摘要
提出一种基于组合对称密钥的大规模认证体系架构与密钥管理协议,实现芯片级的安全认证过程,对大规模密钥的管理简化为对小规模密钥种子的管理。提出的基于"主—从"认证中心模式的认证体系架构能够高效率地支持大规模用户的并发认证。对该认证系统的安全性进行了分析,并给出了性能测试数据。该系统的实施与应用,能够以较低的建设成本实现对大规模用户身份的识别以及管理能力,对我国网络实名制的研制提供了一个可行的解决方案。
A large-scale real-name authentication architecture and key management protocol based on combined symmet-ric key algorithm were proposed.With the CSK algorithm and smart card technology, the authentication process can be finished in the chips, and the management of large-scale keys can be simplified to the management of small-scale key seeds.The security of the proposed architecture is analyzed and the experimental results are shown.It is obvious that the abilities of large-scale identity authentication and management are improved while the building cost is reduced evidently with the application of the proposed architecture.It is an applicable solution for real-name authentication network.
出处
《通信学报》
EI
CSCD
北大核心
2009年第S2期91-95,共5页
Journal on Communications
基金
北京市科技新星计划基金资助项目(2007B028)~~
关键词
组合对称密钥
密钥管理
双向身份认证
网络实名制
combined symmetric key
key management
bi-directional authentication
real-name authentication
