一种基于PKI的密钥

Internet key exchange (IKE) is an automated key exchange mechanism that is used to facilitate the transfer of IPSec security associations (SAs). Public key infrastructure (PKI) is considered as a key element for providing security to new distributed communication networks and services. In this paper, we concentrate on the properties of the protocol of Phase 1 IKE. After investigating IKE protocol and PKI technology, we combine IKE protocol and PKI and present an implementation scheme of the IKE based on PKI. Then, we give a logic analysis of the proposed protocol with the BAN-logic and discuss the security of the protocol. The result indicates that the protocol is correct and satisfies the security requirements of Internet key exchange.     

Credibility and Security of Weighing System for Large Structure Object

The weighing system designed for large structure object is mainly composed of three parts. The part of hydraulic system is made up of hydraulic cylinders, high pressure hydraulic hoses and electric pumps; the part of computer controlling system comprises pressure sensors, displacement sensors, data acquisitions, RS 485 network and the computer controlling model; the part of loading system is composed of the fulcrum structure and the concrete girder. The measurement principle and composition of the weighing system are discussed in this paper. Credibility and security of the weighing system are fully considered during the design phase. The hydraulic system is controlled by pilot operated check valves in case of the sudden loss of system pressure. The states of all gauges and RS485 network are monitored by computer controlling system functioning in different modules. When the system is running incorrectly, it will be switched to manual mode and give alarm. The finite element method is employed to analyze fulcrum structure so that the system has enough intensity to be lifted. Hence the reliability of the whole system is enhanced.     

Security and privacy threats in RFID traceability network

To address security and privacy issues in radio frequency identification (RFID) traceability networks, a multi-layer privacy and security framework is proposed, which includes four facets: a security model, a communication protocol, access permission and privacy preservation. According to the security requirements that are needed in an RFID system, a security model that incorporates security requirements that include privacy of tag data, privacy of ownership, and availability of tag identity is introduced. Using this model, a secure communication protocol that can be used for anti-counterfeiting, automatic identification and privacy preservation is then developed. In order to manage the number of parties, data records of items, and complicated transitions of access permissions in an item-level traceability context, a well-designed access control protocol is proposed to parties that can prove the physical possession of an item;meanwhile, to address the privacy issues during data sharing in an RFID network, a vision of database systems that take responsibility for the privacy of the data they manage is also presented.     

Multiple hashes of single key with passcode for multiple accounts

A human's e-life needs multiple offline and online accounts. It is a balance between usability and security to set keys or passwords for these multiple accounts. Password reuse has to be avoided due to the domino effect of malicious administrators and crackers. However,human memorability constrains the number of keys. Single sign-on server,key hashing,key strengthening and petname system are used in the prior arts to use only one key for multiple online accounts. The unique site keys are derived from the common master secret and specific domain name. These methods cannot be applied to offline accounts such as file encryption. We invent a new method and system applicable to offline and online accounts. It does not depend on HTTP server and domain name,but numeric 4-digit passcode,key hashing,key strengthening and hash truncation. Domain name is only needed to resist spoofing and phishing attacks of online accounts.     

Hierarchical self-localization of underwater wireless sensor network nodes

The follow-up application of underwater wireless sensor network is influenced by accuracy of self-localization of nodes. The self-localization of nodes is discussed in this paper. First of all, nodes of underwater wireless sensor network are classified into several levels according to the accuracy of position of nodes and the levels are from the first to the fifth in accordance with accuracy of nodes from high to low respectively. Secondly, the level of anchor nodes can be known by those unknown nodes from the information given by the anchor nodes themselves, At the same time the unknown nodes are able to be located in the area controlled by the first level of anchor nodes that are as the aggregation. Then the positioning algorithm is designed correspondingly in accordance with the accuracy level of nodes. Finally, the positioning algorithm is simulated and analyzed. The result shows that the unknown nodes can be located effectively by hierarchical control.     

