电子政务中公文安全传输系统的设计
|
摘要
公文传输系统是电子政务建设中的核心和基础系统,它的开发与应用已经成为各级政府机关政务信息化的主要内容。由于政务办公的特殊性,公文传输过程中的诚信与安全问题一直受到广泛的关注。本文从以下两方面对此问题进行讨论:
一是数据的安全问题。公钥基础设施(PKI)的出现是人们对信息安全需求日益严格的结果,其应用范围非常广泛,并且成为电子政务主动寻求的保护信息的安全技术。
二是访问控制和业务流程控制的问题。在公文传输系统中,政府组织是政府中信息决策、任务执行、管理和监督活动载体,政府业务的复杂性和不确定性使对公文的操作的控制遇到困难。
本文分析对比了目前国内公文传输系统的普遍采用的体系结构和开发方式,分析了政府办公业务的实际业务流程及其特点,以公文传输过程中的诚信与安全保障为中心,深入讨论了角色网络理论和公钥基础设施在公文传输系统的应用。在此基础上,采用成熟的应用服务器,以JAVA技术为主要实现语言,结合客户端控件的使用,设计了一个适用于国内实际情况的典型的公文传输的安全保障系统。这个系统采用结合分层结构和基于组件的软件设计方式,强调系统安全功能扩展的平滑性、系统用户在管理方面的易用性和减少信息存储的冗余,并在强认证、信息完整性与不可否认性、系统内部的审核与监控等方面有深刻体现。
本文以辽宁省数字认证中心提供的PKI安全认证平台为基础,结合大连市委办公实际的公文传输业务需求,针对公文传输中的安全功能和运转适用性问题,将PKI技术中的各种安全服务在公文传输系统内部进行合理部署,为市委办公自动化中的公文无纸化提供了相当好的解决方案,并在实践中得到应用,收到很好的实际效果。
Documents transmission system is the core and fundamental system in E-government construction, with its exploitation and application being the main content of the informatization of governments of all levels. On account of the specialty of government work, great emphasis has always been putting on the security and credit of documents transmission. This paper presents two aspects as followed on this question:
The first is the question of data security. PKI (Public Key Infrastructure) technique came into form as a result that people gradually had greater demand on information security. Its application scope is quite wide and it became a security technique, which E-government work looked for actively to protect information.
The second is the question of the visit control and workflow control. In the documents transmission system, the government organs are the carrier of information decision, tasks execution, administration and supervision in government. The complexity and indefiniteness of government work make the control of documents operation quite difficult.
This paper analyzed and compared the prevalent system structure and exploitation means of domestic document transmission system, analyzed the actual work flow and characteristics of government work, discussed in depth the application of role network theory and PKI technique in documents transmission system with the credit and security as the basis. Furthermore, this paper designed a security system for documents transmission, which adapted to the domestic reality, by selecting mature application server, selecting JAVA as the main language and by using controls in client terminal. This system adopted the design of multi-layer structure and package based software design, gave great emphasis on the smoothness of system function expansion, the easy operation for the users in administration and reducing information redundancy, and did well in identity authentication, information integration and undeniability, internal checking and supervision in system itself, and etc..
Based on the PKI security authentication platform provided by the 1~(st) Bureau of Liaoning Province Party Committee, combining with the reality of the documents transmission work requirements of Dalian Party Committee, according to the questions of security function and operation adaptation in documents transmission, this paper made a reasonable deployment of various kinds of security service in PKI technique, offered a fantastic solving program for documents transmission without paper in the office automation of Dalian Party Committee, and has got a good result through practice till now.
