In-depth

What is public key infrastructure (PKI)?

This technology can help secure data using a number of components

Graphic representing security in either data protection or cyber security contexts

One of the most important elements of digital encryption and cryptography is public key infrastructure (PKI), which is an essential component of security technology. PKI governs the management and deployment of digital certification and public key encryption by establishing the roles, policies and procedures required.

This crucial element is normally deployed to keep information conveyed through digital channels secure over several networking activities - such as e-commerce, internet banking and private email communications. For example, there is one requirement for processes where basic or straightforward passwords are not strong enough as authentication methods, and provides those involved with a more rigorous proof of identity to provide and access information being transferred.

Public key encryption relies on PKI mechanisms, but the term actually refers to the wider system, which is itself responsible for verifying authentication attempts and distributing keys in the first place. It should be noted that PKI isn’t the same as the secure data transfer method public-key encryption, however.

How does PKI work?

Many organisations take part in the process of developing PKI, and the first step involves a subject verifying their identity using a digital certificate. Firstly, a registration authority (RA) is required under PKI to verify the subject. All requirements must be published too, alongside information on how the PKI was established.

The request is passed from the RA to a certificate authority (CA) following successful identity verification, and this organisation is charged with approving, issuing and storing digital certificates. CAs with some profile include Comodo, DigiCert and even GoDaddy, with the likes of Let’s Encrypt also categorised as a CA. These certificates, which are issued by the CA, are held in a central hub controlled by management systems also tasked with distribution and access permissions.

The CA is in charge of signing and issuing digital certificates as proof that a subject’s identity has been verified, and following an approved RA request, the CA will issue pair of private and public keys to accompany this. This might come across a simple step in this process, but there are various pieces of hardware and software working silently in the background to make this happen. These include managing tasks like automatic data validation, the creation of key pairs, and request approval. These elements all form the PKI.

Where is PKI used?

Person checking email inbox while sitting at a desk

Public Key Infrastructure use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.

It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.

You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.

The chain of trust

To enhance the security of Public Key Infrastructure, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.

A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Tesco services knocked offline after suspected cyber attack
hacking

Tesco services knocked offline after suspected cyber attack

25 Oct 2021
Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
Ofcom report reveals alarming uptick in smishing attacks
scams

Ofcom report reveals alarming uptick in smishing attacks

22 Oct 2021
Graylog launches new cyber security solution to address legacy issues
cyber security

Graylog launches new cyber security solution to address legacy issues

21 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021