PKI and Digital Certificates
Learn how PKI (Public Key Infrastructure) has become widespread as a way to protect users, networks, data, and critical business systems
Public key cryptography has become widespread as a way to protect users, networks, data, and critical business systems. Whether PKI digital certificates are used to encrypt data and ensure privacy, to digitally sign documents and messages to attest to their integrity and authenticity, or to authenticate users and systems and control access, these public key operations are integral to modern operating systems, commercial security products, and custom-built systems. E-commerce, online banking, internet gaming, smartphones, and cloud computing all rely on the use of digital certificates to represent the digital identity of users, connected devices, web services, and business applications.
Each digital certificate issued by a Certificate Authority (CA) is based on a pair of cryptographic keys that form a high strength unique credential that is tightly associated with the user or organization in question and that is used to perform secure operations such as encryption or signing. Read our whitepaper, "Securing Your PKI" for an in-depth discussion on PKIs and their management.
Organizations deploying internal PKIs have the flexibility to define the security models that fit their specific needs, but they face a number of management challenges when it comes to defining, maintaining, securing, and managing their PKI:
- Theft of CA signing private keys or root keys enables bogus certificates to be issued and any suspicion of compromise may force re-issuance of some or all of the previously issued digital certificates.
- Weak controls over the use of signing keys can enable the CA to be misused, even if the keys themselves are not compromised.
- Theft or misuse of keys associated with online certificate validation processes can be used to subvert revocation processes and enable malicious use of revoked digital certificates.
- As new applications are brought on line, not attending to the performance aspects of signing activities associated with issuance and validation checking can result in significant business impact.
PKI and Digital Certificates: Entrust nShield HSM Solutions
Products and services from Entrust can help to ensure the integrity, performance, and manageability of your PKI. By securing the process of issuing certificates and proactively managing signing keys, you prevent their loss or theft, thereby creating a high-assurance foundation for digital security. When you add Entrust nShield Hardware Security Modules (HSMs) to your PKI, you are deploying independently certified, tamper-resistant devices that are used to secure some of the most sensitive keys and business processes in the organization—a widely recognized PKI management best practice.
Entrust supports all leading PKI vendors. As part of its nFinity Technology Partnership Program, Entrust performs interoperability testing with all leading PKI vendors and publishes comprehensive whitepapers and integration guides to help your organization understand key security considerations to accelerate deployment and minimize risk. By taking advantage of products, expertise, and services from Entrust and its nFinity Technology Partners, you will be able to operate PKIs confidently across your enterprise.
- Take advantage of easily deployed and independently certified security for all high assurance key management and certificate issuance processes.
- Offload cryptographic processing to accelerate CPU-intensive signing operations, boosting performance and enabling applications and business processes to scale.
- Eliminate risky manual key management processes.
- Simplify the task of demonstrating compliance and responding to forensic and auditing requests through tightly enforced key management policies.
- Choose from a wide range of HSM form factors and performance ratings to suit various deployment scenarios ranging from large enterprise PKIs to localized or application specific CAs.
Solution Briefs: Entrust Delivers Self-Managed PKI Solutions to Address Enterprise-Specific Security Needs
With more security-sensitive applications depending on the enterprise PKI to deliver identification credentials to individuals and devices, the security of underpinning private keys is essential.
Entrust self-managed PKI offerings combine technical expertise in the design and implementation of organizational PKIs, with the security hardware necessary to provide a robust root of trust for the system.
Solution Briefs: Entrust Helps Airlines Protect the Integrity and Authenticity of Electronic Boarding Passes
The integrity and authenticity of an electronic boarding pass is validated by checking the digital signature of the barcode they use. A digitally signed barcode protects against forgery and enables validation upon check-in. Carriers use private signing keys to sign barcodes and issue associated public certificates from a Public Key Infrastructure (PKI) for their validation. The degree to which carriers can trust their PKI depends on the protection afforded to the root and issuing Certificate Authority (CA) private signing keys. The private signing keys underpin the security of the entire system, and properly safeguarding and managing them is essential.
Solution Briefs: Secure PKIs with nFinity Partners
Enterprise digitalization and the Internet of Things (IoT) are driving the need to establish trusted identities for users, devices and applications. A public key infrastructure (PKI) provides a mechanism by which organizations can establish authentic identities for users and devices but the PKI itself – including the underpinning private keys – requires high-assurance protection.
Download the solution brief to learn how Entrust works with nFinity partners to offer secure PKI solutions integrated with nShield HSMs.
Research and Whitepapers: Securing Your PKI
This paper examines the security risks of typical enterprise and government Public Key Infrastructures (PKIs) and describes how, as more high-value business applications increasingly depend on trusted digital credentials, higher assurance solutions are now necessary to reinforce security and mitigate growing risks. Analyzing such aspects as the number of certificates being used, the importance and value of the applications they support, and whether these applications are subject to higher levels of scrutiny due to government or industry regulatory compliance, are some of the critical factors to consider in assessing whether a PKI can still meet the demands of an evolving organization.