When users visit secure websites or send encrypted data over the internet, they rely on digital certificates and Public Key Infrastructure (PKI). In IB Computer Science, students are expected to understand what digital certificates are, why they are needed, and how PKI supports trust and secure communication.
IB examiners focus on trust, verification, and authenticity, not technical implementation details.
Why Trust Is a Problem on the Internet
The internet is an open network where:
- Anyone can claim to be someone else
- Data can be intercepted
- Fake websites can imitate real ones
Before encryption can be trusted, users must know:
- Who they are communicating with
Digital certificates and PKI exist to solve this trust problem.
What Is a Digital Certificate?
A digital certificate is an electronic document that:
- Confirms the identity of an entity
- Links that identity to a public key
A digital certificate typically contains:
- The owner’s identity (e.g. a website)
- The owner’s public key
- A digital signature from a trusted authority
In IB terms, a digital certificate proves authenticity.
What Is a Certificate Authority (CA)?
A Certificate Authority (CA) is a trusted organisation that:
- Issues digital certificates
- Verifies the identity of certificate owners
Before issuing a certificate, a CA:
- Checks the identity of the requester
- Confirms they are legitimate
Because CAs are trusted:
- Users trust certificates signed by them
IB students should understand that trust is delegated to CAs.
What Is Public Key Infrastructure (PKI)?
Public Key Infrastructure (PKI) is the system that:
- Manages digital certificates
- Supports public key encryption
- Enables secure communication
PKI includes:
- Certificate Authorities
- Digital certificates
- Public and private keys
- Rules for certificate issuance and verification
PKI provides the framework for trust on the internet.
How PKI Enables Secure Communication
When a user connects to a secure website:
- The website presents its digital certificate
- The user’s browser checks the certificate
- The browser verifies the CA’s signature
- The website’s public key is trusted
- Secure encryption can begin
IB students should explain this logical sequence, not technical detail.
Digital Certificates and Encryption
Digital certificates do not encrypt data themselves.
Instead, they:
- Verify identity
- Allow safe exchange of encryption keys
Once trust is established:
- Symmetric encryption is used for data transfer
This links certificates directly to secure key exchange.
Why PKI Is Important
Without PKI:
- Users could not verify websites
- Man-in-the-middle attacks would be common
- Secure online services would not be possible
PKI supports:
- Secure web browsing
- Online banking
- Secure email
- Software updates
IB students should emphasise trust and authenticity.
Limitations and Risks
PKI relies on:
- Trust in Certificate Authorities
If a CA is compromised:
- Trust can be broken
This highlights that:
- PKI reduces risk
- It does not eliminate it completely
Balanced answers score higher.
Common Student Mistakes
Students often:
- Confuse certificates with encryption
- Forget the role of CAs
- Ignore the trust chain
- Describe PKI too vaguely
Clear cause-and-effect explanations earn marks.
How This Appears in IB Exams
IB questions may ask students to:
- Define digital certificates
- Explain PKI
- Describe how secure websites are verified
- Apply certificates to a scenario
Understanding purpose matters more than terminology.
Final Thoughts
Digital certificates confirm identity, while Public Key Infrastructure provides the system that manages trust and secure communication. Together, they allow users to verify who they are communicating with before encryption begins.
Understanding digital certificates and PKI allows IB Computer Science students to explain how trust is established on the internet — exactly what examiners expect.
