Exploratory Research-Scalable Token-Based Authentication: Architectures and Mechanisms

探索性研究-可扩展的基于令牌的身份验证：架构和机制

• 批准号: 0124873
• 负责人: Gail-Joon Ahn
• 金额: $ 3.45万
• 依托单位: University of North Carolina at Charlotte
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2001
• 资助国家: 美国
• 起止时间: 2001-09-01 至 2003-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0124873&HistoricalAwards=false
• 关键词: Exploratory; Research; Scalable; Token; Based

AbstractThe information revolution has led organizations worldwide to rely heavily on numerous databases to conduct their daily business. Because databases usually exist in broad, highly dynamic network-based environments, formally accessing the resources in a secure manner poses a difficult challenge. Specially, the healthcare industry has recently tried to transit from their old and disparate business models based on ink and paper to a new and consolidated ones based on digitalized information since last a few years for their customers' and stakeholders' needs. In addition, the proposed rules of the Health Insurance Portability and Accountability Act (HIPAA), circulated by the U.S. Department of Health and Human Services (HHS) through the Health Care Financial Administration (HCFA) strongly require the services of security and privacy. Along with this movement, a secure solution for the complex environment like healthcare industry has been highly demanded. Recently, the President's Information Technology Advisory Committee (PITAC) has issued a report about how security can be deployed to modernize the nation's healthcare systems. Nobody has taken a leadership role and demanded investment in information technology. Without active leadership it will be difficult, if not possible, to get the highly decentralized healthcare industry to come up with a standard secure information system.This motivates us to propose a scalable application that can serve as a security tool to the complex environment like healthcare industry. The problem we seek to address in this research is to provide authentication of individual identity in the context of accessing critical information including secure transmission of data across the Internet. These problems have technical solutions that are well known, but the solutions in general are strongly biased toward a single individual interacting with a single application. When an individual needs to access more than one application, or even the same application at a different location or institution, he or she needs another set of electronic keys. In a collaborative and research environment, individuals must collect and maintain a key set of electronic access mechanisms that quickly becomes cumbersome and difficult to manage. For this reason, we focus on token-based solution.In this research, we propose scalable token-based authentication architectures & mechanisms and demonstrate how we can implement them using commercial-off-the-self technologies. Our approach focuses on vendor-neutral specifications including the feasibility of the construction of password, certificate and signature-based authentication mechanisms.

摘要信息革命导致世界各地的组织严重依赖大量的数据库来进行日常业务。由于数据库通常存在于广泛的、高度动态的基于网络的环境中，因此以安全的方式正式访问资源是一项艰巨的挑战。特别是，医疗行业最近试图从基于墨水和纸张的旧的、不同的商业模式过渡到过去几年来基于数字化信息的新的、整合的商业模式，以满足客户和利益相关者的需求。此外，美国卫生与公众服务部(HHS)通过医疗保健财务管理局(HCFA)分发的《健康保险可携带性和问责法》(HIPAA)的拟议规则强烈要求提供安全和隐私服务。伴随着这一运动，对医疗行业等复杂环境的安全解决方案的需求也越来越高。最近，总统的信息技术咨询委员会(PITAC)发布了一份关于如何部署安全措施来实现国家医疗体系现代化的报告。没有人发挥领导作用，要求在信息技术方面进行投资。如果没有积极的领导，高度分散的医疗行业将很难(如果不可能)拿出一个标准的安全信息系统。这促使我们提出一个可扩展的应用程序，它可以作为医疗行业等复杂环境的安全工具。我们在这项研究中试图解决的问题是在访问关键信息的背景下提供对个人身份的认证，包括通过互联网安全地传输数据。这些问题都有众所周知的技术解决方案，但总体来说，这些解决方案强烈偏向于单个人与单个应用程序交互。当一个人需要访问多个应用程序，甚至需要在不同地点或机构访问同一个应用程序时，他或她需要另一套电子钥匙。在协作和研究环境中，个人必须收集和维护一套关键的电子访问机制，这些机制很快就变得繁琐和难以管理。为此，我们将重点放在基于令牌的解决方案上。在本研究中，我们提出了可扩展的基于令牌的认证体系结构和机制，并演示了如何使用商业现成技术来实现它们。我们的方法关注于供应商中立的规范，包括构建基于密码、证书和签名的认证机制的可行性。