PKI Solutions
What is PKI ?
PKI stands for Public Key Infrastructure. What it means in common language is that it is a solution to authenticate and encrypt thus secure, the electronic communications between two parties.
How does PKI work?
How it works seems complicated but in simple words it consist of the following. For each party a pair of Keys (or digital certificates) is generated by a Trusted Certificate Authority. One Key is called the Public Key and can be shared or made available to the public. The second key generated is called the Private Key and this key should remain private and never informed to other parties. Now there is a special relationship between the Public and Private Key: What ever is encrypted or “locked” with the Public Key can only be decoded or “unlocked” with the Private Key, and vice versa.
Technically, what happens with PKI is a 2 in 1 process: Encryption + Signature
For example, if we want to communicate with you securely we will first ex-change our Public Keys information. And then if we want to send you a message, have it encrypted to protect it’s content, and digitally sign it so that you know that it can only come from us (authentication), this will be done in this way:
1) We use YOUR Public Key to encrypt the message we are sending you, so that only you can decode the content of the message using YOUR Private Key.
2) We will digitally sign the message using OUR Private Key, so that you can verify our signature by the fact that you can “decode” our signature using Our Public Key.
Using these 2 actions simultaneously, is how PKI solutions can ensure the security of the message exchanged, and the Identification/Authentication of the parties exchanging the message.
How to Implement a PKI solution?
There are different ways of implementing a PKI Solutions. First a Certificate Authority has to be installed on your server or you can use an external Authority of your choice. And then, the Digital Certificates have to be generated and stored/installed in some device or a program. The following possibilities are available with Oath Technologies:
A) Browser Stored Certificates:
Firefox browsers (an other browsers) offers the ability to install and load Digital Certificates for PKI solutions. The user will install his Certificate on his browser and the server will be able to verify the certificate then use it to encrypt and authenticate all data exchanged between the user's computer's browser and the server. This way does not necessitate the purchase of any Electronic Device and the Certificate installation in the browser can be protected with a password to avoid problems if the certificate file is stolen or lost. On the Other hand, if you want to use a different computer you will then need to install your certificate on each new computer's browser that you want to use.
B) Device Stored Certificates:
The Certificate can be stored on an Electronic Device (Token) that can be plugued on the USB port of a computer, the server or application will only allow access and exchange of information if it can find the correct and verified Certificate hosted on that Device. The advantage of the PKI Token is that as long as you can install and plug it, you can use any computer to communicate securely with the server/application, at the condition that the computer used is not compromized by Virus or other security treaths.
PKI Solutions and other products and services offered by Oath Technologies are only available for a limited number of selected clients.
To know more about our solutions please contact us by Clicking Here.