Saturday, October 23, 2010

Different trust model


Trust model describes how to create a different certification path between the certification body and the confidence to build and find the path rules.

The so-called trust model is a relationship of trust establishment and management framework. In public key infrastructure, when the two certification bodies in the public key of a party to the other or both public key certificates to each other, the two rooms on the establishment of this trust. Trust model describes how to create a different certification path between the certification body and the confidence to build and find the path rules.

Hierarchical Trust Model

1. The strict hierarchy of certification bodies

CA's strict certification hierarchy can be described as an inverted tree, roots of the tree top, branches extended downward, leaves in the bottom end. Inverted tree in the tree, the root represents a whole PKI for all entities within the special significance of CA, is often called the root CA, the root of it as a trust or "trust anchor." The root CA is zero below the intermediate layer or layers of CA, because it belongs to root, also known as sub-CA, CA can be used as the middle child node, then branch out, and finally the tree leaves, known as end-entity or as end-user.

Upside down tree's roots, the tree structure as a starting point, it is not only network, communication or sub-structure of the starting point, it is a starting point of trust. In this system, all entities (including end-entity and all of the sub-CA) are to the root CA's public key as the anchor they trust that their decisions on all certificates of trust starting point or destination. The structure shown in Figure 1.



End-entity authentication process: a trusted root CA public key held by entities in a terminal, you can test the following procedure to another end-entity certificate B. Assuming that Bob's certificate issued by CA2, while the CA2's certificate issued by CA1, CA1 of the certificate is issued by the CA.

Because A has a root CA's public key Kr, so the public key can verify the CA1 K1, so you can extract the public key of CA1 credible. Then, the public key can be used as public key authentication CA2, CA2 similar to the credibility of the public key can be K2, K2 will be able to verify the public key certificate of B, B to get the credibility of the public key K B. A key can now be under the B type is the encryption key or a signature key, to use the key K B.

2. Subordinate-level trust model

Subordinate-level model and the general level models differ, subordinate-level model is a subset of general-level model, universal level model allows two-way trust relationship, and subordinate-level model is only one way to prove the next layer of the subordinate CA. In the subordinate-level model, the root CA has a special significance, it was named anchor for all end users of public trust. By definition it is the most trusted certificate authority, all other relations of trust are derived from it.

In the model, only superior to a subordinate CA issuing CA can, Er subordinate CA issuing CA can not turn to a higher level, to prove the superior CA.

Because the root CA in the model is the only trust anchor, and the trust relationship is established from the most trusted CA up, so there is no other certification body for the root CA certificates. Root CA to issue a self-signed their own CA, so the certificate subject and certificate issuer is the same. Public key certificate in the certificate and private key for the certificate signature is the corresponding.

Root CA trust anchor as the only designated the root certificate of the certificate must be distributed to all users, because in the model, all paths must include the root certificate, so the root CA key is very important, once the leak, the entire trust models will have catastrophic consequences.

Feature

Subordinate hierarchy, all are in the root CA certificate path terminate the certificate, so only the path leading to the root CA certificates only need to check and verify times and does not need to establish or verify the user certificate from the root CA to CA's anti-path. General Hierarchical Model Certification Path shorter than the half.



Figure 2 is a subordinate-level model certificate certification path, the figure for their own self-signed root CA issued the root certificate, and then issuing CA certificate for the user, the user CA certificate issued to end users.

Subordinate hierarchy model in support of the strict hierarchy of the environment using the most effective. U.S. Department of Defense-level model used to support subordinate defense system (DMS), because the United States Department of Defense's organizational structure itself is level-based. Strictly subordinate hierarchy is another well-known application of Internet privacy enhanced email PEM.

Network trust model

To understand the network trust model, we must first understand the "peer model", in the other models developed on the basis of fully connected mesh network and thus constitute a trust model.

1. On the other model

Definition: reciprocal confidence-building trust model is the assumption that the two certification bodies are not subordinate relationship, not one of the subordinate to another, but they are point to point, on the other the (peer-to-peer).

In this model, there is no trust anchor as a root CA, certificate users rely on their local award authority, and as the trust anchor. Shown in Figure 3.



