统一身份认证系统的关键设计

Key design of unified identity authentication system

针对企事业单位内部应用繁多、认证授权管理复杂、业务后台部署分散和一般的认证系统对信息安全设计不足的现状,本文提出了一种综合利用数据加密、密钥管理、数据隔离、传输加密、多因子认证保全、多副本冗余和详细操作审计日志等技术的全方位安全机制,是一种能够提高认证系统中用户敏感数据安全性的解决方案。

In view of the current situation of numerous internal applications in enterprises and public institutions,complex authentication and authorization management,scattered business background deployment,and insufficient information security design of conventional authentication systems,we proposed a comprehensive security mechanism,which takes advantage of data encryption,secret key management,data isolation,transmission encryption,multi-factor authentication protection,multi-copy redundancy,detailed operation audit logs and other technologies,a solution which improves the security capability of user sensitive data in the authentication system.