Having worked closely with PKI for about 10 years, the question that is commonly thrown to me is, “Hey, which industry are you from?” typically, when I mention PKI, most people will not have heard of this term before.

PKI

Although PKI may be a stranger to many of us, it is present in our everyday life and protects us when we travel, buy stuff online, log in to an eService, in medical, buy a house, etc.

As an engineer whose expertise is PKI, I would like to introduce my friend (who is also your friend), Public Key Infrastructure, to you and where you can find him. Hopefully, you can recognize him when you see him again. Recognizing him empowers you to know who and what can be trusted.

From a layman’s point of understanding for PKI, it is a technology that allows an authority to issue a secure identity. This secure identity can be verified accurately using mathematical calculations. Furthermore, it will enable an individual to protect critical information such as a contract, an email, title deed, etc., from altering and impersonation.

To further explain, I will not demonstrate the mathematics behind it but rather I will illustrate using various real-life scenarios.

Travelling

As a Singaporean, I carry a Singapore passport which is an electronic passport. It is embedded with a smartcard chip that contains my identity which is protected using PKI. Whenever I cross a border, the officer at the border can accurately validate the information in my ePassport to determine within seconds, allowing the officer the power to make an accurate decision whether I am allowed entry to the country.

Logo on ePassport

As a passport holder, I felt reassured knowing that if someone were to forge my passport to steal my identity was almost impossible.

Without PKI, validating a passport will depend on human skills, which are subjected to prone human error and might not be as accurate and also time-consuming.

ePassport also made automation possible, where I can present my passport to an unmanned kiosk to access another country, which I believe many of you have seen and benefitted.

For more information: https://www.netrust.net/certificate-authority-epassport-border-control/.

Sealing digital information

Recently I have invested in a start-up. In the process, some documents require signing. However, amid Covid, face to face meeting was not possible. The documents were sent digitally, and I can apply a “handwritten” signature to the digital document. This worries me as I am applying my “handwritten” signature to a document that could be easily altered or questioned on its authenticity of the document.

However, those digital documents are sent via a platform where it will apply a PKI seal (digital signature) on the document after I have applied my “handwritten” signature. With the PKI seal, no one will be able to alter the document after I have signed it, which gives me assurance and comfort that the document will be secure and trusted. I even have the option to apply a digital signature on the document in my name to protect it from any possible alteration or impersonation of my identity.

Digitally signed PDF is valid

 

Digital Signature

I could imagine if there is no PKI seal applied, I would have to resign to fate if the document is ever altered and questioned, making me lose all my investment. In a worst-case scenario, I might even end up in lawsuits.

If you would like to know more about the digital signature on digital documents, you could also refer to a post by my colleague Malgene: https://www.netrust.net/blog/securing-pdfs-with-digital-signatures/.

Navigating the digital world

I am sure this is the most common usage of PKI, but many might not know it. When you visit a bank website, a shopping site, or any website, you want to be sure you are seeing the correct website.

With PKI, all well-known browsers are equipped with the ability to inform the user through indicators if the website that we are visiting is legit. This is through a technology that leverages PKI termed SSL or TLS.

Indicators for a Trusted Website

SSL/TLS not only help users to differentiate legit website from fake ones, but it is also used to protect information such as passwords or credit card details sent between the user and the website. This prevents an adversary from listening in on your password in the open Internet world.

There is also an international standard that governs and mandates the use of SSL/TLS on the Internet, which shows the importance of PKI.

SSL Secure and Unsecured Connection

Besides securing the digital world, PKI has also helped improve the speed of authenticating identity in the physical world.

Related post: https://www.netrust.net/ssl-certificates/.

Summary

PKI has been present in many aspects of our physical life or digital world. It has protected our identity, transactions and documents that are transacted. I hope this blog, helps you in recognizing the use of PKI around you, so that you know if you are protected before using any eServices.

To find out more, contact Netrust Sales Team at sales@netrust.net.

 

Follow us on LinkedIn for the latest happenings/updates.