Hem Knowledge Base Parts necessary to make a PKI implementation work
Knowledge Base

Parts necessary to make a PKI implementation work

Knowledge Base

Parts necessary to make a PKI implementation work

To provide keys and certificates for an effective PKI solution there are a number of services and functions that have to be realised: 

  1. A client software. In SecMaker's solution Net iD interacts with the below listed parts.
     

  2. Support for digital signatures.
     

  3. Public key certificates.
     

  4. Secure certificate storage.
     

  5. A Certificate Authority (CA). It is the PKI entity that creates and issues the digital certificates, responsible for signing them with the public key part and then keeps them stored for reference. The usage of Certificate Authorities is a basic pillar in a PKI implementation. It is a software tool that creates the digital certificate and ties them in a secure way to the particular user.
     

  6. A Registration Authority (RA). The identities of the requesting digital certificates are verified by the Registration Authority. The CA can take on this role as an RA is an optional component. An RA can never be the issuer of a public key certificate hence generate both the public and the private key as well as verification and validation tasks towards the end user (or end entity). Offloading administrative tasks from the CA to allow operating the CA offline reducing the risk of breach attempts towards the CA.
     

  7. Recovery and backup of keys.
     

  8. Possibility to to cancel and revoke certificates and keys.
     

  9. A function for automatic update of certificates and key pairs.
     

  10. Function for keeping record of histories of the keys and the period of time for which the certificates are valid.
     

  11. Skilled and trained staff. You need a Certificate Manager who takes on the responsibility for issuing certificates, revocation and to delete them. This person also recovers archived keys (private). Typically a person working at the IT support desk. CA administrator. The Certificate Authority computer needs someone that is responsible for managing its' configuration as well as defining its' properties. Backup technician. A person that recovers and backups the complete database of the CA and the CA configuration settings. Audit and log technician. This person works with IT security and defines the events that should be triggered and written to the security logs. With regards to the whole administration, operations and management of the PKI environment.
     

  12. PKI hardware resources definition. Initially you need a physical server to host the Certificate Authority. Then it is up to chosen level of security and the number of PKI applications you will use. As well, to increase security and redundancy, you will probably build a topology with a number of CA servers on different hierarchical levels.

 

Read more about PKI for a secure login

Do you want to know more?

Don't hesitate to contact us so we can answer your questions.