An Implementation Model For PKI And PMI System

With the swift developing of electronic commerce and electronic government, people have taken more attendtions to the technology of network security. The PKI (Public Key Infrastructure) system is a mature network security solution for Internet, which can provide five security services for electronic commerce and electronic government, such as identity authentication, access control, data secrety, data integrity and non-repudiation. The basis of PKI is PKC(Public Key Certificate), which bind a user's identity with a public key. PKI offers an effective method for online identity authentication by using the flexible Cryptographic-key and certificates management, and establishes a security environment for systems. But identity authentication can not meet all the demands under some conditions, such as privilege management system, which requires users not only to present PKC certificate, but aslo to present privilege management mechanism, so as to control users'behavior and action in system. The PMI (Privilege Management Infrastructure) is a new concept brought forward in the process of PKI's development, and has now been separated from PKI. In PMI, Attribute Certificate (AC) is used instead of Public Key Certificate (PKC), which can help us to implement role-based access control. In addition, with its flexibility and short period validity, PMI even implements the authorization management better. This paper carefully researched the whole PKI and PMI system. First, cryptography of computer network is introduced. Secondly, the basic principle of PKI and PMI is detailed described, including system structure, relative protocols and standards, the data structure of the certificate, system component and system mode. Based on the research of the basic principle of PKI and PMI, an implentation model for PKI and PMI system is proposed. The design criterion of PKI and PMI system strictly keeps to the X.509 standards, and it picks the secure technique (i.e., the control of access and the management of right, etc) to ensure its authority, justness and trusty. Basically, the contributions of this paper are as follows: (1)This paper makes carefully researches on the whole PKI and PMI system. (2)The architecture of PKI and PMI system strictly keep to the X.509 standards, act according to the prescripts of the national secure department and has entire intellectual property. (3)In this paper, The CA (Certificate Authority) is established. It includes several major functionalities: certificate registering, certificate issuing, certificate publishing, certification revoking CRL publishing and certificate managing, etc. (4)In this paper, The PMI system is established. It includes several major functionalities: attribute certificate registering, attribute certificate issuing, attribute certificate publishing and policies of access control establishing, etc. In a word, the system with entire intellectual property can be generally used in finance industry, negotiable securities, telecommunications, military, government, education, etc. PKI and PMI can act as an optimal solution to build electronic commerce and electronic government system.