摘要： 分析了IM面临的主要安全威胁及其特点，阐述并借鉴了现有的解决方案，提出了一套即时通信(IM)安全保护策略，利用公钥基础设施机制、“安全套接字层”、CAPTCHA等技术，通过加密、签名、验证签名、解密、CAPTCHA验证和IM消息流量监控等方法，保障了IM的连接安全和数据交换安全，保护了IM系统的配置信息和通信记录，减轻了病毒和蠕虫的威胁。

关键词: 即时通信, 安全套接字层, 加密, 蠕虫

Abstract: This paper analyzes the main threats that instant messaging(IM) confronted, its characteristics, and solutions in existing applications, proposes a suit of strategies to secure IM. This paper introduces the public key infrastructure(PKI) mechanism into IM, adopting techniques such as security socket layer(SSL) and CAPTCHA, and methods such as encryption, signature, signature verification, decryption, CAPTCHA validation and IM message flux monitoring, so as to ensure the security of IM connections and data communications, protect the configurations and notes of IM system, and lighten viruses and worms threats.

Key words: instant messaging, security socket layer, encrypt, worm

中图分类号: 

• TP309