Design Of Data Security Management Architecture Based On PKCS#11 And Research Of Its Key Technology

Along with the widespread application of network in each department of the society, the problem of information security among the networks obtains more and more attention, especially the demand for data security and protection are increasing day by day. The cryptographic technology which is the foundation of information sercurity is used widely too. At the same time, all kinds of secure products emerges quickley. But due to the lack of a unified data security architecture, the intercommunion and interoperability among different products are very bad, the scale of code repetition is very large, development period of product is very long and development efficiency is very low too. Otherwise, the mechanisms of security secrecy are independent from each other, redundant duplication, lack of integrated security solutions.Against this background, this paper designs a new framework for information security management called PKCS-DSMA based on the PKCS # 11, according to the principle of safety, flexibility, good scalability and modularity level design. Due to the security inadequacies of PKCS # 11 and for giving a unified message management strategy for all the modules in PKCS-DSMA. This paper conducted an in-depth study on the technology of safety check and verification and module information management.PKCS-DSMA defines the application development interface API and service module development interface SPI for the three basic services which are cryptography services, certification services and data storage services. In the Security Check and Verify(SCV) technology, the paper established a layered security protection system which includes PKCS-DSMA, PKCS-DSMA security base and Kylin OS. In the security base, the paper researches on the four security mechanisms--self-check, data integrity verification, bilateral verification and security link. At the same time, it established some rules of TE policy for protecting security base by the Kylin OS. In the Module Information Management(MIM) technology, the paper designed some schema of module information for the support of PKCS-DSMA, Service Module and security base.Finally, this paper summarizes the finished work in the bypassed one year, and it gives an expectation of our future work on PKCS-DSMA.