电子政务的认证、授权与审计方案

目前在电子政务中信息安全面临的问题 1．缺乏集中统一的用户身份认证机制。用户身份认证是建立安全应用系统的第一道防线，各类业务系统和设备管理的用户身份认证各自为政、互不相同，其认证的方式呈现多样化，用户登录不同的业务系统可能采用完全不同的登录方式，管理员对于用户的管理在后台是分散的。     

基于信任链度量机制的安全登录终端系统研究

为了提高企业园区网的终端登录安全,引入了身份认证系统来保证用户的数字身份与物理身份相对应。但在登录之前,如何能够安全登录操作系统,提高抵抗恶意篡改的能力,是信息安全领域研究的热点。文中引入可信计算理论[1],提出了一种基于信任链度量机制的安全登录终端系统研究。最终实现整个系统登录及运行过程的安全性、可信性。     

私有云下的身份与管理解决方案

针对企业迁入云中面临的资源管理的有效性和安全性问题,提出了专门针对私有云下的全面的身份与管理解决方案。方案从身份管理、隐私保护、单点登录以及访问控制角度出发,分别使用数据同步服务、多重手段认证、SAML2.0规范引入以及XACML协议与RBAC模型相结合等技术手段实现云环境下集成化、一站式的身份与访问安全管理。该方案结合多种技术手段,有效解决了企业迁入云中后面临的安全管理风险,提高了企业的资源管理效率。     

基于VDS的异构环境统一身份管理解决方案

为了解决异构网络环境中存在多种形式的身份信息整合问题,提出一种基于身份聚合和虚拟目录技术的统一身份解决方案,实现身份信息的统一管理,保障了身份信息的一致性,减少了维护管理,满足应用系统单点登录和安全审计等需求。尤其针对包含多分支机构集团的管理需求,实现了多分支机构身份信息的"分治"和企业级身份信息的"统治"。     

TC8安全基础工作组讨论“移动通信智能终端操作系统安全技术要求”等标准草案征求意见稿

2011年9月23日，网络与信息安全技术工作委员会安全基础工作组（T08WG4）第19次会议在三亚召开。会议首先进行了技术交流，中兴通讯的陈剑勇和中国移动的朱红儒分别就“联盟身份管理研究进展”、“安全基础设施”及“基于身份的密码技术IBE”等专题与参会代表进行了互动。本次会议讨论了国家标准“移动通信智能终端操作系统安全技术要求”及行业标准“采用证书机制的单点登录认证技术要求”的征求意见稿，还讨论了标准类技术报告“身份管理（IdM）体系架构”、“身份管理（IdM）互通技术要求”、“互联网身份管理信息分类与编码规则”的征求意见稿。     

云计算环境中虚拟机用户身份认证技术研究及实现

安全问题是云计算应用最受关注也是最受争议的一个问题,云计算中虚拟机使用者具有强身份认证一直以来都是云计算需要解决的主要安全问题之一.文中从建立虚拟机使用者强身份认证入手,从必要性、使用需求、虚拟机终端认证、虚拟机登录认证、虚拟机操作系统登录认证出发,阐述了虚拟机使用者身份认证相关技术及实现流程.     

云服务中跨安全域的联合身份认证技术分析

针对云服务中众多服务资源的安全有效登录问题,提出跨安全域的联合身份认证。首先,为保障用户身份信息的安全性,采用SAML2.0技术规范,建立安全域实现不同安全域下用户身份的鉴别和信息的交换;其次,为保障信息交换的安全性,使用SSL安全链路进行通信,以确保信息的完整性和机密性。该设计实现了对云服务中用户登录信息跨域的有效验证,提高了资源访问的安全性。     

民航信息系统中指纹身份认证安全管理研究

本文针对民航信息系统安全提出了基于指纹身份认证的管理解决方案,可提供匿名认证又可进行真实身份的审核校验,临时用户角色动态绑定和访问管理机制,避免了传统AIS管理中暴露固定用户登录和身份偷换替代的可能,降低了用户身份篡改和暴力破解导致的信息泄露等风险,为AIS安全领域提供较高级别的解决思路和方案.     

远程登录几何认证方案的安全漏洞分析和解决办法

1995年，Tzong—Chen Wu提出了一种基于欧几里德二维平面空间几何特性的远程登录身份认证方案。因为这种方案的计算复杂度很低，所以极其适合基于智能卡的安全应用。Hwang在1999年首次指出了这种认证方案存在的一个安全漏洞。最近，Huang—Yu Chien等人再次分析了这个方案，针对Hwang发现的安全漏洞，提出了一种新的攻击方法。不仅如此，Huang—Yu Chien等人还针对上述安全漏洞，给出了行之有效的解决方案。文章对这种远程登录几何认证方案做了进一步的安全性分析，指出了一些尚未被Hwang和Chien等人发现的安全隐患，并给出了相应的解决方法。     

基于改进身份认证协议的单点登录系统研究

研究基于改进身份认证协议的单点登录系统,提高系统的身份认证的速度.针对单点登录系统中进行身份认证时,如果用户数据量过大,导致用户需要逐个核对数据库中的身份信息,造成的身份核对方法耗时,延长了单点登录系统身份认证的时间.为了避免上述问题,提出了一种基于改进身份认证协议的单点登录系统.利用线性回归方法,对用户数据进行融合处理.通过非线性传输参数方法将融合后的信息传输到服务器中,并利用参数配准和身份认证技术将其与数据库中数据进行配准,避免传统方法大规模比对带来的缺陷,提高了身份认证的速度.实验证明,该方法能够提高身份认证的速度,效果令人满意.     

移动互联网用户标识管理技术的研究

详细分析了公网上的内容提供商因无法获得移动用户身份信息而导致的难以对其实现计费和应用管理的主要原因,提出了移动互联网用户标识管理技术研究背景及原理;详细论述了在运营商移动互联网结构中增加I—UIM系统解决方案及新移动互联网业务网络的结构和功能。     

基于LabVIEW与Access的虚拟实验教学系统

基于LabVIEW开发环境与Access数据库构建了一个虚拟实验教学系统。该系统应用教育电子身份号（ e2 ID）实现系统用户的实名制,基于LabSQL访问Access数据库的方法实现了用户登录与管理功能,并采用可扩展的实验模块设计。以信号调制解调实验为例介绍了实验模块的设计与实现。     

Internet身份证及全球身份管理系统

介绍了一种身份证及相应全球(或全国)身份管理系统,它包括Internet身份证、实名手机、无线(或有线)Internet身份实时识别机、全能手机及全球(或全国)统一身份管理网站等部件.该系统克服了现有身份证不能时刻在线、无法实时确认对方或多方身份、无法实时记录持证人行踪及行为、不能随时随地查阅对方或多方信用、品行、历史的缺点,可以随时随地进行实时身份论证、行踪记录、信用品行查询等身份确认工作.文中介绍了该系统的组成、硬件和软件.     

抵抗Sybil攻击的无线传感网中网络分布式密钥管理方案

Wireless sensor network nodes (WSN nodes) have limited computing power, storage capacity, communication capabilities and energy and WSN nodes are easy to be paralyzed by Sybil attack. In order to prevent Sybil attacks, a new key distribution scheme for wireless sensor networks is presented. In this scheme, the key information and node ID are associated, and then the attacker is difficult to forge identity ID and the key information corresponding to ID can not be forged. This scheme can use low-power to resist the Sybil attack and give full play to the resource advantages of the cluster head. The computing, storage and communication is mainly undertaken by the cluster head overhead to achieve the lowest energy consumption and resist against nodes capture attack. Theoretical analysis and experimental results show that compared with the traditional scheme presented in Ref. [14], the capture rate of general nodes of cluster reduces 40% , and the capture rate of cluster heads reduces 50% . So the scheme presented in this paper can improve resilience against nodes capture attack and reduce node power consumption.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

Can Europe's governments manage identity?

Since its inception, the concept of the internal market has been enshrined in the European Commission (EC) as ‘... an area without internal frontiers in which the free movement of goods, persons, services and capital is ensured in accordance with the provisions of this Treaty’ [1]. Within this market, optimising the flow of movement across borders is no easy task, especially in today's age of heightened security fears. It falls to identity management in electronic government to play a vital role in making processes more effective by providing the mechanisms through which identities of citizens and businesses can be managed safely across Europe's borders. Nevertheless, despite the concerted efforts that have been made by individual member states to ensure security on a national level through the better management of identity, the same cannot be said on a pan-European basis. To date, there is little understanding or even consensus on how electronic identities could be managed by governments in a cross-border context. As a result, there is a very real need to take a look at the most prominent themes that are emerging from research in this area, particularly with reference to market activity as more and more software and solution vendors brand products for identity management (IdM). This paper examines the increasingly complex domain of pan-European IdM for electronic government. It is based on research conducted and compiled by the author, during the last 24-months, and provides a vendor-neutral high-level examination of the critical business challenges facing the EC today. The research is vendor-neutral and populated by data obtained using diverse forms of data collection. These include interviews, questionnaires and participant observations conducted with the involvement of 17 European Member States as well as relevant industry experts. The paper concludes with a suggested strategic roadmap for Europe's governments and technology implementors.     

用PB和ORACLE方法实现身份证号升位

在对人员的管理工作中 ,需经常使用姓名和身份证号来进行人员检索。身份证号所具有的唯一性 ,决定了它成为表征一个人信息的准确特征。原有的 15位身份证号存在着“2 0 0 0年”问题 ,需升至 18位。本文分别用PB和ORACLE两种语言方式 ,讲述了实现身份证号升位的方法。     

基于RFID电子标签和无线数据传输网络的可视化集装箱堆场实时信息管理系统

我国生产的集装箱占世界生产量的95%以上,传统的手工集装箱堆场管理已经不适合现状的要求。本文介绍的自主开发的基于RFID电子标签和无线数据传输网络的可视化集装箱堆场实时信息管理系统可以有效地解决自动ID收集、跟踪与监控的实际问题,有助于供应链中的集装箱管理。     

A dynamic ID management protocol for CSMA/IC in ad hoc networks

Contention based MAC protocols are widely used in ad hoc networks because they are suitable, where no central control node exists. However, contention based MAC protocols waste much time because of frequent collisions and long contention times. Moreover, it is hard for them to fairly distribute medium access opportunities. As a result, the problem of unfair medium access may arise under normal network conditions. Recently, another contention based MAC protocol, named the Carrier Sense Multiple Access/ID Countdown (CSMA/IC) was proposed. CSMA/IC resolves medium access contention by comparing the IDs of contending nodes with a simple signaling process. Therefore, medium access collisions never happen as long as each node possesses a unique ID, and the time cost for contention may be smaller than any other contention based MAC protocols if the number of IDs is managed so as to be as small as possible. Furthermore, CSMA/IC may support fair medium access by manipulating the ID of each node properly. In this paper, we propose a novel dynamic ID management protocol which enables a node to acquire a unique ID without any message exchanges and fairly distributed the number of medium access opportunities to all contending nodes. The proposed protocol also makes the contention process of CSMA/IC efficient by dynamically managing the length of the ID field according to the network traffic. The simulation results show that the proposed ID management protocol significantly improves the aforementioned aspects of CSMA/IC MAC protocol compared to previous ID management schemes.     

LTE系统中一种串行的整数倍频偏和扇区检测算法

在LTE系统中,用户终端( UE )在开机后首先会进行小区搜索。针对传统的小区搜索方案中整数倍载波频偏( ICFO)和扇区ID是通过利用主同步信号( PSS)进行联合检测这一问题,提出了一种串行的整数倍频偏和扇区ID估计算法。该算法利用PSS的对称性,将ICFO和扇区ID进行分开检测,通过对接收的频域PSS进行归一化差分相关,消除了信道的影响,从而增强了检测性能。将联合估计算法和提出的串行估计算法进行仿真对比,结果表明提出的算法相较于传统方法可以取得更好的检测精度,并且运算复杂度仅为传统方法的1/3。