CN101938473B - Single-point login system and single-point login method - Google Patents

Single-point login system and single-point login method Download PDF

Info

Publication number
CN101938473B
CN101938473B CN 201010260488 CN201010260488A CN101938473B CN 101938473 B CN101938473 B CN 101938473B CN 201010260488 CN201010260488 CN 201010260488 CN 201010260488 A CN201010260488 A CN 201010260488A CN 101938473 B CN101938473 B CN 101938473B
Authority
CN
China
Prior art keywords
user
sign
key
pki
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN 201010260488
Other languages
Chinese (zh)
Other versions
CN101938473A (en
Inventor
赵建国
李维刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd
YIHENGXIN VERIFICATION SCIENCE AND TECHNOLOGY Co Ltd BEIJING
Original Assignee
BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd
YIHENGXIN VERIFICATION SCIENCE AND TECHNOLOGY Co Ltd BEIJING
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd, YIHENGXIN VERIFICATION SCIENCE AND TECHNOLOGY Co Ltd BEIJING filed Critical BEIJING LIANHE ZHIHUA ELECTRONIC TECHNOLOGY Co Ltd
Priority to CN 201010260488 priority Critical patent/CN101938473B/en
Publication of CN101938473A publication Critical patent/CN101938473A/en
Application granted granted Critical
Publication of CN101938473B publication Critical patent/CN101938473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of information safety and relates to an authentication technology based on identifications, in particular to a single-point login system and a single-point login method which can be used for realizing safe single-point login among a plurality of application systems. The single-point login system comprises user key equipment and a login authenticating module which is arranged at the server end, wherein an identification private key or a composite private key is stored in the user key equipment; seed public key sets are stored in the server end and the user end; the user key equipment carries out interactive authentication with the login authenticating module at the server end when accessing a server; and the user key equipment is reformed so as to maintain an opening state after a PIN (Personal Identification Number) is input once, and the authentication work is automatically finished between the server end and the client end when the user accesses other application systems, therefore, the ideal effect of single-point login is achieved.

