多因素身份认证技术与隐私保护的研究

多因素身份认证技术与隐私保护的研究

摘要

网络身份认证技术是将密码、生物识别、数字签名等技术应用于网络通信中对通信双方进行身份识别的一项综合性技术。它可以防止非法人员进入系统，防止非授权人员访问受控信息。目前，身份认证技术己经广泛应用于银行、电子商务、电子政务及各种各样的管理信息系统中。随着计算机网络及通信技术的不断发展，对身份认证技术的研究必将成为信息安全技术研究中的热点。

本文比较系统地对网络身份认证理论、技术和应用进行了深入的研究，重点研究了基于多因素的网络身份认证中的若干关键技术问题。

分析了己有的多服务器身份认证方案存在时间同步、用户单向认证等不足，提出了一种基于智能卡的多服务器身份认证方案。该方案的优点是:在智能卡中以表达式的方式存储了用户的认证信息，使得用户认证信息的安全性大大加强;实现了多服务器系统中用户与服务器的双向认证及会话密钥的生成，在智能卡中以插值多项式的形式存储了双方的会话密钥的相关信息，这样，会话密钥就避免了在网络上进行传输，减小了会话密钥被泄露的可能性。并在所提方案的基础之上提出了一种结合口令、智能卡和指纹的身份认证方案，进一步加强了原有方案的安全性。

关键词: 密码学身份认证 ;数字签名智能卡

Abstract

The identity authentication is an integrated technique, which combines with cryptology, biometric recognition, digital signature and etc. It has more applications in the network communication to verify the real identity of the correspondent. It can prevent illegal intruder log inning in the system,叫keep the non-authorized person off the controlled resource. At present, the identity authentication technique has a broad application in banks, e-commerce-movement and other management information systems. With the continual development of the computer network and the communication, the identity authentication will be an important research field.

The dissertation studied the identity authentication theory, technology and application in-depth, and focused on some key problems about multiple factors in the network communication.

The dissertation analyzed the drawbacks of the existing mufti-server authentication scheme, which is only a single-direction authentication and has a time synchronization problem.

The author proposed a mufti-server authentication scheme based on smart cards and analyzed the security of the scheme. By saving user's authentication information in the smart card in the interpolating polynomial, the proposed scheme greatly strengthened the security of the original scheme. The proposed scheme acquired bidirectional authentication of the user and the server in the mufti-server system, could automatic generate the session keys and save session keys ‘relative information in expression in smart cards. The proposed scheme avoided the transmission of the session keys through the network, and decreased the possibility of the leak of the session keys. Based on the proposed scheme, the author proposed an identity authentication scheme combined with password, smart card and fingerprint together, to enhance the security of the original scheme thoroughly.

Key words: Cryptology; Identity authentication; Digital signature; Smart card

目录

摘要 (1)

Abstract (2)

第一章绪论 (4)

1.1 课题背景 (4)

1.2 研究的目的和意义.................................................................. 错误！未定义书签。

1.3本文的结构安排....................................................................... 错误！未定义书签。

第二章身份认证技术理论基础........................................................... 错误！未定义书签。

2.1 密码学基础.............................................................................. 错误！未定义书签。

2.2 消息认证技术.......................................................................... 错误！未定义书签。

2.3 身份认证方式.......................................................................... 错误！未定义书签。

第三章FIDO 协议的基本结构............................................................. 错误！未定义书签。

3.1 体系框架.................................................................................. 错误！未定义书签。

3.2 注册协议.................................................................................. 错误！未定义书签。

3.3 认证协议.................................................................................. 错误！未定义书签。

3.4 协议的安全目标...................................................................... 错误！未定义书签。

第四章总结........................................................................................... 错误！未定义书签。

4.1 总结.......................................................................................... 错误！未定义书签。

参考文献................................................................................................. 错误！未定义书签。

致谢......................................................................................................... 错误！未定义书签。