Public Key Infrastructure (PKI) is a common approach of encryption and authentication. This approach is used by a small businesses as well as large companies. In this article we will take a look at how PKI is used nowadays.
There are two most important components in the security environment. They are IAM-applications and encryption. Simply assuming that the person who has access to the data is always authorized is no longer works; nowadays it is crucial to ensure that the permission has been granted correctly, and the company uses secure data encryption protocols.
In the Windows environment IAM is considered as integral component of the Microsoft Active Directory. Companies can use a variety of IAM-tools: from PKI for small and medium-sized businesses to corporate solutions for data management, however PKI is the most popular solution for companies of all sizes.
Public Key Infrastructure (PKI) – what is it?
PKI environment consists of five components:
- Certification Authority (CA). It is a source of trust, which allows you to check the authenticity of companies, computers and other network objects.
- Registration Authority (RA). Certified by the root CA to issue certificates, which are allowed by CA. In Microsoft PKI environment RA is a subordinate CA.
- Certificate Database. Stores requests for certificates issued and revoked by the RA or CA.
- Certificate Store. Maintains issued certificates and pending or rejected requests from the local computer.
- Key Archival Server. Stores encrypted private key in the certificate for disaster recovery in case of loss of the certificate database.
From an operational point of view PKI is encrypting approach, where a pair of cryptographic keys – public and private – are used to encrypt and decipher data. You can delegate someone your public key that the sender uses to encrypt data. The owner then uses his private key to decrypt the data. This approach of authentication and encryption was originally used in the British intelligence community in the early 70s.
Example of using PKI technology nowadays includes, but not limited to, sending authenticated e-mail messages, using technologies such as OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), encrypt documents using eXtended Markup Language ( XML), user authentication using smart cards or client authentication using SSL encryption or signature.
How PKI used today
PKI is used by companies that need to meet the protection and safety requirements. For example Entrust, provides PKI products that can be used to implement strong authentication for ambulance services, as well as authentication for health services. When it comes to a health care, consumers often think of large medical centers or large medical companies, however even small companies in the health care must comply with HIPAA requirements.
Example of how to use PKI technology nowadays includes sending authenticated e-mail messages, using technologies such as OpenPGP (Open Pretty Good Privacy) and S / MIME (Secure / Multipurpose Internet Mail Extensions), encrypt documents using eXtended Markup Language ( XML), user authentication using smart cards or client authentication using SSL encryption or signature.
It is possible to use self-signed certificates, created by commercial software. For example, in Microsoft Office 2007, you can encrypt your text document and attach with a digital signature. Self-signed document does not usually have the same security status as a document signed by a digital certificate from a trusted issuer. Even on the Microsoft website stated that self-signed documents can only be used between individuals who already know each other and they can be assured that the sender actually created this signed document.
However, lets find out how PKI can be used by companies? According to Microsoft, there are several key reasons for deployment of such infrastructure:
- Control access to the network with 802.1x authentication;
- Checking and authorization applications with code-signing;
- Protection of user data using EFS
- Protection IPSec network traffic
- LDAP-queries Protection
- The use of two-factor authentication using smart cards;
- Protection of traffic going to third-party sites using SSL
- Implementation of Secure email
PKI certificates can be used by a various applications. In addition to email and access to network resources, PKI can also be used for corporate databases, signatures of electronic documents and such forms protection as messaging protect, protect mobile devices, USB protection, Windows Server Update Services, Active Directory, etc.