摘要
被动认证是一种保证电子护照芯片数据真实性和完整性的安全机制。国际民航组织(ICAO)推荐使用CA-PKI体系来实现其功能。本文介绍了Doc9303规范中的被动认证,分析了其实现方案的不足;利用基于身份公钥密码学的Hess签名方案,设计了一种新的基于身份签名的电子护照被动认证实现方案。该方案克服了传统PKI技术产生的管理证书复杂、需要大量存储空间、成本高、效率低等缺点。
Passive Authentication (PA) is a security mechanism that ensures the chip data authenticity and integrity of epassport. This paper introduces PA and its implementation scheme,a customized CAPKI scheme which is recommended by International Civil Aviation Organization (ICAO) in Doc 9303, and analyzes the drawbacks of this scheme. Then an identitybased signature based on Hess' scheme for passive authentication is proposed. The drawbacks of the ICAO CA-PKI scheme such as complex certificate management, resources waste in storing certificates, high cost and low performance will be overcome in our proposed scheme.
出处
《计算机工程与科学》
CSCD
北大核心
2009年第7期25-28,共4页
Computer Engineering & Science
