An Introduction to PKI

Posted on November 17, 2010. Filed under: CompTIA Security+, SANS Dev 541 |

Public key infrastructures (PKIs) are becoming a central security foundation for managing identity credentials in many companies.

So what is a Public Key Infrastructure or PKI? It is a system designed to manage the issue of binding public keys and identities across multiple applications. It’s purpose is to establish a level of trust during digital communication. PKI compose of a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

In technical terms, it is the combination of:

  • a Registration Authority (or RA), in charge of verifying people’s identity and associating that identity with their public key
  • a Certification Authority (or CA), in charge of generating certificates, i.e. signing people’s public key and identity information with its own private key
  • a validation system that can confirm whether a specific certificate produced by this CA is still valid or not (for example, because the associated private key was lost or compromised, or because some information contained within has changed)

The following short video shows how PKI provides web security to the customers of an online pencile store.


Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: