Академический Документы
Профессиональный Документы
Культура Документы
Abstract
The authentication is the key part of the network security. It is also the main problem we should resolve. This scheme, which is bi-directional, using multimechanism to ensure safety authentication and providing a uniform authentication service to other e-government application system, meets the need of current egovernment system. But authentication technology and egovernment system are continually developing, there are still many problems need to be solved. Keywords: multi-mechanism; e-government; authentication technology
1. Introduction
With the rapid development and popularization of computer technology and communication technology, users can share expensive information resources and communicate with each other in the multi-user computer system or network system. However, the probability of controlled information extracted by unauthorized users in the system is also increasing at the same time. In order to reduce losses, the researchers have proposed a wide variety of user identification solution. Wherein, the password identification is a method for identity authentication on the basis of known things, and has being widely adopted because of the low price, easy implementation, user-friendly features and others. But this identification is also the most likely to be broken through in the user authentication mechanisms. If the listener-in on the network receives the secret password, he or she will be able to fake the user. Therefore, the password identification system faces with enormous threat to the network.
Password) system is designed to cope with the passive form of attack known as the replay attack. In the OTP system, only a one-time password is transmitted in Internet and accepts the verification at server-side, but the user's password (known as Secret Pass-Phrase) will not be transmitted at any time in the Internet. OTP identification belongs to a summary identification and its safety is based on the unipolarity of hash function; its core idea is that, it instead of user password transmits on the network and receives certification according to the user's secret pass phrase and the one-time password generated by random factors. In accordance with the choice mode of uncertainty factors, common OTP verification system design provides password sequence mechanism, question/response mechanism, time synchronization mechanism, event synchronization mechanism and others. Compared with Challenge-Response and password sequence these two one-time password authentication mechanism, Challenge-Response Mechanism is easier to achieve and has a strong ability to attack anti-minority and the client needs the small amount of computation, facilitating the realization of identity authentication mechanism in B/S mode applications in e-government.
124
system administrator, but also to verify the IP address of the administrator to prevent the personnel unrelated from the unauthorized access to the sensitive information; 6) To ensure the effectiveness and availability of the information system, the system updates the contents of the database and processes backup at any time.
the application server or secure communication proxy server. When the client browser is connected with the server, the client will verify the certificate of the server to determine whether the server is trusted, and then a secure communication channel is establish and all data transmitted up and down are encrypted. Users (whether system administrators to the other users logging in applications) can safely submit their own account information and other sensitive or confidential data under the encryption conditions to the trusted server. When it is achieved in fact, customers (referring to the application system managers of e-government) are required to first purchase CA certificate from the authority and import into IIS (Internet Information Service) of the application server. This can achieve data encryption at client/serverside in two-way transmission.
Users User information release Is the information in criterion Y 3DES encryption N System administration/Users One-time password identification Is the ID legal? Y Management interface/User query interface The encryption attachment in the file system 3DES decryption Information release interface Information management/query interface N
Figure 1. System network topology As shown in Figure 1, the system server is connected with the Internet through the firewall. The management computer and users can access the system through a computer randomly connected with the Internet, thus giving full freedom to the users of the system at all levels: the system administrator can at any time anywhere access the system, ensuring that the managers deal with the events timely; users will also be able to access the system at any time anywhere, ensuring the user's privacy and safety and facilitating the system to be applied in a wider range. In addition, the system communicates with the management computer and users through SSL encryption session, also guaranteeing the security of the data.
125
also expand the operating capacity of the script program. We use the ACL (Active Template Library) of VC to prepare a lightweight COM component. First create a COM component and a method for oneway encryption operation. Here, we define the method called as Encrypt, which should have two input parameters Resource and Seed, indicating separately the clear text of order and the value of seed; after Encrypt method completes the implementation, the mixed Res and Seed one-way encryption results return. Next, we choose a suitable method according to actual needs to achieve the one-way encryption algorithm. Finally, the COM component and its dynamic link library needed are packaged and compressed into a CAB file, in order to achieve the automatic download and installation of the browser.
Sub Encrypt () src = login.password.value Seed = login.Sess.vaule dest = PSWClient.Encrypt (src, Seed) login.password.value = dest End Sub --> < / SCRIPT > We can see from the above codes that the whole encryption process of Encrypt is transparent to the users, who can not know the details of encryption process of Encrypt even if they open and view the source codes.
126
input account name and password in the whole process) to pay a visit.
6. Conclusions
A multi-technologies integrated and bi-directional authentication e-government identification solution is proposed, the security of one-way SSL identification and one-time password encryption technology are analyzed in the solution and the realization of the core codes in the solution is presented.
7. References
[1] Lung Maoxiong, Zhang Runtong, E-government and government process reengineering, The defense technology industry, 2003, 4 (2) 65-68 [2] Wan Tao, Research on identity authentication technology in network, Shanxi: Xi'an Electronic Science and Technology University, 2003. [3] Derek Atkins, Internet Security Professional Reference, New Riders Publishing, 1997.5 [4] Gui Qishan, Wang Lichang, Yu Jing, Security management of e-government information in PKI system, Micro-computer information, 2006, 7-3: P173-175 [5] Tang Wen, Luo Junzhou, Research on one-time password authentication system and its implementation, Nanjing: The thesis collection of the Second Cross-Strait Symposium of Information, 2000.
127