检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《电子学报》2005年第8期1407-1410,共4页Acta Electronica Sinica
基 金:北京市重点学科建设(No.4010001202111)
摘 要:CA(certificateauthority)是PKI中的重要组成部分,负责签发可以识别用户身份的数字证书.CA的私有密钥一旦泄露,它所签发的所有证书将全部作废.因此,保护CA私钥的安全性是整个PKI安全的核心.本文介绍的CA私钥安全管理方案主要基于门限密码技术.通过将不同的密钥份额分布在不同部件上、任何部件都无法重构私钥,来确保在密钥产生、分发及使用过程中,即使部分系统部件受到攻击或系统管理人员背叛,也不会泄漏CA的私钥,CA仍可以正常工作.CA (certificate authority) is an important component in PKI (Public Key Infrastructure) ,and its main task is to issue and sign digital certificates that can identify different users. When the private key of a CA is compromised, all the certificates that are issued by this CA would be revoked.So,keeping the private key secret is the core of the whole PKI security.The secure managing scheme for protecting the private key of a CA recommended in this article is based on threshold cryptography. By storing the private key of a CA in more than one components and by ensuring that any component of the CA is unable to reconstruct the private key,this scheme makes sure that even if some components are compromised or some system administrators betray the private key of the CA would not be leaked and the CA can still work normally in the process of generating,distributing and using the private key.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.23
