Certification Center Of The Design And Realization

For the swift developing of computer network technology, people can communicate in a convenient and rapid way. However, because of the open design of computer network, when people profit from the advantages brought by the network technology, they have to confront the increasingly serious problems on information security.Public key cryptography, combined with the traditional symmetric cryptograph and the message digest technology, can provide confidentiality, integrity and proof of origin. It's the foundation of many secure applications. In order to apply public key cryptography in a large scale, the Public Key Infrastructure(PKI) is required to distribute and manage public keys. The kernel component of PM is Certification Authority(CA), which is a trusted third party with responsibility for managing certificates in their lifecycles. CA is one of the hotspots of current researches, and its implementation is of significant practical value.In this paper, a CA model named Trustable Certification Authority(TCA) is presented, and the model is implemented on LINUX plaffonn. The implementation of TCA has entire Intellectual Property.Specifically, the contribution in this paper includes:oThe design and implementation of CAAP(Certification Authority Access Protocol) which specifies the protocol between Certificate Server and the client.oThe presentation of an authentication mechanism which efficiently combines the static and dynamic information. The authentication- Ill -mechanism resolve the problem that how to authenticate a certificate in server side.oThe design and implementation of a web-based Certificate Server Administration Tool which facilitates the configuration and management work of the Certificate Server Administrator.oThe security considerations about TCA, such as the protection of the Certificate Server's private key.oThe efforts on standardization. In TCA, the format of certificates and CRLs strictly keeps to the corresponding standards. The related tests show that TCA can generate standard X.509 certificates for the civil, commercial, military and top-secret use.