CN108737436A - Based on the cross-domain services device identity identifying method for trusting alliance's block chain - Google Patents
Based on the cross-domain services device identity identifying method for trusting alliance's block chain Download PDFInfo
- Publication number
- CN108737436A CN108737436A CN201810548516.8A CN201810548516A CN108737436A CN 108737436 A CN108737436 A CN 108737436A CN 201810548516 A CN201810548516 A CN 201810548516A CN 108737436 A CN108737436 A CN 108737436A
- Authority
- CN
- China
- Prior art keywords
- domains
- identity
- server
- block chain
- alliance
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses the cross-domain services device identity identifying method based on trust alliance block chain, step is:(1) structure trusts alliance's block chain;(2) user access server identity in the domains certification Public Key Infrastructure PKI;(3) in the domains certification Identity- based cryptography IBC user access server identity;(4) user access server identity in the domains effective time (5) re-authentication Public Key Infrastructure PKI of setting Service Ticket;(6) in the domains re-authentication Identity- based cryptography IBC user access server identity.The present invention, which is built, trusts alliance's block chain, it is mutually authenticated between realizing domain by being mutually authenticated between trust alliance block chain interior joint, and then cross-domain certification of the realization to server, reduce the maintenance load to bridge centring system, the calculation amount and the traffic of user terminal are reduced, there is good practicability and expansibility.
Description
Technical field
The invention belongs to network communication technology field, the one kind further related in technical field of network security is based on letter
Appoint the method for the cross-domain certificate server identity of alliance's block chain.Present invention can apply to the Public Key Infrastructure based on certificate
PKI (Public Key Infrastructure) and Identity- based cryptography IBC (Identity-Based
Cryptography when) user asks cross-domain access server in domain, method that the identity of accessed server is authenticated.
Background technology
Currently based on Public Key Infrastructure PKI and base of the trust domain authentication framework more application of public-key cryptography based on certificate
In the cipher system IBC of identity.When Identity- based cryptography IBC domain users access Public Key Infrastructure PKI domain servers,
Or when Public Key Infrastructure PKI domain users access Identity- based cryptography IBC domain servers, need the service to being accessed
Device identity carries out security credential, ensures that it provides the service of safety.It will appear at this time because of Public Key Infrastructure PKI and be based on body
Part cipher system IBC authentication structures it is different, the problems such as cannot achieve cross-domain authentication.
In the patent document of its application, " a kind of combination key based on mark is cross-domain to recognize for Beijing Di Mansen Science and Technology Ltd.s
It is close that a kind of combination based on mark is proposed in card method " (application number 201710647789.3, publication number CN 107395364A)
Key cross-domain authentication method.This method is in each tagged keys infrastructure IKI (Identity Key Infrastructure) system
An IKI system, referred to as bridge IKI are established except system, each IKI systems mutually sign and issue matrix identification respectively with bridge IKI, and system is used
Cross-domain certification is realized with being exchanged with each other for the bridge IKI matrix identifications mutually signed and issued in family using user identifier and said system.With
On credibility of the interactive authentication based on bridge IKI systems, it is therefore desirable to carry out trust security maintenance;This is carried out when user authentication
Sytem matrix mark is exchanged with each other with bridge IKI matrix identifications, needs to store the above matrix identification.Existing for this method
Shortcoming is:First, the identity of bridge IKI systems, which needs to trust, to be safeguarded, maintenance load is increased;Second, when IKI systems increase
When, bridge IKI systems storage burden increases, if multiple bridge IKI systems are arranged, increases the storage burden of user.
In the patent document of its application, " certification that the user in the domains IBC accesses the resource in the domains PKI is close for Southwest Jiaotong University
Key machinery of consultation " (application number 201710081516.7,106789042 A of publication number CN) and " user's access IBC in the domains PKI
It is disclosed in the authentication key agreement method (application number 201710082835.X, publication number CN106877996A) of resource in domain "
Realize the authentication secret key machinery of consultation of cross-domain access between the domains PKI and IBC, system above include user, resource and
The certificate server in the domains IBC and PKI.In its implementation, user needs to send verification Shen to this domain certificate server first
Please, access mandate bill and session secret key are then generated jointly with foreign lands certificate server, finally utilize the mandate bill generated
Apply for the authentication of resource-side.Resource-side verifies the legal rear and user of user identity and realizes secure communication.Existing for this method
Shortcoming is:Since user terminal is in this verification process, four interactive communications are carried out, need to carry out mandate ticket before communication
According to operations such as, session secret key and encrypted signatures, the calculation amount and the traffic for causing user terminal to carry are larger, be not suitable for resource by
The lightweight mobile subscriber terminal of limit.
Invention content
It is an object of the invention to the deficiencies for above-mentioned prior art, propose a kind of based on the clothes for trusting alliance's block chain
Business device cross-domain authentication method, Public Key Infrastructure PKI are realized in sane level relationship with the domains Identity- based cryptography IBC to clothes
The cross-domain certification of business device and safe and efficient re-authentication.
Realizing the thinking of the object of the invention is:By the close of certificate server in the domains Public Key Infrastructure PKI and identity-based
Domain proxy server trusts alliance's block chain as node, structure in the domains code system IBC;It will be in all trust alliances block chain
The certificate of validated user in the certificate of node server and the domains Public Key Infrastructure PKI is saved into and trusts alliance's block chain, passes through
Being mutually authenticated between alliance's trust model interior joint is mutually authenticated between realizing domain;It is realized to server using alliance's trust model
The cross-domain certification of identity, the successful information of certification is written as Service Ticket trusts alliance's block chain, is realized using Service Ticket
Quick re-authentication.
