| With the coming of New Economy times of networks, information and globalization, E-commerce has gradually pervaded all fields of economic life, and security issues on Internet has been increasingly prominent.Public Key Infrastructure (PKI) is the foundation and core of network security construction now .It also becomes the basic guarantee of electronic business .Research and development of PKI become the hot topic in the field of information security nowadays.Public Key Infrastructure is widely recognized now as being a fundamental technology on which several essential security services can be built. As some trust models have emerged as PKI have grown beyond local domains to satisfy needs of larger and more diverse communities, it is important to adopt a particular trust model at an early stage as this forms a basis for the PKI's development.The main work of this paper includes:In this Paper, Studies and analyzes the strict level PKI's trust model,the netted trust model,the mixtrust model,the bridge CA trust model, the web trust model and the user_central trust model indetail. Summarized the superiority and shortcoming about these kinds of common PKI trust models and discussed their efficiency and security issues which arise from the difference of CA constructions.The capability guideline of each model is given based on the author′s experience, and has given out an Identity authentication system based on the no Root CA and isomorphism. Moreover , Its construction strategy is included intruding the realization of the model,the construct of the model attestation serves and software structure.Two kinds of certificates revocation CRL and OCSP is studied, the merits and limitation of CRL and OCSP is compared in this paper. Unifies the merits of CRL and OCSP, one kind of useful certificate revocation mechanism is proposed, and the work flow chart of this mechanism has been designed in detail.Finally, a summary of the new model is made and its future direction on the prospect. |
PDF Full Text Request