èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽå…¬é’¥åŸºç¡€ç»“æž„ï¼ˆPKIï¼‰çš„Internetå®‰å…¨ç ”ç©¶

A Study of Internet Security Based on Public-Key Infrastructure (PKI)

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ èŒƒæ˜Šï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŽä¸å¸ˆèŒƒå¤§å¦ ï¼Œ è®¡ç®—æœºåº”ç”¨æŠ€æœ¯ï¼Œ 2002ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ è®¡ç®—æœºç½‘ç»œæŠ€æœ¯çš„å‘å±•ï¼Œæžå¤§åœ°æŽ¨åŠ¨äº†ç¤¾ä¼šä¿¡æ¯åŒ–è¿›ç¨‹ï¼Œäººä»¬å¯ä»¥é€šè¿‡Internetå¾ˆæ–¹ä¾¿åœ°è¿›è¡Œä¿¡æ¯äº¤æµã€‚ä½†æ˜¯ï¼Œå…¬å¼€ä¾¿åˆ©çš„ç½‘ç»œçŽ¯å¢ƒåŒæ—¶ä¹Ÿå¸¦æ¥ç½‘ç»œé€šä¿¡å®‰å…¨æ–¹é¢çš„æŒ‘æˆ˜ã€‚ åœ¨å¼€æ”¾çš„ç½‘ç»œçŽ¯å¢ƒä¸ï¼Œå…¬å¼€å¯†é’¥ç®—æ³•å·²æˆä¸ºç½‘ä¸Šç”µåå•†åŠ¡å’Œå…¶ä»–éœ€è¦ä¿å¯†å’ŒéªŒè¯çš„ç½‘ç»œåº”ç”¨ä¹‹åŸºç¡€ã€‚è€Œå¹¿æ³›åœ°å…¬é’¥ç®—æ³•åˆ™åˆéœ€è¦ä¸€ä¸ªå…¬é’¥åŸºç¡€ç»“æž„(PKI)æ¥å…¬å¸ƒå’Œç®¡ç†ä¼—å¤šå…¬å¼€å¯†é’¥ã€‚å¦‚æžœæ²¡æœ‰è¿™æ ·çš„ä¸€ç§åŸºç¡€ç»“æž„ï¼Œå…¬é’¥åŠ å¯†çš„åº”ç”¨å‰æ™¯ææ€•ä¸ä¼šæ¯”ä¼ ç»Ÿçš„ç§é’¥åŠ å¯†å®½å¹¿ã€‚ æœ¬æ–‡é¦–å…ˆåœ¨ç»¼è¿°InternetåŠ å¯†ç®—æ³•ä¸Žå®‰å…¨æœºåˆ¶çš„åŸºç¡€ä¸Šï¼Œåˆ†æžäº†é€‚åˆäºŽä¸€èˆ¬PKIç³»ç»Ÿçš„PKIåŸºæœ¬ç‰¹å¾ã€‚è¿ç”¨è¿™äº›ç‰¹å¾ï¼Œæ–‡ç« å¯¹å‡ ç§å¸¸ç”¨çš„PKIæž„æƒ³è¿›è¡Œäº†è®¨è®ºï¼Œç€é‡å¯¹ä»–ä»¬çš„ç»“æž„åŠå˜åœ¨çš„é—®é¢˜ä½œäº†è¯¦ç»†çš„åˆ†æžï¼Œå¹¶ç®€è¦å¯¹é—®é¢˜çš„è§£å†³æ–¹æ³•ä¸Žç³»ç»Ÿçš„å…·ä½“å®žçŽ°è¿›è¡Œäº†ä»‹ç»ã€‚ å…¶æ¬¡ï¼Œæ–‡ç« åœ¨ç¬¬äº”ç« åˆ†æžäº†ä¸€èˆ¬Cï¼Sæ¨¡å¼ä¸å˜åœ¨çš„å®‰å…¨æ€§éšæ‚£ï¼Œæå‡ºç”¨å¯†æ–‡å½¢å¼ä¼ è¾“å’Œå˜å‚¨ç”¨æˆ·å£ä»¤çš„æ–¹æ³•ï¼Œè§£å†³ç”¨æˆ·å£ä»¤åœ¨ä¼ é€å’Œå˜å‚¨æ—¶æœ‰å¯èƒ½è¢«çªƒå¬æˆ–æˆªå–çš„é—®é¢˜ã€‚åŒæ—¶ï¼Œåœ¨ç»“åˆPKIæ¨¡å¼ä¸CAè®¤è¯ã€æ•°å—ç¾åä»¥åŠå…¬å¼€å¯†é’¥ä¸Žå¯¹ç§°å¯†é’¥ç®—æ³•æŠ€æœ¯çš„åŸºç¡€ä¹‹ä¸Šï¼Œæå‡ºäº†å¯†æ–‡ä¼ è¾“å’Œå˜å‚¨å£ä»¤æœºåˆ¶ä¸‹çš„ç”¨æˆ·æ³¨å†Œå’ŒCï¼Sã€Bï¼Sæ¨¡å¼èµ„æºè®¿é—®çš„åŸºæœ¬æ¨¡åž‹ï¼Œä»¥å®žçŽ°Cï¼Så’ŒBï¼Sçš„å®‰å…¨æœºåˆ¶ã€‚ æ–‡ç« æœ€åŽè¿ç”¨Javaè¯è¨€ï¼Œå®žçŽ°äº†å®¢æˆ·ç«¯çš„æ•°å—ç¾åä¸ŽåŠ å¯†æœºåˆ¶å’ŒæœåŠ¡å™¨ç«¯çš„ä¿¡æ¯è§£å¯†ä¸Žæ•°æ®å®Œæ•´æ€§éªŒè¯ã€‚æ•´ä¸ªç³»ç»Ÿä»¥æ¼”ç¤ºä¸ºç›®çš„ï¼Œå°†å„ç§åŠŸèƒ½æ˜Žæ˜¾åœ°åŠ ä»¥åŒºåˆ†ï¼Œåˆ†æ¥å®žçŽ°å„é˜¶æ®µçš„åŠŸèƒ½ï¼Œæ—¨åœ¨è¯´æ˜Žæ•°å—ç¾åä¸Žæ•°æ®å®Œæ•´æ€§éªŒè¯çš„è¯¦ç»†è¿‡ç¨‹ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ The developments of computer network technology are powerfully improving the process of the society information. Now it is very conveniently that people can exchange message with each other on the Internet. At the same time, however, the opened and well-suited network can bring the challenge of security of the network