用於行動存取的虛擬帳號管理架構

一些EAP(Extensible Authentication Protocol)認證協定的認證方法，例如EAP-TTLS(Tunneled Transport Layer Security)，可以隱藏行動上網用戶的真實帳號來保護用戶的隱私，但在漫遊的情況下，受訪的網路服務提供商無法做不同程度的授權及計費。這是因為EAP架構缺乏管理真實帳號及虛擬帳號的機制。本論文提出基於短期憑證的帳號管理架構，來提供一個具有隱私保護的認證及授權的解決方案。所提出解決方案使用短期憑證，因而不需處理憑證廢止問題，也因使用短期憑證，用戶與原網路的認證程序可以變成在用戶與受訪網路之間去執行，由於前述的兩個特性，所提的解決方案可以有效降低認證程序所帶來延遲。所以，所提出的解決方案不但可以解決在漫遊情況下的授權及計費的問題，同時也保有保護用戶隱私的好處。

關鍵字

可擴展認證協定；短期憑證；隱私

並列摘要

In some Extensible Authentication Protocol (EAP) methods, such as EAP-TTLS (Tunneled Transport Layer Security), the true identity can (will or may) be hidden to protect the privacy of the mobile users. However they cannot provide different levels of accounting and authorization for the condition of roaming. The reasons behind is that EAP has no mechanism to manage the relationship between true identities and pseudo identities. This study proposes a new framework to deal with the problems of authentication and authorization. The short-lived certificate scheme instead of revoking scheme is used to improve the performance of authentication. Experimental results show that the authentication delay can be greatly reduced. Also both the privacy and efficiency can be achieved.

並列關鍵字

Extensible Authentication Protocol ； Short-life Certificate ； Privacy

國際替代計量

用於行動存取的虛擬帳號管理架構

全文下載

主題瀏覽