Security and Decentralised Public Key Infrastructure (DPKI)
A Public Key Infrastructure (PKI) is commonplace on the internet, within financial institutions or anywhere that requires a level of security for verification. The premise of PKI is that anyone can verify a digital signature from anyone else, as long as you have access to the private keys corresponding public key. The two keys are cryptographically linked so that every private key has only one public key and vice versa.
PKI relies on a small number of trusted certificate authorities (CAs) tp be the root of trust. With financial transactions, banks themselves or payment systems act as Central Authorities (CA). Online, our web browsers rely on a small number (hundreds) so that they can easily manage the number of CAs. In a web browser implementation, the owner of a private key, relating to the identity of a website, gives their public key to a CA who signs it with their own private key. The CA then issues a public key certificate. Web browsers check this public key certificate each time you connect to a secured website that offers encryption (HTTPS connections).
The problem with PKI
PKI is both cumbersome and costly to implement, with its centralised nature becoming a vulnerability, in terms of security but also as a singular point of failure. PKI effectively inserts a “middleman” into our digital trust infrastructure.
For regulated institutions or those seeking to implementing strong security models, a middleman is of concern. Risks are associated with CA incidents, CA service availability, CA service prices or the CA going into administration.
The solution, ID Crypt DPKI
A Decentralised root of trust, that nobody owns, but everyone can use is therefore the solution to a centralised PKI solution. The blockchain technology that ID Crypt utilises enables the re-imagination of the root of trust model. Opposed to relying on a CA for its cryptographic root of trust, a consensus algorithm is used, operating over many different machines and replicated by many different entities in a decentralised network.
The blockchain technology that ID Crypt implements provides cryptographic strength in 3 ways:
The result is a cryptographic ledger of immutable records. Each entry by ID Crypt is digitally signed by a private key, with the blockchain itself being used to store the associated public key. Each public key has its own address, this address is called a decentralised identifier (DID). DIDs are not rented from a service provider, rather they are issued and cannot be taken away from the controller of the associated private key.
DID is a standard from the W3C.
New security models
The ID Crypt platform enables organisations to implement security models that remove the dependency on a CA, bringing added security, greater efficiency and drastic improvements in the availability of services.
Find out how ID Crypt DPKI security services can enable and secure your solutions.