信息网络安全 ›› 2016, Vol. 16 ›› Issue (5): 37-43.doi: 10.3969/j.issn.1671-1122.2016.05.006

• 技术研究 • 上一篇    下一篇

基于服务架构的密码服务系统认证方案研究

叶伟伟1(), 欧庆于1, 柏小武2   

  1. 1.海军工程大学信息安全系,湖北武汉 430033
    2.襄阳市公安局,湖北襄阳 441021
  • 收稿日期:2016-04-06 出版日期:2016-05-20 发布日期:2020-05-13
  • 作者简介:

    叶伟伟(1991—),男,重庆,硕士研究生,主要研究方向为密码保障;欧庆于(1978—),男,江西,副教授,博士,主要研究方向为密码芯片设计;柏小武(1971—),男,湖北,硕士,主要研究方向为网络安全、视频应用技术。

  • 基金资助:
    国家自然科学基金[11202239].海军工程大学自然科学基金[HGDQNEQJJ15016]

Research on Authentication Scheme of Cryptographic Service System Based on Service Architecture

Weiwei YE1(), Qingyu OU1, Xiaowu BAI2   

  1. 1.Department of Information Security, Naval University of Engineering, Wuhan Hubei 430033, China
    2.Xiangyang Municipal Public Security Bureau, Xiangyang Hubei 441021, China
  • Received:2016-04-06 Online:2016-05-20 Published:2020-05-13

摘要:

传统密码服务系统呈“烟囱式”结构,造成了不同部门之间加密通信困难,信息资源难以共享,不适应信息化条件下的应用协作要求。文章提出了一种面向服务架构的密码服务系统,实现了互联互通互操作,同时提出了一种认证方案,实现用户与服务系统的双向认证,增强了系统安全性,提高了协议效率。现有PKI系统公钥证书验证的效率低,建立域间信任路径过程复杂、路径有效性验证效率低且信任路径过长,甚至可能出现回路等问题,导致跨域认证效率低。文章提出基于XKMS的域间信任建立方法,省去域间信任路径的建立和验证两个过程,构建起任意两个IDP之间的直接信任关系,减少信任路径构建的复杂性及其长度,在保留PKI系统优势的同时,简化了系统交互过程,提高跨域认证效率。文章通过与现有方案对比,表明本文方案的认证效率得到一定程度的提高。

关键词: 面向服务架构, 认证方案, 密码服务, 跨域认证

Abstract:

Traditional cryptographic service system is a “chimney” type structure, resulting in the encrypted communication difficulties between different departments, and information resources are difficult to share. This paper proposed oriented service architecture of cryptographic service system, and it realizes the interconnection and interoperability. This paper proposes an authentication scheme, which can enhance the security of the system. The efficiency of existing PKI public key certificate validation is low, the establishment of inter domain trust path is complex and too long trust path lead to cross domain authentication efficiency lower. Based on XKMS domain trust building methods, this paper establish direct trust relationship between any two of the IDP, and it can reduce the complexity and length of trust path construction, retain the advantage of PKI system, simplify the system interaction process, and improve cross domain authentication efficiency. Compared with the existing schemes, it can improve the efficiency of the authentication.

Key words: service oriented architecture, authentication scheme, cipher service, cross-domain authentication.

中图分类号: