The lowdown on PKI

What is PKI? A public-key infrastructure is a system in which digital certificates and keys are created, managed, stored and distributed in order to verify users of secure systems, e-mail, documents and other online transactions.

How does it work? PKI is based on the use of key pairs'a private key controlled by the user and a public key shared with anyone who wants to use secure services from the person or organization holding the private key. A user receiving a message with only the public key can use a private key to validate the message; conversely, a person who gets a message from an organization or individual holding the private key can use the public key to unlock the message and verify the sender.

The keys can be used to authenticate electronic messages, documents and digital signatures. They also can be incorporated into smart cards, as the Defense Department is doing with its Common Access Card program.

What are the advantages of PKI? Users no longer need to remember passwords and ID combinations when they use PKI in a smart card PKI provides a way to validate electronic documents and comply with mandates such as the Government Paperwork Elimination Act.

Must-know info? You can get more information on PKI from several useful Web sites. The PKI Forum, at www.pkiforum.org, brings together vendors and users to disseminate information about PKI. The Federal PKI Steering Committee, which provides guidance on and coordination of federal activities necessary to implement PKI, maintains a site at www.cio.gov/fpkisc. Another good source is the National Institute of Standards and Technology, which provides technical information at csrc.nist.gov/pki.

Featured

  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected