The Research Of Trust Model For Enterprise Certificate Authority Based On Web

Public key infrastructure (PKI) is the foundation and focus of construct for network security presently. The key component of PKI is certification authority (CA).CA is one of the hotspots of current security researches on network, and its implementation is of significant practical value and social value. So this paper presents a trust model for enterprise certificate authority based on web.The research model is based upon enterprise certificate authority, which provides digital certificate service for enterprises. In the closed enterprises, the enterprises own CA system is easy to connect with other application management system to avoid the problem of interoperability. In the case of large personnel flow, the model system has good controllability. timeliness, flexibility. It oriented to the internal staff, which does not include external staff. It does not require interaction with the external certification, so it reduces the difficulty of system development. Because of the centralized users, the model system reflects its superiority in the system management and training. Its scale is not large, so reducing the cost of implementation. The model system is linked not only by local users, but also by the internet users, so we can realize the distributed authentication.In this paper, the topic introduces background of trust model for enterprise certificate authority based on web,and puts forward corresponding construction requirements. The topic analysis safety requirements of the working model, and proposed overall design of the model construction. The model has three parts, which includes CA. RA. and the client. Focuses on the certificate application. audit, download, update, revoke and so on. The paper applies the trust model for enterprise certificate authority based on web to the enterprise management system, including certificate login mode and rights management. Users login system with the PKCS#12digital certificate, which issued by administrator. We abandon the tradition authentication mechanism, which based on the username and password. At the same time, the system ensure the confidentiality of information, the integrity of the information, non-repudiation of the information. the authenticity of user identity; After users login system, the system will get the certificate serial number, and the number is unique value. System carries out privilege management by authority binary stream. The system realized functions of the WebCertocx system and the application extension. It has a practical user-friendly design, good scalability, and development prospect is broad. The system deficiencies:the user private key is stored on the hard drive, without on smart card (IC card or USBKEY); the safety of the system is not high.