Public Key Infrastructure (PKI) is a widely-used encryption and authentication method that is generally used by both large and small businesses. From an operational point-of-view, Public Key Infrastructure (PKI) is an encryption method where a pair of cryptographic keys, one private and one public, are used to both decrypt and encrypt data. With the public key, a user can encrypt their data to be sent out. Then, by using the private key, the data can be decrypted. Public Key Infrastructure (PKI) is used in many areas including sending emails that need authentication with technologies such as S/MIME (Secure/Multipurpose Internet Mail Extensions) and OpenPGP (Open Pretty Good Privacy). XML (Extensible Markup Language), smart cards, and SSL (Secure Socket Layer) signatures also use Public Key Infrastructure (PKI).
The Public Key Infrastructure environment is composed of five different components. The first, Certification Authority (CA), acts as the root of trust that validates the identity of computers and users in the network. Registration Authority (RA) is the second component. This component is certified by a root Certification Authority (CA) to distribute certificates for uses permitted by the Certification Authority (CA). The third component, the Certification Database, keeps certificate requests sent out and denies certificates from the Registration Authority (RA) or Certificate Authority (CA). Certificate Store is the fourth component and holds certificates that were issued as well as pending or denied certificate requests from the local computer. The fifth and final component of Public Key Infrastructure (PKI) is the Key Archival Server. This component keeps encrypted private keys in a certificate database intended for disaster recovery purposes. This is for situations where the Certificate Database is lost.
There are many benefits from implementing Public Key Infrastructure (PKI). It allows a company to control network access using 802.1x authentication and can approve and authorize programs and applications with Code Signing. Some other great things about it is that it protects user data with the Encryption File System (EFS) secured traffic in the network, protects and secures LDAP (Lightweight Directory Access Protocol), allows two-factor authentication using smart cards, ensures secure email, and finally safeguards traffic to web-sights using SSL (Secure Socket Layer) technology.
When it comes to the cost of employing Public Key Infrastructure (PKI), many areas need consideration. While the price obviously differs with each installation, there are several ordinary expenses that will always occur. When it comes to hardware; the servers, backup devices, and backup media, as well as server licensing fees, could all be a factor in the overall price. Additionally, there can be costs for hiring a technician to design, install, and manage the Public Key Infrastructure (PKI) environment. Finally, it is important to remember that certificates must be constantly issued and revoked, maintenance must be done, and patches and backups should be created and maintained promptly. It is often a good idea to hire technicians to oversee these areas.
In corporate environments, Public Key Infrastructure (PKI) is often used to validate its users who are trying to access their data as well as authorize transactions. A business can further protect its data by using multi-factor identification and smart cards. While these encryption and authorization techniques offer enhanced security, to achieve their max potential, a complex and thorough analysis of all IT assets and data should be performed before implantation of Public Key Authorization (PKA).
Shinder, Deb. “Understanding and Selecting Authentication Methods.” Tech Republic. Techrepublic.com. Web. 28 August 2001. Retrieved 17 July 2017.
Lawton, Stephen. “Introduction to Public Key Infrastructure (PKI.” Tom’s IT Pro. Tomsitpro.com. Web. 17 March 2015. Retrieved 17 July 2017.