基于J2EE与OpenSSL的物流系统安全性研究及实现
摘要
当前的物流行业发展十分迅速,我国的物流公司也在全社会的需求中得以壮大,随着人们对于物流行业的认可与期待,物流企业要进一步加强自身的业务能力,竞争力。这点在国内的中小公司中尤为重要,物流信息化,物流信息系统的采用已经成为现代物流行业的标志,然而有信息的地方,就会有信息安全问题,这里也不例外。
物流信息安全的保障为维持物流业务正常工作的信息系统提出了更高的要求,简单的口令认证方式已不足以满足物流公司的需求,带有身份认证的系统成为开发使用的目标。然而这类软件大多由国外大型软件公司所开发,其功能往往过于庞大冗余,价格更是高企不下,本文就从这个角度出发,提出了基于开源技术的物流信息系统。
为了实现在传统信息系统中引入PKI身份认证体系,本文首先论述PKI体系结构的基处密码学理论,讨论比较了现有加密机制。随后研究了数据安全传输的关键技术SSL通信协议。在对PKI公钥基础设施介绍后转而讨论研究了上述理论的实现技术:OpenSSL开源组件与信息系统的构成开发技术Java平台。
随后对于物流信息系统分模块进行分析以及设计,其中重点在于其安全模块。并针对物流系统的特点,为系统引入USB E-KEY电子钥匙作为身份认证的关键,也是保存数字证书与用户私钥的载体。最后,根据前述分析给出信息系统的实现方法,以及安全身份认证的实现过程。
With the rapid development of the world logistics industry and the demand of the whole world, Chinese logistics companies have progressed a lot recently. And the logistics corporation should improve there business management ability while people are asking for more service. Information system's application is becoming the basic standard in the logistics industry; however, the information security problems have appeared.
The logistics information security guarantee needs the normal logistics information system to do more, which is responsible for the daily business of the logistics service flow. The simple authentication which is using the old password is not capable for the modern logistic company's demands. Information system with strict identity authentication function is becoming the new object whether in system development or software application. With the fact that such information system is always produced by huge foreign software companies and always prices high, the small companies need the system too but they can afford much less. This is the basic purpose of this paper which support a logistics information system with identity authentication function developed by open source techniques.
This paper is focusing on the logistics information system which introduces the PKI hierarchy into the system. Cryptology theory is the basement of the PKI system and is the first preparation of the information system construction. After the comparison of the most popular encrypts arithmetic, we start to learn the key technique of the security data transmission: SSL protocol. The last part of the theory study is OpenSSL software and java technique which are the mainly part of the system development.
The next part of the paper is the analyzing and structure design of the logistic information system. where information security is the most important part. At the end of this paper, we provide the implement of the logistics information system and the progress of the identity authentication.
物流信息安全的保障为维持物流业务正常工作的信息系统提出了更高的要求,简单的口令认证方式已不足以满足物流公司的需求,带有身份认证的系统成为开发使用的目标。然而这类软件大多由国外大型软件公司所开发,其功能往往过于庞大冗余,价格更是高企不下,本文就从这个角度出发,提出了基于开源技术的物流信息系统。
为了实现在传统信息系统中引入PKI身份认证体系,本文首先论述PKI体系结构的基处密码学理论,讨论比较了现有加密机制。随后研究了数据安全传输的关键技术SSL通信协议。在对PKI公钥基础设施介绍后转而讨论研究了上述理论的实现技术:OpenSSL开源组件与信息系统的构成开发技术Java平台。
随后对于物流信息系统分模块进行分析以及设计,其中重点在于其安全模块。并针对物流系统的特点,为系统引入USB E-KEY电子钥匙作为身份认证的关键,也是保存数字证书与用户私钥的载体。最后,根据前述分析给出信息系统的实现方法,以及安全身份认证的实现过程。
With the rapid development of the world logistics industry and the demand of the whole world, Chinese logistics companies have progressed a lot recently. And the logistics corporation should improve there business management ability while people are asking for more service. Information system's application is becoming the basic standard in the logistics industry; however, the information security problems have appeared.
The logistics information security guarantee needs the normal logistics information system to do more, which is responsible for the daily business of the logistics service flow. The simple authentication which is using the old password is not capable for the modern logistic company's demands. Information system with strict identity authentication function is becoming the new object whether in system development or software application. With the fact that such information system is always produced by huge foreign software companies and always prices high, the small companies need the system too but they can afford much less. This is the basic purpose of this paper which support a logistics information system with identity authentication function developed by open source techniques.
This paper is focusing on the logistics information system which introduces the PKI hierarchy into the system. Cryptology theory is the basement of the PKI system and is the first preparation of the information system construction. After the comparison of the most popular encrypts arithmetic, we start to learn the key technique of the security data transmission: SSL protocol. The last part of the theory study is OpenSSL software and java technique which are the mainly part of the system development.
