摘要
本文提出了一种用条件谓词逻辑来表示和推理PKI信任关系的方法。通过区别认证机构(CA)与用户实体的不同,用四个谓词表示不同个体之间的信任关系,并给出关于公钥绑定真实性和CA信任传递的推理规则。认证路径长度和证书策略是对信任关系的限制,将其作为约束条件加到谓词逻辑中更好地反映出现实中的信任。利用条件谓词逻辑,既能够对一个PKI的信任模型进行整体描述,也可从用户的角度对CA的信任度和实体公钥的真实性进行精确推理,弥补了图形法的不足。
In this paper, a conditional predicate calculus logic was proposed for representing and reasoning about PKI trust model. While distinguishing the difference of entities and CAs, four predicates are defined to represent the trust relationships between them, and reasoning rules about the authenticity of entities' public keys and the trustworthiness of CAs are given. Certification path length and certificate policies are constraints of trust, it is reasonable to add them as conditions to the logic. Using our approach, not only a PKI's trust model can be depicted in a whole manner, but also a relying party can precisely reason about the authenticity of entities' public key and the trustworthiness of CAs from his point of view. It offsets the fault of graphic method.
出处
《通信学报》
EI
CSCD
北大核心
2002年第11期14-20,共7页
Journal on Communications