4 cross-certification: Cross-certification is not related to the CA before a useful mechanism for linking, allowing the main body in between their respective security communications. The actual cross-certification form method, such as the specific message exchange protocol, have the same general certificate of authentication, but cross-certification of the subject and issuer are the CA, instead of end-entity. To note the following points:

鈼?If the CA is the same domain (such as the hierarchy of subordinate CA), this treatment is called cross-domain authentication.

鈼?If the CA under different domain (a company in the CA certificate of another company, CA), this treatment is called inter-domain cross-certification.

One-way cross-certification can also be both ways. CA1 can be cross-certified CA2, but no cross-certification CA2 CA1. This led to a single one-way cross-cross-certification certificate, the strict application of the hierarchy is typical.

2. Reticular

Network structure that contains multiple CA provides PKI services, each end-entity certificates issued only to trust its CA certificates issued by these CA to peer (peer-to-peer) mode each certificate that the cross-authentication technology to two-way trust purposes.

Each issue contains between multiple CA cross each other's public key certificate, ensure that the users of each CA cross-certified CA certificate to trust the other users in order to achieve the trust's expansion and interoperability.

In the network structure, all must cross between the root CA certificate, in the fully connected network, if there are several root CA, it needs to build a n 脳 (n-1) a cross-authentication protocol, when n When large enough, such a cross-certification agreements close to n2. For the n-CA, to their mutual trust between the 22 exchange, you need to issue and maintain the n 脳 (n-1) / 2 cross-cutting certificate, if n = 7, you need 21 cross-certification, and Each CA in the need to install n-1 by cross-cutting the root certificate of authentication.

Advantage

鈼?network structure of the PKI is flexible, because there are multiple trusted starting point, one of the CA problem, then to the CA that issued the certificate of the CA had just revoked the certificate, PKI domain can be deleted from the CA. CA associated with the other users still have a correct starting point of trust, to maintain a secure PKI domain with the rest of the user communications. Therefore, the weakening of a single CA security will not affect the operation of the PKI domain.

Shortcoming

鈼?Expansion of the certification path is more complex than hierarchy;

鈼?from the user certificate to the trusted certificate from the path is uncertain, there are several possible options to find a more difficult path; when the CA increase in the number, there may be a certificate endless loop.

Trust list structure

PKI trust trust list structure is a way to structure it with the hierarchical structure, network structure and hybrid trust structure (bridge mode) has its unique characteristics. Trust list is a very useful concept, it provides a mechanism, Shide from different hierarchies or other trust model of CA was Mingque De Ke Yi trust.

Trust list is a dynamic set at the application layer two-dimensional control list, the table contains trusted CA root certificate, each CA itself can be a hierarchical structure or network structure.

Advantage

鈼?The biggest advantage of the trust list for the simple structure, reducing the complexity of the steps to find trust paths; increase confidence in CA it easier to remove. Trust in the dynamic list, calling for an organization to have just one central administrator to determine the strategy, within the provisions of the trust which the user should accept the trust anchor, the administrator that the list of additions and deletions can trust new trust anchor, the changed set of trust anchor certificate can be downloaded to the user.

鈼?options in dealing with different PKI trust list of practical benefits. Because of the different CA, provider of the product has a different trust model, and some only support the hierarchical model, some support for such cross-certification, others are mixed models, etc., so that makes the difference between the PKI and trust model to achieve interaction between a problem. The trust list can avoid these difficulties.

Shortcoming

鈼?From the user's point of view, to bring a particular CA trust list into its main purpose of the CA's Mouxie users with communication Yu verify their Zheng Shu Jin Xing's 闇?眰, while listed in the CA trust list itself, Bing without fully understanding and trust;

鈼?users will trust the new CA to join their list, you must investigate and understand the CA; the same time must also be regularly updated by the CA trust important information, as listed in the list to increase the number of CA, using burdens have increased;

鈼?a list of structures can not properly handle the trust on the list has been a failure, the operation of the CA is no longer the situation, because the failure of the CA and CA belong to the list of holders there was no trust relationship between the failure of CA do not even know they are the trust of a user object, and therefore can not inform the user itself is invalid.

Hybrid trust model

Hybrid trust model structure, bridge-shaped structure that is. It is the common structure of the trust structure, which combines hierarchical, mesh, trust lists, and a different trust model integrated structure, it has many advantages, application of more common.

