PKI (Public Key Infrastructure) is a collection of technologies, processes, and organizational policies that support the use of public key cryptography to verify the authenticity of public keys. PKI provides the mechanisms to ensure that the trusted relationships are established and maintained.
Complex business systems, e-commerce and automated business transactions require robust and precise security procedures. While today,s Internet client demands security to protect their interests, privacy, communication, value exchange, and information assets.
PKI enables users using insecure public network like Internet to securely and privately exchange data and do financial transaction through the use of public and private cryptographic key pair that is obtained and shared through a trusted authority (Certifying Authority).
The specific security functions in which a PKI provides foundation are confidentiality, authentication, integrity and non-repudiation.
Confidentiality means ensuring the secrecy and privacy of data or ensuring that no one other than the expected parties is able to access the data.
Authentication means verifying the identity of entities or ensuring that the persons with whom you are corresponding are actually the same who they say they are.
Integrity means ensuring that data cannot be corrupted or modified and transactions cannot be altered. In the Electronic world digital signature has replaced the traditional seal.
Non-repudiation means ensuring that data, cannot be renounced or a transaction denied. That means there can be no denial on the part of the sender of having sent a message. This is provided through public key cryptography by digital signing.
PKI technology is mainly based on the asymmetric cryptography as it involves an asymmetric key pair. This key pair consists of a public key and a private key. The public key, as its name suggests, may be freely distributed. This key does not need to be kept confidential. The private key, on the other hand, must be kept secret. The owner of the key pair must guard his private key closely, as sender authenticity and non-repudiation are based on the signer having sole access to his private key.
A Certification Authority, who confirms and verifies the identity of an individual before issuing a certificate, certifies the key pair. This forms the 'Digital Identity' for that individual. The certificate issued is called the Digital Certificate.
The primary function of a PKI is to allow the distribution and use of public keys and certificates with security and integrity.
- While they are mathematically related to each other, it is impossible to calculate one key from the other. Therefore, the private key cannot be compromised through knowledge of the associated public key.
- Each key in the key pair performs the inverse function of the other. What one key does, only the other can undo. The private key is used for signing and decrypting a message or a document while the public key is used to verify or encrypt.
E-Lock Digital Signature products and solutions leverage the underlying PKI infrastructure to provide signing and encryption for documents and transactions. While the PKI deals with creation of key pairs and issue and management of digital certificates, digital signature technology deals with use of these keys for various security functions from within the applications.