| With the development of global informatization, there is a high demand for building of a trusted and secure network. The identity authentication technology in network is an important technique to solve the problem, it can provide confidentiality,integrity,authentication and non-reputation for all kinds of internet applications. There are three authentication systems now: Public Key Infrastructure (PKI), Identity-Based Encryption (IBE) and Combined Public Key (CPK). We analyze PKI and CPK systems and research on the key problems in each system.Certificate status query is one of the most important issues to be solved in Public Key Infrastructure. This paper presents a new mechanism for online certificate status query and a design method of the system. In the new scheme, users can set their recency requirements, by which the system is made more flexible. The main part of the system and its key technologies are discussed in the paper. Through research and study on distributed OCSP, this paper introduces an improved D-OCSP to minimize the damages caused by responder's private key exposure.The public key and private key of users can be computed through the public/private key factor matrices in Combined Public Key technique. With the technique, the problem of large-scale private key management can be solved. Based on the studying of CPK, the theory of CPK is discussed; the design method and an implementation of a CPK system are proposed.Finally, we analyze the merits and drawbacks in both capability and security of PKI and CPK system, and then propose some suggestions as to their practical applications. |
PDF Full Text Request