| With the rapid development of network application, information security of network issues is receiving increasing attention. How to protect open network system and data security is one of the key issues. The emergence of public key cryptography system, in particular public key infrastructure (PKI) technology, provides a possible solution. After more than ten years of development, PKI technology has come of age. Such as the technical standards established at home and abroad, many local Certificate Authorities set up by governments and agencies, Internet banking, and other applications appeared in day-to-day life. However, PKI technology is also facing major challenges; the core of the challenge is to resolve the conflicts between the dynamic relationship of trust in open network environment, and the stable trust management of the traditional PKI model. There are some concrete manifestations of the conflict, such as PKI interoperability issues (amony components, trust domains and applications), the credibility of the certification (property of certificate, issuing process of the certificate), the certificate service in distributed trust environment of (no trust center, no strict organization relations), and so on. In this paper, with a detailed analysis of the above key challenges in certificate application, combined with a wide range of experience in the practical application of the certificate, we proposed a PKI trust model based on real-world environments. Utilizing this model, we give solution for the credibility assessment of certificate properties, non-centralized issuance of the certificate, PKI interoperability, and other key issues. On the basis of the above models and solutions, we proposed a highly reliable mechanism for e-government services PKI. As a result, four principal achievements have been obtained. First, we proposed a PKI trust model based on real-world trust relationship, the new model utilizing a set of trust logics with practical predications and trust parameters. Second, utilizing the above trust model, we describe various types of certificates issuing process and evaluate the key functions for the validity of certificate attibutes.Third, On the basis of the above research result, an new e-government CA model is designed, which has well considered the safety needs, the architecture of governments and the challenges met in e-government PKI popularization. The model keeps good security, interoperability and compatibility, needs less funds to construct and manage, and can expend easily.Fourth; we proposed a classification method for PKI interoperability assessment.
|
PDF Full Text Request