| The information network technology rapid development, causes the information to become the important strategic resources, also has established the information security in the information technology core status. The cryptosecurity and the password burglary struggle is more intense. On the other hand, the social informationization set the new higher request to the password protection. Facing this kind of new situation, the various countries' all ponder enhancement password secure new action, is formulating the new century password work developmental strategy.Along with the network popularization, on the massive network game and the net the transaction comes out enthusiastically, along with it, account security problem also in abundance. Viral software and so on wooden horse attacks, cause beforehand static password in front of the wooden horse, has lost the barrier function, already was helpless; The password loses, the account number is robbed into in the network life the most universal phenomenon; Also further enables the account security problem to become network user most the issue of concern.In order to solve this problem, our system through to the event connection analysis, the dynamic password change, with to user's account number which synthesizes to the system authentication carries on the protection. This system has the characteristic which stable, reliable, highly effective and may expand.This article mainly discussed the ssl development condition, the existing agreement as well as the principle, also introduced j2me and the j2ee related development, the basic principle and the operation mechanism, this system causes the data through the security sleeve joint character agreement to carry on the safe transmission, also introduced between the handset and the server carries on the secure communication, simultaneously also has transmitted the password new thought, the prime task, the technical difficulty which this article does and the innovation place is as follows:1 Has discussed the new software design concept: The design pattern, and utilizes it in middle the passpod system actual development. Through used several kind of design patterns to solve in passpod system several important problems. Solves the parameter disposition problem with the singleton pattern; Pattern and the Strategy pattern have realized the service logic with Abstract the Factory which realizes in the high logical level decides on a price, causes the upper formation not to rely on the lower level, but relies on the abstract connection, has sealed the change, easy multiplying; With Bridge pattern solution in many kinds of platforms different event unification management abstract, has given the unification abstract connection which an event manages.2 Has carried on the exhaustive analysis to the ssl agreement, is one kind of guarantee private security agreement which provides in the Internet foundation. It can cause between the customer and the server application correspondence is not intercepted by the aggressor, and throughout carries on the authentication to the server, but also may choose to the customer carries on the authentication. Had has analyzed him specific and the principle.3 Embarks from the practice angle, analyzes viral softwares and so on the wooden horse to steal the account the method, thus causes the password disposable effective, and each minute all changes, causes the password also there is no place use which obtains.4 Has studied the multithreading and the synchronized mechanism, and based on the object-oriented technology its seal, has realized the connection unification and the platform independence.5 Object pond technology: Facing system in massive short duties and data accessing request, system through establishment object and thread buffer pool, after establishes a socket connection with the client side, the server will activate a thread from the thread pond to process the service. Reduces time the object foundation and the destruction consumption, enhances the speed of response.6 Used the SSL agreement to carry on the transmission, made the authentication certificate with the X509 form, if the server started ssl connection, the client side needed to carry on has the certificate and chooses SSL the Socket connection request. In the client side read user's digital certificate, simultaneously uses it to encrypt, the signature information, transmits carries on the digital certificate to the server end the valid confirmation and encryption information decipher as well as signature information operations and so on confirmation. Visits with the https way, moreover also carries on the limit to the IP address, enables this system to have the very good security. This might increase the information secrecy greatly.7 RMS is the j2me appropriation permanence memory technology. It is all data storage to the handset on. In order to establish the handset the initialization data, must save the massive data with the user, must come the solid permanent data storage using the rms connection the function to be present.8 The handset has used two kinds the way which connects with the server, respectively is HTTP and SOCKET, these two kinds all are use TCP and the IP agreement.9 Hibernate is one easy to use, the function formidable object or relations mapping (OorR mapping) frame (framework), regarding the J2EE 3 structures, it mainly can assist completes 3rd also is the lasting level (persistence layter) the function. The realization supports each kind of mainstream data pool, simultaneously must use the connection pond to support the mass datas the cushion. The reduction to the database direct read, enhances concurrent user many time systems the performance. |
PDF Full Text Request