Design And Implementation Research Of Cryptographic Service Middleware

Information security is an inevitable problem during the construction of the information society. The cost, the availability and the interaction of information security have become the bottleneck of information security solution. Meanwhile, people have already not satisfied with the work mode which aims at individuated exploiture, and are crying for some generalized and standardized schemes. The cryptographic service middleware just emerges in this situation. It combines the cryptographic service techinique and the middleware techinique, separates the cryptographic service module from the engineering system and becomes common usage module. thus the aim of cryptographic service middleware is not only to improve the standardization and reusable of the module, but also to decrease the difficulty of exploiture and devotion of funds.The paper analyses the architecture of cryptographic engineering and cryptographic service, by importing the modularized description and design, combining cryptographic service with middleware techinique, the architecture of cryptographic service middleware is carried out. Two kinds of cryptographic service middleware with facing to windows are designed and realized.This paper has following contributions:1. The architecture of cryptographic engineering is studyed, the cryptographic attribute and cryptographic function, cryptographic equipment, cryptographic service and the development of cryptographic service, the architecture of cryptographic service and some basic measures of interrelated security defense are summarized. At last, the design and implementation principle of cryptographic service middleware is proposed.2. Based on the design and implementation principle of cryptographic service middleware, the architecture of cryptographic service middleware is proposed. The function and security dividing line between cryptographic service middleware and cryptographic equipment, the leak of some cryptographic service middleware standard and the resolvent, and the design strategy of the cryptographic service middleware are given. The way to deal with multi-process and multi-thread is proposed.3. Based on Windows system, two kinds of cryptographic service middleware CSP and PKCS #11 are designed and realized, with facing to windows, anti-attack, supporting multi-process and multi-thread. On the foundation of the contrast analysis of CSP and PKCS # 11, the design research of realizing CSP based on PKCS # 11 is carried out.4. Based on CC, the independent security evaluation of the CSP and PKCS # 11 is given.