What is public key infrastructure (PKI)?
This technology can help secure data using a number of components
Public key infrastructure (PKI) is an important foundation for digital encryption and an essential part of most security technologies. It is a set of roles, policies and procedures one needs to create, manage and deploy digital certifications and public key encryption.
The role of a PKI is to keep electronically transferred information secure over a number of different network activities, such as e-commerce, internet banking and confidential email. This is a requirement for processes where simple passwords are not strong enough methods of authenticity. It provides those involved with more rigorous proof of identity to provide and access the information being transferred.
PKI isn't the same as the secure data transfer method known as public-key encryption, however. Public key encryption relies on PKI, but the term 'PKI' actually refers to the broader system which is responsible for verifying identities and handing out public and private keys in the first place.
How does PKI work?
There are several companies involved in Public Key Infrastructure. The first step of the process involves the subject verifying their own identity with a digital certificate. Doing this requires a registration authority (RA) which itself is a requirement set out by the PKI to verify the subject. All requirements need to be published, so they are public, along with details on how the PKI has been developed.
Upon verification, the RA passes the request along to the certificate authority (CA), which is responsible for approving, issuing, and storing digital certificates. Companies such as GoDaddy, DigiCert, Comodo, as well as non-profit groups like Let’s Encrypt, are all counted as CAs and can handle this process. All issued certificates are stored in a central repository, controlled by a management system that’s tasked with distribution and access permissions.
The CA is also responsible for signing and issuing digital certificates as proof that a subject’s identity has been verified. After a request from a RA is approved, the CA will then issue a private and public key pair to accompany the certificate. While this sounds like a simple step, in reality, there’s a bunch of hardware and software working behind the scenes, managing tasks like automatic data validation, the creation of key pairs, and request approval – all of which form the PKI.
Where is PKI used?
Public Key Infrastructure use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.
It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.
You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.
The chain of trust
To enhance the security of Public Key Infrastructure, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.
A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.
Digital document processes in 2020: A spotlight on Western Europe
The shift from best practice to business necessityDownload now
Four security considerations for cloud migration
The good, the bad, and the ugly of cloud computingDownload now
VR leads the way in manufacturing
How VR is digitally transforming our worldDownload now
Deeper than digital
Top-performing modern enterprises show why more perfect software is fundamental to successDownload now