Design And Implementation Of Related Application For Public Key Infrastructure

Public Key Infrastructure is a comprehensive security infrastructure which is using asymmetric encryption algorithms principles and technology to achieve the provision of security services. Its main applications are in the field of E-business and E-Government. Actually, the applications of PKI are more than these two aspects, with a substantial increase in remote access users in the SSL VPN field; PKI plays an important role in the region of the identity authentication and encrypted communications. And as the enactment and implementation of electronic signatures law, in the field of smart cards, to satisfy the special needs of machine-readable electronic documents digital signatures can achieve identity authentication and identification which not only ensures the safety and reliability in the process of information retrieval, transmission and management process but also ensure the overall security with the help of the particular information which is undeniable and retroactive in the card. This thesis focuses on the latter two applications ofPKI.In the beginning, the thesis presents the PKI public key infrastructure systems, including intruction of public key cryptography, PKI concepts, models, and the analysis of PMI which is the extension of the PKI. Then SSL VPN technology is introduced, focusing on the SSL, VPN principles, SSL VPN concept and its safety.Subsequently the thesis gives an introduction of a PKI-based security application platform, including the demand and need for the application platform. It analys the structure of the platform and the security services supplied by it. The main functions of the platform are safty transmission and identity authentication to complete confidentiality of the information which the users' need.The platform can be used in many fields, such as E-business, E-Government and enterprise portal website servers, and can provide security for specific applications. It build a safety business environment for users to give the solution to users for information confidentiality, integrity, authentication and undeniable.Finally the thesis introduces a project using digital signature in machine-readable electronic documents that presented in smart cards. The system supplies a service for online digital signature and verifying, mainly for the design and analysis of the following four parts:1. CA system, root CA signature design.2. Signature system. It supplies the digital signature service with the information that is to write in the achine-readable electronic documents designed by the public key certificate system. The thesis introduces the main function of the signatures system design, the signature certificate applications, updating the design and signature services.3. Certificate validation system. It provides the validation of electronic documents read data from the effectiveness of services for the certification system. The thesis introduces the main analysis of the certification system functional design, and how to download signature certificates, how to download CRL signatures and certification services design.4. The final part of the client side has done the detailed design and realization.