Q: What does NPKD stand for?

<p>NPKD stands for <a href="https://www.primekey.com/products/software/primekey-npkd/">National Public Key Directory</a>.</p>

Question 1

What does IIoT stand for?

Accepted Answer

IIoT stands for Industrial Internet of Things.

Question 2

What does NPKD stand for?

Accepted Answer

NPKD stands for National Public Key Directory.

Question 3

What does HTTPS stand for?

Accepted Answer

HTTPS stands for Hypertext Transfer Protocol Secure.

HTTPS is an extension of HTTP and is used for secure communication over a digital network, most often the Internet.

Https

Learn more about IT security and PKI (Public Key Infrastructure), the backbone of most IT security solutions today:

About PKI solutions

Question 4

What does SSL stand for?

Accepted Answer

SSL stands for Secure Sockets Layer.

Question 5

What does TLS stand for?

Accepted Answer

TLS stands for Transport Layer Security.

Question 6

What does MRTD stand for?

Accepted Answer

MRTD stands for Machine Readable Travel Document.

Question 7

What does PKCS stand for?

Accepted Answer

PKCS stands for Public Key Cryptography Standards.

Question 8

What are the Android signing schemes?

Accepted Answer

Android application signing is based on certificates and RSA or ECDSA keys.

Android application signing is an essential part of securely developing, distributing and installing android applications and it is a pre-requisite for any application that is to be installed on an Android device. The technology used for Android application signing has continuously evolved by the introduction of new signing schemes. The core idea here is that, while developing and distributing apps within the Android eco system, security and trust for the signing schemes should be maintained by a crypto agile code signing approach. In addition to the original v1 signing schema that is identical to JAR signing, Android applications may now be signed with v2, v3 and v4 signing schemes.

Android versions until Android 6 used Android v1 signing scheme. Android 7 introduced v2 signing scheme. Android 9 introduced v3 signing scheme and Android 11 introduced v4 signing scheme. For maximum compatibility and security, Android developers are recommended to sign their applications with all signing schemes. Features in the later signing schemes also improve user experience when installing Android applications.

Read our Tech Update to learn more:

Android signing schemes, compliance and crypto agility

Question 9

What is crypto agility in code signing?

Accepted Answer

Crypto agility is a principle for gradually improving security and attack resistance in a secure infrastructure based on cryptography.

Any cryptographic algorithm has weaknesses. As cryptographic research and computing power evolves the ability of existing algorithms to protect data privacy and integrity is reduced.

In an eco system for distribution and deployment of code, the use of multiple code signatures in parallel enables the code signing system to be crypto agile. New cryptographic algorithms are introduced and new deployment environments are set up to require signatures with stronger cryptography. By increasing the lowest cryptographic strength supported in any target environment where the code is deployed, the use of legacy algorithms may be phased out and the security of the eco system is kept strong enough to resist attacks.

How PrimeKey can help

Learn more about PrimeKey's code signing solution, for preventing harmful firmware and software updates:

Explore our code signing solution

Question 10

What is a digital certificate?

Accepted Answer

A digital certificate is a digitally signed document and can be compared with the physical identity card or a passport in the analog world. A digital certificate is used to provide and prove the identity of a user, server or thing when communicating over untrusted networks.

Question 11

What is x.509?

Accepted Answer

X.509 is a PKI standard for digital certificates and public key certificates. It verifies that a public key belongs to a specific user, server or other digital entity.

Learn more

What is PKI?

What is a digital certificate?

Question 12

What is a Validation Authority?

Accepted Answer

A PKI Validation Authority (VA) provides validation of PKI certificates.

Certificate validation services can include access to Certificate Revocation Lists (CRL), Online Certificate Status Protocol (OCSP) and CA chain certificate downloads.

The validation of certificates is one of the cornerstones of PKI

Since certificates can not only be issued, but also revoked, it is necessary that the certificate validity is confirmed before trusting a certificate. That is where the Validation Authority comes in.

How the Validation Authority works with the Certificate Authority

The issuing Certificate Authority is responsible for feeding the Validation Authority with certificate status updates based on the defined policy.

With CRLs, you are dependent on the issuance of a list of the revoked digital certificates by each related certificate authority (CA).

For true online certificate validation, an OCSP Responder service can be more convenient. Using a back-end-storage, a Validation Authority can request the certificate status and update it immediately upon certificate revocation.