The present invention is as follows:
(1) structure trusts alliance's block chain:
Public key is respectively set according to the open ended quantity for trusting alliance's interior joint server of block chain communication capacity in (1a)
The quantity in the domains infrastructure PKI and the domains Identity- based cryptography IBC;
(1b) by the domains each Public Key Infrastructure PKI certificate server and each Identity- based cryptography IBC
Domain proxy server in domain, as the node server for trusting alliance's block chain;
Certificate server in the domains (1c) Public Key Infrastructure PKI is that domain is acted on behalf of in the domains Identity- based cryptography IBC
Server certificate;
(1d) selects hash function, the cryptographic Hash to Generate Certificate according to the size of certificate;
(1e) is preserved using the cryptographic Hash of certificate as first block in block body, alliance's block chain of establishing trust;
(2) in the domains certification Public Key Infrastructure PKI user access server identity:
The user accessed is asked in the domains (2a) Identity- based cryptography IBC, it is close using own private key and domestic mark
Code SM9 signature algorithms calculate the signature authentication application generated to own identification mark ID, signature authentication application transmission are given to domain
Proxy server;
Domain proxy server in the domains (2b) Identity- based cryptography IBC, the identity of user that checking request accesses are
It is no legal, if so, thening follow the steps (2c), otherwise, execute step (2f);
(2c) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI
Whether server meets mutual trust condition, if so, (2d) is thened follow the steps, it is no to then follow the steps (2f);
(2d) builds user's request server and visit in the domains Public Key Infrastructure PKI using the method for issuing temporary identity
Ask the secure communication of user;
Certificate server in the domains (2e) Public Key Infrastructure PKI trusts alliance's block chain using Service Ticket to be written
Method authentication storage voucher;
(2f) terminates certification;
(3) in the domains certification Identity- based cryptography IBC user access server identity:
The user accessed is asked in the domains (3a) Public Key Infrastructure PKI, and certification application is sent to certificate server;
The domains (3b) Public Key Infrastructure PKI certificate server, the certificate of queried access user on trusting alliance's block chain
State if certificate status is revocation, thens follow the steps (3f) if certificate status, which is statement, thens follow the steps (3c);
(3c) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI
Whether server meets mutual trust condition, if so, (3d) is thened follow the steps, it is no to then follow the steps (3f);
(3d) builds user access server and Shen in the domains Public Key Infrastructure PKI using the method for issuing temporary credentials
It please access the secure communication of user;
The domains Identity- based cryptography IBC (3e) domain proxy server trusts area of alliance using Service Ticket to be written
The method authentication storage voucher of block chain;
(3f) terminates certification;
(4) effective time of Service Ticket is set:
(4a) accesses the safe class of family server according to being used in the domains Public Key Infrastructure PKI, stores it in trust connection
Service Ticket on alliance's block chain is as safe class corresponding effective time;
(4b) accesses the safe class of family server according to being used in the domains Identity- based cryptography IBC, stores it in
The Service Ticket on alliance's block chain is trusted as safe class corresponding effective time;
(5) in the domains re-authentication Public Key Infrastructure PKI user access server identity;
Other users in the domains (5a) Identity- based cryptography IBC send identity signature Shen to domain proxy server
Please apply with access;
(5b) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI
Whether server meets mutual trust condition, if so, executing (5c), otherwise, executes step (5g);
The domains Identity- based cryptography IBC (5c) domain proxy server is visited using user in the domains Public Key Infrastructure PKI
It asks the identification information ID of server, generates Service Ticket;
The domains Identity- based cryptography IBC (5d) domain proxy server, on trusting alliance block chain inquiry certification with
Card, if inquiring Service Ticket, Service Ticket then allows this access within effective time, executes step (5g), otherwise holds
Row step (5e);
(5e) builds user access server and visit in the domains Public Key Infrastructure PKI using the method for issuing temporary identity
Ask the secure communication of user;
Certificate server in the domains (5f) Public Key Infrastructure PKI trusts alliance's block chain using Service Ticket to be written
Method authentication storage voucher;
(5g) terminates certification;
(6) in the domains re-authentication Identity- based cryptography IBC user access server identity:
Other users in the domains (6a) Public Key Infrastructure PKI send access request to certificate server;
(6b) judges certificate server and the domains Identity- based cryptography IBC domain agency in the domains Public Key Infrastructure PKI
Whether server meets mutual trust condition, if so, (6c) is executed, it is no to then follow the steps (6g);
Certificate server in the domains (6c) Public Key Infrastructure PKI utilizes user access server in the domains cipher system IBC
Identification information ID generates Service Ticket;
Certificate server in the domains (6d) Public Key Infrastructure PKI inquires Service Ticket on trusting alliance's block chain, if
Service Ticket is inquired, Service Ticket then allows this access within effective time, otherwise using execution (6e):
(6e) is built user in the domains Identity- based cryptography IBC and is accessed service using the method for issuing temporary credentials
Device and the secure communication for accessing user;
The domains Identity- based cryptography IBC (6f) domain proxy server trusts area of alliance using Service Ticket to be written
The method authentication storage voucher of block chain;
(6g) terminates certification.
Compared with the prior art, the present invention has the following advantages:
First, due to present invention structure, alliance trusts block chain, by mutual between alliance's trust block chain interior joint
Trust and be mutually authenticated between realizing domain, overcome the prior art and trust maintenance is carried out to bridge centring system because needing, causes to safeguard negative
The problem of load increases so that the present invention is excellent with better practicability and scalability in server cross-domain authentication method
Point.
Second, since the present invention preserves the Service Ticket of user access server, block chain interior joint is trusted by alliance
The Service Ticket that server inquires user access server realizes re-authentication, and it is identical because needing repeatedly to access to overcome the prior art
Server, cause repeat certification when node server calculate and communications burden increase the problem of so that the present invention server across
Have the advantages that efficiency faster in the authentication method of domain.