Network trust structure is a trust based on cross-certification intermediary point of the bridge structure. It is through the establishment of a clearing house for CA, by it to various forms of trust and cross-domain authentication, and as with other PKI / CA build bridges of confidence. Clearinghouse CA CA as an independent center, and trust each CA domain, including an independent CA, mesh, hierarchy or structure of the CA domain, on an equal cross-certification, the establishment of reciprocal trust, allows the user to retain their own original trust anchor.

CA as a trusted central exchange point and passed the intermediate focal point, making any structural type of PKI structures can be connected through this central structure, to achieve mutual trust and confidence in each individual cross-domain through the exchange center CA extends to the entire PKI system. Centre for the exchange of CA as a trusted intermediary, it is different from a root CA, it is not the start and end point of the entire trust, not the entire bridge in the domain of trust anchor, and trust each CA domain retains the trust of their original source.

In this structure, the trust's transfer is not as strict as the hierarchy, all entities to a trusted root CA key as the anchor, rather than the exchange of CA's key centers as anchors. Each end-entity with its root CA in the domain key, followed by the certification path processing to obtain central CA key, and then get another field center of a CA key, and finally achieved the goal that the terminal domain entity key. Certificate path processing generally use "heuristics" or "graph theory method", as the depth or complexity of the path varies.

Advantage

鈼?Bridge CA Centre as the different trust domains trust the bridge and guarantor of exchange, assume the role of third parties, such a neutral position with supervision will be conducive to safeguarding the credibility of the whole system based on trust and seriousness. The establishment of the exchange center will establish a set of CA on the CA to achieve mutual trust resources, methods, strategies, norms and other rules of the article, the different CA to audit and supervision of the trust domain, thus ensuring the reliability of the entire chain of trust.

鈼?Switching Center CA trust model structure is different from the network structure is also different from the hierarchy, but a focal point of the wheel there is a radiation-like structure. It is an open trust model, in passing this bridge CA trust level below the network still allow the existence of cross-certification, certification level of the root CA trust chain exists different.

鈼?in the structure to increase or reduce a CA or PKI domain is relatively easy. Changes in the size of its system, the trust relationship easier to manage.

鈼?The bridge CA approach, n a CA certificate need to cross only the number of n, from a management point of view, very economical and simple.

Shortcoming

鈼?PKI architecture more complex, including the hierarchical structure, network structure and trust in the list structure, thus forming a variety of different features of PKI structures connected to form a complex search for the certificate and certificate path validation and complex problems;

鈼?鍦ㄤ俊浠诲叧绯荤殑寤虹珛鏂归潰锛屾ˉCA鏄悇淇′换鍩熷缓绔嬩俊浠诲叧绯荤殑妗ユ锛屼笉寮鸿皟寤虹珛缁熶竴鐨勮瘉涔︾瓥鐣ワ紝鍗充笉寮鸿皟鍦ㄥ缓绔嬩俊浠诲叧绯绘椂蹇呴』閬靛惊浜ゅ弶璁よ瘉璇佷功涓墍纭畾鐨勬媴淇濈瓑绾т箣闂寸殑涓?竴鏄犲皠鍏崇郴銆傝繖姣斿眰娆$粨鏋勪腑蹇呴』缁忚繃涓ぎ璁よ瘉鏈烘瀯缁熶竴璁よ瘉鏈夋墍鍖哄埆銆?br />





相关链接:



Easy Food And Drink



I used so cool Music box, easy to download favorite songs



Getting Started with Corel Draw 10 (4) hands to Create vector graphics (1)



Ansys thermal analysis guide chapter ii



MPG to 3GP



New System Utilities



Flash highlights examples of forms produced (7)



H.264 To AVI



MPEG to MOV



Unix's "new life"



RMAN Beginners Guide



Trace And Ping Tools reviews



Foxconn high price told reporters: an Asymmetric war



"Golden Land PROJECT" supervision of our lifeline



Expert Gallery And Cataloging Tools



Performance Evaluation Of 10 Folly



Thursday, October 14, 2010

Chinese way: do the best CAD China



Chinese way - to do the best CAD China

Respondents: Hangzhou China Software Co., Ltd. Deputy General Manager Mr. Wu Weibin way
Interviewer: China's Feng Shan Software Network





Deputy General Manager of Hangzhou Yuan Zhen Hua way software



Reporter: First, the Chinese software network fortunate to have this opportunity, on the domestic software enterprises in the construction of thematic channels on your interviews. So, please start to talk about China's current channel construction software industry status quo.

