vb.net gs1 128 Figure 6-5 This simple certificate hierarchy might occur in a large corporation in Software

Create Code 3/9 in Software Figure 6-5 This simple certificate hierarchy might occur in a large corporation

Figure 6-5 This simple certificate hierarchy might occur in a large corporation
Scanning USS Code 39 In None
Using Barcode Control SDK for Software Control to generate, create, read, scan barcode image in Software applications.
Creating Code 3/9 In None
Using Barcode creation for Software Control to generate, create Code 39 Extended image in Software applications.
Metro Motors Corporate
Code 39 Scanner In None
Using Barcode recognizer for Software Control to read, scan read, scan image in Software applications.
Code 39 Full ASCII Generation In C#.NET
Using Barcode drawer for .NET Control to generate, create ANSI/AIM Code 39 image in .NET framework applications.
Metro Motors West
Print Code 39 Extended In VS .NET
Using Barcode printer for ASP.NET Control to generate, create ANSI/AIM Code 39 image in ASP.NET applications.
Encoding Code-39 In VS .NET
Using Barcode drawer for VS .NET Control to generate, create Code-39 image in VS .NET applications.
Metro Motors East
Encoding Code 39 Extended In VB.NET
Using Barcode creation for .NET framework Control to generate, create Code39 image in Visual Studio .NET applications.
Painting Bar Code In None
Using Barcode encoder for Software Control to generate, create bar code image in Software applications.
Metro Motors Marketing
Code128 Creator In None
Using Barcode drawer for Software Control to generate, create ANSI/AIM Code 128 image in Software applications.
Bar Code Encoder In None
Using Barcode generation for Software Control to generate, create bar code image in Software applications.
Metro Motors HR
EAN13 Drawer In None
Using Barcode maker for Software Control to generate, create EAN13 image in Software applications.
EAN / UCC - 13 Drawer In None
Using Barcode creation for Software Control to generate, create USS-128 image in Software applications.
Metro Motors R&D
Making UPC-E Supplement 2 In None
Using Barcode drawer for Software Control to generate, create UPC - E1 image in Software applications.
Data Matrix ECC200 Reader In .NET Framework
Using Barcode recognizer for VS .NET Control to read, scan read, scan image in .NET framework applications.
Metro Motors Manufacturing
EAN-13 Supplement 5 Decoder In VB.NET
Using Barcode scanner for VS .NET Control to read, scan read, scan image in VS .NET applications.
GS1 - 13 Encoder In Java
Using Barcode maker for Android Control to generate, create European Article Number 13 image in Android applications.
Public-Key Infrastructures and the X.509 Standard
Creating Code 39 Full ASCII In C#.NET
Using Barcode drawer for .NET framework Control to generate, create Code 39 image in .NET framework applications.
Code 39 Extended Creation In None
Using Barcode maker for Font Control to generate, create ANSI/AIM Code 39 image in Font applications.
A powerful feature of certificate hierarchies is that not all parties must automatically trust all the certificate authorities. Indeed, the only authority whose trust must be established throughout the enterprise is the highest CA. Because of its position in the hierarchy, this authority is generally known as the root authority. Examples of current public root CAs include Verisign, Thawte, and the U.S. Postal Service s root CA.
GTIN - 12 Drawer In None
Using Barcode creator for Excel Control to generate, create UPC A image in Office Excel applications.
Generate USS Code 128 In VB.NET
Using Barcode generation for .NET framework Control to generate, create Code 128A image in .NET framework applications.
Cross-Certification
The concept of a single, monolithic PKI serving every user in the world is unlikely to become a reality. Instead, we will continue to see PKIs established between nations, political organizations, and businesses. One reason for this practice is the policy that each CA should operate independently and follow its own rules. Cross-certification enables CAs and end users from different PKI domains to interact. Figure 6-6 illustrates the concept of cross-certification. Cross-certification certificates are issued by CAs to form a nonhierarchical trust path. A mutual trust relationship requires two certificates, which cover the relationship in each direction. These certificates must be supported by a cross-certification agreement between the CAs. This agreement governs the liability of the partners in the event that a certificate turns out to be false or misleading. After two CAs have established a trust path, relying parties within a PKI domain are able to trust the end users of the other domain. This capability is especially useful in Web-based business-to-business communications. Cross-certification also proves useful for intradomain communications when a single domain has several CAs.
NOTE:
The use of cross-certification instead of or in conjunction with certificate hierarchies can prove to be more secure than a pure hierarchy model. In a hierarchy, for example, if the private key of the root CA is compromised, all subordinates are rendered untrustworthy. In contrast, with cross-certification, the compromising of one CA does not necessarily invalidate the entire PKI.
Figure 6-6 Crosscertification
6
Metro Motors Corporate
Metro Motors East
USA Steel
Cross-certified
Metro Motors R&D
Metro Motors Manufacturing
USA Steel Order Entry
USA Steel Shipping
X.509 Certificate Chain
A certificate chain is the most common method used to verify the binding between an entity and its public key. To gain trust in a certificate, a relying party must verify three things about each certificate until it reaches a trusted root. First, the relying party must check that each certificate in the chain is signed by the public key of the next certificate in the chain. It must also ensure that each certificate is not expired or revoked and that each certificate conforms to a set of criteria defined by certificates higher up in the chain. By verifying the trusted root for the certificate, a certificate-using application that trusts the certificate can develop trust in the entity s public key. Figure 6-7 illustrates certificate chains and how they may be used.
Public-Key Infrastructures and the X.509 Standard
Figure 6-7 A certificate chain
Issuer: Metro Motors Issuer: East Subject: Manufacturing Issuer: West Subject: Marketing Subject: West
Issuer: Metro Motors Subject: Metro Motors
To see this process in action, consider what happens when a client application in the marketing department verifies the identity of the marketing department s Web server. The server presents its certificate, which was issued by authority of the manufacturing department. The marketing client does not trust the manufacturing authority, however, so it asks to see that authority s certificate. When the client receives the manufacturing authority s certificate, it can verify that the manufacturing authority was certified by the corporation s root CA. Because the marketing client trusts the root CA, it knows that it can trust the Web server.
The Push Model Versus the Pull Model
The chaining described here relies on individuals having access to all the certificates in the chain. How does the relying party get these certificates One way is for the issuer to send an entire chain of certificates when sending one certificate (see Figure 6-8). This is the push model, in which the sender pushes the entire chain of certificates to the recipient, and the recipient can immediately verify all the certificates. The pull model sends only the sender s certificate and leaves it up to the recipient to pull in the CA s certificate. Because each certificate contains the issuer s name, the recipient knows where to go to verify the certificate. (To make searches easier, Version 3 certificates offer more fields to hold information.) Even with the push model, however, some recipient chaining may be necessary.
Figure 6-8
Copyright © OnBarcode.com . All rights reserved.