Third, due to present invention structure, alliance trusts block chain, by mutual between alliance's trust block chain interior joint
Trust and be mutually authenticated between realizing domain, overcomes the prior art because inter-realm authentication need to be carried out to accessing user, cause to access and use
The problem of larger calculating of family end carrying and communications burden so that the present invention has in server cross-domain authentication method to be more suitable for
The advantages of mainstream, resource-constrained mobile subscriber terminal.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Specific implementation mode
1 couple of present invention is described further below in conjunction with the accompanying drawings.
Step 1, structure trusts alliance's block chain.
According to the open ended quantity for trusting alliance's interior joint server of block chain communication capacity, public base is respectively set
The quantity in the domains facility PKI and the domains Identity- based cryptography IBC.
It will be in the certificate server and the domains each Identity- based cryptography IBC in the domains each Public Key Infrastructure PKI
Domain proxy server, as the node server for trusting alliance block chain.
Certificate server in the domains Public Key Infrastructure PKI is domain agency service in the domains Identity- based cryptography IBC
Device certificate.
Hash function, the cryptographic Hash to Generate Certificate are selected according to the size of certificate.
It using the cryptographic Hash of certificate as first block, is preserved in block body, alliance's block chain of establishing trust.
Step 2, in the domains certification Public Key Infrastructure PKI user access server identity.
The user accessed is asked in the domains Identity- based cryptography IBC, utilizes own private key and domestic id password SM9
Signature algorithm calculates the signature authentication application generated to own identification mark ID, signature authentication application transmission is given to domain agency
Server.
Whether the identity of domain proxy server in the domains Identity- based cryptography IBC, the user that checking request accesses closes
Method, if so, judging certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, and otherwise, certification terminates.
The public key for asking the user accessed carries out signature authentication application by domestic id password SM9 signature verifications algorithm
Verification, the signature authentication application by verification are that user identity is legal.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, using the method for issuing temporary identity, builds in the domains Public Key Infrastructure PKI
User's request server and the secure communication for accessing user, otherwise authentification failure.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain
The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain
The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
Certificate server in the domains Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket
Authentication storage voucher.
The method for issuing temporary identity is as follows:
1st step, the domain proxy server in the domains Identity- based cryptography IBC are generated and are used in the domains Public Key Infrastructure PKI
Family accesses the temporary identifier information of server, and temporary identifier information is sent to the domains Public Key Infrastructure PKI certificate server;
2nd step, the service that certificate server forwarding temporary identifier information is accessed to user in the domains Public Key Infrastructure PKI
Device;
3rd step, the server that service is provided in the domains Public Key Infrastructure PKI preserve temporary identifier information, utilize interim body
Part information asks service user to securely communicate with the domains Identity- based cryptography IBC.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server
It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan
Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Step 3, in the domains certification Identity- based cryptography IBC user access server identity.
The user accessed is asked in the domains Public Key Infrastructure PKI, and certification application is sent to certificate server.
The domains Public Key Infrastructure PKI certificate server, the certificate status of queried access user on trusting alliance's block chain,
Judge certificate server and Identity- based cryptography IBC in the domains Public Key Infrastructure PKI if certificate status is statement
Whether domain domain proxy server meets mutual trust condition, if certificate status is revocation, terminates certification.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, using the method for issuing temporary credentials, builds in the domains Public Key Infrastructure PKI
User access server and application access the secure communication of user, otherwise terminate certification.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain
The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain
The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
The method for issuing temporary credentials is as follows:
1st step, the domains Public Key Infrastructure PKI certificate server generate user in the domains Identity- based cryptography IBC and visit
Temporary credentials is sent to the domains Identity- based cryptography IBC domain proxy server by the temporary credentials for asking server;
2nd step, in the domains Identity- based cryptography IBC, temporary credentials is forwarded to user and accessed by domain proxy server
Server;
3rd step, in the domains Identity- based cryptography IBC, user access server preserves temporary credentials, utilizes interim card
Identity information in book realizes secure communication with request service user in the domains Public Key Infrastructure PKI.
The domains Identity- based cryptography IBC domain proxy server trusts alliance's block chain using Service Ticket to be written
Method authentication storage voucher.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server
It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan
Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Step 4, the effective time of Service Ticket is set.
According to the safe class for accessing family server is used in the domains Public Key Infrastructure PKI, stores it in and trust area of alliance
Service Ticket on block chain is as safe class corresponding effective time.
According to the safe class for accessing family server is used in the domains Identity- based cryptography IBC, trust is stored it in
Service Ticket on alliance's block chain is as safe class corresponding effective time.
Step 5, in the domains re-authentication Public Key Infrastructure PKI user access server identity;
Other users in the domains Identity- based cryptography IBC, to domain proxy server send identity signature application and
Access application.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, the domains Identity- based cryptography IBC domain proxy server, utilizes public base
The identification information ID of user access server in the domains facility PKI generates Service Ticket, otherwise, terminates certification.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain
The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain
The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
The domains Identity- based cryptography IBC domain proxy server inquires Service Ticket, such as on trusting alliance's block chain
Fruit inquires Service Ticket, and Service Ticket then allows this access, certification to terminate within effective time, is otherwise faced using issuing
When identity method, user access server and the secure communication for accessing user in structure Public Key Infrastructure PKI domains.
