Digital Certificates and Public Key Infrastructure (PKI)

When users visit secure websites or send encrypted data over the internet, they rely on digital certificates and Public Key Infrastructure (PKI). In IB Computer Science, students are expected to understand what digital certificates are, why they are needed, and how PKI supports trust and secure communication.

IB examiners focus on trust, verification, and authenticity, not technical implementation details.

Why Trust Is a Problem on the Internet

The internet is an open network where:

• Anyone can claim to be someone else
• Data can be intercepted
• Fake websites can imitate real ones

Before encryption can be trusted, users must know:

• Who they are communicating with

Digital certificates and PKI exist to solve this trust problem.

What Is a Digital Certificate?

A digital certificate is an electronic document that:

• Confirms the identity of an entity
• Links that identity to a public key

A digital certificate typically contains:

• The owner’s identity (e.g. a website)
• The owner’s public key
• A digital signature from a trusted authority

In IB terms, a digital certificate proves authenticity.

What Is a Certificate Authority (CA)?

A Certificate Authority (CA) is a trusted organisation that:

• Issues digital certificates
• Verifies the identity of certificate owners

Before issuing a certificate, a CA:

• Checks the identity of the requester
• Confirms they are legitimate

Because CAs are trusted:

• Users trust certificates signed by them

IB students should understand that trust is delegated to CAs.

What Is Public Key Infrastructure (PKI)?

Public Key Infrastructure (PKI) is the system that:

• Manages digital certificates
• Supports public key encryption
• Enables secure communication

PKI includes:

• Certificate Authorities
• Digital certificates
• Public and private keys
• Rules for certificate issuance and verification

PKI provides the framework for trust on the internet.

How PKI Enables Secure Communication

When a user connects to a secure website:

1. The website presents its digital certificate
2. The user’s browser checks the certificate
3. The browser verifies the CA’s signature
4. The website’s public key is trusted
5. Secure encryption can begin

IB students should explain this logical sequence, not technical detail.

Digital Certificates and Encryption

Digital certificates do not encrypt data themselves.

Instead, they:

• Verify identity
• Allow safe exchange of encryption keys

Once trust is established:

• Symmetric encryption is used for data transfer

This links certificates directly to secure key exchange.

Why PKI Is Important

Without PKI:

• Users could not verify websites
• Man-in-the-middle attacks would be common
• Secure online services would not be possible

PKI supports:

• Secure web browsing
• Online banking
• Secure email
• Software updates

IB students should emphasise trust and authenticity.

Limitations and Risks

PKI relies on:

• Trust in Certificate Authorities

If a CA is compromised:

• Trust can be broken

This highlights that:

• PKI reduces risk
• It does not eliminate it completely

Balanced answers score higher.

Common Student Mistakes

Students often:

• Confuse certificates with encryption
• Forget the role of CAs
• Ignore the trust chain
• Describe PKI too vaguely

Clear cause-and-effect explanations earn marks.

How This Appears in IB Exams

IB questions may ask students to:

• Define digital certificates
• Explain PKI
• Describe how secure websites are verified
• Apply certificates to a scenario

Understanding purpose matters more than terminology.

Final Thoughts

Digital certificates confirm identity, while Public Key Infrastructure provides the system that manages trust and secure communication. Together, they allow users to verify who they are communicating with before encryption begins.

Understanding digital certificates and PKI allows IB Computer Science students to explain how trust is established on the internet — exactly what examiners expect.