【作者】 娄艳红；

【导师】 巩建平； 廖述剑；

【作者基本信息】 太原理工大学 ， 信号与信息处理， 2007， 硕士

【摘要】 公钥基础设施(Public Key Infrastructure，PKI)是目前比较完善的网络安全解决方案。它可以为相应的网络应用提供身份认证，信息的机密性和完整性以及交易的不可否认性等安全服务。构架PKI体系，核心的技术就是建立功能完善的，可信的认证中心(CA)，CA的建立是当前网络安全领域研究的热点之一，其实现具有重大的实用价值和社会价值。本选题的目的正是为了满足市场需求，设计了一个企业网中的数字证书系统。本文在查阅大量国内外文献的基础上，结合企业信息化建设、企业信息安全需求的具体情况，研究了企业信息网数字证书认证系统的设计和实现，建立企业网内的认证中心，给出了基于数字证书技术的自动化办公系统的安全设计方案。本文对PKI技术原理、加密技术进行了深入探讨，介绍了常用的认证方法，数字签名技术，CA认证体系以及SSL、S／MIME安全协议等，为企业数字证书系统的建立提供了理论上的支持。企业数字证书系统的设计与实现是本文的重点。数字证书系统的设计介绍了系统的特点，总体研究，总体工作流程，把系统总体设计了五个模块即证书服务器、证书注册服务器、信息发布服务器、用户身份认证服务器及应用服务器。证书服务器、证书注册服务器及信息发布服务器组成CA认证中心，是整个企业网的安全基础设施。用户端的设计主要是证书申请、证书签发及证书撤销的工作流程。数字证书系统的实现介绍了系统的用户端证书申请、签发、撤销的具体实现，包括证书功能的实现技术即微软的Certificate Enrollment Control(CEC)技术，数字证书系统界面，审批流程图和关键步骤的源码。本文还对数字证书的应用进行了探析，包括电子邮件安全发送、企业内公文安全传输方面。在论文总结中，介绍了论文完成的主要工作，说明了论文的特点和意义，同时指出了系统设计的不足，为课题的下一步研究做了准备。更多还原

【Abstract】 PKI (Public Key Infrastructure) is thought a complete solution for network security at present .It can provide many network applications with all kinds of security service, such as authentication, confidentiality, information integrity and non-repudiation of transaction. The kernel component of PKI is Certification Authority (CA), CA is one of the hotspots for current security researches on network, and its implementation is of signification practical value and social value. This selected topic goal satisfies the market demand, has designed in an enterprise network digital certificate system.This article consults massive domestic and foreign reference foundation, combines the special details of the enterprise information construction, the enterprise information security demand , discusses the design and realization the enterprise information network digital certificate authentication system, establishes the authentication center of the enterprise network ,provides the technical safe support for the automated work system of the design proposal which based on the digital certificate technology. This article has thorough discussed the PKI technology principle and the encryption technology, introduced the usually used authentication method, the digital signature technology, the CA authentication system as well as SSL, S/MIME security agreement, provided the theoretically support for establishing the enterprise digital certificate system.The enterprise digital certificate system design and realization are the key point of this article. The digital certificate system design introduced system characteristic, overall research, overall work flow, the system is divided into five modules which are certificate server, certificate registration server, information issue server, user status authentication server and application server. The certificate server, the certificate registration server and the information issued server are composed of CA authentication center is the enterprise network security infrastructure. The user end design has focused on the work flow of the certificate application, the certificate issues and the certificate abolishes.The digital certificate system realization has introduced the realization concretely of system user end certificate application, issues, cancellation , included the certificate function realization technology of Microsoft’s Certificate Enrollment Control (CEC) the technology, the digital certificate system contact surface and the examination and approval flow chart and the source code of essential step.This article has also searched the digital certificate application, including in email safe transmission, enterprise archives safe transmission aspect. In the conclusion, has introduced the paper main work, explained the characteristic and significance of the paper, simultaneously has pointed out insufficiency of the system design, has made the preparation for the topic next step of research.更多还原