X.209 (1 988) ASN.1basic coding rules of1specification.

ASN. 1 is a standard method to describe the format of information transmitted on the network. It has two parts: the first part (ISO 8824/ITU X.208) describes the data, data type and sequence format in the information, that is, the syntax of the data; The second part (ISO 8825/ITU X.209) describes how to compose various parts of data into messages, that is, the basic coding rules of data.

ASN. 1 was originally developed as a part of X.409, and later became a standard independently. These two protocols are not only used in PKI system, but also widely used in other fields of communication and computer.

2) Open system interconnection of X.500 (1993) information technology: concept, model and service introduction.

X.500 is a set of directory service system standards accepted by the International Organization for Standardization (ISO), which defines how an organization can enjoy its name and related objects on a global scale. X.500 is hierarchical, and its management domains (institutions, branches, departments and workgroups) can provide users and resource information in these domains. In PKI system, X.500 is used to uniquely identify an entity, which can be an institution, organization, individual or server. X.500 is considered as the best way to realize directory service, but the implementation of X.500 requires a large investment and is slower than other methods. Its advantages are information modeling, multifunction and openness [20].

3)x. 509( 1993) Open Systems Interconnection of Information Technology: Authentication Framework

X.509 is a digital certificate standard formulated by ITU-T.. On the basis of X.500 ensuring the uniqueness of user name, X.509 provides the authentication mechanism of communication entity for X.500 user name, and specifies the certificate syntax and data interface widely used in the entity authentication process.

The original version of X.509 was published in 1988. X.509 certificate consists of the user's public key and user identifier. In addition, it also includes version number, certificate serial number, CA identifier, signature algorithm identifier, issuer name, certificate validity period and other information. The latest version of this standard is X.509 v3, which defines a digital certificate for extended information [2 1]. This version of the digital certificate provides an extended information field to provide more flexibility and information transmission required in special application environments.

4)PKCS series standards

PKCS is a set of public key cryptography standards formulated by RSA Data Security Company and its partners in the United States, including a series of related protocols such as certificate application, certificate update, certificate invalidation table release, expanding certificate content, digital signature, digital envelope format and so on. By the end of 1999, PKCS has issued the following standards:

PKCS# 1: Defines the encryption and signature mechanism of RSA public key algorithm, which is mainly used to organize digital signatures and digital envelopes described in PKCS#7 [22].

PKCS#3: Define Diffie-Hellman key exchange protocol [23].

PKCS#5: Describes a method of encrypting a string using a security key derived from a password. Use MD2 or MD5 to derive the key from the password, and use DES-CBC mode for encryption. It is mainly used to encrypt private keys transmitted from one computer to another, and cannot be used to encrypt messages [24].

PKCS#6: The standard syntax for describing public key certificates, mainly describing the extended format of X.509 certificates [25].

PKCS#7: Define general message syntax, including encryption mechanisms, such as digital signature and encryption. PKCS#7 is compatible with PEM, so encrypted messages can be converted into PEM messages without other encryption operations [26].

PKCS#8: Describes the format of private key information, including the private key of public key algorithm and optional attribute set [27].

PKCS#9: Define some attribute types for PKCS#6 certificate extension, PKCS#7 digital signature and PKCS#8 private key encryption information [28].

PKCS# 10: Describes the certificate request syntax [29].

PKCS# 1 1: It is called Cyptoki and defines a set of technology-independent programming interfaces for encryption devices such as smart cards and PCMCIA cards.

PKCS# 12: Grammatical standard to describe personal information exchange. Describe the syntax of encapsulating the user's public key, private key, certificate and other related information [3 1].

PKCS# 13: elliptic curve cryptosystem standard [32].

PKCS# 14: Pseudo-random number generation standard.

PKCS# 15: Information format standard of password token [33].

5)OCSP online certificate status protocol

OCSP (Online Certificate Status Protocol) is a standard issued by IETF, which is used to check whether a digital certificate is still valid at a certain transaction time [34]. This standard provides a convenient and quick channel for PKI users to query the status of digital certificates, which enables PKI systems to be widely used in various fields more effectively and safely.

6) LDAP lightweight directory access protocol

The LDAP specification (RFC 1487) simplifies the cumbersome X.500 directory access protocol, and makes corresponding modifications in functions, data representation, coding and transmission. 1997, LDAP version 3 became the Internet standard. At present, LDAP v3 has been widely used in PKI system in certificate information publishing, CRL information publishing, CA policy and all aspects related to information publishing [35].

In addition to the above protocols, there are some application protocols based on PKI system, which are representative of PKI system in application and promotion, including SET protocol and SSL protocol.

At present, there are many standards and standard protocols in PKI system. Due to the continuous progress and perfection of PKI technology and the continuous popularization of its application, more standards and protocols will be added in the future.

China also has corresponding national standards:

Information technology security technology public key infrastructure online certificate status protocol GB/T 197 13-2005

Information technology security technology public key infrastructure certificate management protocol GB/T 197 14-2005

Information technology-Security technology-Minimum interoperability specification for PKI components of public key infrastructure

Information technology, security technology, public key infrastructure digital certificate format

Information technology-Security technology-Time stamp specification for public key infrastructure

Information technology, security technology, public key infrastructure, CA certification body construction and operation management norms

Technical framework of information technology, security technology and security support platform

Technical specification of information technology, security technology and public key infrastructure specific rights management center

Information technology, security technology, public key infrastructure, certificate policy and certification business statement framework

Information technology-security technology-application program interface for CA cryptographic devices

Standards under approval:

Simple online certificate status protocol for information technology, security technology and public key infrastructure

Information security technology-Basic requirements for application interface of electronic signature card in public key infrastructure

Information security technology public key infrastructure XML digital signature syntax and processing specification

Evaluation standard of security level protection of PKI system

Information technology-Application program interface of security technology certificate carrier