P3KI is the next generation of Public-Key Infrastructure (PKI). It offers flexible and arbitrarily precise expression of permission levels with first-class support for mathematically proven delegation to solve authorization and authentication challenges. Everything is verifiable even in offline scenarios; without any central infrastructure being required. P3KI’s technology augments existing protocols and services and offers a solid base for new designs.

It is designed to be 100% capable of operating without any kind of central infrastructure. You can model systems comprised of distributed, fully autonomous nodes that only communicate occasionally with a random selection of their peers. A strongly decentralized system automatically has to be fault tolerant with regards to the availability of inter-node communication connections. Split networks, nodes only occasionally able to communicate, and nodes without network connectivity are the norm in such scenarios. P3KI’s technology is designed to not only cope with these scenarios but excel at modeling them.

Access delegations between devices can be expressed with arbitrary, scenario specific expressions. This means that access is delegated not wholesale but to exact specifications and requirements. This has two added benefits:

-Up front, risk management can determine the exact permission levels delegated between any arbitrary selection of devices and services, making the risk manager’s job significantly easier and more precise.

-Should a device get compromised, the worst that could happen is what the specific device was trusted with, which is usually just exactly what that specific device needed to do and nothing else. Other solutions use generic or coarsely specified certificates that lead to higher threat impact.

P3KI’s solution offers better up front risk management capabilities and also greatly reduced possibilities of lateral movement in cases of compromise.