A Third-party Authentication Service System Based On Mobile Terminal And PKI

Authentication is an important part in the field of Internet security.On the Internet, user’s identity is indicated by a set of specific digital information because of that computers can only identify the user’s digital identity, so the purpose of authentication is to ensure that user’s physical identity is corresponded with his digital identity.At present, there are several authentication methods include static password, SMS password and USB KEY. But all of them have some problems, static password is poor safety and easy to be cracked, SMS password can not authorize with the message, and USB K EY need to install cryptographic software on device. These problems reduce applicability, effectiveness and reliability of the authentication on the Internet, make Internet applications can not meet the demand for Internet security from people, become an obstacle restricting the development of the Internet.In response to these problems, this paper makes analysis of the traditional authentication methods, on the basis of a CA project and the study about cryptography and public key infrastructure(PKI), it designs and implements a third-party authentication service system based on mobile terminal and PKI, named Mobile Security Gate Way(MSGW). This system uses intelligent mobile devices instead of traditional USB KEY, be convenient for users to use and meets the demand for mobile applications in the future. And it uses webservice technology to provide service interfaces for cross platform applications. Furthermore, this system uses the sm2 algorithm based on ecc algorithm, enhances the strength and efficiency of the encryption operation and reduces the loss of the communication, makes the system have more advantages in wireless network environment. This paper analyzes architecture of the system and elaborates design and implementation of the core modules. At last, this paper describes the test case and the demo of MSGW, verifies the feasibility and effectiveness of the system.Compared to other same type systems, this paper has the following features:1) The authentication system which proposed by this paper is implemented base on mobile terminal and PKI, it makes use of physical relationship between the mobile terminal and user to strengthen the reliability of authentication. This system uses android application to play a part in different mobile devices such as mobile phone, PAD, TV box and so on, improves the usability of the system.2) This paper implements encryption algorithms on mobile device by software instead of hardware. It meets the needs of the encryption speed and encryption strength from project, and improves the adaptability of the system.3) The authentication system proposed in this paper provides webservice interface as a public service that existed mobile applications can use it to provide authentication function, that extends the application scope of the system.4) This paper implements SM2 algorithm in the system, SM2 algorithm is evolved from ECC algorithm. After testing and validating, SM2 algorithm uses shorter key length and runs faster than RSA algorithm.Therefore, SM2 algorithm can reduce the loss of computing, storage and communication in mobile applications, it has more advantages than RSA algorithm.