How We Secure: Encryption
Public Key Infrastructure (PKI)
SurePassID Universal MFA uses digital certificates to ensure secure connections with external entities.
Definition
Public Key Infrastructure (PKI) is a set of services that uses a public and private cryptographic key pair to allow users on an unsecured network to securely exchange data. Typically PKI is comprised of four parts:
- Certificate authority – verifies user identities
- Registration authority – approved by the certificate authority to issue certificates for specific uses
- Certificate database – stores requests and issues and revokes certificates
- Certificate store – houses issued certificates and private keys
PKI certificates are commonly used to secure web sites (HTTPS), authenticate users and computers (SSH), and sign and encrypt email (PGP).
How SurePassID works with PKI
SurePassID uses PKI to establish secure connections between the SurePassID Universal MFA platform and external entities, such as an Active Directory Domain Controller or a managed endpoint. SurePassID checks to see if the user accessing the application has the necessary certificate present. If yes, SurePassID then enforces the specified MFA policy. If no, access to the application is automatically denied.
SurePassID also uses PKI to protect our own cryptographic secrets, such as AES 256 symmetric encryption keys.