在公钥基础设施的应用系统中,对数字证书有效性的验证只涉及证书的完整性、有效期和是否被撤销等几个方面,并不规定其具体应用,不能实现有效的访问控制,从而造成一份有效证书能够登陆多个应用系统的情况,带来安全隐患.从增加数字证书扩展项、新建权限管理基础设施、设置应用系统黑白名单三个方面提出了基于数字证书的访问控制解决方案,并对这些方法的优缺点和适用情况进行了分析.%The validation of PKC in PKI application system only focus on integrity, useful-time and revocation, not any information about materiality. So an effectual PKC can enter many application systems and brings hiding danger. From adding PKC extension, setting PMI, setting application white-black list to control access-secret range of PKC. At last advantages and disadvantages of the three means have been given.
展开▼