Public Key Infrastructure From bouncy castles and passports
For the verification of identities benefits of certification bodies, the so-called Public Key Infrastructure. Although the technology is more frequently used in everyday life than we might think at the first Moment. It requires at the same time, however, a lot of know-how.
How to fit the electronic passport, Smart Devices, E-Mails, and a bouncy castle in a common context? The unifying Element is the technology of Public Key Infrastructure (PKI)! This is a security infrastructure, the Services for a secure data exchange provides.
By using the PKI certificates and membership of public keys to be checked. This key could be sent, for example, by E-Mail or downloaded from a Website. With digital certificates ensures that it is a forgery of the key.
This results in a wide range of application scenarios. Both of the passport, as well as the electronic identity card to connect to a natural Person with a digital identity. When applying for a passport, the inhabitants checks to the office of the identity and with the submission of the fingerprint is transmitted in addition to the physical identity electronically. At the border control, the Pass is then laid on a reading device which reads the electronic certificates. “You can imagine quite well what needs to be there for a infrastructure. I must, finally, can the world make up the identity of each border control point,“ says Andreas Philipp, Business Development Manager at Primekey. The Swedish company is one of the most well-known provider for certificate-based security systems.
Company electronically secured cooperation from, for example, out of the way, the infrastructure of course much smaller. Intelligent devices are often equipped with digital certificates. If the user wants to query the data, the device signals the Central platform of the manufacturer, where it must identify himself with the certificate. Then, the platform checks whether this unit has access to the relevant information.
Smart devices and IoT Devices are for the PKI, however, is a challenge. Because it is not natural identities, which are provided with the certificates, but to machines, the need to identify themselves to a service. “The identity is already assigned in the production of the device. It is produced, a Software is played, and then it goes online. Only then gets his certificate. And in this Moment, I don’t know, the environment in which the device is located,“ explains Philipp. That’s why companies need secure communication networks to the factories. But this is for Primekey a new area. “In engineering, we need to learn from the IT industry, a lot of it.”
E-Mail signatures, to ensure the integrity of data and the sender need to have certificates in a PKI provides. “Microsoft, for example, has recognized early on, and supplies the default server Software licenses, which contain a PKI. The certificates are integrated in such a way that the users will notice nothing.“ Especially more home office and remote work, the access management has become more important than ever. The relevance of infrastructure for electronic identity cards to be declined in the past year, says Philipp. Small-scale infrastructure for companies to VPN-build networks, and to enable secure E-Mail communication, were on the other hand, asks frequently.
The connection of the passport with IoT devices and the E-Mail opens up so. Behind each of these developments, a PKI is. But what has this to do with a bouncy castle with it? The cryptographic libraries used by Primekey for PKI solutions, based on an Open-Source project in Australia. This is called a Bouncy Castle to castle, and is supervised by the “Legion of the bouncy castle”. The programming interfaces of the project are platform-independent and can therefore connect to external solutions. Commercially, the API collection of Bouncy Castle from the Australian company Crypto Workshop is operated.
At the beginning of February 2020 Primekey Crypto Workshop has taken over. Thus, the company completed the own solutions and covers the entire Software Stack needed for PKI-related, as well as for General cryptographic applications.