Design And Implementation Of Secure Communication Service System

With the rapid development and popularization of the internet and mobile devices,a variety of mobile communication software has entered people's life.Meanwhile,the use of mobile devices for network communication has become an indispensable part of modern life.Although useful communication software makes life more convenient,most communication software does not encrypt communication data or the encryption strength is not enough.Therefore,the safety of communication data cannot be guaranteed.Considering the above cases,a secure communication service system has been designed and implemented in this paper.In order to ensure the security of communication,this system,which is based on the PKI system,concentrated on providing a complete set of secure communication services for communication software and encrypting communication data.Aiming at the shortcomings of issuing digital soft certificates in national cryptographic industry standards "Specifications of cryptograph and related security technology for certification system based on SM2 cryptographic algorithm(GM/T 0034-2014)",it adopts the single certificate mode to issue Android and PC digital certificates for each legitimate user through identity authentication,which not only supports multiple devices to login simultaneously,but also solves the security risk of transmitting the private key over the network when the user uses the soft certificate.Meanwhile,in order to solve the problem that the encryption data between different clients of the same user cannot be interworked,and the data recovery is difficult,the recovery process is cumbersome and time-consuming after the user key is damaged or lost,in this paper,a data encryption,decryption and recovery method based on digital envelope multicertificate has been designed and implemented through modifying the standard digital envelope.The method not only solves the problem of encryption data interoperability between Android and PC safely and effectively,but also helps the user to conveniently recover data in various situations.This system is mainly divided into two parts – the client and the server.A variety of functional modules of the client provide all kinds of services in the communication process.The initialization module and the PC-side scan code authorization login module provide the functions of digital certificate application and scan code authorization,therefore providing security support environment.The signature verification module,the data encryption and decryption module provide basic security services by authentication,data encryption and decryption functions.The digital envelope multi-certificate module provides data encapsulation and split functions to not only ensure the security of communication data,but also realize data interoperability.The data recovery module provides three methods by means of the digital envelope multi-certificate mechanism,thus ensuring the recoverability of communication data.The server contains multiple servers.The business server provides identity authentication and PC-side login services,the signature verification server provides digital signature verification service,the certificate management server provides certificate inquiry and management services,the CA server provides digital certificate issuance and data recovery services.All the servers work together to provide service support for each functional module of the client and ensure the effective operation of the system.Based on Android and Windows platforms,this paper implements the secure communication service system and carries out the functional test and performance test on each module of the system.The evaluation results verify the effectiveness and efficiency of the system.The "Mi Liao" product based on the results of this paper has been applied to the relevant systems of Xinjiang CA and Shenzhen CA.