CN108737436A - Based on the cross-domain services device identity identifying method for trusting alliance's block chain - Google Patents

Based on the cross-domain services device identity identifying method for trusting alliance's block chain Download PDF

Info

Publication number
CN108737436A
CN108737436A CN201810548516.8A CN201810548516A CN108737436A CN 108737436 A CN108737436 A CN 108737436A CN 201810548516 A CN201810548516 A CN 201810548516A CN 108737436 A CN108737436 A CN 108737436A
Authority
CN
China
Prior art keywords
domains
identity
server
block chain
alliance
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810548516.8A
Other languages
Chinese (zh)
Other versions
CN108737436B (en
Inventor
马文平
马晓婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810548516.8A priority Critical patent/CN108737436B/en
Publication of CN108737436A publication Critical patent/CN108737436A/en
Application granted granted Critical
Publication of CN108737436B publication Critical patent/CN108737436B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses the cross-domain services device identity identifying method based on trust alliance block chain, step is:(1) structure trusts alliance's block chain;(2) user access server identity in the domains certification Public Key Infrastructure PKI;(3) in the domains certification Identity- based cryptography IBC user access server identity;(4) user access server identity in the domains effective time (5) re-authentication Public Key Infrastructure PKI of setting Service Ticket;(6) in the domains re-authentication Identity- based cryptography IBC user access server identity.The present invention, which is built, trusts alliance's block chain, it is mutually authenticated between realizing domain by being mutually authenticated between trust alliance block chain interior joint, and then cross-domain certification of the realization to server, reduce the maintenance load to bridge centring system, the calculation amount and the traffic of user terminal are reduced, there is good practicability and expansibility.

