Research Of Identity Authentication And Access Control In Documents Security Management System

Nowadays the storage techniques of secret information, such as firewall, intrusion detection etc, which are based on internet attacks have developed more maturely. However, the storage techniques of secret information, which are applied to defend intranet attacks, have not come up to the enterprise's secure demands of information. Because the staffs who work in the company are easy to steal the confidential information, they would take the advantage of work to upload and download documents, which are stored in the intranet, and to deal with them arbitrarily. So, the enterprise's data will be taken out easily which will most probably lead to the leakage of confidential information and depletion of digital assets. Therefore, the enterprise not only need to defend the inner resource against hacker's access, but also need to carry out some control on the staffs'access. It is important to build up safe and efficient mechanism of resource management and mechanism of access control for the enterprise.In this paper, the literatures about information security in intranet and the faults of existing method of documents' management are investigated in details, and a secure management system of documents is designed and developed. Identity authentication and access control techniques are both the foundational secure services and correlative, and both of them are play the key roles in the system. Therefore, identity authentication and access control techniques are investigated and improved as follows:First, several typical protocols of identity authentication used these days are analyzed and surveyed. The paper fully takes advantages of the strongpoint of the Kerberos authentication protocol and introduces roles ID into it and gets rid of the ticket-grating ticket in it, as a result an improved Kerberos authentication protocol is proposed.Secondly, the techniques of Role-Based Access Control (RBAC) is analyzed and surveyed, as the department structure and user group are brought into the RBAC model the organization and administration of roles are simplified, as a result an improved RBAC model is proposed. The improved RBAC model not only supports that permissions are assigned to roles but also that permissions are assigned to users and user group, this makes the permission allocation more flexible.Finally, by combining the improved Kerberos authentication protocol with the improved RBAC model, the authentication server system is designed and implemented. The system can authenticate the user identity and it can administrate and sustain the information, such as users, roles, user-groups and access permissions of resource. In order to ensure that the system works securely, efficiently and stably, the techniques of IOCP and memory pool are employed to enhance its capacity of dealing with concurrent connects and ability of load.