Deep-hole inner diameter measuring system based on non-contact capacitance sensor

A precise aperture measuring system of small deep holes with capacitance sensors is presented. Based on the working principle of non-contact capacitance sensors, influence of the edge effect of gauge head is studied, and one capacitance sensor for measuring the aperture of the small blind holes or through holes is introduced. The system is composed of one positioning device, one aperture measuring capacitance sensor, one measuring circuit, and software. This system employs visual CCD and two-dimensional micro-adjusting mechanism to realize the precise positioning. By LabView software this system is controlled to run automatically, to carry out calibration and automatic data collection, and to make data import into the database directly. Experiments proved that the diameter measurement range of the system can be 1.8 mm—7 mm, the resolution can be up to 5 nm—10 nm, the repeatability measurement standard deviation can be 0.05 μm—0.1 μm, and the measurement uncertainty can achieve 0.15 μm—0.3 μm. So the measuring system can realize the nanometer-level measurement.     

Second Law of Thermodynamics Analysis of TranscriticalCarbon Dioxide Refrigeration Cycle

In order to identify the locations of irreversible loss within the transcritical carbon dioxide refrigeration cycle with an expansion turbine, a method with respect to the second law of thermodynamics based on exergy analysis model is applied. The effects of heat rejection pressures, outlet temperatures of gas cooler and evaporating temperatures on the exergy loss, exergy efficiency and the coefficient of performance (COP) of the expansion turbine cycle are analyzed. It is found that the great percentages of exergy losses take place in the gas cooler and compressor. Moreover, heat rejection pressures, outlet temperatures of gas cooler and evaporating temperatures have strong influence on the exergy efficiency, COP and the exergy loss of each component. The analysis shows that there exists an optimal heat rejection pressure corresponding to the maximum exergy efficiency and COP, respectively. The results are of significance in providing theoretical basis for optimal design and the control of the transcritical carbon dioxide system with an expansion turbine.     

Strategy and Quality Maps in Higher Education

The purpose of this study is to investigate the integration of strategic management and quality assurance in higher education. The study presents how the value chain can be described in the strategy and quality maps, which are, respectively graphical representations of the strategic plan and the quality assurance system. The quality map is a new concept that explicitly takes into account the environment, strategic planning and the quality cycle of the institution. The quality map helps the management of the higher education institution present an overview of the quality assurance system to external evaluators, members of the organization, students and other stakeholders.     

System for Measuring Elevator Guide Rail Quality and Its Calibration

A system for measuring the quality parameters of elevator guide rails is developed. The quality parameters the system can measure include straightness, flatness, squareness, width and height of the rail. The system consists of six parts:main guideway, auxiliary guideway, reference rail, saddle, control casing and measured rail. The guide rail to be measured is mounted on a bed. The straightness errors of surfaces are checked by five linear displacement sensors mounted on the saddle. The deviation of readings from the sensor, which is in contact with top guiding surface, gives the straightness error of the surface and height of the rail. The other four sensors are used to measure side guiding surfaces respectively and give other parameters including flatness on the surfaces, squareness, width and height of the rail. A novel calibration method is also developed to calibrate the straightness motion error of the system in horizontal and vertical directions. The deflection deformation of the measured rail is fitted by using a fourth-order polynomial. Experimental results show that the uncertainty of the system on the side surfaces after compensating the straightness motion error is less than 0. 01 mm, and the uncertainty of the system on the top surface after compensating the straightness motion error and the deflection deformation of the rail is less than 0.03 mm.     

Network analysis using organizational risk analyzer

The tool system of the organizational risk analyzer (ORA) to study the network of East Turkistan terrorists is selected. The model of the relationships among its personnel, knowledge, resources and task entities is represented by the meta-matrix in ORA, with which to analyze the risks and vulnerabilities of organizational structure quantitatively, and obtain the last vulnerabilities and risks of the organization. Case study in this system shows that it should be a shortcut to destroy effectively the network of terrorists by recognizing the caucus persons of the terrorism organization for the first and eliminating them when strikes the terror organization. It is vital to ensure effective use of the resources and control the risks of terrorist attacks.     