Description

Based on the cross-domain services device identity identifying method for trusting alliance's block chain
Technical field
The invention belongs to network communication technology field, the one kind further related in technical field of network security is based on letter Appoint the method for the cross-domain certificate server identity of alliance's block chain.Present invention can apply to the Public Key Infrastructure based on certificate PKI (Public Key Infrastructure) and Identity- based cryptography IBC (Identity-Based Cryptography when) user asks cross-domain access server in domain, method that the identity of accessed server is authenticated.
Background technology
Currently based on Public Key Infrastructure PKI and base of the trust domain authentication framework more application of public-key cryptography based on certificate In the cipher system IBC of identity.When Identity- based cryptography IBC domain users access Public Key Infrastructure PKI domain servers, Or when Public Key Infrastructure PKI domain users access Identity- based cryptography IBC domain servers, need the service to being accessed Device identity carries out security credential, ensures that it provides the service of safety.It will appear at this time because of Public Key Infrastructure PKI and be based on body Part cipher system IBC authentication structures it is different, the problems such as cannot achieve cross-domain authentication.
In the patent document of its application, " a kind of combination key based on mark is cross-domain to recognize for Beijing Di Mansen Science and Technology Ltd.s It is close that a kind of combination based on mark is proposed in card method " (application number 201710647789.3, publication number CN 107395364A) Key cross-domain authentication method.This method is in each tagged keys infrastructure IKI (Identity Key Infrastructure) system An IKI system, referred to as bridge IKI are established except system, each IKI systems mutually sign and issue matrix identification respectively with bridge IKI, and system is used Cross-domain certification is realized with being exchanged with each other for the bridge IKI matrix identifications mutually signed and issued in family using user identifier and said system.With On credibility of the interactive authentication based on bridge IKI systems, it is therefore desirable to carry out trust security maintenance;This is carried out when user authentication Sytem matrix mark is exchanged with each other with bridge IKI matrix identifications, needs to store the above matrix identification.Existing for this method Shortcoming is:First, the identity of bridge IKI systems, which needs to trust, to be safeguarded, maintenance load is increased;Second, when IKI systems increase When, bridge IKI systems storage burden increases, if multiple bridge IKI systems are arranged, increases the storage burden of user.
In the patent document of its application, " certification that the user in the domains IBC accesses the resource in the domains PKI is close for Southwest Jiaotong University Key machinery of consultation " (application number 201710081516.7,106789042 A of publication number CN) and " user's access IBC in the domains PKI It is disclosed in the authentication key agreement method (application number 201710082835.X, publication number CN106877996A) of resource in domain " Realize the authentication secret key machinery of consultation of cross-domain access between the domains PKI and IBC, system above include user, resource and The certificate server in the domains IBC and PKI.In its implementation, user needs to send verification Shen to this domain certificate server first Please, access mandate bill and session secret key are then generated jointly with foreign lands certificate server, finally utilize the mandate bill generated Apply for the authentication of resource-side.Resource-side verifies the legal rear and user of user identity and realizes secure communication.Existing for this method Shortcoming is:Since user terminal is in this verification process, four interactive communications are carried out, need to carry out mandate ticket before communication According to operations such as, session secret key and encrypted signatures, the calculation amount and the traffic for causing user terminal to carry are larger, be not suitable for resource by The lightweight mobile subscriber terminal of limit.
Invention content
It is an object of the invention to the deficiencies for above-mentioned prior art, propose a kind of based on the clothes for trusting alliance's block chain Business device cross-domain authentication method, Public Key Infrastructure PKI are realized in sane level relationship with the domains Identity- based cryptography IBC to clothes The cross-domain certification of business device and safe and efficient re-authentication.
Realizing the thinking of the object of the invention is:By the close of certificate server in the domains Public Key Infrastructure PKI and identity-based Domain proxy server trusts alliance's block chain as node, structure in the domains code system IBC;It will be in all trust alliances block chain The certificate of validated user in the certificate of node server and the domains Public Key Infrastructure PKI is saved into and trusts alliance's block chain, passes through Being mutually authenticated between alliance's trust model interior joint is mutually authenticated between realizing domain;It is realized to server using alliance's trust model The cross-domain certification of identity, the successful information of certification is written as Service Ticket trusts alliance's block chain, is realized using Service Ticket Quick re-authentication.
The present invention is as follows:
(1) structure trusts alliance's block chain:
Public key is respectively set according to the open ended quantity for trusting alliance's interior joint server of block chain communication capacity in (1a) The quantity in the domains infrastructure PKI and the domains Identity- based cryptography IBC;
(1b) by the domains each Public Key Infrastructure PKI certificate server and each Identity- based cryptography IBC Domain proxy server in domain, as the node server for trusting alliance's block chain;
Certificate server in the domains (1c) Public Key Infrastructure PKI is that domain is acted on behalf of in the domains Identity- based cryptography IBC Server certificate;
(1d) selects hash function, the cryptographic Hash to Generate Certificate according to the size of certificate;
(1e) is preserved using the cryptographic Hash of certificate as first block in block body, alliance's block chain of establishing trust;
(2) in the domains certification Public Key Infrastructure PKI user access server identity:
The user accessed is asked in the domains (2a) Identity- based cryptography IBC, it is close using own private key and domestic mark Code SM9 signature algorithms calculate the signature authentication application generated to own identification mark ID, signature authentication application transmission are given to domain Proxy server;
Domain proxy server in the domains (2b) Identity- based cryptography IBC, the identity of user that checking request accesses are It is no legal, if so, thening follow the steps (2c), otherwise, execute step (2f);
(2c) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI Whether server meets mutual trust condition, if so, (2d) is thened follow the steps, it is no to then follow the steps (2f);
(2d) builds user's request server and visit in the domains Public Key Infrastructure PKI using the method for issuing temporary identity Ask the secure communication of user;
