A Study Of Internet Security Based On Public-Key Infrastructure (PKI)

The developments of computer network technology are powerfully improving the process of the society information. Now it is very conveniently that people can exchange message with each other on the Internet. At the same time, however, the opened and well-suited network can bring the challenge of security of the network communication.Public-key cryptography is fast becoming the foundation for online commerce and other applications that require security and authentication in an opened network environment. The widespread use of public-key cryptography also requires a public-key infrastructure (PKI) to publish and manage public-key values. Without a functioning infrastructure, public-key cryptography is only marginally more useful than traditional, secret-key cryptography.This thesis reviews the basic of the encryption algorithm and security framework, analyses a set of PKI characteristics that apply to any PKI system, And uses these characteristics to describe several internet PKI proposals in common use. This thesis emphasizes to analyse their structure and matters, then describes the resolvent and action method of all kinds of system.In chapter 5, the thesis analyses the hidden trouble of security hi usually C/S pattern, advances a measure of transferring and memorizing the user's password in cryptograph form to solve the trouble that user's password can be eavesdropped and intercepted possibility when it was transferred and memorized. Contemporary, with the basic of CA Authentication, Digital Signature, Public-key cryptography and Secret-key cryptography, this thesis bring forward a basic model of user registration and C/S, B/S resource accessing under the mechanism that using cryptography to transfer and memory the user's password.At last, using Java language, the thesis implements Client's Digital Signature & Encryption and Server's Decryption & Integrality Validation. The system is a demo program, and distinguishes all kinds of functions very obviously. It implements each phase function step by step, in order to explain the particular process of Digital Signature and Integrality Validation.