摘要： 通过对PKI/CA 技术与规范的研究，在实践了PKI/CA 中间件系统的设计与开发的基础上，提出了分布式认证服务技术来减小认证的开销，从而达到在保障安全之外提高了客户端与服务端交互的效率，并且研究了相应规范来获取时间戳服务，同时在J2EE 的EJB 容器环境下使用了代理模式以及Interceptor 的技术来实现了PKI/CA 中间件，并且实践了PKI/CA 中间件的即插即用。

关键词: 数字证书；公钥基础设施；认证中心；时间戳；分布式认证服务；J2EE

Abstract: From the research of standards and technology of PKI/CA, based on the development and design of the PKI/CA-based middleware system, this paper proposes the distributing authentication service. The distributing authentication service can reduce the cost of authentication so that it can raise the efficiency of the invocation between client and server meanwhile it still keep the safety. This paper also discusses the time stamp service from PKI. It implements PKI/CA middleware using the proxy pattern and inteceptor interface which is pluggable

Key words: Digital certificate; Public key infrastructure (PKI); Certificate authority(CA); Timestamp; Distributing authentication service; J2EE