一种内外网隔离的证书查询方案设计与实现

计算机工程与应用 ›› 2012, Vol. 48 ›› Issue (32): 94-97.

一种内外网隔离的证书查询方案设计与实现

蔡国明1，王亚弟1，汪淼2，凌永兴3

1.解放军信息工程大学电子技术学院，郑州 450004
2.解放军信息工程大学理学院，郑州 450001
3.江南计算技术研究所，江苏无锡 214083

出版日期:2012-11-11 发布日期:2012-11-20

Design and implementation of certificates query scheme for network isolation

CAI Guoming1, WANG Yadi1, WANG Miao2, LING Yongxing3

1.Institute of Electronic Technology, PLA Information Engineering University, Zhengzhou 450004 China
2.Institute of Science, PLA Information Engineering University, Zhengzhou 450001, China
3.Jiangnan Institute of Computing Technology, Wuxi, Jiangsu 214083, China

Online:2012-11-11 Published:2012-11-20

摘要/Abstract

摘要： LDAP协议广泛应用于网络信息资源查询和证书目录查询，然而在有些场合，证书的查询端和证书目录服务器之间有网络隔离设备，不能直接采用公开的远程目录访问协议来进行证书查询。设计和实现了一种内外网隔离的证书查询方案，既不用修改LDAP协议，又能够防止恶意用户非法获取证书。

关键词: 证书查询, 轻量级目录访问协议（LDAP）, 网络隔离

Abstract: LDAP is widely used in network information query and certificate query. However, on occasion the client and the directory server are isolated, public LDAP protocol is not efficient on this condition. This paper designs and implements a LDAP certificates query scheme for network isolation. The scheme needs not to require users to modify public LDAP protocol and can prevent malicious users from obtaining certificates.

Key words: certificates query, Lightweight Directory Access Protoco1（LDAP）, network isolation

蔡国明1，王亚弟1，汪淼2，凌永兴3. 一种内外网隔离的证书查询方案设计与实现[J]. 计算机工程与应用, 2012, 48(32): 94-97.

CAI Guoming1, WANG Yadi1, WANG Miao2, LING Yongxing3. Design and implementation of certificates query scheme for network isolation[J]. Computer Engineering and Applications, 2012, 48(32): 94-97.

[1]	高妮¹，周明全²，耿国华¹，贺毅岳¹. 网络科技资源平台中元数据的设计与实现[J]. 计算机工程与应用, 2009, 45(25): 141-144.
[2]	武海燕，谭成翔，汪海航. BLP在网络隔离系统中的应用研究[J]. 计算机工程与应用, 2007, 43(15): 6-8.