| On the count of the rapid development for network information technology and unceasing prevalence of Internet, information confidentiality, data integrality,identity authentication and undeniableness have been becoming more and more significant when transmitted in the overall network. PKI, obeying interrelated standards, which can provide network applications with encryption services, is a complete resolution to information security. With the authority, trustiness and justness for third object, CA has been the core of PKI and served as the function of making the entity authenticated by sending the digital certificates to bind each entity with its public key information securely.CA based on PKI is discussed in the dissertation, including basic theory,infrastructure and standards of PKI. Additionally, CA objectives and functions are also analysed. Followed, a CA system based on PKI is designed and realized. Compared to the other CA systems, smart card,SSL and role-based access control model(RBAC) are used in the CA system. Smart card is used as the storage and management carrier of the CA root private key, SSL is used to establish secure communication between modules, and RBAC is used to control system access, so the system is more secure. Also, considering the campus network, the ring CA trust model, an improved trust model, is used in the system which can reduce the length of trust path and the times of across authentication.The CA system based on PKI is analysed and designed by the thoughts and methods of software engineering, and finally realized by using of .NET platform and openssl open source software kit. The system is a basically perfect CA by providing the following services, such as downloading and installation root certificate, requiring certificates, issuing certificates, certificates revocation etc. And the CA system has good openness by the certificate obeying X.509 standard. |
PDF Full Text Request