Study Of The PMI-Based System In The Public Security Official's Net

With the development of network and the emergence of Internet in particular, the society has been significantly changed. The development of various businesses on the network, such as E-commerce, electronic administration of the governmental affairs and E-banking, calls for a more secure Internet. A relatively integrate scheme is put forward after many years' research, namely Public?Key?Infrastructure (PKI), which aims at improving Internet security. PKI has proven to be an indispensable safe supporting system in network applications. It can manage public key and certificate flexibly, supply effective means of online authentication, and establish the basis of implementing access control, non-repudiation, security and other safety methods in systems. But as the network application expands and deepens, just knowing "who he is" cannot satisfy the requirements. A method should be put forward to make sure "what he can do". As a result, Privilege Management Infrastructure (PMI) emerges. In the last five years, privilege management, as a domain of the safety, has been developing rapidly. Nowadays, the focus of research has been shifted to PMI that is based on PKI. After large-scale applications of PKI are adopted, people have realized that they must go beyond authentication PKI supplies and go into the privilege management domain. Providing privilege management of the information environment will be the next target. PMI puts forward a new information security infrastructure and therefore can manage user's privilege efficiently. PMI, based on the authentication provided by PKI, manages user's privilege with X.509 attribute certificate and gives a systemic definition and description of privilege management.Firstly, background of PMI, advantage and current research level is introduced. Then the necessity of establishing a PMI system is analyzed. The main works of the author are outlined.Secondly, composition, function, Trust Model and standard of PKI are presented. State of the art in PKI is discussed. The problems of PKI research are also pointed.Thirdly, definition, composition, access control framework and privilege rules of PMI are introduced. The key contents of attribute certificate and attribute authority are also presented.Finally, the implementation of a PMI-based system is described in detail, including the goal of system design, the selection of implementation schema, the architecture and detailed design process. A demonstration of the system application is given and the characteristic of the PMI-based system is analyzed. At last the shortcomings of the system and the future research direction are pointed.