Research On Mechanisms Of Privilege Management Infrastructure

Recently, privilege management develops quickly as the field of security. The research of Privilege Management Infrastructure based on Public Key Infrastructure is the focus of application and research now. The purpose of implementing PKI is to manage private key and implement identity validation of user by public key algorithm. The identity validation that passed PKI system only makes certain user identity, but it can't distinguish privilege of each one. It is one of the causes of PMI. Actually PMI provides a new protective infrastructure of information resource. It can authorize users validated systemically. There is usually a bottleneck in validating user by PMI,when the number of user is huge. Authorization policy of PMI is easily influenced by actual application. There is no uniform standard.By amending the format of attribute certificate, short period of validity attribute certificate and long period of validity attribute certificate are combined. The format of short period of validity attribute certificate is simple and this type attribute certificate is in exchange with validated server by push mode. The long period of validity attribute certificate is in exchange with validated server by pull mode. So the system reduces bottleneck of validating attribute certificate hugely and assures security when it deals with lots of users accessing. By presenting authorization policy model of RBAC, authorization management of PMI is independent of actual application. So authorization policy model can be widely used in different applications.With some knowledge of electronic commerce, electronic payment system is presented based on the improved attribute certificate and authorization policy model of RBAC. The system not only solves problem of bottleneck in payment and problems of E-cash that can be used constantly, forged or tampered easily, but also solves problem of bottleneck for validating users who will be authorized and problem of security.