论文部分内容阅读
根据ISO制定的网络安全结构,结合Internet的具体特点,提出了一种解决Internet安全性的安全模式,并设计了一个适用于Internet环境的鉴别与密钥分配协议。新协议采用分层机制,在低层利用Intranet的已有鉴别与密钥分配协议,在高层则采用双钥密码体制设计了一个跨Intranet的鉴别与密钥分配协议。该协议不必更换客户机原有的应用软件,只需增加一个网际鉴别服务器,在原鉴别服务器的数据库中增添网际鉴别服务器的密钥即可实现跨Intranet保密通信。新协议与已有协议有很好的兼容性,安全性高,有利于网络的安全管理,并可以在各种远程访问中建立Intranet间的端—端保密通信。
According to the network security structure established by ISO, combined with the specific characteristics of the Internet, this paper proposes a security model to solve Internet security and designs an authentication and key distribution protocol suitable for Internet environment. The new protocol uses a hierarchical mechanism to make use of the Intranet’s existing authentication and key distribution protocols at the lower layers and a double-key cryptosystem at the upper layer to design an intra-network authentication and key distribution protocol. The protocol does not need to replace the client’s original application software, just add an Internet authentication server in the original authentication server database to add Internet authentication server key to achieve inter-Intranet secure communication. The new protocol has good compatibility with existing protocols, has high security, is conducive to network security management, and can establish end-to-end secure communication between Intranets in various remote accesses.