摘要： 针对软件即服务(SaaS)应用系统下认证协议的应用及安全性问题，提出一种新型认证方案。通过加密用户口令，将散列结果传输到网络上，只有服务器私钥才能解密，从而实现客户端及服务器双向认证一次性口令技术，提高认证系统的安全性。采用SVO逻辑对该协议进行形式化分析，结果验证了其安全性。

关键词: 软件即服务, 认证协议, SVO逻辑, 一次性口令

Abstract: In Software-as-a-Service(SaaS) mode, for the application and security issues of the authentication protocol, this paper proposes a new authorization scheme, raises an improved OTP technology. It transfers the hash result for user password by encrypting on the network that only can decrypt by the server private key, and it implements the two-way authentication between the client and the server. It can improve the security of the authentication system, and adopts the SVO logic formal analysis to validate the results of this protocol.

Key words: Software-as-a-Service(SaaS), authentication protocol, SVO logic, OTP

中图分类号: 

• TP309