.

PKI provides digital authentication cards for partners participating in information exchange on the Internet. This tag is used to identify an individual, an organization, or a directory service.
1. Components of PKI:

The PKI system consists of the following key components:

• PKI client
• Certification Authority (CA)
• Registration Authority (RA)
• Digital certificates (DC)
• Certificate Distribution System (CDS)

There are also other components:

• Validation Authority (VA): Confirm the validity of a communication partner's digital authentication card.
• Certificate revocation list (CRL): Contains a list of attestation cards that have been revoked by the CA.
• Public key and private key encryption techniques: Can be used to encrypt and decrypt information.
• Partners/Subjects: Can be users, organizations, or service systems: These are people who want to use public and private key techniques to exchange information securely.

The following figure gives us the most general overview of the function of the components in the PKI system and its operation:

The User sends a request for the issuance of the authentication card and its public key to the RA (1); After confirming the validity of the user's identity, RA forwards this request to CA (2); CA issues authentication cards to users (3); Then the user "signs" the message exchanged with the new authentication card just received from the CA and uses them (digital authentication card + digital signature) in the transaction (4); The user's identity is checked by the partner through the assistance of the VA (5): If the user's authentication card is validated (6), then the new partner trusts the user and can initiate the process of exchanging information with it (the VA receives information about the authentication cards that have been issued from the CA (a)).

a. PKI client

The PKI client requires a digital authentication card from the CA or from the RA. This is necessary with the PKI client, as it must receive a digital authentication card before it can transmit data. The RA checks the client's credentials before issuing the digital authentication card requested by the client.

After the client receives the credential card number it must identify itself, using the same attestation card for all subsequent transactions.

b. Certification Authority (CA)

A CA is a trusted third part, it receives a request to issue a credential card, from an organization or individual, and issues the request credential card to them after the client has authenticated the request (Verisign and MSN are two world-famous CA companies).

CAs rely on policies, information exchange in a secure environment, of the organization to define a set of rules and procedures related to the issuance of authentication cards. All activities of creating, issuing and revoking authentication cards in the future shall comply with these rules and procedures.

The CA-based authentication process can be illustrated as follows:

c. Registration Authority (RA)

The task of the RA is to check the client's digital authentication card request.

When a PKI client sends a request to issue a digital authentication card to a CA, the CA delegates the request authentication response to the RA. After a successful request check, the RA forwards the request to the CA. The CA receives the request, issues the request attestation card, and sends the attestation card to the RA. RA forwards the card to the PKI client (submits a request for the issuance of a previous authentication card).

d. Digital certificates (DC)

A digital authentication card is considered an ID card used in an electronic environment/computer network environment. If in reality, people use ID cards to uniquely identify a certain individual, in a secure information exchange environment, PKI uses digital authentication cards to uniquely identify a certain object during the communication process.

The digital authentication card contains the following information:

- The serial number of the attestation card

- The expiration date of the attestation card

- CA Digital Signature

- Public key of the PKI client

During the transaction, the sender sends the digital authentication card, along with its encrypted data, to the recipient. The end recipient uses this digital authentication card to confirm the validity of the sender's authentication.

The receiver uses the CA's public key to decrypt the sender's public key (received with the encrypted message coming from the sender). Once the sender's identity is determined, the receiver uses the sender's public key to decrypt the data it receives.

e. Certificate Distribution System (CDS)

The CDS stores all the credential cards that have been issued to users on the network. CDS also stores key pairs, validity, and "signatures" of public keys. The list of expired keys, keys revoked due to loss, due to expiration is also stored by the CDS.