共查询到19条相似文献,搜索用时 265 毫秒
1.
对电子交易进行攻击所带来的现实收益已经使得电子交易变成网络安全事件高危区,电子交易安全问题亟待解决,身份认证是电子交易安全问题中的基本和关键。首先介绍几种常用的身份认证技术,并分析各种技术的优势和缺点,在此基础上提出了基于生物特征信息和实名信息双重认证因素的强认证方法,详细描述了该方法的实施过程。该方法能够有效提升电子交易过程中的安全性。 相似文献
2.
在移动支付中,交易主体的身份认证是判断和确认交易双方真实身份的重要环节,可以保证每个交易主体的访问与授权的准确。本文通过分析国内外一次性口令认证技术的研究现状、认证技术以及移动支付中的安全问题,对一次性口令认证技术进行改进,提出基于移动支付的一次性口令身份认证的方案。 相似文献
3.
分析与比较了现有的身份认证技术,将指纹识别、数据加密和安全协议等技术紧密结合,指出用指纹加密作为网络身份认证技术是可行的,可靠的。提出了一种基于指纹加密的网络身份认证方案,介绍了方案原理,体系结构和认证协议,很好地解决了计算机网络系统中的身份认证问题。 相似文献
4.
VoIP系统中使用SIP协议进行多媒体会话,存在很多不安全因素。文中主要针对SIP协议的身份认证问题,提出采用基于JFK的SIP身份认证机制,以解决使用SIP协议进行呼叫控制时的身份认证和密钥协商问题,保证SIP消息传输过程中完整性和不可抵赖性。而且,JFK的简单、高效、安全及无状态连接等特点,恰好能满足SIP系统对实时性的要求,防止SIP系统受到重放、消息欺骗、拒绝服务等攻击方式。 相似文献
5.
认证技术是建立电子商务安全交易系统必不可少的基本组成部分。文中分析了电子商务的网络设施不完善、信用问题及交易安全问题等存在的安全隐患,同时介绍了电子商务安全交易中常用的身份认证技术和信息认证技术,并分析认证技术如何确保电子商务信息机密性和完整性,从而为电子商务的信息安全提供理论基础。 相似文献
6.
匿名无线认证协议的匿名性缺陷和改进 总被引:9,自引:1,他引:9
分析了朱建明,马建峰提出的匿名无线认证协议的匿名性安全缺陷,提出了一种改进的匿名无线认证协议(IWAA),并用对其匿名性进行了形式化的安全分析。分析表明改进后的协议不仅实现了身份认证,而且具有很强的匿名性,满足无线网络环境匿名性的安全需求。 相似文献
7.
针对零知识身份认证协议存在的问题,根据数字水印能隐藏信息的特点,提出了一种新的零知识身份认证协议。在此协议中使用数字水印改善了认证的特性。在认证过程中,验证者在验证示证者身份时需要两方面的信息:一是来自网络的信息,二是本地的信息,从而有效地解决了存在的问题,提高了认证的安全性。 相似文献
8.
强口令认证协议的组合攻击 总被引:7,自引:0,他引:7
基于强口令的身份认证机制是目前身份认证技术发展的一个重要方向.本文对IEICE上新近提出的一个优化强口令身份认证协议OSPA(Optimal Strong-Password Authentication)进行了分析,并利用本文首次提出的组合攻击方法对其进行了有效攻击.攻击结果表明该协议对凭证被窃问题、中间人攻击、重放攻击和拒绝服务攻击是脆弱的. 相似文献
9.
10.
JAVA安全认证在电子政务系统中的应用研究 总被引:3,自引:0,他引:3
随着网络技术的发展,各国政府正积极推行电子政务系统,如何保证政府电子政务的安全性成为实施电子政务必须首先要解决的问题。本文主要讨论了基于公开密钥的身份认证机制,提出了双向身份认证与电子钥匙Ekey的设计方案.并给出了具体实现。实际应用证明该设计方案可为电子政务系统提供可靠的安全保障。 相似文献
11.
12.
We present a new protocol for electronic transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any fraudulent transaction. 相似文献
13.
Electronic transaction through e-payment protocol will grow tremendous in the coming years. In this article, by conversely using blind signature, the authors propose a fair electronic payment scheme for electronic commerce, which can ensure two participants' right simultaneously in electronic transaction process. This scheme is different from other existing schemes and it does not require strong trust relation between customer and merchant. In the scheme, a semi-trusted third party (S-TTP) is involved to provide a fair commerce environment. The S-TTP takes part in the protocol on-line and no secure information about the business is leaked. Moreover, the participants do not need to register to S-TTP. This scheme does not require intervention of a third party in case of dispute, if one user cheats or simply crashes. 相似文献
14.
