Abstract: Since there are many differences between OSGi service platform and general open distributed service environment, the authentication protocol for the general system does not suit the OSGi service platform. Considering the shortcoming of the existing authentication protocol for the OSGi such as the mass operation and the inconvenience of creating and distributing secret keys, a new protocol is proposed. It is based on the KryptoKnight and X.509 protocols, combining the advantages of the symmetric and public key cryptography. It meets the requirements of the OSGi, including manageability, minimality and single-sign on.

Key words: Open service gateway initiative(OSGi), Authentication protocol, KryptoKnight, X.509

摘要： OSGi平台环境与桌面的分布式环境有很大的区别，一般分布式系统中的认证协议并不能直接运用到OSGi平台上。针对已有OSGi平台认证协议存在的运算量大和密钥分发不便的问题，该文在分析KryptoKnight和X.509协议的基础上，结合对称和非对称加密系统的优点，提出了一种新的基于OSGi平台的认证协议。该协议较好地满足了OSGi平台环境对认证协议最小性，达到了易管理性、单点登录的
要求。

关键词: OSGi, 认证协议, KryptoKnight, X.509