Research And Design Of New PKI System Based On XML

The Public Key Infrastructure (PKI) technology, which is the mainstream of the current information security solutions, has been maturely identified and widely applied. However, because of the lack of a uniform system criterion on PKI, the PKI products produced by different manufacturers are lack of interoperability. On the other hand, along with the development of E-government and E-business, the safety condition requires PKI system can order services as more exiguous granularity-leveled encryption/signature, nested encryption/signature and mulriple encryption/signature etc.Accordingly, W3C has established a XML-based XML Key Management Specification (XKMS) which uses XML expression to specify correlated operations such as encryption, signature and key-management etc., so that to integrate the advantages of high interoperability and extensibility of XML.This thesis gives a thorough study on current PKI system and XML technology. On this basis, conforming to XKMS 2.0, a XML based PKI system scheme is provided. That can settle the interoperable problems of PKI plantform, simplify the complexity of PKI key and certificate management and enhance the sensitivity of information encryption, so to meet the need of the new security environment.This thesis.mainly contents as follows:(1) Introduces the basic theory of cryptography and PKI technologyThe first section systemically introduces the current cipher systems and security system standards for data encryption/decryption. Then studies the information security solution PKI, which is universally applicated currently. After analyzing PKI's construction, trust services and workflows, the shortcomings of traditional PKI technology in the new information security environment is furtherly discussed.(2) Introduces the basic knowledge of XMLThe second section expatiates the conception, background, structure, key technologies and safety problems of XML. Such security technologies as XML encryption and signature and their advantages are mainly analyzed, providing ideas to build a new information security solution.(3) Analyses and studies XML Key Management SpecificationOn the basis of understanding XML security technologies, the third section gives a research on XKMS, analyses and sums up its objectives, structure and service flow offered by XKMS emphatically. At last, the safety of XKMS is studied in practical applications.(4) Based on researches above-mentioned, a XML based PKI system is designed. After analyzing the specialties and strongpoints of XML security technology,conformed to XKMS 2.0, a security model based on basic PKI structure integrating XML security technology in the fourth section. The Security Analysis is carried through firstly, including XML Data Process, Trust Service Access Control and Data Transportation. Thereafter, the overall mechanism and module designing can be made on this basis. At last, to make the application more extensible, the system's optimizing and extending plan should still be designed to resolve the potential problems as Server's Overloading, Safeguarding against Attack and so on..The innovation of this thesis rests with that a new direction of development of PKI technology is explored. Combining XML technology with PKI technology, XML is used to simplify the complexity of PKI key and certificate management. On the basis and standards of the open platform, a standardized implementation of XKMS criterion is designed, to make up for the shortcomings of traditional PKI technology and to meet the current requirements of the new information security environment.