【作者】 严姗；

【导师】 毕红军；

【作者基本信息】 北京交通大学 ， 通信与信息系统， 2008， 硕士

【摘要】 随着网络应用的迅猛发展和电子商务的广泛普及,人们通过移动终端从事各种商业活动逐渐成为了可能。然而,无线网络中潜在的安全问题也日益突出。为了解决这一矛盾,本文提出并初步构建了一种以智能卡和VPN技术相结合的方式来实现移动终端安全接入的系统。使运营商们可以毫无顾虑地开发丰富的移动增值业务而不必担心受到系统安全的限制。本系统按其功能可分为三个模块:移动终端加密模块、安全接入模块和权威机构认证模块。移动终端使用智能卡设备可以实现证书的存储及数据信息的加密,而利用VPN技术可以为移动终端的安全接入搭建专用安全的数据传输通道。与此同时,智能卡作为硬件设备,它需要相应的驱动来告知操作系统它具有的功能以及如何调用。因此,我们采用RSA实验室提供的PKCS#11(The Public-KeyCryptography Standards#11)标准来开发智能卡的中间件。本课题开发的PKCS#11库与具体的加密设备、操作系统平台无关,为应用程序开发者屏蔽了底层安全技术的复杂性,给上层用户提供了方便易用的中间平台,它把信息安全模块从整个应用系统中分离出来成为通用的软件,提高了软件的可重用性。本文详细描述了基于PKCS#11规范的PKCS#11库的设计思想和实现方案。结合系统背景,作者主要进行了以下几方面的工作:首先,通过对PKCS#11规范的分析和研究,提出适合于本系统智能卡设备的PKCS#11库的设计方案,将PKCS#11库分为通用功能库、通信库和工具库来分别实现;其次,采用面向对象的设计理念,提供了对多种不同的智能卡设备的封装;另外,对已设计好的PKCS#11库进行大量的测试结果分析,通过测试用例来验证一些主要函数接口的实现情况;最后,本文结合PKCS#11库的应用给出了系统的安全性能分析。由于系统将智能卡的灵活性和VPN技术的安全性很好的结合起来,大大的提高了可靠程度、扩展了应用范围、满足了用户的安全需求,特别是在特殊行业或领域的因特网接入构造上发挥着现实指导意义。更多还原

【Abstract】 With the rapid development of Internet applications and the wildly used technology of e-commerce, it is become more and more possible for people to use mobile terminals engaged in various business activities. However, the security problems in wireless network have also become increasingly prominent. In order to resolve this contradiction, the essay provides and initially constructs a system which used a combination technology of smart card and VPN to realize the secure access for mobile terminals. It makes the operators can develop all kinds of mobile value-added services without worry about the system security restrictions.According to the function, the system can be divided into three modules: mobile terminals encryption module, secure access module and certificate authority module. We use the smart card to realize the storage of certificate and data encryption, the technology of VPN can be used to construct a dedicated data transmission channel for mobile terminals’ secure access. At the same time, the smart card as a hardware device, it also requires corresponding drive to inform the operating system what function it have and how to use it .Therefore, we select the PKCS#11 standards which declared by RSA laboratory to develop the smart card middleware. The PKCS#11 lib we designed is independent of cryptographic devices and operating systems, and conceals the complexity of low-level information security technologies, thus provides a convenient middle platform for upper application developers. PKCS#11 lib separates the information security module form the whole application system and enhances its reusability.This paper describes the PKCS#11 lib’s design and realization based on PKCS#11 standards in detail. Under the system background, the author mainly conduct some jobs in the following aspects: first of all, through the analysis and research about the PKCS#11 standards, we propose a piece of design that suitable for our system’s PKCS#11 lib, and we divided the PKCS#11 lib into three parts, such as the common function lib, the communication lib and the tool lib to realize respectively. Secondly, using the object-oriented design conception, it can also support many different kinds of smart card. In addition, we conduct a great many of test results analysis according to the finished PKCS#11 lib, using the test cases to verify some of the major function interface’s achievement. Finally, the paper also shows us the system’s safety performance analysis with the application of PKCS#11 lib.Due to the system combined the flexibility of smart card and the security of VPN technology, it greatly improved the reliability and expanded the scope of application of the system, and it also meets the user’s security needs. Particularly, it plays a practical guide to some specific areas’ Internet access.更多还原