针对目前Web站点的身份认证安全问题,提出了一种基于手机令牌和近距离无线通信(NFC,near field communication)技术的身份认证方法,并在Android平台上实现了该系统.该系统利用手机使用手机令牌实现了USBKey的主要功能,当用户访问站点进行注册时,将获得惟一的手机令牌并存于带有加解密功能的手机中.在下次访问站点进行身份认证时,用户可通过手机直接在Web站点进行身份认证,也可通过NFC技术将手机令牌传于PC机,使得用户可在PC机上利用手机进行身份认证.该系统将手机作为类USBKey设备,在增强Web站点身份认证安全的同时,省去了为用户颁发USBKey的流程和成本,具有较强的实用价值.
This paper presents a trusted-environment construction method based on the underlying hardware. This method aims at protecting the security-sensitive software in the aspects of software loading, running, and storing in the general operating system. It extends the trust chain of the traditional trusted computing technology to reach the target software, ensuring trusted loading. The extended memory management mechanism effectively pre- vents memory dumping and memory tampering for the high-sensitivity data. The file monitoring mechanism protects files from vicious operation made by attackers. Flexible-expanded storage environment provides the target software with static storing protection. Experimental system verifies that the method is suitable for general operating system and can effectively protect security-sensitive software with low overhead.
LI Jing1,2,ZHANG Huanguo1,2,ZHAO Bo1,2,FANG Lingling1,2 1.School of Computer,Wuhan University,Wuhan 430072,Hubei,China