Unified Management Platform Of Digital Certificate Based On PKI

With the rapid development of information, the network continuously penetrates into every corner of people’s life, study and work, but network brings great convenience to people, at the same time all the privacy information and false information of events occur repeatedly, so the theme of the information age is security. Private operation, such as online trading, has been widely in modern times used digital certificate of PKI system for encryption and authentication to ensure its safety.In the online trading, digital certificate determines the security of user information and property, so it is very important to the management of the digital certificate.In the traditional PKI system, the digital certificate used in online transactions, the certificate application platform will only face a reputable third-party CA to verify whether the digital certificate used in online transactions is listed in CRL or whether its latest status is revoked or freezed. When a digital certificate of user is revoked or freeze, certificate application platform makes a revoking or freezing request to RA, and at this time because of packet loss and timeliness of CRL this digital certificate is actually invalid, but still can be use, so it will be a threat to users’personal property.Meanwhile, now most of all the application platforms of digital certificate online basicly use the digital certificate of1024-bit RSA. And according to the secret bureau’s latest request, the digital certificate of1024-bit RSA is a potential danger.On the other hand, according to our country "electronic signature law", the digital certificate of the user and the bank should be signed by authoritative reputable third-party CA. But there are still some banks that don’t use the digital certificate signed by authoritative reputable third-party CA, such as ICBC, CCB and ABC of China’s four big state-owned Banks, but through CA self-built and RA to sign.Based on the above various reasons, in order to achieve safety, accuracy, consistency, broad applicability of the digital certificate management, this paper presents a unified management platform of digital certificate (hereafter referred to as UDCMP). To ensure the security of the system,the platform uses the SSL two-way channel authentication encryption, and digitally signs the operation of digital certificate to verify who is operating and to guarantee data integrity, and supports2048-bit RSA algorithm at the same time; So as to ensure the accuracy of the system, The platform can be deployed in the local LAN of digital certificate application platform, the status of digital certificate can be known through the local validation of local database; To ensure the consistency of the system, this platform can manage digital certificates of1024-bit and2048-bit RSA, and can manage soft certificate and certificate of USBKEY, and can manage personal ordinary certificate, enterprise’s common certificate, and the web server certificate; So as to ensure broad applicability of the system, this platform can be used as RA system that connects CA, and can also serve as a CA, the system can be deployed on different middleware, to meet the different user groups.This paper firstly makes a demand analysis of UDCMP according to the current situation of the management for the digital certificate, and then according to the demand of system makes a further study of the design and realization of UDCMP, finally performs system testing, to confirm that the UDCMP achieves safety, accuracy, consistency and broad applicability.