Public key infrastructure

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Public key Infrastructure is an important aspect of any organization as it helps protect the information that is so vital. PKI is used at various levels and for numerous purposes. The PKI is not only useful in protecting the information but also the assets of the organization. The main idea behind PKI is to bind the public keys with individual identities with the help of Certificate Authority (CA). This binding of two roles is done by Registration and issuance process carried out by the Registration Authority. The beauty of using this PKI is that each user's identity is made un-forgeable by certificate Authority with various conditions and attributes. With regards to the Metropolitan Police Service (MPS) this will prove a major advantage as the MPS users need to have a constant access even from remote location. This PKI will help achieve the required security with agility.

[1]Issuing Certificate:

Data structure known as certificate is used to bind the specific identities with public keys and usage information with digital signatures. The root of success or failure of PKI is based on its root Certificate Authority, because if one of the digital identities is compromised then the whole system is endangered. [1]

There is a need to issue a certificate only when a user wants to get a certificate in order to prove his identity in the future. He must first request a certificate from the Certificate Authority (CA). This request may contain the user's public key, if not the CA will have to generate the pair of keys for him. In order for the CA to issue the certificate it has to verify the user's identity and the public being sent belongs to him. Only after verification the CA will generate a new certificate for the user and sign with CA's private key to make it authentic. The CA will then send this certificate to user along with the user's new private key. [3]

This may sound very simple but actually it is not, but this is very appropriate for the MPS as they have new recruit coming and few people leaving the MPS. By issuing of new certificates and the cancelling old certificates the MPS can easily manage the changes in their force without any tedious work. [3]

Validating Certificate:

The process of validating the certificate is very important to make sure there are no intruders in the system. This is done with the following process:

* The users will request the content from the user.

* The server will then request the certificate from the user.

* The user will provide the certificate that is available with them.

* The certificate is then sent to the CA to check the validity and authenticity of the certificate.

* Then the CA provides the information of the certificate and the attributes that it has.

* The requested information is accessible by the attributes the user receives the information. [4]

The process is described below in the pictorial manner:

Multiple CA's:

There may be many reasons why we use more than one CA. But the reason for selecting this in MPS is the reason that there is such a large workforce which is working in MPS. If there is only a single CA, there may be issues when there are bulk users trying to connect to the server. For this reason we user multiple CA with distributed server architecture. There are 2 main kinds of Multiple CA architecture available: Hierarchical CA and Mesh CA. [1]

As would have notices the one on the left is Hierarchical CA and the one on the right is Mesh CA. [1]

In the hierarchical CA the subordinate CA is in relationship with the higher CA. In this architecture we have CA issuing certificates to the users and also to the subordinate CA's.[1]

In this hierarchical CA the CA's are connected to each other with P2P and they issue the certificates to the users. In this architecture the CA's have trust among themselves.[1]

Is the PKI Unbreakable? Can RSA be trusted by MPS?

The PKI is unbreakable when installed and operated with care; this may be a tough statement. This is done with the help of Public key encryption techniques like RSA and the use of digital signatures with the help of CA's. RSA is known for its nature of practically unbreakable. An Encryption technique is said to be unbreakable if the only way to break the encryption is through the extensive search. RSA can achieve this. If RSA is used with the right key length. It will make the system unbreakable practically. Since we are using the digital signatures. By giving the fixed time limit to the validity of the Digital Signature. We make the system unbreakable theoretically and practically.