Trending October 2023 # Public Key Infrastructure X.509 Services And Architectural Model # Suggested November 2023 # Top 18 Popular

You are reading the article Public Key Infrastructure X.509 Services And Architectural Model updated in October 2023 on the website Dacquyenphaidep.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested November 2023 Public Key Infrastructure X.509 Services And Architectural Model

Introduction to PKIX

Start Your Free Software Development Course

Web development, programming languages, Software testing & others

PKIX Services

Services provided by are as follows:

Registration: It is a process where end-entity registers itself to a CA. Usually, the registration is done via the RA.

Initialization: This deals with basic problems such as the methodology of verifying that the end entity is talking to the right CA.

Certification: It is a process where CA creates a digital certificate for end-entity and returns it to the end entity. CA also maintain a copy fo certificate for its records. If required, CA also copied it in public directories.

Key pair recovery: Keys which are used for encrypting documents may be required to be recovered later for decrypting the same old documents. Key archival and recovery services can be provided by CA or by an independent key recovery system.

Key generation: PKIX model specifies that the end entity should be able to generate the public key and private key pairs or CA should be able to do this for the end entity.

Key update: It is a process where the expired key of the digital certificate is automatically renewed and replaced with a new key pair. However, there is a provision for manual digital certificate renewal requests and responses.

Cross certification: It is a process where end entities that re-certified by different CA, can cross verify each other. It helps in establishing trust models.

Revocation: PKIX model provides support for checking certificate status in two modes, online using OCSP and offline using CRL.

PKIX Architectural Model

PKIX has developed a document that describes five areas of its architectural model. These areas are as follows:

1. 509 V3 certificate and V2 certificate revocation list profiles 2. Operational protocols

These define the underlying protocols that provide the transport mechanism for delivering certificates. CRLs and other management and status information to PKI users. Since each of these requirements demands a different way of service, how to use HTTP, LDAP, FTP, X.500, etc. are defined for this purpose.

3. Management Protocols

These protocols enable exchange information between various PKI entities. For example, how to carry registration request revocation status or cross-certification request and response. The management protocol specifies the structure of the message that floats between the entities. They also specify what details are required to process these messages. Examples of management protocols include CMP (Certificate Management Protocol) for requesting a certificate.

4. Policy outlines 5. Timestamp and data certification service

Timestamping service is provided by a trusted third party which is called Time Stamp Authority. The main purpose of this service is to sign a message to guarantee that it existed before a specific date and time. This helps deal with non-repudiation claims. DCS (Data certification Service) is a trusted third party s service that verifies the correctness of the data that it receives. this is similar to the notary service in real life, where for instance, it can use it for getting one’s property certified.

Conclusion

PKIX stands for Public Key Infrastructure X.509 standard is a model which deals with the issue related to PKI technology i.e. Public Key Infrastructure. In this article, we have discussed the concept of PKIX with its working, Services, and architecture.