The method for issuing temporary identity is as follows:
1st step, the domains Identity- based cryptography IBC domain proxy server generate user in the domains Public Key Infrastructure PKI
The temporary identifier information for accessing server, the domains Public Key Infrastructure PKI certificate server is sent to by temporary identifier information;
2nd step, the service that certificate server forwarding temporary identifier information is accessed to user in the domains Public Key Infrastructure PKI
Device;
3rd step, the server that service is provided in the domains Public Key Infrastructure PKI preserve temporary identifier information, utilize interim body
Part information asks service user to securely communicate with the domains Identity- based cryptography IBC.
Certificate server in the domains Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket
Authentication storage voucher.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server
It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan
Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Step 6, in the domains re-authentication Identity- based cryptography IBC user access server identity.
Other users in the domains Public Key Infrastructure PKI send access request to certificate server.
Judge certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, certificate server in the domains Public Key Infrastructure PKI, utilizes the domains cipher system IBC
The identification information ID of middle user access server generates Service Ticket, otherwise executes and terminates certification.
The mutual trust condition refers to meeting the situation of following two conditions simultaneously:
Condition 1, the domains Public Key Infrastructure PKI certificate server, inquiry identity-based is close on trusting alliance's block chain
The certificate of domain proxy server in the domains code system IBC, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC are inquired public on trusting alliance's block chain
The certificate of the domains key infrastructure PKI certificate server, certificate status are statement.
Certificate server in the domains Public Key Infrastructure PKI inquires Service Ticket on trusting alliance's block chain, if inquiry
To Service Ticket, Service Ticket then allows this access, certification to terminate within effective time, otherwise uses and issues temporary credentials
Method, user access server and access the secure communication of user in structure Identity- based cryptography IBC domains.
The method for issuing temporary credentials is as follows:
1st step, the domains Public Key Infrastructure PKI certificate server generate user in the domains Identity- based cryptography IBC and visit
Temporary credentials is sent to the domains Identity- based cryptography IBC domain proxy server by the temporary credentials for asking server;
2nd step, in the domains Identity- based cryptography IBC, temporary credentials is forwarded to user and accessed by domain proxy server
Server;
3rd step, in the domains Identity- based cryptography IBC, user access server preserves temporary credentials, utilizes interim card
Identity information in book realizes secure communication with request service user in the domains Public Key Infrastructure PKI.
The domains Identity- based cryptography IBC domain proxy server trusts alliance's block chain using Service Ticket to be written
Method authentication storage voucher.
The method that Service Ticket is written to trust alliance block chain is as follows:
1st step trusts alliance's block chain interior joint server and believes the identity of success identity user access server
It ceases ID and generates Service Ticket;
2nd step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Kazakhstan
Uncommon operation, cryptographic Hash is generated by Service Ticket, and block chain is written in cryptographic Hash.
Terminate certification.
Claims (6)
1. a kind of based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that structure trusts alliance's block
Chain, by the card of validated user in the certificate of the node server in all trust alliances block chain and the domains Public Key Infrastructure PKI
Book is saved into and trusts alliance block chain, and cross-domain certification to server identity is realized using alliance's block chain is trusted, by certification at
The information of work(is saved into as Service Ticket and trusts alliance's block chain, and re-authentication is realized using Service Ticket;This method it is specific
Step includes as follows:
(1) structure trusts alliance's block chain:
Public base is respectively set according to the open ended quantity for trusting alliance's interior joint server of block chain communication capacity in (1a)
The quantity in the domains facility PKI and the domains Identity- based cryptography IBC;
(1b) will be in the certificate server and the domains each Identity- based cryptography IBC in the domains each Public Key Infrastructure PKI
Domain proxy server, as the node server for trusting alliance block chain;
Certificate server in the domains (1c) Public Key Infrastructure PKI is domain agency service in the domains Identity- based cryptography IBC
Device certificate;
(1d) selects hash function, the cryptographic Hash to Generate Certificate according to the size of certificate;
(1e) is preserved using the cryptographic Hash of certificate as first block in block body, alliance's block chain of establishing trust;
(2) in the domains certification Public Key Infrastructure PKI user access server identity:
The user accessed is asked in the domains (2a) Identity- based cryptography IBC, utilizes own private key and domestic id password SM9
Signature algorithm calculates the signature authentication application generated to own identification mark ID, signature authentication application transmission is given to domain agency
Server;
Whether the identity of domain proxy server in the domains (2b) Identity- based cryptography IBC, the user that checking request accesses closes
Method otherwise, executes step (2f) if so, thening follow the steps (2c);
(2c) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, (2d) is thened follow the steps, it is no to then follow the steps (2f);
(2d) is built user's request server in the domains Public Key Infrastructure PKI and is used with access using the method for issuing temporary identity
The secure communication at family;
Certificate server in the domains (2e) Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket
Authentication storage voucher;
(2f) terminates certification;
(3) in the domains certification Identity- based cryptography IBC user access server identity:
