大型物流信息系统中安全认证子系统的设计与实现
|
摘要
电子商务时代,由于企业销售范围的扩大,促使了物流行业的兴起,电子商务需要强大的现代化物流体系作支撑,而信息系统的建设和应用是物流现代化的主要内容。在物流信息系统的建设中,很重要的一点便是要在安全策略上保护好系统的帐务清分与结算、支付网关、敏感数据的存储安全;信息在网络传输过程中的安全以及特殊物流客户的信息资料的安全等。CA认证技术作为一种极具前瞻性和收益性的新技术,具有网上信息加密、解密和数字签名等功能,通过它来保证电子商务、电子政务活动的安全是必由之路。
本文首先详细论述了在大型物流信息系统建设的多个环节中,如业务受理、存储、配送、运输、费用、客户管理等方面有强烈的安全认证需求,接着深入探讨了现代密码学的基本原理,为安全认证子系统的设计提供了理论依据;然后对三种不同的认证系统作了比较,并针对本文的大型物流信息系统特点选择了CPCA认证系统;最后是安全认证子系统的具体设计与实现。本文是以广东邮政开发的《电子商务物流管理与动态调配系统》为背景,利用CPCA认证功能在邮政物流信息系统的各功能模块中作身份认证、数据加密传输、权限管理、密钥管理、数字证书的管理、安全维护及其它方面的有效应用。
In the age of e-business, the expansion of the trade scope of the enterprise causes the boom of the logistics, which supports the development of e-business. Yet the construction and application of the information system is the main content of modern logistics. In the construction of logistics information system, it is essential to guarantee the security of such system information as sorting and settlement of account, payment netgate, and the storage of important data, as well as the security of transmission of the important client information. CA certification, which is of prospect and profit, has such functions as online information encryption, decryption and digital signature and the employment of CA certification is compulsory for the security of e-business.
In this article there is a discussion of the demand of security certification in the different phases of construction of large-scale logistics information system, such as acceptance of business, storage, allocation, transportation, expense, clients management; then, it is the discussion of the basic principles of modern cryptography, which is the theoretic bases of subsystem of security certification; and then, according to the comparison of three different certification systems, it shows the preference of CPCA certification system in terms of characteristics of large-scale logistics information system concerned; finally, it is the design and actualization of the security certification subsystem. Based on the management and dynamic allocation system of e-business logistics developed for Guangdong Postal Service, this research is about the application of identity certification, transmission of encrypted data, management of privilege and password, management of digital signature and security maintenance through the employment of CPCA.
本文首先详细论述了在大型物流信息系统建设的多个环节中,如业务受理、存储、配送、运输、费用、客户管理等方面有强烈的安全认证需求,接着深入探讨了现代密码学的基本原理,为安全认证子系统的设计提供了理论依据;然后对三种不同的认证系统作了比较,并针对本文的大型物流信息系统特点选择了CPCA认证系统;最后是安全认证子系统的具体设计与实现。本文是以广东邮政开发的《电子商务物流管理与动态调配系统》为背景,利用CPCA认证功能在邮政物流信息系统的各功能模块中作身份认证、数据加密传输、权限管理、密钥管理、数字证书的管理、安全维护及其它方面的有效应用。
In the age of e-business, the expansion of the trade scope of the enterprise causes the boom of the logistics, which supports the development of e-business. Yet the construction and application of the information system is the main content of modern logistics. In the construction of logistics information system, it is essential to guarantee the security of such system information as sorting and settlement of account, payment netgate, and the storage of important data, as well as the security of transmission of the important client information. CA certification, which is of prospect and profit, has such functions as online information encryption, decryption and digital signature and the employment of CA certification is compulsory for the security of e-business.
In this article there is a discussion of the demand of security certification in the different phases of construction of large-scale logistics information system, such as acceptance of business, storage, allocation, transportation, expense, clients management; then, it is the discussion of the basic principles of modern cryptography, which is the theoretic bases of subsystem of security certification; and then, according to the comparison of three different certification systems, it shows the preference of CPCA certification system in terms of characteristics of large-scale logistics information system concerned; finally, it is the design and actualization of the security certification subsystem. Based on the management and dynamic allocation system of e-business logistics developed for Guangdong Postal Service, this research is about the application of identity certification, transmission of encrypted data, management of privilege and password, management of digital signature and security maintenance through the employment of CPCA.
引文
[1] 张铎.电子商务与物流.北京:电子工业出版社,2000.39-44
[2] William Stallings.密码编码学与网络安全原理与实践.北京:北京电子工业出版社,2001.151-222
[3] 国家邮政局.邮政物流信息系统总体技术方案送审稿.北京,2003
[4] 范昊.基于公钥基础结构(PKI)的Internet安全研究:[硕士学位论文].上海:华中师范大学,2001.
[5] 李中献,詹榜华,杨义先.认证理论与技术的发展.电子学报,1999,27(1):98-102
[6] PKI/CA技术的介绍.http://www.sccin.com.cn/ca/erji.htm
[7] Biham, Elia, Shamir, Adj. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag. 2001.
