Based on the research of the basic principle of PKI and PMI, a security model and its implementation for PKI and PMI system is proposed.The model has applied open secret key technology to net brake,has amended PKI system defect in applying to reality, has let the outside net act for a lead plane being responsible for will be located in the upper consumer of Internet and build a logical link between inner net lead plane,has been that the customer holds and the inner net lead plane builds binding, has acted for the function having only delivering a data besides being able to be used, but has had no way to gain proclaimed in writing that the customer transfers between end and the inner net lead plane and then by the fact that the encryption a train of authorizes. The model has carried out improvement on RBAC,has adopted to apply the region model trusting,have resovled problem applying middle government departments applying the software kind having very big flexibility in reality.It puts forward a connectionless security association model which can be used in networks of different security levels. It uses industrially well-accepted standards. It integrates the authentication and authorization facilities in a centralized infrastructure,and provides multiple manageable technologies for information interchange between networks of different security levels. |