Certificate server in the domains (2e) Public Key Infrastructure PKI trusts alliance's block chain using Service Ticket to be written Method authentication storage voucher;
(2f) terminates certification;
(3) in the domains certification Identity- based cryptography IBC user access server identity:
The user accessed is asked in the domains (3a) Public Key Infrastructure PKI, and certification application is sent to certificate server;
The domains (3b) Public Key Infrastructure PKI certificate server, the certificate of queried access user on trusting alliance's block chain State if certificate status is revocation, thens follow the steps (3f) if certificate status, which is statement, thens follow the steps (3c);
(3c) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI Whether server meets mutual trust condition, if so, (3d) is thened follow the steps, it is no to then follow the steps (3f);
(3d) builds user access server and Shen in the domains Public Key Infrastructure PKI using the method for issuing temporary credentials It please access the secure communication of user;
The domains Identity- based cryptography IBC (3e) domain proxy server trusts area of alliance using Service Ticket to be written The method authentication storage voucher of block chain;
(3f) terminates certification;
(4) effective time of Service Ticket is set:
(4a) accesses the safe class of family server according to being used in the domains Public Key Infrastructure PKI, stores it in trust connection Service Ticket on alliance's block chain is as safe class corresponding effective time;
(4b) accesses the safe class of family server according to being used in the domains Identity- based cryptography IBC, stores it in The Service Ticket on alliance's block chain is trusted as safe class corresponding effective time;
(5) in the domains re-authentication Public Key Infrastructure PKI user access server identity;
Other users in the domains (5a) Identity- based cryptography IBC send identity signature Shen to domain proxy server Please apply with access;
(5b) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI Whether server meets mutual trust condition, if so, executing (5c), otherwise, executes step (5g);
The domains Identity- based cryptography IBC (5c) domain proxy server is visited using user in the domains Public Key Infrastructure PKI It asks the identification information ID of server, generates Service Ticket;
The domains Identity- based cryptography IBC (5d) domain proxy server, on trusting alliance block chain inquiry certification with Card, if inquiring Service Ticket, Service Ticket then allows this access within effective time, executes step (5g), otherwise holds Row step (5e);
(5e) builds user access server and visit in the domains Public Key Infrastructure PKI using the method for issuing temporary identity Ask the secure communication of user;
Certificate server in the domains (5f) Public Key Infrastructure PKI trusts alliance's block chain using Service Ticket to be written Method authentication storage voucher;
(5g) terminates certification;
(6) in the domains re-authentication Identity- based cryptography IBC user access server identity:
Other users in the domains (6a) Public Key Infrastructure PKI send access request to certificate server;
(6b) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI Whether server meets mutual trust condition, if so, (6c) is executed, it is no to then follow the steps (6g);
Certificate server in the domains (6c) Public Key Infrastructure PKI utilizes user access server in the domains cipher system IBC Identification information ID generates Service Ticket;
Certificate server in the domains (6d) Public Key Infrastructure PKI inquires Service Ticket on trusting alliance's block chain, if Service Ticket is inquired, Service Ticket then allows this access within effective time, otherwise using execution (6e):
(6e) is built user in the domains Identity- based cryptography IBC and is accessed service using the method for issuing temporary credentials Device and the secure communication for accessing user;
The domains Identity- based cryptography IBC (6f) domain proxy server trusts area of alliance using Service Ticket to be written The method authentication storage voucher of block chain;
(6g) terminates certification.
Compared with the prior art, the present invention has the following advantages:
First, due to present invention structure, alliance trusts block chain, by mutual between alliance's trust block chain interior joint Trust and be mutually authenticated between realizing domain, overcome the prior art and trust maintenance is carried out to bridge centring system because needing, causes to safeguard negative The problem of load increases so that the present invention is excellent with better practicability and scalability in server cross-domain authentication method Point.
Second, since the present invention preserves the Service Ticket of user access server, block chain interior joint is trusted by alliance The Service Ticket that server inquires user access server realizes re-authentication, and it is identical because needing repeatedly to access to overcome the prior art Server, cause repeat certification when node server calculate and communications burden increase the problem of so that the present invention server across Have the advantages that efficiency faster in the authentication method of domain.
Third, due to present invention structure, alliance trusts block chain, by mutual between alliance's trust block chain interior joint Trust and be mutually authenticated between realizing domain, overcomes the prior art because inter-realm authentication need to be carried out to accessing user, cause to access and use The problem of larger calculating of family end carrying and communications burden so that the present invention has in server cross-domain authentication method to be more suitable for The advantages of mainstream, resource-constrained mobile subscriber terminal.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Specific implementation mode
1 couple of present invention is described further below in conjunction with the accompanying drawings.
Step 1, structure trusts alliance's block chain.
According to the open ended quantity for trusting alliance's interior joint server of block chain communication capacity, public base is respectively set The quantity in the domains facility PKI and the domains Identity- based cryptography IBC.
It will be in the certificate server and the domains each Identity- based cryptography IBC in the domains each Public Key Infrastructure PKI Domain proxy server, as the node server for trusting alliance block chain.
Certificate server in the domains Public Key Infrastructure PKI is domain agency service in the domains Identity- based cryptography IBC Device certificate.
Hash function, the cryptographic Hash to Generate Certificate are selected according to the size of certificate.
It using the cryptographic Hash of certificate as first block, is preserved in block body, alliance's block chain of establishing trust.
Step 2, in the domains certification Public Key Infrastructure PKI user access server identity.
The user accessed is asked in the domains Identity- based cryptography IBC, utilizes own private key and domestic id password SM9 Signature algorithm calculates the signature authentication application generated to own identification mark ID, signature authentication application transmission is given to domain agency Server.
Whether the identity of domain proxy server in the domains Identity- based cryptography IBC, the user that checking request accesses closes Method, if so, judging certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, and otherwise, certification terminates.
