摘要
为了保证数字证书颁发过程中的安全性,传统的发证方法要求对RA和LRA进行高度集中的管理,在实际发证过程中往往会面临地域和安全成本的约束,使得整个证书颁发流程效率较低。为了解决这一问题,该文提出了一种基于PKI技术的远程安全发证方法,通过在RA创建的虚拟RA(VRA),与处于远端的LRA采用PKI技术进行相互安全认证,以此在互联网上建立起安全的通信信道,从而安全地完成异地证书的发放。该方法降低了设立LRA的成本,提高了证书发放的效率,对于证书的大规模发行具有实际应用价值。
In order to ensure the security of digital certificate's issuing process, the traditional issuing approach requires a high concentration of RA and LRA for the management of the actual certification process. It will always be faced with the constraints of geographical and cost of security, making the entire certification process inefficient. To solve the problem, this paper proposes a method of remote secure certification based on PKI technology. The Virtual RA (VRA), which belongs to RA, authenticates with the remote LRA using PKI technology mutually, so as to establish a secure communication channel on the Internet, to issue off-site certificates safely. This approach reduces the cost of establishment of LRA, improves the efficiency of certificate issue and has a practical value in the large-scale distribution of certificate.
出处
《信息网络安全》
2011年第9期138-139,187,共3页
Netinfo Security
基金
上海市科学技术委员会(11QA1401500)
关键词
数字证书
发证
公钥基础设施
RA
digital certificates
certification
public key infrastructure
Registration Authority
