Research Of Partition-based PKI Cross-Domain Authentication

With the continuous development of e-commerce, e-government and Internet, Network security issues are also more and more attention has been paid. How to secure communication in an open network environment is the main problem. Public Key Infrastructure (PKI) provides an effective way to solve the above problem, with continuous development, PKI technology has become more sophisticated and perfect, mainly proposed in the relevant standards and improvement, the growing popularity and improvement of all kinds of CA Center. But PKI still faces serious challenges. The core of the problems is to solve the interoperability between different PKI architecture and how to function efficiently. The concrete manifestations of these problems are:Interoperability of the PKI-domain authentication, build Digital certificate path quickly and Deal with the relationship of trust between the CA. Relationship of trust Digital certificate path processing and PKI interoperability issues are the main problem of the research of PKI trust model.In this paper, in-depth study of several common PKI trust model to point out their advantages and disadvantages. In order to meet the ever-expanding demand in PKI, a partition-based trust model has been proposed. Zoning trust model introduce the improved Chrod Resource Locator model. Divided according to geographic location in the Chrod ring partition, each partition contains a number of trust domains, the trust transfers with the CA node Chrod ring between each partition, so that trust is relatively easy to join in, greatly improve the trust model scalability and interactivity.The processing of the certificate trust path cannot be separated from the trust model, different trust model should adapt to the structural features of the model it self's certificate processing program. In this paper, combined with some of the existing trust model certificate path processing solutions, combined with the proposed partition-based trust model, obtained the model certificate path processing program. In the process of certificate path, using an improved bidirectional Chrod resource location algorithm for the partition orderly features and Chrod ring structure characteristics, eliminating the certification path processing algorithm has a number of candidate paths and maybe has circuits in the other models, the certificate path processing efficiency has been improved, thereby the efficiency of PKI application has been increased.