PKI(Public Key Infrastructure)

PKI(Public Key Infrastructure) is a kind of followed the agreed standard key management platform, it can provide for all network applications such as encryption and digital signature necessary password service and key and certificate management system, simply put, PKI is to use the public key theory and technology established the basis of providing secure services facilities. PKI technology is the core of information security technology, but also the key and e-commerce based technology.

PKI technology including the encryption, the basis of digital signature, data integrity mechanism, digital envelope, dual digital signature, etc.

PKI(Public Key Infrastructure) refers to the public key concepts and techniques in providing security services to enforce and the generality of security infrastructure. This definition covering content, is a broader by many people accept the concept. This specifies anything with public key technology, on the basis of security infrastructure are PKI. Of course, no good asymmetric algorithm and good key management is impossible to provide perfect security services, also cannot called PKI. That is to say, the definition of the must have already implied the key management functions.

X.509 standard, to distinguish themselves from rights Management Infrastructure Management Infrastructure, the abbreviation Privilege (PMI), will PKI defined as support public key Management and support the authentication, encryption, integrity and the Infrastructure for sexual services]]. This concept, compared with the first concept can provide not only the narrative PKI security services, the more stressed PKI must support public key management. That is to say, just use public key technology is not called PKI, still should provide public key management. Because PMI use only public key technology but not management public-key, so, PMI can separately described without such confusing concept with public key certificate. X.509 from concept to distinguish PKI and PMI standards of narrative. However, due to the use of the public key technology, PMI establishment and use of the PMI must have PKI key management support. That is to say, PMI had to distinguish themselves from PKI binding together. When we put the two together, PMI + PKI was completely fell on x.509 standard definition of PKI terms. According to the definition of x.509, PMI + PKI can still called PKI, while PMI can as part of a PKI.

The national audit administration [iii] in 2001 and 2003 report put PKI definition for hardware, software, strategy and people, when perfecting system consisting of implementing after, can for sensitive communication and transaction provides a set of information security, including confidentiality, integrity, authenticity and cannot be denied. Although this definition does not mention public key technology, but so far, satisfy the conditions mentioned above only public key technical structure infrastructure, that is to say, only the first definition fits the definition of PKI. So this definition does not conflict with the first definition.

To sum up, we think: PKI is to use public key concepts and technical implementation and support public key management and provide authenticity, confidentiality, integrity and security service shall be investigated for sex of generality security infrastructure.