| Public Key Infrastructure based on the asymmetric encryption technique, can ensure the network information security. Certificate has become the managing tool of PKI. End entity must validate certificate's creditability before communication. A certificate path must be constructed between both sides of correspondence during validating the certificate's creditability. Confirming the creditability about both sides' certificate of communication by validating all certificates' creditability of certificate path.Certificate path construction is interrelate with the trust model, so this text analyses in-depth the four trust models which apply widely: strict hierarchy of certification authorities trust model, cross-certified mesh trust model, hybrid trust model and bridge CA trust model and summarizes the certificate path construction process based on different trust models. Thistext integrates each trust model's advantage, proposing a new reference model------similarbridge CA structure model.Similar bridge CA trust model partitions the current PKI system by geography position forming several subareas; every subarea has many trust areas. Setting up intersectional node during the subareas to complete trust transfer, trust areas' root nodes complete trust transfer by cross-certifying during trust areas. Similar bridge CA structure model satisfies the requirement of PKI system's extending.The text research existing certificate path construction's methods in-depth, combining similar bridge CA structure model which is put forward in this text, proposes corresponding certificate path construction project.During the process of certificate path construction, relationship matrix and certificate path database are introduced in allusion to the trust areas and subareas which change smallness. At the same time intersectional nodes' information is written as "Issuer byname" of certificate ,predigesting certificate path construction and improving certificate path construction efficiency. |
PDF Full Text Request