in order to solve the security problem of the Internet, countries all over the world have studied it for many years, and initially formed a complete set of Internet security solutions, that is, PKI- public key infrastructure which is widely used at present. PKI (Public Key Infrastructure) technology uses certificates to manage public keys, and binds users' public keys with other identification information through the third-party trusted organization --CA Certification Center to verify users' identities on the Internet. At present, the general method is to use digital certificates based on PKI, and to ensure the confidentiality, authenticity, integrity and non-repudiation of information transmission by encrypting and signing the digital information to be transmitted, thus ensuring the safe transmission of information. PKI is an infrastructure that provides security services for online communication based on public key algorithm and technology. It is a collection of all software and hardware involved in the creation, issuance, management and cancellation of public key certificates. Its core element is digital certificate, and its core executor is CA certification body.
PKI technology is the core of information security technology and the key and basic technology of e-commerce. The basic technologies of PKI include encryption, digital signature, data integrity mechanism, digital envelope, double digital signature and so on. A typical, complete and effective PKI application system should at least have the following parts:
Public key cryptographic certificate management.
the publication and management of the blacklist.
backup and recovery of keys.
automatically update the key.
automatically manage the history key.
support cross authentication.
because PKI architecture is a relatively mature and perfect Internet network security solution, some large foreign network security companies have launched a series of network security products based on PKI, such as Verisign, IBM ,Entrust and other security product suppliers in the United States, which provide users with a series of client-side and server-side security products, providing security guarantee for the development of e-commerce. It provides a complete network security solution for e-commerce, government office network and EDI.
With the popularization and deepening of Internet applications, government departments need PKI to support management; PKI technology and solutions are needed in commercial enterprises, between enterprises, regional service networks and e-commerce websites. Large enterprises need to establish their own PKI platform; Small enterprises need commercial PKI services provided by society. From the development trend, the market demand of PKI is huge, and the applications based on PKI include many contents, such as communication between WWW server and browser, secure e-mail, electronic data exchange, credit card transactions on the Internet and VPN. Therefore, PKI has a very broad market application prospect.
Reference: CA(CertificationAuthority) is the international name for certification bodies, which refers to the institutions that issue, manage and cancel digital certificates to applicants for digital certificates. The role of CA is to check the legitimacy of the identity of the certificate holder and issue the certificate (sign the certificate) to prevent the certificate from being forged or tampered with.
a digital certificate is actually a record stored in a computer, and it is a statement issued by a CA, which proves the unique correspondence between the certificate subject (the "certificate applicant" becomes the "certificate subject" after being issued with a certificate) and the public key contained in the certificate. The certificate includes the name and related information of the certificate applicant, the applicant's public key, the digital signature of the CA that issued the certificate and the validity period of the certificate. The function of digital certificate is to make the two sides of online transaction verify each other's identities and ensure the normal conduct of e-commerce.