Journal of Computer Applications ›› 2012, Vol. 32 ›› Issue (06): 1766-1768.DOI: 10.3724/SP.J.1087.2012.01766
• Typical applications • Previous Articles Next Articles
WANG Guo-wei1,XUE Man-jun2
Received:
Revised:
Online:
Published:
Contact:
王国伟1,薛曼君2
通讯作者:
作者简介:
基金资助:
Abstract: To resolve the problems of cross domain identity authentication in single sign on, a solution based on token was proposed, which transmit the encrypted logon information of user through URL redirection, and then the application systems in heterogeneous domains get the information and response data operation. By using random digital number as token that can be act as the parameter to generate session key of traditional cryptosystem, the solution presents a method of mutual trust and security token transmission between application systems in heterogeneous domains through modern cryptosystem, in this method the application systems generate the session key by using token and encrypt/decrypt the user information, and each communication use different session key. The security analysis of the generation and transmission of token and key shows that the solution is a security implementation of identity authentication in cross domain single sign on.
Key words: single sign on, cross domain, key, authentication, token
摘要: 针对单点登录中的跨域身份认证问题,提出了一种基于票据的解决方案,以地址重定向的方式传递加密用户登录信息,异域应用系统获取用户信息并提供数据操作服务。使用随机数字生成票据,并作为生成传统加密算法会话密钥的参数,采用现代加密算法实现异域系统之间的互信并安全传递票据,异域应用系统根据票据产生会话密钥,加密并传输用户登录信息,每次会话产生新的密钥。通过对票据产生和传输以及密钥的安全性分析,可以实现跨域单点登录的功能并保证身份认证安全可信。
关键词: 单点登录, 跨域, 密钥, 认证, 票据
CLC Number:
TP393.02
WANG Guo-wei XUE Man-jun. Token-based cross domain single sign on[J]. Journal of Computer Applications, 2012, 32(06): 1766-1768.
王国伟 薛曼君. 基于票据的跨域单点登录[J]. 计算机应用, 2012, 32(06): 1766-1768.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.3724/SP.J.1087.2012.01766
https://www.joca.cn/EN/Y2012/V32/I06/1766