areas where you need to identify the user. Interestingly
enough, implementing a PKI for the general public is somewhat difficult.
You will see why a bit later.
Business to business
This environment is where PKI can really shine. You will see that by using
some type of PKI, you can determine whom you are doing business with
and use that information to track and verify transactions. PKI can be very
useful in the high-volume transaction and mobile world of Internet com-
merce. It provides risk management control for business systems.