PKI  
 
Public Key Infrastructure  
 

PKI Description

Public Key Infrastructure (PKI) is a system that validates a user's digital identity over a public or private network by associating a pair of public and private keys with their individual identity credentials. These keys are created with a cryptographic algorithm and shared by a certificate authority (CA) that binds them with the user's unique identity. The CA stores this information in a database and issues digital certificates, which include the public key or information about the public key, in order to verify the user's identity.

PKI solutions use public and private keys and their certificates with software applications, encryption technologies, processes and services to enable secure communication and business transactions. In PKI systems, the private key is maintained by the end user and the public key is available as part of a digital certificate in a directory that can be freely accessed. The private key remains secure and is not transmitted over the network. It is used to:

  • Authenticate - for certificate-based authentication, the private key is used to generate a digital certificate that is sent to an authentication server. When it is received, the certificate is decrypted with the user's public key to validate the logon credentials.
     
  • Encrypt - a message or document can be encrypted with the intended recipient's public key that is obtained from a public directory and sent. Only the intended recipient can decrypt the information with his or her matching private key.
     
  • Digitally sign - a digital signature for a message, document or transaction is created with the user's private key, encrypted and attached to the signed contents. When the contents are received, the signature is decrypted with the user's public key to validate the originator of the signed contents.
     
  • This technology offers a range of security features for the enterprise, including authenticity, confidentiality and non-repudiation. PKI applications for end-users include network and workstation logon, secure remote access, single sign-on, email encryption, secure data storage, digital signatures and secure online transactions.


More info:
http://www.pki-page.org/