Windows Public Key Infrastructure Extends Security

Public key cryptography can eliminate many of the security and usability problems associated with password-based logons and can provide capabilities not possible with mere passwords. However, it requires implementing a public key infrastructure (PKI), a set of components and services that allow operating systems and applications to use public-key cryptography, which can be difficult, complex, and expensive. With Windows 2000, Microsoft has eased the task by integrating all of the core software elements needed to implement a PKI, but many organizations have still been reluctant to take advantage of this technology. They shouldn’t be: a PKI limited to a single organization allows it to implement stronger and easier logon security, more secure virtual private networking, and encrypted file storage, without encountering most of the cost and complexity of a PKI targeted at Internet-wide use.

Public key cryptography enables users to encrypt or decrypt data with pairs of keys: a non-secret public key published in a digital document that can’t be forged called a certificate, and a corresponding private key that only the owner named in the certificate can access. (Readers unfamiliar with the basics of public key cryptography and digital certificates should see the sidebars “How Public Key Technologies Work” and “Digital Certificates, CAs, and Trust“.)