Design And Implementation Of Police Security Access System Based On Virtual Private Network

Police access platform is located in the public security private network, offering real-time and accurate data and information support for authorized enterprises and institutions. Providing data exchanges and information retrieval to enterprises and units, the platform involves highly confidential information on public security and so on, which must be properly transmitted to avoid grave consequences. Recording information of users who have exchanged data with the platform while unable to verify the authenticity of the information, the major existing measures are poor in prevention awareness to new users and security risky users. If a system can be designed to verify the data-exchange applying users’ ID information and warn about unidentified and incorrect personnel (those with hidden safety problems) visiting, then the security of data exchanging on the policing platform can be efficiently guaranteed. Therefore, how to design a new policing access system to achieve prevention and warning of illegitimate users while offering stable data support to legitimate users would be of more practical significance.Based on the above analysis, the thesis designs and implements a policing security access system based on virtual private networks. While maintaining its original physical private networks function, technologies based on virtual private networks help to save great physical consumption and increase the security and practicability of the system. The specific works are as follows:(1) implementation of identity verification function:the thesis adopts PKI system approaches to verify the identity information of the users for policing systems demand greater security. PKI system verifies user’s identity mainly through digital certificates and compares the authentication content with authentication center to identity the user’s authenticity. It also regularly updates the digital certificates in case of forgery or theft.(2) Implementation of tunneling function:the thesis systematically adopts SSL protocol for data encapsulation considering its progressiveness and security and thus implements the tunneling function. In the data transmission process, the system in the thesis can transmit not only HTTP data but also non-HTTP data.(3) Implementation of data encryption and key customer management functions:to ensure the security of the policing platform, the system in the thesis adopts asymmetric cryptosystem in data encrypting so the encrypted data can only be decrypted through specific private key. Also, to guarantee the persistence of the communication security, the thesis regularly updates the key to reduce the key exposure risk. Test on identity authentication, data transmission and key management functions show that main functions implemented in this thesis perform satisfactorily and could realize accurate user identity authentication, HTTP to non-HTTP data transmission and updating security risky keys.