基于PMI的虚拟专用网的架构设计

Designing a Framework for PMI based Virtual Private Networks (VPN)

虚拟专用网(VPN)作为一个广泛应用的技术,隧道传输安全性与用户认证是关系到虚拟专用网安全的两个核心内容。传统的基于用户名和密码的认证措施容易发生被窃取的情况,另外VPN本身对权限的等级分配也未作考虑,需要其他技术的支持。而特权管理基础设施(PMI)作为认证与授权的一个新型的以PKI基础建立的技术,正好满足VPN对用户管理的需求。本文提出的基于PMI的VPN架构,具有较好的应用价值。

Virtual Private Network (VPN) as a popular application in enterprise internet working, its tunnel security and user authentication are the main considerations. The traditional user/password authentication policy is vulnerable. Furthermore, VPN itself takes little consideration to privilege management; it needs other additional technologies' support. Privilege Management Infrastructure (PMI), as a PKI based authenti- cation and authorization technology, just satisfies the need for VPN user management. This article intro- duces a PMI based VPN infrastructure, which is a valuable solution for secure VPN applications.