Analysis And Design Of Uniform Identity Authentication Security Platform

Since the 1990s the constructions of the public-key Infrastructure (PKI) is playing a strong role in support and protect e-commerce and the e-government. With public key infrastructure, trust computing, trust networks, and other new technologies, new applications are booming. Public key infrastructure is the foundation of the trusted network system, based on national e-government system framework, the public key infrastructure as the application of the national information security received relevant state department's attention. In this policy environment and technology guidelines, the thesis is based on commitment to the establishment of State Administration of Foreign Exchange(Hereinafter referred to as SAFE) uniform identity authentication security platform based on the actual project formed by summing up.The thesis conducted a comprehensive analysis of the SAFE status of information system and application security requirements, that SAFE is an extension of that network of large, serving a large number of features and applications, the current security measures lack of an overall security solution for user access levels, so construction of information system security needs urgent.The thesis, according to security needs of SAFE proposed building Uniform identity authentication security platform tasks, and oriented SAFE "one-stop service platform" applications, proposed building the Internet security access authentication center and digital signature verification center program; For "the two centers", the thesis does outline design and detailed design, furthermore, user access code and application interface was implemented and tested, this all to provide users with a unified security authentication, securely data exchange,Effectively the responsibility of that and other security services.The thesis describes following parts:1. On how to building a unified platform for identity authentication by the overall planning, to meet the "state administratration of cryptography " relevant technical specifications on the basis of construction of key management center and certification center, the issue of encryption certificate and a signed certificate two types of certificates, achieved a centralized-User certificate issue, and in accordance with the existing foreign exchange management system, achieve User registration and application for a certificate of distributed services.2. On the basis of building a unified identity authentication platform, the design of Internet security access and authentication Center, provide business-oriented users with a unified identity authentication, secure data transmission and access control services.3. This thesis carried out a detailed analysis, the application system access interface specification and the above conditions were put forward solutions, such as access processes.4. Responsibility for the realization of effective identification and secure data exchange, proposed in this thesis is idea of building a complete digital signature verification center in the SAFE, through the Center for the reunification of the Internet service platform and beyond the various application systems to provide digital Signature, signature verification, and other security services, and to protect the integrity of critical data to meet present and future of the SAFE user behavior and responsibilities that the audit request.