隨著網際網路無遠弗及的快速發展，已漸漸衝擊及改變人們的生活方式與交易形態，例如現今最熱門的電子化政府與電子商務為網際網路重要的兩個應用。基本上網際網路是一個開放的網路，所以很容易遭受不法人士的竊聽、竄改、偽裝欺騙等攻擊。所以使用者未來在使用各種網際網路應用服務，除了要求高頻寬網路外，更希望有一具隱密性、鑑定性及不可否認性等可信賴及安全的網路環境，以保障各種網路應用的安全及可靠性。憑証及公開金鑰系統被視為現今最能提供較強安全防護的密碼技術，但憑証 (Certificate)及公開金鑰 (Public Key)系統能夠廣泛提供安全機制及各種安全應用服務，必須依賴一個“公開金鑰基礎建設（Public key Infrastructures, PKI）”的建置，至少它可支援憑証/公開金鑰的各種管理功能。 因PKI被視為目前可提供一個可信賴及安全基礎網路環境最成熟及最有效的解決方案，所以世界各國及企業正在大力推行公開金鑰基礎建設(PKI)的建置，以做為各種應用服務的安全樞紐。

若依建置PKI所須考慮議題，大體而言PKI的建置可分為兩大項目：技術、應用部份及法規、政策部份。技術、應用部份包含憑証管理機構 (CA) 管理功能及架構、PKI相關技術標準、PKI核心技術研發（如密碼演算法的實現等）、PKI各原件的模型(Model)及工作方式，PKI所提供的各種安全服務，授權管理基礎建設 (PMI) 及PKI互通 ( PKI Interoperability)等等議題；法規、政策部份包含電子/數化簽章法，電子交易法及認証機構建置條款等等的法律規範。若依服務的對象，PKI的建置主要分成兩大類: 公眾 (public)及私人 (private)。公眾PKI服務的對象是一般廣大的用戶例如國家或Internet的使用者。私人PKI服務的對象一般是針對特定的用戶例如該企業的員工或有關人員。當然依不同目的建置的PKI，它們考慮的建置項目議題也會有所差異。PKI 可討論的議題相當廣泛，因此在本論文中，我們針對PKI的建置的四個議題，提出有建設性的研究方案及建議。

第一,我們針對ITU規格上的X.509 v3 憑証(Certificate)格式，提出一種改良式憑証格式被稱為 MPK (Multiple Public Key) 憑証格式，它主要的特色是可包含多把公開金鑰在此憑証格式中，並可加速一些安全應用的憑証處理時間例如TLS或 S/MIME等應用；另一特色是當只須存放一把公開金鑰在此MPK憑証格式，它的格式會與X.509 v3 格式是相容的；我們正積將MPK憑証格式，提出到IETF 當成草案建議。

第二,因為我們有參與我國政府公開金鑰基礎建設 (Government Public Key Infrastructure, GPKI) 相關建置計劃的經驗，所以對我國在PKI的努力與成果有相當程度的了解，因此有多篇論文探討有關我國PKI發展及電子化政府的現況與成果，並對我國PKI的發展提供建議，並且已在國內、際學術期刊上發表。同時我們特別針對Asia PKI Forum 的三個發起國日本、韓國、新加坡，廣泛收集它們在PKI建置的一些相關計劃與成果，做一深入的歸納與比較，它可做為我國與未來要發展PKI的國家，提供很寶貴可咨參考與借鏡的範例。

第三，在PKI的領域中，數位簽章 (Digital Signature)是相當重要的技術，其中由Nyberg 及 Rueppel 所首先提出的訊息回復的數位簽章法 (message recovery signature scheme)， 已被IEEE P1363 及 ISO 9796-4 定為數位簽章標準，我們也針對訊息回復的數位簽章法提出一個攻擊法，指出Nyberg 及 Rueppel 所提出的訊息回復的數位簽章所產生安全上的漏洞。

第四，對於 PKI 的建製，只注意技術的安全機制(mechanism)，對整個系統而言大概是不夠的，需結合一些憑證政策、程序才能確保其整體安全性，因此在本論文第四章，專門對PKI管理的一些重要議題提出討論，它包括建製憑証管理機構 (CA)所須的憑證政策 (certificate policy)、憑證實務作業基準做一深入討論，及對於我國 OID (Object Identifier) 配置的議題提出一些建議。

PKI 目前是一相當熱門的議題，相關技術的發展正在蓬勃發展，本篇論文對PKI的部份議題，提出有效解決方案及建議，希望能對PKI的發展有些貢獻。

three Asia countries, namely Japan, Korea, and Singapore. Because we have participated in some projects of our GPKI, we have published some papers in the following areas such as the R.O.C. (Taiwan) PKI deployment, and the status of e-government in R.O.C (Taiwan) in national or international conferences and journals. Besides the GPKI of our country, we also continue to survey the GPKI development of some developed countries. We believe that these research results of GPKI in our dissertation will be helpful and valuable for our country and those countries, which would like to promote the GPKI project.

