基于PKI的铁路门户单点登录系统的实现

针对目前铁路部门业务管理效率低下,现有信息资源得不到充分利用,信息系统缺乏统一的身份安全认证等问题,本文设计了一种适合的单点登录系统和个性化门户。采用PKI、CA、LDAP等技术为用户提供了统一的信息资源认证访问入口,建立了统一的、基于角色的和个性化的信息访问集成平台,用户只需一次登录就可以根据相关的访问权限和策略设置规则去访问不同的应用系统,单点登录系统的设计加强了各业务子系统的交互性、整体性和数据的互通共享,解决了企业的信息孤岛问题,为用户提供了快捷有效的信息服务和专家决策支持。     

铁路企业统一身份认证平台的设计与实现

针对铁路企业工作人员使用多个应用系统需要同时记忆多套用户账号信息的现状,文中基于铁路统一用户管理系统的用户数据,设计了一种铁路应用系统用户的统一身份认证系统。该系统采用单点登录、Token、Cookie、Session共享等技术,实现了用户信息与应用系统的分离、统一用户管理、统一认证、一处登录、处处共享等功能,从根本上解决了不同应用系统重复维护用户信息的问题,使用户能够更便捷地访问不同的应用系统,并保证了不同应用系统间用户信息的一致性、安全性和共享性。     

基于Novell AM的单点登录设计与实现

随着信息化建设横向集成的推进,对用户身份信息进行统一认证和为用户提供单点登录访问方式的必要性日益提高,如何实现统一认证和单点登录是信息化建设的重要课题。Novell AM是Novell公司提供的统一身份认证解决方案,它通过反向代理、自动填表等技术实现信息系统的单点登录,为企业建设统一认证提供了切实可行的一种方案。     

基于Portal的学生管理信息系统的开发及应用

随着网络技术日益发展壮大,人们需求的信息、技术服务巨大,通过个性化的设计,Portal门户技术应运而生,不同的用户统一登录和存储器集成服务变得很方便。而高校中,通过这样的一个门户为师生提供一个用于访问学校内部各种信息的统一入口,优化运作提高效率。     

河北省工商行政管理数据中心建设初步设想

随着业务工作和信息系统建设发展要求的不断提高,暴露出应用缺乏有效组织和管理的弊端。对于不同的应用系统,用户需要分别登录进行访问,缺乏统一的访问资源和应用的接口。因此,我省必须建立数据中心。     

单点登录在企业信息门户系统中的研究与实现

随着企业信息化的高速发展,针对不同阶段的管理需求,企业实施了各种各样的信息化应用系统。但各应用系统的用户管理、系统登录自成体系,导致用户每使用一个系统都需要重新登录一次,给系统的使用和管理带来不便。用户需要一种更为便捷、高效的登录模式,单点登录就是为解决这个问题而提出的。在此以某企业信息门户系统的开发为实例,研究了单点登录的架构模型,基于Java语言,开发完成统一的信息门户界面,实现企业内部多个系统的一次性登录。     

门户网站的统一认证与单点登录技术

随着中国移动门户网站以及面向公众的各业务平台的发展,用户对门户网站和各业务系统互联网访问越来越频繁。为了提高用户的感知,需实现在两级门户网站、门户网站与各级业务平台进行统一认证鉴权,实现用户的单点登录。本文介绍了门户网站的统一认证与单点登录的关键技术、组网结构、业务流程等。     

云服务中跨安全域的联合身份认证技术分析

针对云服务中众多服务资源的安全有效登录问题,提出跨安全域的联合身份认证。首先,为保障用户身份信息的安全性,采用SAML2.0技术规范,建立安全域实现不同安全域下用户身份的鉴别和信息的交换;其次,为保障信息交换的安全性,使用SSL安全链路进行通信,以确保信息的完整性和机密性。该设计实现了对云服务中用户登录信息跨域的有效验证,提高了资源访问的安全性。     

基于Web的校园网统一身份认证系统的实现

本文提出了一个基于．NETPassport认证机制的统一身份认证系统,本系统利用Windows2003系统自带的ActiveDirectory组件建立目录服务数据库和SQLServer数据库,实现用户信息、组织架构和角色的统一管理,利用．NETWebService技术实现用户单点登录,实现用户统一身份认证,为数字化校园建设提供了技术参考。     

基于SSL VPN单点登录在区域卫生信息平台中的应用

单点登录是近年来在开发大平台信息系统中出现的一门新兴技术,文章结合作者在开发岳阳楼区基于健康档案的区域卫生信息平台的实践,提出了单点登录技术与SSL VPN技术相结合的基于SSL VPN单点登录技术,为整合多种医疗业务应用系统提供了一个统一身份认证、统一用户管理、统一授权管理、统一资源管理和单点登录平台.     