The user accessed is asked in the domains (3a) Public Key Infrastructure PKI, and certification application is sent to certificate server;
The domains (3b) Public Key Infrastructure PKI certificate server, the certificate status of queried access user on trusting alliance's block chain,
If certificate status, which is statement, thens follow the steps (3c), if certificate status is revocation, then follow the steps (3f);
(3c) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, (3d) is thened follow the steps, it is no to then follow the steps (3f);
(3d) is built user access server and application in the domains Public Key Infrastructure PKI and is visited using the method for issuing temporary credentials
Ask the secure communication of user;
The domains Identity- based cryptography IBC (3e) domain proxy server trusts alliance's block chain using Service Ticket to be written
Method authentication storage voucher;
(3f) terminates certification;
(4) effective time of Service Ticket is set:
(4a) accesses the safe class of family server according to being used in the domains Public Key Infrastructure PKI, stores it in and trusts area of alliance
Service Ticket on block chain is as safe class corresponding effective time;
(4b) accesses the safe class of family server according to being used in the domains Identity- based cryptography IBC, stores it in trust
Service Ticket on alliance's block chain is as safe class corresponding effective time;
(5) in the domains re-authentication Public Key Infrastructure PKI user access server identity;
Other users in the domains (5a) Identity- based cryptography IBC, to domain proxy server send identity signature application and
Access application;
(5b) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, executing (5c), otherwise, executes step (5g);
The domains Identity- based cryptography IBC (5c) domain proxy server accesses clothes using user in the domains Public Key Infrastructure PKI
The identification information ID of business device, generates Service Ticket;
The domains Identity- based cryptography IBC (5d) domain proxy server inquires Service Ticket, such as on trusting alliance's block chain
Fruit inquires Service Ticket, and Service Ticket then allows this access within effective time, executes step (5g), otherwise executes step
Suddenly (5e);
(5e) builds user access server in the domains Public Key Infrastructure PKI and is used with access using the method for issuing temporary identity
The secure communication at family;
Certificate server in the domains (5f) Public Key Infrastructure PKI, using the method that trust alliance block chain is written in Service Ticket
Authentication storage voucher;
(5g) terminates certification;
(6) in the domains re-authentication Identity- based cryptography IBC user access server identity:
Other users in the domains (6a) Public Key Infrastructure PKI send access request to certificate server;
(6b) judges certificate server and the domains Identity- based cryptography IBC domain agency service in the domains Public Key Infrastructure PKI
Whether device meets mutual trust condition, if so, allowing this access, executes (6c), no to then follow the steps (6g);
Certificate server in the domains (6c) Public Key Infrastructure PKI utilizes the identity of user access server in the domains cipher system IBC
Identification information ID generates Service Ticket;
Certificate server in the domains (6d) Public Key Infrastructure PKI inquires Service Ticket on trusting alliance's block chain, if inquiry
To Service Ticket, Service Ticket then allows this access within effective time, otherwise using execution (6e):
(6e) using the method for issuing temporary credentials, in the domains structure Identity- based cryptography IBC user access server and
Access the secure communication of user;
The domains Identity- based cryptography IBC (6f) domain proxy server trusts alliance's block chain using Service Ticket to be written
Method authentication storage voucher;
(6g) terminates certification.
2. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step
Suddenly user identity described in (2b) is legal to refer to, using the public key for the user that request accesses, is signed by domestic id password SM9
Verification algorithm verifies signature authentication application, and the signature authentication application by verification is that user identity is legal.
3. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step
Suddenly the mutual trust condition described in (2c), step (3c), step (5b) and step (6b) refers to meeting following two simultaneously
The situation of part:
Condition 1, the domains Public Key Infrastructure PKI certificate server inquire ID-ased cryptography body on trusting alliance's block chain
The certificate of domain proxy server in the domains IBC processed, certificate status are statement;
Condition 2, domain proxy server in the domains Identity- based cryptography IBC inquire public key base on trusting alliance's block chain
The certificate of the domains Infrastructure PKI certificate server, certificate status are statement.
4. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step
Suddenly (2d), the method for issuing temporary identity described in step (5e) are as follows:
The first step, the domains Identity- based cryptography IBC domain proxy server generate user in the domains Public Key Infrastructure PKI and visit
Temporary identifier information is sent to the domains Public Key Infrastructure PKI certificate server by the temporary identifier information for asking server;
Second step, the server that certificate server forwarding temporary identifier information is accessed to user in the domains Public Key Infrastructure PKI;
Third walks, and the server that service is provided in the domains Public Key Infrastructure PKI preserves temporary identifier information, is believed using temporary identity
Breath asks service user to securely communicate with the domains Identity- based cryptography IBC.
5. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step
Suddenly Service Ticket is written to the method for trusting alliance's block chain described in (2e), step (3e), step (5f) and step (6f)
It is as follows:
The first step trusts alliance's block chain interior joint server by the identification information ID of success identity user access server
Generate Service Ticket;
Second step trusts alliance's block chain interior joint server and selects hash function according to the size of Service Ticket, utilizes Hash
Service Ticket is generated cryptographic Hash by operation, and block chain is written in cryptographic Hash.
