| Public Key Infrastructure (PKI) is the suit of safety Infrastructure which offer identity authentication and distinguish, assure information confidentiality and integrality,and prevent the sent or received information from denying under the open network environment. PKI has already become major technology in the safety certification field of information at present.This text has made an introduction to the theory knowledge of PKI/CA infrastructure at first, and has made a detailed instruction to life cycle and relevant mechanisms of the certificate. Formed by two parts mainly as to PKI entity: The Registration Authority (RA) and Certificate Authority (CA). The Registration Authority is used for registering , obtaining , finding out, upgrading and revoking a stage of the certificate to the customer. Because I am mainly engaged in the development of RA end in enterprise's digital authentication system , that is to say I will tell such links as the analysis , design, realizing of RA end. Tell two items of key technology of RA end especially: One is technology of Page Hosting (PH) , which is realized through life cycle webpage page customized. Thus, PH can not only carry on the original trusteeship RA certificate to manage , but also increase enterprise RA mode certificates to manage; The another is technology of Automation Distinguish (AD) , through automation distinguish mode and service in enterprise RA certificate management mode , the information of registration of users can be distinguished on the automatic distinguish server of RA end directly, thus lightenned the administrator's distinguish load. For basic operation that need the applicant and administrator's distinguish of information to registering, the analysis of the reason revoke as,etc.such these two functions to seperate from RA, this system has increased the end of administrator's control centre. The authentication organization (CA) is core of the whole public key infrastructure and important composition, including five subsystems: certificate life cycle service , query service , CRL form creation , CA database and CA own management. Certificate life cycle management to be whole authentication core module, including initializing certificate creation, certificatecreation, certificate upgrading , certificate revoking , the key upgrading and backing up and resuming , etc. CRL creation and issue also is a focal point of the module of authentication centre, especially there are a lot of methods and strategies in CRL is created; Finally , this text introduces the mechanism of management of CA own respect.This text has mainly made an introduction on the application in two following respects of PKI, One is application in safe E-mail service authentication of personal certificate; The another is the application in safe WEB server authentication of server certificate.Certainly PKI in many aspects (for example: VPN , Code Signature, Electronic Seal ,etc.) have its uses. |
PDF Full Text Request