Trusted Computing Model And Its Applied Research In Public Key Infrastructure (pki)

Trust model is the foundation of the whole secure architecture. This paper analyzes the understanding, production and accumulation mechanism of trust research in online electronic transaction community, and introduces a mathematical framework to define trust. Furthermore, this paper analyzes two specific cases: Gaussian trustworthiness and binary critical attributes. Based on comparing three typical trust production mechanisms, the reputation report system is better in online electronic transaction community.According to the research mentioned above, this paper analyzes the BBK trust model whose critical attribute is binary, and indicates its disadvantages: trust failure punishment equals to that of success, which deviates reality; malicious recommendation and unfair phenomenon is serious; trust value fluctuates due to simple arithmetical average algorithm and computation lasts long. This paper proposes an improved model called iBBK, which punishes severely on deceit using punishment factor, cuts down malicious recommendation dangerousness by employing reputation report system, carries out various punishment to entities in different position of the trust path when trust fail, computes combined trust value with weightiness, and. combines local computing and distribute computing to speed up trust path found. Some simulation experiments are carried out to verify our conclusions.In order to introduce iBBK model into PKI system to resolve inflexibility of trust control and much risk of trust, integrity, authentication, no- repudiation guarantee and time stamp services should be satisfied. This paper designs iBBK trust computation engine of PKI combining iBBK trust computing model and trust management model. The PKI environemt including development interface such as PEM and DER encoding and decoding, symmetry cryptography, RSA algrothm, random numeric generate,certificate request PKCS#10 encoding and decoding, X.509 certificate encoding and decoding, digital abstract, digital signature and verifying signature, digital envelope and advance services such as certificate authority and register authority.