Study And Implementation Of Authentication And Authorzation System Based On SM2Algorithm

With the rapid development of Information technology, many companies and institutions introduce various types of information allocation systems in the normal business. These applications is used to improve efficiency and reduce costs, at the same time, they have brought a series of questions, one of the prominent problem is as following:many applications are independent and in different domains, they are inconvenient to system maintenance and user management.For system maintenance, each user has different accounts in different system,resulting that the user information can not be managed uniformly.For users,they should login different applications with different account.In addition,due to the lack of a unified security authentication mechanism,there are security risks for user information management and user authentication aspects.Cryptographic technique is mainly used to protect the data security of communicaton process in this paper. However, as the computer technology and cryptographic techniques develop, the RSA algorithm is facing a severe test, the encryption key can not fully guarantee the security of data. In order to improve the security of data, the length of the RSA key should be increased, which reduce the performance of the algorithm. In order to solve this problem, the national password security agency released SM2elliptic curve public key cryptography algorithm in December17,2010, and proposed to upgrade the existiong RSA-based system, including electronic certification system and key management system.In this paper, focusing on the following works:First, this paper have a detailed study on SM2algorithm, analyse the RSA algorithm and ECC algorithm, analyse the advantage of SM2algorithm. Compared to RSA algorithm,SM2is safer,smaller storage space,faster signature speed. Compared to international standard ECC algorithm, SM2algorithm is better in decryption correctness, plain text encoding problem, the length of the encrypted data and encryption computational efficiency.Second, we propose a unified authentication and authorization model based on SM2digital certificate, authenticating the client by SM2digital certificate,solving the problem of cross-domain access by secure Cookie.For the ticket information in the cookie, it is encrypted by SM2algorithm to ensure the security of the tieket.In addition, we improve the SSL protocol by SM2algorithm for key negotiation.It improve the performance of the server for that the server just get the ticket and send it to third party certifictation without the signature.Finally, this paper apply the CD-SSO model and improved SSL protocol to the authentication and authorization system, give the specific design and implementation of the system and brief analysis of the system.