CN104113535B - Identity tag update method, system, management server and access device - Google Patents
Identity tag update method, system, management server and access device Download PDFInfo
- Publication number
- CN104113535B CN104113535B CN201410316795.7A CN201410316795A CN104113535B CN 104113535 B CN104113535 B CN 104113535B CN 201410316795 A CN201410316795 A CN 201410316795A CN 104113535 B CN104113535 B CN 104113535B
- Authority
- CN
- China
- Prior art keywords
- identity
- identity tag
- mark
- tag
- temporary
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of identity tag update method, system, IMS and LD, belong to field of communication technology, solve existing identity tag authentication method and there is technical issues that.The update method includes:Generate temporary identity mark pair;IMS is by temporary identity mark to being sent to LD;LD, to replacing old identity tag pair, IMS is sent to as new identity tag pair, and by update result with temporary identity mark;The IMS temporary identity mark identity tags pair old to replacement, as new identity tag pair.
Description
Technical field
The present invention relates to field of communication technology, specifically, being related to a kind of identity tag update method, system, identity mark
Will management server and access device.
Background technology
In network communications, the judgement of node credibility is the important link in secure communication process.Current network leads to
In letter, generally using unique traits such as the IP address of access device or MAC Address, it is authenticated, that is, uses as identity tag
Fixed identity tag carrys out certification access device.
But carried out in the scheme of authentication by the fixed identity tag of setting, it is necessary to pass through designer or reality
Personnel are applied to set fixed identity tag, and designer or implement that personnel may inadvertently lose, to reveal these solid
Identity tag is determined, so as to cause some potential safety problems to network communication.
Invention content
The purpose of the present invention is to provide a kind of identity tag update method, system, identity tag management server and connect
Enter equipment, there is technical issues that solve existing identity tag authentication method.
The present invention provides a kind of identity tag update method, including:
Temporary identity mark pair is generated for access device, the temporary identity mark is to including access device temporary identity mark
Will and identity tag management server temporary identity mark;
The identity tag more new demand for including the temporary identity mark pair is sent to access device, it specifically can be with
For:By the temporary identity mark to being packaged and encrypting, identity tag more new demand ciphertext is formed;By the identity tag
More new demand ciphertext is sent to access device;
Receive the identity tag update result that access device is sent out;
With the temporary identity mark to replacing old identity tag pair, as new identity tag pair.
The present invention also provides another corresponding identity tag update method, including:
The identity tag more new demand that identity tag management server is sent out is received, and obtains the identity tag update and wants
Temporary identity mark pair in asking, the temporary identity mark is to including access device temporary identity mark and identity tag management
Server temporary identity mark;
With the temporary identity mark to replacing old identity tag pair, as new identity tag pair;
The identity tag for including new identity tag pair update result is sent to identity tag management server, specifically
Can be:
By new identity tag to being packaged and encrypting, identity tag update result ciphertext is formed;
Identity tag update result ciphertext is sent to access device.
The present invention also provides a kind of identity tag update method, including:
Identity tag management server generates temporary identity mark pair for access device, and the temporary identity mark is to including
Access device temporary identity mark and identity tag management server temporary identity mark;
The identity tag more new demand for including the temporary identity mark pair is sent to by identity tag management server
Access device;
Access device receives the identity tag more new demand that identity tag management server is sent out, and obtains the identity mark
Temporary identity mark pair in will more new demand, the temporary identity mark is to including access device temporary identity mark and identity
Flag management server temporary identity mark;
The access device temporary identity mark identity tag pair old to replacement, as new identity tag pair;
The identity tag for including new identity tag pair update result is sent to identity tag management clothes by access device
Business device;
Identity tag management server receives the identity tag update result that access device is sent out;
The identity tag management server temporary identity mark identity tag pair old to replacement, as new identity
Mark pair.
The present invention provides a kind of identity tag management server, including:
Temporary identity mark generation module, for generating temporary identity mark pair, the temporary identity mark for access device
Will is to including access device temporary identity mark and identity tag management server temporary identity mark;
Sending module sets for the identity tag more new demand for including the temporary identity mark pair to be sent to access
It is standby;
Receiving module updates result for receiving the identity tag that access device is sent out;
Update module, for the temporary identity mark to replacing old identity tag pair, as new identity tag
It is right.
Further, the sending module is specifically used for:
By the temporary identity mark to being packaged and encrypting, identity tag more new demand ciphertext is formed;
The identity tag more new demand ciphertext is sent to access device.
The present invention also correspondingly provides a kind of access device, including:
Receiving module, for receiving the identity tag more new demand that identity tag management server is sent out, and described in acquisition
Temporary identity mark pair in identity tag more new demand, the temporary identity mark is to including access device temporary identity mark
With identity tag management server temporary identity mark;
Update module, for the temporary identity mark to replacing old identity tag pair, as new identity tag
It is right;
Sending module, for the identity tag update result for including new identity tag pair to be sent to identity tag pipe
Manage server.
Further, the sending module is specifically used for:
By new identity tag to being packaged and encrypting, identity tag update result ciphertext is formed;
Identity tag update result ciphertext is sent to access device.
The present invention also provides a kind of identity tag more new system, including above-mentioned identity tag management server and above-mentioned
Access device.
Present invention offers following advantageous effects:It, can will be for authentication in the technical solution that present aspect provides
Identity tag is automatically updated, that is, is authenticated using dynamic identity tag, to avoid due to designer or
Implementation personnel leak identity tag and caused by security risk, so as to improve the safety of authentication.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that being understood by implementing the present invention.The purpose of the present invention and other advantages can be by specification, rights
Specifically noted structure is realized and is obtained in claim and attached drawing.
Description of the drawings
To describe the technical solutions in the embodiments of the present invention more clearly, it is required in being described below to embodiment
Attached drawing does simple introduction:
Fig. 1 is the flow chart of identity tag update method provided in an embodiment of the present invention;
Fig. 2 is the schematic diagram of identity tag provided in an embodiment of the present invention more new system.
Specific embodiment
Carry out the embodiment that the present invention will be described in detail below with reference to accompanying drawings and embodiments, how the present invention is applied whereby
Technological means solves technical problem, and the realization process for reaching technique effect can fully understand and implement according to this.It needs to illustrate
As long as not forming conflict, each embodiment in the present invention and each feature in each embodiment can be combined with each other,
The technical solution formed is within protection scope of the present invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of identity tag update method, in access device (Link
Device, abbreviation LD) between identity tag management server (Identify Manage Server, abbreviation IMS) carry out body
Identity tag is updated during part certification.
The identity tag update method includes:
S1:IMS carries out authentication to LD, and obtains LD information.
Specifically, LD communicates with IMS, the access device identity tag (LD_ID) of IMS certifications LD, certification by rear,
Obtain the information such as the IP address of LD.Also not newer old LD_ID is used at this time, so verification process is, IMS should
LD_ID is compared in identity tag library (IMS_IDDB).
If certification does not pass through, the communication between LD and IMS is terminated, it is not required that update identity tag.
S2:IMS judges whether the LD meets the newer condition of identity tag.If it is satisfied, then carry out subsequent step;If
It is unsatisfactory for, does not then temporarily update identity tag.
The newer condition of identity tag can be that timing updates, for example judge that last time updates the time of identity tag to current
Whether the time has reached the update cycle, if reaching the update cycle, is judged as meeting condition.The update cycle may be configured as several
Hour, a few days or a few weeks.Alternatively, the newer condition of identity tag may be to update in due order, such as IMS (or every every time
Every several times) success identity LD when, identity tag update will be carried out.
S3:IMS generates temporary identity mark pair for LD, and the IP address of temporary identity mark pair and LD is stored in and is faced
When identity tag library (IMS_TempIDDB) in.
Wherein, temporary identity mark is to including access device temporary identity mark (LD_TempID) and identity tag management
Server temporary identity mark (IMS_TempID).
It is in addition, whether stored in IMS_TempIDDB to before, can also first check in generation temporary identity mark
Have and the corresponding temporary identity marks pair of the LD.As it is possible that temporary identity mark pair is generated to the LD before,
But due to network interruption etc., lead to identity tag update failure.Therefore, it is if whether stored in IMS_TempIDDB
There is temporary identity mark pair, then can not regenerate temporary identity mark pair, and directly use existing temporary identity mark pair
It is updated;Alternatively, existing temporary identity mark pair in IMS_TempIDDB can also be deleted, and generate new temporary identity
Mark is to being updated.
S4:The identity tag for including temporary identity mark pair more new demand is sent to LD by IMS.
Specifically, IMS is by temporary identity mark pair and currently used old identity tag management server identity mark
Will (IMS_ID) is packaged, and is passed through encryption technology and be encrypted, and forms identity tag more new demand ciphertext.Then, by body
Part mark more new demand ciphertext is sent to LD.
