本文關(guān)鍵詞： 身份認(rèn)證 信任傳遞 數(shù)字簽名 PKI 移動(dòng)通信　出處：《山東大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：近年來,移動(dòng)互聯(lián)網(wǎng)發(fā)展迅速,手機(jī)終端已經(jīng)不僅僅是人們通信的工具,它已經(jīng)成為電子商務(wù)甚至是辦公的不可或缺的工具。移動(dòng)終端與PC端相比,其特點(diǎn)在于：移動(dòng)性強(qiáng)、應(yīng)用廣泛、人們生活中隨身攜帶,但其運(yùn)算能力較差,使用人員能力水平差異較大。由于移動(dòng)終端規(guī)模的迅速擴(kuò)大,其面臨的信息安全問題也日益突出。身份認(rèn)證在互聯(lián)網(wǎng)中越來越重要,目前在以PC端為主的傳統(tǒng)互聯(lián)網(wǎng)上,PKI技術(shù)已經(jīng)廣泛應(yīng)用,但在移動(dòng)互聯(lián)網(wǎng)中,由于其移動(dòng)終端的獨(dú)特特點(diǎn),PKI應(yīng)用技術(shù)還很不成熟。 本人參與了導(dǎo)師為某通信公司開發(fā)的“加密VoIP系統(tǒng)”項(xiàng)目,在其中負(fù)責(zé)身份認(rèn)證系統(tǒng)的開發(fā),在研發(fā)過程中,對(duì)移動(dòng)互聯(lián)網(wǎng)的身份認(rèn)證技術(shù)和跨域的信任傳遞機(jī)制進(jìn)行了研究,并將研究成果在該系統(tǒng)中實(shí)現(xiàn)應(yīng)用。 本論文的主要內(nèi)容如下： 1)本文首先分析了目前主流的身份認(rèn)證技術(shù)及其優(yōu)缺點(diǎn),包括靜態(tài)口令認(rèn)證、動(dòng)態(tài)口令認(rèn)證、生物識(shí)別認(rèn)證和基于PKI技術(shù)體系的認(rèn)證。并重點(diǎn)分析了PKI技術(shù)的特點(diǎn)及其在身份認(rèn)證中的應(yīng)用。 2)其次,本文分析研究了移動(dòng)終端的應(yīng)用特點(diǎn),并研究了移動(dòng)互聯(lián)網(wǎng)PKI技術(shù)體系的實(shí)現(xiàn)特點(diǎn),分析了RSA、ECC和SM2公鑰算法的數(shù)字證書使用效率的不同、移動(dòng)終端軟件接口和PC端中的不同、移動(dòng)終端對(duì)不同硬件數(shù)字證書載體的使用特點(diǎn),并將上述內(nèi)容在VoIP系統(tǒng)中給出了實(shí)現(xiàn)驗(yàn)證。 3)針對(duì)移動(dòng)互聯(lián)網(wǎng)終端數(shù)量巨大,地理分散,管理困難的特點(diǎn),本文重點(diǎn)研究了在不同信任域的終端之間的跨域信任傳遞問題。通用的PKI跨域認(rèn)證不適合在大范圍的移動(dòng)互聯(lián)網(wǎng)環(huán)境下實(shí)施,我國(guó)提出了自主知識(shí)產(chǎn)權(quán)的TePA技術(shù),本文重點(diǎn)研究了TePA技術(shù)和PKI體系的結(jié)合,給出了一個(gè)大型多域環(huán)境下的信任模型。 4)結(jié)合具體的“加密VoIP系統(tǒng)”的開發(fā),本文給出了上述研究成果的實(shí)現(xiàn),并對(duì)不同技術(shù)路線的效率進(jìn)行了分析比較。 最后,對(duì)本文工作進(jìn)行了總結(jié),分析了工作中的不足并指出了進(jìn)一步工作的方向。
[Abstract]:In recent years, with the rapid development of mobile Internet, mobile terminal is not only a communication tool, it has become an indispensable tool for electronic commerce and even office. Its characteristics are: strong mobility, widely used, people carry with them in life, but their computing ability is poor, the level of personnel ability is different, because of the rapid expansion of mobile terminal scale. Identity authentication is becoming more and more important in the Internet. At present, PKI technology has been widely used in the traditional Internet based on PC, but in the mobile Internet. Because of the unique characteristics of its mobile terminal, PKI application technology is still immature. I participated in a communication company for the development of a "cryptographic VoIP system" project, which is responsible for the development of identity authentication system, in the process of research and development. In this paper, the authentication technology of mobile Internet and the trust transfer mechanism across domains are studied, and the research results are applied in the system. The main contents of this thesis are as follows: 1) this paper first analyzes the current mainstream identity authentication technology and its advantages and disadvantages, including static password authentication, dynamic password authentication. Biometric authentication and authentication based on PKI technology system are analyzed, and the characteristics of PKI technology and its application in identity authentication are analyzed. 2) secondly, this paper analyzes the application characteristics of mobile terminals, and studies the implementation characteristics of mobile Internet PKI technology system, and analyzes the RSA. The efficiency of ECC and SM2 public key algorithms is different, the software interface of mobile terminal is different from that of PC, and the characteristics of different hardware digital certificate carriers are also discussed. The above contents are verified in VoIP system. 3) aiming at the large number of mobile Internet terminals, geographical dispersion and difficult management. This paper focuses on the cross-domain trust transfer between terminals in different trust domains. General PKI cross-domain authentication is not suitable for implementation in a wide range of mobile Internet environments. In this paper, we focus on the combination of TePA technology and PKI system, and give a trust model in large multi-domain environment. 4) combined with the development of "encryption VoIP system", this paper gives the realization of the above research results, and analyzes and compares the efficiency of different technical routes. Finally, the work of this paper is summarized, the shortcomings of the work are analyzed and the direction of further work is pointed out.
【學(xué)位授予單位】：山東大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 黃振海;賴曉龍;鐵滿霞;曹軍;張慶松;;三元對(duì)等鑒別及訪問控制方法國(guó)際提案進(jìn)展[J];信息技術(shù)與標(biāo)準(zhǔn)化;2009年06期

2 劉華,王琨;基于PKI的SIP協(xié)議安全的研究[J];電子科技;2005年02期

3 盧震宇,戴英俠,胡艷;分布式認(rèn)證系統(tǒng)互聯(lián)的信任路徑構(gòu)建分析和實(shí)現(xiàn)[J];計(jì)算機(jī)工程與應(yīng)用;2002年10期

4 蔡冰;葉玲;;基于ECC數(shù)字簽名的實(shí)現(xiàn)及優(yōu)化[J];計(jì)算機(jī)工程;2009年19期

5 李士達(dá);胡s，

本文編號(hào)：1460281