In-depth

What is public key infrastructure (PKI)?

This technology can help secure data using a number of components

Graphic representing security in either data protection or cyber security contexts

One of the most important elements of digital encryption and cryptography is public key infrastructure (PKI), which is an essential component of security technology. PKI governs the management and deployment of digital certification and public key encryption by establishing the roles, policies and procedures required.

This crucial element is normally deployed to keep information conveyed through digital channels secure over several networking activities - such as e-commerce, internet banking and private email communications. For example, there is one requirement for processes where basic or straightforward passwords are not strong enough as authentication methods, and provides those involved with a more rigorous proof of identity to provide and access information being transferred.

Public key encryption relies on PKI mechanisms, but the term actually refers to the wider system, which is itself responsible for verifying authentication attempts and distributing keys in the first place. It should be noted that PKI isn’t the same as the secure data transfer method public-key encryption, however.

How does PKI work?

Many organisations take part in the process of developing PKI, and the first step involves a subject verifying their identity using a digital certificate. Firstly, a registration authority (RA) is required under PKI to verify the subject. All requirements must be published too, alongside information on how the PKI was established.

The request is passed from the RA to a certificate authority (CA) following successful identity verification, and this organisation is charged with approving, issuing and storing digital certificates. CAs with some profile include Comodo, DigiCert and even GoDaddy, with the likes of Let’s Encrypt also categorised as a CA. These certificates, which are issued by the CA, are held in a central hub controlled by management systems also tasked with distribution and access permissions.

The CA is in charge of signing and issuing digital certificates as proof that a subject’s identity has been verified, and following an approved RA request, the CA will issue pair of private and public keys to accompany this. This might come across a simple step in this process, but there are various pieces of hardware and software working silently in the background to make this happen. These include managing tasks like automatic data validation, the creation of key pairs, and request approval. These elements all form the PKI.

Where is PKI used?

Person checking email inbox while sitting at a desk

Public Key Infrastructure use features in a large range of applications, but it is most frequently used to protect digital platforms and services. A common deployment is the protection of data transfers so that information being sent over a network can only be viewed by the intended recipient.

It's also used to send emails using OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), user authentication using smart cards and the authentication of client systems using SSL (Secure Socket Layer) signatures or encryption.

You may also encounter a variant of PKI when accessing e-documents and online forms that require user signatures. While there are other ways to verify an e-document, PKI is by far the easiest to use as it's not necessary for the two parties to know each other.

The chain of trust

To enhance the security of Public Key Infrastructure, a trusted relationship is needed called a chain of trust. This hierarchy describes the trust relationship between identities when using Subordinate (intermediate) CAs. The main advantage of this is that it enables the delegation of certificates by Subordinate CAs.

A chain of trust is created by validating each hardware and software component from one end right up to the root certificate. This is to ensure that only trusted software and hardware are used in the PKI.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021