| With the application and development of computer technology and network technology in college campuses, many application systems have been established, in order to implement the management of human resources and information, and to supply various kinds of services. However, due to the differences in the administrations, objects, degrees of urgencies, the systems were established in different stages, rather than planed as a whole. As the establishing time and the application providers vary, most of these systems are separated. A unified entry is absent. Users have to log on varieties of systems every day, and many different accounts and passwords have to be memorized. This situation not only greatly increases the burdens of users, but also increases the risk of them being attacked. As a solution, a unified authentication system could be designed, in order to allow the users to visit and use all application systems through single-point logons.This system is to replace all other systems'logon validations, hence its security requirement should be much higher. As the PKI system ensures the privacy, authentication, integrity and non-repudiation in network applications, it could be used as the security foundation of the establishment of the unified authentication logon system.In the beginning of the thesis, the development and application of PKI systems is introduced, then, starting with its cryptography fundamental, the PKI security system is analyzed step by step. The processes, advantages and disadvantages of symmetric and asymmetric algorithms, digital envelopes, hash functions and digital signatures involved are analyzed. The standards, services and constitution of PKI authentication system, as well as the structure of CA, which is the core component of PKI system, are specified. In the following part, the unified identity authentication technology is analyzed. Several popular identity authentication methods along with their advantages and disadvantages are introduced. The three models of identity authentication----modular authentication model, unified authentication model and trust agent model---are specified. As to the fact that multiple application systems and multiple access modes coexist in the campus, the following questions are brought forward and resolved:1. The question of supporting multiple-application-system and cross-platform authentications using SAML; 2. The question of implementing wireless authentication using WPKI. And with the application of RF card system, multiple-mode-access authentications are supported.3. The question of managing accounts information which distributes in different application systems using LDPA. According to the study and analysis of these questions, a campus identity authentication system based on PKI is designed. With the support of the asymmetric structure of the PKI system, the privacy, authentication, integrity and non-repudiation in the authentications of users'identities and in the information transmissions could be ensured. With the implement of the single-point logon function, according to related rules, a user is allowed to access to different application systems with a single logon. This may improve the simplicity, security and stability of the information system. Furthermore, the unified authentications in heterogeneous systems could be implemented, and those of WAP access, as well as RF card access, could be supported. Established users databases of different application systems could be integrated seamlessly as the users database of SSO application system. |
PDF Full Text Request