Public Key Infrastructure


Also found in: Dictionary, Medical, Acronyms, Wikipedia.

Public Key Infrastructure

(cryptography, communications)
(PKI) A system of public key encryption using digital certificates from Certificate Authorities and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction.

PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI. However, nearly everyone agrees that reliable PKIs are necessary before electronic commerce can become widespread.

US DOD PKI.

US NIST PKI.

IETF PKIX Working Group.

PKI

(Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of organizations and individuals over a public system such as the Internet. The certificates are also used to sign messages (see code signing), which ensures that messages have not been tampered with. For more on how certificates and public keys are used, see digital certificate.

Inhouse PKIs
A PKI can also be implemented by an enterprise for internal use to authenticate employees accessing the network. In this case, the enterprise is its own certificate authority (CA). For details on the public key system, see cryptography.

Managing the Root Key
The root key is the public/private key pair of the certificate authority. If the private part of that root key is ever discovered, all the certificates issued under that key pair are compromised. Creating and keeping the private key very private is critical.

All Encompassing
The PKI establishes the encryption algorithms, levels of security and distribution policy to users. The PKI embraces all the software (browsers, email programs, etc.) used to support the process by examining and validating the certificates and signed messages. See digital certificate, digital signature, root key, web of trust and DST.


Keeping the Root Key Secure
Gemalto's Luna is a line of hardware security module (HSM) products that generate the root key in a PKI system and keep the private key secure. (Image courtesy of Gemalto NV, www.gemalto.com)
References in periodicals archive ?
* DoD Instruction 8520.2 Public Key Infrastructure (PKI) and Public Key (PK) Enabling--http://www.dtic.mil/whs/directives/corres/html/852002.htm
The device will interface with the Defense Department's public key infrastructure using the government's standard common access card.
has licensed RSA BSAFE(R) Secure Sockets Layer (SSL) and public key infrastructure (PKI) products to Sony Computer Entertainment Inc.
Passwords, tokens, public key infrastructure and biometrics are all examples of authentication technologies that can help verify identity and control access to resources--and each falls within one of these three broad classifications.
A large part of the program is devoted to establishing reliable infrastructure, including a government-wide intranet, public key infrastructure, and safe e-mail.
Smart cards also provide stronger authentication since they are based on Public Key Infrastructure (PKI) technology.
Data security and privacy of data exchanged via AgoraRe.com are ensured through use of a public key infrastructure, and all transactions are encrypted at 128 bits.
The card also serves as the authentication token for the Department's computerized public key infrastructure. The future DMDC roadmap for the program includes expanded use of biometrics and movement toward a contactless smart card.
For online shopping, the PKI (Public Key Infrastructure) method was applied to guarantee confidential transactions, authenticate the user and the shop, verify data integrity and authorize the transaction via digital signature.
Users can also securely e-sign important documents such as contracts with PKI (public key infrastructure) technology.
The chapters deal with: Importance of Trusted Infrastructure for e-Business,--XML and Security,--Using XML Security Mechanisms,--Security Modeling Language,--Next Generation Public Key Infrastructure,--Identifier based public key cryptography,--Digital Archiving of High Value Data,--Wireless Security,--Wireless PKI,--TETRA Security,--Firewalls--Evolve or Die,--Concert VPDN,--Information Assurance, --Biometrics,--HCI framework for usable and effective security,--BS7799.
Kerberos and LDAP also figure in the emerging Public Key Infrastructure (PKI) method of user authentication, which uses encrypted "certificates" to vouch for properly identified network users.

Full browser ?