Applications Of Pki; Operation Of Pki - 3Com MSR 50 Series Configuration Manual

Applications of PKI

Operation of PKI

1 An entity submits a certificate request to the CA.
2 RA reviews the identity of the entity, and then sends the identity information and
3 The CA validates the digital signature, approves the application and issues a
4 The RA receives the certificate from the CA, sends it to the LDAP server to provide
5 The entity retrieves the certificate. With the certificate, the entity can
6 The entity makes a request to the CA when it needs to revoke its certificate; while
requests, certificates, secret keys, CRLs and logs while providing a simple query
function.
LDAP provides a way of accessing and managing PKI information. An LDAP server
stores user information and digital certificates from the RA server and provides
directory navigation service. From an LDAP server, an entity can retrieve local and
CA certificates of its own as well as certificates of other entities.
The PKI technology can satisfy the security requirements of online transactions. As
an infrastructure, PKI has a wide range of applications. Here are some application
examples.
VPN
A virtual private network (VPN) is a proprietary data communication network built
upon the public communication infrastructure, which leverages network layer
security protocols (for instance, IPSec) and PKI-based encryption and digital
signature technologies for confidentiality.
Secure E-mail
E-mails also require confidentiality, integrity, authentication and non-repudiation.
PKI can address these needs. The secure E-mail protocol that is currently
developing rapidly is secure/multipurpose Internet mail extensions (S/MIME), which
is based on PKI and allows for transfer of encrypted mails and mails with
signature.
Web security
For Web security, two peers can establish a secure sockets layer (SSL) connection
first for transparent and secure communications at the application layer. With PKI,
SSL enables communications with encryption between a browser and a server.
Both the communication parties can identify the identity of each other through
digital certificates.
In a PKI-enabled network, an entity can request a local certificate from the CA and
the device can check the validity of certificates. Here is how it works:
the public key with a digital signature to the CA.
certificate.
directory navigation service, and notifies the entity that the certificate is
successfully issued.
communicate with other entities safely through encryption and digital signature.
the CA approves the request, updates the CRLs and propagates the CRLs to the
LDAP server.
Introduction to PKI 1831