The Design And Implementation Of The System For Certification Authority

Public Key Infrastructure is the foundation and emphasis of construct for network security presently. The kernel component of PKI is Certification Authority(CA), CA is one of the hotspots of current security researches on network, and its implementation is of significant practical value and social value.In this paper, a CA model named CASYS is proposed. This model presents the design and implementation of a whole solution for CA. CASYS is a trusted third authority with responsibility for issuing and managing digital certificates. The design criterion of CASYS strictly keeps to the PKI standards, and CASYS picks the secure technique (i.e., the control of access and the management of right, etc). CASYS ensured its authority, justness, trusty. Specifically, the contributions of this paper are as follows: 1) CASYS provides the complete functional performance, and presents the full solution of root CA which centralize the user's private key and public key. 2) CASYS keeps to the international standards and has entire intellectual property. In CASYS, the architecture, the service and the system management strictly keep to the PKI standards, and act according to the prescripts of the national secure department. 3) In CASYS, CA subsystem is established. It includes the several major functionalities: private key generating, certificate issuing, certificate publishing, certification revoking and CRL publishing, etc. 4) In CASYS, the RA subsystem is established. It deals with request of users and management of users information. 5) CASYS picks the control of connection access and management of right, so CASYS system fully ensured that legality when users access data. 6) The system files of CASYS are encrypted with high strength algorithm, which breaks through the bound of foreign export. This also can prevent the inside attack from system and unauthorized download. 7) In CASYS, Database and LDAP are used to publish certificates and CRLs. CASYS system represents that users on Internet can access CASYS system by Web, query, download and install certificates of other users and root CA. 8) CASYS system offers managers a friendly and facility operating interface. With this managerial system, manager can expediently manipulate all of CASYS system.In a word, CASYS system with entire intellectual property can be generally used in finance industry, negotiable securities, telecommunications, military, government, education, and website(ISP/ICP/ASP), and enterprise networks, etc. CASYS can act as an optimal solution to build Certification Authority.