6. according to claim 1 based on the server cross-domain authentication method for trusting alliance's block chain, which is characterized in that step
Suddenly (3d), the method for issuing temporary credentials described in step (6e) are as follows:
The first step, the domains Public Key Infrastructure PKI certificate server generate user in the domains Identity- based cryptography IBC and access
Temporary credentials is sent to the domains Identity- based cryptography IBC domain proxy server by the temporary credentials of server;
Second step, in the domains Identity- based cryptography IBC, temporary credentials is forwarded to user and accesses service by domain proxy server
Device;
Third walks, and in the domains Identity- based cryptography IBC, user access server preserves temporary credentials, utilizes temporary credentials
In identity information and the domains Public Key Infrastructure PKI in request service user realize secure communication.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810548516.8A CN108737436B (en) | 2018-05-31 | 2018-05-31 | Cross-domain server identity authentication method based on trust alliance block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810548516.8A CN108737436B (en) | 2018-05-31 | 2018-05-31 | Cross-domain server identity authentication method based on trust alliance block chain |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108737436A true CN108737436A (en) | 2018-11-02 |
CN108737436B CN108737436B (en) | 2020-02-21 |
Family
ID=63931512
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810548516.8A Active CN108737436B (en) | 2018-05-31 | 2018-05-31 | Cross-domain server identity authentication method based on trust alliance block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108737436B (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109460413A (en) * | 2018-11-19 | 2019-03-12 | 众安信息技术服务有限公司 | Method and system for establishing account across block chains |
CN109523362A (en) * | 2018-11-16 | 2019-03-26 | 大唐高鸿信息通信研究院(义乌)有限公司 | A kind of second-hand house transaction system and method based on 5G framework and block chain |
CN109660330A (en) * | 2018-12-28 | 2019-04-19 | 飞天诚信科技股份有限公司 | One kind carrying out identity authentication method and system on block chain |
CN109727032A (en) * | 2018-12-29 | 2019-05-07 | 杭州趣链科技有限公司 | A kind of alliance's block chain access control method of identity-based id password |
CN109743172A (en) * | 2018-12-06 | 2019-05-10 | 国网山东省电力公司电力科学研究院 | Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal |
CN109829326A (en) * | 2018-11-20 | 2019-05-31 | 西安电子科技大学 | Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain |
CN109993531A (en) * | 2019-04-01 | 2019-07-09 | 辽宁大学 | A kind of data verification method for supporting transregional piece of chain to trade |
CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
CN110069918A (en) * | 2019-04-11 | 2019-07-30 | 苏州同济区块链研究院有限公司 | A kind of efficient double factor cross-domain authentication method based on block chain technology |
CN110084045A (en) * | 2019-04-25 | 2019-08-02 | 北京首汽智行科技有限公司 | A kind of cross-domain authentication specifications JWT optimization method |
CN111132149A (en) * | 2019-12-30 | 2020-05-08 | 全链通有限公司 | Registration method of 5G user terminal, user terminal equipment and medium |
CN111355745A (en) * | 2020-03-12 | 2020-06-30 | 西安电子科技大学 | Cross-domain identity authentication method based on edge computing network architecture |
WO2020147489A1 (en) * | 2019-01-18 | 2020-07-23 | 阿里巴巴集团控股有限公司 | Blockchain transaction generation method and device |
CN111555885A (en) * | 2020-03-18 | 2020-08-18 | 西安电子科技大学 | Credible identity authentication method, system, storage medium and cloud computing terminal |
CN112187712A (en) * | 2020-08-18 | 2021-01-05 | 西安电子科技大学 | Anonymous authentication method and system for trust in de-center mobile crowdsourcing |
CN112334898A (en) * | 2019-04-16 | 2021-02-05 | 罗伯托·格里吉奥 | System and method for managing multi-domain access credentials for users having access to multiple domains |
CN112511553A (en) * | 2020-12-08 | 2021-03-16 | 清华大学 | Hierarchical Internet trust degree sharing method |
CN112637189A (en) * | 2020-12-18 | 2021-04-09 | 重庆大学 | Multi-layer block chain cross-domain authentication method in application scene of Internet of things |
CN112654042A (en) * | 2020-12-24 | 2021-04-13 | 中国电子科技集团公司第三十研究所 | Bidirectional identity authentication method based on lightweight CA, computer program and storage medium |
CN112787818A (en) * | 2019-11-07 | 2021-05-11 | 顺天乡大学校产学协力团 | User authentication system and method based on anonymous protocol, and recording medium |
CN112788117A (en) * | 2020-12-30 | 2021-05-11 | 北京八分量信息科技有限公司 | Authentication system arranged on internet node, block chain system and related product |
CN112887308A (en) * | 2021-01-26 | 2021-06-01 | 许少建 | Non-inductive network identity authentication method and system |
CN112883406A (en) * | 2021-03-24 | 2021-06-01 | 南京邮电大学 | Remote medical cross-domain authentication method based on alliance chain |
CN113507458A (en) * | 2021-06-28 | 2021-10-15 | 电子科技大学 | Cross-domain identity authentication method based on block chain |
CN114006699A (en) * | 2020-10-28 | 2022-02-01 | 北京八分量信息科技有限公司 | Certificate issuing method in zero trust architecture |
CN114036472A (en) * | 2021-11-05 | 2022-02-11 | 西北工业大学 | Cross-domain authentication method between Kerberos and PKI security domains based on alliance chain |
CN114553527A (en) * | 2022-02-22 | 2022-05-27 | 中国人民解放军78111部队 | Block chain-based identity authentication service system crossing CA trust domain |
CN114884698A (en) * | 2022-04-12 | 2022-08-09 | 西北工业大学 | Kerberos and IBC security domain cross-domain authentication method based on alliance chain |
US20220255934A1 (en) * | 2021-02-05 | 2022-08-11 | Cisco Technology, Inc. | Sponsor delegation for multi-factor authentication |
