Design And Implementation Of Electronic Credential Security Support System

In recent years,with the acceleration of the information process,cloud computing,electronic payment,social network and other new service models are constantly emerging.Affected by its high cost,high pollution,low efficiency,poor experience and other drawbacks,the traditional paper credential has been increasingly difficult to meet people's demand for highquality life,so that the electronic credential is gradually replacing the traditional paper credential.The construction of electronic credential service system is of great significance to the improvement of people's living standards and the development of the national economy.However,the construction of electrionic credential service system is faced with many problems,such as the privacy,authenticity,validity and traceability of electronic credential information.The basis of meeting these security requirements is to ensure the security of communication between entities in the electronic credential service system and the security of electronic credential information itself.Therefore,we urgently need to build a complete electronic credential service system to overcome the obstacles in the process of credential electronization.The construction of electronic credential service system faces the following challenges:First of all,the electronic certificate service system is built on the open channel,which is vulnerable to malicious interception,fraud attack,information theft and other attacks,resulting in the collapse of the electronic credential service system,user information leakage and other hazards;Secondly,compared to traditional paper credentials,the electronic credentials are electronic magnetic or optical media as an information carrier,its add,modify,delete,etc.is difficult to leave a mark,so that the authenticity of electronic credentials is difficult to verify;Third,the electronic credential service system faces many types and large scale of entities,when massive requests simultaneously initiated,how to shorten request response time and improve the performance of the system is also a key issue to be solved.In view of the issue above,this thesis has done the following work:(1)An electronic credential secure transmission protocol was designed and implemented as the basis for secure communication between entities within the electronic credential service system,and the security of the protocol was proved by establishing the attacker model and security analysis.The protocol includes two parts: the authentication and key agreement phase and the data transmission phase.In the authentication and key agreement phase,the SM2 / SM3 algorithm is used to implement mutual authentication,key negotiation,and key confirmation between entities in the electronic credential service system;and in the data transmission phase,the SM4 algorithm is used to protect the privacy and integrity of interactive information.(2)An electronic credential signature verification scheme was designed and implemented,and the security of the scheme was proved by security analysis.The program mainly includes the generation of valid electronic credentials and unified approval of electronic credentials.Effective electronic credential generation uses SM2 algorithm to sign the electronic credential information for many times to generate valid electronic credential.In order to meet the demand of mass electronic credential checking,the uniform approval of electronic credential is an optimization method which turns multiple checks into one check.(3)A high-performance network service model is designed and implemented to reduce request response time and improve system performance.The model uses IO multiplexing technology to manage network connections,and uses an asynchronous task processing mechanism to reduce the pressure on the connection management thread.At the same time,it uses the CPU core binding mechanism to make full use of multi-core performance.In summary,this paper,aiming at the security requirements and performance requirements of the electronic credential service system,designs and implements an electronic credential security support system,including electronic credential secure transmission protocol,electronic credential signature verification scheme,and high-performance network service model.And the involved key technologies are studied,according to the research achievement has realized the prototype system,and was analyzed,and proved the feasibility of the scheme.