As TLS(transfer layer security) standard is deficiency and does not implicitly sign data .This paper describes an approach for modifying the TLS protocol to support theunderlying digital signature mechanism based CPK .The proposal modifies the handshake protocol to negotiate the mechanism about digital signature and dynamic key exchange ,and the record layer protocol which signs and verifies the application data .The new TLS protocol is backwards compatible to allow the cli‐ent to interoperate with an ordinary TLS server .%基于TLS(transport layer security)协议在防“抗抵赖性”上的不足,提出了一种针对 TLS协议的认证改进方案,在保持TLS协议原有安全性的前提下,引入了基于CPK数字签名的验证机制,对 TLS协议中握手协议和记录协议分别进行了扩展与改进,并且支持在握手协议中对数字签名及密钥进行动态协商,同时兼容原有的TLS协议。
展开▼