基于C/S结构的移动警务系统的研究与实现
|
摘要
针对现有公安综合信息查询系统存在信息采集处理滞后、信息共享性差、重复建设严重、统一指挥与协同作战不力等缺点,论文在分析了公安系统信息化建设的需求、任务、特点及建设现状的基础上,利用无线移动平台、互联网平台和公安专网平台设计并实现了方便、高效的公安综合移动警务系统。该系统以公安专网后台应用系统为依托,以现代移动通信技术为手段,充分利用了公安信息系统的现有资源,为违法处理现场提供了强大的数据信息支持,在很大程度上提高了一线民警的警务工作效率及实战能力,为公安移动警务的实现提供了技术保障。论文的主要研究成果如下:
(1) 设计并实现了一种基于C/S结构公安无线移动警务系统,该系统利用中间件技术,采用三层C/S结构实现与公安数据中心交换数据,并在多普达686PDA实物环境下验证了系统的功能和性能要求。
(2) 设计了一种适合无线移动警务系统的数据信息传输解决方案。系统采用基于XML的数据交换技术,整合了异构数据,确保数据能够在网络中方便及可靠传输。同时,在系统逻辑结构设计时采用了内外网安全隔离技术,在正常数据交换和传输的情况下,确保公安专网和公共信息网在物理上的完全隔离。
(3) 提出了一种适用于无线网络通信的混合数据加密算法。数据采用高级加密标准AES加密,密钥以ECC加密,并用ECC实现数字签名。该混合加密算法需求存储空间小、运算速度快、带宽需求低、密钥管理方便。将该算法应用于公安交警无线移动警务系统的安全保障中,既能快速的进行数据加解密,又能很好地解决密钥分配问题,同时也可以很好地完成数字签名功能。
(4) 讨论了VPN技术和RADIUS技术的组成原理,并采用VPN和RADIUS认证相结合的方法,解决GPRS移动承载网络的安全接入问题。并将该方法应用于公安移动警务系统,解决了公安移动警务系统的安全接入问题。
该系统使一线干警可以随时随地取得所需要的有效资料,以及向公安数据服务中心传送数据、图片等信息,它是公安综合查询信息系统的无线延伸,实现公安综合信息无线查询、采集和处理等功能,是现代信息技术在公安交通管理工作中的具体运用。
The traditional police information system has lots of defects, such as out-of-date information collection, obsolete information management, poor share, redundant construction, ineffective unified command and coordinated combat, etc. In order to solve these problems of the police information system, this paper designs and realizes a more convenient and efficient police comprehensive mobile system which makes use of the wireless mobile platform, the internet platform and police special network platform on the basis of requirement analyses, tasks, characteristics and actual status. Based on police special network, modern mobile communications technology and police information resources, the system provides a powerful support of data for frontline policemen at the work spot. This system has enhanced the efficiency and fighting abilities of frontline policemen in a significant way, and has also provided technical supports for the implementation of police mobile system. The main results in the research are as follows:
(1) A kind of wireless mobile police system based on C/S structure is developed. Using middleware technologies, this system adopts the three layer C/S structure to achieve data exchange between the frontline policemen and the data centre. Moreover, the system achieves the system functions and satisfied the performance requirements in the environment of PDA (dopod686).
(2) A solution of data transmission is designed for data transmission of wireless police mobile system. In this solution, based on the use of XML data exchange technology, the developed system can ensure that data will be conveniently and reliably transmitted in the network. At the same time, security isolation technology of internal and external network is adopted in the design of system logic structure. In the circumstances of normal data exchange and transmission, the system ensures that the police special network and public networks are completely physical isolation.