[8] 国外PKI/CA体系发展状况的研究.天威诚信.http://www.itrus.com.cn/resources/specialist/lyh_01.asp
[9] 潘宏.国外PKI发展概况http://www.istis.sh.cn/list/list.asp?id=368,2004
[10] 吴亚非.中国PKI论坛推动PKI产业发展.信息网络安全,2002
[11] 陈晓峰,王育民.公钥密码体制研究与进展.通信学报,2004,25(8):99-110.
[12] 黄伟河,杜瑞颖,张沪寅等.网络安全.武汉:武汉大学出版社,2004
[13] 杨先义,钮心忻.网络安全理论与技术.北京:人民邮电出版社,2003.
[14] 张文杰.现代综合物流管理.北京:电子工业出版社,2000
[15] 广东省邮政局.广东省电子商务应用示范工程实施方案.广东广州,2002
[16] 秦明森,王方智.实用物流技术.北京:中国物资出版社,1991
[17] 丁立言,张锋.国际物流学.北京:人民交通出版社,1999
[18] Handfield, Robert B. and Ernest L.N. Introduction to Supply Chain Management. Prentice-Hall, 1999
[19] Martin Christopher. Logistics and Supply Chain Management. Pitman Publishing, 1992139-192
[20] Kaufman, Radia, Mike. Network Security: Private Communication in a Public World. Prentice Hall. 2000
[21] [美]戴维J,克劳斯著,林国龙等译。物流管理供应链过程的一体化.北京:机械工业出版社,1999
[22] 湖南省中邮信息科技有限公司.国家邮政局邮政综合业务网电子邮政示范 工程项目认证系统软件概要设计说明书.
[23] 潘锦基,周良,丁秋林.基于J2EE的物流信息系统的设计与实现.计算机工程与应用,2003,39(26):134-136
[24] 王腾,聂瑞华.面向对象技术在物流信息系统中的应用.株洲工学院学报,2003(2):105-106
[25] [英]Wenbo Mao著,王继林,任前红译.现化密码学理论与实践.北京:电子工业出版社,2004.
[26] A. Menezes, P. van. Handbook of Applied Cryptography. CRC Press.1996.37-95
[27] Cheswick, William R, Bellovin. Firewalls and Internet Security. Addison Wesley. 2000
[28] 樊麙丰,林东.网络信息安全&PGP加密.北京:清华大学出版社,1998.
[29] Bruce Schneier著,吴世忠,祝世雄,张文政等译.应用密码学.北京:北京机械工业出版社,2000.
[30] [美]Mohan Atreya等著,贺军等译.数字签名.北京:清华大学出版社,2003.14-176.
[31] 赵小林等.网络安全与技术教程.北京:国防工业出版社,2002
[32] Shannon C E. Communication Theory of Secrecy Systems. Bell Systems Technical Journal. 1998, 28(3): 656:715
[33] 张雪.加密与解密—软件保护技术及完全解决方案.北京:电子工业出版社,2001.52-81.
[34] 李仁发,喻飞,朱淼良等.计算机网络安全.北京:希望出版社,2004.123-158
[35] 冯登国.国内外密码学研究现状及发展趋势.通信学报,2002,23(5):18-26.
[36] Diffie, Whitfield, Landau. Privacy on the Line. MIT Press.2001
[37] 广东省广州市邮政局.电子邮戳系统方案.广东广州,1999.
[38] 湖南省中邮信息科技有限公司.CPCA认证中心函数接口2.0.2002
[39] 谢冬青,冷健编著.PKI原理与技术,北京:清华大学出版社,2003
[40] 广东省邮政局.物流信息系统应用程序框架的研究.广东广州,2002.
[41] PKI技术研究及其客户端实现.http://find.ssreader.com/出版社,1998
[42] Rich Salz.了解XML数字签名 http://www.microsoft.com/china/msdn/archives/library/dnwebsrv/html/underxmldigsig.asp. 2003
[43] Biham, Elia, Shamir. Differential Crytanalysis of the Data Encryption Standard. Springer Verlag. 2000
[44] Kiblitz, Neal. A Course in Number Theory and Cryptography. Springer Verlag. 2000
[45] 张晓东.JAVA数据库高级教程.北京:清华大学出版社,2004.358-500.
[46] JAVA加密和数字签名编程快速入门http://soft.yesky.com/SoftChannel/72342371961929728/20050217/
[47] 如何在JAVA中编程实现数字签名系统http://www.chinaitlab.com/www/news/article_show.asp?id=20818
[48] 数字签名算法分析与Hash签名.http://www.ChinalTLab.com.
[2] William Stallings.密码编码学与网络安全原理与实践.北京:北京电子工业出版社,2001.151-222
[3] 国家邮政局.邮政物流信息系统总体技术方案送审稿.北京,2003
[4] 范昊.基于公钥基础结构(PKI)的Internet安全研究:[硕士学位论文].上海:华中师范大学,2001.
