基于PKI技术的安全电子政务系统的设计

【作者】 王启建；

【导师】 高仲合；

【作者基本信息】 曲阜师范大学 ， 计算机应用技术， 2007， 硕士

【摘要】 随着电子政务应用的不断深入，使得政府部门的工作方式发生了巨大的变化。电子政务给政府工作带来方便和高效率的同时，也带来许多安全问题。如何保障在信息安全的前提下提高政府部门的办事效率成为当前研究的热点问题。电子政务应用中涉及到许多的机密数据，如何保证这些数据的真实性、完整性和不可否认性是电子政务中的重要问题。而PKI技术可以很好的解决当前电子政务系统所面临的上述安全问题。本文首先对电子政务这个概念进行了阐述，并对当前国内外电子政务系统的发展现状进行了分析，并提出了当前电子政务系统中亟待解决的问题：当前的体系缺乏身份认证体系和信息的传输中的加密问题。然后对PKI技术作了详细的论述，PKI可以利用公钥技术和基于X.509证书所提供的安全服务，可建立安全域，并在其中发布密钥和证书，可以解决身份认证和信息传输中的加密问题。并分析了当前PKI系统使用的常用模型和常用的认证体系，对各种模型和体系的优缺点进行了分析和讨论。最后构建了一个安全的电子政务系统的模型并设计初步实现了电子政务系统中一个重要组成部分数字证书系统。在这一部分中详细设计了安全的电子政务体系应具备的各个层次，并讨论了各个层次在应用的可行性。包括核心层PKI／CA的建设，网络层的认证接入，和应用层的身份认证、加密传输、数字签名，接口层可信数据／服艮务的发布，及采用加密代理的方式来保证数据的存储的安全性。文章的最后设计并初步实现了一个数字证书系统，包括数字证书的申请、签发和撤销及查询，从而保证数据的安全传输。本文旨在构建一个安全的电子政务系统，在保证安全的基础上为提高政府的办事效率做出探索和努力。更多还原

【Abstract】 With the deep development of E-government application, the modes of government workings change largely. But E-government brings security problem along with the high efficiency. How to improve the government’s working efficiency through ensuring information security is a hot question. E-government application involves some confidential data. How to ensure the authenticity and the integrality of the data is an important problem. The technique of PKI can well solve the above problem.In this paper, we expatiate the conception of E-government the first, then analyze the development actualities of current national and international E-government system: the lack of identity authentication and the encryption in the transmission of information. Then we dissertate minutely the technique of PKI .PKI can utilize the technique of public key and security services which the certificate based on X.509 provided, and found security zone which can release the key and certificate, accordingly solve the problem of identity authentication and the encryption. Then we analyze the universal model and authentication system, then analyze and discuss the advantage and disadvantage of current model and system.Lastly we design a model of secure E-government and implement elementarily a digital certificate system, which is an important part in E-government system. In this part we design minutely the necessary part of secure system and analyze the feasibility of every part which includes the construction of PKI/CA, the authentication of network layer, the identity authentication and the encryption in the transmission and digital signature of application layer, the release of authentic data/services of interface layer, the way of encryption agent to ensure the security of data storage. In the last we design and implement elementarily a digital certificate system which includes the application, the signature, the cancellation and the query of the certificate. In this paper we purpose to construct a secure E-government, to improve the working efficiency of government under the precondition of security.更多还原