|
Public Key Infrastructure
Public Key Infrastructure
Technology
Certification Authorities and Digital Certificates
The effective operation of PKI very much depends
on the support of a CA.
The main role of a CA is to act as a trusted third
party to verify the identity of digital
certificate subscribers.
The subscriber can generate the public/private
key pair using an application, for example, or
a browser running on a workstation. The browser
then automatically sends the public key, together
with a certificate request, to the CA server.
The CA server then creates and digitally signs
the subscriber's certificate, subject to positive
verification of the subscriber's identity; and
sends one copy of the certificate to a Directory
Server, while another copy goes to the subscriber.
Upon receiving a copy of the certificate, the
subscriber can export it together with generated
keys to a token, such as floppy diskette or a
smart card, for portability among PKI-enabled
applications on various platforms.
The Hongkong Post is the first publically recognised
CA under the Electronic
Transactions Ordinance ("ETO") (Cap.
553). Any organisation and member of the public
can buy digital certificates in Hong Kong from
Hongkong Post, and they issue different types
of digital certificate such as e-Certs, Bank-Certs
and Mobile e-Certs. There are also a number of
other recognised CAs under the Electronic Transactions
Ordinance.
|