| Due to the rapid development of network technology, information construction has been a strong support in China. "China’s financial integrated circuit (IC) card specification"(short for PBOC3.0) has provided an industry standard for the electronic cash data authentication of e-government and business. The needs of the industry to carry out even more strong digital authentication, the number of digital certificates and network scale also will be growing. At the same time, there will be a problem that the industry application information systems, network and information security is also facing a severe test. Key management is core for the process of electronic certification service. Using encrypted communication devices to encrypt data, prevent data from being altered or deleted, and the legal authority to verify the user’s identity is an effective way to solve the problem of information system security.The paper is faced for the construction of public transportation IC card across regionalization. Combined with the city Department of Transportation and ministerial level key management needs, it can sum serve specific business digital certificates issuance mode by theory and technology research of public key infrastructure and public financial IC card system. After the detailed analysis for the logical hierarchical, deployment structure, functions and subsystems division of key management system, it designed and implemented an asymmetric key management system.This paper is focused on the design and development process of the asymmetric key management system. The system uses B/S architecture, Spring MVC development model. After the use case analysis, the overall design of the system is based on the financial IC card and the IC card security technology standard of the city public transportation. It supports for domestic and foreign cryptographic signature algorithm, such as RSA, SM2, and compatibles with different types of cryptographic devices. The system is three-tier architecture that is system platform layer, data platform layer, environment platform layer. It can manage the whole process for the asymmetric key from generate to the last destruction. It mainly solves the issues including system initialization, key generation, storage, distribution, updating and destruction and other issues. At the same time, for the asymmetric key applications, systems have designed and developed the module of certificate issuance. Digital authentication has been designed different schemes and certificate formats for different signature schemes, in which the RSA algorithm is based on message recovery scheme. Modularization of system has universal communication message for cryptographic device.The experiment proved that the paper structured design of the non-key management system, which is in line with the "China financial integrated circuit (IC) card specification", with the security audit function and personnel control. Key Management System can be used as an independent key management center, but also can be connected to the data preparation systems, card systems and other business systems and supported services related to key management. The system has non-functional test, functional test and vertical business test before applying. |
PDF Full Text Request