Microsoft is developing an Internet Security Framework to provide a public-key security architecture for Windows platforms. Public-key cryptography is the security technology that enables strong security for Enterprise and Internet communications. Microsoft's Internet Security Framework technologies include an Certificate Services, Secure Channel security provider that implements SSL/PCT protocols, the SET secure payment protocol for credit card transactions, and CryptoAPI version 2.o components for certificate management and administration.
The components of Microsoft's Internet Security Technologies are shown below.
Figure 6: Microsoft's Internet Security Framework
Microsoft's Internet Security Framework is based on industry standards for public-key security, including support for RSA Public Key Cipher, X.509 certificate formats, and PKCS standards.
The Windows NT 4.0 release includes the first components for using public-key security. The foundation includes the following components:
Microsoft's Internet Security Framework builds on these components and provides additional functionality to support public-key security for Windows platforms, including Windows NT. Many of the Internet Security Framework components are used by Microsoft Internet Explorer and Internet Information Server. The new features of Microsoft's Internet Security Framework for the Windows NT Distributed Security Services Technology preview include:
The next version of Windows NT security will use Internet standards for public-key security with features built into the operating system.