The Local Registration Authority (LRA) is the technical and administrative process for generating a user's digitalidentity. The enrolment process can be initialised by the user whose identity is at stake, but it can also be triggered by the Local Registration Authority or by the person responsible for the security infrastructure
(PKI). To apply, the user completes an application form, which is forwarded to the LRA, which verifies the user's identity. This can be done via direct personal contact or via a 3rd party authority using a PKI key.
TheLRA forwards the verified request to the Certification Authority
(CA), where it enters the X.500 directory. The CA administrator creates the activation data for the user, which consists of a reference number and the authorization code. The authorization code is sent to the LRA in encrypted form; the reference number directly to the user. The certificate authority sends the initialization data to the user and the LRA. The LRA decrypts the authorization code of the new user. Then the LRA authenticates the user before providing him with the authorization code.