| For the specialties of code products themselves, countries in the world make their own strategies or rules in the import, export and usage of the code products. In china, the should be obeyed strictly in all kinds of research, production, selling and usage of commercial code goods. Because of the limit of code products export policy in.USA, and windows operation system is widely used and for the popularization of PKI(Public Key Infrastructure) products, so must design the information security according with both windows operation system and PKI standard.PKI(Public Key Infrastructure) is a uniform technological framework that offers the services of data encrypt and digital signature in the open Internet environment by using the public-key encrypt technology of current encryption. It is designed to provide the administration for usage of public key and digital certificates in the open Internet environment so as to establish a comparatively safe and trustful network environment for an institution or a group. Two main security technologies are concluded in the PKI: the encryption of public-key as well as the digital signature and verification. The encryption of public-key is an effective technology to complete the information security and visit control. The digital signature and verification is another effective method to make sure the legibility of mutual members of certification before communication, the integrity of message in the communication and the absence of mutual denies after the communication. All of those functions are obtained through the PKI key administration technology.After analyzed the research of the status quo, the current of development and the application of the future in information security system in home and abroad, and researched the principle and technology of information security mechanism both in the network with open internet protocol and in the network with TCP/IP internet protocol, according to the Microsoft information security structure and the application in network, and, the information security system should be established based on the PKI structure, the security system can totally integrated with Microsoft operation system . Based on the application of the security system in network, Following modules are contained in that model: the module of the realization of intelligent cards hardware, the module of CSP(Cryptographic Service Provider ), the module of hardware certificates, the module of administrating the certificates, the module of applications, and so on. All application modules are designed in accordance with the PKCS standard strictly. So it is convenient integration of this mid-ware product withother products in PKI standard, each module should be used separately or cooperatively with other PKI products and can be dissembled dynamically as well as provides standard interfaces according to the Microsoft structure, and finally designed the mini application (namely mini certificate award system) with PKI structure based on the information security system.The DLL pattern is adopted to design the whole system, and design separateness module for important data structure, for example about the public/private key pair information and the certificate information. So it is convenience for different users with different hardware preserve important data. In fact, the whole system save the important data in the register table, it is a relatively safety method in only realized by software.It is shown the design of interface, running and data structure of some key modules in the system in this paper. And design a mini certificate award system by using the information security system as example.In the last chapter, conclusions are made about the whole paper, and the future work is expected in the end.
|
PDF Full Text Request