Research On Authentication And Authorization For NGI

With the development of next-generation Internet technologies and the deployment of next-generation backbone network, and with the spread of e-commerce, e-government applications, information security has become increasingly important. Authentication and authorization theories and technologies in the field of information security are an important branch. This article is about author's study and practice at it in past few years, and the main work and innovation reflected in the following areas:(1) Authentication: the theme of study is about how to make authentication protocol be compatible with a variety of authentication methods. Paper analyzed the case of current authentication techniques and practical application, and then proposed an authentication protocol with ticket proxy technology, through public key technology to achieve across multiple domains, characterized as compatible with a variety of authentication methods, which meet the user's habits and safety requirements. In discussing the anti-replay attacks, tamper-proof, anti-wiretapping and man-in-middle attack, security is proved by the GNY logic. The proposed protocol, enrich and improve security in the face of a single domain of the Kerberos security methods and more domain-oriented methods of authentication.(2) Authorization: the theme is the characterization of the classification, the classification of the characterization is against the current circumstances that authority of the classification is still not enough in-depth study. Paper proposed a multi-level delegation authorization model, model includes classification authority, the main grade, concepts such as classification of resources and the authority of formal definition, the main, the resources and authority elements and their relationship. At the same time, false papers to the way the code is the definition of data structure and algorithm, against the model and algorithms, including performance analysis and discussion, the role of copy distributed environment, distributed under the privilege of mapping mechanisms, and other issues. The proposed model and the discussion and in-depth analysis and characterization of the grade, on a tree structure of the organizational units of the classification authority have a good guide.(3) Practice verification: this chapter is based on research work in front of the foundation, with participation from 863 project, "inter-agency unified user authentication and authorization of resources audit system," and construction experience. Its topic is related to the progress in theoretical research, the project building ideas, the basic framework and system processes. Its aim is to promote and share the fruits of topics and provide a platform for example. The research results and the actual construction of projects improved authentication and authorization technology applications to a high level.