| 基于服务端密钥存储的网络计算机数字证书系统 |
| |
| 引用本文: | 谭智勇,司天歌,戴一奇.基于服务端密钥存储的网络计算机数字证书系统[J].清华大学学报(自然科学版),2007,47(7):1208-1211. |
| |
| 作者姓名: | 谭智勇 司天歌 戴一奇 |
| |
| 作者单位: | 清华大学,计算机科学与技术系,北京,100084 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 为了解决在网络计算机系统中部署数字证书系统时存在的终端实体对私钥数据的存储需求和网络计算机无本地存储特性的矛盾,提出一种基于服务端密钥存储的网络计算机数字证书应用系统的设计与实现方案。该方案基于公钥基础设施体系架构,采用了随机数、"盐"和多轮迭代等手段保证系统的安全性,并且通过在客户端进行密钥生成和加解密操作的方式实现了系统的可扩展性。系统实现的结果表明:由于无需借助外部密钥存储设备,该系统在保证安全性和可扩展性的同时,实施复杂度和成本均降低。
|
| 关 键 词: | 数字证书系统 公钥基础设施 网络计算机 安全性 |
| 文章编号: | 1000-0054(2007)07-1208-04 |
| 修稿时间: | 2006年4月24日 |
CA system in network computer environment based on server-end private-key storage mechanism |
| |
| TAN Zhiyong,SI Tiange,DAI Yiqi.CA system in network computer environment based on server-end private-key storage mechanism[J].Journal of Tsinghua University(Science and Technology),2007,47(7):1208-1211. |
| |
| Authors: | TAN Zhiyong SI Tiange DAI Yiqi |
| |
| Abstract: | A design and implementation scheme was devised for a certificate authority(CA) system in network computer environments based on a server-end privatekey storage mechanism to solve the conflict between private-key storage demands of the end-entity and the nonstorage character of network computer systems.The scheme was based on the public key infrastructure(PKI) architecture with system security achieved by various means such as random numbers,salt,and multiple round iterations.The scheme also ensures system scalability by assigning key derivation and encryption/decryption operations to the client-end.System implementation tests show that the system complexity and cost are reduced without impairing system security and scalability because external private-key storage equipment is not needed. |
| |
| Keywords: | certificate authority(CA) system public key infrastructure(PKI) network computer(NC) security |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
