A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.
Without PKI, sensitive information can still be encrypted (ensuring confidentiality) and exchanged, but there would be no assurance of the identity (authentication) of the other party. Any form of sensitive data exchanged over the Internet is reliant on PKI for security.
A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificates are at the heart of PKI as they affirm the identity of the certificate subject and bind that identity to the public key contained in the certificate.
- A typical PKI includes the following key elements:Certificate authority (CA): issues digital certificates to entities and individuals after verifying their identity. It signs these certificates using its private key. Its public key is made available to all interested parties in a self-signed CA certificate.
- OCSP Server: operate as a robust validation hub solution, capable of providing OCSP certificate validation services for multiple Certificate Authorities (CAs) concurrently.
- TSA Server: provides independent and irrefutable proof of time for business transactions, e-documents and digital signatures.
- LTANS: As part of complying with internal policies, external regulation or legislative requirements, certain business documents must be securely archived for a number of years into the future.
In order to provide the best product in the market, we build a strong and lasting partnership with Entrust DataCard, Ascertia, Gemalto, Safelayer, Realsec, Primekey.