Research And Design Of Remote Identity Authentication System Based On Biometrics And PKI Technology

With the development of economic globalization,many enterprises have set up branches all over the country and even all over the world,and use the Internet to realize the business needs of communication,business data collection,accounting and information distribution between headquarters and branches.How to realize the user's identity authentication has become the first security problem to be faced by the remote login enterprise office system.The traditional identity authentication mechanism using password,smart password key and other technologies cannot prevent legitimate users from leaking passwords or transferring smart password keys to other people for use.Firstly,the development process and research results of four kinds of identification technology are described.Then,in order to solve the shortcomings of using single authentication technology,a multi-factor remote identification system based on biological features and PKI technology is designed,and the design of the system is described.The system uses smart card/smart password key hardware carrier,PKI/CA technology and biometric recognition technology to ensure that only users can log on to the enterprise office system and prevent users from illegally transferring login authority.The main contents and innovations of this paper include:(1)The remote identity authentication system designed in this paper,which combines biological features with PKI technology,realizes the function of user's remote login to the internal system of enterprise for business operation.It uses the identity authentication mechanism of digital certificate and biological features to double identify the remote user's identity.In the process of identity authentication,the client and the server can complete the identification through the challenge response mechanism.Key exchange and identity authentication.(2)The whole process of biometrics collection,transmission and storage is specially designed.In the phase of biometrics acquisition,we use biometrics technology to defend against face photo attack and face video attack;use asymmetric key to encrypt and transmit biometrics in the process of biometrics transmission,which can prevent biometrics information from being stolen in the process of transmission;use symmetrical key to encrypt and store biometrics data in the storage of biometrics,and enhance the storage of biometrics data on the server side.Safety.Through the special design of biometrics collection,transmission and storage,the safety of biometrics can be improved comprehensively.(3)The system uses key partitioning and secret sharing technology to split and store symmetric keys for biometric encryption storage,which further improves the data storage security of biometric databases and prevents data leakage.At the same time,single sign-on and PMI technology are used to realize user access control and privilege management.(4)The system uses the technology of SSL/TLS to encrypt the data transmitted in the network,and uses the technology of digital envelope to realize the key transmission.At the same time,it uses the technology of digital signature to mark and verify the data transmitted in the network,which further improves the confidentiality and security of the network data transmission.The remote identity authentication system designed in this paper combines two kinds of authentication technologies,which further improves the accuracy and security of identity authentication,makes up for the deficiency of using only single identity authentication technology,and provides a more secure and operational way for enterprises that need to access,authenticate user identity and operate related business systems through the Internet.