communication.Public-key cryptography is fast becoming the foundation for online commerce and other applications that require security and authentication in an opened network environment. The widespread use of public-key cryptography also requires a public-key infrastructure (PKI) to publish and manage public-key values. Without a functioning infrastructure, public-key cryptography is only marginally more useful than traditional, secret-key cryptography.This thesis reviews the basic of the encryption algorithm and security framework, analyses a set of PKI characteristics that apply to any PKI system, And uses these characteristics to describe several internet PKI proposals in common use. This thesis emphasizes to analyse their structure and matters, then describes the resolvent and action method of all kinds of system.In chapter 5, the thesis analyses the hidden trouble of security hi usually C/S pattern, advances a measure of transferring and memorizing the userâ€™s password in cryptograph form to solve the trouble that userâ€™s password can be eavesdropped and intercepted possibility when it was transferred and memorized. Contemporary, with the basic of CA Authentication, Digital Signature, Public-key cryptography and Secret-key cryptography, this thesis bring forward a basic model of user registration and C/S, B/S resource accessing under the mechanism that using cryptography to transfer and memory the userâ€™s password.At last, using Java language, the thesis implements Clientâ€™s Digital Signature & Encryption and Serverâ€™s Decryption & Integrality Validation. The system is a demo program, and distinguishes all kinds of functions very obviously. It implements each phase function step by step, in order to explain the particular process of Digital Signature and Integrality Validation.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ Internetå®‰å…¨ï¼› PKIï¼› å…¬å¼€å¯†é’¥åŠ å¯†ï¼› ç§æœ‰å¯†é’¥åŠ å¯†ï¼› æ•°å—ç¾åï¼› èº«ä»½è®¤è¯ï¼› æ•°æ®å®Œæ•´æ€§ï¼› Cï¼Sï¼› Bï¼Sï¼›
ã€Key wordsã€‘ Internet securityï¼› PKIï¼› Public-key cryptographyï¼› Secret-key cryptographyï¼› Digital Signatureï¼› Identity Authenticationï¼› Integralityï¼› C/Sï¼› B/Sï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŽä¸å¸ˆèŒƒå¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘4
ã€ä¸‹è½½é¢‘æ¬¡ã€‘209

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®