Study And Implementation Of Combined Public Key Authentication System Based On Identity

With the development of global information,we need to make greater efforts to build a credible,secure network world.The authentication technology in network environment is an important technology to solve these problems,it can provide confidentiality,integrity, authentication and anti-denial of the security services.Today there are three authentication systems:Public Key Infrastructure(PKI), Identity-Based Encryption(IBE)and Combined Public Key System(CPK).CPK(Combined Public Key:CPK)is a new public key infrastructure, compared with the Public Key Infrastructure(PKI),this project is able to avoid the complex processes of CA certification authentication,and satisfies the requests of saving the space of smart card and generation the pare of PK/SK conveniently.CPK system is the authenticaion system which is build on the new key management and mapping technology,it can solve the secret key management problems well in the orderly network authentication systems.CPK adopt centralized management model,can get users' PK/SK from the PK/SK matrix.And CPK system realize the scale of the key and key storage technology,so it needn't multi-storey CA structure and the support form LDAP library.CPK distribute the secret key based on identity,the key itself prove the identity,so this system needn't the third part certification and parties any more.This architecture is based on public key cryptography system,and has new features.Not randomly generated key pairs and publish tehem, but use the user's name and network address as a public key.Name,ID number,street address,the Civil Service documents,or any combination of numbers can be used depending on the acutal situation to provide users only undeniable identity,and easy to be accepted.In this paper,we do an in-depth analysis and research on CPK theory based on IBE system and ellipse curve algorithm,and we also do detailed analysis on the technical features of the certification system and the application in the security channel based on identity authentication and CPK security schemes by using ECDSA signatrue and ELEGamal encryption algorithms.We designed possible encryption,signatures and key exchange programmes.We give the schemes from the basic structure, according to the functions,there are key production centre,key management centre and registered management centre.We also disign the data structure comply with the standard ASN.1,mainly PK/SK matrix and practical storage structure of certificate,to make sure it can be easily integrated into the various systems.Finally,we analysis the system perfomance and security of CPK certification,and the CPK and PKI system were compared,analysis the respective advantages and disadvantages and the application environments,especially high computing speed,low memory footprint, simple certification process in CPK system.CPK system do not need a huge support systems,virtually no maintenance.CPK system is a large quantity,speed and effectiveness,and cost of solution.CPK system based on the elliptic curve is safe,and handling of objects,small resource consumption and management is simple,in many occasions that do not require third-party certification.So it can be widely used in in e-commerce,e-government,e-military affairs,and other fields.