ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Public Key Infrastructure

Updated on October 22, 2011

The first thing we look for in an official letter to establish trust in its validity is a signature. Similarly, we seal documents to prevent others from knowing what's inside, and also to ensure that no one alters the contents without being detected. But the most important reason to seal or sign an envelope is to make the other person trust the identity of the actual sender. Can we achieve this mechanism electronically over the Internet?

The answer to this problem -- of bringing trust over exchange of information through emails and web etc. -- can be answered through Public Key Infrastructure (PKI).

Why PKI Is Necessary?

Without delving into the details of PKI, let's first evaluate what can go wrong without a secure mechanism in place. There can be interruption - emails from the authentic source can be prevented from reaching you; interception - when you actually bank online, a trespasser may sniff your username and password; modification - someone may change the web pages displayed on your browser to steal information; impersonation - fake emails could be sent with a fake website address to unsuspecting users, this practice is also called phishing. All of these illegal activities pose a real threat in the online world as detecting digital trespassing is a sophisticated and complex procedure.

To understand how this affects the society as a whole and not just the IT industry, imagine you receive an email saying that your Internet banking has been enabled and can be instantly accessed at Would you visit this link? If yes, how can you be sure if it is in fact the real address and not a phony site set up by someone to steal user names and passwords? And how do you know that the email you received - apparently from the correct address - has been sent by your bank? Again, the answer to these questions lies in implementation of PKI which provides a trust mechanism.

For some, PKI might sound like a pure tech domain oriented word, only relevant for IT gurus and their disciples. However, this is not the case; PKI affects all areas of business activity in the global village. It can be implemented through services of an established authority technically called Certification Authority (CA). In layman terms, CA certifies a user by issuing a certificate. Other users of the same network also trust the same CA. That's why showing a digital certificate to a user establishes a proof of identity - a credential that says yes, the person who claims to be Areez is in fact Areez, not an impersonator because a trusted third party - the CA - has issued Areez a certificate.

This concept is not new and is already prevalent in non-digital world. Take a very simple analogy of financial transactions: a cheque is only valid after it has been signed; the signature is verified by the cashier at bank with an already stored image to prove its authenticity before making a payment. The fact behind this practice is manifestation of trust that is attached with the signature and existence and ability of some established authority to verify these signatures. This helps tremendously as the need of physical presence for building trust or demonstrating authenticity is substituted by a signature - or for that matter, some other identity that can be cross verified.

Imporance And Benefits Of PKI

PKI is needed because the information superhighway is full of highway-men and con artists who are ready to rob unsuspecting people of their hard-earned money. And even if they are not there, we can't simply do business without being sure that the other party is in fact what it claims to be.

Digital certificates are provided to businesses after a thorough background check. These certificates are then used over websites as proof of legitimacy and identity, and for creating digital signatures to digitally sign documents and email.

This whole process involves management of 'keys' - digital information one part of which is saved at CA (called Public) and other part with the user (called Private). The infrastructure of key management is called PKI. This involves networks, long range connectivity, implementation of encryption algorithms through different applications, policies and procedures governing issuance, revocation and professional supervision.

Many countries around the world have developed their national PKIs. Businesses in a country without a national PKI have to get digital certificates from abroad. But if there is a PKI in place, then the government becomes the top level authority by regulating certification service providers, who in turn issue certificates to businesses in liaison with international CAs. This translates into the following benefits:

  1. Providing legal status to the communication, including emails, carried out through the use of PKI.
  2. Allowing e-commerce to grow as it becomes easier for transaction stakeholders to identify each other and make the other person lawfully liable for digital commitments. It may also mean reduced cost and higher availability of certificates.
  3. Emergence of new products and services on the lines of e-tax return filing. This would mean easier people-to-government access and reduced travel costs.
  4. B2B or person-to-person communication over email could be trusted on a wider scale for the first time. Right now, very few people are known to digitally sign their documents or emails for authenticity; neither companies ask employees to do so when they communicate between themselves within a department or outside a department, largely due to the absence of a common CA.

The Electronic Transaction Ordinance 2002 (ETO 2002) provides details on how legal recognition for electronic documents and electronic signature would work. Thus, the basic legal framework for PKI has been published. The very first lines of ETO present its purpose - 'to recognise and facilitate documents, records, information, communications and transactions in electronic form, and to provide for the accreditation of certification service providers'. Chapter 5 provides details of a Certification Council which would '...grant and renew accreditation certificates to certification service providers, recognise or accredit foreign certification service providers, encourage uniformity of standards and practices...' among other functions.

Features of PKI - CAIN

The main e-security features required for e-security and e-trust include Confidentiality (only the intended recipient gets the information), Authentication (identifying correctly who is who), Integrity (information must not be changed in transit) and Non-Repudiation (the sender can not deny it didn't send the information).

Public Key Infrastructure (PKI) provides all of these features and is considered to be one of the main solutions for providing e-trust, e-security and e-payment services for e-business


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)