| 摘要: |
| 针对独立于Internet网络的企业电子业务处理系统普遍采用的静态的“用户名 密码”的二元身份认证方法抗攻击能力弱的问题,并从方便、可靠,尽可能降低成本的设计思想出发,设计并实现了基于三重认证技术的系统身份认证方法:利用IP认证方法防止非法客户端的访问;利用服务器用户认证方法防止非法角色的访问;通过随机码认证和操作员号/密码认证,防止利用程序对用户密码的分析破解。在混合结构电子联行系统中的应用结果表明,该方法简单有效,实现了设计要求。本研究可为其他基于B/S结构的系统提供参考。 |
| 关键词: 系统安全,身份认证,三重认证技术 |
| DOI:10.11841/j.issn.1007-4333.2006.02.047 |
| 投稿时间:2005-05-11 |
| 基金项目: |
|
| Design and realization of triple identities of authentication in a bank electronic business system based on B/S structure |
|
|
|
| Abstract: |
| Originated from identity of authentication in a bank electronic business system based on B/S structure and a combination of practical techniques in most systems,the triple identities of authentication scheme was designed in a new system.In the new system,the fundamental structure and specific technique of the scheme were introduced and realized the identity of authentication of the EIS system.The operation of this new system showed that the method was simple and available.The triple identities of authentication scheme developed here can also be applied to the similar systems. |
| Key words: system security,Identity of authentication,triple authentication techniques |