S5:LD receives the identity tag more new demand that IMS is sent out, and obtains the temporary identity in identity tag more new demand
Mark pair.
Specifically, after LD receives identity tag more new demand ciphertext, it is decrypted, obtains temporary identity therein
Mark pair and old IMS_ID.
S6:LD carries out authentication to IMS_ID.
Specifically, the old IMS_ID is compared LD in identity tag library (LD_IDDB), recognize so as to fulfill identity
Card.
S7:The LD temporary identity mark identity tags pair old to replacement, as new identity tag pair.
Specifically, LD by the old identity tag in identity tag library (LD_IDDB) to replacing with temporary identity mark pair,
LD_ID=LD_TempID, IMS_ID=IMS_TempID are set, complete the update of identity tag.
S8:The identity tag for including new identity tag pair update result is sent to IMS by LD.
If specifically, be updated successfully in step S7, new identity tag to being packaged, and is passed through encryption skill by LD
Art is encrypted, and forms identity tag update result ciphertext.Then, identity tag update result ciphertext is sent to IMS.
If updating failure in step S7, LD carries out temporary identity mark to being packaged, and by encryption technology
Encryption forms identity tag update result ciphertext.Then, identity tag update result ciphertext is sent to IMS.
Identity tag update result ciphertext further includes a flag, for indicating whether to be updated successfully, such as with this
The numerical value of flag represents to be updated successfully or update failure respectively for 1 or 0.
In addition, if step S7 is then skipped, and temporary identity mark will be included not over authentication in step S6
The identity tag update result ciphertext of will pair is sent to IMS.
S9:IMS receives the identity tag update result that LD is sent out.
Specifically, after IMS receives identity tag update result ciphertext, it is decrypted, obtains update knot therein
Fruit and new identity tag pair.
S10:IMS carries out authentication to LD_ID.
Specifically, because IMS is updated not yet, the LD_ID of new identity tag centering that IMS will be received
It is compared in IMS_TempIDDB.
If updating failure in step S7, that IMS is obtained from identity tag update result ciphertext is LD_TempID,
Still it can be compared successfully in IMS_TempIDDB.
S11:More whether IMS judge LD in the step s 7 by reading the flag in identity tag update result ciphertext
New success.
If it is judged that be updated successfully, then follow-up step S12 is carried out.If it is judged that for update failure, then
Return to step S4 retransmits identity tag more new demand ciphertext.
S12:The IMS temporary identity mark identity tags pair old to replacement, as new identity tag pair.
Specifically, IMS by the old identity tag in IMS_IDDB to replacing with temporary identity mark pair, that is, LD_ is set
ID=LD_TempID, IMS_ID=IMS_TempID complete the update of identity tag.Further, it is also possible to when recording current
Between, the basis for estimation as update condition.
S13:IMS deletes this record in IMS_TempIDDB, including LD_TempID, IMS_TempID and
The IP address of LD, and return to step S1 are ready for identity tag update next time.
As shown in Fig. 2, the embodiment of the present invention also provides a kind of identity tag more new system, including at least one identity tag
Management server (IMS) and at least one access device (LD).
Wherein, IMS include determining whether module, temporary identity mark generation module, sending module, receiving module, update module,
Temporary identity flag library (IMS_TempIDDB) and identity tag library (IMS_IDDB).LD include identity tag library (LD_IDDB),
Sending module, receiving module and update module.
To the LD_ID certifications of LD by rear in IMS, judge whether the LD meets the newer item of identity tag by judgment module
Part.
If it is satisfied, then temporary identity mark pair is generated, and by the interim body for LD by temporary identity mark generation module
Part mark is to being stored in IMS_TempIDDB.Temporary identity mark is to including LD_TempID and IMS_TempID.
Then, temporary identity mark pair and currently used old IMS_ID are packaged, and pass through by sending module
Encryption technology is encrypted, and forms identity tag more new demand ciphertext.Then, identity tag more new demand ciphertext is sent to
LD。
Receiving module in LD receives the identity tag more new demand ciphertext, and it is decrypted that IMS is sent out, and obtains it
In temporary identity mark pair and old IMS_ID.Then, which is compared in LD_IDDB, so as to
Realize authentication.
After certification, the update module of LD with temporary identity mark to replacing the old identity tag pair in LD_IDDB,
As new identity tag pair, that is, LD_ID=LD_TempID, IMS_ID=IMS_TempID are set.
If be updated successfully, by the sending module in LD by new identity tag to being packaged, and pass through encryption skill
Art is encrypted, and forms identity tag update result ciphertext, then identity tag update result ciphertext is sent to IMS.
If update failure, by the sending module in LD by temporary identity mark to being packaged, and passes through encryption skill
Art is encrypted, and forms identity tag update result ciphertext, then identity tag update result ciphertext is sent to IMS.
After receiving module in IMS receives the identity tag update ciphertext that LD is sent out, it is decrypted, is obtained therein
Update result and new identity tag pair.Then authentication is carried out to the LD_ID of identity tag centering.
After certification, by the update module in IMS with temporary identity mark to replacing the old body in IMS_IDDB
Part mark pair, as new identity tag pair, that is, sets LD_ID=LD_TempID, IMS_ID=IMS_TempID.In addition, also
The current time can be recorded, the basis for estimation as update condition.
Further, IMS can also delete this record in IMS_TempIDDB, including LD_TempID, IMS_
The IP address of TempID and LD, and it is ready for identity tag update next time.
Identity tag update method provided in an embodiment of the present invention and the identity tag more new system including IMS and LD,
It will can constantly be automatically updated for the identity tag of authentication, and not need to artificially participate in during it.Cause
This, technical solution provided in an embodiment of the present invention is realized to be authenticated using dynamic identity tag, to avoid due to design
Personnel or implement personnel leak identity tag and caused by security risk, so as to improve the safety of authentication.
While it is disclosed that embodiment as above, but the content only to facilitate understand the present invention and adopt
Embodiment is not limited to the present invention.Any those skilled in the art to which this invention pertains are not departing from this
Under the premise of the disclosed spirit and scope of invention, any modification and change can be made in the implementing form and in details,
But the scope of patent protection of the present invention, still should be subject to the scope of the claims as defined in the appended claims.
Claims (4)
1. a kind of identity tag update method, which is characterized in that including:
Identity tag management server generates temporary identity mark pair for access device, and the temporary identity mark is to including accessing
Equipment temporary identity mark and identity tag management server temporary identity mark;
The temporary identity mark to being packaged and encrypting, is formed identity tag more new demand by identity tag management server
Ciphertext, and the identity tag more new demand ciphertext is sent to access device;
Access device receives the identity tag more new demand ciphertext that identity tag management server is sent out, and obtains the identity mark
Temporary identity mark pair in will more new demand ciphertext;
The access device temporary identity mark identity tag pair old to replacement, as new identity tag pair;
The identity tag for including new identity tag pair update result is sent to identity tag management server by access device;
Identity tag management server receives the identity tag update result that access device is sent out;
The identity tag management server temporary identity mark identity tag pair old to replacement, as new identity tag
It is right.
2. a kind of identity tag management server, which is characterized in that including:
Temporary identity mark generation module, for generating temporary identity mark pair, the temporary identity mark pair for access device
Including access device temporary identity mark and identity tag management server temporary identity mark;
Sending module, for being packaged and encrypt, the temporary identity mark to be formed identity tag more new demand ciphertext,
And the identity tag more new demand ciphertext is sent to access device;
Receiving module updates result for receiving the identity tag that access device is sent out;
Update module, for the temporary identity mark to replacing old identity tag pair, as new identity tag pair.
3. a kind of access device, which is characterized in that including:
Receiving module, for receiving the identity tag more new demand ciphertext that identity tag management server is sent out, and described in acquisition
Temporary identity mark pair in identity tag more new demand ciphertext, the temporary identity mark is to including access device temporary identity
Mark and identity tag management server temporary identity mark;
Update module, for the temporary identity mark to replacing old identity tag pair, as new identity tag pair;
Sending module, for being packaged and encrypting, new identity tag to be formed identity tag update result ciphertext, and will
The identity tag update result ciphertext is sent to the identity tag management server.
4. a kind of identity tag more new system, which is characterized in that including identity tag management server as claimed in claim 2
With access device as claimed in claim 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410316795.7A CN104113535B (en) | 2014-07-03 | 2014-07-03 | Identity tag update method, system, management server and access device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410316795.7A CN104113535B (en) | 2014-07-03 | 2014-07-03 | Identity tag update method, system, management server and access device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104113535A CN104113535A (en) | 2014-10-22 |
CN104113535B true CN104113535B (en) | 2018-06-08 |
Family
ID=51710168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410316795.7A Active CN104113535B (en) | 2014-07-03 | 2014-07-03 | Identity tag update method, system, management server and access device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104113535B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580488B (en) * | 2015-01-20 | 2018-03-23 | 株洲南车时代电气股份有限公司 | A kind of information synchronization method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101094458A (en) * | 2006-06-21 | 2007-12-26 | 中兴通讯股份有限公司 | Digital cluster system and method of managing mobility for users |
WO2009018754A1 (en) * | 2007-08-03 | 2009-02-12 | Huawei Technologies Co., Ltd. | Network acquiring temporary identity method, system and control plane entity |
CN101400054A (en) * | 2007-09-28 | 2009-04-01 | 华为技术有限公司 | Method, system and device for protecting privacy of customer terminal |
CN101754219A (en) * | 2009-12-28 | 2010-06-23 | 中国人民解放军信息工程大学 | Identification distribution and separate-storage method, identification replacing transmission method and system |
CN102014114A (en) * | 2010-07-09 | 2011-04-13 | 北京哈工大计算机网络与信息安全技术研究中心 | Method and device for protecting location privacies of objects in Internet of things |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006011989A (en) * | 2004-06-28 | 2006-01-12 | Ntt Docomo Inc | Authentication method, terminal device, repeater, and authentication server |
-
2014
- 2014-07-03 CN CN201410316795.7A patent/CN104113535B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101094458A (en) * | 2006-06-21 | 2007-12-26 | 中兴通讯股份有限公司 | Digital cluster system and method of managing mobility for users |
WO2009018754A1 (en) * | 2007-08-03 | 2009-02-12 | Huawei Technologies Co., Ltd. | Network acquiring temporary identity method, system and control plane entity |
CN101400054A (en) * | 2007-09-28 | 2009-04-01 | 华为技术有限公司 | Method, system and device for protecting privacy of customer terminal |
CN101754219A (en) * | 2009-12-28 | 2010-06-23 | 中国人民解放军信息工程大学 | Identification distribution and separate-storage method, identification replacing transmission method and system |
CN102014114A (en) * | 2010-07-09 | 2011-04-13 | 北京哈工大计算机网络与信息安全技术研究中心 | Method and device for protecting location privacies of objects in Internet of things |
Also Published As
Publication number | Publication date |
---|---|
CN104113535A (en) | 2014-10-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3742696A1 (en) | Identity management method, equipment, communication network, and storage medium | |
US20190312878A1 (en) | Secure communication using device-identity information linked to cloud-based certificates | |
US9781109B2 (en) | Method, terminal device, and network device for improving information security | |
CN101695164A (en) | Verification method, device and system for controlling resource access | |
US11394543B2 (en) | System and method for secure sensitive data storage and recovery | |
CN105701427B (en) | A kind of method and device of smart card write-in data | |
CN108830113A (en) | A kind of acquisition methods of Android device unique identification | |
CN112686668A (en) | Alliance chain cross-chain system and method | |
CN110099064A (en) | A kind of document handling method based on Internet of Things, device, equipment and storage medium | |
CN112804133B (en) | Encryption group chat method and system based on blockchain technology | |
CN112804354B (en) | Method and device for data transmission across chains, computer equipment and storage medium | |
US20170155512A1 (en) | Management apparatus, measurement apparatus, service providing apparatus, computer program product, transfer system, and transfer method | |
CN106973046B (en) | Inter-gateway data transmission method, source gateway and destination gateway | |
CN107659579B (en) | On-site certificate storing method and device and related certificate storing system | |
CN104216693B (en) | A kind of method and device that device identification is provided | |
CN109905384A (en) | Data migration method and system | |
CN109391473B (en) | Electronic signature method, device and storage medium | |
CN108418679B (en) | Method and device for processing secret key under multiple data centers and electronic equipment | |
CN111669434A (en) | Method, system, device and equipment for establishing communication group | |
US20240086562A1 (en) | User data management method and related device | |
CN107248910A (en) | Method for security protection and equipment | |
CN103858127B (en) | Method, system and mediation server for deleting information in order to maintain security level | |
CN104113535B (en) | Identity tag update method, system, management server and access device | |
WO2016173174A1 (en) | Network locking data upgrading method and device | |
CN115964755B (en) | Data authorization and verification method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: The age of 412001 in Hunan Province, Zhuzhou Shifeng District Road No. 169 Patentee after: ZHUZHOU CRRC TIMES ELECTRIC Co.,Ltd. Address before: The age of 412001 in Hunan Province, Zhuzhou Shifeng District Road No. 169 Patentee before: ZHUZH CSR TIMES ELECTRIC Co.,Ltd. |
|
CP01 | Change in the name or title of a patent holder |