In-depth

What is public key infrastructure (PKI)?

This technology can help secure data using a number of components

Graphic representing security in either data protection or cyber security contexts

One of the most important elements of digital encryption and cryptography is public key infrastructure (PKI), which is an essential component of security technology. PKI governs the management and deployment of digital certification and public key encryption by establishing the roles, policies and procedures required.

This crucial element is normally deployed to keep information conveyed through digital channels secure over several networking activities - such as e-commerce, internet banking and private email communications. For example, there is one requirement for processes where basic or straightforward passwords are not strong enough as authentication methods, and provides those involved with a more rigorous proof of identity to provide and access information being transferred.

Public key encryption relies on PKI mechanisms, but the term actually refers to the wider system, which is itself responsible for verifying authentication attempts and distributing keys in the first place. It should be noted that PKI isn’t the same as the secure data transfer method public-key encryption, however.

How does PKI work?

Many organisations take part in the process of developing PKI, and the first step involves a subject verifying their identity using a digital certificate. Firstly, a registration authority (RA) is required under PKI to verify the subject. All requirements must be published too, alongside information on how the PKI was established.

The request is passed from the RA to a certificate authority (CA) following successful identity verification, and this organisation is charged with approving, issuing and storing digital certificates. CAs with some profile include Comodo, DigiCert and even GoDaddy, with the likes of Let’s Encrypt also categorised as a CA. These certificates, which are issued by the CA, are held in a central hub controlled by management systems also tasked with distribution and access permissions.

The CA is in charge of signing and issuing digital certificates as proof that a subject’s identity has been verified, and following an approved RA request, the CA will issue pair of private and public keys to accompany this. This might come across a simple step in this process, but there are various pieces of hardware and software working silently in the background to make this happen. These include managing tasks like automatic data validation, the creation of key pairs, and request approval. These elements all form the PKI.

Where is PKI used?

Person checking email inbox while sitting at a desk

Public Key Infrastructure use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.

It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.

You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.

The chain of trust

To enhance the security of Public Key Infrastructure, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.

A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
PayPal looks to block hate group funding
Security

PayPal looks to block hate group funding

26 Jul 2021
What is two-factor authentication?
two-factor authentication (2FA)

What is two-factor authentication?

23 Jul 2021
Mitre reveals the most dangerous software vulnerabilities
Software

Mitre reveals the most dangerous software vulnerabilities

23 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Six ways boards can step up support for cyber security
Business strategy

Six ways boards can step up support for cyber security

22 Jul 2021