It’s a high level workflow of the certificate management process. There will be different adoption of the following general model for two solutions: REMME WebAuth and REMME Enterprise. The main difference with REMME Enterprise is the appearance of an additional level of users (admins) who moderate any action with certificates that is requested by ordinary users (light nodes).
REMME Admin UI and console tools provide the ability to manage certificate:
- process signing;
- update status (expiration, etc);
- bulk operations.
REMME’s certificate issuing process:
- Is generated as a certificate in the light node
- Public part with metadata sign and public key of the certificate is sent to the masternode which saves data on the REMME blockchain
- Signed public part is returned to the client and merged with the private part of the certificate which is always stored on the device and never moved from device.
Blockchain ensures that certificate can’t be stolen, changed and maintains their status (active, revoked, etc.)
REMME’s certificate verification process:
- Certificate owner initiates authentication process by sending public part of its certificate to masternode with request to get access (certificate is sent to the server user wanting access and the server forwards the request to nodes).
- A light node or masternode check the validity of the certificate on the REMME blockchain and its expiration date which is stored on the certificate itself.
- If verification is successful than the server grants access with a certificate to the user.
REMME’s certificate revocation process can be initiated by the user in the event of a device being stolen, or by admin.
REMME’s certificate revocation process:
- REMChain user who owns the certificate or an admin initiates the revocation process by sending public part of the certificate to a masternode with a request to revoke the certificate.
- There are keys which will be signed via transactions to prove the right to own information on the block. Either each user will have one or the administrator will have one for users of their organization.
- The masternode checks validity of the certificate on the REMME blockchain.
- If verification is successful then the masternode marks the certificate as invalid.