摘要
本文在分析在线身份泄露的原因的基础上,提出了一种新型身份认证协议及其系统方案。首先,通过引入一个自主的智能输入设备,令所有用户信息的输入与变换处理均在该设备上封闭性完成,从而保证用户输入的原始账号与口令等信息不会泄露;其次,以用户欲访问网站提供的秘密数据为参数,对用户的原始账号与口令进行变换处理,得到因网站秘密数据而异的用户注册或登录该网站的提交账号与口令。这样,即使注册到某个网站的账号口令泄露,也不会影响到到其它网站的身份信息安全;同时用户再无须为了安全而记忆大量账号与口令。最后再将提交账号与口令进行不低于服务安全要求的加密后上传到服务器。运用本方案,可望很大程度上解决在线身份信息泄露问题。
This paper analyzes the means of online identity theft.Further,propose a new solution.First,an;intelligent input device is used to accept user's data and transform it close in,the device connects the main system only by communicate interface.Second,a group of submitting data will get by using a secret number providing by the server into the data transform processing,the device only send the submitting data to the main system.Third,before send the submitting data,the device always encode it by the public key of the server.So only the server knowing the secret key can decode the submitting data.Using this program,the online identity theft and identity leak maybe solved fundamentally..
出处
《网络安全技术与应用》
2011年第10期66-68,63,共4页
Network Security Technology & Application
