| Non-repudiation service is one of the five security services described in ISO/IEC 7498-2 which is known as Security Architecture of Open Systems Interconnection-Basic Reference Model. Non-repudiation service ensures the traceability and fairness of the on-line transactions, which is indispensable in e-government and e-commerce. With the support of non-repudiation service, each side involved in communications will get the electronic evidence which can be used to solve the dispute later on. As an authoritative trusted third party, the PKI(Public Key Infrastructure) issues digital certificates for non-repudiation service, which ensures the generation of electronic evidence is trustable. Meanwhile, as the essential part of PKI, the trusted time-stamping service system which provides the trusted timimg evidence for the electronic evidence, is the most important supporting system of non-repudiation service.This paper researched on the design of non-repudiation mechanism in the PKI based on-line declaration system and on-line payment system, and designed the architecture of trusted time-stamping service system. Based on the analysis of security and access control mechanism of the system, the server and client software was designed and implemented. In order to ensure the independency of platform, client software was implemented by Java. The server software include:time-stamp issuing module, time-stamp verifying module, SSL module and AAA(Access, Authentication, Authorization) module, which were implemented upon Apache and OpenSSL. The modules can make a guarantee of security accessing on the time-stamping service system and credibility of time-stamp. The scheme of high availability and cluster was finally proposed to satisfy the requirements of high burst access and heavy load. The evaluation of high availability was made, which showed the scheme meeted the actual needs of high availability. At present, the time-stamping service system had been applied in tax return on-line system of Shaanxi Local Taxaion Bureau, and provided support for non-repudiation service of the system. |
PDF Full Text Request