The Application Of Two-way Authentication With Smart Card Based On Public Key Infrastructure

Because of the lack of physical contact, Electronic authentication of the confidence relationship is playing a significant role in the activities of e-Government,e-Commerce and e-Transaction. The security of network, especially the security of internet is tightly depended on the support of PKI infrastructure. Only the PKI technology can meet the security demand of confidentiality, integrity, authenticity, non-repudiation and access control. CA—the kernel of PKI system, is the foundation of PKI system, ensuring the security of private key and sensitive data. The best way to keep the secret keys and digital certificates is to write them to a smart card, at the same time, smart card acts itself as crypto algorithm provider. The combination of smart card and PKI can realize more security and reliable authentication of identity, as a result, it improves the integrative security of the system.This article achieves a successful PKI application with high security & flexibility based on J2EE infrastructure in real estate area. It mainly includes following contents:①Using EJB to implement Certification Authority Server②Implementing Registration Authority server by JSP and Servlet③Realizing a client authentication PAM service module based on smart card, the client authentication succeeds only for those who have a valid smart card. PAM module is embedded into web client which enables the cross-platform transaction integration.This article makes a detailed analysis of those modules described here. The system stores and manages digital certificates by a LDAP(Lightweight Directory Access Protocol) server. The corresponding information is visited by Clients from multi-level security validations. The secret keys and certificates of client are stored in smart card. The system implements client authentication via OCF (Open Card Frame Work) framework.; and it also implements server authentication by setting up a server-side SSL configuration.Finally, the article summarizes the contents of the system and points out the limitations & shortcomings, also puts forward ideas and expectations of improving the security of the CA and enhancing the security of system from via smart card.