The public key for asking the user accessed carries out signature authentication application by domestic id password SM9 signature verifications algorithm Verification, the signature authentication application by verification are that user identity is legal.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, using the method for issuing temporary identity, builds in the domains Public Key Infrastructure PKI User's request server and the secure communication for accessing user, otherwise authentification failure.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
Certificate server in the domains Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket Authentication storage voucher.
The method for issuing temporary identity is as follows:
1st step, the domain proxy server in the domains Identity- based cryptography IBC are generated and are used in the domains Public Key Infrastructure PKI Family accesses the temporary identifier information of server, and temporary identifier information is sent to the domains Public Key Infrastructure PKI certificate server;
2nd step, the service that certificate server forwarding temporary identifier information is accessed to user in the domains Public Key Infrastructure PKI Device;
3rd step, the server that service is provided in the domains Public Key Infrastructure PKI preserve temporary identifier information, utilize interim body Part information asks service user to securely communicate with the domains Identity- based cryptography IBC.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Step 3, in the domains certification Identity- based cryptography IBC user access server identity.
The user accessed is asked in the domains Public Key Infrastructure PKI, and certification application is sent to certificate server.
The domains Public Key Infrastructure PKI certificate server, the certificate status of queried access user on trusting alliance's block chain, Judge certificate server and Identity- based cryptography IBC in the domains Public Key Infrastructure PKI if certificate status is statement Whether domain domain proxy server meets mutual trust condition, if certificate status is revocation, terminates certification.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, using the method for issuing temporary credentials, builds in the domains Public Key Infrastructure PKI User access server and application access the secure communication of user, otherwise terminate certification.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
The method for issuing temporary credentials is as follows:
1st step, the domains Public Key Infrastructure PKI certificate server generate user in the domains Identity- based cryptography IBC and visit Temporary credentials is sent to the domains Identity- based cryptography IBC domain proxy server by the temporary credentials for asking server;
2nd step, in the domains Identity- based cryptography IBC, temporary credentials is forwarded to user and accessed by domain proxy server Server;
3rd step, in the domains Identity- based cryptography IBC, user access server preserves temporary credentials, utilizes interim card Identity information in book realizes secure communication with request service user in the domains Public Key Infrastructure PKI.
The domains Identity- based cryptography IBC domain proxy server trusts alliance's block chain using Service Ticket to be written Method authentication storage voucher.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Step 4, the effective time of Service Ticket is set.
According to the safe class for accessing family server is used in the domains Public Key Infrastructure PKI, stores it in and trust area of alliance Service Ticket on block chain is as safe class corresponding effective time.
According to the safe class for accessing family server is used in the domains Identity- based cryptography IBC, trust is stored it in Service Ticket on alliance's block chain is as safe class corresponding effective time.
Step 5, in the domains re-authentication Public Key Infrastructure PKI user access server identity;
Other users in the domains Identity- based cryptography IBC, to domain proxy server send identity signature application and Access application.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, the domains Identity- based cryptography IBC domain proxy server, utilizes public base The identification information ID of user access server in the domains facility PKI generates Service Ticket, otherwise, terminates certification.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
The domains Identity- based cryptography IBC domain proxy server inquires Service Ticket, such as on trusting alliance's block chain Fruit inquires Service Ticket, and Service Ticket then allows this access, certification to terminate within effective time, is otherwise faced using issuing When identity method, user access server and the secure communication for accessing user in structure Public Key Infrastructure PKI domains.
The method for issuing temporary identity is as follows:
1st step, the domains Identity- based cryptography IBC domain proxy server generate user in the domains Public Key Infrastructure PKI The temporary identifier information for accessing server, the domains Public Key Infrastructure PKI certificate server is sent to by temporary identifier information;
2nd step, the service that certificate server forwarding temporary identifier information is accessed to user in the domains Public Key Infrastructure PKI Device;
3rd step, the server that service is provided in the domains Public Key Infrastructure PKI preserve temporary identifier information, utilize interim body Part information asks service user to securely communicate with the domains Identity- based cryptography IBC.
Certificate server in the domains Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket Authentication storage voucher.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Step 6, in the domains re-authentication Identity- based cryptography IBC user access server identity.
Other users in the domains Public Key Infrastructure PKI send access request to certificate server.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, certificate server in the domains Public Key Infrastructure PKI, utilizes the domains cipher system IBC The identification information ID of middle user access server generates Service Ticket, otherwise executes and terminates certification.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
Certificate server in the domains Public Key Infrastructure PKI inquires Service Ticket on trusting alliance's block chain, if inquiry To Service Ticket, Service Ticket then allows this access, certification to terminate within effective time, otherwise uses and issues temporary credentials Method, user access server and access the secure communication of user in structure Identity- based cryptography IBC domains.
The method for issuing temporary credentials is as follows:
1st step, the domains Public Key Infrastructure PKI certificate server generate user in the domains Identity- based cryptography IBC and visit Temporary credentials is sent to the domains Identity- based cryptography IBC domain proxy server by the temporary credentials for asking server;
2nd step, in the domains Identity- based cryptography IBC, temporary credentials is forwarded to user and accessed by domain proxy server Server;
3rd step, in the domains Identity- based cryptography IBC, user access server preserves temporary credentials, utilizes interim card Identity information in book realizes secure communication with request service user in the domains Public Key Infrastructure PKI.
The domains Identity- based cryptography IBC domain proxy server trusts alliance's block chain using Service Ticket to be written Method authentication storage voucher.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.