(3) In order to apply to wireless network communications, a hybrid data encryption algorithm is proposed. The proposed algorithm employs the Advanced Encryption Standard (AES) to realize data encryption, makes use of ECC encryption to encrypt key, and utilize ECC encryption to implement digital signature. Moreover, the algorithm needs smaller storage space, runs faster, requires lower bandwidth, and manages key more conveniently. Applying the algorithms to the wireless mobile police security system, it can encrypt or decrypt data rapidly, solve the problem of key
(1) 设计并实现了一种基于C/S结构公安无线移动警务系统,该系统利用中间件技术,采用三层C/S结构实现与公安数据中心交换数据,并在多普达686PDA实物环境下验证了系统的功能和性能要求。
(2) 设计了一种适合无线移动警务系统的数据信息传输解决方案。系统采用基于XML的数据交换技术,整合了异构数据,确保数据能够在网络中方便及可靠传输。同时,在系统逻辑结构设计时采用了内外网安全隔离技术,在正常数据交换和传输的情况下,确保公安专网和公共信息网在物理上的完全隔离。
(3) 提出了一种适用于无线网络通信的混合数据加密算法。数据采用高级加密标准AES加密,密钥以ECC加密,并用ECC实现数字签名。该混合加密算法需求存储空间小、运算速度快、带宽需求低、密钥管理方便。将该算法应用于公安交警无线移动警务系统的安全保障中,既能快速的进行数据加解密,又能很好地解决密钥分配问题,同时也可以很好地完成数字签名功能。
(4) 讨论了VPN技术和RADIUS技术的组成原理,并采用VPN和RADIUS认证相结合的方法,解决GPRS移动承载网络的安全接入问题。并将该方法应用于公安移动警务系统,解决了公安移动警务系统的安全接入问题。
该系统使一线干警可以随时随地取得所需要的有效资料,以及向公安数据服务中心传送数据、图片等信息,它是公安综合查询信息系统的无线延伸,实现公安综合信息无线查询、采集和处理等功能,是现代信息技术在公安交通管理工作中的具体运用。
The traditional police information system has lots of defects, such as out-of-date information collection, obsolete information management, poor share, redundant construction, ineffective unified command and coordinated combat, etc. In order to solve these problems of the police information system, this paper designs and realizes a more convenient and efficient police comprehensive mobile system which makes use of the wireless mobile platform, the internet platform and police special network platform on the basis of requirement analyses, tasks, characteristics and actual status. Based on police special network, modern mobile communications technology and police information resources, the system provides a powerful support of data for frontline policemen at the work spot. This system has enhanced the efficiency and fighting abilities of frontline policemen in a significant way, and has also provided technical supports for the implementation of police mobile system. The main results in the research are as follows:
(1) A kind of wireless mobile police system based on C/S structure is developed. Using middleware technologies, this system adopts the three layer C/S structure to achieve data exchange between the frontline policemen and the data centre. Moreover, the system achieves the system functions and satisfied the performance requirements in the environment of PDA (dopod686).
(2) A solution of data transmission is designed for data transmission of wireless police mobile system. In this solution, based on the use of XML data exchange technology, the developed system can ensure that data will be conveniently and reliably transmitted in the network. At the same time, security isolation technology of internal and external network is adopted in the design of system logic structure. In the circumstances of normal data exchange and transmission, the system ensures that the police special network and public networks are completely physical isolation.
(3) In order to apply to wireless network communications, a hybrid data encryption algorithm is proposed. The proposed algorithm employs the Advanced Encryption Standard (AES) to realize data encryption, makes use of ECC encryption to encrypt key, and utilize ECC encryption to implement digital signature. Moreover, the algorithm needs smaller storage space, runs faster, requires lower bandwidth, and manages key more conveniently. Applying the algorithms to the wireless mobile police security system, it can encrypt or decrypt data rapidly, solve the problem of key
引文
[1] 北大高科,移动警务,http://www.pkusoft.net/gscp6.asp.
[2] 苏州警方启用公安无线移动警务通,苏州新闻网,http://www.sz.chinanews.com.cn/suzhou/2002-09-03/8/18562.html.
[3] 河南警方推广“移动警务”信息系统,中国数据通信,2004,5.
[4] 海南“移动警务通”实现科技强警,http://www.hq.xinhuanet.com/news/2003-02/04/content_195713.htm
[5] 王荃,张永智,骆崇.公安移动警务系统,现代电子技术,2003,14:26-28.
[6] 黄大鹏,范芳.地市级移动警务方案之探讨,警察技术,2003,3:6-9.
[7] 常志军,刘世中,刘新,郑州移动警务系统研究,河南科学,2003,21(6):827-830.
[8] 常朝稳,司志刚,鹤荣育等,公安信息综合查询方法探讨,计算机工程与应用,2004,21:185-186.
[9] 公安部.全国公安信息化工程——金盾工程总体方案设计.2001.4.
[10] 滕少华.客户机/服务器工作模式及其应用软件开发,江西师范大学学报(自然科学版)1997,21(3):56-60.
[11] 吴勤,徐进.C/S结构业务系统平移到多层体系结构技术的研究,计算机系统应用,2004,11:26-29.
