An Improved Scheme of Single Sign-on Protocol

Because of the password attack and the replay attack are existing comparatively serious threats for a traditional single sign-on protocol, and the most methods of this issue solving are all not paying the attention to impact on the whole system caused by unsafe client. In this regard, this study proposes an improved single sign-on protocol. Based on the traditional single sign-on protocol, it increases the two data flows which from authentication server AS to ticket-granting server TGS and from TGS to application servers V, and it adopts public key encryption system and USB cryptogram key to prevent password attack, which is leading to improve the client work efficiency and degrade its security gravity; moreover, it adds the authenticated clients database for the authentication validation and the authorized clients database for the authority validation, which would greatly be enhanced the ability of preventing from the replay attack of the system and benefit to the system´s audit.