LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

WANG Ji-lin,CHEN Xiao-feng,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.04.010

2006-01-01

Abstract:Exchange of digitally signed certificates was often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions.Automated trust negotiation(ATN) was an approach to regulate the flow of sensitive information during such an exchange.But ATN cannot handle cyclic policy interdependency satisfactorily.Oblivious signature-based envelope(OSBE) is a scheme to solve this problem.However,the existed scheme could only be implemented on a secure channel.An efficient OSBE scheme without the secure channel is proposed using the ideas of identity-based systems and certificate-based encryption,which satisfies all the properties required by OSBE such as soundness and oblivious et al.Also,the scheme can achieve the desired security notations in the random oracle model.

王秀琴,华蓓

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.02.043

2001-01-01

Abstract:By the theory of public key infrastructure PKI and theauthentication structure of electronic transaction system, this paper puts forward a design scheme of enterprise security communication platform based on certificate authority (CA), gives a model and analyses the system's security in detail.

ZHOU Xiaobin,XU Yong,ZHANG Ling

DOI: https://doi.org/10.3969/j.issn.1001-2486.2013.01.030

2013-01-01

Abstract:Some problems about the traditional identity authentication model for PKI(Public Key Infrastructure) were analyzed.For example,because certificate status verification service and key verification service depend on different service providers who have not enough trust degree in open network environment,the trust degree of the traditional model decreases and its risk increases.Additionally,there are other problems about cross-CAs and incomplete authentication service in the traditional model.Thus a new open identity authentication model was put forward for PKI,which can solve the above problems.In this model,the above two verification services were both provided by CA,and the service result was applied by providing identity certification file instead of OCSP answer.The trust degree of the traditional model and our model by using the cloud trust model presented by other researchers was calculated.The result of the calculating test shows that our model can improve the trust degree obviously.Finally,the prototype system of our model was completed,and especially the performance of the model was optimized.The test shows that the model has good practical value.

LIU Xiao-hong

DOI: https://doi.org/10.3969/j.issn.1673-0461.2006.06.008

2006-01-01

Abstract:Digital identity certification(CA certification) is important to prevent E-commercial risk.Since 2002,China has begun digital identity certification in E-commerce.This paper briefly introduces administration and legal basis of CA certification,its function and structure in China.It also analyzes the major problems in the current system in China,and puts forward some measures to prevent the risk in E-commerce.

XU Feng,QI Yuguo,HUANG Hao,WANG Zhijian

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.05.046

2006-01-01

Abstract:This article analyses the demand of private enterprise CA(certificate authority),demonstrates the feasibility of setting up CA inside enterprises through designing and implementation of a PKI system,and puts forward a detailed method to hide complexity of PKI system.

连乔,王建民

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.z1.065

2002-01-01

Abstract:Non-repudiation is the main problem in the application of electronic commerce. This paper describes the principle of digital signature algorithm based on CA technology, and the certificate authority tree structure to ensure the execution of the digital signature. It also describes how to apply such technology in a typical electronic payment system, and the solutions for these practical problems.

Chen Chen,Yang Zhongyue,Chen Qimei

DOI: https://doi.org/10.3969/j.issn.1002-7300.2010.06.034

2010-01-01

Abstract:The paper presents a kind of secure communication system,aiming at the problem of security from network.Fingerprint as the basis for authentication of remote login,combined with encryption realizes the secure transmission.The structure of the platform is described,the principles of CA signing digital certificates and SSL secure protocols are also studied.The C/S secure communication are implemented by the Openssl instructions and visual studio 2005 developing environment and the authentication protocol.

CAO Tian-jie,ZHANG Yong-ping

DOI: https://doi.org/10.3969/j.issn.1007-1423-b.2001.06.019

2001-01-01

Abstract:Smart cards are small and easy to carry around yet have enough processing power and data storage to store user profiles encrypt and decrypt data and support electronic commerce applications. In this paper we discuss the problems of authentication in traditional electronic commerce and then give an security mechanism based on smart cards.

曾凤萍,潘爱民

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.04.046

2004-01-01

Abstract:The Internet is an open system where the identity of the communicating partners is not easy to define. One solution is to use X. 509 certificate to assure that the communication is happening between the desired endpoints. This paper designs an X. 509 certificate library to afford support to applications which have the needs.

Mark O'Neill,Scott Heidbrink,Jordan Whitehead,Scott Ruoti,Dan Bunker,Kent Seamons,Daniel Zappala

DOI: https://doi.org/10.48550/arXiv.1610.08570

2016-10-27

Abstract:We describe TrustBase, an architecture that provides certificate-based authentication as an operating system service. TrustBase enforces best practices for certificate validation for all applications and transparently enables existing applications to be strengthened against failures of the CA system. The TrustBase system allows simple deployment of authentication systems that harden the CA system. This enables system administrators, for example, to require certificate revocation checks on all TLS connections, or require STARTTLS for email servers that support it. TrustBase is the first system that is able to secure all TLS traffic, using an approach compatible with all operating systems. We design and evaluate a prototype implementation of TrustBase on Linux, evaluate its security, and demonstrate that it has negligible overhead and universal compatibility with applications. To demonstrate the utility of TrustBase, we have developed six authentication services that strengthen certificate validation for all applications.

