| With the rapid development of electronic commerce and electronic government affairs in recent years, people pay more and more attention to network security problems. As the cornerstone of internet information security, public key infrastructure, which based on RSA public key cryptographic algorithm, gets rapid progress. At the same time, it’s also faced with many defects and deficiencies, such as the questions of certificate revocation, crossing authentication and so on. Identity-based encryption is a kind of new public key cryptosystem, which is being widely studied present. Compared with traditional public key infrastructure, identity-based encryption withdraws the use of digital certificate and gets public key from identity information. It simplifies the use and management of the public key greatly. However, identity-based encryption is still in the stage of theory research, and it’s hard to implement some schemes. Thus, it’s very significant to do some research about information security technology of combination of identity-based encryption and public key infrastructure.The paper deeply studies and analyzes the related technology of public key infrastructure and identity-based encryption. Then it puts forward two schemes of combination of identity-based encryption and public key infrastructure.Firstly, the paper deeply analyzes the Boneh-Franklin structure model of the identity-based encryption. And it designs and realizes a kind of secure communication protocol between client and server, which is based on SSL protocol. This secure communication protocol is a important part of combination application system of identity-based encryption and public key infrastructure. Secondly, according to the theory of public key cryptography standard PKCS#7, the paper constructs related media certificate between both communication sides. And it also creates a mapping relationship between RSA keys of the media certificate and IBE keys. Then, it designs and realizes a kind of identity-based encryption system based on media certificates. All of the RSA keys of encryption and decryption procedures are replaced by IBE keys internally. Thus, identity-based encryption is embedded in public key infrastructure transparently. And then, the paper designs and realizes a kind of identity-based encryption system based on fake RSA key. The system replaces RSA keys of public key infrastructure by IBE keys. Unlike identity-based encryption based on media certificates, all of the RSA keys of encryption and decryption procedures are padded by IBE keys. In addition, similar to the identity-based encryption based on fake RSA key above, the paper designs and realizes a kind of elliptic curve cryptosystem based on fake RSA key, as the extended application of fake RSA key. It’s different from identity-based encryption that all of the RSA keys of encryption and decryption procedures, signature and signature verification procedures are padded by ECC keys in the application. Lastly, the paper makes some test and analysis for system mentioned above, in order to verify the correctness and feasibility of the schemes.The paper provides an application method for the two new kinds of public key algorithms, identity-based encryption algorithm and elliptic curve algorithm. It makes that general operating systems and relative application systems support the two new kinds of public key algorithms. |
PDF Full Text Request