How It Works
A DVCS transaction begins with a client preparing a Data Validation and Certification Request. The request always contains data for which validity, correctness or possession is to be certified. The request MAY be encapsulated using a security envelope to provide for authentication of both requester and server. Requester authentication can be achieved by several of the formats described in CMS, in particular, signed Data.
The DVCS client chooses an appropriate transport mechanism to convey the requests to a DVCS. It may also be necessary to choose a transport mechanism providing confidentiality and, in particular, allowing authentication of the DVCS by the requestor, e.g., TLS or CMS or S/MIME encryption.
If the request is valid, the DVCS performs all necessary verification steps, and generates a Data Validation Certificate(DVC), and sends a response message containing the DVC back to the requestor. The Data Validation Certificate is formed as a signed document (CMS Signed Data).
As with the request, it may be necessary to choose a transport mechanism that provides for confidentiality to carry the DVC. DVCs are not necessarily transported the same way as requests, e.g., they can be returned using e-mail after an online request received via HTTPS.
If the request was invalid, the DVCS generates a response message containing an appropriate error notification. Upon receiving the response, the requesting entity SHOULD verify its validity, i.e., whether it contains an acceptable time, the correct name for the DVCS, the correct request information and message imprint, a valid signature, and satisfactory status, service and policy fields.
When verifying the validity of a DVC, it is up to the requester's application to check whether a DVCS's signing certificate is valid. Depending on the usage environment, different methods, online or out of band, e.g., CRLs, DVCS, or OCSP, may have to be used.
After all checks have passed, the data validation certificate can be used to authenticate the correctness or possession of the corresponding data.
A DVCS may return more than one DVC corresponding to one request. In this case, all but one request have a global status of 'WAITING'.
Read more about this topic: Data Validation And Certification Server
Famous quotes containing the word works:
“Science is feasible when the variables are few and can be enumerated; when their combinations are distinct and clear. We are tending toward the condition of science and aspiring to do it. The artist works out his own formulas; the interest of science lies in the art of making science.”
—Paul Valéry (1871–1945)