一是数据的安全问题。公钥基础设施(PKI)的出现是人们对信息安全需求日益严格的结果,其应用范围非常广泛,并且成为电子政务主动寻求的保护信息的安全技术。
二是访问控制和业务流程控制的问题。在公文传输系统中,政府组织是政府中信息决策、任务执行、管理和监督活动载体,政府业务的复杂性和不确定性使对公文的操作的控制遇到困难。
本文分析对比了目前国内公文传输系统的普遍采用的体系结构和开发方式,分析了政府办公业务的实际业务流程及其特点,以公文传输过程中的诚信与安全保障为中心,深入讨论了角色网络理论和公钥基础设施在公文传输系统的应用。在此基础上,采用成熟的应用服务器,以JAVA技术为主要实现语言,结合客户端控件的使用,设计了一个适用于国内实际情况的典型的公文传输的安全保障系统。这个系统采用结合分层结构和基于组件的软件设计方式,强调系统安全功能扩展的平滑性、系统用户在管理方面的易用性和减少信息存储的冗余,并在强认证、信息完整性与不可否认性、系统内部的审核与监控等方面有深刻体现。
本文以辽宁省数字认证中心提供的PKI安全认证平台为基础,结合大连市委办公实际的公文传输业务需求,针对公文传输中的安全功能和运转适用性问题,将PKI技术中的各种安全服务在公文传输系统内部进行合理部署,为市委办公自动化中的公文无纸化提供了相当好的解决方案,并在实践中得到应用,收到很好的实际效果。
Documents transmission system is the core and fundamental system in E-government construction, with its exploitation and application being the main content of the informatization of governments of all levels. On account of the specialty of government work, great emphasis has always been putting on the security and credit of documents transmission. This paper presents two aspects as followed on this question:
The first is the question of data security. PKI (Public Key Infrastructure) technique came into form as a result that people gradually had greater demand on information security. Its application scope is quite wide and it became a security technique, which E-government work looked for actively to protect information.
The second is the question of the visit control and workflow control. In the documents transmission system, the government organs are the carrier of information decision, tasks execution, administration and supervision in government. The complexity and indefiniteness of government work make the control of documents operation quite difficult.
This paper analyzed and compared the prevalent system structure and exploitation means of domestic document transmission system, analyzed the actual work flow and characteristics of government work, discussed in depth the application of role network theory and PKI technique in documents transmission system with the credit and security as the basis. Furthermore, this paper designed a security system for documents transmission, which adapted to the domestic reality, by selecting mature application server, selecting JAVA as the main language and by using controls in client terminal. This system adopted the design of multi-layer structure and package based software design, gave great emphasis on the smoothness of system function expansion, the easy operation for the users in administration and reducing information redundancy, and did well in identity authentication, information integration and undeniability, internal checking and supervision in system itself, and etc..
Based on the PKI security authentication platform provided by the 1~(st) Bureau of Liaoning Province Party Committee, combining with the reality of the documents transmission work requirements of Dalian Party Committee, according to the questions of security function and operation adaptation in documents transmission, this paper made a reasonable deployment of various kinds of security service in PKI technique, offered a fantastic solving program for documents transmission without paper in the office automation of Dalian Party Committee, and has got a good result through practice till now.
引文
[1] Wang Chang-Ji, Wu Jian-Ping, Duan Hai-Xin. Using attribute certificate to design role-based access control. Parallel and Distributed Computing, Applications and Technologies, 2003, (6)27:216-218.
[2] 于淼,王延章.基于角色网络模型的电子政务系统框架的研究与实现.计算机工程与应 用,2003,12(31):31—35.
[3] Wolfl, T.. Public-Key-Infrastructure Based on a Peer-to-Peer Network. HICSS' 05. Proceedings of the 38th Annual Hawaii International Conference, 2004,1(7):233-235.
[4] Yi Wang, Dawu Gu, Scalable PKI model based on location information, 2003 International Conferenc, 2003.17-19
[5] Warwick Ford,Michael S.Baum.安全电子商务.北京:人民邮电出版社,2002.16-17
[6] 杨坚争,利好好,陶田.电子商务网站典型案例评析.西安:电子工业科技大学出版社,2002:65-69.
[7] 任丽芳,白尚旺,徐玉斌.办公自动化系统中公文传输模型研究.太原重型机械学院学报,2004,1(25):40-44.
[8] 于淼,王延章.公文传输中操作活动的分解和管理.计算机工程,2003,22(29):18-21.
[9] 李国瑞,庄兵.政府办公新策略.鞍山师范学院学报,2003,6(2):94-96.
[10] 关振胜.公钥技术设施PKI与认证机构CA.北京:电子工业出版社,2002:45-48.
[11] 孟博,熊丽,陈浩然.基于PKI的电子商务安全研究.计算机工程与应用,2002,11(9):237-240.
[12] Forne, J. Web-based authorization based on X. 509 privilege management infrastructure. Manchester: Computers and signal Processing Press, 2004:125-127.
[13] Welch, E. W., Hinnant, C. C.. Internet use, transparency, and interactivity effects on trust in government. System Sciences, 2003.
[14] 蔡谊,沈昌详.PKI技术在电子政务中的应用.计算机应用研究,2002,10(7):11-15.
[15] Gutmann, p.. Simplifying public key management and computer, 2004, 2(37):101-103.
[16] 增春,宋宝燕,田文虎,王国仁,于戈.一个支持复杂应用的工作流模型.东北大学学报(自然科学版),1999,5(20):464-468.
[17] Medjahed, B., Rezgni, A.,Bouguettaya, A., Quzzani, M. Infrastructure for e-government Web services. Internet Computing, IEEE, 2003,1(7):58-65.
[18] 吴志刚,赵菁华.我国电子政务亟待解决的问题.信息技术与标准化,2002,2(12):28-29.
[19] Cohen, S., Eimicke, W.. The future of E-government:a project of potential trends and issues. Lyon:System Sciences, 2003:46-48.
[20] Balfanz D., Durfee, G.,Smetters, D. K., Grinter, R. E.. In search of usable security:five lessons from the field. Security & Privacy Magazine, 2004, 5(2):19-24.
[21] Frausto, P., Antoine, C.. Role based control via attribute certificate. Information and Communication Technologies, 2004, 2 (9):81-82.
[22] 吕宜洪,宋瀚涛,龚圆明.政府机关公文传输系统访问控制基本框架及改进的RBAC模型研究.计算机应用研究,2003,1(10):31-35.
[23] 肖凌,李之堂.公开密钥基础设施(PKI)结构.计算机工程与应用,2002,10(6):173-177.
[24] Kozina, G.,Dubinin, R., Goretsky, A.. System of the protected document circulation on the enterprise. Modern problems of Radio Engineering. London:Telecommunications and Computer Science, 2004:178-182.
[25] 于淼,王延章,陈雪龙.元数据在电子政务办公系统实现中的应用研究.计算机工程与应 用,2003,7(12):28-32.
[26] Merike Kaeo.网络安全性设计.北京:人民邮电出版社,2000:75-79.
[27] 芮廷先,钟伟春,郑燕华.电子商务安全与环境.上海:财经大学出版社,2000:158-163.
[28] 刘启原,刘怡.数据库与信息系统的安全.太原:科学出版社,2001:125-128.
[29] 张丽华.中华人民共和国电子签名法.北京:人民出版社,2004:42-46.
[30] 冯运波,任金强,杨义先.传统PKI与桥CA认证体系.电信科学,2002,10(3):21-25.
[31] 张繁,蔡家楣.电子政务系统中动态工作流技术的应用.计算机工程,2003,12(29):12-15.
[32] 李忠.工作流技术在公文传输电子化处理中的应用.信息化建设,2003,12(10):26-27.
[33] 李国瑞,庄兵.政府办公新策略——网上公文传输.鞍山师范学院报,2003,12(2):94-96.
[34] Skarmeta, Perez., Reverte, Millan. PKI Services for Ipv6. Internet Computing, IEEE, 2003,6(8):212-215.
[35] Datta A., Hauswirth. M, Aberer K..Beyond "web of trust": enabling P2P e-commerce. E-Commerce IEEE International Journal, 2o03, 6(10):24-27.
[36] 李俊宇.信息安全技术基础.北京:冶金工业出版社,2004:72-77.
[37] Yi Zhuang, Jia Liu, Qiang Wei. An active information security model research. Machine Learning and Cybernetics and proceedings of 2004 International Magzine, 2004,6(1):282-286.
[38] Tounsi, M, Hamdi, M., Boudriga, N..A public key-based authentication framework for multi-hop and hoc networks. Electrotechnicai Proceedings of the 12th IEEE Mediterranean, 2004,12(2):775-778.
[39] 李长树.办公自动化系统的设计方法与实施策略.计算机应用研究会,2000,10(7):47-50.
[2] 于淼,王延章.基于角色网络模型的电子政务系统框架的研究与实现.计算机工程与应 用,2003,12(31):31—35.
[3] Wolfl, T.. Public-Key-Infrastructure Based on a Peer-to-Peer Network. HICSS' 05. Proceedings of the 38th Annual Hawaii International Conference, 2004,1(7):233-235.
[4] Yi Wang, Dawu Gu, Scalable PKI model based on location information, 2003 International Conferenc, 2003.17-19
[5] Warwick Ford,Michael S.Baum.安全电子商务.北京:人民邮电出版社,2002.16-17
[6] 杨坚争,利好好,陶田.电子商务网站典型案例评析.西安:电子工业科技大学出版社,2002:65-69.
[7] 任丽芳,白尚旺,徐玉斌.办公自动化系统中公文传输模型研究.太原重型机械学院学报,2004,1(25):40-44.
[8] 于淼,王延章.公文传输中操作活动的分解和管理.计算机工程,2003,22(29):18-21.
