Digital Certificate
Transcript of Digital Certificate
. . . CA . 905. X . PKI . RRS .
905. X - .RRS PKI CRL
1
. . . : 1- 1 2- 2 3- 3 . )1(4
4-
. 0053 . . . ) ( ) ( . . . . . 1 2
Secrecy Authentication 3 Nonrepudiation 4 Integrity Control
2
. 905. CRL PKI X RRS .
1
. : . . . 1- 2- 3-
. . )1(. : .
1
Digital signature
3
)2(. . : 1 2 . 3 4 . . 1 5 7 . )3( . 1- 2- 3- 4- 5- 6- 7- 8- 9-
. .
. . .
1 . 5 6 . . 1 2
Message digest Hash function 3 Private key 4 Public key 5 Repudiation 6 Impersonate
4
. 1 . . .
1-
1
Authentication
5
1
. . 2CA . )1(. CA CA
. ) ... ( .3
Identity Certificate
1- CA :)IDCAp _Cert = (Idp, Pup, V, Option, SignCA
:Idp :Pup :V :Option :SignCA CA1 2
Digital certification Certificate Authority 3 Digital certificates classification
6
2- Attribute Certificate
1TA . :)AT TAp _Cert = (Idp; Arp; V; Option; SignTA Authorization certificate
3-
2AA :)AU pq _Cert =(Pup; Puq; A; D; V; Signp
:Pup :Puq :A :D AA
:V :Signp . )4(
905.X . 905. X 1 ITU . 2 905. X .1 2
Attribute Authority Authorization Authority
7
2 905.X
) ( Public Key Infrastructure ) ( CA . CA . CA . PKI . PKI CA . PKI1
International Telecommunication Union
8
- . 3 CA ) ( Root 2 ) ( RA . ) ( 1RA ) ( 2CA 905. X .
3 PKI
3 4 .5
CA .
1 2
Regional Authority Certificate Authority 3 Chain Of Trust 4 Certification Path 5 Revocation
9
. :
1CRL ) CRL ( . - CRL ]1[. 905. X CRL . CRL : :CRL 32) CRL ( )
6 ( . : 3 -
6 - . : -
. : CRL .
CRL . )5(
1
Certificate Revocation List
01
1RRS . . . - . . . . RRS . : MedSoft . MedSoft LifeTech . MedSoft . 4 1 - . . 2 RRS . 3 RRS
. RRS .1
Receipt Resolution Server
11
4 RRS
: :Hash of Certificate :Machine Identifier RRS . :Activity Period ) :Padding(optional
5 RRS . RRS RRS . RRS )6(.
21
5 RRS Alice
. 1 . . . RRS .1
)Secure Socket Layer(SSL
31
1. Tanenbaum, Andrew S. Computer Networks, Fourth Edition . 2003. 2. Digital Signatures, Certificates and Electronic Commerce. Brian Gladman1, Carl Ellison2 and Nicholas Bohm. 3. Efrsim Turban, David King, Jse Lee. Electronic Commerc,A managerial perspective. 2004. 4. Hu Yuh Jong([email protected]). Trusted Agent-Mediated E-Commerce Transaction Services via Digital Certificate Management. 5. . . ,s.l. : . 6. DIGITAL RECEIPTS: A SYSTEM TO DETECT THE COMPROMISE OF DIGITAL CERTIFICATES. Seeley, Nathaniel. 2006.
14