一种基于缓存的快速PKI认证模型

在大规模PKI系统中跨域建立证书信任时,为提供高效的证书路径发现及认证算法,基于缓存机制提出了一种系统、灵活的认证框架.该框架模型对于短期缓存认证提出一次一密以提高安全性;对于较长时期的证书缓存提出证书可靠性指数概念,让用户可在安全和效率间权衡.扩展证书缓存及证书可靠性指数到CA间的认证,满足实际网络环境需要,提高了认证效率,消除了上层CA证书验证服务时存在的性能瓶颈问题.

A Flexible and Fast PKI Authentication Model Based on Cache Mechanism

To establish trust on certificates across multiple domains requires an efficient certification path discovery and authentication algorithm.A systematic and flexible authentication model based on cache mechanism is proposed.The model uses one-time key to achieve more secure level for a shorter time cache.For a longer time cache,the concept of reliability index(RI) is introduced for the certification,with which the end user can take a trade off between security and efficiency.To meet the practical network environment,the authentication mechanism between the end user and CAs is extended.The authentication time between CAs are reduced,and more importantly,most authentication processes are finished between lower level CAs,so there is no bottleneck problem to occur in the top level CAs,especially the root CA.