What is PKI?
Information technology sector in India has developed at very rapid pace which has resulted in the IT sector’s increased contribution to India's GDP from 1.2% in 1998 to 7.7% in 2017. This in turn has led to e-commerce and e-governance being an integral part of the social and economic life. E-government is the cornerstone of the next-generation of government. Citizens, businesses, and government agencies are already benefiting from their ability to access services and conduct transactions online. E-government programs allow government organizations to deliver services, distribute resources, and administer programs more efficiently, which drives operational costs down and provide better citizen services.
E-commerce in India has taken the world of retail by storm and captivated the imagination of an entire generation of entrepreneurs, with e-commerce ventures with various business and commercial models. The explosive growth in the last few years has already catapulted the biggest firms among these ventures past the billion-dollar territory. The sector has grown manifold in the last few years.
The growth of the e-governance and e-commerce is also marred by the growth in cyber fraud. One of the most dangerous vectors for web fraud today - including phishing and counterfeit ghost sites - is the "Man In The Middle" attack (MITM). Cybercrime has become a rapidly growing underground business built by savvy criminals, who buy and sell valuable stolen financial information from millions of unsuspecting internet users every year in an online black market.
Traditional identification credentials are neither robust enough to protect against cyber fraud, nor can they enable the next generation of applications, such as digitally signed tax returns, electronic tenders, and seamless border control. Instead, the need of the hour is a strong authentication, encryption, and digital signatures that are part of a comprehensive and scalable Public Key Infrastructure (PKI) platform.
PKI is the foundation on which secure and trusted transactions can be executed. Whether between individuals and governments; businesses and governments; or inter-government relationships, PKI allows entities to securely authenticate all participants in a transaction.
A Public Key Infrastructure (PKI) provides users and applications with an underlying "trust" that is essential for providing secure e-business and egovernment services. PKI offers the following security services:
- a) authentication;
- b) integrity;
- c) confidentiality; and
- d) non-repudiation.
- Authentication is the process of proving or verifying certain information. Commonly this is used in the confirmation of an individual’s identity to ensure they are who they say they are. Authentication is also used to validate other attributes of an individual rather than their identity – such as their age group, membership of certain groups, security clearance status, etc. The object of authentication does not have to be an individual – details of a document’s origin or the destination of an article in transit, are other attributes that may need to be validated.
- Integrity in this context refers to the process of ensuring that information cannot be deleted or modified in any way. It is important to know that a message that has been received is identical to the one that was originally sent. A PKI makes it possible for documents to be published such that their integrity can be verified by a potentially unlimited number of recipients.
- Confidentiality (or privacy) is the process of preventing unauthorised users from reading information. Confidentiality is achieved by encrypting the original information making it unintelligible to anyone, other than authorised receivers, who can decrypt to restore the original information.
- Non-repudiation is the process of proving, beyond denial, to a neutral third party that an event occurred.