發(fā)布時(shí)間：2018-08-07 11:31

【摘要】：在高度依靠網(wǎng)絡(luò)提供各項(xiàng)社會(huì)化公共服務(wù)的今天,網(wǎng)絡(luò)滲透到我們每一個(gè)人的身邊,而網(wǎng)絡(luò)參與者也呈現(xiàn)多樣化,且其目的也各不相同,因此網(wǎng)絡(luò)安全已成為網(wǎng)絡(luò)應(yīng)用中的首要問題。一般性的非國家安全的社會(huì)化網(wǎng)絡(luò)應(yīng)用,已經(jīng)摒棄了物理隔離專網(wǎng)的建設(shè)模式,采用的是以internet網(wǎng)絡(luò)為基礎(chǔ)的數(shù)據(jù)傳輸,基于此,就對(duì)網(wǎng)絡(luò)安全傳輸提出了高標(biāo)準(zhǔn)新要求,要求在確保數(shù)據(jù)傳輸萬無一失的情況下,加大網(wǎng)絡(luò)傳遞的涉及面,例如安全性、易推廣、成本低等方面。近年來,我國居民社會(huì)醫(yī)療保險(xiǎn)事業(yè)蓬勃發(fā)展,從一線城市,發(fā)展到二三線城市,將來還要覆蓋廣大農(nóng)村人口,實(shí)現(xiàn)全覆蓋的目標(biāo)。社會(huì)醫(yī)保運(yùn)行的重要載體就是居民醫(yī)�？�,最初的集中制卡模式已不能滿足快速增長的辦卡用卡需求。居民醫(yī)保卡將采用遠(yuǎn)程發(fā)卡模式,必然對(duì)醫(yī)�？ǖ拿荑�傳輸管理系統(tǒng)提出更高的安全要求。通過對(duì)現(xiàn)有各類網(wǎng)絡(luò)安全傳輸?shù)纳钊胙芯?提出了以硬件加密為基礎(chǔ)的安全傳輸系統(tǒng)設(shè)計(jì)思路,通過自主研發(fā)的一款集成國密算法的純國產(chǎn)加密芯片設(shè)計(jì)一套安全傳輸密鑰管理系統(tǒng),對(duì)網(wǎng)絡(luò)上傳輸?shù)臄?shù)據(jù)進(jìn)行加密保護(hù),可以有效防止數(shù)據(jù)泄露,保護(hù)數(shù)據(jù)的完整性,防止被非法篡改。文章首先從整體架構(gòu)上介紹了密鑰安全傳輸管理系統(tǒng),并詳細(xì)描述其工作流程;然后從身份認(rèn)證功能模塊介紹了數(shù)字證書申請(qǐng)、數(shù)字認(rèn)證、數(shù)字證書更新及數(shù)字證書銷毀;接著從數(shù)據(jù)加解密功能模塊介紹了數(shù)據(jù)包的安全傳輸、加解密密鑰的安全傳輸及兩者相結(jié)合數(shù)字信封的安全傳輸;最后從接口通信協(xié)議、網(wǎng)絡(luò)配置、數(shù)據(jù)庫配置和身份認(rèn)證各功能實(shí)現(xiàn)方面詳細(xì)闡述了系統(tǒng)的安全傳輸實(shí)現(xiàn)。基于居民醫(yī)�？ǖ拿荑�安全傳輸管理系統(tǒng)是以硬件加密芯片為核心,通過綜合利用國密算法SM1、SM2和SM3,實(shí)現(xiàn)對(duì)網(wǎng)絡(luò)傳輸數(shù)據(jù)的機(jī)密性保護(hù)、完整性保護(hù)和防篡改保護(hù)。所以,在國密算法大力推行的今天,居民醫(yī)�？荑�安全傳輸管理系統(tǒng)打造出了一個(gè)新的基于硬件底層加密安全傳輸?shù)姆桨?該方案不但為低成本高保密性提供了新的研究方向,而且還為其他領(lǐng)域的網(wǎng)絡(luò)安全傳輸提供了新的應(yīng)用空間。
[Abstract]:Today, when we are highly dependent on the Internet for all kinds of social public services, the network permeates every one of us, and the network participants are diversified and have different purposes. Therefore, network security has become the most important problem in network application. The general application of non-state security social network has abandoned the construction mode of physical isolation private network and adopted the data transmission based on internet network. Based on this, high standard new requirements for network security transmission have been put forward. In order to ensure that data transmission is foolproof, it is necessary to increase the coverage of network transmission, such as security, easy promotion, low cost and so on. In recent years, the social medical insurance of residents in our country has developed rapidly, from the first-tier cities to the second-third-tier cities. In the future, the vast rural population will be covered and the goal of full coverage will be realized. The important carrier of social medical insurance operation is resident medical insurance card. The initial centralized business card printing mode can no longer meet the rapidly increasing demand for business card. The resident medical insurance card will adopt the mode of remote card issuing, which is bound to put forward higher security requirements to the key transmission management system of the medical insurance card. Based on the deep research of all kinds of network security transmission, the design idea of secure transmission system based on hardware encryption is put forward. A set of secure transmission key management system is designed through a home-made encryption chip which integrates national secret algorithm, which can effectively prevent data leakage and protect the integrity of data by encrypting and protecting the data transmitted on the network. Prevent illegal tampering. This paper first introduces the key security transmission management system from the whole architecture, and describes its workflow in detail, then introduces the digital certificate application, digital authentication, digital certificate update and digital certificate destruction from the identity authentication function module. Then it introduces the secure transmission of data packets, the secure transmission of encryption and decryption keys and the secure transmission of digital envelopes combined with them from the function module of data encryption and decryption. The realization of secure transmission of the system is described in detail in the aspects of database configuration and identity authentication. The key security transmission management system based on the resident medical insurance card is based on the hardware encryption chip, and realizes the confidentiality protection, integrity protection and tamper-proof protection of the network transmission data through the comprehensive use of the national secret algorithms SM1, SM2 and SM3. Therefore, today, with the implementation of the Guochou secret algorithm, a new scheme based on hardware underlying encryption and security transmission has been created in the residential health insurance card key security transmission management system. This scheme not only provides a new research direction for low cost and high confidentiality, but also provides a new application space for network security transmission in other fields.
【學(xué)位授予單位】：北京工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP311.52;TN918.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 鄭化浦;劉帥;;SSL VPN網(wǎng)絡(luò)安全關(guān)鍵技術(shù)研究[J];河南城建學(xué)院學(xué)報(bào);2013年04期

2 席榮榮;云曉春;金舒原;張永錚;;網(wǎng)絡(luò)安全態(tài)勢(shì)感知研究綜述[J];計(jì)算機(jī)應(yīng)用;2012年01期

，

本文編號(hào)：2169884