HTML)

分享到：

《武汉工程大学学报》[ISSN:1674-2869/CN:42-1779/TQ]

Title:: Research of security university Egovernment?based on public key infrastructure

作者:: 黄兰英1; 叶从欢2; 1.湖北工程学院计算机与信息科学学院, 湖北孝感 432000;
2.华中科技大学计算机科学学院，湖北武汉 430077

Author(s):: HUANG Lanying1; YE Conghuan2; 1.School of Computer and Information Science, Hubei Engineering University, Xiaogan 432000,China；
2.Department of Computer Science, Huazhong University of Science and Technology, Wuhan 430077, China

Keywords:: authentication center; university Egovernment; information security; public key infrastructure

摘要:: 为了解决高校电子政务中的身份认证、访问控制、信息安全等安全问题，提出了一种基于公钥基础设施（PKI）核心技术的高校电子政务模型.该模型采用桥认证(CA)结构建立PKI信任机制，在各部门内部使用分级的CA认证，各部门之间通过中心CA进行桥接CA交叉认证；采用轻量目录访问协议（LDAP）建立PKI证书库，以目录复制 (Replica)实现CA对主从LDAP的数据一致性，提高使用者的身份有效认证.该模型还采用角色及权限访问控制(RBAC）进行用户合法安全访问控制，在用户和访问权限之间引入角色，用户通过角色分配的权限来访问系统资源.此模型在实践中得以验证，符合安全要求.

Abstract:: A model based on the core technology in the public key infrastructure (PKI) was introduced to resolve the safety problems in the Egovernment affairs of colleges and universities, such as identity authentication, access control and information safety. A PKI trust mechanism was established by using the bridge certificate authentication (CA), a hierarchical CA in every internal department and the bridge CA to cross authentication between various departments through a center CA were used. A PKI certificate base was established by using the lightweight directory access protocol (LDAP), which used directory replication to realize masterslave LDAP data consistency, so the availability of identity authentication of users was enhanced. The legal safety access of users was controlled by using role based access control (RBAC）, the role between the user and the access was introduced , then the user accessed system resources through the permissions granted to the roles. The model is proved in practice according to the safety requests and is useful for the development of the Egovernment affairs of colleges and universities.

［1］李鸣.我国电子政务发展综述\[J\].武汉工程大学学报,2010，32（4）:5255.

［2］张靖.公钥基础设施在高校电子政务安全中的应用\[D\].武汉：华中科技大学,2006.

3］李伟平.基于服务的公钥密码应用支持系统的设计与实现\[D\].长春：吉林大学,2011.

［4］周杨,王春枝.PKI体系下的电子政务信息安全研究\[J\].软件导刊，2009,8(3):161163.

［5］Adams C,Lloyd S.公开密钥基础设施——概念、标准和实施\[M\]. 冯登国，译.北京：人民邮电出版社,2001.

［6］黄兰英.基于PKI的电子政务安全策略\[J\].孝感学院学报,2005.3:7477.

［7］范明钰,王光卫．密码学理论与技术\[M\].北京:清华大学出版社,2008.

［8］聂维.PKI技术及其在校园网中的应用研究\[D\].上海：华东师范大学,2008.

［9］王启建.基于PKI技术的安全电子政务系统的设计\[D\]．曲阜：曲阜师范大学，2007.

［10］张福宾,张春海.基于PKI的安全电子政务应用\[J\].计算机工程,2004, 30(6):130132.

［11］强勇军. PKI/CA的构建与应用\[D\].成都：电子科技大学,2006.

［12］高毓航,龚俭.基于LDAP目录服务的PKI证书库研究与设计\[J\].计算机工程, 2009,12:6167.

［13］张靖,马丁.LDAP目录服务在PKI中的应用\[J\].河南科技学院学报：自然科学版,2006,1:106109.

［14］赵红云,赵福祥,陈砚圃.轻量级目录访问协议在证书库中的应用\[J\].计算机应用与软件,2007,11:198200.

［15］侯奋飞,宋宇波.基于PMI的电子政务访问控制体系\[J\].计算机工程,2004,17:114116.

更新日期/Last Update: 2013-04-10