Summary: | 碩士 === 國立交通大學 === 資訊科學系 === 89 === In a distributed environment, all information are exposed in the public
networks. Some of the information are perhaps transactions and some are users''
passwords. Besides, the identities of communicating parties are also under the
danger of being masqueraded. A lot of research, such as Kerberos and SESAME,
have been devoted to solve these problems.
In a heterogeneous environment, all computer hosts are not the same machine
type and all login procedures are not the same. When a user is going to login into
different computers, he has to use different pairs of identity and password.
During the procedure of login, these information might be intercepted resulting
in a leakage. ''Single Sign-On'''' is the solution to reduce the complexity of
the login procedure.
In this paper, we not only investigated two representative authentication
services but also proposed a similar scheme, which is integrated with PKI and Single
Sign-On. Our scheme works as following: the user logins once using a Smart Card
and uses different services without entering password again. We adopt ''Role-Based
Access Control'''' to manage privilege, and that results more flexibility in management.
|