Security Middleware Application System Based On Fingerprint Key

At present, our nation's information security systems of the applications in various sectors are based on themselves, so that the phenomenons and issues of "chimney" and "island" are more prominent. The information systems'technology and measure of the safely strengthening can't absolutely solve the interconnection, exchange and interoperability, the unable to share information in internal industry and between industry, can't do seamless inter-departmental operations. These defect of security architecture seriously restrict the rapid development of the industry's information network construction, With the emergence of business such as using of credit cards and Internet banking, Based on information security's basic construction has become the currently research topic of information system security such as high security strength of authentication and encrypted communication channel.In this paper, contrary to the status and problems in the development of security system in our country, builds a new industry application system s of security middleware, by closely combining Security Middle Ware with a variety of applications, innovatively integrating Security Middle Ware and smart KEY technology of fingerprint, finance. The system is the Perfect solution to construct security Architectures of large-scale industry application system s, such as Finance, e-government, e-commerce.System combines fingerprint key with the security middleware technology, designs the middleware architecture,design the application pattern of security middleware, has confirmed the system accuracy through the application.The paper main research content divides into the theory introduction, the system design, the core realization, the applied research, the application example and so on five parts:1. Theory introduction part: based on profoundly understanding the related theory, the author introduces the basic concept, work principle and cutting-edge technologies of Security Middleware and PKI system.study technology structure of PKI architecture, working principle and forefront technology. Analyzed the structure of authentication center, given the methods of CA authentication process and digital signature authentication, familiar with application to download steps of e-cert from CA center to USBKey, researched the online query protocol OCSP(Online Certification Status Protocol) of RCA(RootCA) and RA center as well as certificate.2. System design part: based on standards of the Microsoft service provider CSP(Cryptographic Service Provider), constructed security middleware structure used to USBKey and seamless access of intelligent fingerprint Key, cleared exposition the layer construction of security middleware, underlying hardware layer, middleware layer application layer. Demonstrated Private key storage in the USBKey and key database program, reached private key go out of card. Key support the algorithms such as 3DES, RSA, MD5 and SHA1.3. Core realization Part: solve the MS CryptoAPI functions and technology to achieve, the functionality of security middleware, analysis and Come to key technology and framework model of the smart fingerprint Key, introduce the COS-chip system and debugging environment of the simulation to develop chip, which is the core realization of the smart fingerprint key.4.Applied Research part :Propose applications model of security middleware ,taking PKI/CA application as an example, USBKey—development of the system, can not only provides safe and reliable certificates vehicle for the CA Center, but also the specific application development that provides standard interfaces for developing Specific applications, digital signatures and encryption achieve authentication and encryption of data transmission.5. Application part: establish application examples of security middleware and the prototype system, taking download digital certification online as an example to verify the MS CryptoAPI encryption function, the prototype system simulates the application environment to verify the key generation, encryption/decryption, hash generation, summary generation, digital signature and signed, such as post-mortem.At the end of the article, the author sums up the design and implementation advantage of security middleware and smart fingerprint Key. Discuss horizontal comparison of the technology the in the industry as well as technical innovation. Finally, Point out the need to perfect and the direction to improve.