What is PKI (Public Key Infrastructure) and why do I need it?

Answer: 

Public Key Infrastructure (PKI) is the combination of software, encryption technologies, and services that enables entities to protect the security of their communications and business transactions on networks. Using a combination of private (e.g., secret) key and public key cryptography, PKI enables a number of other security services, including data confidentiality, data integrity and non-repudiation. PKI integrates digital certificates, public key cryptography, and certification authorities into one complete network security architecture.

A typical PKI infrastructure encompasses:

  • The issuance of digital certificates to individual users and servers
  • End-user enrollment software
  • Integration with certificate directories
  • Tools for managing, renewing, and revoking certificates
  • Other related services and support

A PKI certificate allows someone to digitally bind their identity and use the certificate to perform some of these functions:

  • Encrypt and authenticate e-mail messages and documents
  • Digitally sign e-mail messages and documents
  • Authentication and/or authorization of users to networks and applications e.g., PIV credential login
  • Authorization of a user to an application giving rights to perform specific functions
  • Perform any of the above functions using a personal computer or mobile device

As a government employee or contracted worker, you may need now, or at some time in the future, a PKI certificate to gain access to the agency information network and systems.

Email This Link