Skip to main content

What is Public key Infrastructure(PKI)?

Image
By

PKI Assessment | Encryption Consulting

Wiki Page Definition

    A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

Ref: https://en.wikipedia.org/wiki/Public_key_infrastructure

Major Keywords Definitions

Certificate Authorities

Certificate Authority also acronym as "CA" is trusted third party which authorize the identities of websites, web server, Individual Software and other entities. They Issue Digital Certificate which embed identity of entity with public key.

Major Functionality of CA are as follow:
  1.  Issuing certificates
  2. Maintain and issue Certificate Revocation Lists (CRLs)
  3. Publish its certificates and CRls
  4. Maintain status information of certificate expiration dates

 Registration Authority

Registration Authority also acronym as "RA" is a integral part of PKI. Major Role of RA is to verifies the request for Digital Certificates by confirming the identity of servers that paces the request. In Another words, If Company "BITDEPLOY" request for digital certificates, then RA will confirm the identities of owner by checking various identity like passport, company registrations, etc. After Successfully verifying RA will forward request to CA to issue digital Certificate. Which implies there many be multiple RA's for single CA,where each RAs have name and there respective public key through which CA can verify the authenticity of RA.

Certificate Repositories

Certificate Repositories is platform to store and distribute certificates. All successfully issued certificates are accessible and retried by application easily from repository. Technology like Lightweight Directory Access Protocol (LDAP) is used to store certificates. This Directory system support a large number of certificate and store them which respective public key. The Positive point of these directories is that, they can be used in highly distributed network and is accessible publicly. Apart from just storing certificates there responsibility is to update status of each certificate.

 Digital Certificates

Digital Certificate is an electronic document which provides authenticity of an entity. Which is linked with its public key.Digital Certificate are always generated in standard format.Consider Normal User going on Amazon and buying some shoes. but question is how does user knows that he/she is on right place to buy shoes and give away the credit card info. Answer is Digital Certificate is what use for authenticity of service.  

Digital Certificate

How does Digital Certificate granted and works while accessing Services ?

https://www.docusign.ca/how-it-works/electronic-signature/digital-signature/digital-signature-faq

Digital Certificates in a Public Key Infrastructure work in the following way:

  1. The server of the company ("BITDEPLOY") requests for a digital certificate from a certificate authority.
  2. The certificate authority verifies the identity of the company and generates a digital certificate. It hashes the contents of the certificate and signs (encrypts) the hash value using its private key. It includes this signature in the certificate and issues the certificate to the company
  3. User tries to connect BITDEPLOY entering https://www.bitdeploy.in. While browser tries to connect website.
  4. Digital Certificate send to web server of BITDEPLOY to the browser.
  5. When browser receive certificate from web server it perform following steps:
    1. Check for certificate authenticity by checking CA trustability.
    2. With the public key of the CA, the browser decrypts the signature in the company’s certificate and obtains a hash
    3. New hash of content in the certificate
    4. If both certificates hash matched then signature in certificate is verified  to be signed by the trusted CA and the public key in the certificate is valid.
    5.  Now the name in the certificate is checked against the web site’s name. If it matches then a secure connection is established for the online transactions
    6. The browser also checks whether the certificate is within its expiry period.
   

Credit:
Charvik Patel

Labels:

Comments

  1. PruthviJune 10, 2020 at 11:14 PM

    Great

    ReplyDelete
  2. AnonymousJune 21, 2020 at 11:40 AM

    Nice work bitdeploy team

    ReplyDelete
  3. San Diego ATM BusinessJuly 20, 2022 at 4:23 AM

    Thanks for sharing the best information and suggestions, I love your content, and they are very nice and very useful to us. If you are looking for the best Atm Service Providers, then visit San Diego ATM Business. I appreciate the work you have put into this.

    ReplyDelete

Post a Comment

Thanks

Popular posts from this blog

Emotional and Psychological Trauma

By
What is Emotional and psychological trauma ? Emotional and psychological trauma is any stressful event that occurs in a lifetime that makes you struggle with your emotions, memory,different activities and make you feel helpless and hopeless in this ruthless world. The event may not be objectively scaled it is a subjective sensation about a event and every individual respond differently to the event . For example a death in a family due to accident due to an pothole makes one dad react positively and he goes on to correct every pothole of the city and some other may react it negatively Emotional and psychological trauma can be caused by: In Indian scenarios emotional and psychological trauma can be caused by accident,disasters, sexual assault that may have occurred at any course of life Ongoing family issues, neighbourhood problems , continues rejection from various interviews , household violence , neglect, low performance at school or institution, contin
15 comments
Read more

Office of the Personnel Management (OPM) Data Breach: A Case Study

By
WHAT HAPPENED IN THE OPM DATA BREACH      As the relationship between humanity and technology develops, an emergent area of concern lies in the security of the information ferried over and handled by this technology. A myriad of information security and data breaches reported upon by news media in the recent past has had the simultaneously fortunate and unfortunate effect of bringing information and network security into the public consciousness. One such incident was the United States (US) Office of the Personnel Management (OPM) data breach.      While there are many aspects of the OPM data breach that are notable, chief among them is that the perpetrator of this data breach has been widely attributed to China. As China increases its economic clout and develops its technological capabilities, its international presence is becoming more and more pronounced—and not always in the best light. Sanger (2018) has noted that by 2009, Google executives had noticed state-sponsored
5 comments
Read more

Are You Prepared Against Cyber Threats?

By
What is the worth of information Security in 21 st century? Imagine small or medium scale business having around 2500-4000 employees working. What if there is a data bridge of small or medium scale compony? Information carries by Venture are employees’ names, Address, Banking Forms, Tax forms which also includes Social incurrence Number and their dependents names and supporting information which may be sell or used for personal blackmails by intruders which was kind of storyline of Scotty’s Holdings data bridge [1] . Main base of this data bridge was email phishing which were send to all over compony employee pretending to be CEO. Which contains Employer identification number (EIN), Employer’s name, address, and ZIP code, Wages, tips, other compensation and many more fields. But it’s not the first or last compony to be a part of Email phishing Attack. Main purpose of Email Phishing scams is stealing banking credentials or any other form of credentials. Preventions Employer and Emp
24 comments
Read more