| With the rapid development of computer technology,the problems of information security is becoming more widespread concern and the technology of information security is also widely attention and promotion. Information security has become an important guarantee for maintaining the Internet order. The PKI technology as the core of information security technology, are widely applied to various parts of everyday life,such as e-commerce, e-government, stock exchange and so on.CA become the core of PKI system,as the issuer of digital certificates and third-party trusted institution. At this stage,each CA can only trust the digital certificates issued by itself,that also mean,each has its own trust domain.The digital certificates can not be trusted if they are beyond the trust domain.With digital certificates a wide range of variety applications, a user may have many digital certificates issued by different CA,and,it also takes a lot of inconvenience and stress to the users and CA. Therefore, realization of applications can authentication digital certificate which issued by different CA,which has become a key problem in the way of PKI developing and it also is a core problem ot this thesis.Digital certificate trans-CA trust system based gateway is proposed by this thesis. The main goal is realization of applications can authentication digital certificate which issued by different CA.The boundary-gateway and trust-gateway's concept is proposed by this thesis.The boundary-gateway is the access point,and trusted CA can access this system by boundary-gateway.The trust-gateway is the core of the trans-CA trust system,and it is presponsible for transmission of certificate trust chain.By the spread the certificate trust chain can be extended to the whole system. In addition,the applicatons also can access this trsut system by trust-gateway.Applications can easily get any certificate trust chain through trust-gateway,and also can choose certificate trust chain which they trust to store to their certificate trust store.So,the applications can authentication digital certificate which issued by different CA.This thesis also puts forward three ways for the transmission of certificate trust chain. The structure network of trust-gateway play a crucial role for the transmission of certificate trust chain.Therefore,this thesis introduce three solutions to solve the problems how to avoid looping and certificate trust chain can not be transmitted to any corner and by contrast, pointed out the advantages and disadvantages of these three ways and adapted conditions.Finally,this thesis puts forward the next research direction and some areas needed improvement of the trans-CA trust system,for example,system's audit function, management of the administrator's rights,and optimize the way of the transmission of certificate trust chain and so on. |
PDF Full Text Request