1. Technical Field
The present invention relates to data processing and, in particular, to public key infrastructures. Still more particularly, the present invention provides a method, apparatus, and program for automated trust zone partitioning in a public key infrastructure.
2. Description of Related Art
Public key infrastructure (PKI) is a secure method for exchanging information. A PKI uses an asymmetric encryption method, also known as the “public/private key” method, for encrypting identifications, documents, and messages. PKI starts with a Certificate Authority (CA), which issues digital certificates that authenticate the identity of people and organizations over a network, such as the Internet.
The PKI also establishes the encryption algorithms, levels of security and distribution policy to users. Secure sockets layer (SSL) is the most widely used PKI application. Endpoints typically establish an SSL connection by exchanging certificates which are issued by a trusted Certificate Authority. Certificate distribution in a distributed PKI environment continues to be administratively complex.
Therefore, it would be advantageous to provide an improved mechanism for generating and distributing the appropriate certificates for endpoints in a distributed public key infrastructure environment.