Description

Single-node login system and single-point logging method
Technical field
The invention belongs to field of information security technology, the authentication techniques based on sign are specifically related to a kind of single-node login system and single-point logging method, can be used for realizing between many application systems safe single-sign-on.
Background technology
Be in the consideration on the safety, increasing information system begins to adopt dynamic password and based on the login system of PKI certificate.The mode that adopts the more common user name of said system enforcement access control to add password wants much safe, but the network user and system manager are still had inconvenience: one-time identity authentication all will be done by system of the every login of user, the system manager then will formulate independent security strategy to each application system, and need visit unwarranted Internet resources to limit them for the user in each system authorizes separately.
For addressing the above problem, SSO (Single Sign-On) concept has been proposed abroad.The SSO literal translation also claims single-sign-on for once login.Its mechanism is under the enterprise network environment, does disposable authentication during user's access enterprise networks station, just can carry out seamless access to all Internet resources that are authorized to subsequently, and not need repeatedly to import the authentication information of oneself.
Single-sign-on can improve the network user's operating efficiency, make mistakes probability but realize that difficulty is very big of reduction system.At present, the authentication information shared mechanism that single-sign-on mainly relies on each middleware supplier to provide when application server cluster is provided, and the implementation that each tame manufacturer provides is also different.More representational one is the WebSphere application server of IBM Corporation, it records authentication information by cookies, cookie is a blocks of data that is sent to the login user browser by the Web website, can be stored in the user's computer as anonymous mark, be used for the computer of identifying user.Another kind is the WebLogic application server of BEA company, and it realizes sharing of authentication information by the session technology of sharing.The main effect of Session can be set up a private variable at some users' special connection exactly, and this variable can transmit between the different pages.No matter adopt the session technology of sharing or by cookies record authentication information, all have the problem that is difficult for preservation, loses easily.In addition, the session mode is consumption of natural resource not only, also has ageing restriction, in case overtime, information will all be lost; And cookies can only be applied to accept on the user browser of cookie, and suitable limitation is also arranged.Aforesaid way all is the indirect authentication login by the trust transfer realization in essence, and the behavior of any prolongation trust chain all can increase security risk, and is difficult to the single-sign-on between realization C/S application and B/S application.
Summary of the invention
In view of this, in order to address the above problem, the invention discloses a kind of easy relatively, and safer single-node login system.
The object of the present invention is achieved like this: single-node login system, the login authentication module that comprises user key equipment and be arranged at server end, store sign private key or compound private key in the described user key equipment, store the seed public key sets in server end and the user side, user key equipment when access server and the login authentication module of server end carry out interactive authentication by CPK Conbined public or double key algorithm or composite public key algorithm.
Further, in the interactive authentication process, user side sends the user's signature packets of information to server end, comprises seed PKI identification mark in the described user's signature packet;
Further, described user key equipment was opened during the access server end in the first time, closed when being connected up to disconnecting with user end computer;
Further, described user key equipment is USB device or the IC-card that comprises the CPK chip.
The present invention also provides a kind of single-point logging method, comprises the steps:
1) user is connected user key equipment with user end computer;
When 2) user was by the user end computer access server, server end generated a random string and returns user side;
3) after user side receives the random string that server end returns, open user key equipment, this random string and current time are calculated summary data together, summary data is sent into user key equipment carry out digital signature;
4) after user key equipment was finished digital signature, user side was packaged as signature packet with digital signature data, signature time, signer sign, signer place trust domain sign, and server end is given in loopback;
5) server end extracts signer sign and place trust domain sign from signature packet, calculate user's sign PKI by the seed PKI of trust domain under this user side, digital signature information in the signature packet is verified, if the verification passes, then carried out next step;
6) server end allows user's login.
Further, in the described step 4), user side will be at random PKI, sign private key to public key signature, digital signature, signature time, signer sign, signer place trust domain sign are packaged as signature packet together at random;
In the step 5), use earlier the sign public key verifications authenticity of PKI at random, will identify again PKI and at random PKI calculate composite public key, utilize composite public key that the digital signature information in the signature packet is verified.
Further, also comprise the steps: before the step 6) after the step 5)
To sign time and current server time compares, as occurs overtimely, judges that then signature lost efficacy, as does not occur overtimely, and then checking is passed through, and carries out next step;
Further, also comprise the steps:
When 7) user logined other server, user side calculated summary data together with random string and current time that this server returns, summary data is sent into user key equipment again and is carried out digital signature, and automatically perform step 4-6);
Further, with after user end computer is connected, during access server, need import PIN code when opening user key equipment in the step 3) at user key equipment for the first time.
