Research, Based On The Pki Network Security Authentication Technology

Public Key Infrastructure (PKI) is considered as the fundamental base for network security construction. Saying from the theory, PKI adopts certificate to manage public key, and that it binds users' public key and other identifier information to authenticate users in Internet, which can ensure the security of transmission and exchange during electrical commerce or government affairs. The study of the PKI can decrease the security menace. Saying from the practice, compared with other authenticate technology, PKI has applied future broadly because of the advantages such as high security, general theory and easy to combine with electrical commerce and government affairs and electrical commerce.PKI is the basic measure to provide Internet security service using public key certificate. Authentication is required for the reason that certificates may be revoked before expiration because of secret key compromised and affiliation changed etc. Certificate Authority uses certificate revocation mechanism to distribute certificate status information. The distribution is the key factor in developing a large scale PKI that costs so much. So many experts are now busy doing the research.The core of the paper is Certificate Revocation Mechanism. After analyzing many CRL mechanisms and pointing to the CRL documents big-increase problem, the paper proposes a new method with which it can compress the CRL. This method chains certificate number by setting a bit. Experiment and analysis indicates that this method is provided with excellent result. The larger the data, the more evident the advantage.CRT is an alternative revocation mechanism, which alleviates the process load involved in LDAP as well as the communication load involved in CRL, while it has an extra computational overhead in additions and deletions of nodes from tree. The author designed a new certificate revocation tree which keeps the good properties of CRT that it is easy to check and prove whether a certificate is revoked which only needs the related path values but not the whole CRT and overcomes the disadvantage of CRT that any update will cause the whole CRT to be computed completely.