What is Public Key Infrastructure (PKI)?
What is a Public Key Infrastructure (PKI)?
Public key infrastructure PKI is a form of cybersecurity that helps identify people and devices that connect or interact with hardware and/or software.
PKI is meant to facilitate the secure transfer of data, particularly sensitive data, such as credit card details and personal information.
PKI utilises a public key and private key to encrypt the data, to ensure authentication, confidentiality and data integrity – where the private key is used to decrypt the data from the public key.
The most common PKI being SSL/TLS certificates used by websites.
PKI acts as a means to issue a digital certificate to authenticate the identity of people, services and devices.
The process of registration and issuance of the digital certificate is carried out by a trusted third party known as a Certificate Authority.
How is PKI used with digital signatures?
Digital signatures are still the subject of controversy, regarding the ability to authenticate the signer and the validity of the documents that are signed.
Using a PKI for the process of a digital signature provides an additional and secure way to validate their identity and the document itself.
When a user registers an account, they go through the process of providing means to validate their identity (ID Document, live selfie, etc) with the Certificate Authority.
Once their identity is proven, they are issued with a unique key. The user’s unique key will then be applied to their digital signatures, along with a server-side date and time stamp and an anti-tamper certification of the document from the Certificate Authority.
The public key will be used by the Certificate Authority or anyone else who needs to validate the authenticity of the signed document.
2 thoughts on “What is Public Key Infrastructure (PKI)?”