| Recently,it has being a trend in enterprises information that enterprises built their portal system. The enterprises with Long-term vision have started to build their own enterprise portal. However, the construction of the portal is a wide coverage and large-scale complex systems engineering. Compared to traditional public information websites, a portal needs to support more connection modes, single-sign-on, individuation, search, information integration, application integration, and so on. These applications are big challenges to portal in security. There are two reasons: on the one hand, the portal system is very complex system, whose security can not be guaranteed by a single security technology, and on the other hand, web services of the portal system need to open over the Internet, which exposes the internal information without proper protection. Therefore, the design of a secure enterprise portal has active scientific and theoretic significance and practical value of social application.In this paper, the research is based on the project of National Development and Reform Commission–the portal project of Chongqing Port Logistics Group. Taking into account the current status of enterprise applications in isolation, the author combined with existing enterprise information resources, achieved the information sharing, and ultimately completed the Chongqing Portal System. The author made security-related technologies for in-depth study on this basis of it. These technologies include encryption technology, security technology, authentication, single-sign-on, PKI public key infrastructure, as so on. We aimed at improving security of the system.For the advantages and disadvantages of existing security portal program,the author proposed a new security portal program based on PKI. The program involved the use of PKI, encryption and signature of information, client authentication, server-side authentication, session management technology. Public key infrastructure provides services to help encryption and signature of information and authentication. In this paper, the proxy PKI program is used. The use of it not only simplifies the use of PKI systems, but also decouples PKI system from portal system. A large number of XML format data is transmitted in this portal, so we encrypt and sign information according to WS-Security. In this paper, there are two encryption algorithms: encryption algorithm of long data and encryption algorithm of short data; encryption and signature of information solve the problem how to keep security transmission of sensitive information and Identification in the system; it enhance security to access system through use of USB Key in client authentication; server-side validation ensures security of the user's login information among different applications, and users who is determined the identity can access different application systems Seamlessly; session management protect and manage the context of communication process. These technologies cover in all aspects of security technologies of the portal. Through the use of these technologies, it ensures that it is secure from User Login Systems to user logoff systems. Due to the complexity of portal in security, the paper studied portal security from the local to the overall. First of all, the author studied all part of the security technology, and then integrated the results of these studies. In this way, we can avoid taking some unnecessary trouble, and quickly enter the research topic.Based on the above study, the authors designed a solution of security portal based on PKI and completed the Chongqing Portal System. National Development and Reform Commission inspected and then accepted the portal system early in 2009. At present, the system is running well. It gives staff of Chongqing Port a great convenience in daily work. |
PDF Full Text Request