CA’s are often grouped into hierarchical levels
Registration Authority (RA) – Authorizes creation of a
certificate and provides validated user information to the
- What is Public Key Infrastructure?
- Components of a PKI
- Public Key Infrastructure is Personnel, Policy, Procedures, and a core (public/private key) technology to bind users to digital identifications so that applications can provide the desired security services.
- Responsible for all aspects of certificate issuance and
- Identification and authentication of subscribers
Subscriber – Person (end user) who requests and uses a
- Entity that enters into an agreement with a Certificate
Authority to collect and verify the subscriber’s identity an
other information to be entered into the digital
- RA’s are sometimes grouped into hierarchies
- Local Registration Authority (LRA)
- Existing constructs sometimes used to perform this
Relying Party – Application and/or user who trusts the
Directory (Repository) – Device used to store and
retrieve digital certificates and Certificate Revocation
Lists (CRL’s). A CRL is a list of non-valid (revoked)
- Subscriber/User – an individual who owns a digital
certificate (digital identity).
- Digital certificates may be stored in various formats.
- Software (floppy disk, file on computer)
- Hardware (Smart Card)
- The directory is used for storing and retrieving
certifications or other information relevant to digital
certificates and certificate revocation lists.
- Analogous to a phone book
- Typical Uses
- Finds and retrieves the certificate of an individual in
order to send an encrypted email
- Obtains a CRL