Windows 2000 leverages public key technology to address the security needs of enterprises and e-commerce applications. These security needs include authenticating distributed business partners, using smart cards for strong network authentication, distributing authenticated code, and ensuring laptop and desktop file system security, secure e-mail, and network-level secure communications.
The public key security architecture of Windows 2000 supports e-commerce applications that require distributed, scalable authentication. The components of this architecture seamlessly integrate with the operating system, instead of being an adjunct to it, and effectively interface with external trust infrastructures. Microsoft CryptoAPI, the cornerstone of this architecture, provides the machinery to build authentication, integrity, and privacy security services into applications. At the very top are a myriad of PKI-enabled applications that layer on top of CryptoAPI. These applications leverage the Window 2000 PKI to establish the quality of protection they need before they process a transaction or open a communication channel.
Standards lay the groundwork for interoperability among disparate PKI systems. Standards, however, are subject to various levels of conformance and interpretations, which result in interoperability issues. PKI-to-PKI, PKI-to-application, and application-to-application are three main areas of interoperability concerns.