Attribute Certificate And Applied Research

PKI (Public Key Infrastructure) technology is the most efficient way to settle the security problems in the e-commerce and e-governance at present. Based on public key certificate, PKI can solve the trust problem between entities in the network and provide such safety services as authentification and security. But there exists another major problem in network application which PKI can not cope with effectively, the access control of network resources. Accordingly PMI (Privilege Management Infrastructure) based on AC (Attribute Certificate) is put into use. AC is a special digital certificate which contains attributes of certificate entities including group, role and privilege control, and this certificate provides good solutions for privilege management.The paper first introduces the concept, theory, technological development and application of AC. The implementation and application of PMI based on AC is also analyzed and discussed here. After detailing the structure, definition, application characteristics and operation modes of ACs, an AC Management System is designed and implemented. The system is the core of PMI with functional modules of AC management, including applying, generating, revoking, querying and updating. Application-oriented AC parsing middleware and the management on definition of correspond policies are also presented in the system. It can supply some idiographic application with privilege management and access control.Secondly, the paper analyzes the mechanism and application of RBAC. On the basis of AC Management System above and combined with RBAC, ACBAC(AC-Based Access Control), an improved RBAC framework based on AC is introduced. It covers the strong merits of PKI, PMI and RBAC. What's more, it supplies the privilege allocation scheme of role-based fine granularity. It is of great importance to deal with the problem of identity authentication and privilege allocation in distributed network environment. The paper designs and implements a simulation system of ACBAC to verify the validity of the logic model in the actual application.Finally, the paper summarizes the key techniques in the application of AC and it pointes out related work to be finished in the future.