| PKI is the most valid way to slove the security issues. It based on the public encryptions. CA is the trust center of the PKI. The communication of others devices and person depends on the digital certificate issued by the CA. Digital certificate is a data signed by the private key of the ca. Protect the private key of the ca is the essential of the CA security. In genral, in order to provide the online digital certificate service, CA must be a online network device, especially the CA oriented to the user. But the CA oritented to the user cannot work offline. It also cannt be avoided that the online device is attacked. When a hacaker attacked a machine successfully, he would probably find the CA key. The attack from a employee is also should be prevented. When he controlled one of the machine, he cannt get the CA key. Because of the hardware and other failure, the PKI should work well. So, how to protect the CA security has arise the widely attention.This paper emphasized research the key technology of the PKI. With the issue of the protect of private key in the CA center and the security requirement of the signature, it bring foraward the method that CA distribute the private key across several servers and signature by steps. It slove the security problem by intrusion tolerance method. Emphasized on the system aritechiture and theory arithmetic. By the redundancy configuration and the RSA threshold cryptograph to provide the intrusion tolerant. The security scheme ensure that the compromise of a few system components does not compromise the private key. The system can trigger private key updateing and other policies to ensure the system security. So it has the characteristic of intrusion tolerance. |
PDF Full Text Request