Public Key
Infrastructure
Securing against unauthorised access.
What is PKI?
Public Key Infrastructure (PKI) is a system of cryptographic technologies, standards, management processes, and controls governing the use of digital certificates.
PKI is a system for supporting digital signatures and document encryption for an organisation.
PKI is an enabling technology – it enables users of an insecure public network (such as the internet) to securely and privately exchange data through the use of a public/private cryptographic key pair that is obtained and shared through a trusted authority.
A PKI is made up of:
1. A Certificate Authority (CA) that issues and verifies digital certificates
2. A registration authority that acts as the verifier for the certificate authority before a digital certificate is issued to a requestor
3. One or more directories where the certificates or public keys are held
4. A Certificate Management System (CMS)
PKI Assures:
Integrity
PKI offers integrity through digital signatures, which are used to prove that the data has not been altered in transit. This effectively prevents malicious third parties from tampering with the messages.
Confidentiality
Confidentiality allows selected users to exchange sensitive information. Recipient-targeted encryption ensures that only the intended recipients of a message will be able to decrypt and read the message.
Non-Repudiation
Non-repudiation provides evidence – verified by a trusted third party – that a transaction has been sent or authorised by the purported sender. PKI uses digital signatures to bind the identity of a party to the transaction, so knowledge of the transaction cannot later be denied.
Authentication
The process of testing and verifying an assertion of identity, in order to establish a reliable level of confidence in those assertions.
Related Technologies
Virtual Private Networks
Secure Socket Layers (SSL) and Transport Layers Security (TLS)
Secure Emails
