| With the development of information science and technology, electronic business began to flourish and new requirements and problems related to network security appeared. PKI (Public Key Infrastructure) is a framework to solve security problems on Internet and a public key manipulate platform that conforms to existed standards. It is based on cryptography, and constructed by integrating some kinds of related security mechanisms.PKI manipulate public key by digital certificates. It binds user's public key and his identity information to provide an infrastructure to support different kinds of applications. PKI is developing very fast and widely used since it was brought forward. But with its applied range expanding continually, environments that PKI is applied are quite different. CAs(Certification Authorities) are isolated to each other. Lack of abilities to connect different PKIs is perceived as the leading barrier to wide-scale deployment of PKI. Therefore, acquiring interoperability between PKIs that have been deployed by different organizations is critically urgent problem that should be disposed immediately.Existing interoperability models need PKIs to digitally certificate each other or deploy similar negotiation process beforehand. Methods of this kind are complex to be implemented and inefficient. Therefore, a new interoperability model based on delegated certificate validation is proposed. Inter-PKI certificate validation is introduced to achieving interoperability between different PKI domains. The way to implement this model is using a delegated certificate validation server to fulfill the task of certificate path construction and validation on behalf of PKI clients.A simple request-response model is used in communications between users and certificate validation server. That is, the user creates a request and sends it to the server, and then the server creates a response about whether the certificate is valid after the validation process finished. Interoperability is easy to be acquired because no cross-certification is deployed. When certificate path being constructed, priorities of each certificate can be set under certain policies. Then shortest and optimized path can be discovered using Dijkstra algorithm. By employing this approach time of certificates processing is reduced and performance of the server is enhanced.Server side cache mechanism is used to optimize the performance of the server. Mathematic model is constructed to analyze the optimization. In order to meet the requirement of some users that has special response time limits, the requests of them is put to a queue that has a higher priority.
|
PDF Full Text Request