The next part of the paper is the analyzing and structure design of the logistic information system. where information security is the most important part. At the end of this paper, we provide the implement of the logistics information system and the progress of the identity authentication.
引文
[1]宁宇鹏,陈昕等.PKI技术.机械工业出版社.2004
[2]蔡皖东.网络与信息安全网络与信息安全.西北工业大学出版社.2004
[3]周明全,吕林涛,李军怀.网络信息安全技术.西安电子科技大学出版社.2003
[4]祝凌曦.电子商务安全.清华大学出版社.2006
[5]张铎,周建勤.电子商务物流管理.高等教育出版社.2002
[6]李日保.现代物流信息化.经济管理出版社.2005
[7]杨霞芳,吴华,杨晟.现代物流技术.上海财经大学出版社.2004
[8]AWillialnStallings.密码编码学与网络安全原理与实践.北京电子工业出版社,2001
[9]Biham,Elia,Shamir,Adi.Differential Cryptanalysis of the Data EneryPtion Standard.SPringerVerlag.2001
[10]吴亚非.中国PKI论坛推动PKI产业发展.信息网络安全.2002
[11]秦明森,王方智.实用物流技术.北京:中国物资出版社.1991
[12]张文杰.现代综合物流管理.北京:电子工业出版社.2000
[13]Kaufman,Radia,Mike.NetworkSeeurity.Private Communieationin.PublieWorld.PrentieeHall.2000
[14]戴维J,克劳斯著,林国龙等译.物流管理供应链过程的一体化.机械工业出版社.1999
[15]潘锦基,周良,丁秋林.基于J2EE的物流信息系统的设计与实现.计算机工程与应用.2003
[16]王腾,聂瑞华.面向对象技术在物流信息系统中的应用.株洲工学院学报,2003
[17]英WenboMao著,王继林,任前红译.现化密码学理论与实践.北京:电子工业出版社.2004.
[18]樊康丰,林东.网络信息安全&PGP加密.北京:清华大学出版社.1998.
[19]Bruce Schneier著,吴世忠,祝世雄,张文政等译.应用密码学.北京:北京机械工业出版社.2000
[20]美MohanAtroya等著,贺军等译.数字签名.北京:清华大学出版社.2003
[21]赵小林等.网络安全与技术教程.北京:国防工业出版社.2002
[22]张雪.加密与解密一软件保护技术及完全解决方案.北京:电子工业出版社.2001
[23]李仁发,喻飞,朱森良等.计算机网络安全.北京:希望出版社.2004
[24]冯登国.国内外密码学研究现状及发展趋势.通信学报.2002
[25]D1ffie,Whitfield,Landau.PrivacyontheLine.MITPress.2001
[26]谢冬青,冷健编著.PKI原理与技术.北京:清华大学出版社.2003
[27]PKI技术研究及其客户端实现.http://flnd.ssreader.com/
[28]Biharn,Elia,Shamir.Differential Crytanalysis of the Data Eneryption Standard.SPringerVerlag.2000
[29]张晓东.JAVA数据库高级教程.北京:清华大学出版社.2004
[30]张宗成.现代物流信息化.广州中山大学出版社.2001
[31]张晓平,颜永年.现代生产物流及仿真.清华大学出版社.1998
[32]赵刚.物流信息系统.成都:四川人民出版社.2002
[33]菊池康也著,丁立言译.物流管理北京:清华大学出版社.1999
[34]薛华成.管理信息系统(第三版).清华大学出版社.1999
[35]GilGuti6rrez,AlofnsoDuran,Inofrmation technology in logistics,aSPanishPersPective.Logistics Inofrmation Management.1997
[36]何发智,物流管理信息系统,北京:人民交通出版社,2003
[37]全国电子信息系统推广办公室.DEI与电子商务.北京:清华大学出版社.2000
[38]JohnFHill,Monitoring inofmration and material stoen hance logistics Peorfrmance.Logistics Inofrmation Management.1996
[39]葛世伦,代逸生.企业管理信息系统的开发理论和方法.清华大学出版社.1998
[40]徐敏,黎剑兵,雷震甲.物流企业管理信息系统解决方案.计算机工程.2002
[41]GeneralMeetingLogisticsandInofrmation,Otolayrngology.HeadandneckSurgeyr.1999
[42]中国物流业如何做大做强.经济日报.2004
[43].Taniguchi,MNoritake,etc.OPtimalsize and location Planning of Public logistics terminals.Transportation Research part E.35(1999)
[44]侯景雷.物流信息系统与物流管理综合运输.2004(5)
