摘要
为了提高可信第三方证书授权中心(certificate authority,CA)对数字证书的管理效率,提出了一种基于NTRUSign签名算法的多证书公钥基础设施(multi-certificate public key infrastructure,MCPKI)。对证书中所使用NTRUSign签名算法公钥的部分系数进行哈希运算,并在此基础上补全剩余系数得到一个新的公钥,然后依次循环此操作,将这些公钥对应的证书形成证书链,并将证书链应用到MCPKI场景中。该方案的提出为CA在数字证书的管理问题上提供了一种新思路,用户只需向CA申请一次,便可拥有证书链上的全部证书。与传统的公钥基础设施(public key infrastructure,PKI)相比,MCPKI实现了CA对证书更加高效的管理。在MCPKI中,不仅可以自发地进行证书替换,而且实现了证书的自签发与自撤销。
In order to improve the management efficiency of digital certificate of trusted third party:certificate authority (CA),this paper presented a multi-certificate public key infrastructure which was based on the NTRUSign signature scheme.This scheme hashed some coefficients of public key of NTRUSign,and completed the remaining coefficients of it to get a new public key.Then this scheme circulated the operation above and formed a certificate chain,which could apply to the MCPKI scenario.This scheme provided a new idea for the management of digital signature for CA.Users only need to apply to the CA once,then could have all the certificates on the certificate chain.Compared with traditional PKI,MCPKI achieved a more efficient management of certificate for CA.The scheme of MCPKI not only replaces the certificates spontaneously,but also realizes the self-signed and self-revoked of the certificate.
作者
李子臣
梁斓
孙亚飞
杨亚涛
Li Zichen;Liang Lan;Sun Yafei;Yang Yatao(School of Telecommunications Engineering,Xidian University,Xi'an 710071,China;Beijing Institute of Graphic Communication,Beijing 102600,China;Beijing Electronic Science & Technology Institute,Beijing 100070,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第8期2421-2424,共4页
Application Research of Computers
基金
国家自然科学基金资助项目(61370188)
北京市支持中央高校共建项目-青年英才计划项目
中央高校基本科研业务费专项资金资助项目
关键词
证书链
证书授权中心
NTRUSIGN
数字证书
公钥基础设施
certificate chain
certificate authority center
NTRUSign
digital certificate
public key infrastructure