Third, Digital Signature is an important technique in public key cryptography and PKI technology. One of these digital Signatures called message recovery signature scheme was originally proposed by Nyberg and Rueppel and adopted in IEEE P1363 and ISO 9796-4. We proposed an extended known message attack to show that the message recovery signature scheme has the security problem.

Forth, In PKI construction, technical mechanisms are insufficient on their own. These mechanisms are usually used in combination with a set of policies and procedures for PKI implementations. In chapter 4, we mention some important management issues on the PKI. It includes the discussion on the two types of documents: Certificate Policy (CP) and Certificate Practices Statement (CPS) that describe the policies and procedures associated with a PKI. And it also has some remarks on the status of Taiwan OID (Object Identifier) assignment.

Nowadays, PKI is a hot topic in the network and information security. The related technique of PKI is boomingly developed. In this dissertation, we are just involved in part issues of PKI deployment and propose some valuable solutions and recommendations.

[AES]
National Institute of Standards and Technology. "Advanced Encryption Standard Development", available at http://aes.nist.gov.

[AMV90]
G.. B.Agnew., R.C. Mullin., and S.A.Vanstone., "Improved digital signature scheme based on discrete exponentiation," Electronic Letter 1990 Vol. 26 (14), pp. 1024-1025.

[APPS00]
G.. Apostolopoulous, V. Peris, P. Pradhan, D. Saha, "Secure Electronic Commerce: Reducing the SSL Overhead", IEEE Network, pp. 8-16, 2000.

[BRO78]
A.E. Brouwer, F. J. MacWilliams, A. M. Odlyzko, and N. J. A. Sloane. ,"Bounds for binary codes of length less than 25", IEEE Transactions on Information Theory ,Vol. IT-24, pp. 81-93, 1978.

[BRO90]
A.E. Brouwer, James B. Shearer, N. J. A. Sloane, Warren D. Smith., "A new Table of Constant Weight Codes", IEEE Transactions on Information Theory, Vol. 36, No. 6, pp. 1334-1380, 1990.

[CAR99]
Carlisle Adams and Steve Lloyd, Understanding Public-Key Infrastructure: Concepts, Standard Deployment Considerations, 1999.

[DAVID02]
David W Chadwick, "An X.509 Role-based Privilege Management Infrastructure", BUSINESS BRIEFING: GLOBAL INFOSECURITY 2002

[DHQ98]
Y. Desmedt, S. Hou, and J. Quisquater J., "Audio and Optical Cryptography", In Advances in Cryptology-Asiacrypt’98, Springer-Verlag LNCS, pp392-404.

[DIFF76]
W. Diffe, and M. Hellman., "New Directions in Cryp tography, " IEEE Transactions on Information Theory, vol. IT-22, no. 6, 1976, pp. 664-654.

[DSA92]
"The Digital Signature Standard Proposed by NIST", Commun ACM, Vol.35, No.7, pp. 36-40, July 1992.

[ELG85]
T. ELGamal, "A Public-Key Cryptosystem and a S ignature Scheme Based on Discrete Logarithms," IEEE Transactions on Information Security, Vol.IT-31, No.4, pp. 469-472, 1985.

[FBCA]
X.509 Certificate Policy For The Federal Bridge Certification Authority(FBCA), June 14, 2001.

[FIAT89]
A. Fiat, "Batch RSA" In G. Brassard, ed., Proceedings of Crypto’89, Vol.435 of (LNCS) pp. 175-185. Springer-Verlag, 1989.

[FIPS46]
Federal Information Processing Standards Publication 46. "Data Encryption Standard." U.S. Department of Commerce, National Bureau of Standards.

