摘要
信息安全是信息化推进的重要保障,面对智能电网带来的安全风险和挑战,国家电网公司需要建立全网的安全认证体系,来保证数据的可靠性和保密性。分析了国家电网公司公钥基础设施/认证中心(PKI/CA,Public Key Infrastructure/Certificate Authority)体系的架构,提出了各组成部分的功能和部署模式,对于已建 CA 系统的网省公司采取"入根"方式形成统一信任域。提出了建设企业级 PKI/CA 系统的几个关键性问题,针对国家电网公司的特点,重点研究了 PKI/CA系统的安全区域划分,数字证书库的部署等核心建设问题。
Information security is vital in the process of informationization. Smart grid brings new security risks and challenges. State Grid Corporation of China builds a security authentication system to guarantee the reliability and privacy of data. This paper analyzes the architecture of the PKI/CA (Public Key Infrastructure/Certificate Authority) Authentication System of State Grid Corporation of China, and introduces functions of different compos- ing parts and the deployment model. Existing provincial CA systems are imported into the root CA to build a uni- fied trust domain. Several key questions in the construction of enterprise PKI/CA systems are raised and discussed. According to the characteristics of State Grid Corporation, some important issues of security area division of PKI/ CA system and the deployment of digital certificate database are studied.
出处
《电力信息化》
2011年第3期8-11,共4页
Electric Power Information Technology
关键词
PKI/CA
认证体系
数字证书库
PKI/CA
authentication system
digital certificate database
