© 2003 Wonder Software Technologies Private Limted. All rights reserved.

Privacy Statement

Site Map

WonderCrypt

Home

Products

Technology

Purchase

Download

Contact

Demo

About Us

Tokens & Smart Cards

FAQ

Customers

Affiliates

Services

PKI FAQ

A “Key” is a digital representation of a large number that is used in cryptography for encryption and digital signatures to achieve the intended goals of security. In PKI every user has a Private Key and a Public Key. The user keeps the Private Key securely and does not reveal it to anyone, but makes the Public Key accessible as a common public resource.

The “Infrastructure” is a collection of several parts of a comprehensive system. The most important part of this infrastructure is a Certificate Authority that may futher delegate its responsibilities to a registration and or a verifying authority.

Why PKI?

PKI provides its users, communicating over a network, with

             Confidentiality: Ensures that only intended recipients can read message or files.

             Data Integrity: Ensures that messages or files cannot be changed without detection.

             Authentication: Ensures that participants in an electronic transaction are who they claim to be.

             Non-repudiation: Prevents participants from denying involvement in an electronic transaction.

What constitutes PKI?

             1. User’s Key pair: Mathematically related key pairs, for each entity, an individual or an organization, a different key pair, each
                 comprising a private key and a public key.

             2. Digital certificates: Public Key of an entity signed by a certificate authority. The IETF (Internet Engineering Task Force)
                 standard for this certificate is named X.509.

             3. A Certificate Authority: A party that is trusted by the public to verify the public keys of others. The Certificate Authority may
                 further delegate its responsibilities to some sub-authorities such as Registration Authority and Verifying Authority etc.

How PKI Works?

A PKI user will use the following steps to become an authorized user and then communicate with security and authenticity. When an user Bob wishes to communicate with Alice:

             1. Bob generates a key pair containing a public and private component
             2. Bob registers at the CA or RA, possibly physically signing a registration form
             3. Bob gives the CA or RA his proof of identity and a copy of the public key
             4. After verifying the identity of Bob, the RA tells the CA to issue the digital certificate binding Bob’s public key to his identity
             5. The CA places the certificate in a public database, called a repository, which may hold certificates issued by many CAs and
                  also possibly publish the same in a directory, something similar to web version of a telephone directory.

Use 1- Sign:  When Bob needs to communicate with Alice he simply signs a document using his private key. Alice can verify that the document truly came from Bob by obtaining Bob’s public key from the CA’s repository. When applied to the received document, Bob’s public key will verify that the document was signed by him.

Use 2- Encrypt: If Alice is also using PKI then Bob can even send her encrypted messages. To do this Bob obtains Alice’s certificate containing her public key from the CA’s repository. Alice’s certificate is signed using the private key of the CA. Bob then verifies the CA’s signature on Alice’s digital certificate using the CA’s public key, and recovers Alice’s public key. Bob then uses Alice’s Public Key to encrypt the message he sends to her that can only be decrypted by Alice using her Private Key.

Use 3- Sign And Encrypt: Both the above functions, sign and encrypt, can be applied to a document to-gether.

Conclusion:

PKIs’ ability to provide Non-repudiation, Authentication, Data integrity, and Confidentiality  not only enables an organization to defend against outside attackers but also against inside attackers.

Because transmission of data using PKI is encrypted using the public key of the final recipient and user access is controlled through private key on tokens or smart cards, proprietary information enjoys a greater degree of security that also provides authenticity and non-repudiation. Hence, PKI emerges as the preferred technology.

What is PKI?

Public Key Infrastructure (PKI) is a “comprehensive system of technologies” working to enable users of the Internet or any other network to exchange information securely, authenticated and confidentially. PKI brings to the electronic world the security and confidentiality features provided by the physical documents, hand-written signatures, sealed envelopes and established trust relationships of traditional, paper-based transactions.

The term “Public” denotes that PKI uses a public facility. A "public" facility is that which is openly accessible, and is managed within the terms and constraints of a common public resource, often via a public administrative entity such as Internet. However, the word “Public” here does not point to “Internet” but to a security “Key” that is accessible, and is managed within the terms and constraints of a common public resource.