Introduction to PKI (5)

Source: Internet
Author: User
Tags ldap protocol

PKIIs a new security technology, which consistsPublic KeyCryptographic technology, digital certificates, certificate issuing authority (CA), and security policies for public keys. PKI is a system that uses public key technology to implement e-commerce security. It is an infrastructure that ensures security through network communication and online transactions. In a sense, PKI includes securityAuthenticationThe CA/RA system is an indispensable component of PKI.

PKIPublic Key Infrastructure) the public Key Infrastructure is a system or platform that provides public Key encryption and digital signature services to manage keys and certificates. An organization uses the PKI framework to manage keys and certificates to establish a secure network environment. PKI consists of four parts: Certificate X.509 V3 in X.509 format, CRLX.509 V2 in certificate abolition list), CA/RA operation protocol, CA Management Protocol, and CA policy formulation. A typical, complete, and effective PKI application system must have at least the following components:

1. CA is the core of PKI. CA is responsible for managing certificates for all users including various applications under the PKI structure, and bundling users' public keys with other user information, to verify the identity of a user on the Internet, the CA is also responsible for the blacklist registration and blacklist publishing of the user certificate, followed by a detailed description of the CA.

2. The X.500 Directory Server X.500 Directory Server is used to publish user certificates and blacklist information. Users can query their own or others' certificates and download the blacklist information through the standard LDAP protocol.

3. security WWW servers with high-strength cryptographic algorithms (SSL) are exported to WWW servers in China, such as Microsoft's IIS and Netscape's WWW servers, its RSA algorithm has a maximum modulo length of 512 bits and a symmetric algorithm of 40 BITs, which cannot meet high security requirements. To solve this problem, using the proprietary SSL security module developed by the Institute of network information security of Shandong University, the SSL security module uses the self-developed SJY series cryptographic devices, the SSL module is integrated into the Apache WWW server. The Apache WWW server shares more than 50 of the WWW server market, which is highly portable and stable.

4. web security communication platform) the Web Client and Web Server are installed on the Client and Server respectively, the SSL protocol with high-strength cryptographic algorithms ensures the confidentiality, integrity, and authentication of client and server data.

5. self-developed security application systems refer to various specific application systems developed by various industries, such as banking and securities application systems.

The complete PKI includes the establishment of authentication policies, including the following technical standards, the relationship between the upper and lower levels or the same level between CAS, security policies, security levels, service objects, management principles and frameworks, etc) the establishment of authentication rules and operating systems, the content of the legal relationships of all parties involved, and the realization of technologies.

  1. PKI Basic Content 1)
  2. PKI basic content 2)
  3. Introduction to PKI 3)
  4. Introduction to PKI 4)
  5. Introduction to PKI 6)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.