适用于Intranet的分层鉴别与密钥分配协议

根据ISO制定的网络安全结构,结合Internet的具体特点,提出了一种解决Internet安全性的安全模式,并设计了一个适用于Internet环境的鉴别与密钥分配协议。新协议采用分层机制,在低层利用Intranet的已有鉴别与密钥分配协议,在高层则采用双钥密码体制设计了一个跨Intranet的鉴别与密钥分配协议。该协议不必更换客户机原有的应用软件,只需增加一个网际鉴别服务器,在原鉴别服务器的数据库中增添网际鉴别服务器的密钥即可实现跨Intranet保密通信。新协议与已有协议有很好的兼容性,安全性高,有利于网络的安全管理,并可以在各种远程访问中建立Intranet间的端—端保密通信。

A New Hierarchical Authentication and Key Distribution Protocol for Communications in Internet Environment

A complete solution to the security of Internet has been proposed according to the ISO Network Security Architecture.An new hierarchical authentication and key distribution protocol has also been presented to implement authentication and key distribution for the remote access between different Intranets,which adopts Kerberos authentication protocol at the lower layer and designs an new authentication and authenticated key exchanges protocol using public -key cryptosystem at the upper layer.The new protocol makes it possible for the client to access securely remote severs in another Intranet without mod ification of the primitive application software on the client computer.Only an Internet authentication sever is added in the firewall and its secret key has been added to the data bank in authentication sever.The new protocol is compliant well with primitive protocol and has high security,which make it easy to manage the security of entire Internet network.The new protocol can be used in all kinds of remote access applications.