[5] 李中献,詹榜华,杨义先.认证理论与技术的发展.电子学报,1999,27(1):98-102
[6] PKI/CA技术的介绍.http://www.sccin.com.cn/ca/erji.htm
[7] Biham, Elia, Shamir, Adj. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag. 2001.
[8] 国外PKI/CA体系发展状况的研究.天威诚信.http://www.itrus.com.cn/resources/specialist/lyh_01.asp
[9] 潘宏.国外PKI发展概况http://www.istis.sh.cn/list/list.asp?id=368,2004
[10] 吴亚非.中国PKI论坛推动PKI产业发展.信息网络安全,2002
[11] 陈晓峰,王育民.公钥密码体制研究与进展.通信学报,2004,25(8):99-110.
[12] 黄伟河,杜瑞颖,张沪寅等.网络安全.武汉:武汉大学出版社,2004
[13] 杨先义,钮心忻.网络安全理论与技术.北京:人民邮电出版社,2003.
[14] 张文杰.现代综合物流管理.北京:电子工业出版社,2000
[15] 广东省邮政局.广东省电子商务应用示范工程实施方案.广东广州,2002
[16] 秦明森,王方智.实用物流技术.北京:中国物资出版社,1991
[17] 丁立言,张锋.国际物流学.北京:人民交通出版社,1999
[18] Handfield, Robert B. and Ernest L.N. Introduction to Supply Chain Management. Prentice-Hall, 1999
[19] Martin Christopher. Logistics and Supply Chain Management. Pitman Publishing, 1992139-192
[20] Kaufman, Radia, Mike. Network Security: Private Communication in a Public World. Prentice Hall. 2000
[21] [美]戴维J,克劳斯著,林国龙等译。物流管理供应链过程的一体化.北京:机械工业出版社,1999
[22] 湖南省中邮信息科技有限公司.国家邮政局邮政综合业务网电子邮政示范 工程项目认证系统软件概要设计说明书.
[23] 潘锦基,周良,丁秋林.基于J2EE的物流信息系统的设计与实现.计算机工程与应用,2003,39(26):134-136
[24] 王腾,聂瑞华.面向对象技术在物流信息系统中的应用.株洲工学院学报,2003(2):105-106
[25] [英]Wenbo Mao著,王继林,任前红译.现化密码学理论与实践.北京:电子工业出版社,2004.
[26] A. Menezes, P. van. Handbook of Applied Cryptography. CRC Press.1996.37-95
[27] Cheswick, William R, Bellovin. Firewalls and Internet Security. Addison Wesley. 2000
[28] 樊麙丰,林东.网络信息安全&PGP加密.北京:清华大学出版社,1998.
[29] Bruce Schneier著,吴世忠,祝世雄,张文政等译.应用密码学.北京:北京机械工业出版社,2000.
[30] [美]Mohan Atreya等著,贺军等译.数字签名.北京:清华大学出版社,2003.14-176.
[31] 赵小林等.网络安全与技术教程.北京:国防工业出版社,2002
[32] Shannon C E. Communication Theory of Secrecy Systems. Bell Systems Technical Journal. 1998, 28(3): 656:715
[33] 张雪.加密与解密—软件保护技术及完全解决方案.北京:电子工业出版社,2001.52-81.
[34] 李仁发,喻飞,朱淼良等.计算机网络安全.北京:希望出版社,2004.123-158
[35] 冯登国.国内外密码学研究现状及发展趋势.通信学报,2002,23(5):18-26.
[36] Diffie, Whitfield, Landau. Privacy on the Line. MIT Press.2001
[37] 广东省广州市邮政局.电子邮戳系统方案.广东广州,1999.
[38] 湖南省中邮信息科技有限公司.CPCA认证中心函数接口2.0.2002
[39] 谢冬青,冷健编著.PKI原理与技术,北京:清华大学出版社,2003
[40] 广东省邮政局.物流信息系统应用程序框架的研究.广东广州,2002.
[41] PKI技术研究及其客户端实现.http://find.ssreader.com/出版社,1998
[42] Rich Salz.了解XML数字签名 http://www.microsoft.com/china/msdn/archives/library/dnwebsrv/html/underxmldigsig.asp. 2003
[43] Biham, Elia, Shamir. Differential Crytanalysis of the Data Encryption Standard. Springer Verlag. 2000
[44] Kiblitz, Neal. A Course in Number Theory and Cryptography. Springer Verlag. 2000
[45] 张晓东.JAVA数据库高级教程.北京:清华大学出版社,2004.358-500.
[46] JAVA加密和数字签名编程快速入门http://soft.yesky.com/SoftChannel/72342371961929728/20050217/
[47] 如何在JAVA中编程实现数字签名系统http://www.chinaitlab.com/www/news/article_show.asp?id=20818
[48] 数字签名算法分析与Hash签名.http://www.ChinalTLab.com.