PKI
  Entrust CA
  Applications
 
 
 
VPN


Home > Products > PKI


What is a public-key infrastructure (PKI)?

Public-key infrastructure (PKI) is a comprehensive system required to provide public-key encryption and digital signature services. The purpose of a public-key infrastructure is to manage keys and certificates. By managing keys and certificates through a PKI, an organization establishes and maintains a trustworthy networking environment. A PKI enables the use of encryption and digital signature services across a wide variety of applications.


When do I need PKI?

Knowing identity of individual or business entity is useful for managing risk.

What kind of transactions need PKI?

  • Submission of a mandated transaction (administrative, regulatory, law enforcement)
  • Contract for goods or services
  • Authenticity has business value (e.g. software download)
  • Instrument creates a financial or legal obligation (e.g. applications for benefits and grants)
  • Involves inherently sensitive or private information


How is PKI used?

Typical process for obtaining secure electronic access to private information through the use of public key technology.

Authentication
Access Control
Data Integrity
Non-Repudiation

Why is security important?

Effective security creates an environment that facilitates electronic commerce and private communications. This means not only creating climate that is safe from robbery and fraud, but more importantly, a place where business agreements can be transacted under commonly accepted legal standards. Although we do not believe an unsecured Internet stop electronic commerce, we expect that the well-publicized lack security on the Internet discourages business and consumer transactions.

The elements of a secure business environment are access control, authentication, data privacy and integrity, and non-repudiation. Each is a necessary component for a complete solution. Access is typically managed by a firewall, which regulates data flow into and out of a network. Authentication binds the identity of an individual to a specific message or transaction. For commercial or legal use authentication must be as legally acceptable as a signature on a contract. Data privacy and integrity ensure that communications and transactions remain confidential. Legal and commerce applications often demand privacy, not merely as a preference but as a legal prerequisite. Data integrity assures that information remains accurate and is not altered. This requires a practical method to validate data after transmission or storage. Non-repudiation prevents reneging on an agreement by denying a transaction. Public key technology provides mechanisms that address each of these requirements.

(Some of the information is sourced from Entrust Technologies.)

 

Copyright(C) 2001-2002 InfoTrus Technologies Limited. All rights reserved.