Home > PKI  
- Entrust Authority
- Unicert Verizon



What is a Public Key Infrastructure (PKI)?
Securing business and communications over computer networks can be likened to an electronic equivalent of signing a letter and sealing it in an envelope. The signature proves authenticity and the sealed envelope provides confidentiality.

Criptography ensures confidentiality by encrypting a message using a secret key in association with an algorithm. This produces a “scrambled” version of the message that the recipient can decrypt, using the original key, to retrieve the contents.
The key used must be kept secret between the two parties. The central problem in most cryptographic applications is managing these keys and keeping them secret.

Public Key cryptography
This problem is solved by replacing the secret keys with a pair of keys, one private and one public.
Information encrypted using the public key can only be retrieved using the complementary private key.
In addition to encryption, the public and private keys can be used to create and verify digital signatures.

But public key cryptography is not enough to move in the electronic world traditional paper based transactions.
We also need:

• Security policies to define the rules under which the cryptographic system should operate
• Products to generate, store and manage the keys

In short, we need a Certification Authority

Certification Authority
A certification authority is a trusted third party organization that issues digital certificates to requesting organizations after a process of verifying (or certifying as the name implies) their credentialing information. As a part of this process, an issued digital certificate contains some of that information for identification purposes: such as the certificate holder's name, organization, address, etc. By issuing the digital certificate, the certification authority attests to the organization's identification contained therein, confirming that it is a legitimate entity.

Certification Authorities and PKI
Certification authorities do not issue certificates based upon certification practices alone. There are several contributing members in the process, and a number of events that must take place before a certificate can be issued. The certification authority is only part of a greater network, known as the public key infrastructure (PKI), which provides for the issuing and management of security certificates, credential verification, and public key encryption assignments. As a part of the PKI arrangement, the certification authority supplies applicant information to a registration authority, who will determine the validity of that information. If the applicant's information is verified, then the process moves forward; and a public key is assigned for encryption purposes. This public key is bound to the identity of the certificate holder upon issue by the certification authority. As a final measure, the SSL certificate is encoded with the digital signature of the issuing certification authority, thereby authenticating both its contents and the process by which it was issued.


PKI - e-mail Security - Fraud Management - SSL Services - Digital Signature