| PKI is a synthetic application security framework developed from public key cryptography. It provides procedures to generate, distribute, and utilize keys and certificates, which transparently enabling encryption or signature services for all kinds of network applications. And the authenticity, integrity and non-repudiation of messages are ensured when electronic transaction occurring.During the e-enterprise process, ZheJiang Mobile Co. Ltd., establishes a set of security requirements, such as protecting the enterprise core production data from steal, access, spread or tampering, and grant the valid user permissions appropriately. On the basis of 《Technical Security Specifications for Business Operation Support System (BOSS) of China Mobile》, this thesis mainly studies how to integrate PKI/CA with access control to protect applications, and finishes the work from the feasibility study of application system's security protection, overall architecture design, outline design, detailed design, coding to applying the developed system to protect BOSS. The PKI certificate instead of conventional username/password being used to authenticate the user in the developed system, there is no username/password being transmitted on the line, and its sniffer or decryption is avoided. Therefore the system's security is strengthened significantly. Because a visitor can not access the protected application server until he/she gets a PKI certificate created by the developed system and uses it for authentication, the attacks to the protected application server are avoided. Even the protected application server has some vulnerabilities, the attacker can not exploit them. Additionally, the permissions can be granted based on user/role in the developed distributed application security system, the permission management is very flexible and efficient. Summarily, the developed system provides multiple layers' security protection, and ensures the application resource or information to be appropriately and securely shared.The paper emphatically elaborated the topic development design research achievement, first chapter described the system application development present situation and the existence flaw, did the general description on this topic selected topic background and the... |
PDF Full Text Request