[12] 尹毅峰,刘志镜,李康,PDA在移动电子商务中的应用,计算机应用,2001,21(8):72-73。
[13] 韩冷,胡自权,EPA网格中OPC数据服务系统三层C/S结构设计,微计算机信息,2005,21(5):216-217.
[14] Kaveh Pahalavan.无线网络通信原理与应用[M].北京:清华大学出版社,2002。
[15] Didier Martin著,李喆,严春莹,马琳译,XML高级编程,机械工业出版社,2001.
[16] 安兴亚,周本新,童小念,基于XML的网络数据更新模式,微计算机应用,2005,26(1):41-44.
[17] 南爱霞,张曙光,刘英,基于XML的三层网络结构的WebGIS系统模型,计算机应用研究,2004,1:91-93.
[18] 杨建武,陈晓鸥,XML相关标准综述[J].计算机科学,2002,29(2):25-28.
[19] [加] Douglas R.Stinson著,冯登国译,密码学原理与实践(第二版),电子工业出版社,2003.
[20] [美] Niels Ferguson,Bruce Schneier著,张振峰,许静,李红达等译,密码学实 践。电子工业出版社,2005.
[21] Brian Gladman. The AES Algorithm(Rijndael) in C and C++, October 10th, 2000.
[22] Nechvatal J, Barker E, Bassham L, et al. Report on the development of the advanced encryption standard(AES)[J]. Journal of Research of the National Institute of Standards and Technology, 2001, 106: 511-577.
[23] NIST. Advanced Eneryption Standard (AES)[M]. Federal Information Processing Standards Publication, 2001.
[24] Sean Murphy and Matthew J. B. Robshaw, Essential algebraic structure within the AES[C]. Proceedings of 22nd Annual International Cryptology Conference Santa Barbara, California, USA, 2002, 18-22.
[25] Yoo, S.-M. An AES crypto chip using a high-speed parallel pipelined architecture[J], Microprocessors and Microsystems. 2005, 29(7): 317-326.
[26] 黄智颖,冯新喜,张焕国.高级加密标准AES及其实现技巧[J].计算机工程与应用,2002,9:114-115.
[27] 崔建双,李铁克,张文新.对称加密算法Rijndael及其编程实现[J].计算机工程,2004,7:89-91.
[28] 廖大春,基于高级加密标准的分组加密模块的研究与实现,南开大学硕士学位论文,2003.
[29] A. J. Menezes, Elliptic Curves Public Key Cryptosystems, Boston, MA: Kluwer Academic Publishers, 1993.
[30] M. Aydos, et al, An elliptic curve cryptography based authentication and key agreement protocol for wireless communication, In 2nd International Workshop on Discrete Algorithms and Methods for Mobile Computing and communications Symposium on Information Theory, Dallas, Texas, October 30th 1998.
[31] A. K. Lenstra and E. R. Verheul. Selecting cryptographie key sizes. In The 3rd Workshop on Elliptic Curve Cryptography (ECC 99), Waterloo, Canada, November 1-3, 1999.
[32] SECI: elliptic curve cryptography, Standards for efficient Cryptography Group, September, 2000.
[33] IEEE P1363: Standard Specifications for Public Key cryptography. Institute of Electrical and Electronics Engineers, 2000.
[34] Kim and Kyong Hoon, Extending adaptive ECC scheme for window-constrained real-time communications in wireless networks[C], Proceedings of the 4th IASTED International Multi-Conference on Wireless and Optical Communications, 2004, 686-691.
[35] Amol Dabholkar and Kin Choong Yow, Efficient implementation of elliptic curve cryptography (ECC) for personal digital assistants (PDAs)[J], Wireless Personal Communications, 2004, 29(34): 233-246.
[36] Hou Zheng-Feng, Li Lan. Research on designing and optimizing of the algorithm for elliptic curve cryptography (ECC)[J]. Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2004, 32(11): 1904-1906.
[37] 丘奇志,椭圆曲线在数字签名中的应用[J].武汉理工大学学报,2004,26(9):78-80.
[38] 林淑芬,基于椭圆曲线的数据加密系统的实现,厦门大学硕士学位论文,2002.
[39] 文磊,数据加密与数字签名技术研究,西南石油学院硕士学位论文,2003.
[40] 傅德胜,孙文静,基于三重DES与ECC相结合的数据加密方案的实现,计算机应用与软件,2002,11:59-61.
