Research On Key Technologies Of PKI Of China Finanical Certification Authority

PKI technology is the core of information security technology, also is the key foundation and electronic commerce technology. As the electronic commerce transactions trusted third party, the CA center takes responsibility for the public key Legitimacy inspection in the system. The CA center provides a digital certificate for every public key user, to realize the public key distribution and their legitimacy certification. This thesis mainly aims at the design and implementation issues about invasion tolerant certification issuing system, which is also a comprehensive summary of the solid works in the development of CFCA PKI-CA technology. This thesis won a series of research achievements and contributions as follows:(1) Proposed an improved ElGamal signature scheme.ElGamal signature scheme is one of the most widely used numerical signature schemes. It is based on the theory of the difficulty of integer factorization. ElGamal’s main problem is the uncertainty of the digital signature scheme, which is for the same expressly message, choosing different random parameters will get different signatures, and each one signature can only choose one random number, this brings a lot of hidden troubles to the security of the digital signature scheme ElGamal. To improve the safety of the signature scheme, in this thesis, firstly the ElGamal digital signature algorithm was improved by using two random numbers to strengthen the correlation between the random number and the private key, making the reversal progress of getting the random number and the key from the ciphertext more difficult. By comparing the improved algorithm to the original ElGamal digital signature algorithm, the improved algorithm proposed in this thesis can resist attacks such as key attack, homomorphism attack, but at the same time, the algorithm complexity doesn’t change, it increases the safety of the ElGamal type digital signature algorithm.(2) Proposed a new kind of undeniable protocol.In PKI system, it use undeniable protocol to prevent the other end deny the happened facts after a successful trading. The technologies in PKI such as digital signature, digital timestamps and so on, support the creation of electronic evidences. The thesis analyzes3typical undeniable protocol in detail:The TTP scheme is a major factor that effects the undeniable protocol; comparing with in-line TTP and online TTP, offline TTP only needs TTP in the stage of arbitration, so it’s performance requirements of the TTP is the lowest, so commonly it achieves the lower frequency of information interaction, and higher protocol computation performance. Based on these analyses, this thesis proposed a fairness guaranteed offline TTP undeniable protocol. The improved protocol make every end of the trading can terminate the protocol effectively, flexibly, and unilaterally, without damage the fairness, by introducing an abandon sub-protocol. The analysis result shows the proposed protocol has channel restorability, fairness and undeniability. In the meantime, because of the TTP working offline, it reduce the band-width requirement, makes the protocol more efficient.(3) Analyzed the scheme of certification revocation, designed the certification management system of CFCA.Certificate revocation mechanism is an important part of PKI. When the identity information of the digital certificated users changes, the users should send CA the application of certification revocation request immediately, and the CA should mark the certification as revoked in no time. The revocation status states that the certification is no longer in its validation. The thesis analyzed several commonly used certification revocation schemes, and designed the certification management system in the CFCA.(4) Analysis and design of the CFCA-PKI system. Detail discusses the improvement program of China Financial Certification Authority certificates, including the system architecture and principles, work agreements and the CA system security analysis. Gives the China Financial Certification Authority certificates issued by national security intrusion tolerant CA systems to improve program structure, and discusses the characteristics of the program. Achieve the system under the new program in the certificate-related systems.