Secure Design Of Scoring System On The Web Based On Public Key Infrastructure

PKI (Public Key Infrastructure) is a secure platform based on asymmetri crypto- gram technology for Electronic-Commerc, Electronic-Business and Electronic- Transactions. PKI that follows the international standards can afford apparently key and digital certificate (certificate) management requested by network application systems, by adopting the cryptogram services of encryption and signature.Based on comprehensive analysis on the application status, progress trend and the used key technologies of PKI in the world, this paper analyzes how PKI technology assures confidentiality, authenticity, integrality and Non-repudiation of information. With the premise of common frame of PKI, the composing characters and core technology are discussed, especially the five components functions of Certificate Authority, certificate database, the system of key stored and resumed, the system of certificate revocation and application interfaces.On the grounds of the security demanded in the scoring system on the Web, a system secure frame is presented and the mechanism of identity authentication and data encryption is discussed. Using the symmetric algorithms and the asymmetric algorithms together security performance of the application system is improved.Key parts of the system secure frame designed in detail and the main functions of CA system are implentmented. According to the X.509 criterion, combined with the characteristics of certificate usage, the structure of certificate and CRL (Certificate Revocation List) is described, the certificate server is built up and the certificate revoke process based on entire CRL is also presented. In order to accomplish the repository of certificate and CRL and achieve publication and revocation of the certificate, the certificate database design based on LDAP (Lightweight Directory Access Protocol) is given out. Through discussion on the mechanism of OCSP (Online Certificate Status Protocol), certificate status is verified online.Practical application verifies that using secure technology methods can meet the demands of the scoring system on the Web.