Strong Security with Public Key Technology

The Windows 2000 public key infrastructure enables you to deploy strong security solutions that use digital certificates and public key technology. Security solutions can include the following:

  • Secure mail, which uses certificates and the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol to ensure the integrity, origin, and confidentiality of e-mail messages.

  • Secure Web sites, which use certificates and certificate mapping to map certificates to network user accounts for controlling user rights and permissions for Web resources.

  • Secure Web communications, which use certificates and the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to authenticate servers, to optionally authenticate clients, and to provide confidential communications between servers and clients.

  • Software code signing, which uses certificates and digital signing technology (such as Microsoft® Authenticode®) to ensure the integrity and authorship of software that is developed for distribution on an intranet or on the Internet.

  • Smart card logon process, which uses certificates and private keys stored on smart cards to authenticate local and remote access network users.

  • Internet Protocol security (IPSec) client authentication, which has the option to use certificates to authenticate clients for IPSec communications.

  • Encrypting File System (EFS) which uses certificates for both EFS user and EFS recovery agent operations.

  • Custom security solutions, which use certificates to provide confidentiality, integrity, authentication, or nonrepudiation.

For more information about security solutions that use public key technology, see "Choosing Security Solutions That Use Public Key Technology" in this book.