The social system for supporting PKI is described schematically in the figure below.
Figure 1: Various authentication steps in the mobile environment
This figure shows how various organizations involved in authentication and certification are set up within the PKI system.
To begin with, as the first key concept concerning the PKI, a so-called Certification Authority (CA) confirms who is the owner of the private key corresponding to the public key and fixes the correspondence between the keys. The CA then issues and controls a so-called "electronic certificate" as the authorization of this correspondence. In particular, set up as an organization with responsibility for checking the certification of the key holder with the CA, the Registration Authority (RA) verifies the identity of the key holder in a face-to-face manner.
By the way, it should be mentioned that in April 2001 in Japan, a law allowing electronic signatures and electronic-authorization services was introduced. As a result, electronic signatures could then be handled in the same manner as personal written signatures or seals, and CAs approved by the Japanese government have been established since then. Moreover, these days, CAs run by the private company have appeared, and an environment in which electronic certification is just another business is being created.
As the second key concept in PKI, a so-called Validation Authority (VA) is set. The VA is a body for checking the legality of electronic certificates; namely, whether a certificate is valid and whether that certificate was issued by a trustworthy CA. Since the PKI is a system to prevent spoofing, the procedure that checks the validity of the electronic certificate is said to be the most important among the PKI operations.
Related Links
Conference presentation reports written by researchers at SDL.
Technical terms related to research themes at SDL are explained.
