Welcome to PKI Edu!

PKIEdu.com is the website for my consulting company (PKIEdu Inc.) as well as free educational training on the following topics:

This website is available over both IPv4 and IPv6. You have connected to it from 99.189.75.241. If your address is four decimal numbers with dots (“.”) between them (e.g. 123.45.67.89), you are still using legacy IPv4. If your address is up to eight hexidecimal fields with colons (“:”) between them (e.g 2001:470:ed3d:1000::2:1), you are using IPv6! For more information on IPv6, see https://thirdinternet.com.

My name is Lawrence E. Hughes. I graduated from Florida State University in 1973 (major: pure math, minor physics). I’ve been in IT for 45+ years. PKIEdu Inc. is my 6th venture. It stands for “Public Key Infrastructure Education”.

Background and Expertise

Some 30 years ago I created a secure messaging system for the U.S. Internal Revenue Service. It was a modem-based terminal emulation and file transfer package with added encryption using hardware DES, called Whisper. There was an X9.17 style Key Management System, called Whisper Central, that allowed users to securely exchange symmetric keys. Unfortunately, even though the NSA reviewed and approved the security (the analyst’s comment was “nicely twisted”), and the IRS signed off on it as solving their security issues, Congress never authorized funding, so it was never deployed. I did learn a lot about cryptography and securing messaging in the process.

Some years later I was working for a white-hat hacking company called Secure-IT. We were bought by the 3-year old VeriSign to create training in crypto and PKI for them. Our firewall trainers pretty much drew a blank (PKI is very different from firewalls, intrusion detection and anti-hacking), so I took up the challenge and in short order I was flying all over the world for two years presenting courses on crypto and PKI, and on VeriSign’s products. I helped several VeriSign affiliates set up national Certification Authorities using VeriSign technology, especially training the trusted operators. I learned PKI from literally the top people in the world. Our CTO had created the X.509 certificate earlier in his career.

Since then I have applied the things I learned while creating this training to other products, including the IronMail E-mail security appliance at CipherTrust (2000-2006). I co-founded CipherTrust in 2000 and was the first CTO. It grew to 250 people by 2006 and sold to Secure Computing (for a nice exit). More recently I co-founded Sixscape Communications in Singapore (2014 to present). Sixscape has applied cryptography, PKI and IPv6 in some powerful new products.

I am back in the U.S. for now, doing consulting and product development in crypto, PKI and IPv6, as well as reselling the products we created at Sixscape.

One of the projects I will be working on is helping the Philippines to build a world class national PKI, on a par with companies like GlobalSign.

PKI

Briefly, a Public Key Infrastructure (PKI) is a set of computers, software, trusted personnel, legal documents and operational procedures whose purpose is to issue and manage digital certificates.

A Digital Certificate is a computer file (document) that identifies a particular person or computer in the world, plus various item such as a public key, a start and end date, information needed to check the validity of the certificate, and so forth. Digital Certificates can be used to enable SSL/TLS on a server, to authenticate users to a server or each other, to support encryption of files or message and digitally signing files or messages. The certificate binds a public key to a specific person, device or Internet node, so that any user of that key can know for certain that the key belongs to the person, device or node in the Subject Distinguished Name.

My Other Websites

You may also find my two companion websites (on IPv6) of interest. I am an IPv6 Forum gold-certified trainer. IPv6 is the next generation Internet Protocol that is being deployed globally now. It is the foundation of the third generation of the global Internet, and is a key component of 5G networking.