Public Key Infrastructures

PKI is an abbreviation and stands for public key infrastructure. It is an important component of a solid security concept and describes a cryptographic trust anchor. Within this framework, every device and every user must identify themselves. Only with successful authentication is it then possible to enable secure communication or connection between two endpoints.

Definition and Explanation

Where do you use Public Key Infrastructures?

The concept's security mechanisms provide greater security between digital and physical resources. To enable secure communication between people, devices and software, they must create and manage trusted electronic identities. These identities include people, services as well as objects.

PKI Basics

These are the Characteristics of a PKI

The foundation of PKI is hardware, policies, standards and software. Without a combination of these elements, it would not be possible to create a digital PKI certificate. Let alone distribute, manage or even revoke it. Finally, the PKI guarantees that a digital certificate is trustworthy. For this reason, it is characterized by different features.

The Digital Certificate: The digital certificate is composed of various data such as a serial number and other identifying information. In most cases, it is based on the X509 standard. This uniquely assigns a public key to an application, a device or a person.
Public and Private Keys: While the public key is known, only its owner knows the private key. This ensures that the person, system or device can identify itself uniquely. Both keys are created as a pair and mathematically linked.
The Electronic Identity: The combination of a public digital certificate and a private key is also known as eID. Thanks to the PKI infrastructure, the ensemble of certificate and private key functions like a digital ID card. It therefore makes it possible to prove one's own identity.

Industries

Certificates

Application Areas

We Help with the Secure Implementation of a PKI

Because PKI manages electronic identities for people, devices, and services, it allows strong authentication, data encryption, and digital signatures.

PKI Types

Description of the Types of PKI in the Company

The basis for this system is the combination of a public and a private key. With the help of these keys, the PKI infrastructure checks whether communication with other devices is possible, for example. In concrete terms, this means that the PKI verifies the identity of the owner. After the check, it issues a certificate for the respective public key, thereby certifying the authenticity of the key pair. The authenticity of a certificate can also be verified in this way.

A PKI Describes a Security Pyramid: It is important to note that PKI is a multi-level security pyramid. Even with one PKI card, different instances are used that must successfully confirm the identity.
Until now, the PKI standard has been implemented locally in companies' own data centers. The problem with this is that the necessary know-how and sufficient personnel are absolutely essential.
PKI from the Cloud and As-a-Service: In order to be able to use the PKI from the cloud, it is necessary to create different security policies. It is also necessary to conceptualize and specify the entire PKI. They can then be adapted and implemented on the basis of the system environment and the operating concept. For companies, however, the question arises: Is it better to use the PKI in the cloud, as-a-service, or to continue to rely on the on-premise solution?
On-premises Implementation: The necessary capacities must also be determined. For example, anyone who needs PKIs only temporarily will definitely benefit from an outsourced solution. In the case of a constant volume, on the other hand, the specialist know-how is usually firmly anchored in the company. In this case, it may well make sense to consider a local implementation.

Range of Services for Cyber Security

Further useful Services within the Scope of an IT Security Audit

Penetration Test: Penetration tests are simulated attacks from external or internal sources to determine the security of web applications, apps, networks, and infrastructures and uncover any vulnerabilities.
Cloud Security: Due to the increasing complexity of cloud infrastructures, many services are misconfigured. We help you identify and eliminate misconfigurations and their effects.
Phishing Simulation: A spear phishing simulation is used to increase the detection ability of employees. We help you to sensitize your employees and thus strengthen the last barrier.
Static Code Analysis: Static code analysis, also known as source code analysis, is typically performed as part of a code review and takes place during the implementation phase of a Security Development Lifecycle (SDL).

Linkable in Your Website

Certification with Seal

We have developed an effective and comprehensive format for verifiable security that can be integrated directly into your website. This certificate proves to third parties such as customers or insurance companies a high level of security, data protection and IT security awareness.

The certificates we issue prove a high level of IT security at a given time according to a standard or individual test modules. Depending on the assessment, different test guidelines are chosen and evaluated.

To the Certificate