公钥基础设施的高校电子政务安全研究

为了解决高校电子政务中的身份认证、访问控制、信息安全等安全问题，提出了一种基于公钥基础设施（PKI）核心技术的高校电子政务模型．该模型采用桥认证（CA）结构建立PKI信任机制，在各部门内部使用分级的CA认证，各部门之间通过中心CA进行桥接CA交叉认证；采用轻量目录访问协议（LDAP）建立PKI证书库，以目录复制（Replica）实现CA对主从LDAP的数据一致性，提高使用者的身份有效认证．该模型还采用角色及权限访问控制（RBAC）进行用户合法安全访问控制，在用户和访问权限之间引人角色，用户通过角色分配的权限来访问系统资源．此模型在实践中得以验证，符合安全要求．

Research of security university E-government based on public key infrastructure

A model based on the core technology in the public key infrastructure （PKI） was introduced to resolve the safety problems in the E-government affairs of colleges and universities, such as identity authentication, access control and information safety. A PKI trust mechanism was established by using the bridge certificate authentication （CA）, a hierarchical CA in every internal department and the bridge CA to cross authentication between various departments through a center CA were used. A PKI certificate base was established by using the lightweight directory access protocol （LDAP）, which used directory replication to realize master-slave LDAP data consistency, so the availability of identity authentication of users was enhanced. The legal safety access of users was controlled by using role based access control （RBAC）, the role between the user and the access was introduced , then the user accessed system resources through the permissions granted to the roles. The model is proved in practice according to the safety requests and is useful for the development of the E-government affairs of colleges and universities.