摘要
OpenID是一个以用户为中心的数字身份识别框架,同时又是一个去中心化的网上身份认证系统,它具有开放、分散、自由等特性。但是,当前已有的一些OpenID协议在有效保护用户隐私方面仍存在诸多不足,如身份提供商可以通过每次使用了解用户登录的依赖方信息。针对上述问题,本文提出一种基于盲签名的OpenID协议设计思路,将OpenID依赖方的网站标识符进行盲化。首先基于国密算法SM9设计一个身份基盲签名方案,并证明该方案的安全性依赖于SM9签名方案;随后基于上述盲签名方案,设计一个OpenID协议;最后通过仿真实验和理论分析论证所提出的OpenID协议的高效性和安全性。
OpenID is a user-centered digital identity recognition framework and a decentralized online identity authentication system. It has the characteristics of openness, decentralization and freedom. However, some existing OpenID protocols still have many deficiencies in effectively protecting user privacy. For example, identity providers can learn the relying party information logged in by users through each use. In view of the above problems, a design idea of the OpenID protocol based on blind signature is proposed, which blinds the website identifier of the OpenID relying party. This paper first designs an identity-based blind signature scheme based on the national secret algorithm SM9, and proves that the security of this scheme depends on SM9 signature scheme. Then, based on the above blind signature scheme, an OpenID protocol is designed. Finally, the efficiency and security of the proposed OpenID protocol are demonstrated through simulation experiments and theoretical analysis.
作者
王煊
王志伟
WANG Xuan;WANG Zhi-wei(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu Key Laboratory of Big Data Security and Intelligent Processing,Nanjing 210023,China)
出处
《计算机与现代化》
2022年第12期111-117,共7页
Computer and Modernization
基金
国家自然科学基金资助项目(61672016)。