Claims (6)

1. a kind of based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that structure trusts alliance's block Chain, by the card of validated user in the certificate of the node server in all trust alliances block chain and the domains Public Key Infrastructure PKI Book is saved into and trusts alliance block chain, and cross-domain certification to server identity is realized using alliance's block chain is trusted, by certification at The information of work(is saved into as Service Ticket and trusts alliance's block chain, and re-authentication is realized using Service Ticket;This method it is specific Step includes as follows:
(1) structure trusts alliance's block chain:
Public base is respectively set according to the open ended quantity for trusting alliance's interior joint server of block chain communication capacity in (1a) The quantity in the domains facility PKI and the domains Identity- based cryptography IBC;
(1b) will be in the certificate server and the domains each Identity- based cryptography IBC in the domains each Public Key Infrastructure PKI Domain proxy server, as the node server for trusting alliance block chain;
Certificate server in the domains (1c) Public Key Infrastructure PKI is domain agency service in the domains Identity- based cryptography IBC Device certificate;
(1d) selects hash function, the cryptographic Hash to Generate Certificate according to the size of certificate;
(1e) is preserved using the cryptographic Hash of certificate as first block in block body, alliance's block chain of establishing trust;
(2) in the domains certification Public Key Infrastructure PKI user access server identity:
The user accessed is asked in the domains (2a) Identity- based cryptography IBC, utilizes own private key and domestic id password SM9 Signature algorithm calculates the signature authentication application generated to own identification mark ID, signature authentication application transmission is given to domain agency Server;
Whether the identity of domain proxy server in the domains (2b) Identity- based cryptography IBC, the user that checking request accesses closes Method otherwise, executes step (2f) if so, thening follow the steps (2c);
(2c) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, (2d) is thened follow the steps, it is no to then follow the steps (2f);
(2d) is built user's request server in the domains Public Key Infrastructure PKI and is used with access using the method for issuing temporary identity The secure communication at family;
Certificate server in the domains (2e) Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket Authentication storage voucher;
(2f) terminates certification;
(3) in the domains certification Identity- based cryptography IBC user access server identity:
The user accessed is asked in the domains (3a) Public Key Infrastructure PKI, and certification application is sent to certificate server;
The domains (3b) Public Key Infrastructure PKI certificate server, the certificate status of queried access user on trusting alliance's block chain, If certificate status, which is statement, thens follow the steps (3c), if certificate status is revocation, then follow the steps (3f);
(3c) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, (3d) is thened follow the steps, it is no to then follow the steps (3f);
(3d) is built user access server and application in the domains Public Key Infrastructure PKI and is visited using the method for issuing temporary credentials Ask the secure communication of user;
The domains Identity- based cryptography IBC (3e) domain proxy server trusts alliance's block chain using Service Ticket to be written Method authentication storage voucher;
(3f) terminates certification;
(4) effective time of Service Ticket is set:
(4a) accesses the safe class of family server according to being used in the domains Public Key Infrastructure PKI, stores it in and trusts area of alliance Service Ticket on block chain is as safe class corresponding effective time;
(4b) accesses the safe class of family server according to being used in the domains Identity- based cryptography IBC, stores it in trust Service Ticket on alliance's block chain is as safe class corresponding effective time;
(5) in the domains re-authentication Public Key Infrastructure PKI user access server identity;
Other users in the domains (5a) Identity- based cryptography IBC, to domain proxy server send identity signature application and Access application;
(5b) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, executing (5c), otherwise, executes step (5g);
The domains Identity- based cryptography IBC (5c) domain proxy server accesses clothes using user in the domains Public Key Infrastructure PKI The identification information ID of business device, generates Service Ticket;
The domains Identity- based cryptography IBC (5d) domain proxy server inquires Service Ticket, such as on trusting alliance's block chain Fruit inquires Service Ticket, and Service Ticket then allows this access within effective time, executes step (5g), otherwise executes step Suddenly (5e);
(5e) builds user access server in the domains Public Key Infrastructure PKI and is used with access using the method for issuing temporary identity The secure communication at family;
Certificate server in the domains (5f) Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket Authentication storage voucher;
(5g) terminates certification;
(6) in the domains re-authentication Identity- based cryptography IBC user access server identity:
Other users in the domains (6a) Public Key Infrastructure PKI send access request to certificate server;
(6b) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI Whether device meets mutual trust condition, if so, allowing this access, executes (6c), no to then follow the steps (6g);
Certificate server in the domains (6c) Public Key Infrastructure PKI utilizes the identity of user access server in the domains cipher system IBC Identification information ID generates Service Ticket;
Certificate server in the domains (6d) Public Key Infrastructure PKI inquires Service Ticket on trusting alliance's block chain, if inquiry To Service Ticket, Service Ticket then allows this access within effective time, otherwise using execution (6e):
(6e) using the method for issuing temporary credentials, in the domains structure Identity- based cryptography IBC user access server and Access the secure communication of user;
The domains Identity- based cryptography IBC (6f) domain proxy server trusts alliance's block chain using Service Ticket to be written Method authentication storage voucher;
(6g) terminates certification.
2. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step Suddenly user identity described in (2b) is legal to refer to, using the public key for the user that request accesses, is signed by domestic id password SM9 Verification algorithm verifies signature authentication application, and the signature authentication application by verification is that user identity is legal.
3. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step Suddenly the mutual trust condition described in (2c), step (3c), step (5b) and step (6b) refers to meeting following two simultaneously The situation of part:
Condition 1, the domains Public Key Infrastructure PKI certificate server inquire ID-ased cryptography body on trusting alliance's block chain The certificate of domain proxy server in the domains IBC processed, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC inquire public key base on trusting alliance's block chain The certificate of the domains Infrastructure PKI certificate server, certificate status are statement.
4. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step Suddenly (2d), the method for issuing temporary identity described in step (5e) are as follows:
The first step, the domains Identity- based cryptography IBC domain proxy server generate user in the domains Public Key Infrastructure PKI and visit Temporary identifier information is sent to the domains Public Key Infrastructure PKI certificate server by the temporary identifier information for asking server;
Second step, the server that certificate server forwarding temporary identifier information is accessed to user in the domains Public Key Infrastructure PKI;
Third walks, and the server that service is provided in the domains Public Key Infrastructure PKI preserves temporary identifier information, is believed using temporary identity Breath asks service user to securely communicate with the domains Identity- based cryptography IBC.
5. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step Suddenly Service Ticket is written to the method for trusting alliance's block chain described in (2e), step (3e), step (5f) and step (6f) It is as follows:
The first step trusts alliance's block chain interior joint server by the identification information ID of success identity user access server Generate Service Ticket;
Second step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Hash Service Ticket is generated cryptographic Hash by operation, and block chain is written in cryptographic Hash.
6. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step Suddenly (3d), the method for issuing temporary credentials described in step (6e) are as follows:
The first step, the domains Public Key Infrastructure PKI certificate server generate user in the domains Identity- based cryptography IBC and access Temporary credentials is sent to the domains Identity- based cryptography IBC domain proxy server by the temporary credentials of server;
Second step, in the domains Identity- based cryptography IBC, temporary credentials is forwarded to user and accesses service by domain proxy server Device;
Third walks, and in the domains Identity- based cryptography IBC, user access server preserves temporary credentials, utilizes temporary credentials In identity information and the domains Public Key Infrastructure PKI in request service user realize secure communication.
CN201810548516.8A 2018-05-31 2018-05-31 Cross-domain server identity authentication method based on trust alliance block chain Active CN108737436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810548516.8A CN108737436B (en) 2018-05-31 2018-05-31 Cross-domain server identity authentication method based on trust alliance block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810548516.8A CN108737436B (en) 2018-05-31 2018-05-31 Cross-domain server identity authentication method based on trust alliance block chain