基于原子单元的PKI通用支持平台的研究

PKI系统的通用性是实施PKI系统成功与否的关键。本文提出了基于原子单元的PKI系统通用性研究策略,以解决PKI系统的通用性问题。定义了原子工作单元和原子功能单元的概念,将业务流程模块化,模块分层原子化。通过将原子工作单元映射为原子功能单元,结合工作流及中间件技术,为实施PKI系统的通用性提出了一套解决方案,并完成了PKI通用支持平台的总体设计。     

PKI技术与应用

PKI是基于公钥加密体制的提供公钥加密和数字签名服务的系统或平台,主要由认证中心(CA)、数字证书库、密钥备份及恢复系统、证书撤销处理系统和应用程序接口(API)组成。其中CA是PKI的核心环节,具有证书发放、更新、撤销和验证等功能。PKI技术已在很多领域得到了广泛的应用。     

基于PKI的安全电子政务系统的设计

在对现有信息安全技术分析和研究的基础上,讨论了公钥基础设施(PKI)的体系结构,提出了一种基于PKI/CA体系的信息安全系统模型,并从功能、结构和组成等方面对其进行了分析。基于此模型,设计并实现了一个安全电子政务信息系统。     

EPC物联网中标签加密算法研究

针对EPC物联网中数据安全性问题,以及传统的PKI系统构建开销过大、认证体系复杂等问题,提出一种轻型的PKI加密算法.该算法结合EPC物联网的特点,通过引入EPC密钥和基于社会学信任协商模型的认证机制,对传统的PKI进行裁减,在不改变传统PKI基本功能的前提下对加密算法及CA管理进行简化,形成了轻型的PKI算法,构建了具有复合物联网特点的安全体系结构.实验表明：改进的算法有效地实现了对EPC数据访问的控制,保证了物联网中的信息传输效率.     

基于PKI/PMI的技术探析

PKI/PMI是新兴技术,PMI标准为移动代理的授权管理实现提供了一条新思路。PKI通过方便灵活的密钥和证书管理方式,提供了在线身份认证的有效手段,为应用系统奠定了安全基础。从基本理论、组成和各部分功能分析了PKI/PMI技术。     

公钥基础设施中认证机构的设计与研究

公钥基础设施是信息安全领域中研究的重点,PKI在国外已经开始实际应用.研究国外PKI软件产品,对CA进行设计,可以提高CA系统的效率、互操作性以及安全性.     

基于IBE的安全电子邮件实现

随着越来越多的使用电子邮件,它所传送的内容也越来越广泛.因此保证其中敏感数据及重要内容的安全成了当务之急.但使用传统的PKI方法太过复杂,阻碍了具体的实施计划.根据新兴的公钥密码算法IBE(基于身份的加密)的特点,通过使用IBE来代替传统的PKI,并结合数字签名提出了一种新型的保证电子邮件安全的方案.通过对该方案的理论评估,可以看出该方案能够实现电子邮件的安全传送,同时该方案具有成本低、易于实现和适用范围广的特点.     

基于PKI的信息传输安全系统

以 PKI为基础 ,结合对称加密机制 ,设计并实现了一个安全信息传输系统 ,保证了网络文件传输的身份认证、保密性、完整性和不可否认性     

基于PKI／PMI和SOA访问控制方案的设计

构建安全、高效和公平的企业系统资源的统一访问控制系统,是目前一个重要的研究方向。分析了面向服务的架构技术（SOA）、面向角色的访问控制（RBAC）技术、公钥基础设施PKI和权限管理基础设施PMI在安全管理方面的作用,并重点分析了欧共体PERMIS工程的优缺点,在此基础上把SOA和PKI／PMI很好的结合起来构建了访问控制子系统,克服了PERMIS工程的不足,实现了企业系统的安全、高效的访问控制功能,为企业系统的访问控制提供了一种参考方案。