随着国际贸易的快速发展,越来越多的企业开始采用电子化的方式开展贸易交流、订单、洽谈、电子合同、报关、物流等业务。应用信息化手段为企业提高运作效率,降低运营成本已经成为一种必然趋势。但由于国际贸易业务的复杂性,往往涉及到跨国间开展业务,需要和多种面向业务管理和政府监管的环节交互,各系统在处理跨国间异地规模庞大的用户身份认证及贸易用户之间身份信任信息的交互一直是个难题。文中论述了通过PKI的互联互通、多级认证和单窗口服务模式等技术搭建云认证服务平台,该方案能够充分利用现有跨国贸易中已有的基础设施,通过云认证技术解决大规模、高扩展性的跨国数据交互的身份认证、用户可信等问题。 相似文献
15.
Smart card‐based client‐server authentication protocol is well popular for secure data exchange over insecure and hostile networks. Recently, Lee et al. put forward an authentication protocol by utilizing ElGamal cryptosystem and proved that it can withstand known security threats. This article evinces that the protocol of Lee et al. is unwilling to protect various important security vulnerabilities such as forgery attack and off‐line password‐guessing attack. To vanquish these loopholes, this article presents a robust authentication protocol for client‐server communication over any insecure networks. The security explanation of our protocol has done through the formal and informal mechanism and its outcome makes sure that the designed protocol is strong enough to resist the known vulnerabilities. In addition, we have simulated our protocol using ProVerif online software and its results certify that our protocol is safe against private information of the client and server. This paper also has made performance estimation of the presented protocol and others, and the outcome favors the presented protocol. 相似文献
16.
To ensure the intactness of the stored data in cloud, numerous data public auditing mechanisms have been presented. However, most of these existing solutions suffer from several flaws: (a) identity privacy and data privacy of data owner are inevitably revealed to the auditor in the auditing process; (b) the existing public auditing mechanisms with resisting key exposure are only proved in the random oracle model. To address the problems above, in this paper, we propose an achieving identity‐and‐data privacy public auditing protocol with forward security in the standard model by incorporating knowledge proof signature, ring signature, and forward security technique. And then, we formalize the security model of forward security and anonymity of identity, in which the adversary is allowed to query private keys of some ring members. It can provide stronger security. Thus, our proposed scheme can not only achieve data owner's identity privacy and data privacy but also provide forward security for data owner's secret key. To the best of our knowledge, it is the first preserving privacy of identity‐and‐data public auditing scheme with forward security that is provably secure in the standard model. The security of the scheme is related to the computational Diffie–Hellman (CDH) problem and the subgroup decision problem. Finally, our scheme is simulatively tested; experimental results demonstrate that our mechanism is very efficient in terms of overall performance. 相似文献
17.
安全电子交易及其相关技术 总被引:3,自引:0,他引:3
重点介绍了安全电子交易 (SET)支付系统的组成和所涉及的相关技术 ,以及如何使用这些技术来满足网上支付系统所要求的保密性、数据的完整性、交易的不可否认性和交易各方的身份认证。 相似文献
18.
产品认证致力于降低系统性交易成本,其工作模式成型于电气自动化、规模化、标准化生产的工业时代。在信息通信行业与各制造行业融合的大趋势下,产品认证如何在智能制造和工业互联网的新工业环境下发挥认证价值成了一个现实且迫切的课题。回顾了产品认证发展历程,梳理了产品认证发展瓶颈,分析了智能制造与工业互联网环境下以“数据”为核心的质量管理新特征,提出了新工业环境下产品认证应以“数据”为核心,从数据获取、数据处理、数据应用三方面重构产品认证工作方法,实现认证智能化。 相似文献
19.
Nowadays, authentication protocols are essential for secure communications specially for roaming networks, distributed computer networks, and remote wireless communication. The numerous users in these networks rise vulnerabilities. Thus, privacy‐preserving methods have to be run to provide more reliable services and sustain privacy. Anonymous authentication is a method to remotely authenticate users with no revelation about their identity. In this paper, we analyze 2 smart card–based protocols that the user's identity is anonymous. However, we represent that they are vulnerable to privileged insider attack. It means that the servers can compromise the users' identity for breaking their privacy. Also, we highlight that the Wen et al protocol has flaws in both stolen smart card and stolen server attacks and the Odelu et al protocol is traceable. Then, we propose 2 modified anonymous authentication protocols. Finally, we analyze our improved protocols with both heuristic and formal methods. 相似文献