Public Key
Infrastructure
Public Key Infrastructure (PKI) is a system that validates a
user's digital identity over a public or private network. It does so by
associating a pair of public and private keys with the individual's identity
credentials. These keys are created with a cryptographic algorithm and shared
by a certificate authority (CA) that links them to the user's unique identity.
The CA stores this information in a database and issues digital certificates,
which include the public key or information about the public keys, in order to
verify the user's identity. The public key is
available as part of a digital certificate within a directory that can be
freely accessed. The private key remains secure and is not transmitted over the
network. It is used to:
- Authenticate - for certificate-based authentication, the private
key is used to generate a digital certificate that is sent to an
authentication server. When it is received, the certificate is decrypted
with the user's public key to validate the login credentials.
- Encrypt - a message or document can be encrypted with the
intended recipient's public key that is obtained and sent from a public
directory. Only the intended recipient can decrypt the information with
his or her matching private key.
- Digitally sign - a digital signature for a message, document or
transaction is created with the user's private key, encrypted and attached
to the signed contents. When the contents are received, the signature is
decrypted along with the user's public key to validate the sender's
identity.
- This technology offers a range
of security features for the enterprise, including authentication,
confidentiality and non-repudiation. PKI applications for end-users also
provide network and workstation login, secure remote access, single
sign-on, email encryption, secure data storage, digital signatures and
secure online transactions.
No comments:
Post a Comment