PKIIs a new security technology, which consistsPublic KeyCryptographic technology, digital certificates, certificate issuing authority (CA), and security policies for public keys. PKI is a system that uses public key technology to implement e-commerce security. It is an infrastructure that ensures security through network communication and online transactions. In a sense, PKI includes securityAuthenticationThe CA/RA system is an indispensable component of PKI.
PKIPublic Key Infrastructure) the public Key Infrastructure is a system or platform that provides public Key encryption and digital signature services to manage keys and certificates. An organization uses the PKI framework to manage keys and certificates to establish a secure network environment. PKI consists of four parts: Certificate X.509 V3 in X.509 format, CRLX.509 V2 in certificate abolition list), CA/RA operation protocol, CA Management Protocol, and CA policy formulation. A typical, complete, and effective PKI application system must have at least the following components:
1. CA is the core of PKI. CA is responsible for managing certificates for all users including various applications under the PKI structure, and bundling users' public keys with other user information, to verify the identity of a user on the Internet, the CA is also responsible for the blacklist registration and blacklist publishing of the user certificate, followed by a detailed description of the CA.
2. The X.500 Directory Server X.500 Directory Server is used to publish user certificates and blacklist information. Users can query their own or others' certificates and download the blacklist information through the standard LDAP protocol.
3. security WWW servers with high-strength cryptographic algorithms (SSL) are exported to WWW servers in China, such as Microsoft's IIS and Netscape's WWW servers, its RSA algorithm has a maximum modulo length of 512 bits and a symmetric algorithm of 40 BITs, which cannot meet high security requirements. To solve this problem, using the proprietary SSL security module developed by the Institute of network information security of Shandong University, the SSL security module uses the self-developed SJY series cryptographic devices, the SSL module is integrated into the Apache WWW server. The Apache WWW server shares more than 50 of the WWW server market, which is highly portable and stable.
4. web security communication platform) the Web Client and Web Server are installed on the Client and Server respectively, the SSL protocol with high-strength cryptographic algorithms ensures the confidentiality, integrity, and authentication of client and server data.
5. self-developed security application systems refer to various specific application systems developed by various industries, such as banking and securities application systems.
The complete PKI includes the establishment of authentication policies, including the following technical standards, the relationship between the upper and lower levels or the same level between CAS, security policies, security levels, service objects, management principles and frameworks, etc) the establishment of authentication rules and operating systems, the content of the legal relationships of all parties involved, and the realization of technologies.
- PKI Basic Content 1)
- PKI basic content 2)
- Introduction to PKI 3)
- Introduction to PKI 4)
- Introduction to PKI 6)