Distributed Certification System On A Trusted Dealer And Secure Interactions Between Enterprises

With the development of computer technology and network technology, all kinds of affairs about businesses,governments and individuals are coming to be processed on computers which are linked to Internet. Till now, the antenna of Internet is spreading all over every field, every family and every corner of the world. But Internet also brings about network intrusions and attacks which are increasingly rampant, such as many websites being attacked, data being modified, viruses being flooding and so on. All these hold back the development of information technology and bring about lots of economical damages. Moreover, some affairs, such as financial businesses, govermental work, electronical businesses etc. not only need keep the data secret , but also need new security services suchlike person identification and digital signature. Security measures , such as IPSec, SSL, Kerberos. PGP and S/MIME etc, can only satisfy partial demands of security, and at the same time, also impede secure connecting between different networks. While PKI technology , which is applicable everywhere, not only can satisfy all kinds of security-demands including new demands in the future , but also can pledge secure connecting between networks. And it can be predicated that PKI technology is the best selection and the final direction to secure Internet.From the 80s' of last century, PKI has been in considerable scale and applicable future. But there are still many problems. Aim at the two important problems in PKI. this dissertation puts up effective solution schemes.1. The problem about the security of on-line CA. On-line CA is the main trend of PKI, but there are no good solution of its security and stability for a long time. According to the idea of distributed certification, this dissertation brings up and designs and implements a new scheme梔istributed cettification system on a trusted dealer, based on the analysis of the original schemes. The new scheme takes Shamir's Lagrange polynomial secret shares and completely solves the main problems of distributed certification. It can not only tolerate intrusions and banlance loads, but also can scale flexibly and work robustly, and do not exist single-failure components. More over, it puts forward a new fault-tolerant and robust scheme on secret synchronization, which promotes the tolerance and security of the whole system.ABSTRACT2. The problem about secure interactions between enterprises. The electronicalization of businesses leads to secure interactions between enterprises. Aim at two problems of exterprises" interactions which are trust interactions and information exchanges, this dissertation puts forword new solutions. The secure interactions between enterprises involves with trust relations between different PKI domains. For the individual characterizations of a virtual enterprise, on the idea of virtual CA(VCA), this dissertation analyzes the practical cases of virtual enterprises and brings forward a new solution scheme which is more secure and more practical. At the same time, interactions between enterprises also lead to share informations, that is to say , share data between PDM systems of enterprises. Under the framework of PKI technology, this dissertation puts up and designs and implements the Attribute Certificate (AC) model based on Public-Key Certificate (PKC). It not only provides secure identification and keep data secret, but also implements flexible access control and security audit, which effectively solves information exchanges between enterprises.