基于生物特征识别的统一身份认证系统研究

doi:10.3969/j.issn.1671-1122.2019.09.018

信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 86-90.doi: 10.3969/j.issn.1671-1122.2019.09.018

基于生物特征识别的统一身份认证系统研究

张富友^1,², 王琼霄^1,², 宋利¹

1.中国科学院信息工程研究所,北京 100093
2.中国科学院大学网络空间安全学院,北京 100049

收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
作者简介:
作者简介：张富友（1994—）,男,甘肃,硕士研究生,主要研究方向为身份认证;王琼霄（1982—）,女,辽宁,高级工程师,博士,主要研究方向为网络安全;宋利（1988—）,女,辽宁,工程师,硕士,主要研究方向为网络安全。
基金资助:
中国科学院“十三五”信息化建设专项[XXH13505];工业转型升级资金（部门预算）项目[0714-EMTC-02-00577]

Research on Unified Identity Authentication System Based on Biometrics

Fuyou ZHANG^1,², Qiongxiao WANG^1,², Li SONG¹

1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China

Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要/Abstract

摘要：

身份管理系统是终端用户与服务提供商之间建立信任的基础,独立身份管理系统的弊端已经越来越明显。统一身份认证系统使得服务提供商能够在确保用户隐私得到有效保护的前提下,用户无需记忆多个口令,一次登录即可使用多个应用。但是目前的统一身份认证系统依然没有解决用户和服务端初始的强认证交互过程所面临的问题,用户名与口令的安全问题依然存在。文章设计并实现了一套基于移动端可信环境的身份鉴别的统一身份认证系统,避免了用户频繁地输入用户名与口令,使用户使用生物特征即可完成身份鉴别登录。

关键词: 统一身份认证, 生物特征识别认证, FIDO

Abstract:

The identity management system is the foundation for establishing trust between end users and service provider, the drawbacks of the independent identity management system have become more and more obvious. The unified identity authentication system enable service providers to ensure that user privacy is effectively protected, without the need of remembering multiple passwords, and to access multiple services by authenticating just once. However, the current unified identity authentication system still does not solve the problem faced by the initial strong authentication interaction process between the user and the server. The security problem of username and password still exists. This paper designs and implements a unified identity authentication system based on mobile-side trusted environment for identity authentication on the mobile side, which avoids user’s frequent input of username and password, and users can use biometrics to complete identity authentication.

Key words: identity authentication, biometric authentication, FIDO

中图分类号:

TP309

张富友, 王琼霄, 宋利. 基于生物特征识别的统一身份认证系统研究[J]. 信息网络安全, 2019, 19(9): 86-90.

Fuyou ZHANG, Qiongxiao WANG, Li SONG. Research on Unified Identity Authentication System Based on Biometrics[J]. Netinfo Security, 2019, 19(9): 86-90.

图/表 2

参考文献 16

[1]	ADAMS A, SASSE M A.Users are not the Enemy[J]. Communications of the ACM, 1999, 42(12): 41-46.
[2]	ION I, REEDER R, CONSOLVO S.“.. no one can hack my mind”: Comparing Expert and Non-Expert Security Practices[C]//ACM. Eleventh Symposium on Usable Privacy and Security, July 22-24, 2015, Carleton University, Ottawa, Canada. New York: ACM, 2015: 327-346.
[3]	PEARMAN S, THOMAS J, NAEINI P E, et al.Let’s Go in for a Closer Look: Observing Passwords in Their Natural Habitat[C]//ACM. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, October 30-November 3, 2017, Dallas, USA. New York: ACM, 2017: 295-310.
[4]	ZENG J, DUAN J, WU C.Empirical Study on Lexical Sentiment in Passwords from Chinese Websites[J]. Computers & Security, 2019, 80(1): 200-210.
[5]	MELICHER W, KURILOVA D, SEGRETI S M, et al.Usability and Security of Text Passwords on Mobile Devices[C]//ACM. Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, May 07-12, San Jose, CA, USA. New York: ACM, 2016: 527-539.
[6]	WASH R, RADER E, BERMAN R, et al.Understanding Password Choices: How Frequently Entered Passwords are Re-used Across Websites[C]//ACM. Twelfth Symposium on Usable Privacy and Security, June 22-24, 2016, Santa Clara, CA. New York: ACM, 2016: 175-188.
[7]	LOCKHART H, CAMPBELL B.Security Assertion Markup Language(saml) v2.0 Technical Overview[J]. OASIS Committee Draft, 2008, 12(9): 94-106.
[8]	SAKIMURA N, NRI J. Bradley, PING Identity, et al. OpenID Connect Core 1.0 Incorporating Errata Set 1[EB/OL]. , 2014-11-8.
[9]	IMAI I, SHIN S H, KOBARA K.Authenticated Key Exchange for Wireless Security[C]// IEEE. IEEE Wireless Communications and Networking Conference, 2005, March 13-17, 2005, New Orleans, LA, USA. New York: IEEE, 2005: 1180-1186.
[10]	WANG Y, LUO W, SHEN C.Analysis on Imai-Shin’s LR-AKE Protocol for Wireless Network Security[C]//Springer. International Business Conference on Communications and Networking in China, August 28 2008, Hangzhou, China. Berlin: Springer, 2008: 84-89.
[11]	HALLER N, METZ C, NESSER P, et al. A One-Time Password System[EB/OL]. , 2018-7-15.
[12]	BURIRO A.Behavioral Biometrics for Smartphone User Authentication[D]. Trento: University of Trento, 2017.
[13]	Android. Google: Ice Cream Sandwich[EB/OL]. , 2011-11-15.
[14]	JAIN A K, ROSS A, PANKANTI S.Biometrics: A Tool for Information Security[J]. IEEE Transactions on Information Forensics and Security, 2006, 1(2): 125-143.
[15]	DE L A, HANG A, VON Z E, et al.I Feel Like I’m Taking Selfies All Day!: Towards Understanding Biometric Authentication on Smartphones[C]//ACM. Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, April 18-23, 2015, Seoul, Republic of Korea, New York: ACM, 2015: 1411-1414.
[16]	FIDO Alliance. What is FIDO?[EB/OL]. , 2017-2-13.

基于生物特征识别的统一身份认证系统研究

Research on Unified Identity Authentication System Based on Biometrics

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 16

相关文章 2

编辑推荐

Metrics

本文评价

[1]	李梁磊, 邵立嵩, 王传勇, 刘勇. 一种基于FIDO UAF架构的开放授权方案[J]. 信息网络安全, 2017, 17(6): 35-42.
[2]	王凯令. 电力信息系统统一身份认证体系的建设研究[J]. , 2010, (1): 0-0.