基于USBKey的X.509身份认证

在对X.509身份认证协议及其安全性分析的基础上，结合对USBKey关键技术的研究，提出了一种用USBKey实现X.509身份认证的新方法。它明显提高了X.509身份认证协议的安全性，同时增强了用户使用的灵活性。     

Internet X.509 PKI深入讨论与分析

只有在安全的系统中，如对系统进行加密，数字签名，数字认证，公钥／私钥对、无否认确认和时间戳等操作，电子贸易和虚拟专用网才能有条件实现，由于包含了证书系统，证书授权机构、客体、可信伙伴，证书注册机构和密钥保存库等有效机构，基于X．509的PKI系统很好解决了电子贸易 的安全性问题，讨论了在现有的安全构架下基于X．509的PKI的主要技术问题，并就一些应注意的问题和未来的前景作了一定的分析。     

Privacy preservation with X.509 standard certificates

Privacy preservation has become an essential requirement in today’s computing environment; abuse based on anonymity and user-controlled pseudonyms is a serious problem. For prompt deployment in legacy information systems, it would be desirable to develop a new method in the standard paradigm. This paper investigates practical methods for privacy preservation with X.509 standard certificates by providing conditional traceability for both identity and attribute certificates in the legacy systems. We separate certificate authorities, one for verifying identities and the other for validating contents, in a blinded manner without requiring a trusted third party. We design a concrete method with its more generic and applicative extensions, and prove security formally. We also evaluate performance through rigorous experiments and discuss possible applications.     

基于认证的网络权限管理技术

文中提出了一种基于认证的网络权限管理技术,实现了针对用户的策略和权限管理,并研究了本认证系统的可靠性,利用Bcrypt算法等技术解决了认证系统中存在的安全问题,提高了整个系统的可靠性。这项技术目前已经应用到实际工作中。     

Role-based access control with X.509 attribute certificates

We adapted the standard X.509 privilege management infrastructure to build an efficient role-based trust management system in which role assignments can be widely distributed among organizations, and an XML-based local policy determines which roles to trust and which privileges to grant. A simple Java API lets target applications easily incorporate the system. The Permis API has already proven its general utility in four very different applications throughout Europe.     

XML Based X.509 Authorization in CERNET Grid

This paper presents an authorization solution for resource management and control developing as a part of the China Education and Research Network （CERNET） to perform fine-grained authorization of job and resource management requested in the Grid environment which meets the Fusion-G-rid＇s security needs in large scale networks such as CERNET. It integrates the GT2 job manager and X.509 authorization, and this model can be extended to other authorization decision functions. It allows the system to evaluate a user＇s resource specification language request against authorization policies on resource usage. Furthermore, based on XML integrated authorization policies, it allows other virtual organization members to manage the users＇ resources.     

基于智能卡的X.509身份认证

身份认证中的关键技术是身份信息的安全存储、处理和传递,本文提出了一种基于智能卡的X.509身份认证方案,设计了一套基于X.509的身份认证协议,将智能卡作为存储身份信息的载体,密码运算都在智能卡内部进行,认证过程安全性好.在开放的网络环境中,此方案可较好地防止中间人攻击,验证用户身份.     

X5.09证书管理系统及其实现

Ｘ．５０９证书已经在许多网络安全应用中得到了广泛使用,本文设计了一个高效、可靠、易于扩展的Ｘ．５０９ 证书管理系统     

颁发和验证X.509v1数字证书的JavaBean

本文介绍了X509数字证书及其Java编程接口，并实现了用于X509证书颁发和验证的JavaBean,可做为数字签名、加密解密及SSL通信系统的编程参考。     

认证测试方法对X.509认证协议的分析

采用认证测试方法对X.509协议的认证正确性进行了分析,该方法比BAN逻辑分析得到的结论更具体,比传统串空间理论构造集合寻找M-minimal元素的方法更为简单直观。然后针对分析结论提出了改进协议,并使用认证测试方法证明了改进协议在保持数据保密性完整性的同时,也能实现认证的正确性。     

CCITT X.509协议的形式化分析及其改进

串空间模型是一种新兴的密码协议形式化分析工具,基于串空间模型的协议认证分析方法是比较常用的验证方法。概述了串空间模型理论和基于串空间模型的认证测试理论,并利用此理论对CCITT X.509协议进行了形式化的分析。该协议存在缺陷并对此进行了改进。     

X.509证书库的设计与实现

X．509证书是PKI(公钥基础设施)的重要组成部分,目前得到了很广泛的应用。设计并实现了一个轻量级的X．509证书库,比较了国内外同类产品的优缺点,给出了该证书库的具体模块设计,并指出了其应用前景。     

X.509中身份认证协议的安全性描述

论述了X.509中身份认证方案的过程,并对其安全性进行了描述。     

数据库加密系统中基于X.509证书的椭圆曲线加密身份认证机制

身份认证问题是网络安全的重要研究课题,利用椭圆曲线密码系统相对于其他公钥密码体制具有密钥长度短、运算速度快、计算数据量小的特点,结合X.509证书构建一个新的、高效的、安全的身份认证方案.     

X.509v3证书的政务标准化研究

描述了用于电子政务身份认证的X．509v3证书的结构及其语义,特别是对证书扩展域作了重点分析,提出了标准化的方法。     

基于SAML和X.509的跨安全域信任关系构建机制

在对企业的各个应用系统集成到门户的过程中,信任关系的构建是解决不同安全域之间统一身份认证的有效方法。在分析和研究统一身份认证关键技术SAML和X.509数字证书特点的基础上,提出了跨不同安全域的信任关系构建机制。并从保证网络安全的角度,对该机制进行了深入探讨和改进。最后运用基于SAML规范的开源实现openSAML进行了简单的测试和验证。     

Building Trust Peer-to-peer Networks with TLS and X.509 Certificates

As soon as a P2P application grows to the point where it becomes interesting, the issues of trust and security appear on the horizon. The core of the paper is on how to build trustful peer-to-peer networks with TLS and X.509 certificates under JXTA architecture. The use of authentication, authorization, and encryption establishes trust in P2P applications. Without a foundation of trust, many types of interesting applications such as e-commerce won't take hold on top of the P2P infrastructure.     

基于属性证书的X.509证书改进方案

传统X.509证书实现Web安全属性服务时有其一定的局限性。文章详细描述了Farrell等提出的属性证书格式,并给出了用一种基于属性证书的改进证书方案来实现Web上安全属性服务的模型。