Public Key Infrastructure

In the new digital environment, a Public Key Infrastructure (PKI) ensures that sensitive electronic communications are private and protected from tampering. It provides assurances of the identities of the participants in those transactions, and prevents them from later denying participation in the transaction.

PKI provides the following assurances:

• Protects privacy by ensuring the data is not read but can't stop someone from intercepting it (If you can't read something, what's the use of that data?)

• Assures the integrity of electronic communications by ensuring that they are not altered during transmission

• Verifies the identity of the parties involved in an electronic transmission

• Ensures that no party involved in an electronic transaction can deny involvement in the transaction

Before you send data over the public Internet, you want to make sure that the data, no matter how sensitive, won't be read by the wrong source. PKI enables data to be sent encrypted by use of a public key, cryptography, and digital signatures.

Public key cryptography ensures the confidentiality of sensitive information or messages using a mathematical algorithm, or key, to scramble (encrypt) data, and a related mathematical key to unscramble (decrypt) it. In public key cryptography, authorized users receive special encryption software and a pair of keys, one an accessible public key, and the other a private key, which the user must keep secret.

A digital signature (DSS) is an electronic identifier comparable to a traditional, paper-based signature—it is unique and verifiable, and only the signer can initiate it.

Before any communication can take place, both parties involved in the data communication must obtain a Certificate of Authority from a Certification Authority (CA), a trusted third party responsible for issuing digital certificates and managing them throughout their lifetime.

Consider the following example: a user named Simon wants to communicate with a user named Sharon. Simon already has his digital certificate but Sharon has yet to obtain one. Sharon must identify herself to the CA to obtain a certificate. This is analogous to a passport when you travel the world. When Sharon obtains her digital certificate, it contains a copy of her public key, the certificate's expiration date, and the CA's digital signature. Each of these details is public.

Sharon also receives a private key, which is not shared with anyone. Now that both parties have a DSS, they can communicate and encrypt data using their public key, but they can decrypt only the data using their respective private keys. Pretty Good Privacy (application layer tool) is an excellent example of this type of communication. I suggest you install the software (free demonstration version) and try PKI for yourself. You can find the free software at

0 0

Post a comment