公開金鑰基礎建設之憑證管理機制研究

隨著網際網路的蓬勃發展與普及，各式各樣的應用也隨之大量推出，不論是商業、服務、教育...等各領域均有不錯的發展。因此，也造就了電子商務(E-commerce)的熱潮，但新的問題和挑戰也隨之產生，如：安全性、不可否認性及私密性等。解決這些問題的方法中，公開金鑰基礎建設(public Key Infrastructure, PKI)是其中常被考慮的方式，而憑證的概念更是PKI的核心。本文提出一種新的PKI實際運作架構，以安全的電子郵件伺服器(Secure Mail Server, SMS)線上(On-line)運作架構，解決憑證廢止清單(Certificate Revocation List, CRL)發行時間空窗期所可能產生的種種安全問題。此外，本文所提機制亦強化憑證使用的安全性，使憑證能更廣泛的應用在各種電子商務中。

關鍵字

公開金鑰基礎建設；憑證廢止清單；憑證中心

並列摘要

Because of the growth and the popularization of the Internet, various kinds of applications are available and developed quite rapidly in many areas, such as commerce, education, and entertainment...etc. In the area of commerce, people call the application on the Internet “E-Commerce”. The E-commerce is a very hot headline, but some issue and challenge come along at the same time, for example, Integrity, Authentication, Confidentiality, and Non-repudiation. There are many ways to solve them, the most famous one of them is PKI (Public Key Infrastructure). The concept of Certificate is the most important part of PKI, but it gets some defects in CRL (Certificate Revocation List). This article proposes a new method that could improve the processes of CRL. At the same time, this article proposes a scheme, SMS On-line Structure, that could solve some secure problems of CRL issuing time gap, and increase the application of certificates. Finally, we propose an E-Commerce scheme base on PKI which can achieve the goal of personal service and authorization easily.