Research of single sign-on model based on dual-token mechanism

doi:10.3778/j.issn.1002-8331.2008.30.040

Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (30): 131-134.DOI: 10.3778/j.issn.1002-8331.2008.30.040

• 网络、通信、安全 • Previous Articles Next Articles

Research of single sign-on model based on dual-token mechanism

JI Zhi-hui^1,2,NI Hong²,LIU Lei^1,2,KUANG Zhen-guo^1,2

1.Graduate University of Chinese Academy of Sciences，Beijing 100039，China
2.National Network New Media Engineering Research Center，Institute of Acoustics，Chinese Academy of Sciences，Beijing 100080，China

Received:2007-11-28 Revised:2008-01-04 Online:2008-10-21 Published:2008-10-21
Contact: JI Zhi-hui

一种基于双令牌机制的单点登录模型研究

嵇智辉^1,2,倪宏²,刘磊^1,2,匡振国^1,2

1.中国科学院研究生院，北京 100039
2.中国科学院声学研究所国家网络新媒体工程技术研究中心，北京 100080

通讯作者: 嵇智辉

Abstract

Abstract: Single sign-on is techniques which can overcome disadvantages of traditional authentication mechanism in service integration process，and is also a key issue must be investigate in multi-service operation system.After comparing many single sign-on schemes，especially the scheme based on SAML model，provides a single sign-on model based on dual-token mechanism.Besides SAML token，the model introduces session key and session token，and uses local session dynamic active algorithm，meets the demands in security and efficiency.

Key words: single sign-on, security assertion markup language, SAML token, session key, session token, dynamic active algorithm

摘要： 单点登录技术克服了业务整合过程中传统认证机制不足，是多业务运营平台需要重点研究的问题之一。对多种单点登录解决方案进行比较，重点分析安全断言标记语言（SAML）模型，提出一种基于双令牌机制的改进单点登录模型。模型在应用SAML令牌作为用户身份载体基础上，引入会话密钥和会话令牌，并采用本地会话缓存周期动态激活算法，满足了运营平台对认证授权体系整体安全性和处理效率等方面的要求。

关键词: 单点登录, 安全断言标记语言, SAML令牌, 会话密钥, 会话令牌, 动态激活算法

JI Zhi-hui^1,2,NI Hong²,LIU Lei^1,2,KUANG Zhen-guo^1,2. Research of single sign-on model based on dual-token mechanism[J]. Computer Engineering and Applications, 2008, 44(30): 131-134.

嵇智辉^1,2,倪宏²,刘磊^1,2,匡振国^1,2. 一种基于双令牌机制的单点登录模型研究[J]. 计算机工程与应用, 2008, 44(30): 131-134.

[1]	LI Yajun, LIU Yining, LIN Danzhu. Secure group key transfer protocol against insider attack [J]. Computer Engineering and Applications, 2014, 50(6): 68-71.
[2]	LUO Wenjun, FU Haiyang. One way of key management scheme based on elliptic curve for WSN [J]. Computer Engineering and Applications, 2013, 49(19): 88-91.
[3]	WANG Juan1，2, ZHENG Shuli2, FANG Yuankang3. Improved Kerberos single sign-on protocol based on certificateless implicit authentication [J]. Computer Engineering and Applications, 2013, 49(10): 105-108.
[4]	KANG Wei1，2, XU Xin2, SUN Caihong3. Research on architecture of business operating support system in media [J]. Computer Engineering and Applications, 2012, 48(12): 233-238.
[5]	QingHua Shang. A Protocol for Registration in the Mobile IP Based on Random Numbers [J]. Computer Engineering and Applications, 2007, 43(6期): 112-113.

Research of single sign-on model based on dual-token mechanism

一种基于双令牌机制的单点登录模型研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 5

Recommended Articles

Metrics