Applications Of Pki; Operation Of Pki - HP 5120 SI Series Security Configuration Manual

CA
A CA is a trusted authority responsible for issuing and managing digital certificates. A CA issues
certificates, specifies the validity periods of certificates, and revokes certificates as needed by publishing
CRLs.
RA
A registration authority (RA) is an extended part of a CA or an independent authority. An RA can
implement functions including identity authentication, CRL management, key pair generation and key
pair backup. The PKI standard recommends that an independent RA be used for registration
management to achieve higher security of application systems.
PKI repository
A PKI repository can be a Lightweight Directory Access Protocol (LDAP) server or a common database.
It stores and manages information like certificate requests, certificates, keys, CRLs and logs while
providing a simple query function.
LDAP is a protocol for accessing and managing PKI information. An LDAP server stores user information
and digital certificates from the RA server and provides directory navigation service. From an LDAP server,
an entity can retrieve local and CA certificates of its own as well as certificates of other entities.

Applications of PKI

The PKI technology can satisfy the security requirements of online transactions. As an infrastructure, PKI
has a wide range of applications. Here are some application examples.
VPN
A virtual private network (VPN) is a private data communication network built on the public
communication infrastructure. A VPN can leverage network layer security protocols—for example,
IPsec—in conjunction with PKI-based encryption and digital signature technologies for confidentiality.
Secure email
Emails require confidentiality, integrity, authentication, and non-repudiation. PKI can address these
needs. The secure email protocol that is developing rapidly is Secure/Multipurpose Internet Mail
Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted mails with signature.
Web security
For web security, two peers can establish an SSL connection first for transparent and secure
communications at the application layer. With PKI, SSL enables encrypted communications between a
browser and a server. Both of the communication parties can verify each other's identity through digital
certificates.

Operation of PKI

In a PKI-enabled network, an entity can request a local certificate from the CA and the device can check
the validity of certificates. Here is how it works:
1. An entity submits a certificate request to the RA.
2. The RA reviews the identity of the entity and then sends the identity information and the public key
with a digital signature to the CA.
3. The CA verifies the digital signature, approves the application, and issues a certificate.
222