| As the the internet is becoming more and more widespread, network security turns out to be an very important issue in the internet world. PKI (Public Key Infrastructure) plays a major role in solving this problem. Using public-key algorithms, digital certificates, and other related cryptography technologies, PKI could provide a secure platform for network applications above a insecure network environment. We designed and implemented a X.509 based PKI system, which include Certificate Authority (CA), Registration Authority (RA), LDAP Server, and a set of APIs.In PKI systems, every end user needs a local trusted storage to store, at a minimum, the keys, the certificate of a CA which is directly trusted by this entity. This storage is called PSE (Personal Security Environment). To ensure the security of PSE is a key problem in PKI implementation. In this thesis, we will focus on the design and implementation process of the Registration Authority, which is a part of the above project. We use smart cards to provide the PSE for the end users, that is, to generate and store the public keys, the private keys, and the certificates. Thus we incorperate the highly secure characters of smart cards into our PKI implementation. Though the uniform application standards of smart cards is still underway at present, we realized a smart card class which is compatible with the widely accepted standards ISO 7816-4, by using Application Protocol Data Units (APDU) to communicate with smart cards. And based on that, we implemented all the functions of RA, such as certificate application, certificate revocation and certificate update, etc. and functions related to the management of cards issued by the RA. Thus we integrate the security and portability of smart cards into PKI, and realized a Registration Authority with enhanced security. This system has been adopted by a bank in its system and runs smoothly. |
PDF Full Text Request