The invention has the beneficial effects as follows: based on CPK Conbined public or double key or CPK composite public key technology, for user and system manager provide a kind of convenient, flexible total solution, the present invention utilizes the authentication techniques based on sign, it is succinct to have system, it is convenient to dispose, and support end-to-end direct authentication, do not need good characteristics such as online database back-office support, by at the corresponding authentication module of each application server deploy, and be connected with the empowerment management of application system, simultaneously user key equipment (is included the CPK chip that writes private key for user, can be packaged into Usb-Key, the form that convenience such as IC-card are used) transformed, make it after once importing PIN code, namely be held open state, thereby when the user visits each application system, certification work will be finished between service end and client automatically, thereby reach the ideal effect of single-sign-on.
The present invention utilizes in the Conbined public or double key system seed PKI can disclosed characteristic, by making up the seed public key sets, and in the user key data structure, increase corresponding seed PKI identification mark, when calculating the user ID PKI, system can select corresponding seed PKI automatically, thereby realizes direct cross-certification.
Native system shows as single-sign-on, and has single-sign-on all facilities, but is pointwise authentication login in essence, will guarantee the log-on message trouble that safe transfer causes between server and risk thereby evaded.Because the ID authentication process can not cause big influence to the performance of clothes device to the consumption of server resource seldom (Millisecond), and the bottleneck that can also avoid a large number of users Collective qualification to cause.Native system also can provide the safety certification interface with auditing system and system manager, solves audit and the unified management problem concentrated.
Description of drawings
In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing:
Fig. 1 shows the structural representation of single-node login system;
Fig. 2 shows the sign private key, compound private key reaches PKI generative process schematic diagram at random;
Fig. 3 shows sign PKI generative process schematic diagram;
Fig. 4 shows the schematic flow sheet of single-point logging method.
Embodiment
(Combined Pubic Key CPK) is based on the public key algorithm of sign to the Conbined public or double key algorithm, and its KMC generates private key calculating parameter (private key calculates base) and the PKI calculating parameter (PKI calculates basic) that corresponds to each other; According to the sign that first user provides, utilize described private key calculating parameter to calculate first user's private key, and the private key that produces is offered first user; And announce described PKI calculating parameter, so that second user can utilize described PKI calculating parameter according to first user's sign after the sign that obtains first user, calculate first user's PKI.
On the basis that has proposed the CPK algorithm, a kind of CPK chip also is provided, the CPK chip has CPK algorithm function unit, indentification protocol unit, applicant's Chinese invention patent application 2005100021564 based on the key generation apparatus of sign and method in embodiment described, quote in full in the present invention.The algorithm function unit of CPK and indentification protocol unit provide required all parameters of authentication and agreement, utilize the PKI matrix then just can calculate the PKI of any entity.
Also proposed the composite public key algorithm in applicant's application number is 200810113495.3 Chinese invention patent application: (random) at random key that key is defined at random by sign (identity) key and the system of combinatorial matrix definition, renewal (updating) key that the user defines voluntarily are composited.In cipher key change, key by tagged keys, system (system) key, year (year) key be composited.Wherein, tagged keys is pressed the generation of Conbined public or double key CPK system; Random key generates by randomizer.Key in the cipher key change is formulated by KMC is unified.
Also proposed a kind of double factor combination key algorithm in applicant's application number is 200810113494.9 Chinese invention patent application, this also is a kind of composite public key algorithm.
Present embodiment namely is based on single-node login system and the method for the cross-domain authentication of support of CPK Conbined public or double key algorithm or composite public key algorithm.
Referring to Fig. 1, single-node login system comprises login authentication module and the user key equipment that is arranged at server end, store sign private key or compound private key in the described user key equipment, store the seed public key sets in server end and the user side, user key equipment when access server and the login authentication module of server end carry out interactive authentication, described user key equipment is USB-KEY or the IC-card that comprises the CPK chip, described user key equipment is through transforming, it is opened after importing PIN code for the first time, close when being connected up to disconnecting with user end computer, comprise CPK algorithm unit and/or composite public key algorithm unit in the described login authentication module.
KMC produces sign private key or compound private key according to each user's sign (can be self-defined, use name, organization etc. need to guarantee its uniqueness) for it, writes user key equipment, and is issued to each user.Referring to Fig. 2, sign private key and compound private key production method are as follows:
The sign private key generates: to user ID, go out the hash value H (ID) of sign with the hash function calculation, choose ordered series of numbers with H (ID) structure, choose and through combinatorial operation generation user ID private key (isk), should identify private key and write user key equipment and server authentication module from seed sets of private keys (hop count row that produce with randomizer make up);
Compound key generates: KMC utilizes randomizer to generate private key (ask) at random, and by the scalar multiplication computing generation at random PKI (APK) corresponding with it, to identify private key (generating mode see sign private key generate) and the compound private key of the mutually compound generation of private key at random, with the sign private key PKI is at random done digital signature (sign1), and compound private key is write user key device in the lump together with the PKI at random through digital signature.