[FPKI]
United States Federal Public-Key Infrastructure; available http://csrc.nist.gov/pki/

[GSN]
RDEC of the Executive Yuan, "Introductory to the Electronic/Networked Government Program," available http://www.rdec.gov.tw/, 1998.

[HARN94]
L. Harn and Y. Xu, "Design of generalized ELGamal type digital signature schemes based on discrete logarithm," Electronics Letters , Vol. 30 No. 24, 24th November 1994, pp. 2025-2026.

[HARNa94]
L. Harn, "Group-oriented (t, n) threshold signature and multisignature", IEE Proc., 1994.

[HARNb94]
L. Harn, "New digital signature scheme based on discrete logarithm," Electronic Letter, 1994, 30, (5), pp. 396-398.

[HARN97]
L. Harn, "Digital Signatures for Diffie-Hellman Public Keys without using a one- way function", Electronics Letters, Vol. 33, No. 2, pp. 125-126, Jan. 1997.

[HMP94]
P. Horster, M. Michels and H. Petersen, "Meta-ELGamal Signature Schemes," Technical Report TR-94-5, University of Technology Chemnitz-Zwichau, 16 pages, 1994.

[IDC2000]
International Data Corp., "PKI Market Forecast, 2000~2003", December 2000.

[IDEA92]
X. Lai and J. Massey, "A Proposal for a New Block Encryption Standard," In the Proceeding of EUROCRYPT ’90 (Springer-Verlag, Berlin, 1991), pp.389-404.

[ISO93]
ISO/IEC 9798-3, "Informational technology – Security techniques – Entity authentication mechanisms – Part 3: Entity authentication using a public-key algorithm," International Organization for Standardization, Geneva, Switzerland, 1993.

[ISO98]
ISO/IEC 9796-4 Information Technology – Security techniques – Digital signature schemes giving message recovery – Part 4: Methods based on the Discrete Logarithm, draft, 1998.

[ITU97]
ITU-T Recommendation X.509. "Information Technology- Open Systems Interconnection- The Directory: Authentication Framework." June 1997 (equivalent to ISO/IEC 9594-8), 1997.

[ITU00]
ITU-T "Revised ITU-T Recommendation X.509 – ISO/IEC 9594-8: Information Technology – Open Systems Interconnection – The Directory: Public-Key and Attribute Certificate Frameworks," 2000.

[KENT98]
S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, available http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2401.txt

[KIM01]
Kim Ed. Kwangjo, Proceedings of First International Workshop for Asian PKI, ICU, Daejeon, Korea, 19-20 October 2001. International Research Center for Information Security, Korea and Institute of Industrial Science, Japan.

[KIM01a]
Kim Heesun, Cho Yeongsub, Jin Seunghun, and Chung Kyoil, "Current Status and Trends of PKI in Korea," In Kim [KIM01], pp. 1-21.

[KO01]
Kwang-Sup Ko, The Digital Signature Act in Korea, PKI conference, April 16-17 2001, SEOUL Korea.

[KOB87]
N. Koblitz, "Elliptic Curve Cryptosystems," Mathematics of Communication, V.48, n.177, 1987, pp. 203-209.

[KOHN78]
Loren M Kohnfelder, "Towards a Practical Public Key Cryptosystem," B.S. Thesis, surpervised by Adleman, May 1978.

[LAM]
Kwok Yan Lam, "The PKI Experience in Singapore," In Kim [KIM01], pp. 32-39.

[LL98]
Chen-Chi. Lin and Chi-Sung Laih, "Toward a National Public Key Infrastructure Age", 1998 International Telecommunication Symposium (ITS’98), Vol III , pp. 169-178, 1998.

[LL00]
Chen-Chi. Lin and Chi-Sung Laih, "Cryptanalysis of Nyberg - Rueppel's Message Recovery Scheme," IEEE Communication Letters", Vol.4, no.7, pp.231-232, July 2000.

[LL01]
Chi-Sung Laih and Chen-Chi Lin, "The Developing Process and Future Plan in ROC", The First Informational Workshop for Asian PKI, Oct. 19-20 2001, in [KIM01], pp 51-63.

[LL03]
Chen-Chi Lin and Chi-Sung Laih, "The GPKI developing status of Taiwan and some major Asia countries," Computer Communications (Accepted), 2003.

