基于人脸识别的用户身份可靠认证技术研究及应用

针对传统身份认证技术中存在的问题,结合电网实际应用需求,探讨了基于人脸识别的用户身份认证技术,并进行了项目试验,结果表明:基于人脸识别的用户身份认证技术可提高信息安全的主动防御能力,有效解决擅自盗用、私自替代、冒名出入等安全隐患问题。     

一种生物特征与公钥密码相结合的多层次身份认证方案

信息安全技术是保障各种网络应用正常运作的必要支撑,而身份认证是信息安全保障技术的重要组成部分。丈中简单分析了传统网络身份认证技术存在的安全缺陷,然后介绍了生物特征识别技术及其国内外应用情况。最后提出了一种把生物特征识别技术与公钥密码技术相结合的多层次身份认证方案,该方案解决了传统身份认证方案的部分缺点,增强了身份认证安全性,为实现更为安全可靠的网络安全体系提供技术支撑。     

基于深度学习的人脸识别在身份认证领域应用综述

随着科学技术的发展和经济一体化进程的加快,身份认证已成为网络空间中一个最基本的要素,也是整个信息安全体系的基础.生物特征识别技术是身份认证过程的重要技术手段,其中人脸识别技术凭借易用、无感等先天优势和深度学习的技术突破,得到了身份认证领域研究学者、社会应用方以及用户的青睐.本文探讨了深度学习的概念、基于深度学习的人脸识...     

身份认证技术及其发展趋势

身份认证技术是信息安全的核心技术之一,其任务是识别、验证网络信息系统中用户身份的合法性和真实性。对认证技术作了简要介绍,并对新兴技术：基于量子的认证技术、基于身份的认证技术、思维认证、行为认证、自动认证作了详细的阐述。     

高效的隐私保护在线开票服务认证方案

近年来,发票形式由传统的纸质凭据向电子凭据转变。相比于开具纸质凭据,在线开具电子凭据具有流程简化、成本降低以及便于存储等优势。但是,如何保证在线开具电子凭据服务中实体身份的合法性以及身份信息的隐私性是当前研究的重点问题。为了解决此问题,利用预共享密钥机制,该文提出一种隐私保护在线开具电子凭据的认证方案。在此方案中,合法用户与企业完成交易后可以本地在线发起开票申请,国家税务总局的电子凭据系统成功核验实体身份和交易信息后可为该用户提供电子凭据。安全和性能分析结果表明提出方案可以在耗费较少认证开销的情况下提供鲁棒的安全属性。     

主流身份认证技术在关键涉密环境中的适用性分析

身份认证技术是信息安全中的基本技术以及重要内容,在信息系统中,它是第一道防线,起到了鉴别用户身份的关键作用.在涉密网络、军工单位等关键领域内,随着信息化建设的加速发展,研究适用不同场景、不同网络环境下的身份认证技术具有重要意义和广阔的应用前景.本文将介绍身份认证技术的分类、发展及运作原理,并就静态密码、动态密码、硬件数字证书载体及生物特征识别四种主流身份认证技术的技术要点、关键问题以及在关键领域中的适用性情况进行分析对比.     

基于互联网实名制的电子交易强认证方法

对电子交易进行攻击所带来的现实收益已经使得电子交易变成网络安全事件高危区,电子交易安全问题亟待解决,身份认证是电子交易安全问题中的基本和关键。首先介绍几种常用的身份认证技术,并分析各种技术的优势和缺点,在此基础上提出了基于生物特征信息和实名信息双重认证因素的强认证方法,详细描述了该方法的实施过程。该方法能够有效提升电子交易过程中的安全性。     

浅析认证技术在电子商务安全中的应用

认证技术是建立电子商务安全交易系统必不可少的基本组成部分。文中分析了电子商务的网络设施不完善、信用问题及交易安全问题等存在的安全隐患,同时介绍了电子商务安全交易中常用的身份认证技术和信息认证技术,并分析认证技术如何确保电子商务信息机密性和完整性,从而为电子商务的信息安全提供理论基础。     

身份认证技术及其发展趋势

在全球高度信息一体化的时代潮流下,网络技术已经被应用到各种领域。随着网络扩大化,网民数量迅猛增长,随之而来的信息安全身份认证等问题也凸显出来。如何保证网民信息安全以及网络数据安全,是当前网络技术发展的重点问题。针对此种情况,从身份认证技术出发,分析了当前身份认证技术发展应用情况和未来发展趋势。     

主动防泄密信息安全防护系统研究与实现

为从根本上提高网络信息安全防护能力和水平,提出主动防泄密安全机制,采用综合身份认证访问控制、文件操作实时监控和数据安全存储的全面信息安全防护技术方案,设计出一种主动防泄密信息安全防护系统。系统实现了基于eKey的网络身份认证与安全登录、基于双层监控机制的文件操作实时监控和基于网络的文件加密,有效提高了防范内部主动泄密和外部技术窃取的安全防护能力。     

Research of authentication techniques for the Internet of things

Identity authentication technology is a key technology in the Internet of things (IoT)security field which ensures the authenticity of the identity information of users and device nodes connected to the IoT.Due to the low cost,low power consumption,small storage of IoT devices and heterogeneity of IoT network,the identity authentication mechanisms in traditional computer networks are often not applicable.Firstly,the development process of IoT was introduced,the security risks of IoT and the challenges faced by the authentication work were analyzed.Then the emphasis was put on comparison of the advantages and disadvantages among five typical authentication protocols.Moreover,the authentication technologies in several practical scenarios of RFID,smart grid,Internet of vehicles,and smart home were summarized and analyzed.Finally,the future research direction was discussed.     

