| Internet is an open system, the information transferred on it would be attacked here and there. PKI can provide credible security for internet applications of enterprises. However the realization of PKI is faced with many complicated problems such as certification management, validity, revocation etc. These problems make PKI hard to be popularized in middle and small enterprises. But in an IBE system, an entity's public key is derived directly from users' identity information and don't need be issued by certificates,so users don't need to face the problem brought by certificates.Email is one of the most widely used and important application on the internet and IBE fits very well for secure Email systems. The email addresses are an obbious and ideal choice for an identity based public key. A third trusted authority generates the correspondent private key which is transfered to the user through a secure channel. A role,task or conditions can also be used as the IBE public key. When the user asks for the correspondent private key, the trusted authority checks if the user has the required rights, in this way, the generation and transfer of the private key is combined with the role-based and privilege management.This thesis introduces the algorithms of the IBE Encryption and the Boneh-Franklin scheme based on the bilinear map on ellliptic curves, analyses the advantage of IBE and disadvantage of PKI in the application of Internet. Then this thesis research and designs a IBE-based secure Email system based on the BF scheme.the client of this system realizes encryption and decryption for email, digitalsignature; the key server of this system realizes user's identity certification, generation of privacy key and safe secure issue.In the email system,this thesis brings forth a Double-pair-key solution for the secure transfer of IBE private key. Double-pair-key not only protects the decryption key but also enhance identity certification of system, the system also realizes PKI digital signature fuction which meet the need of enterprises for PKI. This thesis research and designs a role-based IBE secure access system .This system realizes user's identity certification, access control and data encryption.In this system, a role management solution is proposed. The solution make users can control their role's state as the system can do and brings more facility in role management for the system. Beside, this thesis brings forth a role delegation solution which realizes a role delegation without any change of user's role information or creating a temporary role. |
PDF Full Text Request