Public Key Infrastructure (PKI)

Complex business systems, E-commerce and automated business transactions require robust and rigorous security measures. Companies using the internet environment as a platform to conduct business have a better probability of success if they accommodate the needs of security-conscious clients. Internet clientele demand stringent security protocols to protect their interests, privacy, communication, value exchange, and information assets. Public key cryptography supports these risk management requirements and solves e-commerce security problems in heterogeneous network environments.

Public key cryptography supports security mechanisms such as confidentiality, integrity, authentication, and non-repudiation.

Authentication: Authentication means verifying the identity of entities or ensuring that the persons with whom you are corresponding are actually the same who they say they are.

Confidentiality: Confidentiality means ensuring the secrecy and privacy of data or ensuring that no one other than the expected parties is able to access the data.

Integrity: Integrity means ensuring that data cannot be corrupted or modified and transactions cannot be altered. In the Electronic world digital signature has replaced the traditional seal.

Non-Repudiation: Non-repudiation means ensuring that data, cannot be renounced or a transaction denied. That means there can be no denial on the part of the sender of having sent a message. This is provided through public key cryptography by digital signing.

PKI technology is based on the asymmetric cryptography as it involves an asymmetric key pair. This key pair consists of a public key and a private key. The public key, may be freely distributed. This key does not need to be kept confidential. The private key, on the other hand, must be kept secret. The owner of the key pair must guard his private key closely, as sender authenticity and non-repudiation are based on the signer having sole access to his private key. A Certification Authority, who confirms and verifies the identity of an individual before issuing a certificate, certifies the key pair. This forms the 'Digital Identity' for that person. The certificate issued is called the 'Digital Certificate'. Both keys are inverse of each other and have some properties, they are mathematically related to each other, it is impossible to calculate one key from the other. Therefore, the private key cannot be compromised through knowledge of the associated public key. Each key in the key pair performs the inverse function of the other. What one key does, only the other can undo. The private key is used for signing and decrypting a message or a document while the public key is used to verify or encrypt.

It is important to understand that PKI is not by itself an authentication, authorization, auditing, privacy, or integrity mechanism. Rather, PKI is an enabling infrastructure that supports these various business and technical requirements.