Cryptography and Security

DONG Haitao,TIAN Jing,CHEN Jun

DOI: https://doi.org/10.3969/j.issn.2095-347X.2013.04.003

2013-01-01

Abstract:OpenSSL is a product implementation of SSL/TLS protocols,which are the most commonly used protocols for secure network communication.Via OpenSSL's engine mechanism,OpenSSL is able to use crypto modules provided by a third party to ensure the security of communication,so that the performances in security and computation are improved.In this paper,the principle of OpenSSL's engine mechanism,the implementation technique of engine,the process and influencing factors of cipher suite selection are introduced,and an effective mothod of using third-party crypto modules in OpenSSL via the combination of controlling cipher suite selection and engine mechanism is given.This paper is instructive in development and applications of OpenSSL engine.

CHENG Shi-xun,LI Dong,HE Xin-hua

DOI: https://doi.org/10.3969/j.issn.1009-3044.2006.10.027

2006-01-01

Abstract:This article has discussed SSL VPN characteristic, analyzed its essential technology and the principle of work in detail, and researched that the Electronic Commerce based on WEB application uses SSL VPN to establish the security tunnel on application layer between two systems in order to ensure the users visit essential data and improve the security of significant information transmitting in the public network.

Pinyi Ren

2009-01-01

Abstract:In engineering and emulate environment,administrators often need to unify accounts management and identity authentication within different domain and system.They also need to increase security and reliability of identity authentication.A new method is presented,which uses digital certificate as the way of authentication.Unified identity authentication is designed and implemented in multidomain and multi-system.Application result indicates that using same certificate stored in USBkey users can access resource by local or remote logon which belong to different domain and system.Accordingly not only administrators can uniformly manage all the accounts with several domains but also it improves application security and workability.

ZHANG Jun

DOI: https://doi.org/10.3969/j.issn.1001-148x.2005.05.027

2005-01-01

Abstract:The emergence of the technique of electronic certification gives technical safeguard to ensure the facticity, the security, and the reliability of identity and communication each part in electronic commerce. Certification authority, which implements the electronic certification, aims to ensure the identity and communication of the participants in electronic commerce general for the purpose of safeguarding business security.

Shangyuan Guan,Xiaoshe Dong,Yiduo Mei,Weiguo Wu,Zhengdong Zhu

DOI: https://doi.org/10.1109/ICEBE.2008.50

2008-01-01

Abstract:Exchange of attribute certificates is a means to establish mutual trust between strangers wishing to share resources or conduct business transactions. Automated trust negotiation (ATN) is a promising approach to regulating the exchange of sensitive information during this process. It has been a fundamental but challenging problem to preserve the privacy of the two negotiation parties during the period of ATN. We present the enhanced hidden credentials and improved concurrent zero-knowledge proof protocol. Based on the above technologies, we propose an ATN for e-business applications, named CASTLE. CASTLE can not only enable the oblivious and selective usage of an attribute or a certificate, but also be resistible for many attacks, especially conspiracy attack. We illustrate the usage of CASTLE through a typical example.

Haijian ZHOU,Ping LUO,Daoshun WANG,Yiqi DAI

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.07.025

2008-01-01

Abstract:Public key infrastructures (PKI) achieve authentication and key exchange by utilizing public key cryptography; however, the system's centralized models tend to be the bottleneck in the network. To improve PKI efficiency, a caching authentication model was developed. The model takes advantage of symmetric root key caching and public key certificates caching, with the caching authentication extended to among the certification authorities (CA) to increase re-usage of cached information. An improved certificate revocation list (CRL) look-up mechanism is introduced to enhance CRL look-up efficiency. Performance analyses show that, compared with the common X.509 protocol, the CA caching authentication effectively reduces the CRL look-up times and network communications in the authentication procedures. The authentication model eases bottlenecks for PKI frameworks, while guaranteeing authentication security and integrity.

Song Yang -,Song Zhihui -,Jia wenxue -,Tang Junhu -

DOI: https://doi.org/10.4156/jcit.vol7.issue5.5

2012-01-01

Journal of Convergence Information Technology

Abstract:With the development of information technology, electronic data exchange to some extent takes the place of the traditional transaction based on paper contract, which challenged the legal system and the information security system while facilitating the transaction. This paper studied the typical procedures of signing e-commerce contract, found that there are some problems on legal and operation levels, especially on the trusted third party system, and this paper proposes improved ecommerce certification security using contract protocol based on RSA and DSA algorithm.

Bing Zhang,Xinxin Ma,Zhiguang Qin

2011-01-01

Abstract:⎯By analyzing existed Internet of Things’ system security vulnerabilities, a security architecture on trusting one is constructed. In the infrastructure, an off-line identity authentication based on the combined public key (CPK) mechanism is proposed, which solves the problems about a mass amount of authentications and the cross-domain authentication by integrating nodes’ validity of identity authentication and uniqueness of identification. Moreover, the proposal of constructing nodes’ authentic identification, valid authentication and credible communication connection at the application layer through the perception layer impels the formation of trust chain and relationship among perceptional nodes. Consequently, a trusting environment of the Internet of Things is built, by which a guidance of designing the trusted one would be provided. Index Terms⎯Combined public key, elliptic curves cryptography, Internet of Things, radio frequency identification, security system, trusting system.