skip to log on skip to main content
VoiceOver users please use the tab key when navigating expanded menus

Public key infrastructure (PKI)

ANZ security solutions

Welcome to ANZ security solutions, showcasing ANZ's market leading trust and authentication services.

ANZ is working with some of the world's leading public key infrastructure (PKI) exponents, to develop a more secure trust and authentication process, using the latest technology and taking advantage of the added security offered by digital certificates.

At ANZ, we're working towards a more secure eCommerce for our customers.


Guide to PKI

PKI (public key infrastructure) is a comprehensive system of policies, processes and technologies, which together control the creation, and management of digital certificates. Digital certificates are one of the key components, which enable an increased level of security for communications and transactions over the internet.

The digital certificate is one of the foundations of a public key infrastructure (PKI). A digital certificate is in many ways the electronic equivalent of a passport or driver's license, and maybe used to identify and authenticate someone making online transactions.

certification authority issues a digital certificate to a certificate holder on the request of a registration authority.

Details on a digital certificate include the certificate holder's name, their public key, the name of the certification authority and an indication of the certificate policy under which it was issued. Most digital certificates are in the format specified in the X.509 standard.

The public key and private key pair can be generated on a secure device. A certification authority creates the digital certificate, incorporating the public key and signs it, protecting the integrity of the information.

The public key in a digital certificate is linked to the private key. The certificate holder must hold the private key securely. The security of the private key is extremely important. In many applications a private key is stored by placing or creating the private key on a physical token such as a smart card.

Visit our FAQs for further details

When sending messages over the Internet, public key encryption may be used.

Public key encryption is the use of complex mathematical formulas to make data unreadable. Under public-key encryption, two different keys are used, one for encrypting the data and a second key to decrypt it.

Someone wanting to send a message would request the recipient's digital certificate, which contains the public key, from a trusted directory, and use the public key to encrypt the message before sending. Once the message is encrypted it can only be decrypted using the intended recipient's private key.

The sender can also digitally sign the message using their own private key to prove that the message originated from them. If the message has been digitally signed, the recipient would verify the sender by obtaining the sender's digital certificate from a trusted directory and using this to verify the sender's digital signature.

The effectiveness and reliability of the digital certificate is based on the confidence all parties to a transaction have in the structure, policies and procedures surrounding the PKI system.

The security we take for granted in the physical world has been developed over time to ensure the credibility and authenticity of the people we do business with.

These include, amongst other things, sealing envelopes to ensure privacy, presenting credentials and signatures to confirm identity and providing receipts to confirm transactions.

To date, the security of electronic transactions has been one of the factors that has held back the expansion of commerce on the Internet and has meant that the Internet has remained the domain of smaller credit card based transactions.

As eCommerce and Internet transactions grow, these physical safeguards have had to be replicated to meet the needs of the digital online world.

As trade is conducted globally, it has become evident that a more secure method of transacting over the Internet is required.

Users of the Internet need to be confident that messages that they receive have not been tampered with or read during communication.

Further, they need to be comfortable that the claimed initiator of the transaction has actually sent the message.

Public key infrastructure (PKI) encryption, digital signatures and digital certificates ensure a level of security and trust for transactions conducted in the digital eCommerce world.

Any message sent over the Internet can benefit from PKI technology whether it is company to company, company to Government, international or domestic.

The technology is now available to enable messages to be exchanged with confidence.


ANZ PKI uses digital certificates stored on smart cards to enable customers to authenticate their identity when accessing ANZ's online banking systems.

It is intended that future PKI implementations will allow customers to:

  • transact with the Government using IdenTrust™ accredited digital certificates
  • trade electronically with other businesses across the world using IdenTrust™ based systems.

ANZ PKI stores digital certificates on smart cards.

ANZ PKI requires customers logging on to banking systems to authenticate their identity by swiping a smart card containing their unique digital certificate and entering their PIN.

ANZ PKI enables customers to appoint specific employees (ANZ PKI authorised officers) to be responsible for the maintenance and administration (including the issuance/revocation) of smart card based digital certificates for their organisation.

ANZ PKI smart cards provide a greater level of security compared to "soft certificates" that are stored on computer hard drives which can be vulnerable to hackers.

ANZ PKI smart cards can cater for customer mobility as they can access ANZ's online banking systems from any compatible computer with Internet access and a suitable smart card reader.

ANZ PKI enables customers to assume control over the management of their internal smart card deployment, as they are not reliant on ANZ.

ANZ PKI assists customers to maximise the reduced costs associated with utilising Internet based technology.

Smart cards

ANZ PKI uses smart cards to store private keys as well as digital certificates that contain public keys. A smart card is the size of a credit card and contains an embedded computer chip that stores information in electronic form and controls the use of that information.

Smart cards provide:

  • an efficient, flexible and portable medium for authenticating identities
  • tamper-resistant storage for protecting digital certificates, keys and other forms of personal information
  • portability of credentials between computers at work, at home or on the road
  • greater protection against theft or impersonation.

Smart card readers

A smart card reader is required to allow the reading of smart cards. These either connect to your PC through a serial or USB port or are built into the PC.

There are two ways to store a private key. In many applications, digital certificates and private keys are stored on the user's hard drive of their PC, which can leave them vulnerable to attack by hackers.

The second method involves placing or creating the private key on a physical token such as a smart card.

This option provides additional protection against theft or impersonation, as the user is able to carry the key with them - meaning it is stored away from the workstation they use to access online applications.

Smart card technology combines what customers have - the card, with what they know - their PIN.

The integrity and security of a customer's private key is of fundamental importance, as this is the means by which they authenticate their identity to access online applications.

If a customer's private key, digital certificate, smart card or pass phrase is lost, stolen or compromised in any way, it should be reported to the ANZ PKI authorised officer immediately.

ANZ PKI subscribers

Subscribers are ANZ customers who have signed up to ANZ PKI and as such have agreed to be bound by the provisions of the governing documents which include the relevant ANZ PKI certificate policy and ANZ PKI certification practice statement.

Subscribers request that a digital certificate be issued by the certification authority (ANZ) via the registration authority for online identification and non-repudiation purposes.

ANZ global administrators

ANZ global administrators are responsible for administering individual system settings associated with digital certificates to comply with subscriber, product, and certificate requirements.

ANZ PKI authorised officers

ANZ PKI authorised officers are employees, appointed by subscribers, who are responsible for the issuance and use of certificates that comply with the terms contained in the governing documents. Their role can involve the maintenance and administration of users, including the creation of smart card based digital certificates, on site for employees of the subscribing company.

IdenTrust, IdenTrust System and the IdenTrust logo are trademarks and service marks of IdenTrust, LLC.