The modern business environment is competitive, and organizations are required to ensure that they have the necessary tools for coping with this competition. In the technological environment, different products and services require the use of digital signatures to enhance security. Currently, public-key technology provides a viable means of securing services and products. By using public-key technology, organizations can enjoy security in their e-business transactions.
Public key infrastructure (PKI) is “a comprehensive system that provides public-key encryption and digital signature services” (Raval & Fichadia, 2007). The main purpose of PKI is to manage encryption keys and digital certificates. PKI uses public-key cryptography to ensure that organizations can maintain trustworthy networking environments. Overall, PKI employs encryption and use of digital signatures in various applications. This paper addresses PKI and its relation to the concept of trust when using public keys.
PKI, as a concept supports several security services that enhance the concept of trust within the digital environment. PKI supports authentication security-services or the ability to substantiate an entity’s identity in networked environments. PKI also supports confidentiality services or the capabilities of shielding information from being disclosed to unauthorized parties.
Data integrity is the ability to guarantee that data has not interfered within the course of transmission. Also, PKI supports technical non-repudiation security services. Technical non-repudiation refers to a system’s ability to prevent unidentified entities from blocking requested actions.
The concept of trust is inbuilt within PKI, and this is manifested through several PKI’s features. The certification authority (CA) is an entity of PKI that allows users to give and cancel public key certificates. CA is made up of both computer and personnel systems. CA presents PKI with the most important aspect of trust. Through CA, PKI can provide authentication services that can help recognize valid users and computers within a network.
CA can create trust because it assures users that the individuals and computers that they communicate with are safe. Use of CA ensures that all the keys and identities that are used within a certain network are trustworthy and valid. However, to benefit from the trust that is created by the CA, all the users who are covered by a single PKI should have ‘registered identities’ (Raval & Fichadia, 2007).
Consequently, if network users can trust a CA (and the standard business policies for issuance and management of certificates), they can also trust other CA-issued certificates within their networks. The trust that is created by a CA is known as third-party trust because it is not a direct contract between two network users.
In a PKI environment, data can be disguised and protected by using CA’s third-party trust. For instance, CA certificates are instrumental in disguising a user’s name and thereby turning it into a distinguished name (DN). The DN is a valid identifier, but the data that it contains is disguised and protected.
The DN contains the name of the user and other user-based unique identifiers such as employee number. PKI also protects data by ensuring that the certificates that are issued by the CA only remain valid for a limited period. Periodically eliminating user-based data from the network protects personal data from exploitation by malicious agents.
PKI presents both organizations and software developers with an avenue for securing information across digital networks. Organizations can easily use PKI because it supports a wide range of applications and other multi-functional capabilities (Brown & Stalling, 2011). On the other hand, the software development life cycle (SDLC) relies on PKI to secure inter-data services and ensure interoperability. PKI gives software developers a platform for achieving interoperability. Furthermore, PKI does not require upfront investment, and it can, therefore, account for shorter SDLC’s.
Brown, L., & Stalling, W. (2011). Computer security: Principles and practice. Upper Saddle River, NJ: Prentice Hall.
Raval, V., & Fichadia, A. (2007). Risks, controls, and security: concepts and applications. Hoboken, NJ: John Wiley & Sons Incorporated.