pki 证书验证机制
In a PKI (Public Key Infrastructure) system, proof of identity and ownership of key pairs must be verified before the issuance of a digital certificate (X.509) using asymmetric cryptography. A request is sent by an applicant to a CA (Certificate Authority) in order to obtain a digital certificate. Once the identity has been authenticated by a CA, the applicant is issued a digital certificate. This also authorizes the applicant as a member of the network or ecosystem. This gives members the rights and privileges to transact, store and share data. The certificate acts as part of the member’s digital identity.
在PKI(公共密钥基础结构)系统中,必须在使用非对称密码术颁发数字证书(X.509)之前验证密钥对的身份和所有权证明。 申请人将请求发送到CA(证书颁发机构)以获取数字证书。 一旦CA验证了身份,便会向申请人颁发数字证书。 这也授权申请人为网络或生态系统的成员。 这赋予成员交易,存储和共享数据的权利和特权。 证书是会员数字身份的一部分 。
A digital identity can represent an individual, organization, application or device through the issuance of a digital certificate. The digital certificate contains verified attributes of that representation, which proves the ownership of that identity. These attributes can also contain data that makes up Personally Identifiable Information (PII). The certificate issued by a CA provides authentication, authorization and trust for the digital identity. This provides a way to secure a system against non-members, so it is a trusted and permissioned system. The certificates must be valid for that particular system or else users will not be granted access to any of its resources.
数字身份可以通过颁发数字证书来代表个人,组织,应用程序或设备。 数字证书包含该表示形式的经过验证的属性,可证明该身份的所有权。 这些属性还可以包含构成个人身份信息(PII)的数据 。 由CA颁发的证书为数字身份提供身份验证,授权和信任。 这提供了一种保护系统免受非成员侵害的方法,因此它是一个受信任和允许的系统。 证书必须对该特定系统有效,否则将不授予用户访问其任何资源的权限。