【作者】 周晓斌；

【导师】 张凌；

【作者基本信息】 华南理工大学 ， 计算机应用技术， 2012， 博士

【摘要】 随着电子政务的不断发展和深入应用，政府公共服务、公共事务管理和内部运行都越来越离不开电子政务信息系统的支持。然而，电子政务在带来各种便捷和效率的同时，也带来了伴随信息技术而共生的信息安全问题，这其中身份安全是信息安全的一个重要组成部分。电子政务信息系统需要为广大的社会公众、中介机构、政府服务人员和管理人员等各种类型的用户提供信息服务，各部门之间业务协调和信息交换的需求，也促使各部门的信息系统必须是开放互联的，需要基于互联网提供服务，因此如何构建一套基于互联网服务和开放互联的电子认证基础设施，为跨部门之间的用户、跨互联网环境的用户提供统一的、安全的、可信的电子认证服务，是当前电子政务信息安全急需解决的一个重要命题。本文针对目前电子政务电子认证存在的一些关键技术问题进行了较为深入的研究，重点解决开放式身份认证、资源共享的身份安全、电子认证互操作、网络身份管理的联盟体系架构等问题，具体研究内容如下：1.基于开放式认证的网络身份认证模型设计与实现针对开放互联的电子政务网络环境所带来的身份认证安全问题，本文提出了一种适合于电子政务的开放的、高效、安全的网络身份认证模型，可有效解决当前身份认证模型的信任度缺陷问题，采用串空间的形式化方法对该模型进行了安全性证明，对该模型进行了技术实现，并通过实验证明了该模型的计算性能可满足应用需求。2.基于电子认证的资源共享模型设计与实现在电子政务的推进过程中，信息和业务资源的安全共享机制是当前的主要问题。本文提出了一种基于电子认证的资源共享模型，采用PKI技术体系扩展了OAUTH身份认证协议，该模型相对传统的电子政务信息资源共享模型，各部门之间的系统耦合度较低，用户授权更加安全便捷，资源共享的颗粒度和灵活性得到提高。本文采用串空间的形式化方法对该模型进行了安全性证明，对该模型进行了技术实现，通过实验进行模型验证。3.基于中间件的电子认证互操作性研究互操作性是作为基础设施的系统必须具有的能力。本文提出了一种电子认证互操作的体系框架，重点解决PKI系统内部的互操作问题、不同PKI系统间互联时的互操作问题、不同PKI应用间的互操作问题，并基于该框架进行了技术实现，设计了一种安全中间件为电子政务应用系统提供垮CA的互操作服务，并同时在实际应用进行了实验验证。4.电子认证联合服务体系架构研究与设计本文针对网络身份管理的联盟体系的信息系统模型进行了简要分析，并结合电子政务网络身份管理的需求，提出了一种基于OITF框架的跨多域的PKI网络身份联合认证的模型，提出了多层级身份认证机制的统一身份认证框架，在开放多域环境下，身份服务提供者与应用方实现完全松耦合，可应用于电子政务联合身份认证服务，并通过原型系统进行了试验验证。更多还原

【Abstract】 The information system for E-Government should provide the information for all typesof users such as the general public, the agency, the government employee and administrativestaff. The demands for the coordination and information interchange across the differentdepartments also require that the information system of all the departments should be openand interactive, and should provide services based on internet. So it is a very importantproposition to be solved urgently at present by the information security of e-government thathow to build a set of internet based service providing, open and interactive electronicauthentication infrastructure, which can provide unified, safe, and reliable electronicauthentication service for cross-sector and cross internet environment users. The paper givesintensive study of some existing key technical problems in the information security ofe-government. It focuses on solutions to open authentication, identity authentication securitywhile sharing global resources, electronic authentication interoperability, and network identitymanagement architecture. The specific research contents are as follows:1.Design and realization of network identity authentication model based on openauthenticationThis paper investigates the identity authentication security problem brought about byopen and interactive e-government environment and presents an open, efficient, and safenetwork identity authentication model which is suitable for e-government, and can solve thecredibility defect problem in current identity authentication model. It demonstrates thesecurity of the model by a formal method of strand space, gives preliminary technologyrealization of the model, and proves by experiment this model’s computing performance canmeet specific application demand.2.Design and realization of resource sharing model based on electronic authenticationSecurity mechanism for sharing information and resource is a major problem in thecourse of development of e-government. This paper presents a resource sharing model basedon electronic authentication, which extends OAUTH identity authentication protocol by usingPKI technical system. It proves the security of the model by a formal method of strand space,gives preliminary technology realization of the model.3.Research on the interoperability of identity authentication based on midwareInteroperability is a very important ability for the identity authentication. This paperanalyzes the main problem of PKI/CA interoperability existing in the current models,andbrings forward a new framework model based on Common Data Security Architecture （CDSA）to solve the above problem. Experiment shows that the new framework model ispractical and effective, which can be designed into a midware.4.Research on the framework of the Federation identity authenticationThe paper analyses the the framework of the Federation identity authentication, andaccording to the requirement of the network identiy administration for e-government, thepaper provides a new model of federation identity authentication based on Open identityexchange framework, which could be applied in multi-domains e-government network.更多还原