Research And Application Of User Authentication And Access Control On Distributed System

The security of data is always given considerable attention by all important departments of our country, especially for the confidential departments such as the Ministry of Public Security and armed forces. All data will become worthless instantly without reliable protective measures. What's more, the previous information won't be used for analysis, so that our work will come to a standstill. Even the large database application platform, which supplies technology for electronic government affairs, needs a set of safeguarding measure to prevent any illegal access and revision from the Internet.This thesis takes Criminal Interrogation assistance decision supporting system of Dalian public security bureau as the research background. This paper also conducts the research and practice into the user authentication and access control to the large database system on the internet. There is an increasing need of the Criminal Interrogation system of the Public Security Bureau for the information sharing and access either inside or outside the bureau. The large database system starts to acknowledge the storage and access of online data. Therefore, the security of the internet information has been placed on the schedule. The system should guarantee the security of information while providing the web service in order to achieve the confidentiality, integrity and non-repudiation of all data. Thus the user, within the limits of the safe system management, can get the access to the desired information, without the possibility of the accidental encounter with the restricted confidential information.This paper, based on the research on the theory and characteristics of the existent RBAC model, sets up a promoted access model of the distributed database. It also manages to elaborate on the distributed data to some extent, employs a series of relevant concepts such as similar role set, permission tree, minimum inheritance and maximum inheritance, establishes the corresponding rules, and presents a feasible designing approach and data model. The security of internet authentication calls for the relevant facilities of information security. The thesis aims to guarantee the security of the net authentication and access control of the users by combining the two approaches of PKI and PMI. This ensures not only the confidentiality of information but also the non-repudiation of information and therefore serves currently as the most desirable and recognized system for safeguarding the Internet security. As for the privilege management, the PMI system with the feature certificate enables it to cooperate with identity authentication, thus achieving an extensive employment of the Internet.