Research And Design Of Database Encryption System Based On Certificate Authority

With the wide spread of computer application, people feel more and more hard to work or live without information system. When we are enjoying the convenience brought by the computer application such as E-Commerce Systems or E-Government System, the problem of information safety has also get more serious. In most circumstances, the most valuable thing in the computer system is the DATA, especially for E-Government System. In E-Government Systems, data not only represents the value, also means the SECRET. In typical E-Government Systems, the information is stored as database. As a result, in the open Internet environment, protection of database is called "The Last Line of Defense". Making the sensitive data in the database encrypted and stored in cryptograph can effectively avoids information leaking, so more and more domain experts start to focus on the design and research of database encryption system.This thesis studies related knowledge on the Database Encryption, analyzes the safety potential existing in typical E-Government System, separately researches the threat from Internet and problems from inner operators, imports the PKI (Public Key Infrastructure) technologies digital certificate and digital signature into the structure design of database encryption system, and proposes the Database Encryption System based on the CA (Certificate Authority).PKI technologies can provide authentication, digital encrypted transportation and digital signature validation for application on the internet. CA is the core module of PKI. This paper designs the Certificate Application based on the classification signature validation to reduce the time cost when single certificate needs updating. The users have their certificates to login into the system with the combination of conventional name and passwords login authen, which combines authentication and certification to guarantee the system login safety. With the another core technology in Database Encryption System- Encryption Key Management, the certificate of Key Management System Server and its private key stored in the CA can be used to protect them. As the provider of safe keys, The KM (Key Management Server) can only be called by the Key Engine. Separate the KM Server from application Server can protect the key safe. Considering the efficiency of network system, we use symmetric encryption algorithm (AES) for information encryption, as a result, the safety of the symmetric encrypt keys is very important to the database safety. Application Server, KM and users are all entities to CA. The key protect system which uses the certificate and private key stored on the CA Server to manage the symmetric encrypt keys proposed in this paper is more safe and flexible than other multilevel key protection structure.