| Along with the increasing requirement of security on Internet, PKI is applied more widely. However, the high complexity of deployment and bad interaction obstruct the popularization of the PKI. To resolve these questions, XKMS-base Key Management Model is proposed according to the deep research on the XKMS, and by associating the PKI with XML.The model translates two layers application mode of traditional PKI into three layers by inserting a mesosphere between PKI users and PKI providers. In the model, the PKI users indirectly make use of the service provided by PKI providers, through Trust Service instead of interacts with PKI providers straightly. Consequently, the complexity of the implementation of bottom PKI is shielded from the client. Furthermore, by using XKMS message to realize internal communication of the model, the part or all of the key and certificate management that should be taken by client are delegated to the trust service. This can lowers the complexity of deployment and the difficulty of obtaining PKI services.The model consists of Client and Trust Service. The functions of the Client include providing API for applications, creating and sending XKMS request messages, receiving and analysing XKMS response messages, and sending results of the request to applications. According to the request message, the Trust Service interacts with the diffirent PKI providers, and sends the result as XKMS response messages to the Client. As a kind of PKI provider, Trust Service not only works as the role of mesosphere, but also provides the key and certificate services for the Client, which expresses the idea of converting soft into service.XKMS-based Key Management Model deals with the possible security questions of key management, and effectively resolves security questions such as replay-attack, etc. Therefore, it has accessional value for the field interrelated with XKMS. |
PDF Full Text Request