中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 中科院软件所  > 中科院软件所
题名:
一个基于代理的身份认证系统的设计与实现
作者: 钟卫林
答辩日期: 2000
专业: 计算机应用技术
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 内部网 ; 身份认证 ; 代理 ; 客户机/服务器 ; 智能卡
摘要: 随着公司和机构组建自己的内部网(Intranet),通过网络共享和处理信息带来了高效率和低成本的同时,也带来了诸多的安全问题。敏感的信息资源的共享对用户身份认证提出更高的要求。目前,Intranet上多个应用系统使用各自独立的认证机制,带来了多用户名和口令字问题不仅给用户造成不便,同时也带来潜在的安全隐患。建立一个集中统一和安全可靠的身份认证系统成为Intranet安全的迫切需求。此外,为了保护企业的投入,还必须充分考虑到与Intranet现有应用系统的兼容,并且易于将来网络结构的进一步扩展。针对上述问题,本文提出了一种基于代理的身份认证系统,此认证系统适用于多平台、多应用和多用户的大型Intranet。系统具有如下的特点和优点:通过在客户端和服务器端分别驻留代理程序,充分兼容原有的应用系统和网络结构,并且具有高度的扩展性;使用公钥证书与智能卡相结合,实现了用户的强双因子身份认证;采用票据访问的形式实现了用户的一次身份认证,解决了多口令的问题,基于公钥体制的访问票据和安全的认证协议,更进一步提高了Intranet系统的总体安全;同时,还给出了用户的集中统一管理方案。文中详细讨论了这一基于代理的认证系统的设计方案,并具体给出了系统对于Web和Client/Server两种应用系统的实现。最后,讨论了系统的改进和扩展。
英文摘要: When more and more companies and organizations have been building their Intranets to share their internal information resources, what have been brought together with the high efficiency and low cost are many security problems. To share sensitive information demands stricter requirements on user authentication. Currently, the multiple application systems on the Intranet employ independent authentication mechanisms, which bring about multiple pairs of username and password. This not only brings inconvenience to the user, but also is prone to many potential security problems. To assure the Intranet security cries for a centralized and uniform authentication system, which must also be highly secure and dependable. Furthermore, to save the investment, sufficient consideration must be made to the compatibility with the existing application systems and the expandability for the Intranet in the future. To solve these problems, this thesis presents a proxy-based authentication system, which applies for a large scale Intranet of multi-platform, multi-application and multi-user. This proxy-based authentication system has following features. Running proxies on client side and server side respectively, it is not only fully compatible with the currently existing application systems and network topology, but also has great expandability. Combining together the public key certificate and the smartcard, it realizes the strong and two-factor user authentication. Using the visiting ticket mechanism, it achieves user single authentication, solving the multi-password problem. With the secure visiting ticket, which is based on the public cryptography system, and the secure authentication protocol, it improves the total security of the Intranet system. In addition, it provides a centralized and uniform user management scheme. This thesis discusses in details the design of this proxy-base authentication system and presents its specific implementation for Web and Client/Server applications. At last, the improvement and functional expanding of this authentication system are discussed.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/6698
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW002154.pdf(2095KB)----限制开放-- 联系获取全文

Recommended Citation:
钟卫林. 一个基于代理的身份认证系统的设计与实现[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2000-01-01.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[钟卫林]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[钟卫林]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace