Traditional cryptographic service system is a “chimney” type structure, resulting in the encrypted communication difficulties between different departments, and information resources are dififcult to share. This paper proposed oriented service architecture of cryptographic service system, and it realizes the interconnection and interoperability. This paper proposes an authentication scheme, which can enhance the security of the system. The efficiency of existing PKI public key certificate validation is low, the establishment of inter domain trust path is complex and too long trust path lead to cross domain authentication efifciency lower. Based on XKMS domain trust building methods, this paper establish direct trust relationship between any two of the IDP, and it can reduce the complexity and length of trust path construction, retain the advantage of PKI system, simplify the system interaction process, and improve cross domain authentication efifciency. Compared with the existing schemes, it can improve the efifciency of the authentication.%传统密码服务系统呈“烟囱式”结构,造成了不同部门之间加密通信困难,信息资源难以共享,不适应信息化条件下的应用协作要求。文章提出了一种面向服务架构的密码服务系统,实现了互联互通互操作,同时提出了一种认证方案,实现用户与服务系统的双向认证,增强了系统安全性,提高了协议效率。现有PKI系统公钥证书验证的效率低,建立域间信任路径过程复杂、路径有效性验证效率低且信任路径过长,甚至可能出现回路等问题,导致跨域认证效率低。文章提出基于XKMS的域间信任建立方法,省去域间信任路径的建立和验证两个过程,构建起任意两个IDP之间的直接信任关系,减少信任路径构建的复杂性及其长度,在保留PKI系统优势的同时,简化了系统交互过程,提高跨域认证效率。文章通过与现有方案对比,表明本文方案的认证效率得到一定程度的提高。
展开▼