PKI stands for Public Key Infrastructure and represents a wide array of devices,  software, agencies and protocols that create and control electronic certificates. Some PKI systems are used for registration methods and keeping track of users. For example, when a game manufacturer sells you a copy of their game, you will be asked to fill out a form with your personal information to help the company form an idea of what kind of people are buying their game. The game may also require you to enter a serial number to prove that you actually bought the software. The game company will use PKI software to issue serial numbers and keep track of registered customers.

We can describe PKI (Public Key Infrastructure) as an arrangement in cryptography that facilitates third party examination of, and vouching for, user identities.

PKI allows the binding of public keys to users. These public keys are usually stored in certificates. The process of binding of public keys to users is usually carried out by software in a central location, in coordination with other associated software components installed in distributed locations.

The term Public Key Infrastructure is sometimes used in a broader sense to mean both the Certificate Authority (CA) and related arrangements as well, and in some cases, to denote public key algorithms used in electronic communications. In the latter case, it should be kept in mind that public key algorithms do not require PKI.

Web Of Trust
A web of trust is a PKI scheme that differs from the traditional certificate authority. A web of trust involves a company (trusted source of information) and signs its own certificates whereas third parties attest to the company’s validity. When a customer sees a few trusted third parties within the web, he/she is more likely to trust the validity of all parties involved.

Simple Public Key Infrastructure
Simple Public Key Infrastructure, or SPKI, is the most widely used form of PKI. In SPKI, the issuer of the product key or information is also the verifier that confirms that a key is valid. SPKI allows for the use of thousands of individual keys that each must be approved by either the original issuer or a software created by the issuer to automatically confirm the key. For example, Microsoft’s product key confirmation system is based on the principles of SPKI.

EJBCA

EJBCA is an open source software that allows users to build an entirely customized PKI system for their organization. EJBCA is completely free and allows the organization that uses it to verify their customers’ access.

SECUDE Secure Login
SECUDE Secure Login allows organizations and individuals to use one login for all their needs. By organizing a set of highly encrypted data sets and PKI systems, SECUDE handles as many passwords as can be programmed into it. This reduces customer service costs as well as certification and validation issues that generally arise from security-related needs and situations.

How Does PKI Work?

The public key infrastructure architecture consists of client software, server software such as a certificate authority, hardware (e.g., smart cards) and operational procedures. Using your private key, you may sign messages digitally, and another person can verify this signature using the public key embedded in your certificate issued by a certificate authority within the Public Key Infrastructure, thereby enabling two or more parties to establish confidentiality, message integrity and user authentication without having to reveal any secret information during the process.

The certification hierarchy is rather complex. The operating standards in this area are formulated by the IETF PKIX work group.

Enterprise-scale public key infrastructure systems are sometimes closely related to the enterprise’s directory scheme and combine the employee’s public key – embedded in a certificate – with other personal details such as name, designation, and department. X509 is the most commonly used certificate format along with the directory schema LDAP.

PKI Applications

Public Key Infrastructures have many uses. These include providing public keys and bindings to user identities that are used for:

  • Encryption or authentication of documents (for example, XML signature standards if the document concerned is encoded in XML).
  • In email messages (using S/MIME or OpenPGP).
  • Verification and authentication of users to applications such as in smart card login and client validation using SSL.
  • Bootstrapping secure communication protocols such as SSL and Internet Key Exchange (IKE).

PKI Alternatives

Newer techniques for the authentication of public key information have been introduced and some of them are already in use by various enterprises. The most popular ones include the Web of Trust, Simple Public Key Infrastructure (SPKI) and Robot Certificate Authorities or Robot CAs.