Frequently Asked Questions: PKI


"Identity is a global event, permissions are always local"


Q: What is a PKI?

A: PKI stands for Public Key Infrastructure. The X.509 standard defines a PKI as "The set of hardware, software, people and procedures needed to create, manage, store, distribute and revoke certificates based on public-key cryptography."

PKI has three components in its basic form - Public/Private keys, Digital Certificates, and a Certificate Authority (CA). In a typical PKI deployment, each user is assigned a pair of linked keys - a public key available to others through a CA, and a private key, which is kept secret on the user's client. A user sending a secure message uses the receiver's public key to encrypt the transmission so that only the intended recipient can read the message.



Q: Will CKM® work with my existing PKI?

A: Constructive Key Management® is highly complementary to PKI. PKI was derived from Public-Key or Prime-Key, Derived-Key encryption techniques developed in the 1960s for individual identification and authentication. The techniques were developed before personal computers, networks and the Internet existed - and were designed for one-to-one, point-to-point communications. CKM was developed in the 1990s and is especially well suited to large-scale, distributed client and server-based computing and communications environments. PKI pilot and commercial deployments today are primarily designed to meet the following Information Security Objectives:

(a) Identification
(b) Authentication
(c) Non-Repudiation
(d) Data Integrity

The foregoing attributes of PKI combine efficiently with CKM as it excels in enabling the additional Information Security Objectives of Privacy and Confidentiality (in addition to its core access management capabilities). CKM can be deployed in conjunction with existing or planned PKI deployments to enable a complete, end-to-end security solution. CKM can also be deployed on a stand-alone basis to meet a variety of information security and management objectives, especially in closed environments.



Q: Does it make my system more secure if I use CKM with my existing PKI?

A: Yes, because CKM provides you with the enhanced security technologies of Role-Based Access Control (RBAC) and Information Privacy.

RSA Conference 2002 Presentation: CKM Enabling PKI