Openstack authentication protocol based on digital certificate

As the industry standard for open source cloud platforms,openstack uses the single-factor authentication method based on username and password that provides by keystone components to identity authentication mechanism,while it is not suitable for application scenarios with high security level requirements.A digital certificate-based identity authentication protocol which had cloud user identification protocol and authentication protocol was designed to meet the requirements.With expending the keystone component to achieve a digital certificate-based identity authentication system,a combination of authentication server,UKey technology,encryption technology and well-established key management and so on was used.According to the research,the system can effectively resist multiple cyber-attacks and improve the security of cloud users when they log in to the cloud platform.     

基于平滑熵的防主动攻击的无条件安全秘密钥的提取

本文研究通信双方基于平滑熵在不安全且非认证的公共信道上实现防主动攻击的无条件安全秘密钥的提取.首先讨论了在不安全且非认证的公共信道上根据部分保密的密钥实现认证的方法,然后根据以上方法以抗击敌手在通信双方进行无条件安全秘密钥提取时的主动攻击,得出了通信双方以一定概率所协商的秘密钥长度.     

多发送认证码的几个新的构造方法

 基于Hash函数给出一种由Cartesian认证码构造多发送认证码的方法,从而使许多Cartesian认证码都能用来构造多发送认证码;同时也给出一系列新的完备安全的多发送认证码的构造方法.     

Dynamic anonymous identity authentication (DAIA) scheme for VANET

With the development of the vehicular ad hoc network, the security and privacy are now becoming vital concerns, especially when the attacker owns more and more resources. In order to address these concerns, a dynamic anonymous identity authentication scheme is proposed using Elliptic Curve Discrete Logarithm Problem and blockchain method, which guarantees the security and fast off‐line authentication for vehicle‐to‐infrastructure. Specifically, a dynamic pseudonym key is generated using tamper proof device (TPD) for off‐line authentication and anonymity when a vehicle roams among different roadside units' (RSUs) communication ranges. Even if all RSUs are compromised, vehicle's identity is still privacy. Moreover, two additional design goals are more suitable for the practical environment: (1) the reduced assumption of TPD; (2) certification authority can trace vehicle under the authorization by law.     

Threshold password authentication against guessing attacks in Ad hoc networks

Password authentication has been accepted as one of the commonly used solutions in network environment to protect resources from unauthorized access. The emerging mobile Ad hoc network, however, has called for new requirements for designing authentication schemes due to its dynamic nature and vulnerable-to-attack structure, which the traditional schemes overlooked, such as availability and strong security against off line guessing attacks in face of node compromise. In this paper, we propose a threshold password authentication scheme, which meets both availability and strong security requirements in the mobile Ad hoc networks. In our scheme, t out of n server nodes can jointly achieve mutual authentication with a registered user within only two rounds of message exchanges. Our scheme allows users to choose and change their memorable password without subjecting to guessing attacks. Moreover, there is no password table in the server nodes end, which is preferable since mobile nodes are usually memory-restricted devices. We also show that our scheme is efficient to be implemented in mobile devices.     

移动网络前向指针策略的鉴权管理研究

鉴权管理是移动通信移动管理中非常重要的技术,其策略的选择将直接影响网络中各网元的信令负荷。本文主要讨论移动通信系统前向指针位置管理策略中的鉴权管理。当用户在远离其HLR的不同VLR对应覆盖区域移动时,系统通过向其原VLR索取剩余鉴权数据或向其HLR申请新鉴权数据来实现用户的鉴权管理。通过鉴权开销及被呼处理时延等指标的分析,本文提出的鉴权管理算法较适合于CMR较小的MS鉴权管理;当MS的CMR增大时,本文提出的鉴权管理算法与二层管理策略如GSM或IS-41移动系统的开销及时延等指标逐渐接近。     

An efficient reversible authentication scheme for demosaiced images with improved detectability

The existing probability based reversible authentication schemes for demosaiced images embed authentication codes into rebuilt components of image pixels. The original demosaiced image can be totally recovered if the marked image is unaltered. Although these schemes offer the goal of pixel-wise tamper detection, the generated authentication codes are irrelevant to the image pixels, causing some undetectable intentional alterations. The proposed method pre-processes the rebuilt components of demosaiced images and hashes them to generate authentication codes. With the guide of a randomly-generated reference table, authentication codes are embedded into the rebuilt components of demosaiced images. Since the distortions of image pixels are sensitive to the embedded authentication codes, the proposed method further alters the pre-processed pixels to generate a set of authentication codes. One of the authentication codes that minimizes the distortion is embedded to generate marked demosaiced images. The results show that the proposed method offers a better image quality than prior state-of-the-art works, and is capable of detecting a variety of tampering.     

基于联盟身份认证和CALIS联合认证的图书馆资源访问方案

针对图书馆电子资源的访问控制问题,对国际上广泛采用的联盟身份认证技术和在国内图书馆大范围部署的CALIS联合认证进行了分析,提出了将联盟身份认证与CALIS联合认证相结合的方案,并在CARSI联盟的平台上进行了开发、部署和验证,实验结果表明,联盟身份认证与CALIS联合认证相结合的方案可以有效、灵活地对电子资源进行访问控制。