About PrimeKey's EJBCA Validation Authority

EJBCA Validation Authority (VA) enables on-line certificate verification, by use of OCSP or CRLs.

Explore EJBCA Validation Authority

Question 13

What is a Certificate Authority?

Accepted Answer

A Certificate Authority manages the certificate lifecycles for people, servers or things. A Certificate Authority (CA) issues, renews, manages and revokes digital certificates.

A CA signs certificates with its private key and is the trust anchor for the issued certificates. The Certificate Authority private key is normally stored in a Hardware Security Model (HSM).

How PrimeKey can help

EJBCA Enterprise provides a complete public key infrastructure (PKI) and certificate management, for implementing a CA.

Explore EJBCA Enterprise

Question 14

What is the NIS Directive?

Accepted Answer

The Network and Information Systems (NIS) directive is an initiative developed to protect the economy of the European Union from major cyberthreats.

The NIS Directive was adopted by the European Parliament on July 6th, 2016, and entered into force in August 2016. Member states had to transpose the directive into their national laws by May 9th, 2018 and identify operators of essential services by November 9th 2018.

The NIS directive ensures member states are prepared, and provides legal measures to boost the overall level of cybersecurity in the EU. NIS requires member states to be appropriately equipped in several ways, including Computer Security Incident Response Teams (CSIRT) and a competent national NIS authority.

Businesses that are identified as Operators of Essential Services (OES) have to take appropriate security measures and notify serious incidents to relevant national authority. Key digital service providers including search engines, cloud computing services and online marketplaces also have to comply with the security and notification requirements under the NIS directive.

For organizations to meet the obligations of NIS, the task can be separated into administrative and technical measures. Administrative measures are implemented through the accordance of security standards like ISO/IEC 27001 Information Security Management System (ISMS). These are supported by administrative actions and risk management measures including ongoing user training, security audits and ethical hacking to ensure security competency and to improve organization’s level of cyber readiness from both business and regulatory perspectives.

Technical solutions include the implementation and continuous development of cyber situational awareness solutions such as SIEM (Security Incident and Event Management), secure identity confirmation tools, and data communications security solutions. Only a combination of administrative and technical measures is enough to comply with the NIS authoritative requirements.

PKI and code signing help meet NIS compliance

To meet the fundamental requirement under NIS for “appropriately authenticated and authorized” access, organizations need a method of defining and enacting controls that is both secure and can be deployed across disparate infrastructure and processes.

Public Key Infrastructure (PKI) is the most widely adopted form of technology for establishing the identity of people, devices, and services – enabling controlled access to systems and resources, protection of data, and accountability in transactions. PKI includes a set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public keys.

Certificates are issued to entities such as users, devices, web servers, passports, smart cards and IoT devices. The provisioning of certificates to either devices or tokens enables two benefits. Firstly, it gives a device or a token an identity, and secondly, it provides the means to setup a secure encrypted communication channel. PKI and certificates deliver a method as required by the NIS directive to identify, trust and securely communicate with any entity throughout an entire organization, partners, and customers.

PKI also underpins technologies, such as digital signatures and encryption for use cases as diverse as e-commerce and the growing Internet of Things (IoT). Digital signatures can secure additional activities, such as signing PDFs, code or other information assets, to ensure the origin of the document/code or to ensure that a transaction was in place at a certain time. Digital Signatures can allow an organization to track who exactly performed the signature and at what time.

Download white paper

Learn more about PrimeKey's take on the NIS directive in this white paper:

Download white paper on NIS Directive

Question 15

What is eIDAS?

Accepted Answer

eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation (EU N°910/2014) on electronic identification and trust services for electronic transactions across the European Union. It was adopted in 2014, took effect in 2016 and provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities across the digital European single market.

Two core concepts of eIDAS

The eIDAS vision centers around two core concepts, the first one being interoperability; member states are required under eIDAS to create a common framework that will recognize eIDs from other member states, while ensuring its authenticity and security. This is key in allowing citizens and companies to easily do business across borders. The second is transparency; if organizations are eIDAS compliant, eIDAS provides a clear and accessible list of trusted services that may be used within the centralized signing framework. This allows security stakeholders the ability to engage in dialogue about the best technologies and tools for securing digital signatures for the whole European single market.

Learn how to comply with eIDAS

Learn more about PrimeKey's eIDAS solution for enabling eIDAS compliance and electronic signatures:

Becoming an eIDAS QTSP

Question 16

How does a Certificate Authority work?

