Design And Implementation Of The Equipment General Management System

With the development of the times,the demand for the management and use of specialshaped equipment is increasing.However,with the increase of equipment types,the functions and interfaces of security equipment produced by different manufacturers are quite different.Therefore,a standardized,safe and scalable equipment management method is needed to solve the above problems.In 2016,the State Cryptographic Administration issued a series of technical specifications related to the management of cryptographic devices,which put forward new requirements on the management methods of devices,especially cryptographic devices.Following the requirements for the management of cryptographic devices in the above specifications,refers to the network equipment management protocols and methods such as SNMP,and extends the management methods of cryptographic devices to the management of general devices.This paper divides the general management system of equipment into three levels: equipment management platform level,equipment level and management application level.The corresponding security and scalability design schemes are given in each level,and the implementation and verification of the scheme are carried out.The main work of this paper are as follows:(1)Aiming at the authentication of user identity,the limitation of operation authority and the tracing requirement of operation behavior in the equipment management platform layer,this paper designs a Ukey-based administrator authentication and authorization scheme and a non-repudiation log scheme based on PKI system,realizes the security management of system user identity and the verification and tracing of operation,and integrates these schemes into the general management system of equipment..At the same time,these schemes are integrated into the general management system of equipment.(2)Aiming at the requirement of secure communication between equipment layer and equipment management platform layer,this paper designs a scheme for secure channel protocol,and completes the establishment and maintenance of secure channel in the realization of communication module between equipment layer and equipment management platform layer,which guarantees the security and integrity of data in the process of message transmission.Aiming at the requirement of data security storage in device layer,this paper designs a scheme for multiple protection keys,multiple encryption and key remote storage,and integrates this scheme for the implementation of device layer to ensure the security of managed device data onto non-volatile memory.(3)Aiming at the requirement of management application layer docking with other management applications.At the same time,the system designs and implements the equipment management API in the management application layer,and develops a set of graphical equipment management front-end based on the API,which provides convenience for users and developers to use and expand the system.(4)Deploy and test the general equipment management system to verify the integrity,availability and scalability of the system.Fusion of the above research results,this paper designs and implements a complete equipment management system,which meets the requirements of effective management of different types of equipment,and ensures the security and scalability of the system.