Public Key Infrastructures (PKIs) (Tom Holleman)

Public Key Infrastructures are the technological underpinnings of potentially large-scale digital certificate operations.¹ Therefore, it's difficult to discuss one without at least touching upon the other. The main function of a PKI is to distribute public keys accurately and reliably to those needing to encrypt messages or verify digital signatures.

PKIs typically consist of three components:⁴

1. Registration Authority: Implements business policies and procedures for issuing certificates. This function is often performed in-house.
2. Certificate Authority: Gathers information about a person or company in order to authenticate their identify. They then generate and manage the digital certificates. Users of digital certificates typically outsource this function.
3. Registry: Stores and tracks information related to the certs. This function is typically included with the CA.

The goal of an enterprise PKI is to protect information assets through:

1. Authentication: validating the identity of parties in communications and transactions
2. Confidentiality: ensuring that information is not intercepted during transmission
3. Non-Repudiation: ensuring that transactions, once committed, are legally valid and irrevocable
4. Availability: ensuring that transactions or communications can be executed reliably upon demand

Based on recent advances in the PKI industry, there are now two very different approaches to building an enterprise PKI. ⁴ Which is the best option depends on the size, business, and technological expertise of the company .

1. Purchase standalone PKI software and create a standalone PKI service where the enterprise alone assumes 100% responsibility for provisioning all the surrounding technology, including systems, telecommunications, and databases, in addition to providing physical site security, Internet-safe network configurations, high-availability redundant systems, disaster recovery, PKI specialists, viable PKI legal practices, and financially safe PKI liability protection.
2. Deploy an integrated PKI platform which combines enterprise-controlled and operated PKI software/hardware, compatibility with popular applications, and the certificate processing services and infrastructure of a high-availability, high-security PKI backbone with shared liability and independently audited business processes.