Publications (2)

Publication Number Publication Date
CN108737436A true CN108737436A (en) 2018-11-02
CN108737436B CN108737436B (en) 2020-02-21

Family

ID=63931512

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810548516.8A Active CN108737436B (en) 2018-05-31 2018-05-31 Cross-domain server identity authentication method based on trust alliance block chain

Country Status (1)

Country Link
CN (1) CN108737436B (en)

Cited By (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109460413A (en) * 2018-11-19 2019-03-12 众安信息技术服务有限公司 Method and system for establishing account across block chains
CN109523362A (en) * 2018-11-16 2019-03-26 大唐高鸿信息通信研究院(义乌)有限公司 A kind of second-hand house transaction system and method based on 5G framework and block chain
CN109660330A (en) * 2018-12-28 2019-04-19 飞天诚信科技股份有限公司 One kind carrying out identity authentication method and system on block chain
CN109727032A (en) * 2018-12-29 2019-05-07 杭州趣链科技有限公司 A kind of alliance's block chain access control method of identity-based id password
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal
CN109829326A (en) * 2018-11-20 2019-05-31 西安电子科技大学 Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain
CN109993531A (en) * 2019-04-01 2019-07-09 辽宁大学 A kind of data verification method for supporting transregional piece of chain to trade
CN110061851A (en) * 2019-04-28 2019-07-26 广州大学 A kind of across trust domain authentication method and system of decentralization
CN110069918A (en) * 2019-04-11 2019-07-30 苏州同济区块链研究院有限公司 A kind of efficient double factor cross-domain authentication method based on block chain technology
CN110084045A (en) * 2019-04-25 2019-08-02 北京首汽智行科技有限公司 A kind of cross-domain authentication specifications JWT optimization method
CN111132149A (en) * 2019-12-30 2020-05-08 全链通有限公司 Registration method of 5G user terminal, user terminal equipment and medium
CN111355745A (en) * 2020-03-12 2020-06-30 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
WO2020147489A1 (en) * 2019-01-18 2020-07-23 阿里巴巴集团控股有限公司 Blockchain transaction generation method and device
CN111555885A (en) * 2020-03-18 2020-08-18 西安电子科技大学 Credible identity authentication method, system, storage medium and cloud computing terminal
CN112187712A (en) * 2020-08-18 2021-01-05 西安电子科技大学 Anonymous authentication method and system for trust in de-center mobile crowdsourcing
CN112334898A (en) * 2019-04-16 2021-02-05 罗伯托·格里吉奥 System and method for managing multi-domain access credentials for users having access to multiple domains
CN112511553A (en) * 2020-12-08 2021-03-16 清华大学 Hierarchical Internet trust degree sharing method
CN112637189A (en) * 2020-12-18 2021-04-09 重庆大学 Multi-layer block chain cross-domain authentication method in application scene of Internet of things
CN112654042A (en) * 2020-12-24 2021-04-13 中国电子科技集团公司第三十研究所 Bidirectional identity authentication method based on lightweight CA, computer program and storage medium
CN112787818A (en) * 2019-11-07 2021-05-11 顺天乡大学校产学协力团 User authentication system and method based on anonymous protocol, and recording medium
CN112788117A (en) * 2020-12-30 2021-05-11 北京八分量信息科技有限公司 Authentication system arranged on internet node, block chain system and related product
CN112887308A (en) * 2021-01-26 2021-06-01 许少建 Non-inductive network identity authentication method and system
CN112883406A (en) * 2021-03-24 2021-06-01 南京邮电大学 Remote medical cross-domain authentication method based on alliance chain
CN113507458A (en) * 2021-06-28 2021-10-15 电子科技大学 Cross-domain identity authentication method based on block chain
CN114006699A (en) * 2020-10-28 2022-02-01 北京八分量信息科技有限公司 Certificate issuing method in zero trust architecture
CN114036472A (en) * 2021-11-05 2022-02-11 西北工业大学 Cross-domain authentication method between Kerberos and PKI security domains based on alliance chain
CN114553527A (en) * 2022-02-22 2022-05-27 中国人民解放军78111部队 Block chain-based identity authentication service system crossing CA trust domain
CN114884698A (en) * 2022-04-12 2022-08-09 西北工业大学 Kerberos and IBC security domain cross-domain authentication method based on alliance chain
US20220255934A1 (en) * 2021-02-05 2022-08-11 Cisco Technology, Inc. Sponsor delegation for multi-factor authentication
CN115776389A (en) * 2022-11-01 2023-03-10 龙应斌 Anti-theft data access security method and system based on trusted authentication link

