基于数字证书的身份验证与授权系统构建
摘要随着互联网技术的快速发展、信息化水平的不断提高,电子政务和电子商务作为一种全新的沟通方式得到了广泛的应用。这极大地推动了整个社会信息化的进程,但是它的安全问题却成为一个日益严重的现实问题。64934
本课题研究的对象是构建一个完整的身份认证与授权系统。该系统基于PKI公钥基础设施技术,采用独立的CA中心管理数字证书,完成用户电子身份的授权和管理。使用数字证书代表用户电子身份,通过在用户访问和登陆系统时,检测用户数字证书的有效性,保证用户的电子身份与物理身份一致,实现对用户的身份验证。
本文通过构建自己的CA中心,完成数字证书的申请、颁发和吊销功能,实现身份的授权和管理。另外,通过实现一个基于SSL协议的双向认证网站,保证用户必须通过数字证书访问网站,而且登陆时对数字证书信息进行检测,进一步实现对用户身份的认证,最终实现了这个身份认证和授权的系统。
毕业论文关键词 数字证书 身份认证和授权 公钥基础设施 信息安全
毕业设计说明书(论文)外文摘要
Title An Authentication and Authorization System build on Digital Certificate
Abstract
With the rapid development of Internet Technology and the unceasing enhancement of informatization, e-government and e-commerce as the new means of communication has been widely used. This has greatly promoted the whole process of social informatization, but its security problem has become increasingly serious.
The target of this research is to build a complete identity authenticating and authorizing system. This System is based on the PKI (public key infrastructure) technology, managing the digital certificate through independent CA center, and finally accomplishing the management and authorization of the digital identity. The System automatically detects the validity of the digital certificate that the users provide while they are logging on, this guarantees that the digital identity and the physical one are consistent, this is the way how it works when authenticating.
This paper realizes the digital certificate application, issuance and revocation by building an inpidual CA center. In addition, with a Two-way authentication website, which is based on the SSL protocol, ensure that users must be accessed via a digital certificate visit, and validating the certification information during logging on this system. Doing that the certificate information can be well detected, and the authentication of the identity can be strengthened. Eventually, the whole system has accomplished.
Keywords Digital Certificate Authentication and Authorization Public Key Infrastructure Information Security
目 次
1 引言(或绪论) 1
2 课题背景 2
2.1 公钥基础设施 2
2.2 数字证书 3
2.3 HTTPS通信协议 4
3 系统设计 5
3.1、CA中心 5
3.2、Web网站(人事管理系统) 6
4 具体实现 6
4.1 CA中心的构建 6
4.1.1、安装证书服务功能 6
4.1.2、使用证书服务 8
4.2 SSL服务器的搭建