Abstract: Beginning with the kernel of PKI, which is certificate authority, this paper brings the concept of intrusion tolerance to CA, and gives a feasible scheme of CA based on intrusion tolerance. The most important part is that it discusses the system architect, a digital signature of CA based on intrusion tolerance, and the working process of the whole system. Aiming at some shortcomings, it points out where to be improved in the future.

Key words: PKI, CA, Intrusion tolerance, Digital signature

摘要： 从PKI的核心部件CA入手，将入侵容忍的概念引入CA中，给出了一个可行的基于入侵容忍技术的CA认证中心设计方案。论述了基于入侵容忍CA认证中心的体系结构、各组件间的相互作用、基于入侵容忍的CA签名方案及整个系统的工作过程。针对系统的不足之处，指出了未来工作中需要改进的地方。

关键词: PKI, CA, 入侵容忍, 数字签名

CLC Number: 

• TP309