The Research And Implementation Of Identity Authentication Based On PKI

Network security is an important field of study in information systems, while identity authentication technique, as the gateway to network information resources, dominates a significant position in the protection of network information resources. As an identity authentication technique, PKI can authenticate the identity in the open network environment, and at the same while protect the confidentiality, integrity, and non-repudiation of information. At present, PKI has already become the mainstream technique in net information security protection.Based on the design and development of a PKI certificate authority, this paper attentively focuses on the related key theoretical issues, namely public key cryptosystem and digital certificate, which of a safe, reliable and scalable system. The main work is as follows:(1) Expounding the related techniques of PKI——PKI's components and standards as well as its core CA structure and digital certificate.(2) Studying the algorithm of the public key cryptosystem. Based on the analysis of cryptography, this paper offers an in depth analysis and comparative study on the algorithms of RSA, DSA and ECC from the perspective of symmetric cryptosystem and public key cryptosystem.(3) Implementing three asymmetrical crypto-algorithms. In the algorithm, RSA offers a method to generate the great prime number and a method to improve the modular multiplication speed by employing the algorithm of Montgomery. In DSA, the method of offsetting seeking inversion in validation is employed, based on which improvement in RSA, DSA and ECC algorithms during programming.(4) Designing and implementing the digital certificate authority. The system uses the above algorithms (RSA algorithm, DSA algorithm and ECC algorithm) in encryption and signature and meanwhile issues two certificates for the users, perfectly making it feasible to issue, revoke, inquire and upgrade certificates etc.This paper is supported by Shaanxi Narural Science Funds (2006F50) and Aviation Science Funds (06ZC31001).