[9] 李国瑞,庄兵.政府办公新策略.鞍山师范学院学报,2003,6(2):94-96.
[10] 关振胜.公钥技术设施PKI与认证机构CA.北京:电子工业出版社,2002:45-48.
[11] 孟博,熊丽,陈浩然.基于PKI的电子商务安全研究.计算机工程与应用,2002,11(9):237-240.
[12] Forne, J. Web-based authorization based on X. 509 privilege management infrastructure. Manchester: Computers and signal Processing Press, 2004:125-127.
[13] Welch, E. W., Hinnant, C. C.. Internet use, transparency, and interactivity effects on trust in government. System Sciences, 2003.
[14] 蔡谊,沈昌详.PKI技术在电子政务中的应用.计算机应用研究,2002,10(7):11-15.
[15] Gutmann, p.. Simplifying public key management and computer, 2004, 2(37):101-103.
[16] 增春,宋宝燕,田文虎,王国仁,于戈.一个支持复杂应用的工作流模型.东北大学学报(自然科学版),1999,5(20):464-468.
[17] Medjahed, B., Rezgni, A.,Bouguettaya, A., Quzzani, M. Infrastructure for e-government Web services. Internet Computing, IEEE, 2003,1(7):58-65.
[18] 吴志刚,赵菁华.我国电子政务亟待解决的问题.信息技术与标准化,2002,2(12):28-29.
[19] Cohen, S., Eimicke, W.. The future of E-government:a project of potential trends and issues. Lyon:System Sciences, 2003:46-48.
[20] Balfanz D., Durfee, G.,Smetters, D. K., Grinter, R. E.. In search of usable security:five lessons from the field. Security & Privacy Magazine, 2004, 5(2):19-24.
[21] Frausto, P., Antoine, C.. Role based control via attribute certificate. Information and Communication Technologies, 2004, 2 (9):81-82.
[22] 吕宜洪,宋瀚涛,龚圆明.政府机关公文传输系统访问控制基本框架及改进的RBAC模型研究.计算机应用研究,2003,1(10):31-35.
[23] 肖凌,李之堂.公开密钥基础设施(PKI)结构.计算机工程与应用,2002,10(6):173-177.
[24] Kozina, G.,Dubinin, R., Goretsky, A.. System of the protected document circulation on the enterprise. Modern problems of Radio Engineering. London:Telecommunications and Computer Science, 2004:178-182.
[25] 于淼,王延章,陈雪龙.元数据在电子政务办公系统实现中的应用研究.计算机工程与应 用,2003,7(12):28-32.
[26] Merike Kaeo.网络安全性设计.北京:人民邮电出版社,2000:75-79.
[27] 芮廷先,钟伟春,郑燕华.电子商务安全与环境.上海:财经大学出版社,2000:158-163.
[28] 刘启原,刘怡.数据库与信息系统的安全.太原:科学出版社,2001:125-128.
[29] 张丽华.中华人民共和国电子签名法.北京:人民出版社,2004:42-46.
[30] 冯运波,任金强,杨义先.传统PKI与桥CA认证体系.电信科学,2002,10(3):21-25.
[31] 张繁,蔡家楣.电子政务系统中动态工作流技术的应用.计算机工程,2003,12(29):12-15.
[32] 李忠.工作流技术在公文传输电子化处理中的应用.信息化建设,2003,12(10):26-27.
[33] 李国瑞,庄兵.政府办公新策略——网上公文传输.鞍山师范学院报,2003,12(2):94-96.
[34] Skarmeta, Perez., Reverte, Millan. PKI Services for Ipv6. Internet Computing, IEEE, 2003,6(8):212-215.
[35] Datta A., Hauswirth. M, Aberer K..Beyond "web of trust": enabling P2P e-commerce. E-Commerce IEEE International Journal, 2o03, 6(10):24-27.
[36] 李俊宇.信息安全技术基础.北京:冶金工业出版社,2004:72-77.
[37] Yi Zhuang, Jia Liu, Qiang Wei. An active information security model research. Machine Learning and Cybernetics and proceedings of 2004 International Magzine, 2004,6(1):282-286.
[38] Tounsi, M, Hamdi, M., Boudriga, N..A public key-based authentication framework for multi-hop and hoc networks. Electrotechnicai Proceedings of the 12th IEEE Mediterranean, 2004,12(2):775-778.
[39] 李长树.办公自动化系统的设计方法与实施策略.计算机应用研究会,2000,10(7):47-50.