The Research And Implementation Of A PKI End System

The security issue becomes more and more important with the rapid development of the computer network. To solve this issue with applied cryptography is a main method, especially to solve problems on authentication, confidentiality, data integrity and non-repudiation. The basic technology to support this method is the public key infrastructure (PKI). PKI is supposed to have a bright future, but nowadays it still seems to have a long way to go. The reason is partly contributed to one-sidedly emphasized research on the management entities in PKI and the neglect of user interface. These lead to the complexity of PKI, and make the PKI much more difficult to be deployed. Therefore, the key step is to improve the facility of PKI's user interface, if we want more applications to use PKI. The user interface refers to PKI end system here.The studies on the current PKI end systems shows that all these systems are subject to the lack of user-friendliness. And the studies also state that there are two main reasons for this problem. One is about the applying procedure of digital certificates, and the other one is on the facility of PKI's application interface (PKI's API). So a new PKI end system named AccessPKI is designed in this thesis to eliminate these factors.Two methods are introduced into AccessPKI to improve its facility. One is to optimize the applying procedure of digital certificates with an automatic certificates download technique. The other method is to supply different layer of APIs for different user. On the other hand a new mechanism is chosen to smooth the replacement of the cryptography implementations. And how to manage the certificates, CRLs, and keys in PKI end system is discussed. It found that to manage all the entities in separated logic cert store can facilitates certificates verification procedure and improve the performance of PKI end system. However, all the records in the logic cert store are located in a same database file. And the design of the physical database chooses an embedded database's model.At last, the facility of AccessPKI has been proven by comparing with two existing PKI end systems. And at the end of paper, all the research work is concluded and the future research work is looked forward. It also mentions that policy-based control mechanism is the key point to improve the extensibility and facility of PKI end system in future.