PKI for Authenticating Remote Access VPNs: How Government Agencies Ensure Secure Communications
With many documents critical to matters of national security being accessed on a daily basis, government agencies must ensure that all users trying to establish connections of any type to their networks are who they say they are, that they are authorized to access locations that they are connecting to and that all communications are encrypted. Public Key Infrastructure (PKI) compliance is the system that the public sector uses to verify a user’s information when attempting to establish a secure connection.
PKI compliance in the United States, for example, is administered and monitored by The Federal PKI Policy Authority, an interagency body that was setup under the CIO Council to enforce digital certificate standards for trusted identity authentication across federal agencies and between those agencies, universities, state and local governments, and commercial entities. PKI enables users on non-secured networks to transmit data securely and privately. It does so by using a pair of public and private cryptographic keys obtained and shared through a trusted Certificate Authority (CA). The PKI system ensures that the digital certificates generated to match an identity with their public keys are stored by the CA in a central repository and can be revoked if necessary.
The public key cryptography assumed by the PKI system is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditionally, cryptography has involved the creation and sharing of a secret key for the encryption and decryption of messages.
The most well-known uses are email and document encryption and authentication, but PKI is actually much broader than that. It can provide authentication for VPNs with a valid certificate, which is standard in both IPsec and SSL-based remote access solutions.
Essentially, once a product receives PKI certification, government agencies can use a VPN gateway to authenticate remote access to applications within their secure networks. NCP recently went through the certification process and after undergoing rigorous testing, our Secure Enterprise Server was awarded a PKI compliance certificate by the U.S. Department of Defense (DoD).
Government PKI requirements are typically very stringent, and it is difficult for organizations to obtain certification. This guarantees that governments are using the most secure encryption methods possible to safeguard sensitive information in transit.