| Public Key Infrastructure is the foundation and emphasis of construct for network security presently. The kernel component of PKI is Certification Authority(CA), CA is one of the hotspots of current security researches on network, and its implementation is of significant practical value and social value.In this paper, a CA model named Fair-and-Square Certification Authority(CA) is proposed. This model presents the design and implementation of a whole solution for CA. FSCA is a trusted third authority with responsibility for issuing and managing digital certificates. The design criterion of FSCA strictly keeps to the PKI standards, and FSCA picks the secure technique (i.e., the control of access and the management of right, etc). FSCA ensured its authority, justness, trusty.Specifically, the contributions of this paper are as follows:1) FSCA provides the complete functional performance, and presents the full solution of root CA which centralize the user's private key and public key.2) FSCA keeps to the international standards and has entire intellectual property. In FSCA, the architecture, the service and the system management strictly keep to the PKI standards, and act according to the prescripts of the national secure department.3) In FSCA, CA subsystem is established. It includes the several major functionalities: private key generating, certificate issuing, certificatepublishing, certification revoking and CRL publishing, etc.4) In FSCA, the RA subsystem is established. It deals with request of users and management of users information.5) For FSCA introduce the distributed model named CORBA over SSL, it is well extensible and secret in transmission.6) FSCA picks the control of connection access and management of right, so FSCA system fully ensured that legality when users access data.7) In FSCA, all operations of managers are recorded in system log, and digital watermark technology is used to ensure authoritativeness, accountability, integrity of the log.8) The system files of FSCA are encrypted with high strength algorithm, which breaks through the bound of foreign export. This also can prevent the inside attack from system and unauthorized download.9) In FSCA, Database and LDAP are used to publish certificates and CRLs. FSCA system represents that users on Internet can access FSCA system by Web, query, download and install certificates of other users and root CA.10) FSCA system offers managers a friendly and facility operating interface. With this managerial system, manager can expediently manipulate all of FSCA system.In a word, FSCA system with entire intellectual property can be generally used in finance industry, negotiable securities, telecommunications, military, government, education, and website(ISP/ICP/ASP), and enterprise networks, etc. FSCA can act as an optimal solution to build Certification Authority.
|
PDF Full Text Request