CN115776389A (en) * | 2022-11-01 | 2023-03-10 | 龙应斌 | Anti-theft data access security method and system based on trusted authentication link |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060023887A1 (en) * | 2004-04-02 | 2006-02-02 | Agrawal Dharma P | Threshold and identity-based key management and authentication for wireless ad hoc networks |
CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
CN105516119A (en) * | 2015-12-03 | 2016-04-20 | 西北师范大学 | Cross-domain identity authentication method based on proxy re-signature |
CN106789042A (en) * | 2017-02-15 | 2017-05-31 | 西南交通大学 | User in IBC domains accesses the authentication key agreement method of the resource in PKI domains |
CN106877996A (en) * | 2017-02-16 | 2017-06-20 | 西南交通大学 | User in PKI domains accesses the authentication key agreement method of the resource in IBC domains |
CN107395364A (en) * | 2017-08-01 | 2017-11-24 | 北京迪曼森科技有限公司 | A kind of combination key cross-domain authentication method based on mark |
CN107995197A (en) * | 2017-12-04 | 2018-05-04 | 中国电子科技集团公司第三十研究所 | A kind of method for realizing across management domain identity and authority information is shared |
-
2018
- 2018-05-31 CN CN201810548516.8A patent/CN108737436B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060023887A1 (en) * | 2004-04-02 | 2006-02-02 | Agrawal Dharma P | Threshold and identity-based key management and authentication for wireless ad hoc networks |
CN101453476A (en) * | 2009-01-06 | 2009-06-10 | 中国人民解放军信息工程大学 | Cross domain authentication method and system |
CN105516119A (en) * | 2015-12-03 | 2016-04-20 | 西北师范大学 | Cross-domain identity authentication method based on proxy re-signature |
CN106789042A (en) * | 2017-02-15 | 2017-05-31 | 西南交通大学 | User in IBC domains accesses the authentication key agreement method of the resource in PKI domains |
CN106877996A (en) * | 2017-02-16 | 2017-06-20 | 西南交通大学 | User in PKI domains accesses the authentication key agreement method of the resource in IBC domains |
CN107395364A (en) * | 2017-08-01 | 2017-11-24 | 北京迪曼森科技有限公司 | A kind of combination key cross-domain authentication method based on mark |
CN107995197A (en) * | 2017-12-04 | 2018-05-04 | 中国电子科技集团公司第三十研究所 | A kind of method for realizing across management domain identity and authority information is shared |
Non-Patent Citations (2)
Title |
---|
CAIFEN WANG ET AL: ""An authenticated key agreement protocol for cross-domain based on heterogeneous signcryption scheme"", 《2017 13TH INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC)》 * |
周致成 等: ""基于区块链技术的高效跨域认证方案"", 《计算机应用》 * |
Cited By (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109523362A (en) * | 2018-11-16 | 2019-03-26 | 大唐高鸿信息通信研究院(义乌)有限公司 | A kind of second-hand house transaction system and method based on 5G framework and block chain |
CN109523362B (en) * | 2018-11-16 | 2020-08-18 | 大唐高鸿信息通信研究院(义乌)有限公司 | Second-hand house transaction system and method based on 5G architecture and block chain |
CN109460413A (en) * | 2018-11-19 | 2019-03-12 | 众安信息技术服务有限公司 | Method and system for establishing account across block chains |
CN109460413B (en) * | 2018-11-19 | 2022-05-13 | 众安信息技术服务有限公司 | Method and system for establishing account across block chains |
CN109829326A (en) * | 2018-11-20 | 2019-05-31 | 西安电子科技大学 | Cross-domain certification and fair audit duplicate removal cloud storage system based on block chain |
CN109829326B (en) * | 2018-11-20 | 2023-04-07 | 西安电子科技大学 | Cross-domain authentication and fair audit de-duplication cloud storage system based on block chain |
CN109743172A (en) * | 2018-12-06 | 2019-05-10 | 国网山东省电力公司电力科学研究院 | Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal |
CN109743172B (en) * | 2018-12-06 | 2021-10-15 | 国网山东省电力公司电力科学研究院 | Cross-domain network authentication method based on alliance block chain V2G and information data processing terminal |
CN109660330A (en) * | 2018-12-28 | 2019-04-19 | 飞天诚信科技股份有限公司 | One kind carrying out identity authentication method and system on block chain |
CN109727032A (en) * | 2018-12-29 | 2019-05-07 | 杭州趣链科技有限公司 | A kind of alliance's block chain access control method of identity-based id password |
WO2020147489A1 (en) * | 2019-01-18 | 2020-07-23 | 阿里巴巴集团控股有限公司 | Blockchain transaction generation method and device |
US11895248B2 (en) | 2019-01-18 | 2024-02-06 | Advanced New Technologies Co., Ltd. | Method and apparatus for generating blockchain transaction |
TWI798483B (en) * | 2019-01-18 | 2023-04-11 | 開曼群島商創新先進技術有限公司 | Method and device for generating blockchain transactions |
US11283627B2 (en) | 2019-01-18 | 2022-03-22 | Advanced New Technologies Co., Ltd. | Method and apparatus for generating blockchain transaction |
CN109993531A (en) * | 2019-04-01 | 2019-07-09 | 辽宁大学 | A kind of data verification method for supporting transregional piece of chain to trade |
CN110069918A (en) * | 2019-04-11 | 2019-07-30 | 苏州同济区块链研究院有限公司 | A kind of efficient double factor cross-domain authentication method based on block chain technology |
CN112334898A (en) * | 2019-04-16 | 2021-02-05 | 罗伯托·格里吉奥 | System and method for managing multi-domain access credentials for users having access to multiple domains |
CN110084045A (en) * | 2019-04-25 | 2019-08-02 | 北京首汽智行科技有限公司 | A kind of cross-domain authentication specifications JWT optimization method |
CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
CN112787818A (en) * | 2019-11-07 | 2021-05-11 | 顺天乡大学校产学协力团 | User authentication system and method based on anonymous protocol, and recording medium |
CN112787818B (en) * | 2019-11-07 | 2023-09-26 | 顺天乡大学校产学协力团 | User authentication system and method based on anonymous protocol, and recording medium |
CN111132149A (en) * | 2019-12-30 | 2020-05-08 | 全链通有限公司 | Registration method of 5G user terminal, user terminal equipment and medium |
CN111132149B (en) * | 2019-12-30 | 2023-11-21 | 全链通有限公司 | Registration method of 5G user terminal, user terminal equipment and medium |
CN111355745A (en) * | 2020-03-12 | 2020-06-30 | 西安电子科技大学 | Cross-domain identity authentication method based on edge computing network architecture |
CN111555885A (en) * | 2020-03-18 | 2020-08-18 | 西安电子科技大学 | Credible identity authentication method, system, storage medium and cloud computing terminal |
