authentication server (KDC) (AS)
Authentication servers(AS) have the task of making certificates publicly accessible and are integrated in electronic directory assistance systems for this purpose. Free access to the certificates is required to enable authentication in open systems.
An authentication system consists of the applicant, which is the supplicant, the authenticator, which is the authenticator, and the authentication server. The supplicant acts client-side and knows the different procedures for key exchange. He submits his request to the Authentication Server, which authenticates him. Only then does he receive network access from the Authenticator. Most authentication servers are RADIUS servers.
If a subscriber wants to verify the digital signature of a communication partner or encrypt data, he needs the authentic public key of the communication partner. This public key is contained in a certificate whose authentication has been electronically signed by a certification authority. The participants have their own certificate, their private keys and the public key of the certification authority.
When a communication partner is authenticated, the certificates are first exchanged and mutually confirmed. Only then is the data exchanged. If the certificates are issued by different certification authorities, the communication partners require the public keys of the corresponding certification instance.