Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
181182183184185186187188189190
12
PKI CONFIGURATION
PKI Overview
Introduction Public key infrastructure (PKI) is a system that uses public key technology and
digital certificate to protect system security and authenticates digital certificate
users. It provides a whole set of security mechanism by combining
software/hardware systems and security policies together. PKI uses certificates to
manage public keys: It binds user public keys with other identifying information
through a trustworthy association, so that online authentication is possible. PKI
provides safe network environment and enables an easy use of encryption and
digital signature technologies under many application environments, to assure
confidentiality, integrity and validity of online data. The confidentiality of data
means that data cannot be snooped by the unauthorized users during
transmission; the integrity of data means that data cannot be altered illegally
during transmission; the validity of data means that data cannot be denied.
A PKI system consists of public key algorithm, certificate authority, registration
authority, digital certificate, and PKI repository.
Figure 42 PKI components block diagram
Certificate authority issues and manages certificates. Registration authority
authenticates user identity and manages certificate revocation list. PKI repository
stores and manages such information as certificates and logs, and provides query
function. Digital certificate, also called Public Key Certificate (PKC), underlies the
security of PKI system and the trust in application. Adopting an authentication
technology based on public key technology, it is a file duly signed by certificate
authority that contains public key and owner information. It can be used as an
identity proof for online information exchange and commercial activities. A
certificate has its lifetime, which is specified in issuing. Of course, certificate
authority can revoke a certificate before its expiration date.
PKI application
CA RA PKI repository
Digital certificate