The Deployment And Implementation Of Public Key Infrastructure In Separation-and-mapping Network

With the rapid development, Internet is more and more important in the role of information transmission, however, there are irreparable birth defects in the existing architecture of the Internet. Based on this, Separation-and-mapping technology has become one of the hot areas research, Separation-and-mapping network can provide an excellent foundation for scalability, mobility and security.However, the Separation-and-mapping architecture can not be separated from other mature technology, it also needs a blameless security design, and how to use existing sacurity technology in new architecture became the key. The public key infrastructure technology providing digital certificates to network users to prove their identity and their own public key in existing network has a broad application in the security of e-commerce and confidential communication. Therefore, if we want to use a variety of secure communication technologies in the new network, we must deployment a rational and efficient public key infrastructure system first.This paper's purpose is to find how to deploy the public key infrastructure system in the new network. Secondly, we designed a strategy for the deployment of PKI system in view of high security, practicality and scalability requirements and we implemented the public key infrastructure's core module. At last, we used the digital certificates that our PKI system applied into the IPSec VPN to solve the problem that IPSec study under the new network is still using digital certificates by manual.This deployment of the main program has the following characteristics: 1) In the new network we deployed status verifying agency on access routers, by this way, we resolved the complicated of the digital certificate's application, the access router will take charge of the management, this design will ensure the security as well as reduction of input. 2) We used the strategy that deploying two levels Certificate Authentication in the whole network, so we can ensure that the distribution of digital certificates covers the entire network and reduce the complication when we authenticated the effectiveness of the digital certificate in multi-level CAs. 3) We take full account of the need for high security requirements of Certificate Authentication and use of the existing technical means and the access control policy to guarantee the reliable operation of the CA.Through our research, public key infrastructure can be cost-effective in the new network environment, and other security technologies using digital certificate can be used, by this way, the Separation-and-mapping Network will be more mature and practical.