| The absence of security is the main barrier of electronic business improvement. The PKI (Public Key Infrastructure) system is an important network security solution for Internet. PKI provides the frame, in this frame, all kinds of components work together to provide four major security functions for electronic business : confidentiality,integrity ,authentication, non-repudiation. From the requirement for security, this paper introduced two popular authentication system: Kerberos authentication system and PKI system. And then describes the basic security technology — cryptography of computer network in detail. Cryptography provides the encrpytion, digital signature, information integrity verification, ID identification, etc. to imporve the security of network information transmissionThis paper carefully researched the whole PKI system. First, the basic principle of PKI is introduced, including system structure, relative standards and trust mode. Second, the content of PKI is detailed described. PKI inclulde multiple components, the most important component is Certificate Authority (CA).All kinds of components work together to provide four major security functions for electronic business : authentication, integrity, confidentiality,secure time stamping, non-repudiation. Last, the service and function provided by PKI in each phase of certificate and key lifetime are introduced.Based on the research of PKI and relative protocols, the integrated implementation of PKI is proposed. That is FSCA (Fair-and-Square Certificate Authroity). FSCA issues and manages X.509 certificates. The public key and user information are bound to form ceritificate via third party trust organization — CA. Certificate is used to authenticate the user ID in Internet t. The design criterion of FSCA strictly keeps to the PKI standards, and FSCA picks the secure technique (i.e., the control of access and the management of right, etc) to ensure its authority, justness, trusty.Basically, the contributions of this paper are as follows:This paper makes carefully researches on the whole PKI system. FSCA, as an implementation of PKI is proposed. FSCA keeps to the international standards and has entire intellectual property. In FSCA, the architecture, the service and the system management strictly keep to the PKI standards, and act according to the prescripts of the national secure department.The CA subsystem is established. It includes several major functionalities: private key generating, certificate issuing, certificate publishing, certification revoking and CRL publishing, etc.The RA subsystem is established. It deals with request of users and management of users information.The certificate publish subsystem is established. FSCA adopts LDAP directory server to publich certificate/CRL. Users can search, download and install root certficate of CA and user certificates easily through WEB.
|
PDF Full Text Request