For realizing cross-domain authentication, namely the user of different trust domain (management domain) holds the key devices that KMC separately provides and can login same application server, need do following configuration to system:
A) definition seed PKI identification mark in the private key for user structure is so that can identify and select corresponding seed PKI automatically when calculating the sign PKI;
B) make up the seed public key sets according to consolidation form, wherein comprise the related seed PKI of all cross-domain authentications;
C) attack for preventing from replacing, digital signature is done to the seed public key sets by unit or the department that need have public credibility;
D) the seed public key sets is installed be configured to server and client.
Referring to Fig. 4, the single-point logging method of this example comprises the steps:
1) user is connected user key equipment with user end computer;
When 2) user passed through the login page of user end computer access server, server end generated a random string and also returns user side;
3) after user side received the random string that server end returns, the prompting user imported PIN code and opens user key device, and after the input PIN code, user key device is unlocked, and before pulling up, it is in opening always; To be attached to random string the current time and constitute new character strings, utilize the summary data of hash function calculation new character strings, and then summary data be sent into user key equipment and carried out digital signature;
4) after user key equipment was finished digital signature, user side was with digital signature data, signature time, signer sign, signer place matrix sign, PKI, sign private key are packaged as signature packet to public key signature at random at random, and server end is given in loopback;
5) server end extracts signer sign and place trust domain sign from signature packet, calculate user's sign PKI by the seed PKI of trust domain under this user, use the sign public key verifications authenticity of PKI at random earlier, to identify PKI again and calculate composite public key with PKI at random, utilize composite public key that the digital signature information in the signature packet is verified, if the verification passes, the legitimacy and the user profile that then prove user identity are not distorted in transport process, referring to Fig. 3, the computational methods of above-mentioned PKI are as follows:
The sign PKI calculates: go out the hash value H (ID) of sign with the hash function calculation, make up with H (ID) and choose ordered series of numbers, choose and identify PKI (IPK) through the generation of elliptic curve point processing from seed public key sets (the seed private key generates through the elliptic curve point processing);
Composite public key calculates: at first calculate the sign PKI with said method, the digital signature of the random key that provides with sign public key verifications the other side, the sign PKI that then will calculate if the verification passes with verify that the PKI at random that passes through is mutually compound, the generation composite public key.
6) will sign time and current server time compares, as occur overtime, judge that then signature lost efficacy, as do not occur overtimely that then checking is passed through, login successfully, insert user authority management system, whether inquiry exists this user, if any, then the user right of Huo Deing is permitted user's access authorization resource;
When 7) user logins other server, user side calculates summary data together with random string and current time that this server returns, again summary data is sent into user key equipment and is carried out digital signature, and automatically perform step 4-6), need not to re-enter PIN code.
Above-mentioned steps 4,5) used CPK composite public key algorithm to carry out signature verification in, in addition, also can use CPK Conbined public or double key algorithm to carry out signature verification, when using CPK Conbined public or double key algorithm, user side is packaged as digital signature data, signature time, signer sign, signer place trust domain sign signature packet and gets final product in the step 4), in the step 5), use the sign PKI that user's signature is verified.
Step 3-5) digital signature and indentification protocol are as follows in:
The CPK digital signature protocol ECDSA signature agreement of adopting international standards in conjunction with the characteristics of TF-CPK, needs disclosed parameter to have:
(1) five of elliptic curve group yuan of parameter group (a, b, G, n, p)
(2) message digest function h
(3) seed public key sets (P 0, P 1...,
Figure BSA00000240113500081
)
(4) the sign ID that sends of signer A and follow PKI APK A
(5) tagged keys of signer A is to following PKI APK ASignature sign1
1. signature agreement
Signature algorithm is that signed data are calculated digital digest earlier, and recycling CPK combination private key is encrypted summary, output signature value.Its Digital Signature Algorithm is described below:
(1) picked at random k ∈ Zn;
(2) calculate kG=(x, y) (elliptic curve group scalar multiplication);
(3) calculate r=x mod n;
(4) calculate S=k -1(h (m)+csk AR) mod n;
(5) A is with m and signature (r, S, sign1, APK A) issue B.
2. indentification protocol
B receives signed message m and signature (r, S, sign1, the APK that A sends A), utilize TF-CPK digital signature authentication agreement to verify that its algorithm is as follows:
(1) chooses ordered series of numbers with the sign generation of A, the seed public key sets is chosen and made up, generate sign PKI IPK A
(2) with sign PKI IPK AWith tagged keys to following PKI APK ASignature sign1 verify, the checking by the expression APK ABe authentic and valid, changed for the 3rd step over to; Otherwise PKI APK is followed in expression ADistorted, authentication failed withdraws from the checking flow process;
(3) calculate CPK A=IPK A+ APK A(elliptic curve point add operation);
(4) calculate u 1=h (m) S -1Mod n;
u 2=r·S -1?mod?n;
(5) calculate R=u 1G+u 2CPK A(elliptic curve point add operation);
Note R=(x ', y ');
(6) calculate v=x ' mod n, if v=r then verifies pass through, signature is effective, otherwise it is invalid to sign.
The above only preferably is not limited to the present invention for of the present invention, and obviously, those skilled in the art can carry out various changes and modification and not break away from the spirit and scope of the present invention the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (9)

