| PKI (Public Key Infrastructure) which is based on the public key security, is widely used in the demon such as e-government, e-commerce, finance, securities, and so on. This infrastructure can realize the security objectives such as identity authentication during the communication and transaction, guarantee of data integrity, resistance of denial and information security etc. In order to enhance the security of system, some one proposed the dual-certificates scheme which separates the signature key and decrypt key, and this scheme needs another trusted third party - KMC (Key Management Center) besides the CA in PKI infrastructure, which takes responsibility of decrypt key escrow.In this paper the key escrow schemes adopt separating the escrow secret. The two secret escrow agents are KMC and a CA (this CA substitute user to apply the secrets). We propose the secure key escrow scheme combined technique and management. In this scheme, CA shares the function of key escrow partly, but the main management and control of user secrets are still completed by KMC.The security of keys is a important factor of system security. In this paper, we research many key storage techniques, including the security and characteristic of key storage technique of hard device, password-based key protection technique, and digital envelop. We also analyze the characteristics of different kinds of keys in PKI infrastructure, and we divide the keys into root key, key encrypt key, terminal key, and session key and so on. We integrate the secret keys' characteristic and secure request, adopt proper storage technique of key, and propose a feasible secure key storage scheme.During the process of generating RSA key pairs and distributing user keys between KMC and CA, it must be supported by secure communication protocol. KMC can provide the full service process for CA including request, response, receipt and return of exceptions etc. This communication mainly resolves the problems of authentication, security, integrity, resistance of denial etc. and it combines the separating secret escrow scheme in order to guarantee the security of escrow keys.In this paper, we also research the general model of secure audit according to electric data in PKI infrastructure. In the secure system, we build a secure audit module, which takes charge of every function module inside or the transaction outside the system's checking, analysis and statistics of information. The secure audit of electric data based on digital signature in this paper records effective data element in order to guarantee the validity and verifiability of electric evidence. |
PDF Full Text Request