Public Key Infrastructure
PKI has a foundation of four security pillars that create the building blocks for zero trust.
Public Key Infrastructure (PKI) is the combination of hardware, software, policies, standards, procedures, and people needed to create, manage, store and distribute digital credentials such as keys and certificates.
PKI allows the delivery of security and confidentiality services to electronic businesses solutions.
It is an enabling technology that allows other solutions to provide the tangible outcome or benefit. PKI provides, along with a Corporate Directory, the building blocks to allow other solutions to be realised, not the end solution itself.security
Four Security Pillars of Zero Trust
To ensure the authenticity of an individual, application or device. Ensuring that users are who they claim they are allows resource access control decisions to be made. PKI provides identification and authentication through digital signature of a challenge. The sender of the challenge can verify using the certificate that the challenge was signed by the holder of the private key corresponding to the public key in the certificate.
Ensuring that information can be kept private. Encoding the information into a format which is incomprehensible to the attackers allows PKI to provide confidentiality through encryption. If the public key in a certificate is used to encrypt information, only the entity named in the certificate can decrypt that information. PKI can be used for both encryption in transit and for encryption at rest
That information cannot be manipulated without this being obvious to the recipient. Ensuring that the information cannot be changed without detection. PKI provides data integrity through digital signature of information. If the recipient of digitally signed information can verify the signature on the information, then the recipient knows that the content has not changed since it was signed.
The creator or sender cannot disown the information or claim they did not create or send the information. vents users from denying involvement in an electronic transaction PKI assists with technical nonrepudiation through digital signatures. If information has been digitally signed, only the entity named in the certificate had access to the private key used to sign.
Some of the key areas where PKI would aid an organisation to better realise capabilities deriving from information technology are:
- Providing encryption and authentication for internal and external web pages such as internet banking.
- Logical access control by provide logon using strong authentication.
- Allowing single sign on to resources.
- Authentication to different environments (e.g. Windows to Unix).
- External access to corporate network services.
- Remote secure administration of ICT assets.
- Virtual Private Networks.
- Remote access for mobile devices.
- Timestamp Services.
- Identity Management.
- Physical Access to facilities and equipment