VoicenData Bureau
New Update

What is PKI?

Public Key Infrastructure (PKI) is a combination of software, encryption

technologies, and services, which enables enterprises to protect the security of

their communications and business transactions on the Internet.


PKIs integrate digital certificates, public key cryptography, and certificate

authorities into a total enterprise-wide network security architecture. A

typical enterprises’ PKI encompasses the issuance of digital

certificates to individual users and servers, end-user enrollment software;

integration with corporate certificate directories; tools for managing, renewing

and revoking certificates; and related services and support.

How it all works?

The PKI uses asymmetric algorithm and requires two different keys. A party

may have two keys, one for encryption and another for decryption. He can make

one key publicly available, which can be used by the customer, the supplier or

anyone, for the purpose of encrypting a sensitive communication to be sent to

him or her. Therefore, it is called the public key. Once such encrypted message

is received from outside, the person can use his second key called the private

key for decrypting the message. The second key is kept under security.

The PKI can operate on a number of algorithms of which RSA is popular.

However, only the person holding the corresponding key can decrypt the encrypted

message by using a public key. This is so because the two keys are

mathematically inter-related. Here, the level of security also depends on the

length of the key.


Why is PKI needed?

PKI protects your information assets in several essential ways:

l Authenticate identity:

Digital certificates issued as part of your PKI allow individual users,

organizations, and web site operators to confidently validate the identity of

each party in an Internet transaction

l Verify integrity: A digital

certificate ensures that the message or document the certificate ‘signs’ has

not been changed or corrupted in transit online


l Ensure privacy: Digital

certificates protect information from interception during Internet transmission

l Authorize access: PKI

digital certificates replace easily guessed and frequently lost user IDs and

passwords to streamline intranet log-in security and reduce the MIS overhead

l Authorize transactions: With

PKI solutions, your enterprise can control access privileges for specified

online transactions


l Support for non-repudiation:

Digital certificates validate their users’ identities, making it nearly

impossible to repudiate a digitally ‘signed’ transaction later, such as a

purchase made on a website.

What does the PKI security solution comprises of?

PKI is a vital element of e-commerce, as it ensures the security of electronic
transactions and the exchange of sensitive information between parties that do

not have a prior established business relationship through digital certificates.

As the stage is set for large scale PKI implementation in India, it is important

to analyze what pportunities and challenges lie ahead for PKI solution

providers, especially in the context of distribution of digital certificates.

A complete PKI security solution comprises the following components, elements

and functions that are vital to achieve the final state of robust security.


l Security Policy: A security

policy is essential, as it defines the organization’s direction on information

security and the principles involved in cryptography.

l Certificate Authority: A

Certificate Authority (CA) forms a very integral part of a PKI as it manages the

entire life cycle for public certificates. Some of its functions are issuing

certificates to the user and binding the user’s identity with a digital

signature, time stamping the certificate with an expiry date, storing and

retrieving certificates using a directory service, etc.

l Registration Authority: A

registration authority performs a critical function and is dedicated to user

registration and accepting requests for certificates. The RA can be a function

of the CA or a separate identity.


l Applications: PKI-enabled

applications include e-mail and messaging, Web browsers and servers, secure

electronic transactions (SET), electronic data interchange (EDI), etc.

What can you do with a PKI?

A PKI lets your enterprise take advantage of the speed and immediacy of the

Internet while protecting business-critical information from interception,

tampering, and unauthorized access.

PKI provides the following capabilities:


l Communicate securely with

employees around the world: PKI offers users controlled access to your Intranet

for all your corporate information, such as HR data, secure e-mail, and


l Exchange confidential data

with business partners: PKI lets you create secure extranets and virtual private

networks that give selected partners easy access to business-critical

information stored on your internal network

l Safely, seamlessly integrate

your supply chain: PKI provides a protected environment for safe information

exchange at every stage of your manufacturing processes

l Take advantage of secure

e-commerce: PKI lets you offer customers the confidence to purchase your goods

and services on the web

Swapan Johri, head (security) HCL