1. single-node login system, it is characterized in that: the login authentication module that comprises user key equipment and be arranged at server end, store sign private key or compound private key in the described user key equipment, store the seed public key sets in server end and the user side, user key equipment when access server and the login authentication module of server end carry out interactive authentication by CPK Conbined public or double key algorithm or composite public key algorithm, described sign private key and compound private key production method are as follows:
Described sign private key generates: to user ID, go out the hash value H (ID) of sign with the hash function calculation, choose ordered series of numbers with H (ID) structure, from the seed sets of private keys that the hop count row that produce with randomizer make up, choose and through combinatorial operation generation user ID private key isk, should identify private key and write user key equipment and server authentication module;
Described compound private key generates: KMC utilizes randomizer to generate private key ask at random, and by the elliptic curve ECC scalar multiplication computing generation at random PKI APK corresponding with it, to identify private key and the compound private key of the mutually compound generation of private key at random, with the sign private key PKI at random is digital signature sign1, and compound private key is write user key device and server authentication module in the lump together with the PKI at random through digital signature.
2. single-node login system as claimed in claim 1 is characterized in that: in the interactive authentication process, user side sends the user's signature packets of information to server end, comprises seed PKI identification mark in the described user's signature packets of information.
3. single-node login system as claimed in claim 1 or 2 is characterized in that: described user key equipment was opened during the access server end in the first time, closed when being connected up to disconnecting with user end computer.
4. single-node login system as claimed in claim 3, it is characterized in that: described user key equipment is USB device or the IC-card that comprises the CPK chip.
5. single-point logging method is characterized in that: comprise the steps:
1) user is connected user key equipment with user end computer;
When 2) user was by the user end computer access server, server end generated a random string and returns user side;
3) after user side receives the random string that server end returns, open user key equipment, this random string and current time are calculated summary data together, summary data is sent into user key equipment carry out digital signature;
4) after user key equipment was finished digital signature, user side was packaged as signature packet with digital signature data, signature time, signer sign, signer place trust domain sign, and server end is given in loopback;
5) server end extracts signer sign and place trust domain sign from signature packet, calculate user's sign PKI by the seed PKI of trust domain under this user side, digital signature information in the signature packet is verified, if the verification passes, then carried out next step;
6) server end allows user's login.
6. single-point logging method as claimed in claim 5, it is characterized in that: in the described step 4), user side will be at random PKI, sign private key to signature, digital signature, signature time, signer sign, the signer place trust domain sign of PKI are packaged as signature packet together at random;
In the step 5), use earlier the sign public key verifications authenticity of PKI at random, will identify again PKI and at random PKI calculate composite public key, utilize composite public key that the digital signature information in the signature packet is verified.
7. as claim 5 or 6 described single-point logging methods, it is characterized in that: also comprise the steps: before the step 6) after the step 5)
61) will sign time and current server time compares, as occurs overtimely, judges that then signature lost efficacy, as does not occur overtimely, and then checking is passed through, and carries out next step.
8. single-point logging method as claimed in claim 7 is characterized in that: also comprise the steps:
When 7) user logined other server, the random string that user side returns this server and current time calculated together and send into user key equipment behind the summary data and carry out digital signature, and automatically perform step 4)-6).
9. single-point logging method as claimed in claim 5 is characterized in that: with after user end computer is connected, during access server, need import PIN code when opening user key equipment in the step 3) at user key equipment for the first time.
CN 201010260488 2010-08-24 2010-08-24 Single-point login system and single-point login method Active CN101938473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201010260488 CN101938473B (en) 2010-08-24 2010-08-24 Single-point login system and single-point login method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201010260488 CN101938473B (en) 2010-08-24 2010-08-24 Single-point login system and single-point login method

