Represents a system designed to manage public-key encryption and digital certiﬁcates.
PKI is emerging as the foundation for secure electronic commerce and Internet security by providing the cornerstones of security:
Together, these elements combine to provide a secure, non-breakable environment for deploying e-commerce and a reliable environment for building virtually any type of electronic transactions, from corporate intranets to Internet-based eBusiness applications.
The main components of a public key infrastructure are:
Digital ``identities`` issued by trusted third parties, that identify users and machines. They may be securely stored in wallets or in directories.
An Internet-standard secure protocol
Form the basis of a PKI for secure communications, based on a secret private key and a mathematically related public key
Acts as a trusted, independent provider of digital certificates
Other important factors which enable the deployment of PKI include: secure storage of certificates and keys; management tools to request certificates, access wallets and administer users; and a directory service acting as a centralized repository for certificates.
The PKI approach to security does not take the place of all other security technologies; rather, it is an alternative means of achieving security. The following advantages of PKI have led to its emergence as an industry standard for securing Internet and e-commerce applications.
PKI is a standards-based technology.
It allows the choice of trust provider.
Although PKI is not notably a single sign-on service, it can be implemented in such a way as to enable single sign-on.
It is highly scaleable. Users maintain their own certificates, and certificate authentication involves exchange of data between client and server only. This means that no third party authentication server needs to be online. There is thus no limit to the number of users who can be supported using PKI.
PKI allows delegated trust. That is, a user who has obtained a certificate from a recognized and trusted certificate authority can authenticate himself to a server the very first time he connects to that server, without having previously been registered with the system.