【摘要】：隨著信息化發(fā)展,網絡安全越來越被重視,授權管理作為PKI發(fā)展的新領域進入了快速發(fā)展的時期。PKI提供的數(shù)字證書強身份認證和保護信息機密性已經不能滿足信息化發(fā)展的需求,提供復雜信息環(huán)境的授權管理成為一個新的研究目標�；赑KI的PMI作為一個基礎設施能夠與數(shù)字證書系統(tǒng)和目錄服務無縫結合,能夠有效的對認證用戶進行統(tǒng)一授權,是PKI的有效補充�；赑MI權限管理系統(tǒng)和基于PKI的數(shù)字證書認證系統(tǒng)有機結合,提出了將PKI/PMI應用到解決復雜應用認證和授權的模型。 針對權限管理問題,本文依據PMI理論提出了一套統(tǒng)一認證授權解決方案。統(tǒng)一認證授權平臺是一個能夠提供統(tǒng)一用戶管理、統(tǒng)一認證管理、統(tǒng)一授權管理以及單點登錄等多種服務的應用平臺。該平臺基于LDAP、PKI、PMI等安全協(xié)議,能向信息化系統(tǒng)提供統(tǒng)一高效的身份認證和權限管理服務,實現(xiàn)統(tǒng)一認證授權,通過數(shù)字證書和屬性證書規(guī)范認證和授權機制,并全程監(jiān)控審計認證和授權過程,規(guī)范了信息化建設安全基礎框架。本文基于PKI理論設計了一套適用于企業(yè)級的證書認證系統(tǒng),并對核心功能模塊進行了詳細的闡述�；赑KI/PMI框架,提出了授權管理系統(tǒng)的解決方案,對其中的原理機制和工作流程進行了詳細的說明。 平臺提供統(tǒng)一的用戶管理、數(shù)字證書服務、權限管理服務和單點登錄服務,能夠為政府、金融和企業(yè)安全合理的使用信息資源提供支持。該系統(tǒng)能夠在WEB、網絡資源的訪問控制方面廣泛的應用,系統(tǒng)致力于為應用系統(tǒng)提供安全方便靈活的認證和授權。平臺能夠廣泛地為我國電子政務和電子商務等行業(yè)用戶以及應用軟件開發(fā)商等提供一攬子的全面的認證授權管理解決方案。
[Abstract]:With the development of information technology, more and more attention has been paid to network security. As a new field of PKI development, authorization management has entered a period of rapid development. The strong identity authentication and protection of information confidentiality provided by PKI can no longer meet the needs of information development. It is a new research goal to provide authorization management in complex information environment. As an infrastructure, PMI based on PKI can seamlessly combine with digital certificate system and directory service, and can effectively authorize authenticated users. It is an effective supplement to PKI. Based on the combination of PMI privilege management system and digital certificate authentication system based on PKI, the model of applying PKI/PMI to solve the problem of authentication and authorization in complex applications is put forward. Aiming at the problem of authority management, this paper proposes a unified authentication and authorization solution based on PMI theory. Unified Authentication Authorization platform is an application platform which can provide unified user management, unified authentication management, unified authorization management and single sign-on. Based on LDAP,PKI,PMI and other security protocols, the platform can provide unified and efficient identity authentication and authority management services to information systems, realize unified authentication and authorization, and standardize authentication and authorization mechanisms through digital certificates and attribute certificates. And the whole process of monitoring audit certification and authorization, standardized information construction security infrastructure. Based on PKI theory, this paper designs a certificate authentication system for enterprise level, and describes the core function module in detail. Based on PKI/PMI framework, the solution of authorization management system is proposed, and the principle, mechanism and workflow are explained in detail. The platform provides unified user management, digital certificate services, rights management services and single sign-on services, which can provide support for the safe and rational use of information resources by governments, finance and enterprises. The system can be widely used in the access control of WEB, network resources. The system is dedicated to provide secure, convenient and flexible authentication and authorization for the application system. The platform can provide a comprehensive package of authentication and authorization management solutions for E-government and e-commerce industry users and application software developers.
【學位授予單位】：山東大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08;TP311.52

【參考文獻】

相關期刊論文 前7條

1 任棟,劉連忠;一種Web應用環(huán)境下安全單點登錄模型的設計[J];計算機工程與應用;2002年24期

2 譚強,黃蕾;PMI原理及實現(xiàn)初探[J];計算機工程;2002年08期

3 馬亞娜,錢煥延,孫亞民;用Cookie構建Web安全的實現(xiàn)[J];計算機工程;2002年11期

4 蔣亞麗,石峰;應用于Web訪問控制的PMI的一種構建方案[J];計算機應用研究;2004年08期

5 李晏睿,趙政;一種基于PKI/PMI的企業(yè)安全架構[J];計算機工程與設計;2003年12期

6 伍娟;;基于國密SM4和SM2的混合密碼算法研究與實現(xiàn)[J];軟件導刊;2013年08期

7 安繼芳,孫建華;密碼技術與電子商務[J];網絡安全技術與應用;2005年02期

，

本文編號：2287528