企业需要在Internet/Intranet环境下安全从事商务活动 ,用户认证是确保其安全性的基本前提。笔者通过对现有用户认证方法和协议的研究 ,在Kerberos协议的基础上 ,提出了一种基于数字证书与灵巧卡的、采用公钥密码体制的交互式强用户认证系统。该系统在满足交互式实时认证的速度要求的前提下 ,简化了密钥的管理、分配、存贮问题 ,也减轻了客户端的负担 ,较好地解决了Kerberos协议存在的几个不足。 Enterprises need to be safe in the Internet / Intranet environment to engage in business activities, user authentication is to ensure the safety of the basic premise. Based on the research of Kerberos protocol, this paper proposes a new interactive strong user authentication system based on digital certificate and smart card, which uses public-key cryptosystem, through the research of existing user authentication methods and protocols. Under the premise of meeting the speed requirements of interactive real-time authentication, the system simplifies the key management, allocation and storage issues and reduces the load on the client. It solves several problems of the Kerberos protocol.