1-3CAA CA is a trusted authority responsible for issuing and managing digital certificates. A CA issuescertificates, specifies the validity periods of certificates, and revokes certificates as needed bypublishing CRLs.RAA registration authority (RA) is an extended part of a CA or an independent authority. An RA canimplement functions including identity authentication, CRL management, key pair generation and keypair backup. The PKI standard recommends that an independent RA be used for registrationmanagement to achieve higher security of application systems.PKI repositoryA PKI repository can be a Lightweight Directory Access Protocol (LDAP) server or a common database.It stores and manages information like certificate requests, certificates, keys, CRLs and logs whileproviding a simple query function.LDAP is a protocol for accessing and managing PKI information. An LDAP server stores userinformation and digital certificates from the RA server and provides directory navigation service. Froman LDAP server, an entity can retrieve local and CA certificates of its own as well as certificates of otherentities.Applications of PKIThe PKI technology can satisfy the security requirements of online transactions. As an infrastructure,PKI has a wide range of applications. Here are some application examples.VPNA virtual private network (VPN) is a private data communication network built on the publiccommunication infrastructure. A VPN can leverage network layer security protocols (for instance,IPSec) in conjunction with PKI-based encryption and digital signature technologies for confidentiality.Secure E-mailE-mails require confidentiality, integrity, authentication, and non-repudiation. PKI can address theseneeds. The secure E-mail protocol that is currently developing rapidly is Secure/Multipurpose InternetMail Extensions (S/MIME), which is based on PKI and allows for transfer of encrypted mails withsignature.Web securityFor Web security, two peers can establish an SSL connection first for transparent and securecommunications at the application layer. With PKI, SSL enables encrypted communications between abrowser and a server. Both the communication parties can verify the identity of each other throughdigital certificates.Operation of PKIIn a PKI-enabled network, an entity can request a local certificate from the CA and the device can checkthe validity of certificates. Here is how it works:1) An entity submits a certificate request to the RA.2) The RA reviews the identity of the entity and then sends the identity information and the public keywith a digital signature to the CA.