With P3KI Core, managing accounts on edge devices is a thing of the past!
Instead P3KI Core precisely authorizes individual operations (e.g., read value, change setting x, update firmware, add user, ...) based on a delegable, personalized authorization proof.
P3KI Core is an identity agnostic* and transport agnostic* delegation* framework*.
P3KI Core is the perfect solution to delegate permissions in a controlled and accurate fashion. Especially if it's not foreseeable who is going to talk to whom about what and when to a degree that would allow you to use simple access control lists.
All authorization decisions are decidable between just two parties interacting. No active third parties or brokers are required which allows this interaction to be performed entirely offline if needed.
Read our latest whitepaper to learn how P3KI Core flexibly improves multiple scenarios
Connecting Smart Grid, Smart City, Smart Home, and Smart Government
P3KI Core has been a long time coming: based on research that begun in 2006, two best-of-class diploma theses, and under active development since 2014 by a growing consortium of companies with a headcount crossing thirty.
P3KI Core is the brainchild of the internationally renowned hacker Felix 'FX' Lindner and strongly informed by decades of experience 1, 2, 3, 4, 5, 6, 7 doing cyber security consulting1 for large multi-nationals from the automotive to telecoms sector.
SDSI/SPKI was way ahead of its time and was soon forgotten outside academia. Despite not being aware of SDSI/SPKI during initial development of P3KI Core we've arrived at many a same conclusion. P3KI Core, while not exactly SDSI/SPKI, shares a lot of its spirit.
The automotive industry foresaw the need for distributed PKI to address increasingly complex maintenance scenarios as well as vehicle-to-X communication security. The standard itself is heavily influenced by the established tools available at the time (X.509) and several important technical details are noted as outside the scope of the standard.
Nevertheless, ISO 20828 was instrumental in seeding the idea that would later become P3KI Core. Today P3KI Core goes far beyond what ISO 20828 envisioned and solves all its requirements with ease.
Gregor Kopf, in his diploma thesis, layed the foundation for what would become P3KI two years later. He outlined a distributed, peer-to-peer based, highly flexible alternative PKI approach and wrote the first prototype implementation while working for Recurity Labs1.
As a first proof-of-concept we've shown an alternative approach to how PGP does verification of key material. PGP let's you verify that you trust someone that trusts someone that trusts a given key to be legitimate. However, since you already have a usable key in hand and attesting someone's key at key signing events did not quite scale, this step is rarely taken.
Our prototype turned this around by doing a forward-search of the web-of-trust until it found a trusted key that was directly usable or none at all, making key verification way more robust.
With this proof of concept for a large automotive we've outlined the applicability of P3KI to vehicle-to-X scenarios, namely autonomous parking and driving. For this we've developed a table-top demonstrator based on small mobile computers wirelessly communicating with each other.
Due to customer demand for an embedded implementation of P3KI Core, we've decided to move away from Java. After much deliberation we've settled on Rust at a time where MISRA-C and C++ where still state of the art.
Two years later, in mid-2019 we would be proven right in our decision, when even Microsoft hailed Rust as the next big and safe systems programming language.
With this proof of concept we are able to show that it's possible to use P3KI Core to digitize personal certificates, like attestations for having successfully passed a professional welding test. The resulting system is straight forward to use, protects your privacy, and fully supports offline verification for scenarios where you do not have internet connectivity at hand.
With our partner digital.Wolff we're bringing offline capable authorization to IoT payment terminals.
We've extended our platform support to include the Xtensa Platform (ESP32) as well as WebAssembly (WASM) along side Python 3 bindings.
Work on a Kubernetes integration to allow flexible authorization of large scale Cloud deployments is underway.
We've joined the newly established Trust over IP Foundation to further the standardization effort for decentralized PKI solutions.
If you want to learn more, don't hesitate to get in touch with us for a presentation and demo!Contact us!
We analyze your requirements and existing solutions to identify how your systems can best benefit from P3KI Core with the least impact to your existing solutions.
We design a custom Policy Language that fits your requirements like a glove and document it in a way that makes integration a breeze for your developers.
We'll also take care of customizations you wish for to make P3KI Core match your system perfectly.
The easy part for your developers: add our library or service to your solution and follow the documentation step by step to add decentralized access delegation to your solution!
Any questions along the way? We're there for you!
We're committed to offering you first class service while your P3KI Core based solution is in the field. This includes access to our latest Solution Engineering Tools to help you operate your system more easily as they become available.
P3KI is the next generation of Public-Key Infrastructure (PKI).
We offer flexible and arbitrarily precise expression of permission levels with first-class support for mathematically proven delegation to solve authorization and authentication challenges.
Everything is verifiable even in offline scenarios; without any central infrastructure being required.
P3KI's technology augments existing protocols and services and offers a solid base for new designs.
Our technology offers real decentralization, not the misleading "we're highly redundant" kind of distribution.
From the day the idea was born, we designed our solution to be 100% capable of operating without any kind of central infrastructure. You can model systems comprised of decentralized, fully autonomous nodes that only communicate occasionally with a random selection of their peers.
A strongly decentralized system automatically has to be fault tolerant with regards to the availability of inter-node communication connections. Split networks, nodes only occasionally able to communicate, and nodes without network connectivity are the norm in such scenarios. P3KI's technology is designed to not only cope with these scenarios but excel at modeling them.
You can of course still model centralized systems if that's what you need.
Access delegations between devices can be expressed with arbitrary, scenario specific expressions. This means that access is delegated not wholesale but to exact specifications and requirements.
This has two added benefits:
P3KI's solution offers better up front risk management capabilities and also greatly reduced possibilities of lateral movement in cases of compromise.