| 一种在线CA安全增强方案 |
| |
| 引用本文: | 谭玉玲,张新林.一种在线CA安全增强方案[J].汕头大学学报(自然科学版),2009,24(3):68-72. |
| |
| 作者姓名: | 谭玉玲 张新林 |
| |
| 作者单位: | 罗定职业技术学院电子信息工程系,广东,罗定,527200 |
| |
| 摘 要: | 基于椭圆曲线密码(ECC)和(t,n)门限密码技术,结合先应秘密共享机制,提出一种容侵的认证中心(CA)私钥保护方案.该方案通过(t,n)秘密共享机制把CA私钥分发到t个服务器,并通过先应秘密共享体制进行私钥份额的动态更新,同时结合可验证的秘密共享(VSS)方案,实现CA私钥的容侵保护.利用Java和OpenSSL对系统进行了仿真实现,结果表明,方案比目前基于RSA的同类方案具有更优的安全性和效率.
|
| 关 键 词: | 门限密码学 椭圆曲线密码 先应秘密共享 容侵 CA私钥 |
Security Enhancement Scheme of Online CA |
| |
| TAN Yu-ling,ZHANG Xin-lin.Security Enhancement Scheme of Online CA[J].Journal of Shantou University(Natural Science Edition),2009,24(3):68-72. |
| |
| Authors: | TAN Yu-ling ZHANG Xin-lin |
| |
| Institution: | TAN Yu-ling, ZHA NG Xin-lin (Department of Electrical Engineering, Luoding Vocational and Technical College, Luoding 527200, Guangdong, China) |
| |
| Abstract: | An intrusion tolerant protection scheme of CA private key was proposed basing on the ECC and (t,n) secret shared method and proactive secret shared method. It is ensured that the private key never reunion at any time. In the proceeding of CA generated, delivered and used, even if some part of the CA is broken, the CA private key is still safe. Thus, it ensures the validity of the digital certificate delivered by the online CA. At last, the system was realized by Java and Openssl. |
| |
| Keywords: | threshold cryptology ECC Proactive secret share Intrusion tolerant CA private key |
| 本文献已被 维普 万方数据 等数据库收录! |
|