Accepted Answer

A Certificate Authority usually operates in hierarchies where a Root CA certifies itself (self signed) and a subordinate CA is certified (signed) by a superior CA. Most Certificate Authority software solutions work with standard interfaces and protocols so that interoperability can be guaranteed.

A Certificate Authority works together with a Registration Authority where the RA issues a certificate request to the CA via a user-friendly GUI or via integration friendly APIs and standard protocols.

How PrimeKey can help

EJBCA Enterprise provides a complete public key infrastructure (PKI) and certificate management, for implementing a CA.

Explore EJBCA Enterprise

PrimeKey offers an industry-first solution, Identity Authority Manager, for implementing an RA directly into a smart manufacturing environment.

Explore Identity Authority Manager

Question 17

What is code signing?

Accepted Answer

Code signing is a digital signature that ensures that software on devices and computers is trusted and unmodified.

Code signing is used to sign scripts and executables – it confirms the software author and guarantees the code has not been altered since it was signed.

Code signing is most commonly used to provide security when deploying software, such as installing and updating applications on your computer, smart phone, tablet or home appliances.

How PrimeKey can help

Prevent harmful firmware and software updates with PrimeKey's code signing solution:

Explore our code signing solution

With SignServer Enterprise, you get a server-side, PKI-based, multipurpose digital signature solution:

Explore SignServer Enterprise

Question 18

Why do I need a digital birth certificate?

Accepted Answer

When building new solutions for IoT, it is important that you can trust each component in the solution from the cradle all the way to when it is being revoked or discontinued. This process begins with establishing one or several secure identities within each IoT component.

A digital birth certificate starts the trust chain and can be leveraged during the lifecycle of the component to enable secure automatic on-boarding – when changing the owner of the component or when a factory reset is required.

How PrimeKey can help

Learn how to ensure product integrity and security with trusted digital identities from birth, with the PrimeKey's supply chain security solution:

Explore our Supply chain security solution

Question 19

What is a Registration Authority?

Accepted Answer

A Registration Authority (RA) is a function for certificate enrollment used in public key infrastructures.

It is responsible for receiving certificate signing requests – for the initial enrollment or renewals – from people, servers, things or other applications. The Registration Authority verifies and forwards these requests to a Certificate Authority (CA).

A Registration Authority is also responsible for receiving other certificate lifecycle management functions. For example, revocation. The RA implements business logic to accept requests, including methods for verifying the origin of the requester and the party that should have the certificate.

A Registration Authority is usually separated from the Certificate Authority for accessibility and security reasons. The RA is accessed via a user-friendly GUI or via integration friendly APIs and standard protocols.

About PrimeKey's EJBCA Registration Authority

The EJBCA RA is an external entity to the Certificate Authority (CA) for enrollment of any certificate type, allowing for an additional layer of security around the CA.

Explore EJBCA Registration Authority

Question 20

What is a PKI certificate?

Accepted Answer

A PKI certificate is a digitally signed document that is comparable with a physical identity card or a passport used in the analog world.

A PKI certificate is a trusted digital identity. It is used to identify users, servers or things when communicating over untrusted networks, to sign code or documents and to encrypt data or communication. A PKI certificate is also called a digital certificate.

Public-key cryptography uses private and public keys, where the certificate is used to prove the ownership of the public key, by storing it together with information about the owner and some administrative data. The certificate is signed by the issuing CA and the signature is attached in the certificate. X.509 is the standard for the most commonly used digital certificate formats.
The purpose of PKI certificates is to create a secure digital world where each certificate works as gatekeeper for secure sharing of digital information.

How to get a PKI certificate

Certificate authorities, such as PrimeKey’s EJBCA, can issue and manage PKI certificates in various formats and for many different use cases. The type of certificate depends on how it will be used. Ideally, choose a flexible CA that supports any required formats and protocols and that is scalable to grow with your needs.
For signing code, documents or ePassports, there are other available tools, such as PrimeKey’s SignServer.

What to use a PKI certificate for

Here are some use cases for PKI certificates:

Secure network communication, using TLS certificates
Code and document signing
Email signing and encryption
IoT certificates
Personal authentication

Learn more about PrimeKey's PKI products and solutions

EJBCA Enterprise

PKI Migration

SignServer Enterprise

What is PKI?

Question 21

What is PKI?