[41] 张少波,涉密网络安全隔离解决方案,信息安全与通讯保密,2003,2:48-51.
[42] 张蒲生,基于物理隔离的数据交换及安全性研究,中国数据通信,2002,5:19-22.
[43] 杨小龙,基于网闸技术实现XML数据交换,警察技术,2005,1:7-10.
[44] 韩斌杰,GPRS原理及其网络优化,北京:机械工业出版社,2003
[45] 常青,VPN技术综述(上),中国计算机用户,2004,31:47-48
[46] 常青,VPN技术综述(下),中国计算机用户,2004,32:45-46
[47] C Rigney, S Willens et al. Remote Authentication Dial In User Service (RADIUS) [S]. RFC 2865, 2000, 6.
[48] 周俊鹤,移动警务系统中VPN和RADIUS用户认证技术的应用,网络安全技术与应用,2005,11.
[49] 张书奎,基于Radius的VPN设计与实现,计算机工程,2003,29(9):124-126.
[50] 曹敬,张敬平,RADIUS在远程接入安全认证中的应用,计算机工程与应用,2003,7:134-136.
[51] 周炎涛,李立明,TCP/IP协议下网络编程技术及其实现,航空计算技术,2002,32(3):122-124.
[52] 胡柯,颉谭成,董秀林,基于TCP/IP和Socket的网络文件传送,河南科技大学学报(自然科学版),2003,24(4):53-56.
[53] [德] Michael Welschenbach著,赵振江,连国卿等译,密码编码学——加密方法的C与C++实现,电子工业出版社,2003.
[2] 苏州警方启用公安无线移动警务通,苏州新闻网,http://www.sz.chinanews.com.cn/suzhou/2002-09-03/8/18562.html.
[3] 河南警方推广“移动警务”信息系统,中国数据通信,2004,5.
[4] 海南“移动警务通”实现科技强警,http://www.hq.xinhuanet.com/news/2003-02/04/content_195713.htm
[5] 王荃,张永智,骆崇.公安移动警务系统,现代电子技术,2003,14:26-28.
[6] 黄大鹏,范芳.地市级移动警务方案之探讨,警察技术,2003,3:6-9.
[7] 常志军,刘世中,刘新,郑州移动警务系统研究,河南科学,2003,21(6):827-830.
[8] 常朝稳,司志刚,鹤荣育等,公安信息综合查询方法探讨,计算机工程与应用,2004,21:185-186.
[9] 公安部.全国公安信息化工程——金盾工程总体方案设计.2001.4.
[10] 滕少华.客户机/服务器工作模式及其应用软件开发,江西师范大学学报(自然科学版)1997,21(3):56-60.
[11] 吴勤,徐进.C/S结构业务系统平移到多层体系结构技术的研究,计算机系统应用,2004,11:26-29.
[12] 尹毅峰,刘志镜,李康,PDA在移动电子商务中的应用,计算机应用,2001,21(8):72-73。
[13] 韩冷,胡自权,EPA网格中OPC数据服务系统三层C/S结构设计,微计算机信息,2005,21(5):216-217.
[14] Kaveh Pahalavan.无线网络通信原理与应用[M].北京:清华大学出版社,2002。
[15] Didier Martin著,李喆,严春莹,马琳译,XML高级编程,机械工业出版社,2001.
[16] 安兴亚,周本新,童小念,基于XML的网络数据更新模式,微计算机应用,2005,26(1):41-44.
[17] 南爱霞,张曙光,刘英,基于XML的三层网络结构的WebGIS系统模型,计算机应用研究,2004,1:91-93.
[18] 杨建武,陈晓鸥,XML相关标准综述[J].计算机科学,2002,29(2):25-28.
[19] [加] Douglas R.Stinson著,冯登国译,密码学原理与实践(第二版),电子工业出版社,2003.
[20] [美] Niels Ferguson,Bruce Schneier著,张振峰,许静,李红达等译,密码学实 践。电子工业出版社,2005.
[21] Brian Gladman. The AES Algorithm(Rijndael) in C and C++, October 10th, 2000.
[22] Nechvatal J, Barker E, Bassham L, et al. Report on the development of the advanced encryption standard(AES)[J]. Journal of Research of the National Institute of Standards and Technology, 2001, 106: 511-577.
[23] NIST. Advanced Eneryption Standard (AES)[M]. Federal Information Processing Standards Publication, 2001.
