Research on Authentication Scheme of Cryptographic Service System Based on Service Architecture

doi:10.3969/j.issn.1671-1122.2016.05.006

Abstract

Abstract:

Traditional cryptographic service system is a “chimney” type structure, resulting in the encrypted communication difficulties between different departments, and information resources are difficult to share. This paper proposed oriented service architecture of cryptographic service system, and it realizes the interconnection and interoperability. This paper proposes an authentication scheme, which can enhance the security of the system. The efficiency of existing PKI public key certificate validation is low, the establishment of inter domain trust path is complex and too long trust path lead to cross domain authentication efficiency lower. Based on XKMS domain trust building methods, this paper establish direct trust relationship between any two of the IDP, and it can reduce the complexity and length of trust path construction, retain the advantage of PKI system, simplify the system interaction process, and improve cross domain authentication efficiency. Compared with the existing schemes, it can improve the efficiency of the authentication.

Key words: service oriented architecture, authentication scheme, cipher service, cross-domain authentication.

CLC Number:

TP309

Weiwei YE, Qingyu OU, Xiaowu BAI. Research on Authentication Scheme of Cryptographic Service System Based on Service Architecture[J]. Netinfo Security, 2016, 16(5): 37-43.

Figures/Tables 6

References 22

[1]	凌晓东. SOA综述[J]. 计算机应用与软件,2007,24(10):122-124.
[2]	罗云锋,伏海斌,徐昆. 面向SOA的密码服务安全框架研究[J]. 计算机与数字工程,2012(11):115-117.
[3]	MIAO Fengman, ZHANG Qiuyu, YUAN Zhanting.Cross-domain Authentication Model Based on Lattice[C]//WASE. 2010 WASE International Conference on Information Engineering (ICIE), August 14-15, 2010, Beidaihe Hebei, China. New York: ACM, 2010: 115-118.
[4]	李小标. 跨域认证关键技术研究[D]. 北京:北京邮电大学,2011.
[5]	桂海仁. 基于SOA架构的认证服务关键技术研究[D]. 郑州:解放军信息工程大学,2013.
[6]	王曦. SOA环境下认证关键技术研究[D]. 郑州:解放军信息工程大学,2012.
[7]	YAO Yao, WANG Xingwei.A Cross-domain Authentication Protocol Based on Hypercube[C]//Northeastern University, IEEE. 2011 Chinese Control and Decision Conference (CCDC), May 23-25, 2011, Mianyang Sichuan, China. New Jersey: IEEE, 2011: 3528-3532.
[8]	HE Enze, WEN Qiaoyan. A Single Sign-on Scheme for Cross Domain Web Applications Based on SOA[EB/OL]. .
[9]	ZHENG Xiaorong.Cross-domain Authentication Model in SOA Based on Enterprise Service Bus[C]//APU. 2010 2nd International Conference on Computer Engineering and Technology (ICCET), April 16-18, 2010, Chengdu Sichuan, China. New Jersey: IEEE, 2010: 78-82.
[10]	周彦伟,杨波,吴振强,等. 基于身份的跨域直接匿名认证机制[J]. 中国科学:信息科学,2014,44(9):1102-1120.
[11]	Peng Huaxi.An identity-based Authentication Model for Multi-domain[J]. Chinese Journal of Computers, 2006, 29(8): 1271-1281.
[12]	刘保言,陈泳章. 公钥基础设施的多路径构造方法[J]. 计算机应用,2004,24(3):56-58.
[13]	徐蕾,孙尚波. 基于严格二叉树的证书路径构造方法[J]. 计算机应用,2010(S2):107-109.
[14]	杨绚渊,刘艳,陆建德. 一种改进的交叉认证路径构造算法设计[J]. 计算机工程,2006,32(24):146-148.
[15]	熊熙,高飞. 基于Dijkstra的PKI交叉认证路径搜索算法[J]. 计算机工程,2009,35(5):168-170.
[16]	孙尚波. PKI信任模型与证书路径构造方法研究[D]. 沈阳:沈阳航空航天大学,2011.
[17]	容晓峰,李增欣,郭晓雷. 密码服务系统研究综述[J]. 计算机安全,2010(3):62-66.
[18]	谢小赋,姚春华. 基于SOA的密码服务系统研究[J]. 信息安全与通信保密,2011(7):95-97.
[19]	朱迪思-赫尔维茨,罗宾-布鲁尔,玛西娅-考夫曼,等著. SOA达人迷[M]. 田俊静,译. 北京:人民邮电出版社,2013.
[20]	张红旗,杨智,王霞. 通用Web跨域认证构架研究与实现[J]. 计算机应用研究,2009,26(5):1796-1798.
[21]	RUIZ-MARTINEZ A, SANCHEZ-MARTINEZ D, MARIN-LOPEX C I, et al. An Advanced Certificate Validation Service and Architecture Based on XKMS[J]. Software: Practice and Experience, 2011, 41(3): 209-236.
[22]	冯超,张权,唐朝京. 计算可靠的Diffie-Hellman密钥交换协议自动证明[J]. 通信学报,2011,32(10):118-126.