With the rapid development of the networks and computer technology, e-mail, with its convenient features, has become a widespread information-sharing tool. Individuals, corporations, even government agencies use e-mail communications. However, with increasingly frequent exchanges activities on the internet, the e-mail transmission on the network has exposed more personal privacy and commercial secrets and even state secrets. And the existence unsafe factors of traditional e-mail system such as the interception, falsification or forgery, etc., are seriously restricting the e-mail application in e-commerce, e-government. The current security e-mail systems mainly adopt PKI and IBE technology, but these technologies have their own problems. Besides, whether PKI or IBE technology, are targeted by user's digital identity which makes the identity authentication and system security on the basis of unestablished passwords. Therefore, the current technology can not establish an effective link between legitimate users’s real identity and his digital identity. This paper improves a fingerprint based networking identity authentication scheme which is proposed by our lab, and designs and implements a secure e-mail system based on this scheme trying to make a solution to the current e-mail security problems encountered in the application. The main work of this dissertation is as follows: 1) We improve a fingerprint based networking identity authentication scheme proposed by our lab, referred to FIBE (Fingerprint & Identity Based Encryption). We make analysis of fingerprint data signatures’ potential security risks, and modify the fingerprint data signature generating process. We modify the fingerprint summary matching algorithm and make experimental analysis from perspective of attacks. 2) According to FIBE scheme, we design and implement the fingerprint authentication based secure e-mail system by realizing this three-part: the trusted third party TA (Trusted Authority) subsystem, e-mail server subsystem and e-mail client subsystems. We adopt fingerprint U disk to collect fingerprint images, and generates and matches the fingerprint summary template. We realize legitimate access and manage of the key stored in U disk by dual-factor authentication. Thus we achieve the unification of user’s physical identity and digital identity to enhance the security performance of the e-mail system. Key Words:Identity authentication, Fingerprint authentication, Secure e-mail
修改评论