Introduction to PKI (6)

Source: Internet
Author: User

PKI core-Certification Center CA) Introduction

To ensure the transmission security of online digital information, in addition to using stronger encryption algorithms and other measures in communication transmission, a trust and trust verification mechanism must be established, that is to say, all parties involved in e-commerce must have a verifiable identity, which is a digital certificate. Digital Certificates are the identity certificates used by entities (cardholders/individuals, merchants/enterprises, gateways/banks) for online information exchange and business transactions.

This digital certificate is unique. It associates the public key of the entity with the entity itself. To achieve this goal, the digital certificate must comply with the X.509 international standard, and the source of the digital certificate must be reliable. This means that there should be an institution trusted by all parties on the Internet responsible for the issuance and management of digital certificates to ensure the security of online information. This institution is a CA Certification Body. The existence of CA certification institutions at all levels forms the trust chain of e-commerce. E-commerce is impossible if the CA is insecure or the digital certificates issued are not authoritative, fair, or reliable.

Digital certificate authentication center Certficate Authority, CA) is a key aspect of online electronic transaction security. It is mainly responsible for generating, allocating and managing the identity authentication digital certificates required by all entities involved in online transactions. Each digital certificate is associated with a higher-level digital signature certificate, ultimately, the security chain traces back to a known and widely considered secure, authoritative, and trustworthy Organization-root authentication center Root CA ).

All parties to an electronic transaction must have a valid identity, that is, a digital certificate issued by the CA, all parties to the transaction need to verify the validity of the digital certificate of the other party, thus solving the user trust problem. CA involves the identity information, strict encryption technology, and authentication procedures of various transaction parties in electronic transactions. Based on its strong security mechanism, CA applications can be expanded to all online data transmission services with security requirements.

Digital certificate authentication solves the security issues in online transactions and settlement, including the establishment of trust relationships between various e-commerce entities, that is, the establishment of a Security Authentication System CA ); select security standards such as SET and SSL), and use high-strength encryption and decryption technologies. The establishment of the security authentication system is the key and determines whether online transactions and settlement can be conducted securely. Therefore, the establishment of the digital certificate authentication center is of great significance for the development of e-commerce.

Certification Center CA) is the core link in the E-commerce system and the basis for trust in electronic transactions. Through its own registration review system, it checks and verifies the identity of the user applying for the certificate and relevant information, so that the user attributes of online transactions are objectively authentic and consistent with the authenticity of the certificate. As an authoritative, trusted, and impartial third-party organization, the certification center is responsible for issuing and managing digital certificates required by all entities involved in online transactions.

PKI core-Introduction to CA/RA

Open Network E-commerce requires effective and reliable protection mechanisms for information security. These mechanisms must provide confidentiality, authentication characteristics (so that each party of the transaction can confirm the identity of other Parties), and non-repudiation (the parties involved in the transaction cannot deny their participation ). This requires a reliable third-party organization for verification, and the Certification center CA: Certification Authority (CA) provides this service.

The certificate mechanism is a widely used security mechanism. The premise of using the certificate mechanism is to establish a CACertification Authority-Certification Center) and a supporting RARegistration Authority-Registration Authority System.

CA, also known as the digital certificate Certification Center, is a trusted third party in e-commerce transactions. It is dedicated to solving the legality of public keys in the public key system. The CA center issues a digital certificate to each user who uses the public key. The role of the digital certificate is to prove that the user name listed in the certificate corresponds to the public key listed in the certificate. The digital signature of the CA prevents the attacker from forging or tampering with the digital certificate.

In the process of digital certificate authentication, the CA plays a vital role as an authoritative, fair, and trusted third party. The certification center is an authority responsible for issuing and managing digital certificates. Similarly, the CA allows the Administrator to revoke the issued digital certificate, add new items to the certificate abolition list (CRL), and periodically publish the digital signature CRL.

RARegistration Authority), a digital certificate registrar. The RA system is an extension of CA certificate issuance and management. It is responsible for information entry, review, and issuance of certificates for certificate applicants. It also provides corresponding management functions for issued certificates. Issued digital certificates can be stored in IC cards, hard disks, floppy disks, and other media. The RA system is an essential part of the normal operation of the entire CA center.

PKI core-Certification Center functions

In summary, the CA provides the following functions: certificate issuance, certificate update, certificate revocation, and certificate verification. The core function of CA is to issue and manage digital certificates, which are described as follows:

1) receive an application to verify the digital certificate of the end user.

2) determine whether to accept the application for Digital Certificate of the end user-certificate approval.

3) issue or reject the issuance of digital certificate-certificate to the applicant.

4) receive and process the certificate update request of the end user-certificate update.

5) receive the query and revocation of the digital certificate of the end user.

6) Generate and publish the certificate abolition List CRL ).

7) archiving digital certificates.

8) Key archiving.

9) archive historical data.

To implement its functions, the certification center consists of the following three parts:

1. Server Registration: A website established through Web Server can provide services 24 hours a day for customers. Therefore, the customer can submit a certificate application online and fill in the corresponding certificate application form at their convenience, saving the trouble of waiting in line.

2. Certificate Application handling and review institutions: apply for and review certificates. Its main function is to accept and review client certificate applications.

3. authentication center server: it is a running entity for digital certificate generation and issuance. It also provides services such as certificate issuance management and certificate abolition List CRL.

  1. PKI Basic Content 1)
  2. PKI basic content 2)
  3. Introduction to PKI 3)
  4. Introduction to PKI 4)
  5. Introduction to PKI 5)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.