Lin Yao,Lei Wang,Xiangwei Kong,Guowei Wu,Feng Xia

DOI: https://doi.org/10.1016/j.camwa.2010.01.010

IF: 3.218

2010-01-01

Computers & Mathematics with Applications

Abstract:In a pervasive computing environment, mobile users often roam into foreign domains. Consequently, mutual authentication between the user and the service provider in different domains becomes a critical issue. In this paper, a fast and secure inter-domain authentication and key establishment scheme, namely IDAS, is proposed. IDAS adopts Biometrics to guarantee the uniqueness and privacy of users and adopts signcryption to generate a secure session key. IDAS can not only reduce the burden of certificates management, but also protect the users and authentication servers against fraud. Compared with some other authentication methods, our approach is superior with faster key exchange and authentication, as well as more privacy. The correctness is verified with the Syverson and Van Oorschot (SVO) logic. Crown Copyright (C) 2010 Published by Elsevier Ltd. All rights reserved.

YAO Lin,FAN Qingna,KONG Xiangwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.2011.06.023

2011-01-01

Abstract:As a result of the high mobility of the pervasive computing,the principles communicating with each other usually locate at different domains.To secure the service access and communications,the principles should authenticate each other and establish a fresh session key.A novel inter-domain authentication and key establishment protocol is proposed.The proposed protocol reduces the burden of certificates management by adopting the biometric encryption.After inter-domain mutual authentication,the two principles build a new session key using the signcryption technique.The protocol can defend lots of attacks and its correctness is proven by the SVO logic.

LI Jian-jun,GUO Wei-qing,XU Duan-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.15.056

2006-01-01

Abstract:Authentication is the core and the first gateway to computer security system. With mentality of middleware and the tokencard authentication system, the improved project of GINA and extensional technology on Windows are introduced and a more flexible mecha- nism for the two-factor authentication module is provided. With the virtual tokencard technology, the Tokencard make the multi-role logon authentication possible and it proves to be more flexible and reliable.

LI Jian-jun,XU Duan-qing,GUO Wei-qing

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.09.068

2005-01-01

Abstract:Combining with living examples and based on IPSEC,the realization of the VPN system was approached in many internet circumstances of remote access(such as gateway,broadband,xDSL etc.),and in view of the deficiency and the hidden troubles of the traditional static password,introduces a working mechanism was introduced which took into consideration both the tokencard two factor authentication and Windows AD,and proveds to be flexible and liable for the single-sign on clients.

ZHENG Lan,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.07.058

2005-01-01

Abstract:With the rapid growth of internet and enterprises on a global scale, the use of directories as accessible repositories providesa flexible and various solution for gathering, storage and accessing information. The design and implementation of an unified accesscontrol system supporting single-sign-on areintrodueed, whichis based on LDAPdirectory and combines access controls ofall applicationsystems to realize security access system of unified users management. The system used middleware technology to efficiently resolvethe bottleneck problem when a lot of users accesed LDAP database.

朱建新,杨小虎

DOI: https://doi.org/10.3969/j.issn.1001-3695.2001.12.004

2001-01-01

Abstract:Network security is an important research area in the application of information system now,How to implement effective access control based on user's identity is very important. This paper briefly introduces the concept and technology of authentication first,and analyze the technology of biometric identification,then points out that fingerprint-based biometric identification in networking environment combining data transfer encrypt is a reliable method for control user's access and protect information system,and describes the design and implementation of fingerprint-based authentication system in networking environment.

zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

ZHANG Chunrui,XU Ke,HAO Xiangdong,LIU Yuan

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.10.035

2009-01-01

Abstract:Many applications of engineering simulation need to control remote logins to linux systems and control them. However, almost all such applications use a username-password method for the identity authentication which is net very secure since the password can be easily guessed. This paper presents a digital certificate method for identity authentication in the SSH protocol to improve login security. A remote linux login system was developed to provide single sign-on. The results show that the certificate system for remote linux logins improves application security and workability.