A Distributed Opportunistic Access Scheme and its Application to OFDMA Systems

Multiuser systems can provide multiuser diversity gains by assigning channels to users with higher channel gains. To avoid the extensive information exchange with the access point for the uplink access in centralized approaches, we propose in this paper a distributed opportunistic access scheme. Through a judicious design of a novel backoff mechanism to utilize the channel information and reduce collisions, significant multiuser diversity gains are achieved. To a user, the higher the channel gain is, the smaller the backoff time-slot and, hence, the higher the access priority of that user is. In addition, for heterogeneous systems, our proposed scheme can realize multiuser diversity gains and achieve fairness among the users at the same time. Finally, we design two distributed opportunistic access schemes for OFDMA systems. Users contend on all sub-channels in the first scheme and only on several strongest sub-channels in the second scheme. Compared with traditional centralized OFDMA systems and other distributed access schemes, our proposed schemes reduce overhead and achieve a higher throughput.     

An access cell selection algorithm for next generation mobile environments

Next generation of mobile communications will be based on a heterogeneous infrastructure comprising different wireless access systems in a complementary manner. This paper proposes a network selection algorithm based on user activity, user preferences, service requirements, and networks conditions which provides users a prospect of being always best connected within an environment of heterogeneous mobile networks. This is achieved by a learning process which allows user to select an access network based in previous connections and a cost function that helps the user to select the best network that adapts to the needs.     

A generic platform for scalable access to multimedia-on-demandsystems

Access to multimedia servers is commonly done according to a client/server model where the end user at the client host retrieves multimedia objects from a multimedia server. In a distributed environment, a number of end users may need to access a number of multimedia servers through one or several communication networks. Such a scenario reveals the requirement for a distributed access platform. In addition, the demand for multimedia information is increasing beyond the capabilities of high performance storage devices. Therefore, load distribution and scalability issues must be addressed while designing and implementing the distributed access platform. This paper introduces a scalable access platform (SAP) for managing user access to multimedia-on-demand systems while optimizing resource utilization. The platform is generic and capable of integrating heterogeneous multimedia servers. SAP operation combines static replication and dynamic load distribution policies. It provides run time redirecting of client requests to multimedia servers according to the workload information dynamically collected in the system. To support multimedia-on-demand systems with differing quality-of-service (QoS) requirements, the platform also takes into account, as part of the access process, user QoS requirements and cost constraints. This paper also presents an application of the generic platform implementing a scalable movie-on-demand system, called SMoD. Performance evaluation based on simulation shows that in many cases SMoD can reduce the blocking probability of user requests, and thus can support more users than classical video-on-demand (VoD) systems. It also shows that the load is better distributed across the video servers of the system     

Comparison of Mamdani and Sugeno Inference Systems for Dynamic Spectrum Allocation in Cognitive Radio Networks

Dynamic spectrum access and cognitive radio are emerging technologies to utilize the scarce frequency spectrum in an efficient and opportunistic manner. Cognitive radio, built on software defined radio, is an intelligent radio technology that updates its operating parameters to locate the unused spectrum segments. To assign these vacant bands to unlicensed users without causing harmful interference to licensed users, a novel approach is proposed in this article based on fuzzy logic. Two different fuzzy inference system models i.e. Mamdani and Sugeno systems are developed that compute spectrum access decision based on the secondary user parameters such as signal strength, distance between the primary and secondary user, spectrum utilization efficiency and degree of mobility. 81 fuzzy rules are used to obtain the output of proposed system stating the possibilities of allotment of white spaces to secondary users.     

