基于PKI-CA互信互认体系的电子政务

292Vol.29No.220123JOURNALOFSHENZHENUNIVERSITYSCIENCEANDENGINEERINGMar．2012Received2011-09-28Revised2012-01-21Accepted2012-02-10FoundationNationalNaturalScienceFoundationofChina6117107211101292CorrespondingauthorProfessorYANQiao．E-mailyanq@szu.edu.cnCitationYANHai-longYANQiaoFENGJi-qiangetal．ResearchonstandardsystemformutualtrustandmutualrecognitionbasedonPKI/CAinE-governmentJ．JournalofShenzhenUniversityScienceandEngineering2012292113-117．inChinese【/ElectronicsandInformationScience】PKI/CA12131ATR51806025180603100029CAcertificationauthorityCA、PKI/CACA、．CATP399Adoi10．3724/SP．J．1249．2012．02113ResearchonstandardsystemformutualtrustandmutualrecognitionbasedonPKI/CAinE-governmentYANHai-long1YANQiao2FENGJi-qiang1andCHENGXiao-zhuo31ATRKeyLaboratoryNationalDefenseTechnologyShenzhenUniversityShenzhen518060P．R．China2CollegeofComputerScienceandSoftwareEngineeringShenzhenUniversityShenzhen518060P．R．China3BeijingCertificateAuthenticationCoLtdBeijing100029P．R．ChinaAbstractThesignificanceandprinciplesofestablishingastandardsystemformulti-certificationauthoritymulti-CAmutualtrustandrecognitionofE-governmentinChinaaredescribedbasedonthedevelopmentstatusofthedomesticandinternationalelectronicauthenticationstandardization．ApreliminaryframeworkofstandardsystemformutualtrustandrecognitionbasedonPKI/CAisproposedbytakingintoaccountlegalmanagerialandtechnologicalissuestomeetthedemandsofE-governmentinShenzhen．Keytechnicalstandardsofdigitalcertifi-cateformatapplicationinterfaceandcertificaterevocationlistsarealsothoroughlystudiedanddevelopedtosup-portmulti-CAcompatibleapplications．Keywordsdatasecurityandcomputersecurityelectronicgovernmentmulti-certificationauthoritydigitalcer-tificatemutualtrustandmutualrecognitionstandardsystempublickeyinfrastructurePKI1．602-9．CA．、、、、PKIPKIPKICAhttp//journal．szu．edu．cn11429．CACA．CA．CA．110．CACA①．CA、．、、．②．CA．“”CA．③．CA．、．2CA2.1CACA．PKI/PMICAPKI/CA1．1PKI/CAFig.1TheframeofstandardsystemformutualtrustandmutualrecognitionbasedonPKI/CA2.2PKI/CA“”．“”、“”．．CA、、PKI、CACA．CAhttp//journal．szu．edu．cn2PKI/CA115、、、．．“”．．CA“”．2.3CACA、、CA．2.3.1CA．CA．．2．、12．123456789CA1001CA①01@1001ZZ0123456789②11@1001ZZ1+Base64123456789③21@1001ZZ2+Encrypt342222197205053618Encrypt．2Fig.2Thecodingstructureofuniqueidentifierforentity1Table1Thecorrespondingrelationofcertificatetypeandidentificationcode//ZZ/GS/SW///SF/JG/HZ/HX//ZZ/GS/SW//ZZ/GS/SW///SF/JG/HZ/HX2Table2Thecorrespondingrelationofsecurityidentifierandidentificationnumber01BASE642http//journal．szu．edu．cn116292.3.233、．3Fig.3ThecertificateapplicationinterfacetechniquesystemframediagramCA、、．3SZG_GetUserListTable3GettingcertificatelistSZG_GetUserListBSTRSZG_GetUserListBSTRret1||1＆＆＆2||2＆＆＆．．．2.3.3certificaterevocationlistCRLCRL、．CRL．CRL、CRLCRL4．4CRLFig.4Thebasicstructureofcertificaterevocationlist2.3.4CA“、”CACACA、、．2.3.5．、、、．http//journal．szu．edu．cn2PKI/CA1173CA．20113CA9304．4Table4Digitalcertificateusagestatisticsfore-governmentinShenzhenCACACA10017211500CA205014430CA37150314434715517214103334CACA．PKI/CACA．CA、、CA．61171072111012921979-．E-mailyanhailong98@hotmail.com．PKI/CAJ．2012292113-117．/References1TerenceSpies．PublicKeyInfrastructureM//VaccaJR．ComputerandInformationSecurityHandbook．SanFranciscoMorganKaufmann2009433-451．2HartiniSaripanZaitonHamin．TheapplicationofthedigitalsignaturelawinsecuringinternetbankingSomepreliminaryevidencefromMalaysiaJ．ProcediaCom-puterScience20113248-253．3ITU-TX．509．InformationTechnology-OpenSystemsIn-terconnection-TheDirectoryPublic-KeyandAttributeCertificateFrameworksM．s．l．ITU-TRecom-mendationX．5092000．4BarbaraMiller．Electronicgovernmentconceptsmethodolo-giestoolsandapplicationsJ．GovernmentInforma-tionQuarterly2010271109-110．5TaekyoungKwon．PrivacypreservationwithX．509stand-ardcertificatesJ．InformationSciences2011181132906-2921．6“Chinesecommercialpasswordauthenticationarchitectureresearch”taskgroup．DigitalCertificateApplicationGuideM．BeijingPublishingHouseofElectronicsIndustry2008．inChinese《》．M．2008．7GB/T20518-2006．Informationsecuritytechnology-publickeyinfrastructurePKIdigitalcertificateformatS．inChineseGB/T20518-2006．S．8YANGYi-xianNIUXin-xin．AppliedCryptographyM．BeijingPublishingHouseofBeijingUniversityofPost＆Telecommunication2005．inChinese．M．2005．9LD/T30-2009．HumanresourcesandsocialsecurityofelectronicauthenticationsystemS．inChineseLD/T30-2009．S．10BAOZhong-ping．StandardSystemPrinciplesandPrac-ticeM．BeijingStandardsPressofChina1998．inChinese．M．1998．【】http//journal．szu．edu．cn