Up One Level



Where encryption of data is required, perhaps between the organisation's internal networks and between clients and representatives, a means of generating and managing the encryption keys is required.

PKI, or Public Key Infrastructure, is the use and management of cryptographic keys - a public key and a private key - for the secure transmission and authentication of data across public networks.

Caution : Whilst the overall mechanisms and concepts are generally agreed, there are differences amongst vendors.

A public key infrastructure consists of:

  • A Certification Authority (CA) that issues and assures the authenticity of Digital Certificates. A Digital Certificate will include the public key or other information about the public key.
  • A Registration Authority (RA) that validates requests for the issuance of Digital Certificates. The Registration Authority will authorise the issuance of the keys to the requestor by the Certificate Authority.
  • A certificate management system. This will be a software application developed and provided by the vendor of the PKI system.
  • A directory where the certificates, together with their public keys are stored; usually confirming to the X.500 standards.

*** The Information Security Glossary ***
Previous PageTop of this pageNext Page

Buy Now:


This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World
Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word
 Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit