Public Key Infrastructure

Securing Against Unauthorised Access

WHAT IS A PKI?

A Public Key Infrastructure (PKI) is a system of cryptographic technologies, standards, management processes, and controls governing the use of digital certificates.

PKI is a system for supporting digital signatures and document encryption for an organisation.

PKI is an enabling technology – it enables users of an insecure public network (such as the internet) to securely and privately exchange data through the use of a public/private cryptographic key pair that is obtained and shared through a trusted authority.

A PKI IS MADE UP OF:

1. A Certificate Authority (CA) that issues and verifies digital certificates

2. A registration authority that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor

3. One or more directories where the certificates or public keys are held

4. A Certificate Management System (CMS)

A successfully managed and implemented PKI assures:

Non-Repudiation

Non-repudiation provides evidence – verified by a trusted third party – that a transaction has been sent or authorised by the purported sender. PKI uses digital signatures to bind the identity of a party to the transaction, so knowledge of the transaction cannot later be denied.

Authentication

The process of testing and verifying an assertion of identity, in order to establish a reliable level of confidence in those assertions.

Integrity

PKI offers integrity through digital signatures, which are used to prove that the data has not been altered in transit. This effectively prevents malicious third parties from tampering with the messages.

Confidentiality

Confidentiality allows selected users to exchange sensitive information. Recipient-targeted encryption ensures that only the intended recipients of a message will be able to decrypt and read the message.