[LLL02]
Lein Harn, Chen-Chi. Lin and C.S. Laih, "Multiple -Public -Key (MPK) Certificate", International Conference of Information Security 2002, Shanghai, China, July 2002 pp. 1-10

[LLY00]
Chi-Sung Laih, Chen-Chi Lin and C.N. Yang, "The Recent Development of E-government and PKI in ROC," SSGRR2000-International Conference on Advances in Infrastructure for Electronic Business, Science, and Education on the Internet, pp.41, Full paper published on CD form, Rome, Italy, Aug 2000.

[LLY03]
Chen-Chi Lin, Chi-Sung Laih and Ching-Nung Yang, "New Type Audio Secret Sharing Schemes with Time Division Technique," Journal of Information Science and Engineering Vol.19 No.4, July 2003, pp 604-615..

[MIL85]
V. S. Miller, "Use of Elliptic Curves in Cryptography, "Advances in Cryptology- CRYPTO’85 Proceedings, Springer-Verlag, 1986, pp. 417-426.

[MD2]
B.S. Kaliski, "The MD2 Message Digest Algorithm," RFC 1319, Apr 1992.

[MD5]
R. L. Rivest, "The MD5 Message Digest Algorithm," RFC 1321, Apr 1992.

[MOVN97]
Menezes, A. J., Paul C. van Oorschot and Scott A. Vanstone, HANDBOOK of Applied Cryptography, 1997, CRC Press.

[NR93]
K. Nyberg, and R. A. Rueppel, "A new signature scheme based on the DSA giving message recovery", 1st ACM Conference on Computer and Communication Security, Nov 3-5, 1993, Fairfax, Viginia, 4 pages.

[NR94]
K. Nyberg, and R. A. Rueppel, "Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem", EUROCRYPT’94, p182-193.

[NR96]
Nyberg, K. and Rueppel, R. A., "Message recovery for signature scheme based on the discrete logarithm problem," Designs, Codes, and Cryptography, Vol. 7, No. 1/2, 1996, pp. 61-68.

[NS94]
M. Naor and A. Shamir, "Visual Cryptography", in Advances in Cryptology- Eurocrypt’94, Springer-Verlag LNCS, Springer-Verlag,1995, pp.1-12

[ODL00]
A. Odlyzko, "Discrete logarithms: the past and the future," Design, Codes, and Cryptography, Vol. 19, No. 2/3, 2000, pp. 129-145.

[P1363]
IEEE P1363: Standard Specifications for Public Key Cryptography; available http://grouper.ieee.org/groups/1363/

[PKCS]
RSA Laboratories, RSA cryptography specifications; available http://www.rsasecurity.com

[PKI01]
CA-CA Interoperability, white paper, March 2001, PKI Forum.

[PKIX]
The PKIX Working Group Charter; available http://www.ietf.org/html.charters/pkix-charter.html

[RFC 2311]
S. Dusse, et al., "S/MIME Version 2 Message Specification", 1998.

[RFC 2312]
S. Dusse , et al, "S/MIME Version 2 Certificate Handing.", 1998.

[RFC 2401]
Security Architecture for the Internet Protocol; available http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2401.txt, 1998.

[RFC 2411]
R. Thayer, et al, "IP Security Document Roadmap", 1998

[RFC 2459]
R. Housley, W. Ford, W. Polk, and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile," 1999.

[RFC 2510]
C. Adams and S. Farrell, "Internet X.509 Public Key Infrastructure Certificate Management Protocols", 1999.

[RFC 2511]
M. Myers , et al, "Internet X.509 Certificate Request Message Format", March 1999.

[RFC 2527]
S. Chokhani and W. Ford, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, 1999.

[RFC 2559]
S. Boeyen , T. Howes, and P. Richard, "Internet X.509 Public Key Infrastructure Operational Protocols – LDAPv2", 1999.

[RFC 2560]
M. Myers , et al, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP v2, 1999.

[RFC 2585]
R. Housley and P. Hoffman, Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP, 1999.

[RFC2632]
Ramsdell, B., S/MIME Version 3 Certificate Handling, RFC 2632, 1999.

[RFC2633]
Ramsdell, B., S/MIME Version 3 Message Specification, RFC 2633, 1999.

[RFC 2797]
M. Myers, X. Liu, J. Schaad, and J. Weinstein, Certificate Management Message over CMS, 2000.

[RFC 3029]
C. Adams., et al, Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols, IETF PKIX WG.; available http://www.ietf.org/ids.by.wg/pkix.html, 2001.

