Design And Realization Of The Security Certificate System Based On PKI In The Army Network

New age, with quick development of information and electronic technique, information has become important resource promoting social development, subsequently, information has became target resource of global competitiveness. In the military field, this trend is appearing day by day. At present, our army is in the network information era, the organic integration of people, network and circumstance blurs border concept in aspect of geography and space, and while all kinds of network system of information provide " information sharing" for operational commanding, military training, administrative management, etc, this integration gives a new grim challenge to security and secrecy work. Hence, we need to use very credible security technique, to strictly defend all sorts of confidentiality for application and safe reliability for information transmission within our army.For solving security problem of the army, on the precondition of seriously researching knowledge about PKI and deeply learning knowledge about CA Certificate technique, and after deeply investigating and researching actual status of network in certain reconnaissance unit of our army, combining basic status of current network in our army, using CA (Digital Certificate Authority) Certificate technique based on PKI (Public Key Infrastructure) to closely link up the three together. Finally, in network of unit, realizing Certificate realization of reconnaissance system (JZCA) based on PKI technique.The thesis inducts PKI technique, CA Certificate technique into the unit, according to actual status of network in certain reconnaissance unit of our army, accordingly researches and develops a suit of CA Certificate Authority based on PKI. It refers many aspects,includes in detail: service, criterion and security protocol for PKI, and system objective, overall structure and trust model for CA, and includes cryptographic technique for PKI, such as digital signature, digital envelope, digital certificate, etc. in the course of designing, designing Certificate Authority CA, registration authority RA, certificate base and crypto module, etc. And analyzing the procedures on certificate application, certificate revocation, certificate query, certificate authentication, and finally realizing communication connection between RA and CA. The thesis's research aim is that in this division, establish an integrated Certificate system of network, thereby achieving the aim that reconnaissance staff who need to visit this unit can enter into this system only after being authenticated. After concerned sections test, this Certificate system is hoped to can be applied extensively by army.JZCA Certificate system is in favor of realizing the communication securely of information and network resource sharing. The system uses Microsoft SQL Server 2000 database as back-end database, and uses OpenSSL,Visual C++ as development tools, the software interface of this system is very good, this system can be operated easily, and its functions are of practicality.