Higher security level is required while more and more commerce activities andgovernment affairs are done over lntemet. The authentication of activity paticipates, theconfidential ofdat4 the integrity of data and the ability to anti-disavow are the most importantones among all security requirements. Asymmetry encryption could resolve alI of the securitypuzzIes while tr8ditionaI encryption could not do well. But the question in the asymmetryencryption solution is how to estab1ish a be1ievable relationship betWeen the public key and theowner. PKl (Public Key infrastructure) is a kind of infrastructures, which provides service toensure that a public key must belong to somebody. PKI implements the function depending oncertificate defined by X.509.On another hand, Java platform provide kinds of functions to support encryption,certificate operation, authentication and authorization etc. Ful-thermore Java language has theabiIity to run on different OS without recompile. So construction of PKI based on Java platformcou1d lead the PKI development in efficient way, while saving the cost in development andmalntenance.Construction of PKI is a comprehensive prOject, and the article discusses several basicquestions about PKI implement. The edicle focuses on PKl architecture, certificate path buildingand validation, establishment of the reliable and confidential link betWeen CA and RA,development of CA's user authentication and authorization module through extending JAAS(JavaAuthentication and AuthoriAnion Service) frame. In addition the article discusses the CPS(Certificate Practice Statement), which could take effect on PKl applicability. At last the articleshows wha1 is the next step. |