Accepted Answer

PKI stands for public key infrastructure.

PKI is about building a framework

Public Key Infrastructure (PKI) is the set of roles, policies, hardware, software and procedures that build a framework for issuing trusted digital identities to parties, such as users, servers or things. The PKI framework is governed by a set of policies and procedures which define the level of security that should be achieved.

PKI typically includes a combination of software and hardware components that together implement functions for Certificate Authorities, Registration Authorities and Validation Authorities that are responsible for issuing and lifecycle management of trusted identities for the users, servers and things. The trusted identities are implemented as certificates and they are the foundation for many security services that implement authentication, non-repudiation and confidentiality.

You probably use PKI every day

Without even knowing it, you are probably using PKI and PrimeKey technologies on a daily basis. Our PKI solutions and certificates are used in everything from biometric passports to internet banking, smartphones and tablets. You can find our solutions in software distribution and authentication, online identity providers, under the hood of modern cars, Internet of Things (IoT) and more.

In everyday life, you use PKI when doing things online such as:

Logging in to your bank account
Shopping on an e-commerce site
Using an e-passport.

Why do you need Public Key Infrastructure (PKI)?

The world relies heavily on PKI. Governments, innovative tech startups, and world-leading enterprises are all at risk of catastrophic consequences if their data is not properly protected. There are consequences for their users, customers, and for their brand. PKI is the backbone of most IT security solutions today.

About PKI certificates and digital certificates

A PKI certificate is a digitally signed document that is similar to a physical identity card or a passport used in the analog world. The PKI certificate, or digital certificate, is a trusted digital identity used to provide and prove the identity of a user, server or a thing when communicating over untrusted networks.

A key concept behind this is the use of private and public key encryption, where the public key is stored in the certificate along with information about the owner and some administrative data. The certificate is signed by the issuing CA and the signature is attached in the certificate. The X.509 standard defines the most commonly used formats for digital certificates.

Private and public key encryption

In private and public key encryption or asymmetric encryption schemes, a corresponding keypair is used for encryption. One key is used to encrypt a message and the other key in the keypair is used to decrypt. In PKI, one key is called private key and the other key is called public key.

The private key is kept secret and should not be used by anyone else than the owner. The public key is public and stored in a certificate.

Learn how PrimeKey can help

We are passionate about encryption, certificates, keys and IT Security, and we love to share our knowledge. If you have further questions about the technology involved, contact us today or read more about our PKI platform EJBCA Enterprise.

About EJBCA Enterprise

Question 22

What does CSR stand for?

Accepted Answer

CSR stands for Certificate Signing Request.

Question 23

What does CRL stand for?

Accepted Answer

CRL stands for Certificate Revocation List.

Learn more about CRLs:

What is a Validation Authority?

Question 24

What does VA stand for?

Accepted Answer

VA stands for Validation Authority.

SOFTWARE APPLIANCE

HARDWARE

CLOUD

SAAS

PrimeKey Wiki – Find your answers here

Concepts

What are the Android signing schemes?

What is crypto agility in code signing?

What is a digital certificate?

What is x.509?

What is a Validation Authority?

What is a Certificate Authority?

What is the NIS Directive?

What is eIDAS?

How does a Certificate Authority work?

What is code signing?

Why do I need a digital birth certificate?

What is a Registration Authority?

What is a PKI certificate?

What is PKI?

Acronyms

What does IIoT stand for?

What does NPKD stand for?

What does HTTPS stand for?

What does SSL stand for?

What does TLS stand for?

What does MRTD stand for?

What does PKCS stand for?

What does CSR stand for?

What does CRL stand for?

What does VA stand for?

What does RA stand for?

What does CA stand for?

What does PKI stand for?

What does IIoT stand for?

What does NPKD stand for?

What does HTTPS stand for?

What does SSL stand for?

What does TLS stand for?

What does MRTD stand for?

What does PKCS stand for?

What are the Android signing schemes?

What is crypto agility in code signing?

What is a digital certificate?

What is x.509?

What is a Validation Authority?

What is a Certificate Authority?

What is the NIS Directive?

What is eIDAS?

How does a Certificate Authority work?

What is code signing?

Why do I need a digital birth certificate?

What is a Registration Authority?

What is a PKI certificate?

What is PKI?

What does CSR stand for?

What does CRL stand for?

What does VA stand for?

What does RA stand for?

What does CA stand for?

What does PKI stand for?