Wu: channel construction in China, the broad market, for each company, are very important and necessary. I see it, China has two problems existed in the software channel, which can be said that two aspects of its features.

First, the stability of the software channels: software channels are higher, and not hardware sales in the short term can have greatly improved, while software sales channels requires a long-term accumulation, so as to establish a relatively high stability of sale system. Therefore, we said, the software channel is geared towards the development of flat patterns. The same product in China have a lot of software vendors, partners need a fairly long process to understand the software vendor's cooperation mechanism. As a result, software vendors need a good co-operation mechanism to establish the company's brand, expanding the company's reputation and influence.

Secondly, the channel construction of the implementation of the edge: we are mainly do CAD direction, if we want to look for more good agents, not only need to establish a long-term business objectives, but also concerned about the agents point their interests. From the agent point of view, their concern is more a short-term interests, that is, their return on investment, look for more mature markets. We need to do is to find agents interests focus and guide the agents to fully understand our company, understand our company culture, about our excellent products and constantly improve the service and establishing a win-win relationship and confidence.

Reporter: At present the company's difficult channel construction where?

NG: First of all, brand awareness to be improved. How can I quickly find a good agent? This need to increase the company's brand awareness, so good agent knocks on your door, let them know, with us, is a major cause of return of interest, but also to strengthen ongoing investment agents, long-term confidence.

Second, rampant piracy is one of our long-term problems. At present, although the Government spared no effort to crack down on pirated software, but the situation is still not optimistic. The existence of piracy is not just a business, a user's problem, but the current historical conditions in China a necessary stage. Any of our software companies have to do a good job of preparing to fight a protracted war.

Again, the software. Channels the stage: We are building in the channel at the exploratory stage: Now that we have with agents is a long-term interests of the community, we have a need for agents realize the value of services, and allowed to establish self-confidence, and the interests of space to its full, has introduced its strong product. Thus, more cooperation can be carried out quickly, reflecting the value of our services.

Reporter: The company's solution to how the like?

NG: First of all, establish the company's brand recognition. Chinese way to fully use the advantages of resources within the company. We have a rich experience, strength, and thick in the development and management team. After years of development, our team also won the recognition of many partners. Agents on our understanding, will realize a win-win nature of cooperation, such cooperation can reduce the risk.

And brand building, of course, need the help of some advertising methods, our main means of publicity, including: A, to strengthen the construction site, while also strengthening the network of media publicity; strengthen product development, continually launching new products, product launch held regularly Council; B, to strengthen cooperation with the Government, anti-piracy software, establish legitimate software quality image and widen its influence; C, to increase exposure in various media, to strengthen cooperation with the second developer to carry out deep-seated cooperation.

Reporter: You mentioned many times to listen to the company's superior products, Can you give us a brief product and its advantages?

Wu: Yes. Company focused on mechanical design CAD. We also put Architectural CAD as a main direction of our year. Talking about CAD, we can not talk about domestic and foreign situation of the current number of CAD.

On the one hand, the domestic terms, do CAD this one is not even a lot of them, mainly two-dimensional CAD and 3D CAD, of course, three-dimensional CAD has many advantages, we are mainly doing two-dimensional CAD, to do three-dimensional CAD, must be fully mastered the basis of two-dimensional CAD technology. In addition, in our country, two-dimensional CAD has more features for our specific conditions. For example, capital investment, human resources without too much input, the starting point is relatively low, but can also develop more suitable for different software for each specific industry.

On the other hand, the international CAD software at an alarming rate in the technology forward. I had open door policy with the implementation of many excellent foreign influx of CAD software in China. Technically, the overall trend is toward integrated, networked, collaboration and intelligent direction. However, the overall level, China's development and application of CAD technology and the developed countries is still larger than the gap between various industries throughout the development and application of CAD technology in depth and height are present pressing problem.

