Organizations need enhanced security for data and strong credentials for identity management. You can use certificates to secure data and manage identification credentials from users and computers both within and outside your organization.
A public key infrastructure (PKI) is the combination of software, encryption technologies, processes, and services that enable an organization to secure its communications and business transactions. The ability of a PKI to secure communications and business transactions is based on the exchange of digital certificates between authenticated users and trusted resources.
You can design a PKI solution to meet the following security and technical requirements of your organization:
- Confidentiality. You use a PKI to encrypt data that is stored or transmitted.
- Integrity. You use a PKI to digitally sign data. A digital signature helps you identify whether another user or process modified the data.
- Authenticity. A PKI provides several authenticity mechanisms. Authentication data passes through hash algorithms, such as Shivest Hash Algorithm 1 (SHA1), to produce a message digest. The message digest is then digitally signed by using the sender’s private key to prove that the message digest was produced by the sender.
- Nonrepudiation. When data is digitally signed, the digital signature provides proof of the integrity of the signed data and proof of the origin of the data. A third party can verify the integrity and origin of the data at any time. This verification cannot be refuted by the owner of the certificate that digitally signed the data.
A PKI also relies fundamentally on what are known as certificates, which serve as proof of authenticity for the public keys. Certificates are used mainly in connection with digital signatures. When a member receives a message containing a digital signature, the certificate first confirms that the personal data belong to the key(s) used by the sender. Secondly, it confirms that he or she is still a valid subscriber to the PKI. Due to the hierarchical structure of a PKI, the members’ trust in the certificates is, in the end, based solely on their trust in the PKI’s certification authority, the so-called “root”.