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060023887A1 (en) * 2004-04-02 2006-02-02 Agrawal Dharma P Threshold and identity-based key management and authentication for wireless ad hoc networks
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN105516119A (en) * 2015-12-03 2016-04-20 西北师范大学 Cross-domain identity authentication method based on proxy re-signature
CN106789042A (en) * 2017-02-15 2017-05-31 西南交通大学 User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
CN106877996A (en) * 2017-02-16 2017-06-20 西南交通大学 User in PKI domains accesses the authentication key agreement method of the resource in IBC domains
CN107395364A (en) * 2017-08-01 2017-11-24 北京迪曼森科技有限公司 A kind of combination key cross-domain authentication method based on mark
CN107995197A (en) * 2017-12-04 2018-05-04 中国电子科技集团公司第三十研究所 A kind of method for realizing across management domain identity and authority information is shared

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060023887A1 (en) * 2004-04-02 2006-02-02 Agrawal Dharma P Threshold and identity-based key management and authentication for wireless ad hoc networks
CN101453476A (en) * 2009-01-06 2009-06-10 中国人民解放军信息工程大学 Cross domain authentication method and system
CN105516119A (en) * 2015-12-03 2016-04-20 西北师范大学 Cross-domain identity authentication method based on proxy re-signature
CN106789042A (en) * 2017-02-15 2017-05-31 西南交通大学 User in IBC domains accesses the authentication key agreement method of the resource in PKI domains
CN106877996A (en) * 2017-02-16 2017-06-20 西南交通大学 User in PKI domains accesses the authentication key agreement method of the resource in IBC domains
CN107395364A (en) * 2017-08-01 2017-11-24 北京迪曼森科技有限公司 A kind of combination key cross-domain authentication method based on mark
CN107995197A (en) * 2017-12-04 2018-05-04 中国电子科技集团公司第三十研究所 A kind of method for realizing across management domain identity and authority information is shared

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CAIFEN WANG ET AL: ""An authenticated key agreement protocol for cross-domain based on heterogeneous signcryption scheme"", 《2017 13TH INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC)》 *
周致成 等: ""基于区块链技术的高效跨域认证方案"", 《计算机应用》 *

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109523362A (en) * 2018-11-16 2019-03-26 大唐高鸿信息通信研究院(义乌)有限公司 A kind of second-hand house transaction system and method based on 5G framework and block chain
CN109523362B (en) * 2018-11-16 2020-08-18 大唐高鸿信息通信研究院(义乌)有限公司 Second-hand house transaction system and method based on 5G architecture and block chain
CN109460413A (en) * 2018-11-19 2019-03-12 众安信息技术服务有限公司 Method and system for establishing account across block chains
CN109460413B (en) * 2018-11-19 2022-05-13 众安信息技术服务有限公司 Method and system for establishing account across block chains
CN109829326A (en) * 2018-11-20 2019-05-31 西安电子科技大学 Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain
CN109829326B (en) * 2018-11-20 2023-04-07 西安电子科技大学 Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal
CN109743172B (en) * 2018-12-06 2021-10-15 国网山东省电力公司电力科学研究院 Cross-domain network authentication method based on alliance block chain V2G and information data processing terminal
CN109660330A (en) * 2018-12-28 2019-04-19 飞天诚信科技股份有限公司 One kind carrying out identity authentication method and system on block chain
CN109727032A (en) * 2018-12-29 2019-05-07 杭州趣链科技有限公司 A kind of alliance's block chain access control method of identity-based id password
WO2020147489A1 (en) * 2019-01-18 2020-07-23 阿里巴巴集团控股有限公司 Blockchain transaction generation method and device
US11895248B2 (en) 2019-01-18 2024-02-06 Advanced New Technologies Co., Ltd. Method and apparatus for generating blockchain transaction
TWI798483B (en) * 2019-01-18 2023-04-11 開曼群島商創新先進技術有限公司 Method and device for generating blockchain transactions
US11283627B2 (en) 2019-01-18 2022-03-22 Advanced New Technologies Co., Ltd. Method and apparatus for generating blockchain transaction
CN109993531A (en) * 2019-04-01 2019-07-09 辽宁大学 A kind of data verification method for supporting transregional piece of chain to trade
CN110069918A (en) * 2019-04-11 2019-07-30 苏州同济区块链研究院有限公司 A kind of efficient double factor cross-domain authentication method based on block chain technology
CN112334898A (en) * 2019-04-16 2021-02-05 罗伯托·格里吉奥 System and method for managing multi-domain access credentials for users having access to multiple domains
CN110084045A (en) * 2019-04-25 2019-08-02 北京首汽智行科技有限公司 A kind of cross-domain authentication specifications JWT optimization method
CN110061851A (en) * 2019-04-28 2019-07-26 广州大学 A kind of across trust domain authentication method and system of decentralization
CN112787818A (en) * 2019-11-07 2021-05-11 顺天乡大学校产学协力团 User authentication system and method based on anonymous protocol, and recording medium
CN112787818B (en) * 2019-11-07 2023-09-26 顺天乡大学校产学协力团 User authentication system and method based on anonymous protocol, and recording medium
CN111132149A (en) * 2019-12-30 2020-05-08 全链通有限公司 Registration method of 5G user terminal, user terminal equipment and medium
CN111132149B (en) * 2019-12-30 2023-11-21 全链通有限公司 Registration method of 5G user terminal, user terminal equipment and medium
CN111355745A (en) * 2020-03-12 2020-06-30 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111555885A (en) * 2020-03-18 2020-08-18 西安电子科技大学 Credible identity authentication method, system, storage medium and cloud computing terminal
CN111555885B (en) * 2020-03-18 2021-11-30 西安电子科技大学 Credible identity authentication method, system, storage medium and cloud computing terminal
CN112187712A (en) * 2020-08-18 2021-01-05 西安电子科技大学 Anonymous authentication method and system for trust in de-center mobile crowdsourcing
CN114006699B (en) * 2020-10-28 2023-11-07 北京八分量信息科技有限公司 Certificate issuing method in zero trust architecture
CN114006699A (en) * 2020-10-28 2022-02-01 北京八分量信息科技有限公司 Certificate issuing method in zero trust architecture
CN112511553A (en) * 2020-12-08 2021-03-16 清华大学 Hierarchical Internet trust degree sharing method
CN112637189A (en) * 2020-12-18 2021-04-09 重庆大学 Multi-layer block chain cross-domain authentication method in application scene of Internet of things
CN112637189B (en) * 2020-12-18 2022-06-24 重庆大学 Multi-layer block chain cross-domain authentication method in application scene of Internet of things
CN112654042A (en) * 2020-12-24 2021-04-13 中国电子科技集团公司第三十研究所 Bidirectional identity authentication method based on lightweight CA, computer program and storage medium
CN112788117B (en) * 2020-12-30 2023-04-28 北京八分量信息科技有限公司 Authentication system, blockchain system and related products arranged on Internet node
CN112788117A (en) * 2020-12-30 2021-05-11 北京八分量信息科技有限公司 Authentication system arranged on internet node, block chain system and related product
CN112887308B (en) * 2021-01-26 2022-08-23 许少建 Non-inductive network identity authentication method and system
CN112887308A (en) * 2021-01-26 2021-06-01 许少建 Non-inductive network identity authentication method and system
US20220255934A1 (en) * 2021-02-05 2022-08-11 Cisco Technology, Inc. Sponsor delegation for multi-factor authentication
CN112883406A (en) * 2021-03-24 2021-06-01 南京邮电大学 Remote medical cross-domain authentication method based on alliance chain
CN112883406B (en) * 2021-03-24 2022-10-21 南京邮电大学 Remote medical cross-domain authentication method based on alliance chain
CN113507458A (en) * 2021-06-28 2021-10-15 电子科技大学 Cross-domain identity authentication method based on block chain
CN114036472B (en) * 2021-11-05 2024-03-29 西北工业大学 Kerberos and PKI security inter-domain cross-domain authentication method based on alliance chain
CN114036472A (en) * 2021-11-05 2022-02-11 西北工业大学 Cross-domain authentication method between Kerberos and PKI security domains based on alliance chain
CN114553527A (en) * 2022-02-22 2022-05-27 中国人民解放军78111部队 Block chain-based identity authentication service system crossing CA trust domain
CN114884698A (en) * 2022-04-12 2022-08-09 西北工业大学 Kerberos and IBC security domain cross-domain authentication method based on alliance chain
CN114884698B (en) * 2022-04-12 2023-03-07 西北工业大学 Kerberos and IBC security domain cross-domain authentication method based on alliance chain
CN115776389B (en) * 2022-11-01 2023-11-07 龙应斌 Anti-theft data security access method and system based on trusted authentication link
CN115776389A (en) * 2022-11-01 2023-03-10 龙应斌 Anti-theft data access security method and system based on trusted authentication link

