Research On Distributed PKI Technology And Application On Security Email Client System

Along with the rapid development of network applications, such as E-Commerce, E-Government, Online Banking and Online Securities Trading, more and more attention has been paid on information security problems by people. Public Key Infrastructure (PKI) has become a key technology of network security. However, PKI also has its own shortcomings. Since requiring the CA to implement PKI certificate management, and in those without CA's fully distributed network environment, how to build trust management model among the large-scale inter-entities to achieve secure communications between the entities has become a difficult problem.According to the characteristics of non-centralized control domain and non-trusted third party of a distributed network, this paper presents DUCCPKI (Distributed Un-Centralized Control PKI) security system framework. Researching and designing on the trust model include the probability analysis for applications environment of distributed PKI,designing the protocol of requesting signature for the certificate, the method for calculation of trust degree, designing the format of certificate, the management of certificate and the choice of cryptographic algorithm. Based on those thing, I design the DUCCPKI trust model. The mode has effectively solved the problem of trust management problem. Users can more accurately distinguish and determine between on the goodwill and malicious of the users nodes, and thus choose the right trust requirements of the users nodes to communicate with, effectively reduce the probability of a malicious action and improve the communication security. And DUCCPKI framework has been simplified and it has been applied to security e-mail client system. This paper presents overall architecture and the various functional modules(including GUI module, email handling module, certificate management module, configuration management module, cryptographic function module, data storing module) design and development of the security e-mail client system software, In the Eclipse integrated development environment, this paper achieve the security e-mail client system software based on hybrid encryption and signatures. And this software ensures the confidentiality, integrity, and data integrity of the email.Based on this paper, a patent which name is "security mail client system and its methods" has been submitted.