Public Key InfrastructureA Public Key Infrastructure (PKI) is a system of cryptographic technologies, standards, management processes and controls governing the use of digital certificates. PKI is s system for supporting digital signatures and document encryption for an organisation. It is an enabling technology in that it enables users of an insecure public network (such as the internet) to securely and privately exchange data through the use of a public / private cryptographic key pair that is obtained and shared through a trusted authority.
Enabling effective e-securityA successfully implemented and managed PKI provides for effective e-security in that it offers:
- Non-Repudiation – which is evidence, verified by a trusted third party – that a transaction has been sent or authorised by the purported sender. PKI uses digital signatures to bind the identity of a party to the transaction so that knowledge of the transaction cannot later be denied.
- Authentication – this is the process of testing and verifying an assertion of identity, in order to establish a reliable level of confidence in those assertions
- Integrity – PKI offers integrity through digital signatures, which is used to proved the data has not been altered in transit – effectively preventing malicious third parties from tampering with the messages. This is also important for non-repudiation.
- Confidentiality – it allows selected users to confidentially exchange sensitive information. Recipient-targeted encryption ensures that only the intended recipients of a message will be able to decrypt and read the message.
What does it consist of?A PKI is made up of:
- A certificate authority that issues and verifies digital certificates
- A registration authority that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor.
- One or more directories where the certificates or public keys are held
- A certificate management system
Related technologiesPKI is the hardware and software used for encryption, signing, verification as well as the software for managing Digital Certificates. There are a number of related PKI enabled technologies:
- Virtual Private Networks
- Secure emails
- Secure Socket Layers (SSL) and Transport Layer Security (TLS)