摘要 |
Virtual Private Network (VPN) client 1 and M access gateways 3, 4 and 5 each possess a public key cryptography key pair (i.e., a private key and a public key). If VPN client 1 sends Public Key Infrastructure (PKI) compliant signature based authentication information to an access gateway 3, 4 or 5, the access gateway does not itself verify this authentication information. Instead, it entrusts this processing to an authentication server 8, 9 or 10 and receives the verification result, via authentication server proxy 7. Conversely, generation of PKI compliant signature based authentication information to be sent from an access gateway to a VPN client is carried out by the access gateway alone. The access gateway and the authentication server thus together implement PKI support but have the functions required for such support apportioned between them.
|