CN111555885B (en) * | 2020-03-18 | 2021-11-30 | 西安电子科技大学 | Credible identity authentication method, system, storage medium and cloud computing terminal |
CN112187712A (en) * | 2020-08-18 | 2021-01-05 | 西安电子科技大学 | Anonymous authentication method and system for trust in de-center mobile crowdsourcing |
CN114006699B (en) * | 2020-10-28 | 2023-11-07 | 北京八分量信息科技有限公司 | Certificate issuing method in zero trust architecture |
CN114006699A (en) * | 2020-10-28 | 2022-02-01 | 北京八分量信息科技有限公司 | Certificate issuing method in zero trust architecture |
CN112511553A (en) * | 2020-12-08 | 2021-03-16 | 清华大学 | Hierarchical Internet trust degree sharing method |
CN112637189A (en) * | 2020-12-18 | 2021-04-09 | 重庆大学 | Multi-layer block chain cross-domain authentication method in application scene of Internet of things |
CN112637189B (en) * | 2020-12-18 | 2022-06-24 | 重庆大学 | Multi-layer block chain cross-domain authentication method in application scene of Internet of things |
CN112654042A (en) * | 2020-12-24 | 2021-04-13 | 中国电子科技集团公司第三十研究所 | Bidirectional identity authentication method based on lightweight CA, computer program and storage medium |
CN112788117B (en) * | 2020-12-30 | 2023-04-28 | 北京八分量信息科技有限公司 | Authentication system, blockchain system and related products arranged on Internet node |
CN112788117A (en) * | 2020-12-30 | 2021-05-11 | 北京八分量信息科技有限公司 | Authentication system arranged on internet node, block chain system and related product |
CN112887308B (en) * | 2021-01-26 | 2022-08-23 | 许少建 | Non-inductive network identity authentication method and system |
CN112887308A (en) * | 2021-01-26 | 2021-06-01 | 许少建 | Non-inductive network identity authentication method and system |
US20220255934A1 (en) * | 2021-02-05 | 2022-08-11 | Cisco Technology, Inc. | Sponsor delegation for multi-factor authentication |
CN112883406A (en) * | 2021-03-24 | 2021-06-01 | 南京邮电大学 | Remote medical cross-domain authentication method based on alliance chain |
CN112883406B (en) * | 2021-03-24 | 2022-10-21 | 南京邮电大学 | Remote medical cross-domain authentication method based on alliance chain |
CN113507458A (en) * | 2021-06-28 | 2021-10-15 | 电子科技大学 | Cross-domain identity authentication method based on block chain |
CN114036472B (en) * | 2021-11-05 | 2024-03-29 | 西北工业大学 | Kerberos and PKI security inter-domain cross-domain authentication method based on alliance chain |
CN114036472A (en) * | 2021-11-05 | 2022-02-11 | 西北工业大学 | Cross-domain authentication method between Kerberos and PKI security domains based on alliance chain |
CN114553527A (en) * | 2022-02-22 | 2022-05-27 | 中国人民解放军78111部队 | Block chain-based identity authentication service system crossing CA trust domain |
CN114884698A (en) * | 2022-04-12 | 2022-08-09 | 西北工业大学 | Kerberos and IBC security domain cross-domain authentication method based on alliance chain |
CN114884698B (en) * | 2022-04-12 | 2023-03-07 | 西北工业大学 | Kerberos and IBC security domain cross-domain authentication method based on alliance chain |
CN115776389B (en) * | 2022-11-01 | 2023-11-07 | 龙应斌 | Anti-theft data security access method and system based on trusted authentication link |
CN115776389A (en) * | 2022-11-01 | 2023-03-10 | 龙应斌 | Anti-theft data access security method and system based on trusted authentication link |
Also Published As
Publication number | Publication date |
---|---|
CN108737436B (en) | 2020-02-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108737436A (en) | Based on the cross-domain services device identity identifying method for trusting alliance's block chain | |
CN112039872B (en) | Cross-domain anonymous authentication method and system based on block chain | |
Feng et al. | Blockchain-based cross-domain authentication for intelligent 5G-enabled internet of drones | |
CN112073379B (en) | Lightweight Internet of things security key negotiation method based on edge calculation | |
Shahidinejad et al. | Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloud environment | |
CN102984127B (en) | User-centered mobile internet identity managing and identifying method | |
JP5513482B2 (en) | Station distributed identification method in network | |
CN109963282B (en) | Privacy protection access control method in IP-supported wireless sensor network | |
CN109359464B (en) | Wireless security authentication method based on block chain technology | |
KR20040013668A (en) | Validation Method of Certificate Validation Server using Certificate Policy Table and Certificate Policy Mapping Table in PKI | |
WO2020020008A1 (en) | Authentication method and authentication system | |
Oktian et al. | BorderChain: Blockchain-based access control framework for the Internet of Things endpoint | |
CN105516119A (en) | Cross-domain identity authentication method based on proxy re-signature | |
JP2023544529A (en) | Authentication methods and systems | |
Xue et al. | A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks | |
JP7389754B2 (en) | Apparatus, methods and articles of manufacture for messaging using message level security | |
JP4870427B2 (en) | Digital certificate exchange method, terminal device, and program | |
CN113901432A (en) | Block chain identity authentication method, equipment, storage medium and computer program product | |
CN114189380A (en) | Zero-trust-based distributed authentication system and authorization method for Internet of things equipment | |
Liu et al. | A novel authentication management RFID protocol based on elliptic curve cryptography | |
Liou et al. | T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs | |
CN109995723A (en) | A kind of method, apparatus and system of the interaction of domain name analysis system DNS information | |
KR102118556B1 (en) | Method for providing private blockchain based privacy information management service | |
CN116260656A (en) | Main body trusted authentication method and system in zero trust network based on blockchain | |
CN109981662A (en) | A kind of safe communication system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |