| With the popularity of network application,the the security issues in newwork using have been paid more attention gradually.The main solution to deal with information security problems is to rely on PKI system.As a certificate authority insititution,CA take a very important role in PKI system.CA is divided into orgional and industry,each of them have different trust domains.The lack of trust way between different trust domains creates trust island and also takes a great impact on PKI's promotion and development.To solve this problem,there are already some trust model programs.But any one of them has some disadvantages. According to this problem in depth study,the thesis using the gateway-based program to realize cross-domain trust.The program in achieving cross-domain trust based on gateway is application-oriented solution.The overall idea in the program is to create a trust network based on some subjects that have the function of transferring certificate trust chain.The transfer is similar to gateway called Trust-Gateway.When CA join the trust community,the Trust-Gateway transfer the trust certificate chain of the CA through a special algorithm in the network.The application system can dynamiclly manage the trust of CA in the way of optionally updating trust certificate chains by linking to the trust community.Against the trust certificate chains repeated updateing,I create a certificate chain transfer algorithm based on update flag to achieve it efficiently.The algorithm that base on a compound property value updatelD which contains three attributes-updateTime,sponsor and updatePath for different destinations,avoid the repeated updateing through the special update check mechanism.The thesis summarizes the advantages through detailed analysis:simple realization; strong adaption; low requirement to gateway communication protocol; little dependence on netwok state.The thesis studys on the basis of the gateway program implentmented system introduces the system program selection and overall design, and detailed analysis of the functions design of different system modules and corresponding implementation. After introduction, a reality CA was taken as the test object to comprehensive display the operating process which verifies the feasibility and simplicity of the overall solution program.In the end of this thesis,the work was full and comprehensive summarized.I summarized the deficiencies and future research directions,also proposed views of my own:system function improvement;gateway communication protocol development;application modules expansion;trust certificate chain algorithm optimization. |
PDF Full Text Request