基于SM2和OAuth2.0的强安全身份认证方案

Strong Security Authentication Scheme Based on SM2 and OAuth2.0

在网络技术广泛应用的时代,网络安全问题的重要性越来越显著,同时网络安全问题也越来越突出。身份认证技术是确保网络安全的重要手段。在API(Application Programming Interface)控制访问中,OAuth2.0协议兼具用户资源授权和委托访问控制方法,在国内外各大互联网厂商中应用较广。但是由于开发者未能严格遵守OAuth2.0协议的规范,导致数据来源不可靠性问题层出不穷。国密SM2数字签名算法是国内自主研发的基于ECC国际标准的改进算法,改进了明文编码问题并且具有更高的计算效率。为解决API身份认证技术中存在的安全问题,提出一种基于OAuth2.0的强安全身份认证方案,在其协议设计中使用了国密SM2数字签名,在无需密码的情况下完成第三方授权及认证,实现对受保护资源的授权和控制访问。结果表明,方案在保留了传统身份认证方案所具有的安全性的同时,兼具了抗重放攻击、防中间人攻击和抗伪造性的特点,且数据交互效率没有明显降低。

In the era of widespread network technology,the importance of network security issues is becoming more and more significant,while network security issues are also becoming more and more prominent.Authentication technology is an important means to ensure network security.In the API(Application Programming Interface)control access,OAuth2.0 protocol has both user resource authorization and delegated access control methods,which are widely used in major Internet vendors at home and abroad.However,due to the failure of developers to strictly comply with the specifications of OAuth2.0 protocol,the problem of unreliability of data sources has emerged one after another.The SM2 digital signature algorithm is an improved algorithm based on the ECC international standard developed by China,which improves the plaintext encoding problem and has higher computational efficiency.In order to solve the security problems in API authentication technology,we propose a strong security authentication scheme based on OAuth2.0,which uses SM2 digital signature in its protocol design to complete third-party authorization and authentication without passwords,and realize the authorization and control access to protected resources.The results show that the scheme retains the security of traditional authentication schemes while combining resistance to replay attacks,man-in-the-middle attacks,and forgery resistance,with no significant reduction in data interaction efficiency.