Deploying and using public key technology: Lessons learned in real life

The deployment and use of public key infrastructure (PKI) technology for information security by Johnson & Johnson is discussed. A PKI is a technical infrastructure that issues users electronic credentials called digital certificate which are unspoofable because they are digitalally signed by a cerification authority (CA). With certificates used for authentication and digital signature, only the subscriber named in the digital certificate possesses the private key which makes identity theft difficult. Building of PKI entails two separate processes which includes establishing a trustworthy source for the identities that will be placed in the certificates.