An Introduction to PKI

Posted on November 17, 2010. Filed under: CompTIA Security+ |

Public key infrastructures (PKIs) are becoming a central security foundation for managing identity credentials in many companies.

So what is a Public Key Infrastructure or PKI? It is a system designed to manage the issue of binding public keys and identities across multiple applications. It’s purpose is to establish a level of trust during digital communication. PKI compose of a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

In technical terms, it is the combination of:

  • a Registration Authority (or RA), in charge of verifying people’s identity and associating that identity with their public key
  • a Certification Authority (or CA), in charge of generating certificates, i.e. signing people’s public key and identity information with its own private key
  • a validation system that can confirm whether a specific certificate produced by this CA is still valid or not (for example, because the associated private key was lost or compromised, or because some information contained within has changed)

The following short video shows how PKI provides web security to the customers of an online pencile store.

Advertisement

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

Follow

Get every new post delivered to your Inbox.