AXCAD greatest strength lies in software performance stability. High cost relative to foreign, we are able to improve products and services at competitive prices. This is also after years of accumulation, which developed, and for China's national conditions of mechanical design CAD.


Reporter: A good idea is a long term development of the company's point standard, Chinese way of philosophy? What is the trend of development of the company's?

Wu: Our philosophy - to do the best domestic CAD. We are a technical industry, because of the field with 10 years of CAD experience in team development, and the accumulation of deep industry background, working for the Chinese to develop a user can use, easy to use CAD products, and related design process management software. Our trend, I think it summed up with the following:

Professional, so better

AXCAD that if a software can do anything, that means nothing useful. AXCAD its professional features, look forward to provide users with specialized software.

Details determine success or failure

A good software and bad software, the biggest difference is not functional differences, but the details of the process of achieving functional differences. AXCAD that reduce the user if a mouse click, a keyboard input, such efforts are worthwhile.

Good software, users create

AXCAD do not think that a group of developers who only know the computer to design good software, good software, designers can only be our true customers. Therefore, we have been working to shorten the distance between the user, we are keen users AXCAD praise, I also hope that users AXCAD harsh censure, AXCAD excellence that it is these users, is to promote the AXCAD biggest growth engine.








Recommended links:



Review Health And Nutrition



Premier Log Analysers



remove Antimalware doctor how to remove



MPG to DIVX



Farewell Babyface, ISee 1 Minute To Create Face-lift Effect



MPEG4 to MPEG



CorelDraw drawing the Red Lantern



LG fourth quarter net profit surged 91 percent NET profit 319 million U.S. dollars



Lean Shipbuilding Theory and Practice in Foreign



Review Personal Interest



SARFT Issued The First Batch Of 3G Licenses Audio-visual



National domain name ". CN" will BREAK 10 million mark



3GPP to WMV



Comparison Network And Internet



Kelon did not deny that Gu Chujun was under surveillance



Photo 6 of a tough, for the first magic



How to SEND a dynamic image JSP page



Tuesday, October 12, 2010

Qiu Bojun believe love at first sight, no one suggests





Qiu Bojun

Jan. 18 morning news, Kingsoft (the "Gold Mountain"), Chairman and Acting CEO Qiu Bojun yesterday in China (Suzhou) summit dialogue forum in the game industry has no intention of leaking Kingsoft CEO candidates to find "secret." Although tight-lipped after this, but he has hinted yesterday Kingsoft CEO within the present no one can stir up the beam.

Jinshan in the current game industry announced a high-profile annual meetings in 2008, the game strategy, and vigorously promote the new game for two, but Qiu Bojun in the game industry's most concerned about the annual meeting and the most frequently asked questions is, CEO candidate problem.

16 night of the 2008 strategic vision online games at Jinshan, Jinshan Qiu Bojun had selected a new CEO about the "laws", he thought the selection of CEO is a very important matter, the company will this not also can not suddenly airborne with radical measures.

"You could say two, one, Jinshan business is very strong, we do not want to suddenly come to an airborne, came out to go to war reform; II CEO can not find a time line of demarcation, can not do without the right to come and will be on the high a short man with no pick of. "Qiu Bojun said that Kingsoft CEO selection to the right before, I'll post has been deputy CEO

Yesterday, Qiu Bojun again revealed a number of specific "requirements", said the need to know to call the game, understand the software, the IT industry are familiar with. He also said the search for CEO is like asking a girlfriend, to say a fate, to find the right can not be designated a timetable.

In the search for candidates for the CEO, and soon fell in love more than Qiu Bojun believe love at first sight. "If soon fell in love effective, long singled out the right person." Qiu Bojun suggests that currently no one qualified internal Kingsoft CEO. He also reiterated that from the outside did not rule out the possibility of inviting executives, specifically responsible for selecting the next CEO of the "Special Committee" operation.

Lei Jun listed soon left to become IT industry in 2007 one of the most talked about news, its successor, the 2008 IT industry has become one of the greatest suspense. Analysts believe that Jinshan find CEO facing a "dilemma." Internally, the lack of Lei Jun has absolutely convincing that the spiritual leader of capacity; external, airborne difficult to adapt to Peak's unique corporate culture.







