B / S System In The Application Of Public Key Certificates

In today's enterprise information system, all computers are connected with each other. Public Key Infrastructure (PKI), defines public key certificate through which the security problems of authentication, confidentiality, integrity and non-repudiation can be solved, thus network applications can achieve security assurance. However, public key certificate can not function so much as what people hope. PMI (Privilege Management Infrastructure) which defines attribute certificate provides a solution to specific applications associating with privilege authorization, role based access control, and privilege delegation and etc. In the framework of PMI, privilege included in attribute certificate can be created, distributed, stored, managed, and revoked. The combination of PKI and PMI provides a perfect solution to authentication, communication security (such as information confidentiality, information integrity, non-repudiation) and privilege management. It is a best support to industry applications or large organizations' applications. Considering running costs and security requirements, the deployment of PKI and PMI is worth it.Because of public key certificate providing strong proof of a user is who he claims to be, it becomes a trend of authentication. But in small organization's B/S based applications, it is not suitable for deploying PKI and PMI according to its large costs. Since the privilege management in such applications is not complicated, PMI can be substituted by putting holder's privilege attribute into the extensions of public key certificate. By using such a certificate including privilege extensions, we can obtain authentication, information encryption, and get the holder's particular privilege using which, according to the access control mechanism, to achieve reasonable access over resources. A model of using such mechanism in such applications is provided which contains authentication, policy center and access control mechanism.Users are identified by public key certificate. Policy center sets down practicable access control policies of resources which must be in control. Access control mechanism obtains user's request, and decides whether the required resource can be accessed or not by the user according to the privilege contained in public key certificate and access control policies.This model and its implemented mechanism are universal applicable, and has great significance in applications of such environment requiring authentication and simple...