| With the development of information technology, many kinds of network-based application can be found in current business works.For running business properly, users have to login different applications with different accounts and passwords.Considerate the security aspect, the authentication of users is a required part of each application.Due to the independent attribute of each application, users often have to login and logoff for visiting other applications. It is a challenge for nowadays authentication system to provide a solution to simplify the processing of user's logins and keep security of each application.The key point of this paper is to establish a Unified Identity Authentication Integration Platform, so the problem of user unification authentication and unification authorization was accomplished, and the problem of Enterprise Information Island was resolved.First, existing authentication mechanism was described in this paper, and the Kerberos authentication mechanism was emphasis studied, the advantage and disadvantage of the Kerberos protocol was analysed, and the advantages of ECC algorithm was analysed, then an improvement Kerberos unified security authentication solution was proposed. In this solution, ECC algorithm will be embedded into the Kerberos authentication process, and the improved protocol was offered to resolve the Kerberos password guessing attacks and replay attacks problems. Secondly, in this system the distributed properties of LDAP (Lightweight Directory Access Protocol, LDAP) protocol was used to organize user information which distributed in different application into a logic directory tree, and XML and SOAP technologies were adopted to implement data exchange between heterogeneous databases and to achieve the centralized management of user information.It largely simplifies the communication between applications and Authentication Service Center, and reduces the difficulty of system accomplishment.Finally, the heterogeneous system integration technology was analysed in this paper, and Web Services Technology was used to implement Integration Application General Registration Interface,and the problem of information island was solved. On the basis of these studied problems, a Unified Identity Authentication Integration Platform which based on LDAP was presented in the paper. The network users and network applications were managed by Windows Server 2000/2003 Active Directory, and SOAP protocol was used to encapsulate Integration Application General Registration Interface as a common integrated Web interface, so that remote system can facilitate to be called, the improved Kerberos protocol was used to accomplish user single sign on.The whole system was implemented over .NET platform.Each module of the system is relatively independent, which guarantees the loose coupling of the system. In additional, the system can be integrated easily, so that it can lower the cost of management. With the unified identity authentication system being gradual and perfect, it will play an important role among the information safe system of network, and network application management will be simpler and effective. |
PDF Full Text Request