A Design Of KMC In PKI System On The Basis Of MPLS VPN Technology

With the development of information technology, the Internet has been wisely used in the national defence, telecom, finance, news media, commercial trade and other fields, but the issues of information security are becoming more important PKI framework has been the better technology to protect the security of network information. This technology can achieve both identity and encrypted transmission of information in the internet through the digital certificates and encryption, digital signature technology. Actually, key management center, which provides key management services, is the crucial part of PKI system.In the paper, the author presents a model of centralized key management center, an independent system, which effectively manages the key in all life cycle. The key entire life cycle are including key generation, key storage, key distribution, key backup, key update, key revocation and key archive and key recovery. The model has good compatibility because it has a special module to realize the communication interface between key management center and CA system, and it can provide key services for dozens of CA systems. Meanwhile, the model is designed to use key division technology in the areas where it is necessary to share the key.In this paper, the author describes the design of the model, the functional structure and logic diagram. On the basis of the functional structure, the model can be divided into seven modules, including the module of internal CA, the module of Key generation and control, the module of key distribution and management, the module of secure database, the module of audit, the module of interface between CA systems and key management center and the module of operation interface, and presents the detail of the function, structure and processes of each module. Then the paper explains all kind of key management of the whole model, as well as the role and privilege. This paper introduces the MPLS VPN technology, and expounds the needs of secure communications between the CA system and key management center. The model adopts MPLS VPN to connect CA systems to KMC system. On the basis of MPLS VPN technology, the paper makes clear the process of key applications, download, update and revocation with the help of the graphic form images.