What Is PKI?
PKI (public key infrastructure) facilitates the safe and secure exchange of data, information and funds between users in a public network, such as the Internet. In a PKI arrangement, centralized software, working in tandem with distributed software components, binds unique public keys to individual users or groups. PKI is a cryptographic arrangement in which user identities may be verified using digital certificates and assigned keys.
Other People Are Reading
-
Cryptography Techniques
-
The underlying concept of PKI is public key cryptography--the most widely used technology used in authenticating senders or encrypting messages in the Internet. In order to appreciate the necessity of public key cryptography, it is important to understand the limitations of traditional cryptography, which usually involves creating and sharing a secret key to encrypt and decrypt messages. Using traditional cryptography, communications over the Internet may easily be decrypted if the key is intercepted. The PKI infrastructure eliminates the risk of data interception by putting a system in place that bars messages from being decrypted, and is understandably the most preferred method of communications over the Internet.
PKI Components
-
Essential elements in a public key infrastructure include a certificate authority, a registration authority, one or more directories, and a certificate management system. The certificate authority (CA) is the body responsible for issuing and verifying digital certificates, which contain the public key or any information about the key. The registration authority (RA) verifies an individual or organization before the CA issues a digital certificate to the party. The last two elements in the PKI infrastructure are software components to store the certificates and public keys and a system to manage the certificates.
-
PKI Process
-
In public key cryptography, a CA generates a public and private key simultaneously using the same algorithm for an individual entity. Only the requesting party is allowed to access the private key, whereas the public key is contained within a digital certificate and made publicly available. The private key--never shared or sent over the Internet--is used to decrypt messages encrypted by its corresponding public key. For example, if an individual sends a message to an online business, the message is first encrypted using the business's public key, which is readily available from a central administrator. When the business receives the message, it decrypts the message using its private key.
PKI Implementation
-
The need for a comprehensive PKI infrastructure is understandable in the wake of accelerated e-commerce and business-to-business transactions conducted over the Internet. A number of products to implement a functional PKI system are offered by several different companies, including RSA, Verisign, Xcert, Netscape and GTE CyberTrust. In implementing the infrastructure, companies such as RSA develop the main algorithms for PKI vendors.
Verisign is a CA and developer of PKI software, and GTE CyberTrust is a PKI implementation and consultation firm. Another PKI firm, Xcert uses its Web Sentry product and the online certificate status protocol to verify the revocation status of certificates.
PKI Alternatives
-
Systems similar to PKI include VPN (virtual private network) and IP security. Other systems for the authentication of public key information include newer techniques, some of which are already being used by several different enterprises. Some of the most popular public key authenticating systems include Web Of Trust, Simple Public Key Infrastructure and Robot Certificate Authorities.
-
References
- Photo Credit shopping online image by Photosani from Fotolia.com
