• Home
• Events
• Current Events
• 2006-2007 Events
• Internship Program
• Research Projects
• Current Projects
• Past Projects
• Photo Gallery
• Apply to be a Mentor or Scholar
• About Us
• Participant Profiles
• Frequently Asked Questions
• Contact Us

Public Key Infrastructure

We are living in a world where people transact commercially over the internet on a daily basis. There is no physical point of contact for such transactions. The user can not validate the identity in the absence of written contract or immediate delivery of goods. In such a scenario, what is that makes you ‘trust’ the fact that the vendor whom you are dealing with is a genuine vendor. If you are a vendor, how would you ensure that the person whom you are dealing with is a genuine customer?

The underlying infrastructure that makes online transaction possible is called the Public Key Infrastructure (PKI). Public Key Infrastructure is well, an infrastructure that enables any party to transact securely over the internet. All PKI services generally include a CA (Certificate Authority) and a Registration Authority (RA). The role of the CA is to bind the users to a certificate. (Think of it like some party C validating that party A is indeed party A). The role of the RA is to ensure that the no two people have the same certificate, meeting the level of security assurance that the users have requested. Such an arrangement enables a buyer to actually validate the authenticity of the vendor A before getting into any contract.

PKI enables a user to have various levels of security for their data. Typically, Level 1 stands for basic security for accessing a common user's email account. Level 2 is for more sensitive data like the social security numbers, locations which are more sensitive in nature. Level 3 is data concerning National Security. Level 4 or 'Black Data' is the data that only the CIA, FBI agencies have access to and this is hyper-sensitive information.

Our aim is to understand PKI by studying an actual implementation at the CDC. This is first "real life" research project managed by SAIC and the Center for Disease Control and Prevention. It is an excellent opportunity to meet people in the industry and understand applications that power the world of internet.