Implementation Of Certificate Authentication System In E-commerce

With the rapid development of Internet, there are more and more countries and companies focus on the security of transaction through public network. PKI(Public Key Infrastructure) become a stardard of Key management,it can provide all kinds of Encryption and signature service for network application. Certificate authentication system is the core component of PKI, so it is very important in the implement of PKI.This paper gives a proposal for implementing certificate authentication system, and the system will be implemented in e-commerce authentication center of GuangDong province which can generate signing certificate and encrypting certificate for users. E-commerce authentication center of GuangDong province is an authority for providing trust service and authentication service, and its foundation is auhorized by government of GuangDong province. The certificate authentication system follows KMC-CA-RA structure, and can provide keys escrow service,it is conform to the secure requirement of national cipher beaura, and can compatible to the current system.Certificate authentication system will manage all certicates in life span, and use the structure of RCA-CA-SCA-RA-LRA. There are three subsystem: key management system, certificate authority system and register agent system, these subsystem cooperately complete certificate application, certificate update, certificate revocation, certificate recover, certificate distribution, certificate store, certificate validation equiry,etc.Key management system will manage all encrypting key pair, and can provide the follows service: key generation, key store, key distribution, key backup, key revoke, key archive, and key recover.Certificate authority system realizes the follows function: user register, user requirement check, and certificate generate, certificate update, certificate revocation, certificate recover, certificate distribution, certificate store, certificate validation equiry, certificate revoke list generate, certificate revoke list issue. Register agent system support hierche structure, including: local register agent, remote register agent, and can be used in B/S and C/S application. RA system provides the follows function: system management, audit and equiry, certificate apply, certificate request check, certificate download, certificate update, certificate recove, certificate revoke, certificate revoke list request and download.Furthurmore, this paper gives the detail implementation of signing server program (CASIGNSERVER), and define the data struction used in the program. Signing server program can provide data signature service for CA signing a certificate and a certificate revoke list, CA root key can be stored in different encrypt devices which usually used to improve the security of root key, signing server program running as a backup service and can support Unix system and Linux system.Certificate authentication system can be used to provide certificate and key escrow service for commercial authentication organization. Commercial authentication organization is authorities which provide trust and secure authenticate service for a province area, the foundation of CA must be warrant by government, the main task of CA is certificate generate, certificate update, certificate revocation, certificate recover, certificate distribution, certificate store, certificate validation equiry, certificate revoke list generate, certificate revoke list issue. At last, the certificate authenticate system is dependable, secure and compatible, and can provide key management sevice, certificate management service, and key escrow service, the development of this system will enhance the security in electronic transaction. Now the reseach of network security has come into a new stage, and we believe there will make a progress in certificate authentication system development and implementation in a few years.As main programmer of this project, I attend the whole development process, and undertake revising requirement from customer and analyzing it partially in detail. The author takes part in outline design, and also attends certificate work flow design in detail. For the integrity of this paper and take the advantage of my attributes to project, this thesis introduces background and research status of certificate authentication system, then describe the realization of a CA in running the main part as follows: system function,method of transaction, system design and system implementation. At last, we conclude the dependability, security and compatibility of implement system according the user's experience.