Research On The Combination Of Identity-Based Cryptographic Techniques And Public Key Infrastructure

Public key infrastructure (PKI) and identity-based cryptographic techniques (IBC) are two main public-key techniques today. This paper analyzes the principle, basic architecture, key management, encryption and signature schemes of the two. Based on the complementarity of IBC and PKI, a basic combined model is proposed and a new application mode of public-key techniques is designed.Users are distributed into different IBC domains which are small limited entironments independently. PKI only issues a few domain-level certificates which are used to guarantee the security of interoperating between different IBC domains. And then, users benefit from the simplicity and facility of IBC dispensing with the complicated processes of dealing with certificates. Because the certificates issued by PKI are few and stable, PKI can simplify certificate management a lot. With the help of PKI, users in different IBC domains can interoperate each other securely.In order to issue and update private keys seurely in IBC domain, this paper dives into the Separable and Anonymous Identity-Based key Issuing (SAKI) and finds two security flaws in SAKI. A new scheme named SAKI-II is proposed to repair and improve SAKI. Based on SAKI- II, the paper designs a key-update scheme named SAKI- II -UP which is the same secure as SAKI-II. Then, the IBC domain architecture which integrates SAKI-II and SAKI-II-UP into the S/MIME IBC architecture is framed, while transforming from the public parameter server (PPS) in S/MIME IBC architecture into the domain parameter server named DPS which has a pair of certificate-based keys and a pair of identity-based keys. DPS uses certificate-based authentication between different IBC domains and uses identity-based authentication in IBC domain. The combination of certificate-based authentication and identity-based authentication ensures that the user can get the authenticated and integrated public parameters of another IBC domain. At last, the paper designs and implements a prototype system which can carry out the experiments of the schemes proposed in this paper. The result of testing attests to the feasibility of the combination of PKI and IBC.