Internet today is rapidly emerging as the most powerful communication tools available. Full convergence of services is already a reality with the World Wide Web. More and more e-governance and e-commerce services are provided on the internet. Authenticity, Integrity, Confidentiality and Non-Repudiation requirements of various e-services are fully met using Internet. Contracts required by these services are also getting successfully executed on the Internet.

Public Key Infrastructure (PKI) is the basis for safe and secure fault free provision of all e-services on Internet. PKI uses two separate keys one for encrypting the data and the other for decrypting the encrypted data. These two keys of a pair are mathematically related to each other. Two keys of a key pair are known as “The Public Key” and “The Private Key”. This is also known as asymmetric Key System where an encryption by any key of a pair can be decrypted only by the other key of the same pair. It is very difficult, if not impossible, to mathematically calculate the Private Key from the corresponding Public Key of more than 1024 bits long.

A key pair is associated with an Owner who could be an individual, a computing device or a computer application. As the name indicates, Public Key is known to many people while the Private key is to be kept secret by the owner of the key pair. Private Key is used by the owner for authenticating e-mail or an e-record while the corresponding Public Key of the owner is used for verifying this authentication.

Digital signature of a person is defined as the encryption of the hash value (finger print or abridged or compressed version) of an e-mail or of an e-record by the Private Key of that person. Digital signature of a person is therefore closely linked with the contents of the document the person has signed because hash value depends on the contents of the document. Any change in the document after signing can be detected very easily thus giving the full authenticity to the digitally signed document. Similarly when an e-mail is encrypted with the Public Key of the recipient, it provides full confidentiality as it can be decrypted only by the Private Key of the recipient and not by any other key. It is thus ensured that only the recipient can read that mail.

The association of a key pair with a particular person has to be made by a reputed organization regulated by National statutory Regulator. The organization certifying this association is called “Certification Authority (CA)”. This association is made through a Public Key Certificate (PKC) issued by the CA to the owner of the key pair (subscriber). A PKC lists the public key and the details like name, address etc. of the person associated with this public key. CA verifies these details physically before issuing the PKC. Holder of the PKC can then use it on line for authentic communications. To make the PKC temper proof, it is digitally signed by the CA. List of all PKCs issued by a CA are displayed as a directory (repository) on its web site. This can be viewed on line by all relying parties. List of PKCs revoked is also displayed and is known as “Certificates Revocation List (CRL)”.

Set of rules describing the applicability of certificates to various applications, groups of people and the associated security requirements are to be stated by the CA in a policy statement known as the “Certificate Policy (CP). The description of the practices and processes adopted by the CA for conducting his CA business is given in a statement called “Certification Practice Statement (CPS)”. Both CP and CPS should be available on the CA web site.

Root Certification Authority or sometimes referred to as Root, is a CA who issues certificate to other CAs but his own certificate is self signed.

Root, CAs, CPs, CPSs, Act, Rules and Processes all together are known as Public Key Infrastructure (PKI).

Many countries have enacted ICT Act based on model law proposed by United Nations Commission on Industry, Trade and Law. Other countries are in various stages of adopting similar laws making digital signatures at par with paper signatures thus providing Non Repudiation capability to digital signatures.