Design And Implementation Of A Unified Authentication And Authorization System Based On PKI And OTP

With the development of network and information technology, an increasing number of internal information systems were constructed for enterprise, these systems usually belong to different departments and different business systems respectively. When the user traffic and the number of systems increased to a certain extent, the cost of system maintenance and user management complexity will increase exponentially, resulting in a waste of resources. To achieve a seamless integration of multiple applications, reducing the difficulty and cost of user administration, improve collaboration within the enterprise system efficiency, a unified user authentication and permission management is needed.A unified authentication and authorization system based on PKI and OTP is designed in this paper, using two kinds of strong authentication methods PKI and OTP to provide a secure lightweight single sign-on program; put forward an improved role-based authorization control scheme to achieve a flexible fine-grained authorization policy; initially proposed a certification level related access control policy to use three authentication mechanisms flexibly. The system introduces a digital signature-based security auditing features, using the anti-repudiation of digital signatures to record and trail users' behaviors, so that the secure audit feature is implemented. With application system integration, the internal resources are conformed and the security of application system is enhanced, the costs of user information management and access control are significantly reduced.In this paper, author firstly analyzed the subject's background and current situation of international research in related fields, and gave a brief description of the problem need to solve; Secondly analyzed and researched the key technologies involved in the system design and show the technical roadmap; then analyzed the system requirements and designed main functional unit of the system; Finally elaborated implementation mechanism of main modules, and introduced access solutions for applications.