Publications (2)

Publication Number Publication Date
CN101938473A CN101938473A (en) 2011-01-05
CN101938473B true CN101938473B (en) 2013-09-11

Family

ID=43391603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201010260488 Active CN101938473B (en) 2010-08-24 2010-08-24 Single-point login system and single-point login method

Country Status (1)

Country Link
CN (1) CN101938473B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102170356B (en) * 2011-05-10 2013-12-04 北京联合智华微电子科技有限公司 Authentication system realizing method supporting exclusive control of digital signature key
CN102170357B (en) * 2011-05-31 2013-09-25 北京虎符科技有限公司 Combined secret key dynamic security management system
CN102263784A (en) * 2011-06-16 2011-11-30 中兴通讯股份有限公司 SSO (signal sign on) method and system
CN102664882A (en) * 2012-04-16 2012-09-12 华为软件技术有限公司 Time recording method, and associated equipment and system
CN104348791B (en) * 2013-07-30 2017-12-01 北京神州泰岳软件股份有限公司 A kind of single-point logging method and system
CN104580063A (en) * 2013-10-10 2015-04-29 中兴通讯股份有限公司 A network management security authentication method and device, and network management security authentication system
CN103905207B (en) * 2014-04-23 2017-02-01 福建联迪商用设备有限公司 Method and system for unifying APK signature
CN104901932A (en) * 2014-07-30 2015-09-09 易兴旺 Secure login method based on CPK (Combined Public Key Cryptosystem) identity authentication technology
CN104902471B (en) * 2015-06-01 2018-12-14 东南大学 The key of identity-based exchanges design method in wireless sensor network
CN105282239A (en) * 2015-09-17 2016-01-27 浪潮(北京)电子信息产业有限公司 Encryption method and system based on Web Service
CN106790135B (en) * 2016-12-27 2020-04-28 Tcl集团股份有限公司 Data encryption method and system based on cloud and communication equipment
CN107070917B (en) * 2017-04-14 2020-04-10 天地融科技股份有限公司 Network application login method and system
CN108521429A (en) * 2018-04-20 2018-09-11 黄绍进 A kind of the Internet, applications access method and device of anonymity
CN109005029B (en) * 2018-06-25 2019-08-16 北京迪曼森科技有限公司 Trusted application mark generation method and system, application method and apply end equipment
CN108881243B (en) * 2018-06-26 2021-02-23 晋商博创(北京)科技有限公司 Linux operating system login authentication method, equipment, terminal and server based on CPK
CN109347857A (en) * 2018-11-14 2019-02-15 天津市国瑞数码安全系统股份有限公司 A kind of general inter-network authentication method based on mark
CN109274694A (en) * 2018-11-14 2019-01-25 天津市国瑞数码安全系统股份有限公司 A kind of general cross-domain authentication method based on mark
CN110278086A (en) * 2019-06-24 2019-09-24 晋商博创(北京)科技有限公司 Compatibility method, device, terminal, system and storage medium based on CPK and PKI
CN111526023B (en) * 2020-04-27 2022-06-14 南京讯石数据科技有限公司 Block chain uplink data security authentication method and system based on IPK
CN115086090A (en) * 2022-08-23 2022-09-20 远江盛邦(北京)网络安全科技股份有限公司 Network login authentication method and device based on UKey

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
CN101340282A (en) * 2008-05-28 2009-01-07 北京易恒信认证科技有限公司 Generation method of composite public key
CN101420300A (en) * 2008-05-28 2009-04-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044379A1 (en) * 2003-08-20 2005-02-24 International Business Machines Corporation Blind exchange of keys using an open protocol

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1547343A (en) * 2003-12-17 2004-11-17 上海市高级人民法院 A Single Sign On method based on digital certificate
CN101340282A (en) * 2008-05-28 2009-01-07 北京易恒信认证科技有限公司 Generation method of composite public key
CN101420300A (en) * 2008-05-28 2009-04-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method

Also Published As

Publication number Publication date
CN101938473A (en) 2011-01-05

Similar Documents

Publication Publication Date Title
CN101938473B (en) Single-point login system and single-point login method
CN109922077B (en) Identity authentication method and system based on block chain
US9191375B2 (en) System and method for accessing integrated applications in a single sign-on enabled enterprise solution
CN102647461B (en) Communication means based on HTTP, server, terminal
US9172541B2 (en) System and method for pool-based identity generation and use for service access
CN101674304B (en) Network identity authentication system and method
CN102377788B (en) Single sign-on (SSO) system and single sign-on (SSO) method
US8984295B2 (en) Secure access to electronic devices
US20160248752A1 (en) Multi factor user authentication on multiple devices
CN101741843B (en) Method, device and system for realizing user authentication by utilizing public key infrastructure
CN104394172A (en) Single sign-on device and method
CN101989984A (en) Electronic document safe sharing system and method thereof
CN103188248A (en) Identity authentication system and method based on single sign-on
CN109359464B (en) Wireless security authentication method based on block chain technology
CN109728903B (en) Block chain weak center password authorization method using attribute password
CN102025503B (en) Data security implementation method in cluster environment and high-security cluster
CN103856468A (en) Authentication system and method
CN103685187A (en) Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control
CN109981287A (en) A kind of code signature method and its storage medium
Al-Janabi et al. Development of certificate authority services for web applications
CN105791294B (en) Method for realizing user data integrity and confidentiality
CN103716280A (en) Data transmission method, server and system
CN106533681B (en) A kind of attribute method of proof and system that support section is shown
CN113014394B (en) Electronic data certification method and system based on alliance chain
CN109495458A (en) A kind of method, system and the associated component of data transmission

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant