CN103327489A - Authentication method and system - Google Patents
Authentication method and system Download PDFInfo
- Publication number
- CN103327489A CN103327489A CN2013102695496A CN201310269549A CN103327489A CN 103327489 A CN103327489 A CN 103327489A CN 2013102695496 A CN2013102695496 A CN 2013102695496A CN 201310269549 A CN201310269549 A CN 201310269549A CN 103327489 A CN103327489 A CN 103327489A
- Authority
- CN
- China
- Prior art keywords
- client
- authentication
- communication server
- signature
- echo message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an authentication method and system and relates to the technical field of communication. The authentication method and system solves the problem that identity information of a client side can be usurped when authentication is carried out on the client side. The authentication method comprises the steps that an authentication request is sent to a communication server, wherein the authentication request indicates that authentication is carried out between the client side and the communication server; the authentication is carried out between the client side and the communication server according to responded information, wherein the responded information comprises any information different from the identity information of the client side and is calculated by the client side according to a P signature, and the communication server can judge whether the client side is configured with the legal P signature according to the responded information; the communication server sends authentication response to the client side, wherein the authentication response is used for representing whether the authentication of the client side is achieved. The authentication method and system can be applied to equipment authentication.
Description
Technical field
The present invention relates to communication technical field, relate in particular to the method and system of authentication.
Background technology
The mobile Internet of day by day popularizing has also brought safe new challenge bring communication, information sharing simultaneously easily for the user.Because the opening of mobile radio network is intercepted and captured, monitored, distorts so that wireless communication data is easier, this causes great threat to privacy of user.Traditional identity identifying technology can be revealed the privacy information of Authentication Client, for example, and identity information etc.The anonymous authentication technology can prevent the leakage of identity information in verification process.
In the verification process of prior art, user end to server carries out anonymous authentication needs the auxiliary of certification authority.This verification process can comprise: client sends to server with the identity information that blinds, and server is signed to the identity information that blinds and sent back to client after producing the first authentication information; Client generates the service request that blinds, and the identity information of oneself, the service request that blinds and the first authentication information are sent to certification authority's request assistance; Certification authority signs to the service request that blinds according to the identity information and the first authentication information that receive, generates the second authentication information; Client sends to server with service request and the second authentication information that blinds; Server is by verifying to realize the authentication to terminal to the second authentication information.
State in realization in the verification process, the inventor finds that there are the following problems at least in the prior art: the opening of mobile radio telecommunications, so that being easy to victim, monitors the transmission of data that transmits between client and the server, if victim is monitored in verification process, then the assailant can obtain the identity information of client, causes the leakage of identity information.
Summary of the invention
Embodiments of the invention provide a kind of method and system of authentication, after adopting such scheme, whether the communication server is configured with legal P signature according to client authenticates this client, in carrying out this verification process, the identity information of transmission client has not avoided identity information to be stolen in transmission course.
For achieving the above object, embodiments of the invention adopt following technical scheme:
First aspect provides a kind of method of authentication, comprising:
Client sends the authentication request that is used to indicate described client and described communication server execution authentication operation to the communication server;
Described client is carried out authentication operation according to echo message and the described communication server, described echo message comprises any information of being different from described client identity information and is obtained according to described P signature calculation by client, is used for the communication server and determines whether described client is configured with legal P signature; Described, described echo message; The described communication server sends authentication response to described client, and described authentication response is used for characterizing whether authentication success of described client.
Second aspect provides the another kind of system that authenticates, and comprising:
Client and the communication server, wherein:
Described client comprises: the first transmitting element, authentication ' unit;
Described the first transmitting element is used for sending the authentication request that is used to indicate described client and described communication server execution authentication operation to the communication server;
Described authentication ' unit, be used for carrying out authentication operation according to echo message and the described communication server, so that the described communication server determines according to described echo message whether described client is configured with legal P signature, described echo message be described client according to described P signature calculation, any information that described echo message comprises is different from the identity information of described client;
The described communication server comprises: the second transmitting element;
Described the second transmitting element is used for sending authentication response to described client, and described authentication response is used for characterizing whether authentication success of described client.
The method and system of the authentication that the embodiment of the invention provides, after adopting such scheme, whether the communication server can be configured with legal P signature according to client authenticates this client, concrete, if client is configured with the P signature, then this client certificate success, if this client is not configured with the P signature, then this client certificate failure.Concrete, can be to judge according to echo message whether client is configured with legal P signature, and comprise any information that is different from client identity information in the echo message, in other words, in carrying out verification process, the identity information of transmission client not between client and the communication server has avoided this identity information to be stolen in transmission course, has increased the fail safe of identity information.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention, the accompanying drawing of required use was done to introduce simply during the below will describe embodiment, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The method flow diagram of a kind of authentication that Fig. 1 provides for the present embodiment;
The method flow diagram that the another kind that Fig. 2 provides for the present embodiment authenticates;
The data interaction figure of the authentication operation that Fig. 3 provides for the present embodiment;
The data interaction figure of the authentication operation under special scenes that Fig. 4 provides for the present embodiment;
The structural representation of the system of a kind of authentication that Fig. 5 provides for the present embodiment;
The structural representation of the system that the another kind that Fig. 6 provides for the present embodiment authenticates.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
In order to solve the problem of mentioning in the background technology, the present embodiment provides a kind of method of authentication, as shown in Figure 1, can comprise:
101, client sends authentication request to the communication server.
Wherein, authentication request can be used to indicate client and communication server execution authentication operation.
As an embodiment of the present embodiment, before client and the corresponding operation of communication server execution, the communication server need to authenticate client, behind authentication success, client just can be carried out corresponding operation with the communication server, wherein, corresponding operation can comprise: business provides etc.
102, client is carried out authentication operation according to echo message and the communication server, so that the communication server determines according to echo message whether client is configured with legal P signature.
Wherein, echo message be client according to the P signature calculation, any information that echo message comprises is different from the identity information of client, does not namely comprise the identity information of client in the echo message.
As an embodiment of the present embodiment, if client is configured with legal P signature, then client certificate success, otherwise, the then unverified success of client.
P signature is a kind ofly can determine whether certain equipment is configured with the signature of this P signature in the situation that do not know P signature itself, and can be certificate server configure according to the identity information of client the P signature.
Wherein, certificate server and the communication server can be two separate servers.
The present embodiment is not construed as limiting P signature and the method for obtaining the P signature, for technology well known to those skilled in the art, does not repeat them here.
103, the communication server sends authentication response to client.
Wherein, authentication response can be used for characterize whether authentication success of client.Client can according to the corresponding definite authentication result of the authentication that receives (whether authentication authorization and accounting is successful), then, can be carried out subsequent step according to authentication result again.
After adopting such scheme, whether the communication server can be configured with legal P signature according to client authenticates this client, concrete, if client is configured with the P signature, then this client certificate success, if this client is not configured with the P signature, then this client certificate failure.Concrete, can be to judge according to echo message whether client is configured with legal P signature, and any information that comprises in the echo message is different from the identity information of client, in other words, in carrying out verification process, the identity information of transmission client not between client and the communication server has avoided this identity information to be stolen in transmission course, has increased the fail safe of identity information.
The present embodiment provides the method for another kind of authentication, and the method is that further expanding with concrete of each step in the method shown in Figure 1 limited, and as shown in Figure 2, can comprise:
201, client is obtained the P signature from certificate server.
Concrete, client is obtained the P signature and can be comprised from certificate server:
Client sends identity information to certificate server; Certificate server generates the P signature according to identity information; This P signature is sent to corresponding client.Wherein, the P of different clients signs different, and there is only one-to-one correspondence in the P signature with client.
The present embodiment is not construed as limiting P signature and the method for obtaining the P signature, for technology well known to those skilled in the art, does not repeat them here.
As an embodiment of the present embodiment, client can the random time before authentication be obtained the P signature from certificate server.Because before authentication, also for communicating, therefore, transmit identity and can not be stolen this moment between each equipment.
As a kind of preferred implementation of the present embodiment, when client was carried out initialization and arranged, client was obtained the P signature from certificate server.
What deserves to be explained is, client can be obtained the P signature any time before carrying out authentication operation from certificate server, is not limited to when client is carried out initialization and arranged, and client is obtained P this scene of signing from certificate server.
Further, the P signature can be used for characterizing the identity of client, but the P signature is different from the identity information of client.
202, client sends authentication request to the communication server.
Wherein, authentication request can be used to indicate client and communication server execution authentication operation.
As an embodiment of the present embodiment, the communication server provided required business to client before, client can send service request to the communication server; The communication server sends acknowledge message to client; Client and the communication server are carried out authentication operation, and only behind authentication success, the communication server just provides required business to client.
Wherein, certificate server and the communication server can be two separate servers.
203, the communication server receives the authentication request that client sends.
204, client is carried out authentication operation according to echo message and the communication server, so that the communication server determines according to echo message whether client is configured with legal P signature.
Wherein, any information that echo message comprises is different from the identity information of client, does not namely comprise the identity information of client in the echo message.
As an embodiment of the present embodiment, the present embodiment can adopt promises to undertake that challenging response protocol carries out authentication operation, as shown in Figure 3, specifically can comprise:
1. client sends the commitment information of obtaining at random to the communication server;
Wherein, any information that commitment information comprises is different from the identity information of client, and namely commitment information does not comprise the identity information of client.
The numerical value of commitment information can but be not limited to: 1, the integer values such as 2,3.
2. the communication server sends the challenge information that obtains at random to client;
Wherein, any information that challenge information comprises is not identical with the identity information of client, and namely challenge information does not comprise the identity information of client.
The numerical value of challenge information can but be not limited to: 1, the integer values such as 2,3.
3. the challenge information that sends of the client communication server;
4. client is according to promising to undertake that the challenge response protocol generates echo message;
Wherein, the account form of echo message can be according to promising to undertake that the appointment formula in the challenge response protocol calculates, wherein, specifying in the formula to comprise following parameter: P signature, commitment information and challenge information;
As an embodiment of the present embodiment, client with P signature, commitment information, challenge information as parameter, the echo message generating algorithm Generate of the appointment in the challenge response protocol is promised to undertake in operation, and with the as a result rep of algorithm output as echo message, that is: rep ← Generate.
The present embodiment is not construed as limiting algorithm Generate, is technology well known to those skilled in the art, for example, can be to promise to undertake the efficient algorithm of being scheduled in advance in the challenge response protocol, can realize the echo message systematic function, does not repeat them here.
5. client sends echo message to the communication server;
6. the communication server receives the echo message that client sends;
7. the communication server judges according to promise challenge response protocol and echo message whether client is configured with legal P signature.
Wherein, judge that the method whether client is configured with legal P signature can comprise:
At first according to promising to undertake that the appointment formula in the challenge response protocol calculates a corresponding reference value, then, judge this reference value whether fall into promise to undertake between the designation area that the challenge response protocol sets in, if in falling between designation area, then client is configured with legal P signature, if in not falling between designation area, then client is not configured with legal P signature (or not being configured with P signature etc.).Wherein, specify the parameter in the formula to comprise: echo message, commitment information and challenge information.
As an embodiment of the present embodiment, judge that the process whether client is configured with legal P signature is:
After the communication server receives echo message, at first with commitment information, challenge information, echo message as parameter, the algorithm Ver of the appointment in the challenge response protocol is promised to undertake in operation, stores the Output rusults r of this algorithm, i.e. r ← Ver; Further, the communication server is with the r value and promise to undertake legal interval comparison predetermined in the challenge response protocol, if r drops in the legal interval, then the communication server thinks that client is configured with legal P signature, authentication success, otherwise think that client is not configured with legal P signature, then not success of authentication.
The present embodiment is not construed as limiting algorithm Ver, is technology well known to those skilled in the art, for example, can be to promise to undertake predetermined efficient algorithm in the challenge response protocol; The legal interval of comparing with the r value also can be to promise to undertake predetermined interval in the challenge response protocol, has a small amount of appointment numerical value in this interval.
The present embodiment generates the method for echo message and step 7 to step 4 and judges whether client is configured with the method that legal P signs and is not construed as limiting, for example, all can be according to promising to undertake that corresponding specific formulation is calculated in the challenge response protocol, be technology well known to those skilled in the art, and can set according to actual needs, not repeat them here.
The present embodiment is not construed as limiting promising to undertake the challenge response protocol, for ability and technology known by the technical staff, does not repeat them here.
What deserves to be explained is, when carrying out authentication operation, because client is not transferred to the communication server with identity information, therefore the communication server is only to determine whether client is configured with legal P signature, can not determine which client is the client of carrying out authentication operation be, when the communication server need to send challenge information or authentication response to client, bottom IP (the Internet Protocol of the information that the communication server can be first sends according to the corresponding client that receives, the agreement that interconnects between the network) information such as address is determined the address of purpose client, then, can challenge information or authentication response be sent to the purpose client according to the address of purpose client.
The present embodiment determines that to the communication server method of the address of purpose client is not construed as limiting, and is technology well known to those skilled in the art, can set according to actual needs, does not repeat them here.
Can be found out by foregoing, in carrying out the authentication operation process, the identity information that does not all comprise client in the commitment information of transmitting between client and the communication server, challenge information, the echo message, namely in carrying out the authentication operation process, the identity information of transmission client and P signature not between client and the communication server, like this, avoided carrying out the identity information of client in the authentication operation process and being stolen, effectively guaranteed the anonymity of authentication.
In addition, in the authentication method of carrying out the present embodiment, client has only carried out once communicating by letter with certificate server before carrying out authentication operation, be used for obtaining the P signature, in the process of carrying out authentication operation, client is not carried out any transfer of data with certificate server, like this, avoided in the process of carrying out authentication operation, because client and certificate server communicate the problem that causes the communication server response time to prolong.
205, the communication server sends authentication response to client.
Wherein, authentication response can whether the authentication success client can according to the corresponding definite authentication result of the authentication that receives (whether authentication authorization and accounting is successful), then, can be carried out subsequent step according to authentication result again for characterizing client.
If the client certificate success, then client and communication equipment can be carried out corresponding operating, as, can provide required business etc. to client for the communication server.
If the authentification failure of client, then client can be carried out authentication operation with the communication server again again.Until authentication success; Perhaps,
If the authentification failure of client, then client can finish identifying procedure.
The present embodiment is not construed as limiting the rear operation of carrying out of client certificate failure, can set according to actual needs, does not repeat them here.
After adopting such scheme, whether the communication server can be configured with legal P signature according to client authenticates this client, concrete, if client is configured with the P signature, then this client certificate success, if this client is not configured with the P signature, then this client certificate failure.Concrete, can be to judge according to echo message whether client is configured with legal P signature, and any information that comprises in the echo message is different from the identity information of client, in other words, in carrying out verification process, the identity information of transmission client not between client and the communication server has avoided this identity information to be stolen in transmission course, has increased the fail safe of identity information.
In addition, in the authentication method of carrying out the present embodiment, client has only carried out once communicating by letter with certificate server before carrying out authentication operation, be used for obtaining the P signature, in the process of carrying out authentication operation, client is not carried out any transfer of data with certificate server, like this, avoided in the process of carrying out authentication operation, because client and certificate server communicate the problem that causes the communication server response time to prolong.
In order can better to understand above-described embodiment, below in conjunction with concrete scene above-described embodiment is described.
Wherein, this scene can comprise: client is at first registered to certificate server, and obtains the P signature; When client needed the communication server that required business is provided, client was to communication server requested service, and client at first sends service request to the communication server; The communication server sends confirmation to client after receiving service request, this confirmation is used to indicate client and the communication server is carried out authentication operation.In this scene, after client succeeds in registration to certificate server, just to communication server requested service.
Concrete, as shown in Figure 4, can comprise:
1. client sends the identity information of client to the communication server;
2. the communication server is verified this client according to the identity information that receives, if be proved to be successful, then execution in step 3, if verify unsuccessfully, then sends registration failure message to client;
3. the communication server adopts corresponding signature algorithm and generates the P signature according to identity information;
4. the communication server sends the P signature to client;
5. client and store P signature;
6. client sends service request to the communication server;
7. the communication server sends confirmation to client after receiving service request;
8. client sends the commitment information of obtaining at random to the communication server after receiving the confirmation information; The communication server sends the challenge information that obtains at random to client;
9. client is calculated echo message according to the challenge information that receives, commitment information, P signature, promise challenge response protocol;
10. send echo message to the communication server;
11. the communication server judges according to the echo message that receives, commitment information, challenge information, promise challenge response protocol whether client is configured with the P signature, if comprise, and then client certificate success, if do not comprise, then client certificate failure;
12. the communication server sends authentication response to client.
Wherein, any information of comprising of echo message is not identical with the identity information of client; Any information that commitment information comprises is not identical with the identity information of client; Any information that challenge information comprises is not identical with the identity information of client.
In the present embodiment, whether the communication server can be configured with legal P signature according to client authenticates this client, concrete, if client is configured with the P signature, then this client certificate success, if this client is not configured with the P signature, then this client certificate failure.Concrete, can be to judge according to echo message whether client is configured with legal P signature, and any information that comprises in the echo message is different from the identity information of client, in other words, in carrying out verification process, the identity information of transmission client not between client and the communication server has avoided this identity information to be stolen in transmission course, has increased the fail safe of identity information.
In addition, in the authentication method of carrying out the present embodiment, client has only carried out once communicating by letter with certificate server before carrying out authentication operation, be used for obtaining the P signature, in the process of carrying out authentication operation, client is not carried out any transfer of data with certificate server, like this, avoided in the process of carrying out authentication operation, because client and certificate server communicate the problem that causes the communication server response time to prolong.
The below provides some system embodiments, and this system embodiment is corresponding with the above-mentioned corresponding embodiment of the method that provides.
The present embodiment provides a kind of system of authentication, as shown in Figure 5, can comprise:
The first transmitting element 511 is used for sending authentication request to the communication server 52, and authentication request is used to indicate client 51 and carries out authentication operation with the communication server 52;
Authentication ' unit 512, be used for carrying out authentication operation according to echo message and the communication server 52, so that the communication server 52 determines according to echo message whether client 51 is configured with legal P signature, echo message be client 51 according to the P signature calculation, any information that echo message comprises is different from the identity information of client 51;
The communication server 52 comprises: the second transmitting element 521;
The second transmitting element 521 is used for sending authentication responses to client 51, and authentication response is used for characterizing whether authentication success of client 51.
After adopting such scheme, whether the communication server can be configured with legal P signature according to client authenticates this client, concrete, if client is configured with the P signature, then this client certificate success, if this client is not configured with the P signature, then this client certificate failure.Concrete, can be to judge according to echo message whether client is configured with legal P signature, and any information that comprises in the echo message is different from the identity information of client, in other words, in carrying out verification process, the identity information of transmission client not between client and the communication server has avoided this identity information to be stolen in transmission course, has increased the fail safe of identity information.
The present embodiment provides the system of another kind of authentication, and this recognizes system is further restriction to the system of authentication shown in Figure 5, as shown in Figure 6, can comprise:
The first transmitting element 611 is used for sending authentication request to the communication server 62, and authentication request is used to indicate client 61 and carries out authentication operation with the communication server 62;
Authentication ' unit 612, be used for carrying out authentication operation according to echo message and the communication server 62, so that the communication server 62 determines according to echo message whether client 61 is configured with legal P signature, echo message be client 61 according to the P signature calculation, any information that echo message comprises is different from the identity information of client 61;
The communication server 62 comprises: the second transmitting element 621;
The second transmitting element 621 is used for sending authentication responses to client 61, and authentication response is used for characterizing whether authentication success of client 61.
Further, client 61 also comprises: acquiring unit 613;
Acquiring unit 613 is used for obtaining the P signature from certificate server, and to be certificate server generate according to the identity information of client 61 the P signature, and identity information is that client 61 sends to certificate server.
Further, acquiring unit 613, concrete being used for when client 61 is carried out initialization and arranged, client 61 is obtained the P signature from certificate server.
Further, authentication ' unit 612 comprises:
Sending module 6122 is used for sending echo message to the communication server;
The communication server 62 also comprises: judging unit 622;
Judging unit 622 is used for judging according to promise challenge response protocol and echo message whether client 61 is configured with the P signature.
Further, the P signature that obtains of acquiring unit 613 is used for characterizing the identity of client 61.
After adopting such scheme, whether the communication server can be configured with legal P signature according to client authenticates this client, concrete, if client is configured with the P signature, then this client certificate success, if this client is not configured with the P signature, then this client certificate failure.Concrete, can be to judge according to echo message whether client is configured with legal P signature, and any information that comprises in the echo message is different from the identity information of client, in other words, in carrying out verification process, the identity information of transmission client not between client and the communication server has avoided this identity information to be stolen in transmission course, has increased the fail safe of identity information.
In addition, in the authentication method of carrying out the present embodiment, client has only carried out once communicating by letter with certificate server before carrying out authentication operation, be used for obtaining the P signature, in the process of carrying out authentication operation, client is not carried out any transfer of data with certificate server, like this, avoided in the process of carrying out authentication operation, because client and certificate server communicate the problem that causes the communication server response time to prolong.
Through the above description of the embodiments, the those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential common hardware, can certainly pass through hardware, but the former is better execution mode in a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium that can read, floppy disk such as computer, hard disk or CD etc., comprise some instructions with so that computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above; be the specific embodiment of the present invention only, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection range with claim.
Claims (10)
1. the method for an authentication is characterized in that, comprising: client sends the authentication request that is used to indicate described client and described communication server execution authentication operation to the communication server;
Described client is carried out authentication operation according to echo message and the described communication server, described echo message comprises any information of being different from described client identity information and is obtained according to described P signature calculation by client, is used for the communication server and determines whether described client is configured with legal P signature; Described, described echo message;
The described communication server sends authentication response to described client, and described authentication response is used for characterizing whether authentication success of described client.
2. method according to claim 1 is characterized in that, before described client was according to echo message and described communication server execution authentication operation, described method also comprised:
Described client is obtained described P signature from certificate server, to be described certificate server generate according to the identity information of described client described P signature, and described identity information is that described client sends to described certificate server.
3. method according to claim 2 is characterized in that, described client is obtained described P signature and is specially from certificate server:
When described client was carried out initialization and arranged, described client was obtained described P signature from described certificate server.
4. the described method of any one in 3 according to claim 1 is characterized in that, described client is carried out authentication operation according to echo message and the described communication server and comprised:
Described client is according to promising to undertake that the challenge response protocol generates described echo message;
Described client sends described echo message to the described communication server;
The described communication server judges according to described promise challenge response protocol and described echo message whether described client is configured with described P signature.
5. method according to claim 4 is characterized in that, described P signature is used for characterizing the identity of described client, has unique corresponding relation with described client.
6. the system of an authentication is characterized in that, comprising: client and the communication server, wherein:
Described client comprises: the first transmitting element, authentication ' unit;
Described the first transmitting element is used for sending the authentication request that is used to indicate described client and described communication server execution authentication operation to the communication server;
Described authentication ' unit, be used for carrying out authentication operation according to echo message and the described communication server, described echo message comprises any information of being different from described client identity information and is obtained according to described P signature calculation by client, is used for the communication server and determines whether described client is configured with legal P signature; Described, described echo message;
The described communication server comprises: the second transmitting element;
Described the second transmitting element is used for sending authentication response to described client, and described authentication response is used for characterizing whether authentication success of described client.
7. system according to claim 6 is characterized in that, described client also comprises: acquiring unit;
Described acquiring unit is used for obtaining described P signature from certificate server, and to be described certificate server generate according to the identity information of described client described P signature, and described identity information is that described client sends to described certificate server.
8. system according to claim 7 is characterized in that, described acquiring unit, and concrete being used for when described client is carried out initialization and arranged, described client is obtained described P signature from described certificate server.
9. the described system of any one in 8 according to claim 6 is characterized in that, described authentication ' unit comprises:
Generation module is used for according to promising to undertake that the challenge response protocol generates described echo message;
Sending module is used for sending described echo message to the described communication server;
The described communication server also comprises: judging unit;
Described judging unit is used for judging according to described promise challenge response protocol and described echo message whether described client is configured with described P signature.
