PKI – Establishing Trust in a Digital World
Trust is essential in today’s modern society where people, devices and things interact on a daily basis within a corporate network or online as we all shop, bank, update our status via social media and use online products and services. In a world where every business and government are striving to e-enable processes in order to streamline and make processes efficient and green, it is important to consider on what basis can you trust who you are transacting with.
Modern life and the digitisation of business processes cannot function without the trust services that are enabled by the use of PKI. PKI forms a fundamental part of the trust infrastructure that issues, manages and distributes the digital identities used in so many of the commercial and organisational processes we take for granted.
A PKI provides users and organisations with
Digital credentials that secure information in transit and at rest
Frictionless authentication of people, devices and things
Data integrity and fraud protection
What is a PKI?
A PKI consists of roles, policies, procedures, hardware, software and a physically secure facility. When built to industry best practice, a PKI can be trusted to generate, manage, distribute, store, use and revoke digital certificates and their corresponding cryptographic keys.
A PKI’s main components are:
- Certificate Authority (CA) – stores, issues and signs the digital certificates
- Registration Authority (RA) – checks and registers the identity of users’ digital certificates
- Central Directory – where users keys are securely stored and indexed
- Revocation Services – a means of checking to see if a digital certificate can no longer be trusted
- Certificate Management system – access and distribution of stored digital certificates
- Policy – sets out the PKI’s requirements and procedures
Each end entity in a PKI generates at least one pair or cryptographic keys – a public and a private key, the public key is embedded into a certificate that is digitally signed by a Certification Authority. Each key that is generated has a “key usage” and an “extended key usage”, these enable the keys and corresponding certificates to be used by applications for certain usage, examples include: digital signature, client authentication, smartcard logon etc.
Information Protection / Encryption
Information can be encrypted with a user’s public key\certificate which can then only be decrypted by the holder of the private key.
Data Integrity/Digital Signature
Information can be digitally signed by the holder of a private key and then verified by recipients using the signers public key.
Authentication
Digital Certificates can be used to authenticate a server to which your web browser will send information securely, this is called Server Authentication. Digital Certificates can also be used to authenticate a client to a server or other back end process or application such as a wireless network or VPN.