【作者】 李铭书；

【导师】 魏晓辉；

【作者基本信息】 吉林大学 ， 软件工程， 2007， 硕士

【摘要】 为加强系统内共享和综合利用,解决信息共享困难,开发利用全系统信息资源,按照公安部部署,我省建立全省的网上数据查询系统。我部门警务网上查询系统由全省及各市、州综合信息查询服务节点组成,是一个全省性的具有统一规范和分布处理能力的大型综合信息应用系统,是实现全省以至部及其他省市信息资源高度共享和综合利用的关键项目。因此确保网上数据查询系统安全运行将十分重要,本文深入分析网上查询的业务流程,结合我省当前信息安全建设现状,详细分析了其需要改进的地方,依靠PKI/CA的技术、构造了面向我省网上查询系统的安全体系整体框架。更多还原

【Abstract】 The society’s information-oriented improvement also provides the police bureaus information-oriented development with opportunities and challenges. More and more hostile fortes use information technology .When police bureaus attack the criminals ,the sum of the involved information is increasing quickly ,under this kind of background, it is very important to carry on public security information-oriented construction. And constructing "E-Government" and promoting the electronics governmental affairs have become the current development direction of the government. The police bureaus is the principal part taking charge of protection work in our society, carrying national security missions. As an important department of the government, how to use information-based techniques to construct police bureaus e-government system, improving work efficiency and ability to provide quick and convenient service to the society and satisfying the demand of the society development to police bureaus, has become the problem facing by all police in our country.With the quick development of computer network technology, Internet comes into every field of social life, especially comes into the police bureaus information systems. At present, network has already become an important infrastructure of every police bureaus. Nevertheless, with the continuous extension of network applications, attacks to networks are increasing as well. Isolation information system and the system on Internet is increasing severity. The proclaimed message inside or outside the local area network is easily wiretapped, tampered and forged. The integrality, confidentiality and usability of data cannot be ensuring effectively, which threaten the stability of the system directly. Attackers use network technology, illegally intrude computer system, steal information, tamper data, and bring heavy losses to the nation. So, for police bureaus, how to protect network and information against illegal access is a serious problem. It will affect the development of information. In the face of the increasing severity security problem, we need an effective security mechanism to ensure the information system running steadily on edge. To achieve that goal, the paper investigates the major problems of network security and the local area network requirement, surveys the policies and technologies that implement network security. The paper brings forth a security network access scheme, which applies various security mechanisms and technologies to improve the entire network security.Efficient operation of information system must be based on information security, The security of information has already become the key of construction of information system. Information security is in demand increasingly. To apply theory of cryptology to solve information security effectively, a system have been designed to bind public key and entity info, that is PKI(Public Key,Infrastructure).Public Key,Infrastructure, a widely-used security technique, is made up of Certificate Authorities(CA)which issue certificates to securely bind each entity to its public key. PKI technology binds users’ public key with users’ other identification information (such as name, E-mail, ID card number etc) through the trustable third party organization CA that gives the solution to the key distribution and management. So it can develop and deploy authentication, integrity, confidentiality and non-repudiation services for Internet application. It uses non-symmetry cryptography to provide security service and lucidly accommodate the key and certificate management to the encryption and digital signature for all network applications. Through the digital certificate, the encryption and the signature to the transmission data can be used to guarantee the confidentiality, authentication, integrity and non-repudiation for the information transmission. this paper with the further research on the theory of PKI technology, criterion of X.509 and SSL etc, a CA system for our office based on PKI was proposed in this paper. The system is composed of trust model, structure and function design, certificate database design, and implements the core functions of a standard CA system including signing, issuing and revoking certificates. The security communication modular of the system is based on the SSL Protocol to enhance the security of system communications. Besides, the kernel functions of the system are packed into DLL library, including symmetrical encryption algorithms, digest algorithms, digital signature algorithms and certificate operations (such as certificate request, certificate building, certificate format conversion etc.) to provide interfaces for other applications.The Network Security System of Police Online Inquiry System is an important part of INFORMATION SECURITY PROJECT of the Ministry of Police . As required by the Ministry of police, it is necessary for the province to establish the system in order to strengthen share and comprehensive application of the security information, alleviate difficulty in information sharing and develop the resource of the security information. PKI/CA, which is based largely on cryptographic theory and provides mainly the services of authentication and confidentiality and integrality and non-repudiation, turns into the very important secure platform of authentication and authorization in network application and guarantees the information security of the network activity to people .The article based PKI/CA advanced technology, being consisted of the information search service node of the whole province and various cities, is not only a large scale comprehensive information application system of the whole province with unified ,normative and distributing processing ability ,but also a key project for realizing information share and comprehensive exploitation within security organization of the whole province and among the Ministry , other provinces and cities.Online Inquiry System Based on PKI Technology not only strictly follows technical standard concerned, having the characteristics of platform, model, distribution, layer and module, but also is proved to be technically correct and socially beneficial after practice. It has made contributions to strike crime and formalized the security.更多还原