PKI and Encryption at Work
PKI and Encryption at Work
The Quality Medical Company is interested in expanding its ability to obtain more customers/clients through the Quality Medical Company’s internet presence. Quality Medical Company should consider the use PKI (Public Key Infrastructure) and Encryption to achieve a competitive and compliance advantage. Entities can have one or more private-public key pairs and associated public key certificates. A certificate is a statement issued by a certification authority according to a policy that binds an entity 's public key to its name for a period of time. (You 'll learn more about policies later in the chapter.) Another entity that trusts this CA also trusts that the public key belongs to the named entity. When entity A is presented with a certificate by entity B, entity A can tell from the certificate name that the certificate belongs to a legitimate user of the system. Entity B proves he or she is the legitimate holder of the certificate by proving his or her knowledge of the associated private key. Entity A can optionally check the certificate 's current validity by looking it up on the CA 's CRL.
Furthermore, entities A and B can now use end-to-end confidentiality and integrity services without the cooperation of any third entity. For example, users can exchange secure e-mail and securely access Web content on an intranet. Another advantage is that private keys are typically 1024-bit-long strings and cannot be guessed the way that passwords can. Therefore, you can use certificates for strong authentication.
The Quality medical Company will have to comply with several laws and regulations, such as the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance portability act (HIPAA) and Personally Identifiable Information (PII), to comply with public company regulations and compliance laws the Quality Medical Company should consider the use of encrypting data and the following steps and these are the same steps
The Quality Medical Company is interested in expanding its ability to obtain more customers/clients through the Quality Medical Company’s internet presence. Quality Medical Company should consider the use PKI (Public Key Infrastructure) and Encryption to achieve a competitive and compliance advantage. Entities can have one or more private-public key pairs and associated public key certificates. A certificate is a statement issued by a certification authority according to a policy that binds an entity 's public key to its name for a period of time. (You 'll learn more about policies later in the chapter.) Another entity that trusts this CA also trusts that the public key belongs to the named entity. When entity A is presented with a certificate by entity B, entity A can tell from the certificate name that the certificate belongs to a legitimate user of the system. Entity B proves he or she is the legitimate holder of the certificate by proving his or her knowledge of the associated private key. Entity A can optionally check the certificate 's current validity by looking it up on the CA 's CRL.
Furthermore, entities A and B can now use end-to-end confidentiality and integrity services without the cooperation of any third entity. For example, users can exchange secure e-mail and securely access Web content on an intranet. Another advantage is that private keys are typically 1024-bit-long strings and cannot be guessed the way that passwords can. Therefore, you can use certificates for strong authentication.
The Quality medical Company will have to comply with several laws and regulations, such as the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance portability act (HIPAA) and Personally Identifiable Information (PII), to comply with public company regulations and compliance laws the Quality Medical Company should consider the use of encrypting data and the following steps and these are the same steps
References: Ballad, B. Ballad, T. and Banks, Erin. Access Control, Authentication, and Public Key Infrastructure. 2011. Jones and Bartlett Learning