Design And Implementation Of The Network Seicurity Identity Authentication Based-On Smart Card

Along with high-speed development of computer,network and internet, the influence of internet is gently penetrating into people's production, life, work,study and even everywhere. More and more enterprises,government departments are utilizing internet information to develop related activities, such as electronic commerce and electronic government affairs and so on. As a result of the publicity of internet, the potential secure threats of electronic commerce is becoming reality. At present, most websites are using "user name/password" to authenticate the status of users, such as Single Factor static Authentication and Double Factor static Authenication, which have too many problems, are no longer meeting the requests of current websites and management system that needs high security.This article is aiming the present development, mainly finished several works as follow:1. Fully understanding of network security authentication technology in China and aboard, and combining with Beijing Feiyu Technology Co., Ltd. oath-day implementation of the Express Network Sales and Management System project, in accordance with system requirements analysis as well as non-functional requirements ,coming up with the smart card authentication solution2. The solution uses a double-factor authentication, based on the comparison of challenge / response authentication methods, and PKI-based authentication system, we choose the challenge / response method, which requires the client to use the smart card and enter the PIN code to login and use challenge / response method to verify the authenticity of the user identity. We used the HMAC MD5 algorithm to implentment the system. The system use client level setting to control the accessing to resources.3. With the simulation tests of the smart card-based authentication of the network security system for enterprise environments, which mainly include functional testing, performance testing, usability testing, client compatibility testing, usability testing security testing. The results show that the system meets the expection of the basic design goals.4. The system sloves the traditional authentication's security risks efficitivly and enhances the safety and usbility of login. Moreover, the network security authentication system can be a separate identity subsystem, which can be used on other enterprises and government or industry site management after applied to post-secondary development.5. In recent months, the system has been successfully operating in the Express network of sales and management system. In addition, the system has been certified as a subsystem embedded in the identity of tomorrow in Beijing Information Technology Co., Ltd. High-Soft products sales network in the formal operation of office systems. The Chongqing Construction Department, Fujian Information Office and other government departments are also planning to gradually use network security authentication systems in their own information management system.