作　　者： ; ; ; ;

机构地区： 深圳大学信息工程学院ATR国防科技重点实验室

出　　处： 《信号处理》 2012年第9期1278-1283,共6页

摘　　要： 目前国内已有31家获得电子认证服务许可的第三方认证机构(certification authority,CA),跨CA的信任和验证日益迫切。针对该问题,提出了一种基于信任列表的可信第三方跨域认证模型。该模型依托公钥基础设施(public key infrastructure,PKI)所提供的数字证书等安全服务,通过引入新的信任机制更好地管理和控制了可信根证书列表,既避免了传统信任列表模型的诸多缺点,又能够有效实现多CA互信互认。为支持这一跨信任域模型的实际运行,设计了相应的工作流程和多CA认证方案,并开发了多CA应用支撑模块,以及就其中的关键技术问题进行了详细论述。分析表明,该模型能够让应用系统灵活地动态兼容不同CA所颁发的数字证书,且在认证效率、安全性、实用性以及应用改造等方面均具有明显优势。 At present,there are thirty-one third-party certification authorities（CAs） obtaining a license of electronic certification services in China.The trust and verification schemes among CAs are becoming an increasingly urgent problem.In view of this problem,a trusted third party inter-domain authentication model based on trust lists is proposed in this paper.To overcome the shortcomings of traditional trust lists model,the proposed model utilizes digital certificate and other security services provided by public key infrastructure.It is better to manage and control the trusted root certificate lists by using a new trust mechanism.Furthermore,the proposed model can effectively realize multi-CA mutual trust and mutual recognition.For the practical running of the new model,we design its work-flow,multi-CA authentication scheme and multi-CA application supporting system.In addition,some key technology problems are discussed in detail.Analysis shows that the proposed model can facilitate application systems’ dynamic compatibility to the digital certificates issued by different certification authorities.And it has obvious advantages at authentication efficiency,safety,practicability,application of transformation and Etc.

关 键 词： 信任列表 可信第三方 跨域认证 多

领　　域： [电子电信] [电子电信]