Research And Implementation On The PKI/PMI Application In Police Information Systems

The computer network is vulnerable to hackers, Trojans, viruses, malicious software and other non-authorized acts because of its characteristics of openness, diversity and the inherent flaws of operating systems and application programs. With the rapid development of related industries, such as Internet-based e-government, e-commerce, online shopping, the security of network is becoming more and more important. The police network system is not connected with the Internet, but when it realizes remote networking, it also encounters the mentioned security problems of network. Whether these problems can be solved completely and effectively or not will directly determine whether the construction of police information system can succeed.In 2004 the internal governing department of the police starts up the construction of the police information center. These projects demand that all networks, database systems and OA systems in provincial and municipal information centers should be reconstructed and based on a safe and reliable condition. Then the realization of the applied systems connected with each other and nationwide networking will be gradually achieved.Based on the project of"The Reconstruction of the LAN of Police Information Center and The Construction of Information Systems", this thesis systemically explores and summarizes the basic theories of the police information systems. As the main content of this thesis, the problems of security and"the isolated islands of information " in police application systems are studied and solved. The police information systems must be realized using the PKI and PMI technology. The original isolated application systems in each police information center are connected to form a connecting application system and the application systems which are based on user's name/password also must be changed into one that is based on the mode of PKI/PMI which can be accessed and managed independently.This thesis focuses on the issues, such as the authentification of user and permission management, which are necessary for application system. The PKI/PMI subassembly technology is also applied in the present thesis. Based on the PKI/PMI technology it realizes the issuance and management of the X.509 standard certificate, the related safety communications, information encryption, digital signature, and so on. And it also establishes and maintains a unified system of mutual trust. By using the highly centralized management of user identities, the access rights settings, and a variety of audit technologies, it offers the manageable and complex security technology for complicated network system and its application, It can achieve authentication, accessed control and information encryption to ensure the safe operation of application systems. Based on a variety of applications and the underlying operating system structure, it can provide a full range of security services for applications system and application servers. It can be applied to a variety of operating systems and application environments, offer standard application interface, completely transparent for the upper application system, and provide network security for the construction of police information systems.Combined with the subsystem of the information system of police---office automation systems built on the basis of PKI/PMI secure component, this thesis describes the detailed applications and operation mode of the PKI/PMI secure components in the police information system.In this thesis the security units based on the framework of PKI/PMI technology is designed and implemented, and the management platform on which the police information system can safely run is established. Through the uniform and standardized interfaces the unification authorized authentication and access control is realized. At the same time, by using the concentrate and audit measures to monitor the operation which relate to the system security and protect applications, the relevant database resources, the security of sensitive information resources, and the controllable and safe access can be realized.