Research & Implementation Of Key Management Based-on XML

With the rapid development of e-business technology, security is more and more concerned by people, specially with the mature and mass deployment of ebXML (Electronic Business XML) technology based on XML. In the Web Applications field, Public Key Infrastructure (PKI) is the key and the foundation stone for the security of Web Applications, and the Public Key Technology based on PKI fulfills the fundamental security requirements of Web Applications. However, the existing PKI products on the market have some drawbacks in inter-operation, application development, and system maintenance, etc. These drawbacks hinder the deployment and application of PKI, and affect the development of Web Applications negatively. For example, developers have to depend on the tools from the software providers when they embed digital-key or digital signature into the client machines and e-commerce applications for authentication usage. So it produces the uncompatibility of systems for the ructions of authentication or revoke procedure. At the same time, with the situation XML standard becomes universal infrastructure in heterogeneous network environments, transforming the tranditional encryption, digital signature and key management technologies already becomes possible, hus it might lay foundation for the updating and compatibility between systems.In order to resolve the problems mentioned above, this thesis researches and analyzes a kind of standardard key management XKMS (XML Key Management Specification) based on XML designed by W3C organization. The thesis elaborates principle, components and function of XKMS and analyzes details about many problems of XKMS specification. It summarizes the advantages of XKMS.On the basis of carrying on detailed research to XKMS and PKI two kinds of techonogy, we develop the RMTS(Reliable Message Transport System) based-on ebXML.The thesis describes the mechanism of constructing and accessing for key/certificate message and RMTS message. It analyzes the architecture of RMTS service and client. It describes the communicating mechanism between client and service and explains the design of client module and service architecture. We design and realize the key/ certificate management unit of RMTS service and the client applications. The RMTS provides XML_based Key Management. We realize client applications: XML digital signing, XML encrypting, service request; realize inter-operation of different PKI providers' software and provide clients convenience. Make the applications based on ebXML be confidential, integral, authentical, access control and so on.Finally the thesis gives some suggestions for security mechanism and discusses future work.