Identity authentication is an important part of a perfect secure system, the first defense, and the foundation of secure communication and access control. Having had a fairly thorough analysis about authentication technologies so far, we propose a authentication model and a authentication protocol based on identity certificate and right certificate, considering PKI and PMI technologies predominance on identity authentication, key and privilege management. We point out the four merits of the model and have a formal analysis of the protocol. Then, the structure of the authentication system for remote access is put forward in terms of the model. Since the design and implementation of authentication server and client influence directly the quality of service, a full and clear discussion is given in the following aspects: designing a class to simplify the certificate decoding, studying the certificate trust path to shorten the time of certificate chain validation, importing cache mechanism to heighten service response speed, using the demonstration system to take place of access control policy library, putting forward the methods of overtime transmission and replay protection in gateway management, analyzing intrusion based on audit datum, designing a real time dual systems to guarantee the high reliability and usability of server, designing authentication middleware based on NDIS to assure transparency of Client systems.
|