Design And Implementation Of Service Based Cryptography Application Support System

In the construction of critical information systems and network trust systems, such as e-commerce, e-government, public key cryptography is extensively used to achieve the core functions, which usually is identity authentication, protection data integrity and nonrepudiation. However, the traditional application mode of public key cryptography deploys the structure due to its function, which makes it difficult to develop, maintain, be safe and use. As a result, public key cryptography cannot be used effectively.In this paper, we mainly introduce the model, requirement, design and system realization of public key cryptography application support system based on service. In the end, we make a summary of the whole process and look forward to further work..Under the traditional application model, the public key cryptography technology implementation part focusing on the application is divided into two parts by the public key cryptography application support system:client and server. Client is responsible for public key cryptography application requests, and then pack and send them to the server; Server receives the client's requests, decodes the requests and deals with them; at last, the response is packed and sent to client in accordance with the format requirement of public key cryptography application protocol; Client receives and verifies the response from server, and applies the results. Under this application mode, the only thing client needs to do is pack the public key cryptography application request and send it to server in accordance with the protocol requirements and use the results from the server without having to pay attention to the details of the cryptography. It reduces the complexity of public key cryptography application, and simplifies the development and maintenance of application system. For there is no need for client to know the complicated process of public key cryptography, this model has a good adaptability in upgrading of cryptography, for example, the transition method and process from the RSA algorithm for public key cryptography system which is widespread concerned nowadays to ECC algorithm system can be simplified. It plays a facilitating role to the application and development of public key cryptography technology.During the requirement analysis, the basic requirements of verify the digital certificate to be met is summarized considering the validity of digital certificate validation is the basis of public key cryptography technology. And we point out that the application technology of public key cryptography is composed by a series of application areas, such as time stamps, digital signature and so on. To these different application fields of public key cryptography, there are a lot of similarities to the certificate validation. After effectively solving the digital certificate validation,the implementation of other applications may refer to it.During overall system design process, we first introduce an integral part of the system from outside of the system, the function of various components and connections, especially the relationship between business systems. The deployment structure is given by which is consist of the business system, public key cryptography infrastructure and public key cryptography applications based on service support system.System design including system structure, functions of each module, the links between modules, gives certificate validity, and the message formats to use HTTP protocol to carry the protocol referencing RFC5055 protocol. Finally the safety of the system is briefly analyzed and strategies to deal with common security problems are discussed.During system implementation, we focus on the partial design of the system core functions, and adopt the form described by UML, including scalable system architecture framework, and make a brief description of the structural characteristics of the components. During the system implementation process the existing design problems are fixed, some designs are added and the implementation details are optimized to improve the system's maintainability and efficiency.The system provides users with intuitive and friendly application interface, so that developers in business system can focus on the realization of business functions, and solve the problems of business application system which is plagued for a long time, such as complex public key cryptography technology, non-standard realization, long development cycle, difficulty to support multiple digital certificates issued by electronic authentication center. User's business needs and service requirements can be basically satisfied, as well as an efficient management, simple management methods and management tools are provided to back-stage managers to complete the original design goals, and achieve the intended full functionality.