The Design And Implementation Of Dynamic Password Platform Based On Oauth Protocol

With the development of Internet, its openness will be more necessary and large Internet companies introduce their open platform. Open platform will package the service into a unified interface and the unified interface is open to all third party. The third party can develop various application based on open platform interface. In the process, the trust mechanism of the user, the third party and the open platform mainly adopts OAUTH authorization method. OAUTH protocol’s advantage is that the third party can use the target web site’s resources, without having to know the target site’s account and password, so it gets big Internet firms favour and wins a wide range of applications. For OAUTH protocol, it is a kind of license agreement rather than the authentication protocol, so the security problem of OAUTH protocol is exposed with the wide use of it. Whether OAUTH2.0or OAUTH1.0, security issues will hinder its development.Based on the in-depth study of OAUTH protocol, the identity authentication technology, dynamic password technology, first of all, using BAN logic analyzes OATUH protocol and OAUTH2.0four kinds of authorization mode’s expansion concrete analysis, access to safe at the root of the problem; then, combined with the dynamic password technology, radio, logging and other related technology and theory improve the security issues involved in the OAUTH protocol; then, showcase these findings by the platform, design the related module of platform, such as the dynamic password implementation, the OAUTH authorization implementation, REST WEB services, etc., including the comparison of identity authentication technology in several ways and dynamic password technology in several authentication mode, selecting the right sound authentication, the design of password generation algorithm d, the design of password authentication based process, the design of the access token and authorization code, etc. Finally, implement the dynamic password platform based on OAUTH protocol by using JAVA, to complete a platform which is safe, reliable, open and has strong ability to scale.Dynamic password platform based on the OAUTH protocol, on the one hand, can provide sound identification, in order to satisfy the security requirements; Another aspect it can realize the user information sharing, improve the utilization of network resources, reduce and save user management system platform development maintenance cost, also save users registered account link, and improve the OAUTH protocol, add dynamic authentication, so as to avoid the attacker using XSS, CSRF hijacking user account, and then the user unified identity authentication and access management can be completed.