摘要
为解决OAuth 2.0中基于不记名令牌访问和缺少客户端认证到资源服务器的机制而遭到安全和隐私威胁的问题,利用所有权证明(proof-of-possession,PoP)安全机制对OAuth 2.0进行扩展,提出一种客户端认证到资源服务器的方案。通过引进PoP令牌和PoP密钥,由授权服务器实施PoP密钥与PoP令牌的绑定,资源服务器可通过验证客户端是否拥有与PoP令牌中相匹配的PoP密钥,认证客户端身份的真实性,有效解决客户端到资源服务器的认证和安全通信问题。详细讨论PoP密钥与PoP令牌的绑定机制以及两者的安全保护方法。
To solve the security and privacy threat problems in OAuth2.0caused by the access mechanism based on the bearer token and lackness of mechanism of client authentication to the resource server,a client authentication scheme was proposed by extending the functionality of the OAuth2.0based on the proof-of-possession(PoP)security mechanism.By importing the PoP token and PoP key and binding the PoP key to the PoP token by authorization server,the resource server could verify the authen-ticity of the client^s identity by verifying whether or not the client had possession of the PoP key matched with the PoP token,ef-fectively dealing with the issue of client authentication and secure communication with the resource server.The mechanism of binding PoP key to PoP token and their protection methods were discussed in detail.
作者
沈海波
陈强
陈勇昌
SHEN Hai-bo;CHEN Qiang;CHEN Yong-chang(Department of Computer Science, Guangdong University of Education, Guangzhou 510303,China)
出处
《计算机工程与设计》
北大核心
2017年第2期350-354,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(62370186)
广东第二师范学院教授科研专项基金项目(2014ARF24)
关键词
开放授权协议2.0
所有权证明
认证
授权
客户端
访问令牌
open authorization protocol 2. 0 (OAuth 2.0)
proof-of-possession (PoP)
authentication
authorization
client
access token
