摘要
本文详细分析了基于身份的公钥加密体制(IBE)较PKI在XKMS方面的应用优势,提出了一个面向IBE的XKMS服务体系——IBE-XKMS,阐述了系统管理、身份认证、密钥生成、密钥管理等模块的功能架构以及系统服务的逻辑关系,设计了4类IBE密钥服务,除实现基本的XKMS密钥操作接口外,还设计了支持零客户端安全应用开发的数字信封和数字签名等服务接口,为下一代网络开发环境提供了一个完整的IBE密钥管理服务解决方案。本文实现了一个IBE-XKMS原型系统,并给出IBE-XKMS和PKI-XKMS在密钥服务响应时间和SOAP消息通信量等方面的测试结果,测试结果体现了IBE-XKMS的性能优势。
In this paper,the differences between PKI and identity-based encryption(IBE) are firstly analyzed,and the advantages of building XKMS infrastructure for IBE are in detail discussed.An XKMS-like service architecture for IBE,named IBE-XKMS,is then proposed,and the modules of system management,identity authentication,key generation and key management are designed,as well as the service component logic relationships are described.Next,the key management service interfaces of four categories are proposed.Besides the basic XKMS services,IBE-XKMS also provides two types of key involved operations to implement the IBE encryption envelope and signature service,which can be utilized to develop some IBE-enabled secure web application without code on client.It is noted that IBE-XKMS provides a service framework with full IBE application supported for the next generation network of web service.At last,a prototype of IBE-XKMS is developed,on which the tests on the service response performance and the SOAP message communication cost are conducted,comparing with that of PKI-enabled XKMS.
出处
《电信科学》
北大核心
2010年第7期22-31,共10页
Telecommunications Science
基金
国家"973"计划基金资助项目(No.2010CB328106)
国家自然科学基金资助项目(No.60773115)
软件开发环境国家重点实验室开放课题(No.SKLSDE-2009KF-2-01)
