The Design Of CA Mutual Trust System Based On Third Party Authentication

The management of import and export goods by port supervision units is complex and diverse.The customs clearance of a batch of goods is related to customs,inspection and quarantine,frontier defense,maritime and other government departments,as well as ports,airports,airlines,transportation companies and other enterprises.There are many links and long process.Therefore,it is necessary to establish a unified,cross departmental and cross regional customs clearance platform.It enables traders to achieve unified identity authentication through only one entrance,and does not change the existing identity authentication system used by each region and department.It recognizes each other's identity with different authentication systems,and submits documents or electronic data required for the import and export or transit of goods to relevant government agencies,which greatly facilitates the import and export enterprises to handle customs clearance business.CA is an entity trusted by both sides of communication in PKI system,which is called trusted third party.The behavior of a trusted third party is non repudiation.CA mutual trust system based on trusted third-party authentication can be used as an important part of the mutual trust system to further enhance the experience of foreign trade enterprises in different CA systems.In this thesis,the design and implementation of CA mutual trust system based on trusted list is proposed.By analyzing and comparing the advantages and disadvantages of four trust modes,namely unified CA mode,cross authentication mode,cross domain trust mode and one card multi certificate mode,we finally choose cross domain trust mode to realize the unified authentication of the system.A great advantage of this model is that it does not involve the administrative function,but only involves the technical management of each trust system.Under the premise of relatively independent administrative level,only the technical level puts forward common requirements,which is easy to be adopted and implemented,and reduces the difficulty of organization and coordination..This thesis also analyzes the advantages and disadvantages of the existing Shanghai version and the national version of the system,combined with the overall requirements of local docking with the country,combing the overall needs of the system.In the software architecture design and function module design,the actual user centered development and operation costs are taken into account,and the original two identity authentication systems are connected with each other.In the design,the universality and convenience of the user's operation are also considered.By simplifying the operation logic of the software,unifying the operation style of the software,and reducing the user's learning cost and other factors.The main work of this thesis is to implement two functional modules: identity registration and authentication.The identity registration module realizes that after users register their identities in the new system,they have legal identities in two CA mutual trust systems at the same time.In the authentication module,the user's identity information can be verified correctly in every link and every system.After function and performance testing,users can complete the function of identity registration and authentication of the two authentication systems at the same time in the new system,running stably.