作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (17): 122-123,142. doi: 10.3969/j.issn.1000-3428.2011.17.040

• 安全技术 • 上一篇    下一篇

一种安全的单点登录系统口令同步方案

张秋余,蔡志鹏,袁占亭   

  1. (兰州理工大学计算机与通信学院,兰州 730050)
  • 收稿日期:2011-01-25 出版日期:2011-09-05 发布日期:2011-09-05
  • 作者简介:张秋余(1966-),男,研究员、CCF高级会员,主研方向:信息隐藏与隐写分析,网络与信息安全;蔡志鹏,硕士研究生;袁占亭,教授、博士生导师
  • 基金资助:
    甘肃省自然科学基金资助项目(0803RJZA024)

Secure Password Synchronization Scheme for Single Sign-on System

ZHANG Qiu-yu, CAI Zhi-peng, YUAN Zhan-ting   

  1. (School of Computer and Communication, Lanzhou University of Technology, Lanzhou 730050, China)
  • Received:2011-01-25 Online:2011-09-05 Published:2011-09-05

摘要: 针对现有单点登录(SSO)系统难以有效支持口令同步的问题,设计一个安全性和扩展性更好的SSO系统模型,利用最优非对称加密填充算法修改明文,采用RSA加密算法产生数字证书,在此基础上改进混合密码传输协议,以更好地实现SSO系统中服务器、客户端代理服务器及认证机构三者之间的传输应用。通过对口令同步的实现,验证该方案相比原协议即时性更强、口令密钥安全性更高,能有效抵抗选择密文攻击。

关键词: 单点登录系统, 口令同步, 混合密码传输协议, 最优非对称加密填充算法, RSA算法

Abstract: In order to make the current Single Sign-on(SSO) schemes effectively support the application of password synchronization, this paper designs a secure model with better expansionary. It uses Optimal Asymmetric Encryption Padding(OAEP) encryption algorithm to modify the plaintext and creates a digital certificate through RSA encryption algorithm. Hybrid Cryptograph Transfer Protocol(HCTP) is improved to make it better realize the transmission applications among the server, the client proxy server and the Certificate Authority(CA) institutions of transfer in SSO system. The realization of password synchronization test verifies the stronger instantaneity and the higher security in the password key compared with HCTP, which can effectively resist chosen-ciphertext attack.

Key words: Single Sign-on(SSO) system, password synchronization, Hybrid Cryptograph Transfer Protocol(HCTP), Optimal Asymmetric Encryption Padding(OAEP) algorithm, RSA algorithm

中图分类号: