Public Key Infrastructure (PKI)

Enabling Effective Two-Key Encryption

‘Encryption’ is a pop-tech buzzword, but practical decisions on the implementation of high-level encryption can spell the difference between the success and failure of a security system.

One of the most secure methods of encryption involves a complicated system of asymmetric key pairs. These differ from common (symmetrical) internet passwords and ATM PIN codes insofar as they are more complex, but generally also more secure. They involve the generation and use of two different key pairs, namely one public and one private key. As the name implies, the private key is kept secret and never divulged, whereas the public key is shared with the recipient or sender of the secured communication. Both keys must be combined for final decryption to function.

The major issue: how to ensure that the received public key is really originating from the person for whom the encrypted message is intended?

Flexible choice of certification authorities

Veridos works with a Public Key Infrastructure (PKI) to protect the public key while still allowing its origin to be traced. Each PKI typically consists of one or more certification authorities which create and issue digital certificates. Each certificate contains the public key of the private key holder, the name of the private key holder, a serial number, the name of the certification authority and other selected and relevant details. The certificates are digitally signed by the certification authority to ensure their protection and integrity.

Veridos offers proprietary components and products for installing a country-wide Public Key Infrastructure for the issuance of security documents. Equally important, Veridos offers end-to-end consulting on setting up a Public Key Infrastructure, ensuring that the final system runs smoothly and meets all the needs of the customer.

Several layers of safeguards

PKIs are both reliable and highly secure. The method includes several layers of safeguards, including the option to verify the signature of the certification authority included in the certificate. Once verified, the recipient extracts the public key and decodes the information.

For extra security, it is also possible to implement certification authority hierarchies. In this scenario the highest level certification authority (typically called root CA) issues certificates only for lower-level certification authorities, which in turn issue the user certificates for the citizens. This builds trust and boosts acceptance for the extra steps needed to make asymmetrical encryption successful.