Construction scheme of trust system based on PMI technology

-----Authentication, Authorization, responsibility cognizance

Keywords: identity authentication authorization Management

Programme provider: Jida positive

Background Description:

With the continuous development of government information security work, the Network Trust system, as a basic work of information security system, has been paid more and more attention. China office issued the 2002 document 17th, "The establishment of e-government trust system to strengthen the key safety technology products research and development"; China Office issued 2003 27th document further emphasis on "Strengthening the information protection based on cryptography and the Construction of network Trust system" The 2006-Year National Letter Office 2nd documents the Trust system put forward a clear request, "improve key management infrastructure, make full use of password, access control and other technologies to protect e-government security, promote the interconnection of application systems and information sharing." , the National Password Authority 2007 2nd documents directly to promote the E-government Network Trust system to the height of information security infrastructure, put forward the overall planning requirements. Generally speaking, the construction of network Trust system mainly solves the following three key points and difficult problems:

1. Identity authentication issues. E-Government informatization of the application of a wide range of business systems identity authentication methods are various, but the overall existence of certification strength is not uniform, authentication mechanism is not unified, the need for a high intensity of identity authentication mechanism to unify users in the network identity of the uniqueness.

2. Authorization management issues. Because of the time of development of the business application system, the technical level of the developer and the problem of solving the business are all different, in the objective, it has created the decentralization and the unification of the authorization mode, as well as the unequal security intensity of the authorization management, which brings the difficulty to prevent the unauthorized access.

3. Responsibility cognizance problem. The responsibility cognizance involves afterwards tracing, the business Operation own authenticity, as well as the business data tamper-proof many aspects security question, needs the multi-directional multi-level technical means safeguard, the present method mostly has the security intensity insufficient question.

Solution:

Jida is a long-term commitment to the study of information security technology, through long-term project experience to develop a set of PMI technology based on the Network Trust System solution, through the certification, authorization, responsibility identification related to the integration of security technology to "Trinity" The way directly satisfies the government to the information to the network Trust system the demand, has solved the construction process the key and the difficult question.

1. Through the PKI system for all users of the application system to issue the network identity, because the system has a high intensity of asymmetric cryptography and digital certificate technology, so that the security and uniqueness of user network identity has been guaranteed, while the centralized authentication service technology for the integration of business applications provides the door.

2. Through the user authorization service, provides the centralized authorization management platform for all business application system, unifies and is compatible the different service authorization management pattern, simultaneously through uses the PMI the structure, relies on the attribute certificate the technology, enhances the authority the security intensity.

3. Through the certificate Behavior Audit and signature service, the author makes a macroscopic statistic analysis of the user's access behavior from the view of the whole, and at the same time from the microscopic business operation behavior itself to tamper-proof and so on.

Scenario Architecture diagram

Programme advantages:

Jida Positive Yuan Corporation Network Trust system construction scheme based on PMI technology has the following advantages in the process of solving government information security problem:

1. Rely on high strength safety technology. PKI and PMI technology are both international and domestic information security in the field of the highest security intensity of the technology, Jida positive yuan is the technology in the field of the most technical reserves of one of the companies, engaged in solving the problem of up to hundreds of projects, has a wealth of engineering experience.

2. "Trinity" of the Integrated Trust system. Through the integration of a variety of security technologies, the scheme covers identity authentication, authorization management, and responsibility identification at various levels, providing a holistic solution for information security assurance.

3. Multi-level responsibility identification mechanism. In addition to the integrated solution, in the resolution of specific problems, for managers and application systems to provide different levels of responsibility identification technology and means to facilitate the leader from different granularity of responsibility identification management.