Specification Based On Pki Ca System Design And Realization

With the development of technologies of computer and communication, the computer plays a more and more important role in people's life and work. Now the e-commerce becomes popular and widespread. The technologies of computer and information changed the style of human being's lives and promoted the efficiency of the business, however they also exposed some weaknesses to the people who want to commit a crime.In order to solve all security problems of information and network, the experts and professionals in computer security area have came up with a lot of security standards and technologies, such as firewall systems, intrusion detection systems and so on, which of all are important technologies to protect the security of computer system from intruding. Because the Internet is open and the protocol of Internet has flaws of security, in order to ensure that the data transferred through Internet are secure and integrated the experts have done much research work. At present, there are relative technologies to each specific layer of Internet protocol. IPSec protocol defines encryption, authentication and key management routines for ensuring the privacy, integrity and authenticity of data in the IP layer as the information traverses public IP networks. The SSL Protocol is to provide privacy and reliability in the transfer layer between two communicating applications.There must exist some infrastructures to provide security application with some supports. PKI(Public Key Infrastructure) is an important part that constitutes the infrastructure of information security, and is also an infrastructure that can apply to network security environment. The PKI technology makes use of the public key theory and technology to provide information security services. Public key is a widely used cryptographic principle now. In this principle, the encrypt key and the decrypt key is not the same. The sender of information encrypt the data using the public key of the receiver, and then the receiver decrypt the data using his private key. The public key principle can not only ensure the security of information but also guarantee non-repudiation of trade. The critical parts of PKI consist of the certification authority (CA), registration authority (RA), key manager(KM). Since PKI is a common infrastructure that provides information security services, it is considered as an excellent system that guarantees thesecurity of information. How to popularize application of PKI and improve the interoperation between the different PKI systems becomes an urgent problem.As we said above, it is constructive and important for us to implement and use the certification authority based on PKI specification to solve the security problems, such as the security of data transfer, the integrality of data, authentication of identity, the non-repudiation of trade and so on.In this paper, we analyzed the design and implementation of a certificate system, which based on PKI specification and PKCS protocol, and the structure of certificate system is hierarchal. We adopted many efficient methods to deduce the couple of component of system as possible as, so we can make the system more interoperable, extensible and maintainable.