| With the development of e-commerce, the information security technology is more and more necessary for people. The PKI(Public Key Infrastructure) may provide the security for applications on internet, such as secretary, integrity, non-repudiation and identity identified. It is a comprehensive scheme for information security in all kinds of schemes. The kernel of PKI is the certificate and the certificate management is the chief task, and the publication of the status information of PKI is the highest cost in the large scale system implementation. This paper aims at the defect of traditional method of certificate publication which adopts C/S structure, imports the idea of P2P, and puts forward distribute certificate publication model. It adopts dispersed mixing P2P structure instead of traditional C/S structure. Every equipment is a "terminate" downloading CRL as well as a "Server" providing CRL. Aiming at the model, the paper completes the following task:1.Through the studying and analyzing on the traditional method of the certificate status information publication, the paper imports P2P technology and puts forward distribute certificate revocation method. That is to say, after the customer downloads the CRL from the CRL database, the CRL may act as "seed" which may be shared and other customers can download. It can reduce the work load of database server and the network connection, disperse the flow of the network and can insure the certificate handed out when the CRL server is breakdown.2.The paper deeply analyzes the influence of the mechanism of different cycle certificate status information publication on requirement rate of the CRL storage. Aiming at the characteristic of disperses and frontier of P2P network, the paper adopts the Over-Issued as certificate status information publication mechanism of the CRL model which the paper advances. The paper also puts forward the mathematic analyst.3.The paper deeply studies on the technology such as peer node, resource research, identity identified, online status and router of the P2P dynamic network. Especially the JXTA aiming at the characteristic of the PKI layer structure, the paper advances the Super-Peer mixed network model. In accordance with the shared resource limited to CRL files, the paper basing on the model deeply analyzes important problems of security and URL of the P2P network model.4.As mentioned above, the paper analyzes and designs the CRL dispense module of the distribute CRL modle.
|
PDF Full Text Request