Public Key Infrastructure

PKI is a system that facilitates secure and confidential exchange of electronic information using public key cryptography. PKI is an amalgamation of policies, technologies, roles, software and hardware which furthers securing, distributing, managing and revoking Digital Certificates using asymmetric encryption. PKI is used for the issuance of Digital Signature Certificates to authenticate an individual, device etc. It allows encryption and signing of data.

THE NEED FOR PKI

India is moving towards a digital era. There has been significant growth in the field of Information Technology in the last few years. Consequently, there is a boom in e-commerce and e-governance sectors as well. These changes have been impressionable in terms of India’s direction towards digital growth. However, for large-scale expansion in these areas, there needs to be a safe and secure way of transactions and service access. The information shared with government is highly confidential and can be misused for committing frauds. In fact, cyber fraud is a huge epidemic today. Frauds regarding stealing financial information and identity thefts are common.

A strong and trustworthy identification process is required to deal with this issue and further strengthen the future of e-commerce and e-governance. The authentication and security of data and information is hard to protect with the old identification methods. This is where PKI comes into the picture. Public Key Infrastructure is a process that uses public encryption keys for secure exchange of information between sender and receiver. PKI is a system that works on asymmetric cryptography rather than the normal symmetric one. The data transferred via PKI is encrypted using the private key and decrypted using the public key.

PKI SECURITY SERVICES

 Authentication

One of the main functions of PKI is to verify the credentials of an individual, device, document etc. The person holding the public key can cross-check whether the details given to them are valid or not.

 Confidentiality

This helps to maintain the information secure and hidden. Only the person with the public key can read the information. Non-authorized users can’t read the message.

 Non-repudiation

Once the document is signed, the user cannot deny it signing it. There is no doubt left in the fact that a transaction has been carried out.

 Integrity

The document can’t be modified, altered, changed or deleted. The message that is sent remains the same guaranteeing its security.

The following are some of the e-goverance sites that use digital signature for authentication and process-

MCA

DGFT

Indian Customs and Excise Gateway

ENCRYPTION

PkI works on a phenomenon called cryptography which uses mathematical algorithms to make data indecipherable for everyone else other than public and private key holders. This process is called encryption. In other words, encryption is a method that is used to transform a message into an unreadable text which can only be read by the sender and recipient. PKI uses asymmetric form of encryption to code messages.

AUTHENTICATION

With pki.network authentication process is more safe, secure and easy. PKI gives user Multiple Authentication Factor facility. It gives user the liberty to choose from different modes of authentication while enjoying the same amount of security in all the transactions. Customer can opt for OTP, Digital Signature Certificates, KYC, Biometric or Tokens.

BOOTSTRAPPING

SSL(Secure Socket Layer) is adopted by many businesses today to make the data of customers secure and hidden. SSL is a standard protocol, it makes sure that all the data that passes through a web server to the browser is encrypted. It keeps the confidential information such as personal information, card details ATM passwords etc safe. This keeps customers safe from cyber crimes such as hacking into bank accounts.