| With the rapid development of Chinese military industry, secret-involved informationsystems have been established to cover businesses within military enterprises, so thatcritical operations like military product research, designation, manufacturing and officialmanagement could be carried out in it. Considering the current situation that internationalcompetition increasingly depends on information technology, Chinese nationaladministration for the protection of state secrets have proposed strict requirements uponusing the secret-involved information system, especially upon user’s identification, accesscontrol, and information transmission, for a great deal of confidential information will beproduced, processed, transmitted, and stored in the system.However, challenges have to be faced during this process. Secret-related personnelneed to login various application systems with different ways of ID confirmation to acquiremission information and related messages every day. The more systems use the operators,the more chance will they make mistakes, and the larger probability will the information tobe intercepted or destroyed. In addition, it will also greatly increase the burden of theworking staff managing the secret-involved information system.To solve the above problems, taking information processing center of militaryenterprises dedicated to spacecraft development as a system platform carrier, this thesis presents a design which can both meet the requirements of user identification andpermission division according to the national administration for the protection of statesecrets, and satisfy the need of quick login various operational systems. This design allowsusers to receive their corresponding assignments, report forms and other informationthrough the systems without the need of login them one by one.This thesis achieves to realize the unified authentication of secret-involvedinformation systems on the basis of PKI/CA system based on state-secret algorithm.Security and secrecy managers are classified into three groups: System administrators,security administrators, and audit administrators. They are respectively responsible forregistration of user’s account and the role’s name, granting right to user’s account and therole, and auditing effective account and operations. The access control of the system can beaccomplished by using the access controls of every branch secret-involved informationsystem. When the unified authentication is completed and the access control has gotthrough, the mission information and project schedule related to secret-involvedapplication system can be pushed to users’ terminals.All in all, this system, which this thesis researches and designs, provides the mostconcerned information for users of military enterprises. It has not only greatly increasedthe efficiency of information transfer, but also laid a solid foundation for the work ofmaking full use of the system. Its functions, such as unified user authentication andauditing, live up to the standard of secret-involved information system. At present, it’salmost one-year successful operation in an enterprise has led to12integratedsecret-involved application systems and a peak on-line user number of over one thousand. |
PDF Full Text Request