In today’s world, more people than ever before use the Internet to transmit private data. With the increasing frequency of crimes such as identity theft affecting consumers, people want to know that their information is secure. A Public Key Infrastructure exists to help consumers and individuals trust that their private information is kept safe when accessing web sites.
Built on technology known as Cryptology, a Public Key Infrastructure utilizes many different components to create a network or infrastructure that works congruently to secure your information.
The basis of Cryptology uses a code (or key) to encrypt certain information. These keys are the very heart of the Public Key Infrastructure. With the public keys a digital certificate is stored. The digital certificate could be thought of as a credit card.
The digital certificate serves the purpose of establishing or proving your credentials. The digital certificate contains your personal information, such as your name, your public key, expiration dates for the certificate, and your digital signature. A Certification Authority (CA) issues digital Certificates and the issuing CA’s Digital Signature will also be included in the Digital Certificate.
Another important component in the Public Key Infrastructure is the Registration Authority (RA). When an individual or company applies for a Digital Certificate, the Certificate Authority must receive the approval to issue it from a Registration Authority.
Once the Registration Authority approves your Digital Certificate, and gives the approval to the Certificate Authority to approve it, your Digital Certificate will be stored in a directory. Public Keys are viewable by other agencies and companies.
Encryption is a vital component of a Public Key Infrastructure. It is the very basis that codes your information to keep it safe and secure. When it comes to encrypting email messages, there is a product called Pretty Good Privacy, or PGP.
Pretty Good Privacy will let you encrypt an email message and mail it to anyone who has a public key. When you encrypt the message you use the receiver’s public key and it is decrypted with the receiver’s private key.
When using Pretty Good Privacy, you will sign your email with a Digital Signature that includes your personal private key. The public keys are stored in what is known as a key ring, (a directory of public keys).
When a recipient receives your encrypted email, they can decrypt your signature by using the public key ring to determine if you really sent the message.
When it comes to sharing credit card information, social security numbers, or other personal data, you will want to ensure that you are using a PKI or that the company you are transmitting information to is using a PKI.
PKI is constantly changing as new challenges to Internet Security emerge. Laws are consistently being changed and new programs are being developed. However, it is vitally important to choose the best PKI that suits the needs of your company as well as your clients. When it comes to privacy, there is no room for slack. Every company that transacts business over the Internet must utilize a comprehensive Public Key Infrastructure.