计算机工程 ›› 2008, Vol. 34 ›› Issue (14): 152-154.doi: 10.3969/j.issn.1000-3428.2008.14.054

• 安全技术 • 上一篇    下一篇

一种单点登录协议的设计

李继勇,陶 然   

  1. (北京理工大学信息科学技术学院,北京100081)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-07-20 发布日期:2008-07-20

Design of Single Sign-On Protocol

LI Ji-yong, TAO Ran   

  1. (Information Science Technology Institute, Beijing Institute of Technology, Beijing 100081)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-07-20 Published:2008-07-20

摘要: Kerberos单点登录协议存在口令猜测、重放攻击、缺乏认证等安全问题,该文以Kerberos协议为基础,设计一种新的单点登录协议,该协议修改了Kerberos协议的框架,引入一次性口令和授权服务机制,解决了Kerberos协议存在的问题,提供一种更安全、且扩展性强的单点登录协议。

关键词: 单点登录, Kerberos协议, 一次性口令, 协议安全性

Abstract: Kerberos protocol has some security problems, such as password guess, replay attack, and absent authentication. This paper designs a new Single Sign-On(SSO) protocol based on Kerberos. The SSO protocol modifies Kerberos’s framework, which solves Kerberos problem by using one time password and authorization. The new SSO protocol is a more secure and expansibile protocol.

Key words: Single Sign-On(SSO), Kerberos protocol, one time password, protocol security

中图分类号: