一种基于第三方密码服务的信息安全通用解决方案

A General Solution for Information Security based on Third Party Cryptographic Service

分析当前互联网主流的业务架构和安全架构,发现大部分业务服务和安全服务由同一提供者提供,存在用户信息不安全问题。于是,提出一种基于第三方密码服务的信息安全通用解决方案。方案通过引入第三方密码安全服务,使业务服务和安全服务相隔离,保证业务服务和安全服务提供者都无法单独解析、篡改或伪造用户数据,提升了用户数据安全性。方案重点对系统结构设计、典型工作流程、应用业务适配、密码模块和互通密码配置等内容进行描述,模拟实现结果表明,该方案具备可行性,用户数据安全得到了有效增强。

The current mainstream business architecture and security architecture of the Internet are analyzed, finding that most of the business services and security services are provided by the same provider, and that there exist security problem of user information. In light of this situation, a general solution for information security based on third party cryptographic service is proposed. By introducing the third party password security services into the scheme, the business services are separated from the security services, thus to ensure the business services and security services providers unable to make independent analysis, tampering or forgery of user data, and enhance the security of user data. The program focuses on descriptions of system structure design, typical workflow, application service adapter, cipher module and interworking cipher configuration etc., and the simulation results indicate that the scheme is feasible, and the user data security effectively enhanced.