作业5 身份认证(Job 5 identity authentication)

今天校园里到处是快递小哥,同学们也经常帮别人取快递,快递小哥不会很细致的核实身份,就允许代领,存在很多不安全因素。

设计一款基于手机的app,用于快递小哥验证身份,顾客领取快递。具体认证方法不限,简单易行。

(1)给出:app包含哪些部分(可加图示),每部分的功能;

(2)模仿kerberos的写法,描述交互过程,并加说明。

后端+前端

前端用于快递小哥和顾客登录,显示物品信息。

后端用于接收物品信息以及返回匹配结果、存储快递小哥和顾客信息。

第一阶段 

快递小哥身份验证服务交换:完成身份认证。

(1)DM->AS:IDdm||IDtgs||TS1。

(2)AS->DM:Edm[Kdm,tgs||IDtgs||TS2||lifetimedm||Ticketdm]

IDdm为快递的用户标识;IDtgs:用户请求访问的TGS标识;

TS1:让AS验证顾客和AS时钟是与AS的时钟是否同步。

Edm:AS和快递小哥的加密

lifetimedm:签证有效期

Ticketdm:快递小哥用来访问TGS的ticket,可重用,避免多次认证输入口令。

第二阶段

快递小哥向后台发送货物信息,后台发信息给顾客。

DM->AS:IDdm||package||tickettgs;

AS->C:Ec[package||lifetimepackage||code];

package:货物信息;

code:验证码

第三阶段

用户身份验证服务交换:完成身份认证。

C->AS:IDc||IDtgs||TS3

AS->C:Ec[Kc,tgs||TS4||lifetimec||ticketc]

Ticketc:顾客用来访问TGS的ticket,可重用,避免多次认证输入口令。

lifetimec签证有效期

第四阶段

顾客向快递小哥展示code,快递小哥向AS传送code返回结果是本人或不是本人。

C->KD:package||code||lfietimepackage

KD->AS:package||code||lifetimepakcage

AS->KD:result;

result:结果

————————

Today, the campus is full of express brothers, and students often help others get express. The express brother will not carefully verify his identity and will be allowed to receive on behalf of others. There are many unsafe factors.

Design a mobile phone based app for the courier brother to verify his identity and the customer to receive the express. The specific authentication methods are not limited and simple.

(1) Give: which parts of the app (can be illustrated) and the functions of each part;

(2) Imitate the writing method of Kerberos, describe the interaction process and explain it.

Back end + front end

The front end is used for express brother and customer login to display item information.

The back end is used to receive item information, return matching results, and store express brother and customer information.

Phase I

Exchange of authentication service for express brother: complete identity authentication.

(1)DM-> AS:IDdm||IDtgs||TS1。

(2)AS->DM:Edm[Kdm,tgs||IDtgs||TS2||lifetimedm||Ticketdm]

IDDM is the user ID of express; Idtgs: TGS ID requested by the user;

TS1: Let as verify whether the customer and as clock are synchronized with the as clock.

EDM: encryption of as and express brother

Lifetimedm: visa validity

Ticketdm: the ticket used by the express brother to access TGS is reusable, avoiding multiple authentication and entering password.

Phase II

The express boy sends the goods information to the background, and the background sends the information to the customers.

DM->AS:IDdm||package||tickettgs;

AS->C:Ec[package||lifetimepackage||code];

Package: cargo information;

Code: verification code

Phase III

User authentication service exchange: complete authentication.

C->AS:IDc||IDtgs||TS3

AS->C:Ec[Kc,tgs||TS4||lifetimec||ticketc]

Ticketc: the ticket used by customers to access TGS, which can be reused to avoid multiple authentication and password input.

Lifetimec visa validity

Phase IV

The customer shows the code to the express brother, and the express brother sends the code to the as. The returned result is himself or not.

C->KD:package||code||lfietimepackage

KD->AS:package||code||lifetimepakcage

AS->KD:result;

Result: result