The Research On Identity Authentication Based On Multiple Factors

The identity authentication is an integrated technique, which combines with cryptology, biometric recognition, digital signature and etc. It has more applications in the network communication to verify the real identity of the correspondent. It can prevent illegal intruder loginning in the system, and keep the non-authorized person off the controlled resource. At present, the identity authentication technique has a broad application in banks, e-commerce, e-government and other management information systems. With the continual development of the computer network and the communication, the identity authentication will be an important research field.The dissertation studied the identity authentication theory, technology and application in depth, and focused on some key problems about multiple factors in the network communication.Firstly, the dissertation analyzed the drawbacks of the existing multi-server authentication scheme, which is only a single-direction authentication and has a time synchronization problem. The author proposed a multi-server authentication scheme based on smart cards and analyzed the security of the scheme. By saving user's authentication information in the smart card in the interpolating polynomial, the proposed scheme greatly strengthened the security of the original scheme. The proposed scheme acquired bidirectional authentication of the user and the server in the multi-server system, could automatic generate the session keys and save session keys' relative information in expression in smart cards. The proposed scheme avoided the transmission of the session keys through the network, and decreased the possibility of the leak of the session keys. Based on the proposed scheme, the author proposed an identity authentication scheme combined with password, smart card and fingerprint together, to enhance the security of the original scheme thoroughly.Secondly, the author proposed a multi-server identity authentication protocol based on USBKey and analyzed the security and performance of the scheme, designed and implemented the main module in the identity authentication system based on the proposed protocol.Thirdly, the author proposed an authentication scheme based on role of user. The different roles have different authorities in different systems. Therefore, we must select the different identity authentication methods according to the different roles of user. Such as in the electronic medical record system, different authentication methods can be choose according to the different users' roles. The system can identify the patient user with the user's name and password, the medical staff with the three factors (password, smart card and fingerprint), and the medical administrator with the four factors (password, smart card, fingerprint and MAC address). Then the proposed scheme used the multi-server authentication for medical department administrators who need to login in different servers.Finally, the author modified the identity authentication mechanism of SIP protocol and proposed a double factors (password and smart card) authentication, which can guarantee the confidentiality of user name, and withstand replay attack, impersonation attack and so on.