| Currently, more and more security policies based on public key infrastructure (PKI) are used in bank on internet, electronic commerce, electronic government and so on. PKI is an infrastructure that uses the public key theory and technology to provide safe service. It is a basic technology to support authentication, integration, secrecy and non-repudiation. Certificate Authority (CA) as the core of PKI is a credible third party to sign identification certificate and issues, and manage or cancel certificates for all users. The different trust way between CA and the users constitutes different kind of PKI trust model. The CA construction is composed of the CA's quantity, distribution, rate relations, overlapping authentication and so on. The CA construction has been seriously affecting the capability of PKI trust model. Therefore the CA construction is an important factor that affects the development of PKI.The author of this paper do some research in the PKI basic system, several kinds of common PKI trust model and the CA construction in each kind of trust model. We review the development history of PKI and completely analyze PKI system components and core service provided by PKI. We analyze the strict level trust model, the netted trust model, the mix trust model, the bridge CA trust model, the Web trust model and the user-central trust model. We summarize the superiority and shortcoming about these kinds of common PKI trust models and discuss their efficiency and security issues which arise from the difference of CA constructions. In this paper, the author concludes the influence different CA constructions have made on the capability of PKI trust model, explain some facts about CA construction which must be fully considered and solved when establish a new PKI trust model. We analyze the present situation and question of CA construction in our country, discuss how to solve these questions and forecast the future research direction on PKI and the CA construction.This paper has two innovations. One is a new PKI trust model - - ring trust model is brought forward. It inherits the merits of netted trust model, such as high security, flexible expanding of trust field and transferred trust relations. And it improves much than netted trust model, in such areas as the complication in trust way construction, the overlong of certificate way, and difficulty in trust relations processing. Another innovation is the CA protection policy in each kind of PKI trust model. When different CA is destructed, the corresponding protection policy will start, and the trust field under this CA can be still effective. This can reduce the harm brought by CA destruction. |
PDF Full Text Request