The Design Of Cross-domain And Single Sign-on System Model And Study On Scheme With Password Synchronization

With the development of key technologies, such as Kerberos and SAML (Security Assertion Markup Language), cross-domain Single Sign-On( SSO ) technology becomes a hot subject in the field of information security. Some kinds of present cross-domain SSO technology in the process of achieving cross-domain certification have some shortcomings. For example, security of the system model haves no guaranteed, and the problem of password synchronous can not be solved effectively. So the deficiencies above lead to problems such as the inefficiency of SSO, awkward to use password, password leak and forgery attack. All these problems should be dealt with urgently.A new safe Password Synchronization scheme of Single Sign-On System is proposed in the paper because of shortcomings of products of eTrustSSO in CA company and Securelogin SSO in Novell company and technological theory of Liberty Authentication and Net Passport in aspects of Security, scalability and realization of Password Synchronization Functionality. The method adopts optimal asymmetric encryption padding (OAEP) algorithm to readjust the plaintext, and products digital certificate after encryption algorithm RSA.Then, in the light of actual conditions of SSO model, the improved hybrid cryptograph transfer protocol (HCTP) was used to carry out the function of password synchronization. By the achievement of password synchronization, the scheme can overcome the weakness of RSA algorithm attacked by CCA easily, improve the security of SSO system and solve the problem of password synchronization efficiently.In order to make the current cross-domain SSO system support the application of password synchronization better, a scheme of password synchronization based on secure cross-domain SSO system was proposed. Combining advantages of authentication systems of Kerberos and SAML , the new model is able to support to accomplish the application of password synchronization pretty well. Not only that, it has close Logic Structure, and can resist the single point collapse and network bottleneck. The matter of solving the problem of password synchronization in cross-domain SSO system, HCTP algorithm is adopted to amendment password plaintext, Diffie-Hellman key exchange algorithm is used to produce master keys, encryption algorithm RSA is utilized to produce digital certification, and at last the improved hybrid cryptograph transfer protocol purposed was used to carry out the function of password synchronization.