Research And Application Of WSS In Certificate Issuing System Based On Browser And USBkey

In the field of high security requirements to ensure the B / S system’s security,a lot of USBkeys and other user hardware terminal devices have been used to provide security support.Concerned about security requirements,browser is not allowed to access the user’s local resources directly,including the user’s external device.Thus,browser plug-in is uesed to achieve this requirement of accessing to user’s local resources.Plug-in technology does not have a unified standard,and differs in kernel of browsers.ActiveX and NPAPI have been widely used in the filed of plug-in technology.Unfortunately,they are no longer gradually supported by the browser due to the existing security problems.It is Zhengzhou XinDaJieAn who has the same problem.To slove problem in this company,this thesis attempt to use the WebSocket protocol defined in HTML5 as solution to solve this problem in communication between browser and local resource.A WSS service will be created on user’s local context to access the USBKey device and communicate with browser,and then,according to user’s reqirement aquired by the browser,service will issue the digital certificate to USBKeys.The main works of the thesis are as follow:Based on the analysis of the communication principle of WebSocket protocol,this thesis designs the communication model in which the browser is a client and coummunicated with the WebSocket service that is running on the user’s local context.It is the WebSocket service that access and operate the resource and the externally-connected hardware device,the serivce send the result returned to the browser.With the gradual popularization and application of the HTML5,as long as the browser keeps to the HTML5 standard,it can communicate with the WebSocket service no matter what kind of kernal it is.As a result,the problem of browser compatibility can be solved.WSS service model has been designed.On the basis of the above solutions,considering the security of communication between the browser and WebSocket service,with the research of the wss connection defined in WebSocket protocol,the WebSocket security(WSS)server model based on TLS layer is proposed anddesigned.And the implementation method and configuration scheme of the model are presented.A trusted communication channel is created through the digital certificate issued to browser and can be approved by the WSS service to ensure that the browser client and WebSocket service’s communication security.Digital certificate issuing system has been develpoed.With the analysis of the requirements of the digital certificate issuing system based on USBkey of XinDaJieAn and the hardware interface of USBkey provided by XinDaJieAn,the thesis made the WebSocket solution and the WSS service model in conjunction with current business requirements come true.The solution and service model were encapsulated as a security control to adapts the current system used by XinDaJieAn.Owing to use of the security control,users can successfully opreate the browser to issue a digital certificate and then the digital certificate can be written in there USBKeys.At last,function and the browser compatibility of the system have been test,which verified that the use of WebSocket as a middleware of browser’s accessing to the local hardware resources is full of great feasibility and reliability.