PKI Services


A PKI should provide different types of services for the organization.

While more and more PKI-ish services are created in the recent years. Three core ones should be implemented in any case.

Authentication - Assurance to one entity that another entity is who the cn claims to be

Integrity - Assurance to an entity that data has not been changed (intentionally or not) between two communication points.

Confidentiality - Assurance to an entity that no one can read a particular piece of data except the intended recipient.



Two favors

Entity identification: Idenify the specific entity involved, not related to other activities (e.g. what the entity could do).

Use to produce a "yes" or "no" to enable other activities to follow (E.g. ACL to access file, or use symmetric key to decrypt file)

Local authentication - normally involves the user directly (with uid, password, pin, etc)

Remote authentication - may or may not involve the user directly. Actually, remote authentication systems do not want to link user because:

- Avoid passing authentication materials (uid / password) over insecure network

- SSO might not be supported. So, re-authenticate over and over again is not good.

Use a "token" to indicate to the remote system that authentication is resulted, instead of passing the authentication materials around. (also called subequent authentication).

Single factor versus Multi-factor authentication

The four most common factors are:

Something you have (ATM card, a smart card, securID token)

Something you know (pin, password, passcode)

Something you are (thumbprint, retinal scan)

Something you do (such as handwriting / signature)

Single is picking one factor. Multi-factor is picking more than one factor.

Two factor authentication is the most popular in the commercial world. E.g. smart card (pin + chip). securID (tokencode + pin)

Makes impresonation very difficult

Second favor

Data origin identification: Identify an entity as the source or origin of a given piece of data.

This is not isolation identification. It is intended to statically and irrevocably binding the identified entity to some particular data, regardless of any subsequent activities in which the entity might engage later.

Provide support for non-repudiation


PKI normally does not do initial authentication. User does not generate private key on the fly. Userid and password is the most common way

Remote authentication would use PKI (to conveyed from local to remote system). PK technology is used to achieve the authentication using sophisticated challenge-response protocols and signed messages.


Remote Authentication

Traditional authentication

Richard needs to logon to Carmen

The only way for Carmen to verify Richard is to compare something common that they have (in most cases, it is the userid and password)

Richard send userid and password to Carmen

Carmen compares the userid and password to what Carmen stores, and authenticate Richard into the system.

(In this case, userid and password need to send over the network)


PKI authentication

Carmen transmits a challenge (a randam piece of text) to Richard

Richard uses his private key to sign the challenge into a "signed challenge"

The signed challenge is transfered from Richard to Carmen

Carmen use the public key of Richard to verify the "signed challenge" is correct.

(No authenication material is sent over the network)

(The main idea is that a user only needs to sign on to a local system to gain access of his/her private key, then use the signing method to authenticate to all the remote systems in the network)

(It depends on one thing! A certificate with public key is available)


Authentication could be done with digital signature

Digital signature is computed over the hash of one of the following:

Some data to be authenticated <- data origin authentication

Some request that the user intends to send to a remote device <- entity authentication

A random challenge issued by a remote device (the above case) <- entity authentication




Data integrity is the assurance of non-alternation.

The stored data or the transmitting data must not be changed.

Parity bits and Cycle Redundancy Code (CRCs) could be used to avoid some data integrity.

CRCs are good for accidental bit error detection. But data manipulation of the whole data set cannot be avoid

PKI with signing ability could assure data integrity


Digital signature can not only provide authenticity but also integrity over the signed data

If data is changed, the digital signature will not be verified


MAC (Message Authentication Code) or HMAC-SHA1 (some cryptograaphic hash function) could also be used. These are symmetric key method, but the key can be distributed by PKI.

This will then be a key exchange method

1. Generate a fresh symmetric key

2. Use the symmetric key to generate a MAC for the data

3. Encrypt the symmetric key for Richard using his encryption public key

4. Send the data to Richard along with the encrypted symmetric key


1. Use Richard's public key in combination with Carmen's private key to generate a symmetric key

2. MAC the data using that symmetric key

3. Send the data to Richard along with her public key certificate

Richard then regenerates the symmetric key using Carmen's public key (from the certificate) and his own private key to verify the integrity of the data



It is the assurance of data privacy

Confidentiality must be employed for all sensitive data

PK crytography with key exchange could be employed


Carmen generates a symmetric key

The symmetric key is used to encrypt the data

The encrypted data is sent to Richard along with Carmen's public key (in a certificate) or with a copy of symmetric key encrypted with Richard's encryption public key