| 基于令牌的单点登录协议及其形式化分析 |
| |
| 引用本文: | 申婷,李晖,于明喆.基于令牌的单点登录协议及其形式化分析[J].西安电子科技大学学报,2006,23(5):792-796. |
| |
| 作者姓名: | 申婷 李晖 于明喆 |
| |
| 作者单位: | 西安电子科技大学计算机网络与信息安全教育部重点实验室,陕西西安710071 |
| |
| 摘 要: | 提出一种新的适用于分布式网络的单点登录协议,利用令牌将身份认证和服务授权结合起来由一个验证服务器实现,授权校验的同时进行密钥分配,实现了用户和应用服务器的双向认证,令牌使用户只需在登录网络时进行一次身份认证即可接入各应用服务器。从而提高了网络认证效率,同时使验证服务器不需要保存用户的状态,有效提高验证服务器的性能,采用BAN逻辑对该协议进行形式化分析表明,协议达到了认证和密钥分配的目标,具有较强的安全性。
|
| 关 键 词: | 单点登录 令牌 BAN逻辑 |
| 文章编号: | 1001-2400(2006)05-0792-05 |
| 收稿时间: | 2005-12-01 |
| 修稿时间: | 2005-12-01 |
Token-based single sign-on protocol and its formal analysis |
| |
| SHEN Ting,LI Hui,YU Ming-zhe.Token-based single sign-on protocol and its formal analysis[J].Journal of Xidian University,2006,23(5):792-796. |
| |
| Authors: | SHEN Ting LI Hui YU Ming-zhe |
| |
| Affiliation: | Ministry of Edu. Key Lab. of Computer Network and Information Security, Xidian Univ., Xi′an 710071, China |
| |
| Abstract: | A new single sign-on protocol used for the distributed network is proposed to achieve double-way authentication between user application servers.With a service token,identity authentication and service authorization are implemented by an authentication server,and the key is saved in the token which can be used in the verification process.The token not only makes the user that has been authenticated when it enters the network communicate with any application server,and improves the authentication efficiency of the whole network,but also makes the authentication server unnecessarily save the sate of users,and promotes authentication server's performance.Using the BNA logic,the objective and the security of this protocol are proved by the formal analytical process. |
| |
| Keywords: | single sign-on token BAN logic |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《西安电子科技大学学报》浏览原始摘要信息 |
|
点击此处可从《西安电子科技大学学报》下载全文 |
