ABSTRACT
A key element of Enterprise Level Security is the use of Public Key Infrastructure certificates for identity claims. For IT purposes, identity is a label that is recognized and bound to only one entity or object. The binding is achieved by verifying the credentials or claims presented by the entity. Before such a credential can be properly issued, the entity to which it is issued must be properly identified, and this identity must be validated through some real-world method. For people, an in-person meeting with proper credentials proving identity as stated by a trusted authority, such as a driver’s license, passport, or other government identity, provides the ability to authenticate the person. Vetting must be done for non-person entities (NPEs) as well. However, the procedure is different from the one used for people, as the NPE is often managed by some people in a particular role and is dependent on these people for proper use of the credential. Names provided for all entities must be both unique and interpretable. Key pairs to which they are bound must be generated on secure hardware, and these keys must be protected during both storage and use.
