| Nowadays computer of special control is commonly used among Party and Government Organizations as a tool for storage and management in order to protect the security of sensitive documents. However, there are some security risks existing in computer of special control where confidential files are stored and utilized. Especially in recent years, with the development of Network Information Science and Technology, all kinds of information security are becoming more and more conspicuous. In particular, information security is more vital for computer of control for Party and Government Organizations because confidential documents are stored. Files in computer of special control are usually stored confidentially, while what the main point is to know the operating authority and confirm the identity of the operator. Currently, the common authentication is based on Smart Card, which means that only card holder can be approved when confidential information is stored in the Smart Card. But it is unsafe in that the attacker can imitate the client once the former knows the password and gets the card. Meanwhile, it is possible that too much authority one may own and if attacker is from inside there isn’t feasible precaution.Based on the shortcomings on the system of authentication above, this thesis put forwards a newly Group Authentication system based on wireless UKey. That is to say, when one wants to operate on confidential documents, the identities of several people are needed to be confirmed and authorized. For the purpose of the research and realization on this system, this paper conducts two parts separately on hardware and software:(1)On hardware, a new wireless Ukey is designed. The reason why this Ukey is invented is that the Group Authentication system needs to realize Cryptographic algorithm, confidential information and so on based on Ukey, the market of which is not enough. This Ukey has high-speed processing chip and safe storing module. And as the computer of special control used by Party and Government Organization is blocked from the Internet, different clients in Group Authentication cannot connect with each other. Thus, Ukey has wireless data.(2)On software, cryptographic algorithm, Clients of computer of special control and protocols of the Group Authentication system are composed. There are two steps for the Group Authentication system:personal authentication and group authorizing. Both succeeds then operational right of confidential files can be owned. In the process of design, authentication uses AES and MD5, and group authorizing uses RSA. Personal authentication matters the most in the realization of Group Authentication System, so the newly-designed authorizing protocol is utilized in the process of authentication. |
PDF Full Text Request