| The rapid development of the Internet and electronic commerce has greatly changed people's life style and working. Meanwhile,it brings many security problems. Therefore security service is becoming a basic service in the Internet and electronic commerce. The infrastructure which can provide security services is called Public Key Infrastructure (PKI).The purpose of PKI is to make it easy for entities to use public-key cryptography.PKI is a set of useful services provided by a collection of interconnected components,these Components work together to provide public-key-based security services to applications and users. PKI provides three kinds of services that are valuable to Internet and e-commerce. Firstly,it provides privacy for data. Secondly,it provides authentication of entities. Finally,it provides integrity for data. This paper first describes the fundaments of PKI,including the knowledge of cryptography,the components of PKI,the services provided by PKI,the structure and standards about PKI. Then the paper discusses the CA trust model,we will mainly describe four popular trust models,their advantage and disadvantages,and the certificate path in the trust model.Certificate Authority is the key component of PKI. which is responsible for issuing Public-key certificates to users. PKI is the data structure which bind the identity of entity with its public-key. So next,this paper discussed the design and implementation of certificate authority. Based on the analysis of many CA systems,we have designed and implemented a certificate authority,which has the full capability of certificate and key management. The design of the CA system follows the common International certificate standards,and has good scalability. In the end of this paper,we also discussed the operation requirements of certificate authority. Certificate authority,certificate holders and users that rely on the certificate all have corresponding responsibilities and obligations in the real life. |
PDF Full Text Request