摘要
在网络信息系统安全管理中,使用签名Applet访问客户端资源能更灵活地扩展网络应用。然而在现行的Applet签名方案中,由于Jar包使用常规的签名方法,使客户端仅允许指定安全服务器中的Applet签名程序访问本机资源,而其他服务器的Applet程序即使被证明是可信的也无法实现同样的功能。这样的设置尽管保证了客户端访问的安全性,却使得网络分布性资源使用的效率无法提高,限制了网络应用。针对于此,该文提出了用椭圆曲线实现的Applet代理签名新方案,并对该方案的安全性进行了分析。
In the security management solution for the network information system,it is suitable for further expansion of application in network to permit the signed applet access to resources of the client’s computer.However,in current signing-applet scheme,the each Jar package is usually signed with classic public key cryptography’s method by which the applet given a signature by a particular server in the security region is only allowed to access the client’s computer,but the one signed by the other server is not allowed to access it though the signature is verified to be trusted.The configure causes low use of the distributed network resources and hinders the study of new style application on net although it provides security.To solve this,a proxy signature scheme on applet with ECC is presented and analysis of the scheme security is given.