刘端阳,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.01.006

2004-01-01

Abstract:With the development of collaboration among enterprises, it is very desirable to securely exchange information between PDMs through Internet. The original user/password mechanism is very weak, unsecure and inflexible. And also,authorization based on PKC(public key certificate) cannot satisfy the temporary relations between enterprises. In order to satisfy the demand of secure information exchanges between enterprises, according with the genernal security management model of PDM system, This paper designed an AC(attribute certificate) model based on PKC. The model was based on TTP architecture to achieve trust between enterprises and automation of enterprises' collaboration, and reduced the startup cost. And it provides not only reliable authentication and data protection, but also flexible access control and secure audit, and effectively implements information exchanges between enterprises. The new model can be well used in the fields of automobile manufacture,electronics,mechanics and so on.

陈华鹏,陈根才,沈音乐

DOI: https://doi.org/10.3969/j.issn.1000-3428.2001.06.075

2001-01-01

Abstract:To ensure the data security and correctness and increase the work efficiency, this paper introduces a method to extend the domain-user management of NT operating system by the B/S+API technology, and gives a successful example.

He,Wei,Li,Xiu,Liu,Wenhuang

DOI: https://doi.org/10.3969/j.issn.1008-0570.2005.33.001

2005-01-01

Abstract:This paper investigates the importance of uniform identity authentication system for building knowledge sharing platform, and presents the general framework of this system. An architecture based on kerberos Protocol and Security Assertion Markup Language is used to solve the issue of the Single User Sign-on to Multiple Services. This paper also discusses the issue of organizing user's id and access control lists with the distributed directory tree method, and a real application model is presented. This system can provide a very effective and secure access on knowledge sharing system.

Yao Liu,Yueting Chai,Yi Liu

DOI: https://doi.org/10.1109/icebe.2015.76

2015-01-01

Abstract:In the current Internet environment, security incidents occur frequently and the potential safety problems are highlighted. In this case, we propose "Internet trusted identity authentication system". The system changes the previous conventional mode of identity authentication, changes the mode of username/password to the relationship bound between net ID and password rule and replaces the traditional dead-password mode with the mode of dynamic password and password rule. At the same time, we should establish the repository of trusted identity to store and manage the net ID and password rule. With the tools of USBKEY, SMS and digital certificates, the system can achieve the function of implementing the real-name network in the Internet, making remembering passwords more convenience, simplifying users' operations online and strengthening the security of personal identification information online, which can improve the safety, reliability and efficiency of the Internet, on the premise that it won't change the Internet functions or the operation habits.

LI Li,LIU Yunfeng,OUYANG Rongbin,WANG Qianyi,LONG Xinzheng

2012-01-01

Abstract:Unified user authentication system at Peking University can provides unified user identity managementand authentication services for many applications in the university.It is a universal and extensible information system.The paper presents the questions in the practice of the system and aries out discussion on its optimization.

Guowei Wang,Guangming Xu,Manjun Xue

DOI: https://doi.org/10.4304/jnw.9.10.2858-2865

2014-01-01

Journal of Networks

Abstract:To solve the problems of unified identity authentication between heterogeneous application systems that emerged in the procedure of informatization construction. The paper presents a 3-tier architecture solution that contains user tier, unified authentication tier and application system tier to realize unified identity authentication between legacy system and new application system. For legacy systems, the paper presents a method of double authentication that users firstly log on unified identity authentication system for unified identity validation, then securely transmit authenticated unified identity information and simulate the authentication progress via the authentication mechanism of legacy systems for permission distributing. For new application systems, the paper presents a method of centralized authentication through a relatively independent Role Based Access Control (RBAC) identity authentication model that consists of organization, user, role and permission entries to realize the logical separation of users and access permission, then designs a Directory Information Tree (DIT) structure based on the RBAC model for permissions distributing and access controlling

Zongpu Jia,Guowei Wang

DOI: https://doi.org/10.1007/978-3-642-40633-1-18

2014-01-01

Abstract:To resolve the problems about identity authentication of heterogeneous application systems that emerged in the procedure of data integration. This paper presents a solution of unified identity authentication based on Light Directory Access Protocol (LDAP). By using a method of double sign on an interface calling the solution can separately realize unified identity authentication in developed application systems and new systems. Then the paper design a reasonable structure Directory Information Tree (DIT) based on Role-Based Access Control (RBAC) model that consists of organization, user, role, and permission entries to realize permissions distributing and access control. ? Springer-Verlag Berlin Heidelberg 2014.

