检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]西南交通大学信息科学与技术学院,四川成都610031 [2]西南交通大学信息安全与国家计算网格四川省重点实验室,四川成都610031
出 处:《计算机集成制造系统》2014年第8期2050-2059,共10页Computer Integrated Manufacturing Systems
基 金:国家自然科学基金资助项目(61003245;60903202;61371098);铁道部重大资助项目(2013X012-A-1;2013X012-A-2;2014X008-A);四川省杰出青年学术带头人培育计划资助项目(2011JQ0027);中央高校基本科研业务费资助项目(SWJTU12CX099;SWJTU11CX041)~~
摘 要:为了满足虚拟企业资源在异构域间的安全有效共享,提出一个基于访问授权票据的跨异构域认证及密钥协商方案。利用基于公钥认证机制的分布式信任模型,在公钥基础设施域的认证中心证书授权与Kerberos域的认证服务器之间建立起第一级信任关系;在此基础上,由认证中心(或认证服务器联合票据授予服务器)生成并分发外域用户U访问本域资源S的授权票据,并通过设计基于对称密钥密码体制的双向跨域认证及密钥协商协议,建立U与S之间的第二级信任关系,协议的安全性通过SVO逻辑得到证明。分析表明,在满足各级安全需求的前提下,所提方法有效降低了终端计算量与通信量,可完全避免Kerberos域终端的公钥加解密运算,在虚拟企业跨异构域身份认证过程中具有良好的可实施性。To satisfy the safe and effective sharing of virtual enterprises in heterogeneous domain, a heterogeneous cross-domain authenticated key agreement scheme based on access authorization tickets was proposed. The first-tier trust relationship between Certificate Authority (CA) in PKI domain and Authentication Server (AS) in Kerberos domain by using public key crypto system-based distributed trust model was established. On this basis, the access authorization tickets generated by CA (or AS together with ticket granting service) was distributed to external do- main U to access internal domain S, and the second-tier trust relationship between U and S was built by designing two-way cross-domain authenticated key agreement protocol based on symmetry-key system. The security of the new scheme was proved by SVO logic. The analysis showed that the public key cryptographic operations could be entire- ly avoided for the end users or resources in Kerberos domains, which had better implementation in heterogeneous cross-domain identity authentication process.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.135.185.96