| 基于改进OTP的用户认证技术的研究与实现 |
| |
| 引用本文: | 许正伟 程晓荣 王翠茹 马慧敏. 基于改进OTP的用户认证技术的研究与实现[J]. 微机发展, 2004, 14(6): 109-110,114 |
| |
| 作者姓名: | 许正伟 程晓荣 王翠茹 马慧敏 |
| |
| 作者单位: | 华北电力大学计算机科学与技术学院,华北电力大学计算机科学与技术学院,华北电力大学计算机科学与技术学院,华北电力大学计算机科学与技术学院 河北保定071003,河北保定071003,河北保定071003,河北保定071003 |
| |
| 摘 要: | 随着网络应用的不断发展,网络安全问题也变得越来越重要.用户认证机制是安全防护机制之一,认证信息可以用来认证需访问系统的请求用户的合法性。文中分析了无须第三方认证的“一次性口令(OTP)”技术及其存在的安全漏洞,结合Kerberos认证机制优点,提出了将用户的通行密语用服务器的公钥加密后保存在数据库中,并在服务器种子信息中加入时间戳和服务器IP地址的改进OTP技术,提高了认证系统的安全性。
|
| 关 键 词: | 一次性口令 用户认证 网络安全 .NET |
| 文章编号: | 1005-3751(2004)06-0109-02 |
Research and Realization of Authentication Technique Based on OTP |
| |
| XU Zheng-wei,CHENG Xiao-rong,WANG Cui-ru,MA Hui-min. Research and Realization of Authentication Technique Based on OTP[J]. Microcomputer Development, 2004, 14(6): 109-110,114 |
| |
| Authors: | XU Zheng-wei CHENG Xiao-rong WANG Cui-ru MA Hui-min |
| |
| Abstract: | With the continuous development of network application, the problem of network security has become more and more important. Authentication is one of the mechanisms in security defence, and the authentication information is used to verify the user's legitimacy. The One_-Time Password(OTP) technique which needs no third authentication and its security flaws are analyzed in this paper. With the advantages of the Kerberos system, presents a new technique which saves user spp in the database after it is encrypted with the server's public key. Timestamp and IP address are also added into seed information, which makes an improvement in OTP technique. And the security of authentication system has been developed. |
| |
| Keywords: | OTP user authentication network security .NET |
| 本文献已被 CNKI 维普 等数据库收录! |
