Public Key Infrastructure

As businesses look to conduct more and more commerce across networks, the challenge of replacing tried and true “real world” mechanisms that provide trust, security, and assurance can be quite daunting. In terms of providing the digital equivalent, only Public Key Infrastructure (PKI) technology holds the promise to address these issues comprehensively.

PKI can provide the digital equivalent of a driver’s license, company identification badge, a signature, a sealed envelope, or even a notary public. PKI provides security features such as authentication, data/message integrity, privacy/confidentiality, and non-repudiation. PKI can be integrated with authorization and access control systems as well.

PKI is based on asymmetric cryptography. Symmetric cryptography is the form that most of us are familiar with – when the same key must be securely shared between two parties, and the same key is used to encrypt and decrypt a message. Symmetric cryptography works great for communication between two parties. But for secure communications within a community, each person would have to share a secret key with every other member. Symmetric cryptography just doesn’t scale.

PKI Asymmetric cryptography employs a system where each party has a pair of keys, one public and the other private. Messages encrypted with one key can only be decrypted with its related key. Within the community, a centralized trusted party binds the identity of each member to their public key to create a digital certificate. The trusted party then distributes the public key, along with the digital certificate, to any other member of the community.

Use of PKI mechanisms allow each member to communicate securely with each other member, without having to keep track of much more than two keys! PKI incorporates the use of hash functions in order to verify message integrity and to create digital signatures.

Like VPN, PKI is based on extremely complex technology. In general, complexity is the bane of information security. However, PKI has become more and more prevalent as the increased need for secure networking has overcome the concerns over its complexity.

Like all other security systems, PKI technology is only as strong as the policies, procedures, and implementations allow it. Improperly designed, PKI can be very expensive without delivering any increased security or utility. Designed properly, PKI can enable many new applications and streamline older security solutions.

For more information regarding PKI, see the PKI links on the Industry Links page of the Resources section of this website.

Copyright © 2001, 2002, 2003 Dalliesin, Inc. All rights reserved.