10. system according to claim 9 is characterized in that, the P signature that described acquiring unit obtains is used for characterizing the identity of described client, has unique corresponding relation with described client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310269549.6A CN103327489B (en) | 2013-06-28 | 2013-06-28 | The method and system of certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310269549.6A CN103327489B (en) | 2013-06-28 | 2013-06-28 | The method and system of certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103327489A true CN103327489A (en) | 2013-09-25 |
| CN103327489B CN103327489B (en) | 2017-04-05 |
Family
ID=49195967
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310269549.6A Active CN103327489B (en) | 2013-06-28 | 2013-06-28 | The method and system of certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103327489B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005101727A1 (en) * | 2004-04-15 | 2005-10-27 | Matsushita Electric Industrial Co., Ltd. | Communication device, communication system, and authentication method |
| CN1728636A (en) * | 2004-07-29 | 2006-02-01 | 华为技术有限公司 | Method of the attestion at client end |
| CN101924635A (en) * | 2010-08-04 | 2010-12-22 | 吴晓军 | Method and device for user identity authentication |
| CN102238192A (en) * | 2010-07-27 | 2011-11-09 | 微软公司 | Anonymous health care and record system |
| CN102546179A (en) * | 2011-12-31 | 2012-07-04 | 珠海市君天电子科技有限公司 | Identity authentication method applied between server side and client side |
| CN102663591A (en) * | 2012-03-19 | 2012-09-12 | 樊俊锋 | Product anti-counterfeiting method and system based on electronic tag |
| CN102801528A (en) * | 2012-08-17 | 2012-11-28 | 珠海市载舟软件技术有限公司 | Authentication system and method based on intelligent mobile communication equipment |
-
2013
- 2013-06-28 CN CN201310269549.6A patent/CN103327489B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005101727A1 (en) * | 2004-04-15 | 2005-10-27 | Matsushita Electric Industrial Co., Ltd. | Communication device, communication system, and authentication method |
| US20070106894A1 (en) * | 2004-04-15 | 2007-05-10 | Yibo Zhang | Communication device, communication system and authentication method |
| CN1728636A (en) * | 2004-07-29 | 2006-02-01 | 华为技术有限公司 | Method of the attestion at client end |
| CN102238192A (en) * | 2010-07-27 | 2011-11-09 | 微软公司 | Anonymous health care and record system |
| CN101924635A (en) * | 2010-08-04 | 2010-12-22 | 吴晓军 | Method and device for user identity authentication |
| CN102546179A (en) * | 2011-12-31 | 2012-07-04 | 珠海市君天电子科技有限公司 | Identity authentication method applied between server side and client side |
| CN102663591A (en) * | 2012-03-19 | 2012-09-12 | 樊俊锋 | Product anti-counterfeiting method and system based on electronic tag |
| CN102801528A (en) * | 2012-08-17 | 2012-11-28 | 珠海市载舟软件技术有限公司 | Authentication system and method based on intelligent mobile communication equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103327489B (en) | 2017-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101369893B (en) | Method for local area network access authentication of casual user | |
| CN104145465B (en) | The method and apparatus of bootstrapping based on group in machine type communication | |
| CN107113173B (en) | Method and apparatus for providing service based on identifier of user equipment | |
| TW201706900A (en) | Method and device for authentication using dynamic passwords | |
| CN102916869B (en) | Instant messaging method and system | |
| CN109561066A (en) | Data processing method and device, terminal and access point computer | |
| CN111869249A (en) | Safe BLE JUST WORKS pairing method for man-in-the-middle attack | |
| CN102957584B (en) | Home network equipment management method, control equipment and home network equipment | |
| CN102271133B (en) | Authentication method, device and system | |
| CN104767715A (en) | Network access control method and equipment | |
| CN108880822A (en) | A kind of identity identifying method, device, system and a kind of intelligent wireless device | |
| CN105577377B (en) | The authentication method and system of identity-based with key agreement | |
| CN102082665B (en) | Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication | |
| CN105493453A (en) | Method, device and system achieving remote access | |
| CN105164689A (en) | User authentication | |
| CN102984045B (en) | The cut-in method and Virtual Private Network client of Virtual Private Network | |
| CN104185176A (en) | Method and system for remote initialization of Internet of Things virtual subscriber identity module card | |
| CN105262748A (en) | Wide area network user terminal identity authentication method and system | |
| CN102143492B (en) | Method for establishing virtual private network (VPN) connection, mobile terminal and server | |
| CN102638468A (en) | Method, sending end, receiving end and system for protecting information transmission safety | |
| CN105471885A (en) | Remote server based on VPN connection and login method thereof | |
| CN104202170A (en) | Identity authentication system and method based on identifiers | |
| CN104955040B (en) | Network authentication method and equipment | |
| CN101394395B (en) | Authentication method, system and device | |
| CN109962781A (en) | A kind of digital certificate diostribution device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |