PKI systems

Solutions > PKI systems

PKI allows users in an unprotected open network to protect and exchange information privately and safely by encrypting the information through a pair of encryption keys – public and private. While the private encryption key is kept safe with the user, the public key can be kept by a safe entity and be continually accessible. In no way can the private key be retrieved by tampering with the public key. The PKI infrastructure supplies a unique password for individuals or organizations through digital certificates, which can be cancelled or revoked as required.

A digital certificate is a kind of electronic register which is created and based on information describing the protection characteristics of a certain identity in a network (private or public). The certificate is issued by a third party entity – a certificate authority (CA) authorized to issue and manage protection characteristics and public keys for information encryption. These digital certificates contain identifying details such as name, serial number, expiry date, copy of the public key used to encrypt messages, and digital signature (as opposed to digital certificate) of the certificate issuer.

A digital signature is a kind of electronic signature which can be used to identify the entity sending the information or the document signatory, and thus it is possible to guarantee that the information has not undergone any changes since it was signed. Digital signatures cannot be copied and an element of time can be incorporated in them.

The receiver can verify that the digital certificate is in fact valid and real by checking its contents. Presently, the leading standard for electronic certificates is called X.509 and most digital certificates issued today meet this standard. Digital certificates can be saved in a database that contains the computer registry so that other verified users can search for the public key.

The PKI infrastructure works on the assumption that using an encrypted public key is the infrastructure basis since it constitutes the most popular user authentication and data encryption method. Traditional encryption entails creating and sharing a secret key for encrypting and deciphering information. Using this encryption method with the help of a secret key presents a significant disadvantage – if and when this key is exposed, the encrypted information can be easily deciphered. Due to this reason, access by public key and PKI infrastructure encryption is the preferable to traditional encryption. The private key method is sometimes referred to as symmetric cryptography and the public key is also called asymmetric cryptography.