Company Internal PKIs Are a Good Start – But Need Add-Ons

In many larger companies, there is a Public Key Infrastructure (PKI) tailored perfectly to the individual company’s needs. This infrastructure provides employees with certificates for encryption, signatures, or authorization that can take the form of a multifunctional smart card also used as a company ID or for controlling access via RFID.

One has the possibility to exchange encrypted or signed emails within the company using such an internal PKI; however, this does not guarantee that email communication with external partners is secure. In such cases there is a common hurdle: Some of the communication partners do not have compatible – if any – certificates, which results in confidential emails between employees and external contacts not being able to be encrypted.

PKI-Contacts Supplementing Internal PKIs

In addition to a company’s internal employees, its external contacts also need certificates. Fraunhofer SIT has developed a straight-forward and affordable solution that is closely connected with companies’ internal PKIs: PKI-Contacts.

For secure communication with an employee, external contacts (for example customers, project and business partners, suppliers, etc.) receive a free certificate from the separate PKI-Contacts, thereby enabling them to send and receive encrypted as well as signed emails.

Implementing References

The Fraunhofer-Gesellschaft has a large number of external contacts and is using an implementation of PKI Contacts.  An example of how this implementation of a Public Key Infrastructure for Fraunhofer external contacts works can be viewed at the following link:

First, Fraunhofer employees sign into the web application using their smart card issued by the Fraunhofer-internal PKI. Then, they send an activation link to an external contact. To do this, they only need the contact’s email address.

Using the activation link, external contacts can easily issue certificates via the website of PKI-Contacts for keys they generated on their own computers and use them for encrypted communication with Fraunhofer. They can also find all necessary information about the company-internal PKI (root, certificates belonging to Fraunhofer employees, policies, etc.) on the PKI-Contacts website.

External contacts do not undergo an identity check. Therefore, PKI Contacts is especially appropriate for ensuring the confidentiality and integrity of email content. Who actually uses the email address is of less importance.

Fraunhofer employees can have all of the certificates requested via their account listed and block them personally if necessary. Otherwise, the contacts’ certificates remain valid for one year.

Further Information and Individual Arrangements

Should you be interested in an implementation of the PKI Contacts as a supplement to your company’s own PKI, please contact us. Individual arrangements and adjustments according to your current infrastructure can be made at any time in the framework of a project.

As a Fraunhofer SIT business partner, you can also receive a certificate from Fraunhofer-Gesellschaft’s PKI Contacts and go through the entire process to test it out.