网络安全接入机制在一体化网络完善过程中具有举足轻重的地位,目前通用的二元鉴别机制缺乏对执行端的验证,在某种程度上影响了网络安全性。为了保证网络安全,实现终端安全可信地接入核心网络,文中提出了一种基于三元对等鉴别的一体化网络安全接入机制。该鉴别认证机制能实现接入终端与接入交换路由器的双向身份鉴别,可以有效防止非授权终端接入网络,同时防止恶意接入交换路由器对终端的欺骗,即实现了终端、交换路由器和认证中心三个认证实体间的相互鉴别认证,并从性能和安全性等方面分析了此机制的优越性。文中提出的方法增强了一体化网络中对终端接入访问的安全控制,推动了三元对等鉴别技术的应用,促进了一体化网络的完善。%Identity authentication scheme in universal network is extremely important. General two-element peer authenticate has short-comings that it doesn’ t authenticate the router,which is a potential security problem. In order to guarantee the network security and realize terminal access to core network safely and credibly,a kind of integrated network security access mechanism based on tri-element peer au-thentication is put forward. In the new mechanism,terminal and router can authenticate each other by this way and effectively prevent un-authorized terminal access to networks,at the same time prevention of malicious access to exchange router for cheating terminal,which implements mutual identification authentication for terminal,exchange routers and certification center. The superiority of this mechanism is analyzed from performance and security and other aspects. The proposed method enhances the network security control of terminal ac-cess,promoting the application for ternary peer identification technology,raising the improvement of the integration of network.
展开▼