Access control: principle and practice

Access control constrains what a user can do directly, as well as what programs executing on behalf of the users are allowed to do. In this way access control seeks to prevent activity that could lead to a breach of security. This article explains access control and its relationship to other security services such as authentication, auditing, and administration. It then reviews the access matrix model and describes different approaches to implementing the access matrix in practical systems, and follows with a discussion of access control policies commonly found in current systems, and a brief consideration of access control administration     

OCDMA系统中多码长地址码的设计及性能研究

为了满足光码分多址系统中不同用户能够获得不同发送速率的需求,根据所需地址码的容量和码重,通过MATLAB编程,设计出没有重复数字的间隔集,得到具有理想相关性的多码长地址码。根据该地址码的构造特点推导计算出该地址码的误比特率,并绘制出误比特率随同步用户数变化图。设计并仿真了多速率光码分多址系统,分析了误比特率和系统性能。结果表明,该多码长地址码具有良好的相关性和误比特率性能,能够满足各种速率需求的用户。通过系统编解码后能够理想地恢复出原始信号,得到优良的眼图。此研究对光码分多址多速率系统的进一步发展是有帮助的。     

BroadCatch: a periodic broadcast technique for heterogeneous video-on-demand

Many essential multimedia applications rely on video-on-demand technology to deliver a video to different users. A number of periodic broadcast techniques have been proposed for the cost-effective implementation of such systems. Most of these techniques would either try to minimize the server bandwidth, user bandwidth, user storage, user access latency to the video, or a combination of some of the aforementioned parameters. On the other hand, the implementation strategies of these broadcast schemes would necessitate a minimum bandwidth requirement for all users. Multi-resolution techniques address the heterogeneity problem by sacrificing user video quality. In this paper, we consider a different approach that does not possess this disadvantage. Using an incremental channel design at the server side, and a specific broadcast schedule, users can choose among a range of bandwidths to use to download the video at the cost of their access latency and not to the video quality. We prove the correctness of the proposed solution; provide mathematical analysis to demonstrate its heterogeneous behavior, and present performance studies to illustrate its efficiency.     

Low complexity optimal joint detection for oversaturated multipleaccess communications

Optimal joint detection for interfering (nonorthogonal) users in a multiple access communication system has, in general, a computational complexity that is exponential in the number of users. For this reason, optimal joint detection has been thought to be impractical for large numbers of users. A number of suboptimal low-complexity joint detectors have been proposed for direct sequence spread spectrum user waveforms that have properties suitable for mobile cellular and other systems. There are, however, other systems, such as satellite systems, for which other waveforms may be considered. This paper shows that there are user signature set selections that enable optimal joint detection that is extremely low in complexity. When a hierarchical cross-correlation structure is imposed on the user waveforms, optimal detection can be achieved with a tree-structured receiver having complexity that is, in typical cases, a low-order-polynomial in the number of users. This is a huge savings over the exponential complexity needed for the optimal detection of general signals. Previous work has shown that a hierarchically structured signal set can achieve oversaturation (more users than dimensions) with no growth in the required signal-to-noise ratio. The proposed tree detector achieves low-complexity optimal joint detection even in this oversaturated case     

IPv6-based dynamic coordinated call admission control mechanism over integrated wireless networks

Many wireless access systems have been developed recently to support users mobility and ubiquitous communication. Nevertheless, these systems always work independently and cannot simultaneously serve users properly. In this paper, we aim to integrate IPv6-based wireless access systems and propose a coordinated call admission control mechanism to utilize the total bandwidth of these systems to minimize the call blocking probabilities, especially the handoff call dropping probabilities. First, we propose an integrated hierarchical wireless architecture over IPv6-based networks to combine the wireless access systems including cellular systems (second-generation, General Packet Radio Service, or third-generation), IEEE 802.11 a/b/g WLAN, and Bluetooth. In the proposed architecture, mobile user can request a call with quality-of-service (QoS) requirements by any wireless network interfaces that can be accessed. When the proposed coordinated call admission control (CCAC) mechanism receives a request, it takes the QoS requirements of the incoming call and the available and reserved bandwidth of this wireless system into consideration to accept or reject this request. Besides, the mechanism can coordinate with other wireless systems dynamically to adjust the bandwidth reserved for handoff calls at each wireless system in this architecture so as to reduce the call blocking probabilities. Once the call is admitted, the mobile user is able to access heterogeneous wireless access networks via multiple interfaces simultaneously. Finally, we evaluate this system to show that the CCAC on the proposed architecture outperforms other mechanisms proposed before.