| The development of Internet and e-commerce changes the manner of people's communication and business. Internet's designers do not consider some security problems about the Internet's protocols, which restrict the development of Internet. With the development of e-commerce, information security in Internet baffles the trades on Internet. Along with the information security problem, how to ensure the Internet applications' security is very important.PKI(Public Key Infrastructure) technology can provide confidentiality, integrality, identity authentication and undeniable to people's behavior. PKI is a dynamic system and it combines various security technology. The core technology of PKI is digital certificate which establishs a kind of trust mechanism which identifies users in Internet.CA(Certificate Authority) is an authentic third organization in PKI, which offers authority, creditability and notarization to all the registered users. CA issues digital certificates to validate electro-entities in the net and manages certificates.This paper has discussed two methods about validating certificates status. One method is periodically issuing certificate status, based on traditional CRL(Certificate Revocation List) issuing mechanism this paper also introduces segment CRL, increment CRL, over-issued CRL, CRT etc. these different mechanisms can avoid vicious attack in certain extent; the other method is quering certificate status online, OCSP(Online Certificate Status Protocol) is a real-time and popular protocol in this method, it ensures PKI system running well and effective.With the research and summary of related PKI RFC documents and materials we have designed an applied PKI/CA model. In this model we have added OCSP responser and TSA(Time Stamp Authority), which are not defined in the basic architecture of PKI. Then carries out an example based on this PKI/CA model in laboratory environment.
|
PDF Full Text Request