[24] Sean Murphy and Matthew J. B. Robshaw, Essential algebraic structure within the AES[C]. Proceedings of 22nd Annual International Cryptology Conference Santa Barbara, California, USA, 2002, 18-22.
[25] Yoo, S.-M. An AES crypto chip using a high-speed parallel pipelined architecture[J], Microprocessors and Microsystems. 2005, 29(7): 317-326.
[26] 黄智颖,冯新喜,张焕国.高级加密标准AES及其实现技巧[J].计算机工程与应用,2002,9:114-115.
[27] 崔建双,李铁克,张文新.对称加密算法Rijndael及其编程实现[J].计算机工程,2004,7:89-91.
[28] 廖大春,基于高级加密标准的分组加密模块的研究与实现,南开大学硕士学位论文,2003.
[29] A. J. Menezes, Elliptic Curves Public Key Cryptosystems, Boston, MA: Kluwer Academic Publishers, 1993.
[30] M. Aydos, et al, An elliptic curve cryptography based authentication and key agreement protocol for wireless communication, In 2nd International Workshop on Discrete Algorithms and Methods for Mobile Computing and communications Symposium on Information Theory, Dallas, Texas, October 30th 1998.
[31] A. K. Lenstra and E. R. Verheul. Selecting cryptographie key sizes. In The 3rd Workshop on Elliptic Curve Cryptography (ECC 99), Waterloo, Canada, November 1-3, 1999.
[32] SECI: elliptic curve cryptography, Standards for efficient Cryptography Group, September, 2000.
[33] IEEE P1363: Standard Specifications for Public Key cryptography. Institute of Electrical and Electronics Engineers, 2000.
[34] Kim and Kyong Hoon, Extending adaptive ECC scheme for window-constrained real-time communications in wireless networks[C], Proceedings of the 4th IASTED International Multi-Conference on Wireless and Optical Communications, 2004, 686-691.
[35] Amol Dabholkar and Kin Choong Yow, Efficient implementation of elliptic curve cryptography (ECC) for personal digital assistants (PDAs)[J], Wireless Personal Communications, 2004, 29(34): 233-246.
[36] Hou Zheng-Feng, Li Lan. Research on designing and optimizing of the algorithm for elliptic curve cryptography (ECC)[J]. Tien Tzu Hsueh Pao/Acta Electronica Sinica, 2004, 32(11): 1904-1906.
[37] 丘奇志,椭圆曲线在数字签名中的应用[J].武汉理工大学学报,2004,26(9):78-80.
[38] 林淑芬,基于椭圆曲线的数据加密系统的实现,厦门大学硕士学位论文,2002.
[39] 文磊,数据加密与数字签名技术研究,西南石油学院硕士学位论文,2003.
[40] 傅德胜,孙文静,基于三重DES与ECC相结合的数据加密方案的实现,计算机应用与软件,2002,11:59-61.
[41] 张少波,涉密网络安全隔离解决方案,信息安全与通讯保密,2003,2:48-51.
[42] 张蒲生,基于物理隔离的数据交换及安全性研究,中国数据通信,2002,5:19-22.
[43] 杨小龙,基于网闸技术实现XML数据交换,警察技术,2005,1:7-10.
[44] 韩斌杰,GPRS原理及其网络优化,北京:机械工业出版社,2003
[45] 常青,VPN技术综述(上),中国计算机用户,2004,31:47-48
[46] 常青,VPN技术综述(下),中国计算机用户,2004,32:45-46
[47] C Rigney, S Willens et al. Remote Authentication Dial In User Service (RADIUS) [S]. RFC 2865, 2000, 6.
[48] 周俊鹤,移动警务系统中VPN和RADIUS用户认证技术的应用,网络安全技术与应用,2005,11.
[49] 张书奎,基于Radius的VPN设计与实现,计算机工程,2003,29(9):124-126.
[50] 曹敬,张敬平,RADIUS在远程接入安全认证中的应用,计算机工程与应用,2003,7:134-136.
[51] 周炎涛,李立明,TCP/IP协议下网络编程技术及其实现,航空计算技术,2002,32(3):122-124.
[52] 胡柯,颉谭成,董秀林,基于TCP/IP和Socket的网络文件传送,河南科技大学学报(自然科学版),2003,24(4):53-56.
[53] [德] Michael Welschenbach著,赵振江,连国卿等译,密码编码学——加密方法的C与C++实现,电子工业出版社,2003.