摘要
基于PKI(public-keyinfrastructure)的分布式信任模型能够更好地保证分布式系统的安全性.作为信任路径的载体,数字证书格式的差异性可能对不同信任域实体之间的信任路径的可用性产生影响.提出了证书格式兼容性的概念,并以此为基础分析了证书格式差异对证书有效性验证的作用方式.在桥CA(certificateauthority)的基础上,提出一种兼容性较高的分布式结构的信任模型,能够消除证书格式兼容性问题对不同信任域实体之间实现互连的干扰.
Distributed systems could be more secure with distributed trust model based on PKI (public-key infrastructure). The format of certificate may be different among different PKI systems. Those differences may disturb some applications performing verification of the certificate chain. In this paper, how those differences work during mutual verifications is analyzed with the new concept "certificate-format-compatibility". Moreover, a new distributed trust model based on bridge CA (certificate authority) with high compatibility is designed out. Using this trust model, the mutual connections between entities in different trust domains would not be affected by the different certificate formats.
出处
《软件学报》
EI
CSCD
北大核心
2006年第8期1818-1823,共6页
Journal of Software
基金
国家自然科学基金
国家重点基础研究发展规划(973)~~
