Research Of Trust Model And Certificate Path Discovery Method In PKI

Public Key Infrastructure (PKI) has become the secure basis of e-commerce, and realizes secure transactions based on network used by digital certificates. When the terminal entity is carrying out the secure transaction, it generally needs to validate the creditability of the digital certificate, and confirms the authenticity of both identities. In the process of validating creditability of digital certificates, a certificate path should be constructed connecting with two sides, and the creditability of all relevant certificates in the path is validated, therefore the credibility of communication destination’s certificate can be ensured finally.The certificate path discovery is based on the trust model of PKI, based on in-depth research of the trust models used widely, this paper introduces the advantages, disadvantages and the discovery methods of certificate path of every model. This paper’s research focuses on transforming the architecture of PKI to improve efficiency of certificate path discovery, then proposes a reference trust model——rigorous binary tree structure model and the method of certificate path discovery in this model which is also put forward.In the rigorous binary tree model, the trust among CAs has organized in accordance with the rigorous binary tree structure, and encoded for itself. The newly-joined CA can join into the trust architecture by means of authenticating with CA which is the leaf node in the rigorous binary tree structure and satisfies certain conditions. So it alleviates management burden of a single CA certificate, and satisfies a wide range of expansion need of PKI. The rigorous binary tree trust model has some redundancy, and the impact on the safety of the entire trust architecture will be reduced with the values of nodes encoded increasing in the structure.The methods of certificate path discovery in the existing trust model are studied in depth in this paper. Combined with rigorous binary tree trust model proposed, an interrelated method of certificate path discovery is brought forward. During the process of certificate path discovery, certification path discovery is made by completing in the nodes and doesn’t have loops, the efficiency of the certificate path discovery is improved.