Research And Application Of Unified Authentication Model Of The Petro China Exploration & Production Company

With the network environment and information construction situation being increasingly completed, applications are progressed step by step, professional applications are increasing integrated into Petro China Exploration & Production Company. Therefore, the most significant issue is how to take advantage of information resources in order to safely realize the information sharing.Petro China Exploration & Production Company includes a main portal 2】sub-portals 1362 information sections, and more than 20 professional integrated applications. Each system has different user identity and authentication architecture. For lacking unified user identity management process, simple password pathetic security and many other issues single sign-on system has not achieved. In order to protect the system to operate reliable and realize information sharing, it needs to develop appropriate standards, strengthen the security of identity management and authentication based on considering the overall information system identity management processes.Based on detailed analysis of frequently used identity management authentication models, techniques and methods of commonest information systems, discussing the advantages and disadvantages of existed methods, listing 7 cases of enterprises implement. This thesis proposes the solutions that combination of the LDAP(Lightweight Directory Access Protocol) and Kerberos according to the existed user authentication of Petro China Exploration & Production Company. Elliptic encryption algorithm is fast and effective, RSA encryption algorithm is good at privacy and convenience. Authentication mechanism is improved by combining two mentioned algorithms to optimized DES algorithm.Based on the large volume of toilsome user information, a reasonable LDAP-based directory information tree is designed according to different roles, taking Open LDAP as a platform to user information entry and modification. On the basis of the.NET platform and usage of C#, the unified authentication system was developed.Taking three professional application systems as a example, the developed unified authentication system is achieved on different development platform. The result shows that user information has been effectively centralized management, the security of systems has improved, achieved single sign-on and promote further promotion and information sharing of Petro China Exploration & Production Company.