| As the widespread application of internet and information technology in industry manufacturing and human daily life, information security increasingly becomes a critical real problem. Among various security threats, identification confirmation, data privacy, data completion, behavior repudiation and visit control are more important. Therefore, the PKI (public key infrastructure) technique obtains more and more attentions and recognitions in solving those problems.In recent years, a lot of standards, protocols, relevant law and regulations were released and implemented. This induced the development and design of the PKI technique becomes easy and convenient. At the same time, many PKI system manufacturers appeared in the market. In fact, most of the PKI systems developed by them are based on the same international standards and protocols. From the viewpoint of technology, there are significant differences among the PKI systems offered by different manufacturers. On the other hand, from the viewpoint of the users of the PKI system, the most important thing is how to apply PKI system to their daily work and to solve the security problems easily and flexibly. Currently, there are no standardized protocols which can be used in the combination of PKI systems and application systems. It is difficult to formulate a set of open standards because of different application forms and different development tools used in the development processes. Therefore, almost all the PKI system manufacturers regard the support of the application system as the highest target in their strategic decision.The security support system in function is mainly to solve the problem to authentication system, data confidentiality, visit control, audit and other related actions of security issues in the information system, but in the traditional system, there are generally two issues,one is to identify the user's registration, the other is to control the authority based on the user's identity. In order to provide high-strength authenticate and management,we can use the PKI technique to solve the problem for authorization by providing a digital certification for the user's identification, and we can use PMI (previliage management infrastructure)technique to solve the authorization problems by awarding user certifications.Thus, when users access system with the digital certificate and attribute certificate, through the application system analyzes the certificates as well as a number of algorithms and password to use this information agreement, which applied to the system a big problem: applications reform burden.There are two kinds of ways to resolve the problem for the safety, efficient access to the PKI, PMI infrastructure platform in current applications system,one is based on the completion of the PKI, PMI connections, API will be embedded in to complete the application of the access problems; The other is to use a unified platform to support a deal based on the PKI, PMI connections in order to complete the application system access issues,The solutions to applications problem with using interface,is characterized by embedded the interface into application and it does not need additional hardware and transmission equipment consumption,and it is more suitable for individual applications system and a stable needs situation.The use of such methods will result in changing a lot and frequent revision, and it is not easy to maintain when the number of applications increases or the demands change,The feature of solving the application problem by using application security supporting platform is that security supporting platform is independent from the application support, and it can focus on dealing with the PKI, PMI's connecting problems, and multiple applications can use the same application platform to support security, making the application system access PKI, PMI greatly reduce the workload of the system, and easy to maintain and expand. Application security support system security middleware is based on the J2EE development framework, including the realization of the transmission encryption, digital certificate-based authentication of high-intensity, directly facing the user-oriented business system and it provides authentication and security services to support the security of transmission.In this paper, this issue has discussed something including PKI system architecture, standards, as well as the development of the situation all over the world. At the same time,we've talked about the problems about enterprise applications in the process of using PKI system. Then we put forward the idea about developing the middleware based on the development of applications and the PKI technique to support the security system,and also elustrated that the two important parts in the suppoting system -- authentication and security of transmission; and we also described the design and architecture for the middleware based on PKI system in detail, and finally completed a support system in both the design and practical application in realityDeveloping application security support system security middleware is based on the principles as following:Safety is thefirst:PKI, PMI is a high-end security infrastructure, the most important thing is safe duing the process of solving the application problems based on PKI and PMI, and we can not decrease the vulnerability of the overall security result from the leaks of the resolving styles.The two "minimum":The workload,of the transformation in application system is minimum; the cost of the implementation of the system is minimumThe two "easy":The system is easy to maintain, The system is easy to expand.On the basis of the principles above, according to the " separation of safety and application " principle applied to resolve the issue of strengthening the security system. Let professional persons do professional things (that is, let security-related person deal with security issues, let appliction-related person deal with application issues)and the character is PKI, PMI combined closely with the infrastructure, seamlessly connection, when the PKI and PMI change, for example, a void or amend a certificate authority, immediate feedback can be applied to the system without human intervention; In addition, this solution to the application of reinforcing security issues can make it easy about the accessing and maintaining,so it is very suitable to a large number of applications as well as the transformation and being universal of the PKI, PMI techniques.When the client needs to access a server application, first of all, the client browser and application security system should support each other through the certificate to verify the both sides; Second, SSL channel shoule be built between the client browser and applications system. And send the data requests from the users to the application system by using the connecting between the application secutity supporting system and application system.Middleware plays the role of agents during the application security support ting in the transmission system. When users visit the application server to send the request, the request has not been sent directly to the application server, but the application was received by the security support system, the data was encoded firstly by the security support t system and then executed the authentication and access control security policies, eventually the data were transformed into the appropriate back-end agreement could be transmitted to the application server. The private network was effectively protected because of the implementation of security policy before allowing data streams into the application server.The middleware is developed based on the open standards, and it has good feature of compatibility and scalability, and it can also support of the PKI / CA system and PMI systems in every field, and it can be connected with a third-party products seamlessly and achieve security and transfer functions and identity authentication system, as well as authority to resolve tightly integrated system, meet the needs of user authentication,between the information system and information privacy, so it can be used in a wide range of fields;for example:it can be applied to e-commerce, e-government and web servers for enterprise portals and it can also be applied to specific security guarantees. Therefore it can bulid a secure transaction environment for users to meet the needs of the privacy, integrity, non-repudiation, security and auditing... |
PDF Full Text Request