| With the coming of globalize new economy age, electronic business is in everywhere of whole life, then the security problem of internet becomes serious. Public Key Infrastructure (PKI) is base and core of network security and Certificate Authority is also key function department of network information security. But lots of CA centers base on different quality certification system, of which PKI may use different structure, different security strategy and different key algorithm system. More complicated and inefficient is cross authentication among different CA. The target of this task is to build a trans-domain authentication platform based on PKI/CA, through a flexible system to realize efficient connection between different CA.At present, there are many kinds of trust model, cross certificate published by different CA that has same trust model, and that published by different CA which has different trust mode. The structure of trusting path is so complicated that even the path can not be established, which serious jammed the normal process of cross authentication. At the same time, certificating need to be from authenticating certificate to root certificate level by level. Although this way can make sure the validity of certificate, it is so inefficient if each certification goes through this way. Besides every CA must manage so many cross certificates, which increases the cost of CA operation.Basing on the research of PKI/CA system, the author analyze that there are five kinds of CA trust models: tree model, mesh model, bridge model, hybrid model, WEB model. Through researching structure of certificate link and the authenticating way, in the mean time comparing existing cross authenticating mode, this paper brings cross area authenticating mode based on PKI/CA: With this model integrating different root certificate, certificate path, OCSP, CRL, LADP from different area, which is operated by different company in this cross area platform. In each area CA can select any trust model to build trust system. Authenticating between different areas also can process through this platform without building trust path, only validate the certification of ending node in the area by using the certificate of former level node from database in this platform, no need to authenticate until root CA. The last, author designs and realizes the whole system: authorization management module, trust CA management module, online certificate authentication module. After the system testing, it accomplishes cross authentication between different CA, which approves this scheme is doable and realizable.The paper realizes trans-domain authentication platform based on PKI/CA in base of existing 5 CA trust model, which provides new road and operation area for interconnection of different CA. |
PDF Full Text Request