启明星辰认证安全技术工程师培训

—PKICAPKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CAPKI9PKI9PKI9PKI9PKI9PKIPKI9PKIpublickeyinfrastracture9,PKI9PKI9PKI9PKI9PKI9PKIPKI99999PKI9PKI9PKI9PKI9PKI9PKIPKIPKIAliceBobPKIAliceBobPKIAliceBobPKI?AlicePKI9PKI9PKI9PKI9PKI9PKIPKI/CA¾1976RSA¾2080PKI¾PKI1996PKI¾1996VisaMastCardIBMNetscapeMSSETCA¾1999PKI¾20004PKI¾2001613PKI“PKI”PKI••••••PKI/CA¾PKIEESSIPKIPKI¾¾PKI¾PKI¾PKIPKI¾PKI¾¾1996-1998SET¾19971¾199811CA¾199810¾1999CA¾19998CA¾1999107¾1999-2001¾19998-2000CFCAPKI9PKI9PKI9PKI9PKI9PKIPKI1.1?RickMaryInternet/Intranet1.2?z1.1Rick.1.21234.zzzz2.?2.,.3.?3.?5.,.5..4.?4.,.z!--?--?z?--?,.z,?z??z,,,?,,,?PKIPKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CAPKI¾()¾¾¾/¾¾X.500ISO¾LDAPX.500¾¾¾¾¾X.509¾¾(DigitalID)“”“”¾¾¾¾PKI¾ARaAM=(Ta,Ra,Ib,d),TaAIbBdBEbA(Ca,Da(M))BCaADaA;BCaABEaDa(M)ABMIbBMTaBMRa()¾BRb;¾BMm=(Tb,Rb,Ia,Ra,d),TaBIaAdRaAAEb¾BDb(Mm)A¾AEaDb(Mm),B¾AMmIa;AMmTbAMRb()X.509¾(CA)¾X.500¾X.509––X.509––––VPN–WAP–CARAPKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CAPKICACACAPKIPKIPKIPKIRARARAPKI¾¾¾--CertificatePolicy,--CPSCertificatePracticeStatementsPKI()returnPKI()¾PKIPKIreturnCA¾¾¾¾¾¾(CRL)¾OSCP¾¾¾¾CA¾PKI()returnPKI()RA¾/CA¾¾¾¾LRA¾returnPKI()¾returnPKI¾Web¾¾EDI¾¾VPNPKI()returnPKI(API)¾PKIPKI()returnPKI¾PKIPKIPKI¾PKIPKIPKI¾PKIPKIPKIPKI¾(In-houseModel)PKIPKI¾—CAPKIPKIPKIPKI¾()¾¾¾¾CA¾99CA99CACA–CA–CA“-”CACACA–––CA¾CACA¾CACACACA¾CA¾CACA¾CA¾CACA()CA¾CA9CAcert(1)ForwardCertificates:CAcerts(2)ReverseCertificates:CAcertsCA¾AB¾BCA¾¾––B–ACAB¾CA–CACA––()–()–––CA9(Hierarchical)9(Mesh)9(Hybrid)XYCAXCA4→CA2→CA1ROOT•••“”••CA••CACACACACACACAXYCA4→CA5→CA3XY••PKICA•CA•CACA••PKICAXYeCommCA••CA•CA•CACACACACACACACACACACACACACACACACACAPKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CAPKI/CA¾/¾CRL¾/¾/¾/PKI/CA/9MD2RFC13199MD4RFC13209MD5RFC13219SHA1FIPSPUB180-19HMACRFC2104HMAC:Keyed-HashingforMessageAuthenticationPKI/CA/9DES9RC29RC593DES9IDEA9AESPKI/CA/9RSA9DSA9DHPKI/CA/9ASN.1(AbstractSyntaxNotationOne)BER()CER()DER()PKI/CA/PKCS9PKCS#19PKCS#39PKCS#59PKCS#69PKCS#79PKCS#89PKCS#99PKCS#109PKCS#119PKCS#129PKCS#139PKCS#149PKCS#15PKI/CA/9GSS-APIv2.09GCS-API9CDSA9RSAPKCS#11CryptographicTokenInterfaceStandardv2.019RSABSAFEAPI9MSCryptoAPIv2.09CTCAv1.0PKI/CACRL/9RFC2459InternetX.509PublicKeyInfrastructureCertificateandCRLProfileX.509V3X.509V2CRL9RFC3280InternetX.509PublicKeyInfrastructureCertificateandCertificateRevocationList(CRL)ProfileRFC2459CRLCRL9RFC2528InternetX.509PublicKeyInfrastructureRepresentationofKeyExchangeAlgorithm(KEA)KeysinInternetX.509PublicKeyInfrastructrueCertificatesPKI/CA/9LDAPRFC1777LightweightDirectoryAccessProtocal9RFC2587InternetX.509PKILDAPv29HTTP2616HypertextTransferProtocol--HTTP/1.19FTP9OCSPRFC2560,X.509InternetPKIOnlineCertificateStatusProtocol9RFC2559InternetX.509PKIOperationalProtocols-LDAPv29RFC2585InternetX.509PKIOperationalProtocols:FTPandHTTPPKI/CA/9CRMFFRC2511InternetX.509CertificateRequestMessageFormat9CMPRFC2510InternetX.509PKICertificateManagementProtocols9IKERFC2409TheInternetKeyExchange9CPRFC2527InternetX.509PKICertificatePolicyandCertificationPracticesFramework93029InternetX.509PKIDataValidationandCertificationServerProtocols93039InternetX.509PKIQualifiedCertificatesProfile93161InternetX.509PKITime-StampProtocol(TSP)PKI/CA/¾RFC2528RepresentationofKeyExchangeAlgorithm(KEA)keysinInternetX.509PublicKeyInfrastructureCertificates¾RFC2538StoringCertificatesintheDomainNameSystem(DNS)PKI/CA/9SSL/TLSRFC2246TheTLSProtocolVersion1.09SETSecurityElectronicTransaction9S/MIMERFC2312S/MIMEVersion2CertificateHandling9IPSec9PGP9WAPSSL/TLS9netscapeWeb;9IETFRFC2246;9HandshakeProtocalRecordProtocal999SSLPKI/CAPKI/CASET9Visa,MasterInternet9Internet99SSLSETECPINPINSETSSLPKI/CAOpenPGPS/MIME9PGP(PrettyGoodPrivacy)(NetworkAssociation)91997IETFPGPOpenPGP(RFC2440)9S/MIME(Security/MutipleInternetMailExtension)RSA1995IETF9RFC2630-RFC2634S/MIMEV3PKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CAPKI/CA¾PKIPKIPKICAPKICAPKICAPKIPKIPKIPKIEntrustPKIPKIPKI/CAVeriSign9955RSADataSecurity93902195009CAHitrustVeriSign9200064000PKI¾19963¾199962935¾19991013¾1997415“”¾200141PKI¾¾¾¾PKI20024PKI7PKI/PMIWG42002X.509CX.509CWG4PKIPKIPKICA–CACACACACACACACACACACANPCACA–CACACA–CACACACACA–CACACACACACACACACACACACACA(CFCA)(CTCA)(TJCA)¾)¾)¾¾¾¾–56CA–EntrustVerisignBaltimorePKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CAPKI/CA♦WebPKI/CA♦SET$Internet//////$541.2.PIN3PIN6.7.8.129.11.10PKI/CA♦MaryRick1.2.3.4.991.RACA2.B/SPKI/CA♦PKI/CA¾PKI¾PKI/CA¾PKI/CA¾PKI/CA¾¾PKI/CA99PKI9CA9RA9PKI9SSLSETE-mail:train@venustech.com.cn