| 在线身份信息泄露及一种解决方案 |
| |
| 引用本文: | 程元斌. 在线身份信息泄露及一种解决方案[J]. 网络安全技术与应用, 2011, 0(10): 66-68,63 |
| |
| 作者姓名: | 程元斌 |
| |
| 作者单位: | 江汉大学数学与计算机科学学院,湖北,430056 |
| |
| 摘 要: | 本文在分析在线身份泄露的原因的基础上,提出了一种新型身份认证协议及其系统方案。首先,通过引入一个自主的智能输入设备,令所有用户信息的输入与变换处理均在该设备上封闭性完成,从而保证用户输入的原始账号与口令等信息不会泄露;其次,以用户欲访问网站提供的秘密数据为参数,对用户的原始账号与口令进行变换处理,得到因网站秘密数据而异的用户注册或登录该网站的提交账号与口令。这样,即使注册到某个网站的账号口令泄露,也不会影响到到其它网站的身份信息安全;同时用户再无须为了安全而记忆大量账号与口令。最后再将提交账号与口令进行不低于服务安全要求的加密后上传到服务器。运用本方案,可望很大程度上解决在线身份信息泄露问题。
|
| 关 键 词: | 网络安全 身份认证 在线身份窃取 身份信息泄露 智能输入设备 |
On Online Identity Blab and Solution |
| |
| Cheng Yuanbin School of Mathematics , Computer Science,Jianghan University,Hubei,,China. On Online Identity Blab and Solution[J]. Net Security Technologies and Application, 2011, 0(10): 66-68,63 |
| |
| Authors: | Cheng Yuanbin School of Mathematics & Computer Science Jianghan University Hubei China |
| |
| Affiliation: | Cheng Yuanbin School of Mathematics & Computer Science,Jianghan University,Hubei,430056,China |
| |
| Abstract: | This paper analyzes the means of online identity theft.Further,propose a new solution.First,an;intelligent input device is used to accept user's data and transform it close in,the device connects the main system only by communicate interface.Second,a group of submitting data will get by using a secret number providing by the server into the data transform processing,the device only send the submitting data to the main system.Third,before send the submitting data,the device always encode it by the public key of the server.So only the server knowing the secret key can decode the submitting data.Using this program,the online identity theft and identity leak maybe solved fundamentally.. |
| |
| Keywords: | Network Security authentication online identity theft phishing |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
