Open Access  Subscription Access

隨著網路服務的快速發展及多元化，使用者可以透過網際網路向多重不同的網路應用服務提供者取得資源及服務。為了確保經授權的使用者才能存取資源及服務，網路應用服務提供者通常會提供使用者身分鑑別協定，甚至網路通訊安全保護。對於使用者而言，其通常透過使用者通行碼來進行身分鑑別動作。然而，當使用者面對多重伺服器時，雖然仍可透過各別原有的使用者鑑別協定來達到所宣稱的安全性，但卻可能引發潛在的安全性及通行碼管理的問題。我們提出一個適用於多重伺服器環境下，結合智慧卡與通行碼的雙因子身分鑑別協定，除了可以滿足鑑別金鑰交換協定特性（人性化需求、雙因子身份鑑別、雙向鑑別、低計算與通訊成本、建立交談金鑰、前推安全性、防止智慧卡遺失遭冒用、可動態修改通行碼、抵擋所有現存的攻擊法攻擊）外，並允許使用者使用單一且具可記憶之通行碼註冊並登錄不同伺服器，以達到跨網域（inter-domain）的四方通訊。With rapid development of varied internet services, users can access resources and services from different internet service providers via internet. Such internet service providers generally provide user authentication protocols to ensure only the authorized users can access resources and services, and further provide secure communication protocols. Hence, users generally use their passwords to login servers for authenticating their legitimacy. However, such solutions might face password management problems and some potential attacks. For multi-server environments, we propose a password-based authentication protocol using smart cards for the cross domains. The proposed protocol not only solve password management problems, but also withstand some potential passive and active attacks, and achieve three-party and four party end-to-end user authentication and key agreement for the same domain and the cross domains without the assistance of a trusted registration center.

多重伺服器; 通行碼; 雙因子鑑別; 雙向鑑別; 金鑰交換協定; Multi-server; Password; Two-factor authentication; Mutual authentication; Key exchange protocol