| With the development of E-Commerce and E-Goverment, the security provided by network establishment don't satisfy the increasing requirements of network security, which leads to the rapid developments of various security technologies. Promoted by practical use, PKI , a universal security infrastructure, has gradually developed and matured. In the recent years , the ISO has made efforts to revise relative regulations and put forward a series of standards and drafts to stimulate the interoperability of PKI and to realize the cross certification of different CAs. These criterions afford the current framework of certificate validation, but in the course of realization, along with the trust model of PKI, it can improve the validation efficiency to reform the steps of certificate validation. According to the characteristics of distributed authentication, the writer raise an optimized certificate validation scheme, based on the multi-level trust mode, and the main work as following: ①.From the requirements of network security, it introduces the key technologies of PKI , including Symmetry Key Cryptosystem, Public key Cryptosystem, Hash Function, Digital Signature, and the base of PKI including theories, conceptions, functions and applications. Then introduces the concept of certificate and its theory.②The concept of trust model is stated and the characteristics of five current trust models have been described in detail,and then based these models, we build an extensible multi-level trust model and analyze the difficulty on technologies to apply the model .③On the base of trust path and certificate validation steps , we analyze the time complexity of two trust models(subordinated hierarchy and cross-certified mesh model), and then analyze the methods of certificate validation in current standards.④Analyze the characteristics of the extensible multi-level trust model, as a representative of distributed PKI. On the base of the above research, the idea of optimized path construction is stated, and the precondition, key technologies(the direction of path building, effect of certificate extensions to path building, authentication sequence and certificate revoke optimization), and the implementation step of optimized scheme are analyzed in details. Finally, some problems have been discussed in details.⑤Pay attention to the key part of the optimized certificate validation--arithmetic of trust path between different domains and its data structure and the flow of realization . The arithmetic has been programmed and some results have been got... |
PDF Full Text Request