Digital certificates and Public key infrastructure (PKI) form the foundation for secure and dependable provision of service over the Internet. Applications of certificates include authentication, digital signatures and encryption. Stiki has been instrumental in many projects concerning encryption, authentication and digital certificates.

Stiki's been involved with the organization as well as technical of the PKI and has collaborated with major parties in this field worldwide. In 2005 - 2007, Stiki designed and implemented a pilot program aimed at increasing usability on the Icelandic Health Assessment Network. Access is provided over the Internet for users of the Stiki RAI and Stiki Assessment systems.

These users authenticate with smart cards containing digital certificates. Stiki also developed a single sign-on (SSO) solution for the users of these systems. The combination of secure SSO over untrusted Internet connections has greatly increased usability of the Icelandic Health Assessment Network systems.

Authentication

Digital certificates are a secure two-factor authentication solution. Authentication requires both the certificate itself (usually present on a physical smart card or other secure media) as well as the knowledge of a password or PIN-number.

Digital signatures

Signatures using a qualified digital certificate are legally equivalent to hand-written signatures in many countries around the world, including Iceland and much of Europe. Documents containing digital signatures are tamper-resistant and forgery-proof. These documents can therefore be sent over an unsecure network, e.g. the Internet, while retaining a proof of authenticity.

Secure e-mail

Email is inherently a very insecure medium. Security-wise, email is comparable to postcards in many ways and, in fact, the comparison is often in the postcards' favor. Email forgery is trivial and there are many opportunities for interception or inspection (sniffing) of messages. Using encryption and digital signatures greatly increases security of email messaging. Email contents may be encrypted so only the intended recipient, possessing a known digital certificate, can decrypt and read it. Furthermore, a certificate owner can sign, or certify, outgoing mail so recipient can verify its origins and content.

Other use

Many systems support digital certificates for new features or to enhance security. Applications include file or filesystem encryption, e.g. the Windows Encrypting File System (EFS).

Public Key Infrastructure

In a PKI environment a certification authority (CA) has undertaken the task of issuing and distributing digital certificates to end users. The CA provides support and some guarantees about the certificate holder's identity. Service providers are therefore freed from the hassle of user management such as registration and storing usernames and passwords.