摘要
分析归纳了局域网内多种可能导致信息泄密的途径,深入研究了密码学理论和公钥基础设施PKI,并在此基础上设计和实现了网络安全系统。该系统以硬件USB KEY产生和管理网内用户的公/私钥对,以符合PKI标准的数字证书来管理用户的公钥及其相关联的身份信息。同时提供数字签名和身份认证功能,在网络环境中确保了文件的真实性、完整性和不可否认性。将USB KEY与客户端软件相结合,通过双因子身份鉴别机制严格管理登录到客户端主机的用户,使得合法用户可以安全的通过Internet网访问内部数据。最终所实现的系统确保了在不影响某研究所所局域网当前业务的前提下,完成对局域网全面的安全管理。保证无论是在本单位的内网或是公网的合法用户在与单位内部资源服务器进行信息交互时,都能确保系统与数据的安全保密,从而提高办公自动化水平和信息管理水平。
This paper analyzes many kinds of possibility which disclose information,researchs cryptographic theory and PKI deeply,and realizes network management system based on them.The pair of public or private key were produced by USB KEY.Digital certificate manage the public key which associated with indentity information conform to PKI.At same time it provides digital signature and authentication function,so that it assure truth and integrity in network.The register users can load the operating system and access internal data through Internet by means of USB KEY and client software.The system fufills with the safety management for the whole LAN on condition that it doesn't influence the service of one research institute.When register users which are from inner or public network interact with the information server,it can assure safety and secrecy for system and data,so that capability of office automation and information management were improved heavily.
出处
《舰船电子工程》
2010年第4期131-135,共5页
Ship Electronic Engineering
