| With the popularization of computer network and the development of telecommunication and computer technologies, the number of applications has been increasing in enterprise network. However, every application system has its own identity authentication mechanism. The user who wants to access to these applications must be identified seriatim. As a result, more risks on security are taken and the application servers tend to be overburdened. Then the efficiency of accessing is decreased. Consequently, an identity authentication system that can provide uniform authentication and management is in demand.According to the requirement of the multi-applications with single authentication, this paper puts forward a new kind of identity authentication system which is independent of applications. In this system, the security system is horizontally combined with the application systems. The safe-filter of this system is composed of client agent, authentication agent, authentication server, security management server, user database, principal and subordinate authorization strategy database. When users try to access to the application servers, the safe-filter demands a uniform strong authentication through the authentication server. At the same time, the RBAC is used for managing the privilege of user. Finally the relative independence between authentication server and application systems comes true.In this paper, the structure of this system is introduced in detail. And the key technologies to implement this system are analyzed roundly. Especially, an authentication mechanism based on PKI/SSL and DCE/Kerberos is discussed in detail, and a protocol based on SSO technology is designed.These technologies that discussed in this paper have been implemented in the TianYu AAS. The scheme above is proved to be feasible and effective. It offers a viable mode and a new idea for the identity authentication system of multi-applications. |
PDF Full Text Request