Dawei Zhao,Haipeng Peng,Shudong Li,Yixian Yang

DOI: https://doi.org/10.48550/arXiv.1305.6350

2013-05-28

Abstract:Recently, Li et al. analyzed Lee et al.'s multi-server authentication scheme and proposed a novel smart card and dynamic ID based remote user authentication scheme for multi-server environments. They claimed that their scheme can resist several kinds of attacks. However, through careful analysis, we find that Li et al.'s scheme is vulnerable to stolen smart card and offline dictionary attack, replay attack, impersonation attack and server spoofing attack. By analyzing other similar schemes, we find that the certain type of dynamic ID based multi-server authentication scheme in which only hash functions are used and no registration center participates in the authentication and session key agreement phase is hard to provide perfect efficient and secure authentication. To compensate for these shortcomings, we improve the recently proposed Liao et al.'s multi-server authentication scheme which is based on pairing and self-certified public keys, and propose a novel dynamic ID based remote user authentication scheme for multi-server environments. Liao et al.'s scheme is found vulnerable to offline dictionary attack and denial of service attack, and cannot provide user's anonymity and local password verification. However, our proposed scheme overcomes the shortcomings of Liao et al.'s scheme. Security and performance analyses show the proposed scheme is secure against various attacks and has many excellent features.

Cryptography and Security

王会,安常青,李学农,黄辉

DOI: https://doi.org/10.3969/j.issn.1000-7024.2002.04.005

2002-01-01

Abstract:In campus accounting system based on identity certification, it is very important to confirm the identity of users and prevent IP address embezzlement. Taking identity certification system of campus network for example, this article describes the theory and implement in detail.

Libo Feng,Fei Qiu,Kai Hu,Bei Yu,Junyu Lin,Shaowen Yao

DOI: https://doi.org/10.1016/j.future.2024.04.042

IF: 7.307

2024-04-25

Future Generation Computer Systems

Abstract:Device management in the Industrial Internet of Things (IIoT) is complex, especially in a cross-domain context. Trust identity authentication between cross-domain devices is required when devices work together. Existing identity authentication methods can result in heavy key management overhead or be computationally demanding on the device. In this paper, we propose a cross-domain authentication scheme based on blockchain and certificateless signature that can be suitable for IIoT devices. First, smart contracts are used to complete trusted identity verification of devices, which reduces the computing overhead of IIoT devices. Second, a trust value-based access control method is proposed, which can quickly and timely identify malicious authentication and ensure the normal operation of the authentication system. Finally, the validity and safety of our proposed methods are proven by experiments. The experiment results showed that our methods can meet the needs in terms of IIoT device security and blockchain system output performance, and can achieve cross-domain authentication for IIoT devices.

computer science, theory & methods

Lin Zhang,Hong Li,Limin Sun,Zhiqiang Shi,Yunhua He

DOI: https://doi.org/10.1109/pac.2017.28

2017-01-01

Abstract:User authentication in computer systems has been a cornerstone of computer security for decades. However, the existing user authentication schemes either require human cognitive ability to remember numerous complex id and password, or rely on a trusted third party which could fail due to technical failure or denial-of-service attacks. In this paper, we design a fully distributed user authentication framework with the blockchain technology. In our scheme, a user stores her identity in the blockchain, stores her encrypted personal information in a off-blockchain storage, and attaches a smart contract which grants different permissions to each website/application. When a user logs in a website/application, the service provider employs a challenge-response protocol to verify the identity of the user, and then retrieve the user's personal information from the off-blockchain storage.