Creativity in non‐routine jobs: The role of transformational leadership and organizational identification

An increasing number of individuals work in jobs with little standardization and repetition, that is, with high levels of job non‐routinization. At the same time, demands for creativity are high, which raises the question of how employees can use job non‐routinization to develop creativity. Acknowledging the importance of social processes for creativity, we propose that transformational leaders raise feelings of organizational identification in followers and that this form of identification then helps individuals to develop creativity in jobs with little routinization. This is because organizational members evaluate and promote those ideas as more creative, which are in line with a shared understanding of creativity within the organization. To investigate these relationships, we calculated a mediated moderation model with 173 leader–follower dyads from China. Results confirm our hypotheses that transformational leadership moderates the relationship between job non‐routinization on employee creativity through organizational identification. We conclude that raising feelings of social identity is a key task for leaders today, especially when working in uncertain and fast developing environments with little repetition and the constant need to develop creative ideas.     

一种云计算中的多重身份认证与授权方案

OpenID是一种广泛应用于云计算中的去中心化的身份认证技术。OpenID为用户以一个身份在多个云服务中通行提供了一种方式,也解决了因遗失在云提供商处注册的云身份凭证而不能登录的问题。但用户以OpenID身份登录云服务后,却不能访问该用户的云身份拥有的资源,且OpenID技术也没有对请求身份信息的云服务进行认证与细粒度授权。因此文章在OpenID技术和OAuth技术的基础上,设计了一种多重身份认证与授权方案来解决上述同一用户不同身份的资源不可访问问题,以及身份信息等资源访问流程中的细粒度授权问题。     

Android系统代码签名验证机制的实现及安全性分析

文章通过静态分析Android系统源代码以及动态监控应用程序安装、执行过程中的签名验证流程。对Android系统的代码签名验证机制进行深入的剖析,发现Android系统仅在应用程序安装时进行完整的代码签名验证,在后续的程序执行过程中只对程序包进行简单的时间戳及路径验证。该安全隐患使得攻击代码可以绕过签名验证机制,成功实施攻击。     

匿名凭证方案研究进展

文章对匿名凭证及其应用方面的研究成果和发展状况进行了综述。对现有匿名凭证方案进行了概括,总结了其主要设计思想和应用到的相关技术,并对匿名凭证系统的研究前景进行了展望,提出了一些可能的发展方向。     

Secure authentication scheme for passive C1G2 RFID tags

Privacy and security concerns inhibit the fast adaption of RFID technology for many applications. A number of authentication protocols that address these concerns have been proposed but real-world solutions that are secure, maintain low communication cost and can be integrated into the ubiquitous EPCglobal Class 1 Generation 2 tag protocol (C1G2) are still needed and being investigated. We present a novel authentication protocol, which offers a high level of security through the combination of a random key scheme with a strong cryptography. The protocol is applicable to resource, power and computationally constraint platforms such as RFID tags. Our investigation shows that it can provide mutual authentication, untraceability, forward and backward security as well as resistance to replay, denial-ofth-service and man-in-the-middle attacks, while retaining a competitive communication cost. The protocol has been integrated into the EPCglobal C1G2 tag protocol, which assures low implementation cost. We also present a successful implementation of our protocol on real-world components such as the INTEL WISP UHF RFID tag and a C1G2 compliant reader.     

EMAP: An efficient mutual authentication protocol for passive RFID tags

Radio frequency identification (RFID) system is a contactless automatic identification system, which uses small and low cost RFID tags. The primary problem of current security and privacy preserving schemes is that, in order to identify only one single tag, these schemes require a linear computational complexity on the server side. We propose an efficient mutual authentication protocol for passive RFID tags that provides confidentiality, untraceability, mutual authentication, and efficiency. The proposed protocol shifts the heavy burden of asymmetric encryption and decryption operations on the more powerful server side and only leaves lightweight hash operation on tag side. It is also efficient in terms of time complexity, space complexity, and communication cost, which are very important for practical large-scale RFID applications.     

浅析Cookies认证机制及其安全性

Web服务器生成Cookies并作为文本存贮于用户计算机硬盘或内存中,是实现Web应用认证的主要手段。本文分析了Cookie认证机制的实现过程与特点,并且论述了该认证机制易遭受的安全威胁以及安全需求,并给出实现安全Cookie认证的方法与措施。     

电子商务平台快速身份认证算法研究

提出一种快速身份认证方法。待验证用户提出证书申请后,利用门限的思想将证书颁发的任务分派到每个认证参与者身上,通过计算得到的认证参与者的子证书集合,完成身份认证,避免了所有认证工作都在认证中心进行计算造成的认证效率低的问题。实验证明,这种方法能够快速完成用户的身份认证,同时保证了认证的安全性,取得了满意的结果。     

基于图像变形的卡用户认知性(英文)

尽管许多人可能并没有意识到,各类卡已经被广泛应用到我们的日常生活当中。其中,信用卡,现金卡,驾驶执照,等等,其实与钱包同等重要。为了防止这些卡被非法使用,用户认证是必不可少的。最常用的用户认证方法就是要求用户提供某些个人信息。如果用户提供的信息与卡中记录的信息一致,我们就认为用户是合法的。然而如果个人信息被泄露,卡就有可能被非法使用。本论文的目的就是要提供一种新的基于图像变形的卡用户认证方法。其基本思路是把真正持卡人的脸部图像通过图像变形隐藏到某个覆盖数据下,并把恢复原图像所需要的钥匙信息分散保存到卡,终端,服务器等不同地方。在用户使用卡的时候,认证系统可以利用反变形技术恢复原图像,让受权人察知到用户的真伪,从而有效地保护持卡人的权益。     

WiFi网络实名认证的方法研究和实现

随着移动互联网络技术的发展和智能手机的广泛应用,人们对基于WiFi的移动互联业务的需求越来越广泛,许多行业及公共场所都在建设无线WiFi网络,而网络安全管理要求无线WiFi网络必须采用实名认证,其基本手段有用户名认证和手机号认证。本文论述了不依赖于特定协议和与WiFi设备厂商无关的认证方式及实现实名认证的方法和过程。