[45]张志强.物流信息系统的发展动态中国储运.2004(3)
[46]李玉磊.企业现代物流信息化管理探讨市场研究.2004(4)
[47]陈柳钦,宾建成.构筑现代物流信息管理系统.中外科技信息.2003(3)
[48]李中献,詹榜华,杨义先.认证理论与技术的发展.电子学报.1999
[2]蔡皖东.网络与信息安全网络与信息安全.西北工业大学出版社.2004
[3]周明全,吕林涛,李军怀.网络信息安全技术.西安电子科技大学出版社.2003
[4]祝凌曦.电子商务安全.清华大学出版社.2006
[5]张铎,周建勤.电子商务物流管理.高等教育出版社.2002
[6]李日保.现代物流信息化.经济管理出版社.2005
[7]杨霞芳,吴华,杨晟.现代物流技术.上海财经大学出版社.2004
[8]AWillialnStallings.密码编码学与网络安全原理与实践.北京电子工业出版社,2001
[9]Biham,Elia,Shamir,Adi.Differential Cryptanalysis of the Data EneryPtion Standard.SPringerVerlag.2001
[10]吴亚非.中国PKI论坛推动PKI产业发展.信息网络安全.2002
[11]秦明森,王方智.实用物流技术.北京:中国物资出版社.1991
[12]张文杰.现代综合物流管理.北京:电子工业出版社.2000
[13]Kaufman,Radia,Mike.NetworkSeeurity.Private Communieationin.PublieWorld.PrentieeHall.2000
[14]戴维J,克劳斯著,林国龙等译.物流管理供应链过程的一体化.机械工业出版社.1999
[15]潘锦基,周良,丁秋林.基于J2EE的物流信息系统的设计与实现.计算机工程与应用.2003
[16]王腾,聂瑞华.面向对象技术在物流信息系统中的应用.株洲工学院学报,2003
[17]英WenboMao著,王继林,任前红译.现化密码学理论与实践.北京:电子工业出版社.2004.
[18]樊康丰,林东.网络信息安全&PGP加密.北京:清华大学出版社.1998.
[19]Bruce Schneier著,吴世忠,祝世雄,张文政等译.应用密码学.北京:北京机械工业出版社.2000
[20]美MohanAtroya等著,贺军等译.数字签名.北京:清华大学出版社.2003
[21]赵小林等.网络安全与技术教程.北京:国防工业出版社.2002
[22]张雪.加密与解密一软件保护技术及完全解决方案.北京:电子工业出版社.2001
[23]李仁发,喻飞,朱森良等.计算机网络安全.北京:希望出版社.2004
[24]冯登国.国内外密码学研究现状及发展趋势.通信学报.2002
[25]D1ffie,Whitfield,Landau.PrivacyontheLine.MITPress.2001
[26]谢冬青,冷健编著.PKI原理与技术.北京:清华大学出版社.2003
[27]PKI技术研究及其客户端实现.http://flnd.ssreader.com/
[28]Biharn,Elia,Shamir.Differential Crytanalysis of the Data Eneryption Standard.SPringerVerlag.2000
[29]张晓东.JAVA数据库高级教程.北京:清华大学出版社.2004
[30]张宗成.现代物流信息化.广州中山大学出版社.2001
[31]张晓平,颜永年.现代生产物流及仿真.清华大学出版社.1998
[32]赵刚.物流信息系统.成都:四川人民出版社.2002
[33]菊池康也著,丁立言译.物流管理北京:清华大学出版社.1999
[34]薛华成.管理信息系统(第三版).清华大学出版社.1999
[35]GilGuti6rrez,AlofnsoDuran,Inofrmation technology in logistics,aSPanishPersPective.Logistics Inofrmation Management.1997
[36]何发智,物流管理信息系统,北京:人民交通出版社,2003
[37]全国电子信息系统推广办公室.DEI与电子商务.北京:清华大学出版社.2000
[38]JohnFHill,Monitoring inofmration and material stoen hance logistics Peorfrmance.Logistics Inofrmation Management.1996
[39]葛世伦,代逸生.企业管理信息系统的开发理论和方法.清华大学出版社.1998
[40]徐敏,黎剑兵,雷震甲.物流企业管理信息系统解决方案.计算机工程.2002
[41]GeneralMeetingLogisticsandInofrmation,Otolayrngology.HeadandneckSurgeyr.1999
[42]中国物流业如何做大做强.经济日报.2004
[43].Taniguchi,MNoritake,etc.OPtimalsize and location Planning of Public logistics terminals.Transportation Research part E.35(1999)
[44]侯景雷.物流信息系统与物流管理综合运输.2004(5)
[45]张志强.物流信息系统的发展动态中国储运.2004(3)
[46]李玉磊.企业现代物流信息化管理探讨市场研究.2004(4)
[47]陈柳钦,宾建成.构筑现代物流信息管理系统.中外科技信息.2003(3)
[48]李中献,詹榜华,杨义先.认证理论与技术的发展.电子学报.1999
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |