CN101068255A - User identification method and device in safety shell protocol application - Google Patents
User identification method and device in safety shell protocol application Download PDFInfo
- Publication number
- CN101068255A CN101068255A CN 200710118901 CN200710118901A CN101068255A CN 101068255 A CN101068255 A CN 101068255A CN 200710118901 CN200710118901 CN 200710118901 CN 200710118901 A CN200710118901 A CN 200710118901A CN 101068255 A CN101068255 A CN 101068255A
- Authority
- CN
- China
- Prior art keywords
- user
- password
- client
- server
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A method for certifying user in application of safety shell protocol includes launching up cipher certification challenge to client end after private key sent from client end is received by server and verification is passed, returning back cipher inputted by user to server by client end, verifying cipher returned back from client end by server and passing certification on said user when verification of said cipher is passed. The device used for realizing said method is also disclosed.
Description
Technical field
The present invention relates to user authentication technique, user authen method and device during particularly a kind of safety shell protocol is used belong to the communications field.
Background technology
Safety shell protocol (being called for short SSH) as a kind of safe Telnet mode, can be protected the confidentiality of login user private information and interactive information effectively, prevents disabled user's eavesdropping.In protection user's data confidentiality, SSH also provides a cover mechanism, finishes for server login user is carried out strict authentication, thereby guarantee the safety of server, and this cover mechanism is exactly the key authentication mode of server to the user.
In the prior art, when using SSH to carry out Telnet, usually adopt this safer authentication method of authentication public key, server end is deposited PKI, client is deposited private key, when the user logins from client, uses private key to produce digital signature, mail to server authentication, the PKI that server uses local terminal to preserve is verified user identity.
In the prior art, the use of private key there is following method:
First method: the user can directly select or attempt private key that client stores in advance to authenticate to server, also can use the private key of the acquiescence that client stores to authenticate to server.
The defective of said method is: may be attacked the private key that makes the invador can use client because of client and authenticate with server and communicate by letter, on certain client device, preserved a legal private key (PKI of this private key correspondence exists) on far-end server, at this time any user that can login this equipment, as long as know the server end user name corresponding, just can go up far-end server from this client device login.Because user's login mode of client device is safety not necessarily, this has just threatened the safety of far-end server indirectly.
As shown in Figure 1, what the user logined that ssh client may use is unsafe connection, such as telnet.This connection is easy to be attacked by illegal user (username and password such as can eavesdrop the validated user login time), after this disabled user logins ssh client equipment, if it has obtained SSH user profile on the far-end server (some debugging messages that can be by viewing client-side or log information wait and obtain), just can use the user name of obtaining, and utilize the private key login of this client storage to go up far-end server.Though at this time far-end server has adopted this safe connection mode of SSH, and the higher authentication mode of this level of security of authentication that uses public-key, because the fail safe hidden danger of ssh client causes this security mechanism " to perform practically no function ".
Simultaneously, also there is a problem in said method, promptly can not carry out the segmentation of authority to the user who uses same private key.Though can carry out the division of authority by the different SSH user of SSH server end configuration.But for some applied environment, it is far from being enough that this user right that only relies on user name is divided.Such as following this situation:
As shown in Figure 2, user A, user B, user C pass through the SSH server of same ssh client login far-end, and the three uses same PKI.May be for user A, we wish to give its keeper's authority, and A can carry out any configuration to the SSH server of far-end, and for user B, we only wish that it can carry out part configuration, and we may wish that it can only visit for user C, can not carry out any configuration.
A, B, C may be same breadboard network manager, all use modes such as serial ports to login equipment, also may be the long-distance users.No matter be which kind of user, A, B, C three know that mutually the user name of the other side on long-range SSH server is very possible.Iff being to rely on to use different SSH user names to distinguish three users on the far-end SSH server, user C can use the user name of user A on far-end server to login fully, thereby obtains higher authority.
Second method: client generate key generate in right with key to user password one to one and be kept at client, the user must import corresponding password and could pass through to authenticate when using private key.
The defective of this method is: because this authentication mode carries out in client the checking of password, rather than at server end, this safety is based on the corresponding special password of certain bar PKI, the assailant is the own constructing environment of possibility fully, this password is guessed, and not by server end (also just not authenticating the number of times restriction), in case success guessed in password, the assailant just can successfully login server.。And the password of private key is to be produced by the founder when creating, unless special tool software is arranged, otherwise be the password that can not revise this private key.Divulge a secret for a certain reason when the password of certain bar private key, perhaps be cracked, this private key just must be updated (needing to upgrade the PKI on the SSH server simultaneously), causes and uses inconvenience.This method is because the corresponding passphrase of private key makes different users must use different private keys in addition.For some terminal that only may have a private key, just cannot allow a plurality of users to use this terminal to login.Even the terminal that has can be stored many private keys, it also is quite to waste that a user just needs the mode of a PKI of storage.Memory space to the client and server end takies bigger.
Summary of the invention
The purpose of this invention is to provide user authen method and device in a kind of safety shell protocol application; can overcome the defective of above-mentioned prior art effectively; strengthen the fail safe that safety shell protocol is used greatly, protect SSH to connect the influence that is not subjected to terminal security effectively.
For achieving the above object, the invention provides a kind of safety shell protocol user authen method in using, comprising: server is initiated the challenge of cipher authentication after receiving that private key that client sends and checking are passed through to client; User end to server returns the password of user's input; The password that server returns client is verified, when this password passes through checking, this user's authentication is passed through.
In technique scheme; after the private key that sends in the server authentication client; also initiate the challenge of cipher authentication to client; and the password that client is returned verified; because the password that client is returned is the password that the user imports after client is received the cipher authentication challenge of server transmission; but not be stored in password in the client; therefore can avoid effectively causing private key and the stolen defective of password because of the invasion of client victim in the prior art; improve the fail safe that safety shell protocol is used greatly, protect SSH to connect the influence that is not subjected to terminal security effectively.
For achieving the above object, the present invention also provides a kind of safety shell protocol user authentication device in using, and comprising: be used in first module of receiving that the challenge of cipher authentication is initiated in private key that client sends and checking to client by the back; And be used for second module that the password that client is returned is verified, by when checking this user's authentication passed through when this password.
In the technique scheme, the user authentication device during described safety shell protocol is used can be located in the server, also can independently be arranged between client and the server.After the private key that the server authentication client sends, also initiate the challenge of cipher authentication by this device, and verify by the password that this device returns client to client.Because the password that client is returned is the password that the user imports after client is received the cipher authentication challenge of server transmission; but not be stored in password in the client; therefore adopt this device can avoid effectively causing private key and the stolen defective of password because of the invasion of client victim in the prior art; improve the fail safe that safety shell protocol is used greatly, protect SSH to connect the influence that is not subjected to terminal security effectively.
Description of drawings
Fig. 1 is the schematic diagram of the attack mode that client suffers in the prior art;
Fig. 2 is the schematic diagram of user right control model in the prior art;
Fig. 3 is the schematic flow sheet of the embodiment one of the user authen method in the safety shell protocol application of the present invention;
Fig. 4 is the schematic diagram of the embodiment two of the user authen method in the safety shell protocol application of the present invention.
Embodiment
Below in conjunction with drawings and Examples, technical scheme of the present invention is described in further detail.
Of the present inventionly be contemplated that substantially: the fail safe that connects at SSH in the prior art is subjected to the defective of the influence of client secure easily, introducing a kind of new authentification of user mode is password-PKI mode, the user not only needs to have correct private key, must know that also corresponding password could successfully login the SSH server, and this password is not as being stored in client in the prior art, but import by the user, by server the password of user's input is verified, thereby when having avoided client to be subjected to invading effectively to the influence of SSH connection safety, improved the fail safe that SSH uses greatly, and also significantly reduced taking the client stores resource.
Fig. 3 is the schematic flow sheet of the embodiment one of the user authen method in the safety shell protocol application of the present invention, present embodiment one may further comprise the steps: in step 1, server is initiated the challenge of cipher authentication after receiving that private key that client sends and checking are passed through to client; In step 2, user end to server returns the password of user's input then; Then in step 3, the password that server returns client is verified, when this password passes through checking, this user's authentication is passed through.
In the foregoing description one; after the private key that sends in the server authentication client; also initiate the challenge of cipher authentication to client; and the password that client is returned verified; because the password that client is returned is the password that the user imports after client is received the cipher authentication challenge of server transmission; but not be stored in password in the client; the private key that therefore can effectively prevent terminal is used by the disabled user and successfully login; also can effectively prevent to use the different user of same asset to use other user's user name to obtain the authority that does not belong to self; thereby avoid effectively causing private key and the stolen defective of password because of the invasion of client victim in the prior art; improve the fail safe that safety shell protocol is used greatly, protect SSH to connect the influence that is not subjected to terminal security effectively.
The embodiment two of the user authen method during safety shell protocol of the present invention is used is with the difference of the foregoing description one: also comprised before step 1: server is stored the password one to one with each user of client in advance; The password that server described in the step 3 returns client is verified specifically and comprised: that server will be stored in advance, corresponding with this user password is compared with the password that client is returned, and when the two was identical, the password that client is returned was by checking.
In the foregoing description two, divide the user who uses same private key well at failing in the prior art, and private key and the corresponding one by one defective that causes taking in a large number storage resources and maintenance update complexity of password, take new password authentification mode, by distribute password one to one for the different user that uses same private key with the user, password and private key do not have one-to-one relationship, thereby avoided the inessential connection of key and password, can use same private key to dispose a plurality of users and do not take the storage resources of client, avoid the waste that terminal resource is caused; Simultaneously when password is revealed, only need reconfigure password and get final product, but not regenerating key of the prior art to and the password of correspondence, thereby improved the convenience of updating maintenance greatly.
For example, can be as shown in Figure 4, server end is by administrator configurations SSH user, the authentication mode that the user is set is password-PKI mode, and for the related PKI corresponding of user and a string password with the private key of terminal preservation (if take remote authentication on the SSH server, can on remote authentication server, create the user of same names, and for it is provided with password).Password and private key that the user uses do not have and must concern, can specify arbitrarily the keeper of server, so just can utilize a private key on the terminal to dispose different users safely, and not be subjected to the specification limits of terminal.
Further, after invading terminal, the disabled user use the private key of validated user to login, thereby threaten the safety of SSH server, also can dispose identical PKI and different passwords for the user of several passwords-authentication public key mode at server end, and dispose different Permission Levels for the user, make these users to use identical private key to login, and obtain different user rights from same terminal.
For example, among the embodiment three of the user authen method in safety shell protocol of the present invention is used, be with the difference of the foregoing description two: described server store in advance with each user of client one to one password comprise also that server is stored in advance and the different user that uses same private key user right information one to one; Server is after passing through authentification of user, and the operation to this user limits according to the user right information of this user's correspondence.
In the foregoing description three, by based on identical key to disposing different users, distinguish different users with password, both improved fail safe, saved terminal resource again; By based on same key to configuration different user and distinguish user right, can in the environment of multiple users share, control the authority of different user.
Further, the password that described server returns client is verified also and can be comprised: the upper limit number of times that sets in advance user's login on server, after the number of times of login failed for user surpasses this upper limit number of times, this user is charged in the blacklist, forbid that this user continues login.Have higher fail safe by carrying out cipher authentication than having the password authentication that carries out in client now at server end, and the number of times by authenticating in server end restriction client, thereby can avoid client to guess by force effectively.
Further, described server password that client is returned is verified also and can specifically be comprised: the password that described server returns client sends to long-range authenticated/authorized/statistical server (abbreviation aaa server) and verifies.By using the aaa authentication function (as agreements such as tacacs, radius) of long-range aaa server, thereby the authentication function of SSH server and the function of long-range aaa server are combined, the ease for use of networking also is provided in the fail safe that authentication public key is provided, has been convenient in original network environment, introduce at an easy rate authentication public key.
In sum, the present invention introduces cipher authentication by introducing this authentification of user mode of password-PKI on the basis of authentication public key, added one deck " lock " in the use of private key again in addition, guarantees the safe in utilization of private key.This authentication mode is not bound the password and the private key of cipher authentication use simultaneously, so just can allow the keeper based on a group key to disposing the user of a plurality of authentication public key, above the basis that does not influence fail safe server configuration and help saving terminal resource.In addition, by based on same key to configuration different user and distinguish user right, thereby can in the environment of multiple users share, control the authority of different user.Simultaneously, have higher fail safe than having the password authentication that carries out in client now by carrying out cipher authentication at server end, and the number of times by authenticating in server end restriction client, thereby can avoid client to guess by force effectively.
Conceive based on foregoing invention, the present invention also provides the user authentication device in a kind of safety shell protocol application, and the embodiment one of the user authentication device during safety shell protocol of the present invention is used comprises: be used for receiving the private key that client sends and verifying and pass through the challenge of cipher authentication is initiated in first module from the back to client; And be used for second module that the password that client is returned is verified, by when checking this user's authentication passed through when this password.
Among the embodiment one of the user authentication device during the invention described above safety shell protocol is used, the user authentication device during described safety shell protocol is used can be located in the server, also can independently be arranged between client and the server.After the private key that the server authentication client sends, also initiate the challenge of cipher authentication by this device, and verify by the password that this device returns client to client.Because the password that client is returned is the password that the user imports after client is received the cipher authentication challenge of server transmission; but not be stored in password in the client; therefore adopt this device can avoid effectively causing private key and the stolen defective of password because of the invasion of client victim in the prior art; improve the fail safe that safety shell protocol is used greatly, protect SSH to connect the influence that is not subjected to terminal security effectively.
Further, divide user and the private key and the corresponding one by one defective that causes taking in a large number storage resources and maintenance update complexity of password that uses same private key well at failing in the prior art, among the embodiment one of the user authentication device during the invention described above safety shell protocol is used, described second module also can comprise: first memory module is used for storing in advance the password one to one with each user of client; And the comparison process module, that be used for memory module is stored in advance, corresponding with this user password is compared with the password that client is returned, and when the two was identical, the password that client is returned was by checking.By above-mentioned module, for the different user that uses same private key distributes the password one to one with the user, password and private key do not have one-to-one relationship, thereby avoided the inessential connection of key and password, can use same private key to dispose a plurality of users and do not take the storage resources of client, avoid the waste that terminal resource is caused; Simultaneously when password is revealed, only need reconfigure password and get final product, but not regenerating key of the prior art to and the password of correspondence, thereby improved the convenience of updating maintenance greatly.
Further, after invading terminal, the disabled user use the private key of validated user to login, thereby threaten the safety of SSH server, the embodiment one of the user authentication device during the invention described above safety shell protocol is used also can comprise: second memory module is used for storing in advance the user right information one to one with the different user who uses same private key; And the control of authority module, be used for authentification of user being limited this user's operation by back, the user right information corresponding with this user of storing in advance according to second memory module in second module.By based on identical key to disposing different users, distinguish different users with password, both improved fail safe, saved terminal resource again; Simultaneously by based on same key to configuration different user and distinguish user right, can in the environment of multiple users share, control the authority of different user.
Further, the embodiment one of the user authentication device during the invention described above safety shell protocol is used also can comprise the login limiting module, be used on server, setting in advance the upper limit number of times of user's login, after the number of times of login failed for user surpasses this upper limit number of times, this user is charged in the blacklist, forbid that this user continues login.Have higher fail safe by carrying out cipher authentication than having the password authentication that carries out in client now at server end, and the number of times by authenticating in server end restriction client, thereby can avoid client to guess by force effectively.
Further, among the embodiment one of the user authentication device during the invention described above safety shell protocol is used, described second module also can comprise: remote communication module is used for that the password that client is returned is sent to long-range authenticated/authorized/statistical server and verifies.Use the aaa authentication function (as agreements such as tacacs, radius) of long-range aaa server by remote communication module, thereby the authentication function of SSH server and the function of long-range aaa server are combined, the ease for use of networking also is provided in the fail safe that authentication public key is provided, has been convenient in original network environment, introduce at an easy rate authentication public key.
Above embodiment is only in order to illustrating technical scheme of the present invention, but not the present invention is made restrictive sense.Although the present invention is had been described in detail with reference to above-mentioned preferred embodiment, those of ordinary skill in the art is to be understood that: it still can make amendment or be equal to replacement technical scheme of the present invention, and this modification or be equal to the spirit and scope that replacement does not break away from technical solution of the present invention.
Claims (10)
1, the user authen method during a kind of safety shell protocol is used is characterized in that, comprising:
Server is initiated the challenge of cipher authentication after receiving that private key that client sends and checking are passed through to client;
User end to server returns the password of user's input;
The password that server returns client is verified, when this password passes through checking, this user's authentication is passed through.
2, method according to claim 1 is characterized in that:
Also comprised before described server is received the private key that client sends: server is stored the password one to one with each user of client in advance;
The password that described server returns client is verified specifically and comprised: that server will be stored in advance, corresponding with this user password is compared with the password that client is returned, and when the two was identical, the password that client is returned was by checking.
3, method according to claim 2 is characterized in that:
Described server store in advance with each user of client one to one password also comprise: server is stored and the different user that uses same private key user right information one to one in advance;
Server is after passing through authentification of user, and the operation to this user limits according to the user right information of this user's correspondence.
4, method according to claim 1, it is characterized in that, the password that described server returns client is verified also and is comprised: the upper limit number of times that sets in advance user's login on server, after the number of times of login failed for user surpasses this upper limit number of times, this user is charged in the blacklist, forbid that this user continues login.
5, method according to claim 1 is characterized in that, the password that described server returns client is verified specifically and comprised: the password that described server returns client sends to long-range authenticated/authorized/statistical server and verifies.
6, the user authentication device during a kind of safety shell protocol is used is characterized in that, comprising:
Be used for receiving the private key that client sends and verifying first module from the back to client that initiate the challenge of cipher authentication by; And
Be used for second module that the password that client is returned is verified, by when checking this user's authentication passed through when this password.
7, device according to claim 6 is characterized in that, described second module also comprises:
First memory module is used for storing in advance the password one to one with each user of client;
The comparison process module, that be used for memory module is stored in advance, corresponding with this user password is compared with the password that client is returned, and when the two was identical, the password that client is returned was by checking.
8, device according to claim 7 is characterized in that, also comprises:
Second memory module is used for storing in advance the user right information one to one with the different user who uses same private key;
The control of authority module is used in second module authentification of user being limited this user's operation by back, the user right information corresponding with this user of storing in advance according to second memory module.
9, device according to claim 6 is characterized in that:
Also comprise the login limiting module, be connected with second module, be used on server, setting in advance the upper limit number of times of user's login, after the frequency of failure that second module authenticates user's login surpasses this upper limit number of times, this user charged in the blacklist, forbid that this user continues login.
10, device according to claim 6 is characterized in that, described second module also comprises:
Remote communication module is used for that the password that client is returned is sent to long-range authenticated/authorized/statistical server and verifies.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710118901 CN101068255A (en) | 2007-06-14 | 2007-06-14 | User identification method and device in safety shell protocol application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710118901 CN101068255A (en) | 2007-06-14 | 2007-06-14 | User identification method and device in safety shell protocol application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101068255A true CN101068255A (en) | 2007-11-07 |
Family
ID=38880689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710118901 Pending CN101068255A (en) | 2007-06-14 | 2007-06-14 | User identification method and device in safety shell protocol application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101068255A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102271332A (en) * | 2011-07-18 | 2011-12-07 | 中兴通讯股份有限公司 | Method and device for maintaining secrecy of terminal information |
| CN102333068A (en) * | 2011-03-18 | 2012-01-25 | 北京神州数码思特奇信息技术股份有限公司 | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method |
| CN103249040A (en) * | 2012-02-08 | 2013-08-14 | 华为终端有限公司 | Method and device for wireless access authentication |
| CN103944716A (en) * | 2013-01-17 | 2014-07-23 | 上海贝尔股份有限公司 | User authentication method and device |
| CN103841091B (en) * | 2012-11-26 | 2017-05-10 | 中国移动通信集团公司 | safety login method, device and system |
| CN107347080A (en) * | 2017-09-05 | 2017-11-14 | 郑州云海信息技术有限公司 | A kind of method based on dynamic password enhancing serial port protocol safety |
| CN110708299A (en) * | 2019-09-23 | 2020-01-17 | 广州海颐信息安全技术有限公司 | Method and device for privilege centralized management and realization of dynamic host mutual trust authentication |
| CN111404957A (en) * | 2020-03-25 | 2020-07-10 | 湖南快乐阳光互动娱乐传媒有限公司 | Method and system for improving security of CDN server based on SSH |
| CN111405006A (en) * | 2020-03-06 | 2020-07-10 | 北京奇艺世纪科技有限公司 | Method and device for processing remote login failure and remote login system |
| CN111541708A (en) * | 2020-05-06 | 2020-08-14 | 广东纬德信息科技股份有限公司 | Identity authentication method based on power distribution |
-
2007
- 2007-06-14 CN CN 200710118901 patent/CN101068255A/en active Pending
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102333068B (en) * | 2011-03-18 | 2014-04-02 | 北京思特奇信息技术股份有限公司 | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method |
| CN102333068A (en) * | 2011-03-18 | 2012-01-25 | 北京神州数码思特奇信息技术股份有限公司 | SSH and SFTP (Secure Shell and Ssh File Transfer Protocol)-based tunnel intelligent management and control system and method |
| CN102271332B (en) * | 2011-07-18 | 2017-09-12 | 中兴通讯股份有限公司 | End message time slot scrambling and device |
| CN102271332A (en) * | 2011-07-18 | 2011-12-07 | 中兴通讯股份有限公司 | Method and device for maintaining secrecy of terminal information |
| WO2013117131A1 (en) * | 2012-02-08 | 2013-08-15 | 华为终端有限公司 | Wireless access authentication method and device |
| CN103249040A (en) * | 2012-02-08 | 2013-08-14 | 华为终端有限公司 | Method and device for wireless access authentication |
| CN103249040B (en) * | 2012-02-08 | 2017-04-26 | 华为终端有限公司 | Method and device for wireless access authentication |
| CN103841091B (en) * | 2012-11-26 | 2017-05-10 | 中国移动通信集团公司 | safety login method, device and system |
| CN103944716A (en) * | 2013-01-17 | 2014-07-23 | 上海贝尔股份有限公司 | User authentication method and device |
| CN107347080A (en) * | 2017-09-05 | 2017-11-14 | 郑州云海信息技术有限公司 | A kind of method based on dynamic password enhancing serial port protocol safety |
| CN110708299A (en) * | 2019-09-23 | 2020-01-17 | 广州海颐信息安全技术有限公司 | Method and device for privilege centralized management and realization of dynamic host mutual trust authentication |
| CN111405006A (en) * | 2020-03-06 | 2020-07-10 | 北京奇艺世纪科技有限公司 | Method and device for processing remote login failure and remote login system |
| CN111405006B (en) * | 2020-03-06 | 2022-07-12 | 北京奇艺世纪科技有限公司 | Method and device for processing remote login failure and remote login system |
| CN111404957A (en) * | 2020-03-25 | 2020-07-10 | 湖南快乐阳光互动娱乐传媒有限公司 | Method and system for improving security of CDN server based on SSH |
| CN111541708A (en) * | 2020-05-06 | 2020-08-14 | 广东纬德信息科技股份有限公司 | Identity authentication method based on power distribution |
| CN111541708B (en) * | 2020-05-06 | 2022-08-19 | 广东纬德信息科技股份有限公司 | Identity authentication method based on power distribution |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101068255A (en) | User identification method and device in safety shell protocol application | |
| KR101414312B1 (en) | Policy driven, credntial delegat10n for single sign on and secure access to network resources | |
| US8671439B2 (en) | Techniques for authenticated posture reporting and associated enforcement of network access | |
| US8255977B2 (en) | Trusted network connect method based on tri-element peer authentication | |
| US20090132828A1 (en) | Cryptographic binding of authentication schemes | |
| US20090240936A1 (en) | System and method for storing client-side certificate credentials | |
| WO2018157247A1 (en) | System and method for securing communications with remote security devices | |
| WO2012091895A1 (en) | Management of ssl certificate escrow | |
| KR20150092719A (en) | Device and method certificate generation | |
| US20060265486A1 (en) | One-core, a solution to the malware problems of the internet | |
| US10218675B2 (en) | Legacy device securitization using bump-in-the-wire security devices within a microgrid system | |
| CN108900309B (en) | Authentication method and authentication system | |
| CN108881243B (en) | Linux operating system login authentication method, equipment, terminal and server based on CPK | |
| Ande et al. | SSO mechanism in distributed environment | |
| CN114301617A (en) | Identity authentication method and device for multi-cloud application gateway, computer equipment and medium | |
| US8393001B1 (en) | Secure signature server system and associated method | |
| CN1633072A (en) | A dual-server authentication scheme supporting weak password | |
| CN112016073B (en) | Construction method of server zero trust connection architecture | |
| CN114764492A (en) | SDP access control method and system based on block chain | |
| US7631344B2 (en) | Distributed authentication framework stack | |
| JP5099771B2 (en) | Two-factor authentication system | |
| CN114900372B (en) | Resource protection system based on zero trust security sentinel system | |
| US20040225709A1 (en) | Automatically configuring security system | |
| Gupta | Security characteristics of cryptographic mobility solutions | |
| Magnanini | Riprogettare Sistemi IT per Garantire Survivability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20071107 |