Also Published As

Publication number Publication date
CN108737436B (en) 2020-02-21

Similar Documents

Publication Publication Date Title
CN108737436A (en) Based on the cross-domain services device identity identifying method for trusting alliance's block chain
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
Feng et al. Blockchain-based cross-domain authentication for intelligent 5G-enabled internet of drones
CN112073379B (en) Lightweight Internet of things security key negotiation method based on edge calculation
Shahidinejad et al. Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloud environment
CN102984127B (en) User-centered mobile internet identity managing and identifying method
JP5513482B2 (en) Station distributed identification method in network
CN109963282B (en) Privacy protection access control method in IP-supported wireless sensor network
CN109359464B (en) Wireless security authentication method based on block chain technology
KR20040013668A (en) Validation Method of Certificate Validation Server using Certificate Policy Table and Certificate Policy Mapping Table in PKI
WO2020020008A1 (en) Authentication method and authentication system
Oktian et al. BorderChain: Blockchain-based access control framework for the Internet of Things endpoint
CN105516119A (en) Cross-domain identity authentication method based on proxy re-signature
JP2023544529A (en) Authentication methods and systems
Xue et al. A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks
JP7389754B2 (en) Apparatus, methods and articles of manufacture for messaging using message level security
JP4870427B2 (en) Digital certificate exchange method, terminal device, and program
CN113901432A (en) Block chain identity authentication method, equipment, storage medium and computer program product
CN114189380A (en) Zero-trust-based distributed authentication system and authorization method for Internet of things equipment
Liu et al. A novel authentication management RFID protocol based on elliptic curve cryptography
Liou et al. T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs
CN109995723A (en) A kind of method, apparatus and system of the interaction of domain name analysis system DNS information
KR102118556B1 (en) Method for providing private blockchain based privacy information management service
CN116260656A (en) Main body trusted authentication method and system in zero trust network based on blockchain
CN109981662A (en) A kind of safe communication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant