Public Key Infrastructure. Build a trusted and secure business environment by authenticating users, networks, applications and devices
A Public Key Infrastructure (PKI) is critical in establishing a trustworthy and secure business environment by being able to verify and exchange data between multiple entities which can be users, networks, applications or devices. The purpose of a PKI is to create a trusted environment for the connected entities. PKI works through the implementation of two technologies: digital certificates and cryptographic keys.
By using the private key of the CA, the PKI can issue, renew and revoke digital certificates to ensure the trusted authentication and management of all entities within the trusted environment. These digital certificates are the foundation for secure connection and communication of the entity's environment.
By issuing a digital certificate, the PKI creates the link between the cryptographic key pair of the individual entity and the entity itself by cryptographically binding them. The most important task of the PKI is to create a chain of trust: in any connected environment every entity of the environment can implicitly trust each other by explicitly trusting the root CA of the PKI. This chain of trust enables secure connection, communication and data exchange within the trusted PKI environment.
A PKI is built around a set of components and procedures for managing public and private key pairs:
- A Certificate Authority (CA) responsible for digital certificate issuance and revocation
- A digital certificate that is signed by a CA that proves the owner of a public key within a PKI. Before the CA can issue a certificate, the RA must authorize the request
- A registration authority (RA) who verifies the identity of an end entity. This is a key part of the process, and it includes a mechanism to enroll end entities into the PKI
- A validation authority (VA) allows an entity to check that a certificate has not been revoked
- A central directory for storing and indexing certificates
- A certificate management system that manages items such as access to stored certificates or the issuance of certificates.