Research And Implementation Of Anonymous Digital Certificate Based On Pki

The Society has entered into the information age with the development of computer and network technologies, thus, the security problem of information has become the fundamental mater. At present, Public Key Infrastructure(PKI)is the most popular and effective scheme to solve this problem. The kernel of PKI is Certification Authority(CA), and CA provides the services such as encryption and digital signature for all network applications with the digital certification, and finally it can achieve security communications. While using digital certificate, it reveals the private information about the owner in an authentic manner. Because of the X.509 standard, CA issues the certificate with real name in the subject name field. When the owner of the certificate shows the certificate to service provider of web sites, meanwhile the true identification of the owner is discovered. This kind of true name certificate based of X.509 is incapable of anonymous services that protect of privacy information, such as e-payment and electronic voting.In order to meet the demand for security and privacy, based on the study of PKI system this paper provide a scheme for issuing anonymous certificate in currently PKI ststem, that is scheme for issuing anonymous certificate based on PCA, then design an anonymous certificate issuing model according with the scheme provide.This scheme solves the problems of computationally expensive and hardly applicable to the existing PKI in previous scheme. The anonymous certificate issuing in the scheme has the characteristic of anonymity and conditional traceable. Then through the improvement of previous scheme provide a separation-of-authority anonymous certificate issuing scheme, solves the problems of previous scheme, and then develop an anonymous certificate system.In order to designe an anonymous certificate system which is widely provided with generality, openness and sharability, this system introduce X.509 standard achieving the functions of issuing certificate,accerabling certificate and revoking certificate. In practice,CA server is responsible for issuing real name certificate,and BI and AI server are responsible for issuing and acceabling anonymous certificate. It is not only used for validating identity of net users, protecting validity and integrality of transferred messages,but also protecting users'privacy, it is applicable to all kinds of anonymity services.