摘要
利用Android移动终端软硬件自有的标识符信息,依靠Android系统这一可信第三方,确保标识符信息的真实可信,结合密码学中Hash函数以及异或、连接等运算构造出客户端应用的身份认证信息生成算法。通过对传统移动应用的账户注册和登录过程进行研究,将身份信息的生成和验证过程放在服务器端,使用户免去设置账户信息及口令这一繁琐且极易暴露隐私的过程,完成一种新型的身份认证方案。最后,对方案的安全性和效率进行了分析,结果表明,新的方案具有较强的安全性和较高的便捷性。
The Android mobile terminal's own identifier information was used, which was credibly ensured by the Android system, then combining the Hash function and operation such as xor or connection, an algorithm of authen- tication information generation for the Android client was created. The traditional mobile client's process of register and login were analyzed, putting the identity information generation and authentication on the sever. A novel authen- tication scheme was constructed, which made the users free from the cumbersome authentication process and pri- vacy divulges. Finally, the security and efficiency of the scheme were analyzed. The results show that the new scheme has strong security and high convenience.
作者
王亚伟
彭长根
丁红发
周凯
WANG Ya-wei PENG Chang-gen DING Hong-fa ZHOU Kai(College of Computer Science & Technology, Guizhou University, Guiyang 550025, China Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China Institute of Cryptography & Data Security, Guizhou University, Guiyang 550025, China College of Mathematics and Statistics, Guizhou University, Guiyang 550025, China)
出处
《网络与信息安全学报》
2017年第4期32-38,共7页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61662009
No.61262073
No.61363068)
国家统计局全国统计科学研究重点基金资助项目(No.2013LZ46)
贵州省统计科研基金资助项目(No.201511)
贵州省哲学社会科学规划青年课题基金资助项目(No.16GZQN06)~~
关键词
标识符
Android客户端
认证模型
身份认证信息生成算法
identifier, Android client, authentication model, algorithm of authentication information generation
