A formal structure that enables the user of an inherently insecure public network, such as the Internet, to electronically transfer information, funds, and other sensitive materials through the use of encryption key pairs obtained from and shared through a trusted entity. A certificate authority (CA) issues and verifies digital certificates that contain an encryption key and attest to the authenticity of the transaction party. A registration authority (RA) verifies the CA prior to the issuance of a digital certificate to the requesting party. See also authentication, CA, digital certificate, encryption, Internet, key, private key, public key, and RA.
(Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of organizations and individuals over a public system such as the Internet. The certificates are also used to sign messages (see code signing), which ensures that messages have not been tampered with. For more on how certificates and public keys are used, see digital certificate. Inhouse PKIs A PKI can also be implemented by an enterprise for internal use to authenticate employees accessing the network. In this case, the enterprise is its own certificate authority (CA). For details on the public key system, see cryptography. Managing the Root Key The root key is the public/private key pair of the certificate authority. If the private part of that root key is ever discovered, all the certificates issued under that key pair are compromised. Creating and keeping the private key very private is critical. All Encompassing The PKI establishes the encryption algorithms, levels of security and distribution policy to users. The PKI embraces all the software (browsers, e-mail programs, etc.) used to support the process by examining and validating the certificates and signed messages. See digital certificate, digital signature, root key, web of trust and DST.