The Secure Access System Via Public Mobile Network

With the increasing needs and applications of accessing to some special departments via public mobile network using smart phone or PDA,it becames increasingly important to adopt security techniques, including identifying the user,encrypting the sensitive data,utilizing secure protocols and etc., to provide the secure access using mobile terminals. However, on one hand, the software encryption mode has many severe security leaks;on the other hand,most mobile terminals don't support the capability of "USB-Host", thus the USB-Key, commonly used on desk personal computers to save the password andcertificates,encrypt and decrypt data,authenticate user, cannot be directly used on PDA, therefore,the research and implementation of the secure access module for mobile terminals are key factors of the secure access system via public mobile network.As a part of the "the secure access system via public mobile network" for the golden shield project of the institute in the Police Ministry,the thesis has researched and implemented the smartcard of SDIO interface for PDA.The thesis has introduced the framework of the secure access system via public mobile network,its topology,secure mechanisms and the construction headway,meanwhile it has presented the pratical significance of the research on the SDIO-Key.Then for one way,it studies the secure authentication and cryptography techniques used in the the secure access system via public mobile network,emphasizes more on the PKI,and its combination with the VPN network;for another way,the thesis gives a detailed discription about the SDIO interface,including the physical and logical structure of the SDIO bus,the SDIO protocol and the software framework of the SDIO device,then the secure smartcard technology is illustrated,and the operation system of the smartcard (COS) is carefully studied.In the implementation section, after the analysis of the PKI framework, the SDIO bus and the smartcard technology, and in allusion to the character of the embedded system, secure protocols and algorithms related, an implementation structure of the SDIO-Key based on PocketPC2003 kernel is presented, including the design of the hardware, the core driver, the middleware and the test application layer. In the hardware implementation,the thesis has accomplished the slection of components,the connection of those components and the firmware programming; in the software layer, the thesis has given the middleware scheme,implemented the card terminal application programming interface(CT-API),card function interface(Card-API) ,the standard middleware of the PKI---Cryptographic Service Provider(CSP) and the test layer.The SDIO-Key stores the certificates,genarates the public and private keys,encrypts and decrypts the data transfered,digital signs and verifies signatures using certificates.With other modules togother,it has provided the enough security with the access via public mobile network.