Recommended links:



Backup And Restore Brief



MATROSKA to MPEG



7 completely remove the USB DEVICE hardware approach



A Starting FROM OpenSPARC



PIMS And Calendars Infomation



Articles about Icons



HR Staged Star Wars



Basic Framework For JSF



Stack Usage



Easiest Way To Convert Xvid To Mp4 Mobile



Do Not Worry! Three-trick To Help You Pick A Good Memory



Easy to use Dial Up And Connection Tools



Window tab bar: small label, Big Vision



YouTube to WMV



AVI to MKV



Credit "to Bear The Blame," Who Back?



Wednesday, October 6, 2010

CSS color and background properties



When talking about the font attributes have been mentioned, a document fonts and colors can look directly to the document have a great impact, therefore, the color of the background attributes of our detailed study and description.
In the CSS properties, usually the color of color Tezhi prospects, and background can be a background color or background pattern. Background in defined patterns, we can specify the exact location of the picture, if repeated, and whether it is fixed or scrolling with the page content.
color
Attribute value:
Initial value: Default value developed by the UA
Applies to: all elements
Inheritance: Yes
Percentage values: NA
This property describes the color of the Chinese version of an element, also known as the foreground color. If the text should be set to red, the following are two methods. EM (color: red) / * used to define general keywords, these keywords can be that we read * / EM (color: rgb (255,0,0)) / * used to define the RGB values of each RGB value from 0 to 255 * /

background-color
Attribute value: | transparent
Initial value: transparent
Applies to: all elements
Inheritance: Yes
Percentage values: NA
"Background-color" sets the element's background color.

background-image
Attribute value: | none
Initial value: none
Applies to: all elements 顥?br />Inheritance: No
Percentage values: NA
This element set an element's background pattern. Note that when setting the background pattern, together with the background color must be set. Because sometimes these images will be unavailable for some reason, this time can be replaced with the background color and background color and background color to color similar to the pattern.

background-repeat
Property values: repeat | repeat-x | repeat-y | no-repeat
Initial value: repeat
Applies to: all elements
Inheritance: No
Percentage values: NA
In the case of setting the background pattern, set the "background-repeat" can determine whether the repeated pattern in what way or repeated.
If property value is "repeat", it means picture in the horizontal and vertical directions are repeated arrangement.
If property value is "repeat-x", said the level of repeat array.
If property value is "repeat-y", said vertical repeat arrangement.
If property value is "no-repeat", that does not repeat.

background-attachment
Attribute value: scroll | fixed
Initial value: scroll
Applies to: all elements
Inheritance: No
Percentage values: NA
In the background of the case has been set pattern, usually attached to these patterns in two ways:
1. One is never static background image, text in the background above the "scroll";
2. The other is the background image with text on the page with the "rolling."

background-position
Property value: [ | ] (1,2) | [top | center | bottom] | | [left | center | right]
Initial value: 0% 0%
Apply to: block-level elements and can be replaced
Inheritance: No
Percentage values: refer to the size of the element itself
Pattern has been set in the background circumstances, background-position specifies its initial position. If you set the property value is "0% 0%", then the mean image upper left corner and upper left corner of the element of coincidence, if you set the property value is "100% 100%", then the lower right corner and the mean image elements overlap the lower right corner, and so on. In setting the background image position when you can use keywords to define the specific location, here are some keywords and the corresponding size:
"Top left" and "left top" = "0% 0%";
"Top", "top center" and "center top" = "50% 0%"; and so on.








相关链接:



Make A IPhunter



Flash To MPEG



Picked Accounting And FINANCE



The latest trends in "Westward Journey 3" Daohao Trojan



Can not plug in the MSN IP View Friends



Liang No. 400 400 640 074 008 TAKE your pick



DVR-MS to MPG



how to create an Html newsletter



Wizard Audio Speech



SWF to MP4



Add to drive "off" command



Security World Asia-Pacific will be the new economic CCAC2008



Raffles shipyard with Dassault Systemes PLM Goes Digital



U.S. will Send experts want to increase overseas trade negotiations to combat piracy weight



Helpdesk And Remote PC Shop



e-cology in the Pan Micro Series 29