密钥管理与PKI技术 课件.pptVIP

-40- CA信任关系(Cont.) 信任模型（认证拓扑结构）：CA之间的信任关系 认证链：认证拓扑结构图中的一条路径 典型的认证拓扑结构 -独立的信任域 CA信任关系(Cont.) 典型的认证拓扑结构 -严格的层次信任拓扑结构 -多根节点树 （根链模型） 集中管理 -41- -42- CA信任关系(Cont.) 典型的认证拓扑结构 -倒转认证的树结构 -图的信任拓扑结构 分布式管理 -43- 层次结构CA中证书的验证 CA层次结构 根CA 中间CA -44- Alice Bob 用户A的证书 用户B的证书 层次结构CA中证书的验证(Cont.) 可信的根CA证书 数字签名 中间CA证书 数字签名 又叫证书认证体系 由公正第三方产生可信的根CA证书，用户都相信根CA 证书。 由根CA为企业签发中级CA证书 企业CA为下面的用户签发用户证书 验证证书有效性时，需要验证其上级CA证书 一直验证到最终可信的根CA证书 * Activity: Introduce security concerns in an open network Notes: Review the concerns, explaining that an OPEN NETWORK is easy for anyone to access. Stress any concerns that might be particularly important to the business of any of the students (based on information from their introductions). * Activity: Introduce security concerns in an open network Notes: Review the concerns, explaining that an OPEN NETWORK is easy for anyone to access. Stress any concerns that might be particularly important to the business of any of the students (based on information from their introductions). * Activity: Introduce module topics Notes: Slide builds: Network Security Needs Solutions: We’ll look at the 4 basic security needs Cryptography: Public Secret key cryptography to help solve security needs Digital Certificates: A way of binding together a person’s public key (for cryptography) their identity Certification Authority: How Digital Certificates are securely created issued Ways to use Digital Certificates: A look at some applications of digital certificates * Activity: Introduce cryptography Notes: Cryptography is the basic electronic answer to the 4 security needs We’ll look at: Secret key Public key and 2 specialized uses of cryptography: Digital Certificates Digital Signature * Alice and Bob must both know key Quick - relatively DES - Data Encryption Standard - has been around for 20 years RC2/RC4 - Rivest’s cipher or Ron’s Code - administe