Public Key Infrastructure

A Public Key Infrastructure (PKI) deploys X.509 digital certificates for public key cryptography to users, computers, and network devices in your organization to provide one of three capabilities: privacy, authentication, or non-repudiation.

IdentIT Inc.'s president, Brian Komar, is known as an industry expert on Microsoft's PKI offerings and has written extensively on designing, deploying, and managing PKI. Some of his writing efforts include:

• Microsoft Windows Server 2003 PKI and Certificate Security The definitive Microsoft PKI book for Microsoft Press in conjunction with the Microsoft PKI team. Detail on the book can be found at http://www.microsoft.com/MSPress/books/6745.asp.
• Course 2821: Designing and Managing a Windows Public Key Infrastructure. The Microsoft PKI courseware was developed by Brian, who worked as the technical lead and subject matter expert. A course outline is available at
•  http://www.microsoft.com/learning/syllabi/en-us/2821Afinal.mspx
• Certificate Revocation and Status Checking. This whitepaper defines how Microsoft operating systems perform certificate validation and how to troubleshoot problems in revocation checking. The whitepaper is available at
•  http://www.microsoft.com/technet/prodtechnol/winxppro/support/tshtcrl.mspx
• Cross-Certification and Qualified Subordination Using Windows Server 2003. This whitepaper discusses how to implement certificate trust between different organizations, applying qualified subordination restrictions to limit which specific certificates you trust from a partners organization. The whitepaper is available at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
• security/ws03qswp.mspx
• Implementing and Administering Certificate Templates in Windows Server 2003. This whitepaper covers the management and design of certificate templates for PKI-enabled applications in a Windows Server 2003 PKI environment. The whitepaper is available at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
• security/ws03crtm.mspx
• Beyond The Basics Get Smart! Boost Your Network's IQ With Smart Cards. This article, written for Microsoft TechNet magazine, discusses the merits and issues with deploying smart cards in your organizations. The article is available online at http://www.microsoft.com/technet/technetmag/issues/2005/01/SmartCards/
• default.aspx

IdentIT Inc. specializes in delivering comprehensive PKI consulting engagements and can provide consulting expertise in the following areas related to PKI:

• Design a PKI to address business needs and achieve regulatory compliance
• Implement key management: key escrow, key renewal, and revocation
• Establishing trust across PKI domains
• Certificate path development and validation
• PKI Pilots - definition, implementation and lessons learned
• Requirements gathering for PKI implementations
• PKI product testing and functional analyses
• Review and selection of appropriate PKI vendor products/services
• Development of Certificate Policies (CP) and Certification Practices Statements (CPS)
• Design and deploy Revocation checking technologies (CRL, OCSP, SCVP etc.)
• Implement hardware security modules (HSMs) to increase private key protection for CAs.
• Integrate digital certificate usage with new and existing applications
• Certificate-based authentication for Web-based applications
• Cryptographic smart cards and tokens for authentication
• Smart Card management systems
• Port-based authentication for wireless and wired networks
• Secure Email with S/MIME
• VPN and secure remote access solutions
• Code Signing
• PDF Document Signing
• Internet Protocol Security
• Web Server SSL
• Encrypting File System
• Software Restriction Policies