| With the development of information technology and network technology, e-commerce has already been accepted by people progressively, however, though open Internet-based e-commerce has some advantage that the traditional commercial has not, it must face the challenges of some new problems at the same time. Open network, cause e-commerce system to face the destruction and attack in many aspects, how to protect commercial information not illegally obtained, usurped, distorted and destroyed, have already become the important problem that all Internet participants have cared about together. With the global popularization on Internet of e-commerce, the safe importance is more prominent, people's worry about the safety of the electronic trade between the enterprise and enterprise, enterprise and consumer has already hampered e-commerce's progress seriously.Currently ,more and more security policies based on public key in frastructure(PKI) are used in bank on internet,electronic commerce,electronic government and so on.PKI manage the public key by certificate, it bundle users' public key and users' other identifications information together, by third party authority (certificate authority, namely CA).PKI can guarantee to realize identity authentication, security transmitting, undeniable, data integrality in the course of trade technically, provide protection for e-commerce.This article has introduced some basic conception of PKI at first, carryout an easy to use, high-efficient, expanding, security high design of CA base on studying PKI relevant and certificate/ CRL standards, and the design for Key Management Center, to meet the requirement of double certificates and double centers and implementing the system base this scheme. In security aspect of CA, it discuss a scheme that combine the secret shared, utilize the divide up mechanism to key, protect the safety of CA' s signature key.PKI. We analyze the strict level trust model, the neted trust model, the mixtrust model, the bridge CA trust model, the Web trust model and the user-central trust model. We summarize the superiority and shortcoming about these kinds of common PKI trust models and discuss their efficiency and security issues which arise from the diference of CA constructions. In this paper, the author concludes the influence diferent CA constructions have made on the capability of PKI trust model, explain some facts about CA construction which must be fully considered and solved when establish a new PKI trust model.And bring forward a new PKI trust model -ring trust model. |
PDF Full Text Request