Public Key Infrastructure is considered integral to business security processes, transactions and access control - the secure storage and protection of private keys is paramount to the security of PKI.
A digital certificate bridges the gap between digital key material and identities by cryptographically binding key material to the identity of the entity. It’s this binding of keys and entities that enables secure communication, provable data integrity and trust in the digital society. Certificates not only proove identities, but also ensure the user that they are connecting to trusted websites and devices, downloading unmodified software updates, or purchasing genuine spare parts.
Based on the well-studied mathematical schemes of asymmetric cryptography and hierarchical structures, PKI is a powerful tool for securely communicating amongst large groups of users or computing nodes. The principle behind it is simple: a message – or certificate – is encrypted or signed with a private key and can be decrypted or verified with a corresponding public key.
Trust relationships can be established in two ways, implicit and explicit, by relying on a chain of trust. The idea is simple: if one trusts the root of a chain of trust (a trustworthy third party that attests trust) then every entity that is able to proove that this root authority once attested that a certain (public) key belongs to a certain entity can also be trusted. This root of trust, a Root Certificate Authority (RootCA) is either added manually to a list of trusted CAs, or – more commonly – predefined by your browser or operating system vendor, for example.
However, it’s not only the Certificate Authority that is needed to successfully deploy and run a Public Key Infrastructure, it’s also about self-services for issuing, renewing and revoking certificates, services to query the status of a certificate (revoked or still valid), management of users, groups and entities and automatization of all the related processes.
Utimaco offers a scalable all-in-one solution which can be customized to specified requirements. This means even the most complex setups including multiple tenants, SubCAs and millions of certificates that need to be managed and secured.Offering both modular and flexible architecture, a flexible, automated solution can be provided in order to suit ongoing business requirements,, integration with existing systems and APIs.choice.