Design And Implementation Of E-Government Network Authentication System Based On PKI Technology

With the extensive application of network， gradually application of electroniccommerce and electronic government affairs in enterprises and government. Networksecurity has become an important research topic. Authentication technology is thefirst hurdle to protect security of network communications. Public Key Infrastructure(PKI) available authentication and authentication services under an open networkenvironment， can ensure transmission of data confidentiality, authenticity andanti-repudiation. Network information security has become a mainstream technologyin the field of authentication.This paper studied and analyzed PKI technology, password encryption anddigital certificates to focus on the design and implementation of e-governmentnetwork authentication system which was based on PKI technology. Specific researchand implementation work is mainly listing in the following areas.(1)Studied several authentication technology which has been more applied incurrent. Analysis and compared advantages and disadvantages of variousauthentication technology.(2)Introduced the related technologies of the PKI system, including the basicprinciples of symmetric key cryptography and asymmetric encryption technology.Analyzed their advantages and disadvantages. Introduced application methods andthe basic principles of message digest and digital certificates, focused on the formatand characteristics of digital certificates. Also introduced digital signature, hash valueof digital signature, private key digital signature and digital envelope.(3)Introduced the basic concepts, composition and core services of the PKIsystem. Introduced the CA which was the core component of the PKI systemdetailedly, including CA functionality, trust model, composition. Introduced thecertificate revocation mechanism and PKI system user authentication process.(4)Designed the authentication System. Described the design goals, thefunctional goals, performance goals, features and the composition of the system. Thispaper described CA certificate issuing system, sign auditing system RA, Key Management System, LDAP directory services system of the identity authenticationsystem detailedly.(5)Implement authentication center system. First generate and distribute rootcertificate of system CA. Then implement the system function, such as issuing digitalcertificates, revocation, query and update the digital certificate. At the same timethrough a single sign-on and two-way authentication to achieve a user to access thee-government network authentication.(6)Tested application authentication system and connection processingperformance with Avalanche testing tools when the system was being pressured atmaximum concurrently operation. Detailed analysis of the test data, drew analysisconclusions analysis. Proofed the identity authentication system was basicallyachieved the originally designed goal of this article.