基于PMI的统一认证授权研究与实现

发布时间：2018-10-22 15:19

【摘要】：随着信息化发展,网络安全越来越被重视,授权管理作为PKI发展的新领域进入了快速发展的时期。PKI提供的数字证书强身份认证和保护信息机密性已经不能满足信息化发展的需求,提供复杂信息环境的授权管理成为一个新的研究目标。基于PKI的PMI作为一个基础设施能够与数字证书系统和目录服务无缝结合,能够有效的对认证用户进行统一授权,是PKI的有效补充。基于PMI权限管理系统和基于PKI的数字证书认证系统有机结合,提出了将PKI/PMI应用到解决复杂应用认证和授权的模型。针对权限管理问题,本文依据PMI理论提出了一套统一认证授权解决方案。统一认证授权平台是一个能够提供统一用户管理、统一认证管理、统一授权管理以及单点登录等多种服务的应用平台。该平台基于LDAP、PKI、PMI等安全协议,能向信息化系统提供统一高效的身份认证和权限管理服务,实现统一认证授权,通过数字证书和属性证书规范认证和授权机制,并全程监控审计认证和授权过程,规范了信息化建设安全基础框架。本文基于PKI理论设计了一套适用于企业级的证书认证系统,并对核心功能模块进行了详细的阐述。基于PKI/PMI框架,提出了授权管理系统的解决方案,对其中的原理机制和工作流程进行了详细的说明。平台提供统一的用户管理、数字证书服务、权限管理服务和单点登录服务,能够为政府、金融和企业安全合理的使用信息资源提供支持。该系统能够在WEB、网络资源的访问控制方面广泛的应用,系统致力于为应用系统提供安全方便灵活的认证和授权。平台能够广泛地为我国电子政务和电子商务等行业用户以及应用软件开发商等提供一揽子的全面的认证授权管理解决方案。
[Abstract]:With the development of information technology, more and more attention has been paid to network security. As a new field of PKI development, authorization management has entered a period of rapid development. The strong identity authentication and protection of information confidentiality provided by PKI can no longer meet the needs of information development. It is a new research goal to provide authorization management in complex information environment. As an infrastructure, PMI based on PKI can seamlessly combine with digital certificate system and directory service, and can effectively authorize authenticated users. It is an effective supplement to PKI. Based on the combination of PMI privilege management system and digital certificate authentication system based on PKI, the model of applying PKI/PMI to solve the problem of authentication and authorization in complex applications is put forward. Aiming at the problem of authority management, this paper proposes a unified authentication and authorization solution based on PMI theory. Unified Authentication Authorization platform is an application platform which can provide unified user management, unified authentication management, unified authorization management and single sign-on. Based on LDAP,PKI,PMI and other security protocols, the platform can provide unified and efficient identity authentication and authority management services to information systems, realize unified authentication and authorization, and standardize authentication and authorization mechanisms through digital certificates and attribute certificates. And the whole process of monitoring audit certification and authorization, standardized information construction security infrastructure. Based on PKI theory, this paper designs a certificate authentication system for enterprise level, and describes the core function module in detail. Based on PKI/PMI framework, the solution of authorization management system is proposed, and the principle, mechanism and workflow are explained in detail. The platform provides unified user management, digital certificate services, rights management services and single sign-on services, which can provide support for the safe and rational use of information resources by governments, finance and enterprises. The system can be widely used in the access control of WEB, network resources. The system is dedicated to provide secure, convenient and flexible authentication and authorization for the application system. The platform can provide a comprehensive package of authentication and authorization management solutions for E-government and e-commerce industry users and application software developers.
【学位授予单位】：山东大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.52

【参考文献】