[关键词]
[摘要]
基于PKI(public-key infrastructure)的分布式信任模型能够更好地保证分布式系统的安全性.作为信任路径的载体,数字证书格式的差异性可能对不同信任域实体之间的信任路径的可用性产生影响.提出了证书格式兼容性的概念,并以此为基础分析了证书格式差异对证书有效性验证的作用方式.在桥CA(certificate authority)的基础上,提出一种兼容性较高的分布式结构的信任模型,能够消除证书格式兼容性问题对不同信任域实体之间实现互连的干扰.
[Key word]
[Abstract]
Distributed systems could be more secure with distributed trust model based on PKI (public-key infrastructure). The format of certificate may be different among different PKI systems. Those differences may disturb some applications performing verification of the certificate chain. In this paper, how those differences work during mutual verifications is analyzed with the new concept “certificate-format-compatibility”. Moreover, a new distributed trust model based on bridge CA (certificate authority) with high compatibility is designed out. Using this trust model, the mutual connections between entities in different trust domains would not be affected by the different certificate formats.
[中图分类号]
[基金项目]
Supported by the National Natural Science Foundation of China under Grant No.60403006 (国家自然科学基金); the National Grand Fundamental Research 973 Program of China under Grant No.G1999035801 (国家重点基础研究发展规划(973))