作 者: ;
机构地区: 广东水利电力职业技术学院计算机信息工程系
出 处: 《微计算机应用》 2005年第4期402-406,共5页
摘 要: 讨论了一个校园网PKI系统,设计了PKI系统的框架、操作流程和证书管理策略,同时介绍了PKI构建的一种具体方法。校园网功能繁多,用户数量大且计算机水平高,所以PKI的主要目标是方便、灵活、安全。本文介绍的PKI方案使用单CA多RA的结构,CA置于防火墙的内部,证书使用分布式存储、密钥的恢复以及证书历史的管理等一系列措施能很好地达到我们的目标。 There is a lot of problem in the method of security authentication based on username and password, but these problem will be able to be overcome through PKI. In this paper, a campus networks PKI system is discussed, including its flame structure, operation flow, and certificate administration policy, and at the same time, the method of construct PKI system using OpenCA will be present. Campus networks have many functions and many skilled users, so the main object of PKI is easy to use, flexibility, and secure. In order to reach this object, the PKI scheme in this paper includes multi-RA and single CA which is protected by firewall, at the same time a series of PKI administration policies such as distribution storing certificate, restoring key, and administration of historical certificate are applied.
关 键 词: 校园网 安全环境 构建 系统 应用 分布式存储 管理策略 操作流程 具体方法 用户数量 证书 计算机 防火墙 密钥