The lowdown on PKI

What is PKI? A public-key infrastructure is a system in which digital certificates and keys are created, managed, stored and distributed in order to verify users of secure systems, e-mail, documents and other online transactions.

How does it work? PKI is based on the use of key pairs'a private key controlled by the user and a public key shared with anyone who wants to use secure services from the person or organization holding the private key. A user receiving a message with only the public key can use a private key to validate the message; conversely, a person who gets a message from an organization or individual holding the private key can use the public key to unlock the message and verify the sender.

The keys can be used to authenticate electronic messages, documents and digital signatures. They also can be incorporated into smart cards, as the Defense Department is doing with its Common Access Card program.

What are the advantages of PKI? Users no longer need to remember passwords and ID combinations when they use PKI in a smart card PKI provides a way to validate electronic documents and comply with mandates such as the Government Paperwork Elimination Act.

Must-know info? You can get more information on PKI from several useful Web sites. The PKI Forum, at www.pkiforum.org, brings together vendors and users to disseminate information about PKI. The Federal PKI Steering Committee, which provides guidance on and coordination of federal activities necessary to implement PKI, maintains a site at www.cio.gov/fpkisc. Another good source is the National Institute of Standards and Technology, which provides technical information at csrc.nist.gov/pki.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above