Public Key Infrastructure (PKI)

What is Public key infrastructure (PKI)?

Public key infrastructure (PKI) systems offer authentication in transactions.. PKI provides an electronic identity to a person through the issuance of a digital certificate and a private cryptographic key, usually stored in a secure media such as a smart card or an i-key or even a floppy disk. The person could make use of the identity to digitally sign documents or transactions.

Objectives of PKI Software

• To reduce risk of fraud in electronic fund transfers and other treasury activities.
• To Use of a low-cost public network infrastructure and eliminates the need for dedicated leased lines or VPNs.
• To facilitate real-time cash management with strategic banking partners
• To ensure that only specific users can access and execute high-value transactions
• To Integrate the software easily with legacy systems

Why PKI

The greatest obstacle to e-business in the financial service sector is the lack of trust and security over existing and evolving infrastructures. For e-business transactions to flourish, all parties involved in transactions and communications must be able to confirm the unique and irrefutable digital identity of each participant before relying on that information to make a commercial transaction.

But when it comes to making high-value transactions, such as setting up an online cash management system, even for the so called online banking systems or procuring supplies through the Internet, there is too much at stake in simply trusting someone just because he gave the correct PIN or the correct username and password. Developing systems that are able to provide firm authentication of customers, suppliers and other parties has therefore become a major challenge. Public key infrastructure (PKI) systems have surfaced as the solution to provide trustworthy identities.

In the case of online banking for users, banks need to have a proper system for authentication of the user. Even though banks have a secure network system for encrypted data transfer, still the user is identified using the typical username/id verification process that is vulnerable to hacking. So implementation of PKI makes sure that the party performing a transaction over the Internet is who he claims to be. Later he cannot deny that he has not done a particular transaction, if he had used his digital certificate.

Benefits of the use of PKI

Through the use of PKI and digital signature, one can prove to a third party or the court that a particular piece of electronic document is authentic and can be traced to the person who has digitally signed the document or transaction. This works because the cryptography and mathematics underlying a PKI system ensure that digitally signed documents cannot be forged. The digital certificate can be thought of as the electronic equivalent of the identification card. Thus, the authority which issues the digital certificates (known as Certificate Authority) must be highly trusted and secure.

Besides security, there are other issues related to PKI – technology, legal framework and standards. The technology for PKI has been around for more than a decade and is relatively mature and a number of countries have introduced legislation to recognize the validity of digital signature.

After introduction of IT Laws by many countries has enabled a standard for business transactions. Forums like Asia Pacific PKI Forum allows inter-operability to its digital certifying authority licencees with their counterparts in the member countries of that region. As financial institutions sign on to these policies and business practices, their customers will create an extensive global system of known and trusted businesses. Once certified by a Certification Authority, a trading partner can authenticate any other party with assurance. Even if a trading partner is from another part of the world, the fact that he is a certified member (through the trust relationship with his bank) makes trading viable and reduces the risk of transacting in the global system. By virtue of commonly accepted standards, trading partners will know that:

• Their transactions are legally binding;
• They have recourse in the event of a dispute or a potential fraud situation; and
• They can place legal and practical trust on the electronic identity issued by any Certification Authority

Recommended Articles

• Customer Service Strategies in Banking Sector
• Role of RBI (Reserve Bank of India) in Payment Systems
• Structured Financial Messaging Solution (SFMS) – Safety System for Electronic Transfer of Funds in India
• Article on Indian Banking Sector- “Innovation in Banking”
• Innovations in Customer Services in Indian Banking Sector
• Challenges for Indian Banking System under Basel II
• Know Your Customer (KYC)
• Guidelines for preparing a proper strategy for debt recovery
• Non Performing Assets (NPA)
• Main causes of default of loans from industrial sector

Posts You May Have Missed
• Intermediary participants in the derivatives market
• Definition of Currency Arbitrage
• Organizational Leadership
• Global Strategic Rivalry Theory of International Trade
• Keynesian theory and underdeveloped countries
• Definitions of Corporate Governance
• Legal Definition of a Contract
• Definition of logistics
• Service Process
• Managing Foreign Exchange Risk with Money Market Hedge

• Role of Reserve Bank of India (RBI) in Indian Economy 4 comment(s)
• Theories of Motivation: Herzberg’s Motivation-Hygiene Model 4 comment(s)
• Elton Mayo’s Hawthorne experiment and it’s contributions to management 3 comment(s)
• Definition of management by eminent authors 3 comment(s)
• Mass communication and it’s importance 2 comment(s)
• Corporate restructuring exercises by Procter & Gamble (P&G) 2 comment(s)
• Evolution of Logistics and Supply Chain Management (SCM) 2 comment(s)
• Definition and Features of Promissory Note 2 comment(s)
• Difference between money market and capital market 1 comment(s)
• Definition and nature of a company 1 comment(s)