The Research And Realization Of The Exchange Of Information Security Suite Based On PKI

With the continuous development of Internet technology, many kinds of business information system with B/S structure arise at the historic moment. Through business information systems work is becoming more and more convenient and efficientcy. At the same time, it also leads to a series of security problems, such as eavesdropping, tampering, denial of identity, etc.People resort to PKI technology to improve the security of business information system. The most commonly means is the usage of the HTTPS protocol. It can meet the general requirements of safety. If there is a higher level of safety requirement, a third-party CA will be necessary. However, in the real circumstance, both the third-party CA and HTTPS have there own defects. Using a third-party CA need a lot of expenses which is too difficult to afford to generals. While HTTPS protocol regardless of the data security requirements is high or low, encryption all data, which leads to low encryption efficiency, and it will reduce system profermance.To solve the problems above, this paper presents a solution through the exchange of information security suite which based on PKI method. The solution establishes a model through EJBCA (Enterprise Java Bean Certificate Authority) systems and information eschanging security suite to protect the security of the business information system. EJBCA, an independent CA, can realize all CA functions and greatly reduce the cost. What’s more the HTTPS protocol is be replaced by using the client and server exchange information security suite modle considering the work efficiency. In which the client sutie implements a serial of data security operations, including digital signature, digital envelope and encryption and so on. The server suite implements decryption the ciphertext, analysis digital envelope and validation digital signature. This security suite, instead of HTTPS, can secure the transmission of data over the network.The paper first introduces the background and significance of the research, and briefly describes the technical and theoretical foundation. Mainly includes the PKI, digital certificate, digital envelope, PKCS#7, HTTPS and PKCS#7and so on. Secondly, the information exchanging security suite model is depth studied. Then, the essay elaborated the design and implementation of the information exchanging security system based on PKI. A detail design of practical application of the model is described in this part. It also includes the design and implementation of the EJBCA system the client and server suite, concrete realization of function points, etc. Test the performance of the system based on PKI, and make a performace comparison with the ISRC system used the HTTPS. At last, the paper gives a brief summary and prospect.