Live-CA：結合Java Card與PKI的憑證管理系統之設計與實現

Abstract

網際網路的應用例如電子文件和電子商務不斷的普及，己經逐漸改變人們生活方式和交易型態，因此開放式網路環境中的安全機制也更顯其重要性。除了對資料傳輸的保密外，網路使用者的身分認證更是重要的議題。公開金鑰基礎建設(Public Key Infrastructure PKI)是目前可提供一個可信賴及安全基礎的網路環境中最成熟及最有效的解決方案，本研究採用開放原始碼OpenCA建置一個符合PKI架構的二層CA憑證管理中心並提供LDAP目錄服務。研究中亦開發出PKI使用者介面，避免使用者需不斷的切換頁面來進行憑證的申請、註銷及查詢的作業，同時結合OpenCA自動安裝程式、OpenCA Live CD和Java Card的應用，讓使用者能快速的安裝及使用更安全的PKI網路環境。

With the wide application of Internet, it has gradually changed the life styles and business models. Therefore, increasing importance has been attached to the security problem of the public network. When users access the Internet application services, they expect to have services with integrity, confidentiality and authentication. PKI (Public Key Infrastructure) is a mature and consummate formula for establishing a trusted and secure network at present. In this research, we use the open source software: OpenCA which realizes the technology of PKI to establish a two layer management of the Certification Authority (CA) that provides LDAP directories service. We also develop the PKI user interface with JavaCard, OpenCA installation program, and OpenCA Live CD to establish the development of PKI much more quickly within a more secure network.