Key Lifecycle Management
Shorten turnaround time
Minimise disturbance to end users
A Suite of Administration Tools to Manage Keys, e-Cert & Token Authenticator for TrustSafe Confidential Mail System
What is Public Keys Infrastructure
Public Key Infrastructure (PKI) covers the use of public key cryptography and digital certificates as the accepted means of authentication and access control over untrusted networks, such as the Internet. While public key cryptography addresses issues of data integrity and transaction privacy, certificates address concerns in authentication and access control.
Applications
Confidential email, online banking and e-commerce.
Encryption
A PKI system allows data to be encrypted and decrypted, protected from unauthorised interception. Without PKI, sensitive information can still be encrypted (ensuring confidentiality) and exchanged, but there would be no assurance of the identity (authentication) of the other party.
Public key cryptography
It involves the use of a pair of different, but related, keys, which enables the conduct of electronic commerce securely on the open telecommunications network or the Internet. Each user has a private key and a public key. The private key is kept secret, known only to the user; the other key is made public by placing it in the Public Directory maintained by Certificate Authority such as Hong Kong Post.
A digital certificate is a digital document attesting to the binding of a public key to an individual or other entity. It allows verification of the claim that a specific public key does in fact belong to a specific individual. A Hongkong Post e-Cert contains a public key, the name of the holder, an expiration date, a certificate serial number and subscriber reference number.
Digital Signature
A digital signature, in relation to an electronic record, is the electronic signature of a signer. It is generated by the transformation of the electronic record using asymmetric cryptography and a hash function. A person having the initial untransformed electronic record and the signer's public key can then determine whether the transformation was generated using the private key that corresponds to the signer's public key; and whether the initial electronic record has been altered since the transformation was generated.
Environment
A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificate is core element of PKI as it affirms the identity of the certificate subject and bind that identity to the public key contained in the certificate.
Certificate Authority
A trusted party (CA) acts as the root of trust.
It provides services that authenticate the identity of individuals, computers and other entities
Registration Authority
This is often called a subordinate CA. It is certified by a root CA to issue out certificates.
It is an authority in a network that verifies user requests for a digital certificate.
Certificate Database
This saves all certificate requests that been issued or revoked. It serves as a log of all security certification transactions within the system.
Certificate Store
It resides on a local computer as a place to store issued certificates and private keys.
Key Archival Server
This saves encrypted private keys in a certificate database. This is used for disaster recovery purposes as a backup.