Public Key Infrastructure (PKI) technology was emerged to provide solid answers for the following security concerns:
The generation and usage of Key Pairs; Public and Private keys has proven to be a reliable method of securing data by meaning of encryption/decryption, on the other hand random key generation has added value in securing the communications between any defined two parties, one of them is a Smart Card/Token or any secured medium.
In order to secure data and communication as preceded, the cardholder has to hold a Personal Identification number (PIN) to eliminate impersonation and at the same time provided a non-repudiation transaction since none knows the PIN value but the cardholder himself.
Manipulating data on the Smart Card after being issued is a major concerns for issuers since the accountability on Access Codes provides a reasonable level of data security however, is not enough to ensure data authenticity.
The Certificate Authority (C.A) plays the major role in the PKI Infrastructure where it grants issuing parties licenses for operation and at the same time, defines the policy according to which the issued certificate follows.
The Certificate Issuer is a subsidiary of the C.A that issues client certificates to demanding parties; Smart Card – Tokens…etc, such client certificates can be used for data encryption for communication between any two parties as well as implementing Digital Signature, which has potentially add value in ensuring data authenticity and eliminating any manipulation attempts since the fraudulent party lacks the knowledge of the private key and hence, cannot reproduce the Digital Signature in the same manner, upon altering data. The key pair length is a major factor of data security however, performance is the other factor that cannot be overlooked.
The Certificate Issuer can be used in issuing other types of certificate such as Secure Socket Layer (SSL) and Code Signing purposes. Active Authentication is the method by which PKI ensures the uniqueness of the issued medium, while Passive Authentication ensures data integrity since the secured medium was issued.
The PKI technology has been widely adapted in different major sectors for the advantages it defines in terms of Identity and Data authentication. International standards were produced to define the process of keys generation, storage and usage.
Proton Smart Solutions has extensive experience in implementing PKI Infrastructure in a top-down approach; Root C.A – Issuer C.A(s) – Smart Card/Token Personalization machines equipped with Hardware Security Module (HSM) for Key Management.