[RFC 3161]
C. Adams , et al, Internet X.509 Public Key Infrastructure Time Stamp Protocols, IETF PKIX WG., available http://www.ietf.org/ids.by.wg/pkix.html, 2001.

[RFC 3280]
R. Housley, et al, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, 2002.

[RSA78]
R. L. Rivest, A. Shamir and L. Adleman, "A method for Obtaining Digital Signatures and Public-Key Cryptosystems," Comm. ACM, Vol.21 (2), pp.120-126, Feb. 1978.

[RSA99]
Understanding Public Key Infrastructure (PKI), Technology White paper, RSA Security Inc., 1999; available http://www.rsasecurity.com.

[RUSS01]
Russ Housley and Tim Polk , Planning for PKI, Wiley&Sons, Inc, 2001.

[SCVP]
Ambarish Malpani, Paul Hoffman, Russ Housley, and Trevor Freeman, "Simple Certificate Validation Protocol (SCVP)", IETF draft-ietf-pkix-scvp-06.txt, July 2001.

[SCH96]
B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition. New York: John Wiley & Sons, 1996.

[SCHNO89]
C.P. Schnorr, "Efficient identification and signatures for smart cards", Advances in Cryptology – Crypto’89, August 1989, (Springer- Verlag), pp. 239-252.

[SHA1]
National Institute of Standards and Technology, NIST FIPS PUB 186, "Digital Signature Standard," U.S. Department of Commerce, May 1994.

[SSL]
K. Hickman, The SSL Protocol, December 1995; available http://www.netscape.com/newsref/std/ssl.html

[STA99]
W. Stallings, Cryptography and Network Security: Principles and Practice, Second Edition, Upper Saddle River, NJ: Prentice Hall, 1999.

[STI95]
D. R. Stinson, Cryptography: Theory and Practice, CRC Press, N. W., 1995.

[TEZUKA]
Satoru Tezuka, "Trend of Japanese PKI and International Cross Certification," In Kim [KIM01], pp. 22-31.

[TLS01]
The TLS Protocol Version 1.0; available http://www.consensus.com/ietf-tls/tls-protocol-03.txt

[TWG-98-59]
W. Burr, Public Key Infrastructure (PKI) Technical Specifications: Part A- Technical Concept of Operations.

[X500]
International Telecommunication Union, Recommendation X.500: Information technology – Open systems Interconnection – The Directory, November 1993.

[X660]
ITU-T Recommendation X.660 Information technology – Abstract Syntax Notation One (ASN.1) encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), 1997.

[X68097]
ITU-T, Information Technology— Abstract Syntax Notation One (ASN.1): Specification of Basic Notation, Recommendation X.680, 1997.

[WU02]
Chii-Wen Wu, Hwai-Ling Shan, Wen-Cheng Wang, Dung-Ming Shieh, and Ming-Hsin Chang, "E-Government Electronic Certification Services in Taiwan," IWAP 2002, pp. 82-87.

[YL93]
S.M. Yen, and C. H. Laih, "New digital signature scheme based on discrete logarithm," Electronic Letter, 1993, 29, (12), pp. 1120-1121.

[WEB1]
http://csrc.nist.gov/pki/documents/welcome.html

[WEB2]
http://www.pkiforum.org/

[WEB3]
http://www.ict.etsi.org/eessi/EESSI-homepage.htm

[WEB4]
http://www.apki-j.gr.jp/E/ForumTop.htm

[WEB5]
http://www.cht.com.tw/english/index.htm

[WEB6]
http://www.pki.gov.tw/

[WEB7]
http://www.taica.com.tw/

[WEB8]
http://www.hitrust.com.tw/

[WEB9]
http://www.entrust.net.tw/

[WEB10]
http://www.id-safe.com.sg/

[WEB11]
http://www.netrust.net/

[WEB12]
http://www.ecitizen.gov.sg/

[WEB13]
http://www.gebiz.gov.sg/

[WEB14]
http://www.pki.gov.tw/

[WEB15]
http://www.mips.mindef.gov.sg/

[WEB16]
http://www.chttl.com.tw/eindex.html

[WEB17]
http://www.ccl.itri.org.tw/

[WEB 18]
http://www.alvestrand.no/objectid/

[WEB 19]
http://oid.nat.gov.tw/OIDWeb/

[WEB 20]
http://www.nap.net.tw/