| CA system is a widely adopted effective architecture to assure security of network and information under large open network environment. It is built on the research and development of Public Key infrastructure (PKI) technology. It applies cryptographic algorithms to make information through network be secure, reliable and trustworthy.This text analyses the requirements of network security and user's requirements and finish the analysis and detailed design CA system. The implementation is composed of two parts of CA and RA. It uses .NET technology and refer to OpenCA system's implementation. It can handle the entire workflow related to requesting, creating and delivering X.509 Digital Certificates.In this paper, the system development background has been discussed, as well as current research status of CA system. It introduces the analysis and design of security and system structure, database design, application of cryptography and .NET development practice. Also it introduces the test and deployment of the CA system.The key problems solved in this paper are as follows:First, realizing process control of development. In order to develop quickly and keep the system flexible, the method of iterative development is applied. So the system functions can be built gradually, at the same time it can be test so the errors can be corrected at the earliest opportunity.Second, completing the implementation of encryption algorithms and international criterions. The algorithms and standards adopted by the system are completed by using C#. The certificates produced by the system are conformed to international standards so that it can be used globally.Third, designing the system structure. By experiences of software developing and deploying, several design patterns is applied in system to make the system configurable, modular, flexible and easy to maintain. According to functions, the system is separated into Certificate Authority (CA) and Registration Authority (RA). They were realized by using ASP.NET and C#. The CA is responsible to the management and creation of certificates and keys and the RA carry out the user's registration. The information is stored in SQL SERVER2000 database by means of ADO.NET to access it. A LDAP server should be set up to publish certificates and CRL information. Through web browser the user can use the system functions. In security for information transmission, the Security Socket Layer protocol (SSL) is used between client and server, which can be realized by configuring IIS server.Fourth, modeling workflow. By using Business Process Modeling techniques, the process of certificates request and otherwise is defined as a series of states, the program can automatically transfer the states according to the user actions.Fifth, the functions of system management and auditing are realized. To control and manage the whole system, the system log is needed to record every user's operations. The administrator's identify authentication and authorization should be verified strictly.Sixth, affording application interface. For the developer to access the functions of the CA system, Web Service is used to provide the convenience. |
PDF Full Text Request