Abstract: This paper puts forward a method to transfer the work of certificate validation from client to server based on a kind of hybrid trust model supporting cross-certification, and describes the proxy’s general model. According to this hybrid trust model, it presents an algorithm constructing a path base on a depth first search, and summarizes the path validation algorithm. This proxy leads to a real thin client and accelerates the application and development of PKI.

Key words: Public Key Infrastructure(PKI), proxy of certificate validation, path construction

摘要： 在支持交叉认证的混合信任模型的基础上，提出了将证书验证的工作由客户端转移到服务器的方案，描述了该代理服务器的总体模型。针对该信任模型，提出一种深度优先搜索的路径构建算法，并对路径验证算法进行了概述。通过该代理服务器，能够构建出真正的公钥基础设施(PKI)瘦客户端，促进PKI的应用和发展。

关键词: 公钥基础设施, 证书验证代理, 路径构建

CLC Number: 

• TP309