Application Research Based On PKI/PMI In Security Authentication System Of Collaborative Business

Collaborative business is a new commerce mode emerging under the background of the global economy integration and the rapid development of information technology. It requests data applications and exchanges among different platforms and different transactions between cooperative enterprises and clients. Because cooperative enterprises and clients are located dispersedly, the distributed network environment makes it a difficult problem for cooperative partners to authenticate and authorize each other.Public key infrastructure (PKI) provides identity authentication of network entity in the form of public key certificate and has become an indispensable security support system in network applications. However, single identity authentication has not been able to meet the demand of applications in collaborative business and security system requires a means to determine the entity's privileges. As the logical development of PKI, privilege management infrastructure (PMI) provides privilege management in the form of attribute certificate and also provides a new way to solve the problem of privilege management in distributed environment. In recent years, PMI has gradually become a hotspot in the research field of network security. Nowadays, PMI research is mainly focused on the establishment and implementation of the standards, but the applicable products are lacked.The paper begins at the characteristics of security requirements in collaborative business, introduces a few kinds of network authentication solutions in common use and analyzes their advantages, disadvantages and applicable environments. Then, the paper discusses PKI and PMI detailedly, points out the disadvantages of PKI in privilege management and analyzes the structure, common model and role model of PMI. As a emphasis, the paper discusses the implementation mechanism of PMI—attribute certificate (AC) and compares some relevant concepts in PKI and PMI. Founded on the analyses and discussions above, the paper presents a double-certificate authentication system based on PKI and PMI by reference to the role concept in RBAC. The system achieves identity discrimination and authorization by means of PKI certificate and AC. The CRL problem in PKI is effectively avoided by way of setting a short-validity AC in the system. Finally, based on the LDAP technology, a small certificate server system of an AA is established, which has the function of certificate storage and downloading. In this paper, the designs and implementations of other subsystems are also constructively discussed.