Based On The Xkms Key And Certificate Management

Based on X. 509 specification, PKI has been defined maturely and used widely now, which includes a series of technology standards, such as PKCS series ISO/IEC/ITU-T X. 509, PKIX series and WPKI, etc. In this paper, it is called Traditional PKI (TPKI). TPKI is described based on Abstract Syntax Notation One (ASN. 1) and encoded using the Basic Encoding Rules(BER) and the Distinguished Encoding Rules(DER).These cause some problems such as complex deployment, high-cost, difficult interconnection and intercommunication in TPKI, and restrict the use of PKI. In order to resolve the above problems, W3C publishes XML Key Management Specification (XKMS) in 2001. XKMS reduces the complexity of deploying PKI in client, and provides an interoperable security infrastructure for the network applications.The paper analyses the problems of TPKI system and the reason why XKMS can not substitute for TPKI now, expounds the idea, ingredients and founctions of XKMS in details.In this paper, the frame of the key and certificate management system based on XKMS is designed, the system model programming is given, and the main founction modules are encoded and realized. Through testing in the experiment environment, it is proved that the system accords with standard definition and runs stably, and the desired object is achieved.The optimizing scheme in the paper is put forward based on analysis of the system security. The system has so many advantages as cross-platform, portability, extending and security, which can be used as the third party providing the trust services for XML-based application systems in the fields of E-commerce and E-government. The project has a great and wide application prospect.The paper discusses the XKMS application models, puts forward three kinds of PKI application mechanisms which are in XKMS trust domain, between XKMS trust domain and of mixing XKMS with TPKI. Taking the process of customer purchase orders in E-commerce for example, the concrete procedure of implementing security business by XML signature and XKMS service are given. The paper provides realistic reference for PKI application programming based on XKMS.