Understanding public key infrastructure (PKI) is an important step in understanding e-commerce security. This tip,...
excerpted from InformIT, discusses the PKI function of notarization.
The term notarization (that is, the primary service of a notary) can be a source of confusion in some environments, because it means different things in different legal frameworks. For [our] purposes, the PKI-enabled service of notarization is defined to be synonymous with "data certification." That is, the notary certifies that data is valid or correct, where the meaning of "correct" is necessarily dependent on the type of data being certified. For example, if the data to be certified is a digital signature over some hashed value, the notary may certify that the signature is "valid" in the following sense:
The signature verification computation with the appropriate public key is mathematically correct.
The public key is still validly associated with the entity purporting to have signed the value.
All other data required in the validation process (such as additional certificates) to form a complete path.
The PKI notary is an entity trusted by some collection of other PKI entities to perform the notarization service properly. It certifies the correctness of data through the mechanism of a digital signature; the other PKI entities, therefore, need a trusted copy of the notary's verification public key so that the signed data certification structure can be verified and trusted.
The PKI-enabled service of notarization relies on the core PKI service of authentication. It will typically also rely on the PKI-enabled service of secure time stamping because the notary will need to include the time at which the notarization was done in the data certification structure.
For more of this tip, go to InformIT. You have to register there, but it is free.
Understanding Public-Key Infrastructure
By Carlisle Adams and Steve Lloyd
This book is a tutorial on and a guide to the deployment of public key infrastructures. It covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. Emphasis is placed on explaining the interrelated fields within the topic area, to assist those who will be responsible for making deployment decisions and architecting a PKI within an organization.