| The technique of the identity authentication established on PKI becomes very mature in present, but the identity authentication can't meet the demand completely because the network information security system is requireing higher security and becoming more complex. The information security system require users not only to present PKC certificate, but aslo to present valid attribute certificate, so as to control users' behavior and action in system.Privilege Management Infrastructure (PMI) supplies the bind of the identity and the attributes via attribute certificate, and its implementation is of significant practical value and social value.According to this paper, Privilege Management Infrastructure (PMI) is a trusted third authority with responsibility for issuing and managing attribute certificates (AC). The design criterion of PMI strictly keeps to the X.509 (03/2000) standards, and it picks the secure technique (i.e., the access control and the management of right, etc). PMI ensured its authority, justness and trusty.Basically, the contributions of the paper are as follows:It presents the full solution of central privilege management system.It keeps to the international standards and has entire intellectual property. In the paper, the architecture, the service and the system management strictly keep to the X.509 (03/2000) standards, and act according to the prescripts of the national secure department. In the paper, AA subsystem is established. It includes the several major functionalities: attribute certificate issuing, attribute certificate publishing, attribute certification revoking and etc.In the paper, the access decision function (ADF) subsystem is established. It deals with user's attribute certificate and implements the access control based on access policy and user's attributes.For it introduce the distributed model named CORBA over SSL, it is well extensible and secret in transmission.It picks the control of connection access and management of right, so the system fully ensured that legality when users access data.The system offers managers a friendly and maneuverable interface via Web. With this managerial system, managers can expediently manipulate all of system.In a word, the system with entire intellectual property can be generally used in finance industry, negotiable securities, telecommunications, military, government, education, and website(ISP/ICP/ASP), and enterprise networks, etc. PMI can act as an optimal solution to build central privilege management system.
|
PDF Full Text Request