CN102761520B - Method and system for processing authentication information - Google Patents
Method and system for processing authentication information Download PDFInfo
- Publication number
- CN102761520B CN102761520B CN201110104879.0A CN201110104879A CN102761520B CN 102761520 B CN102761520 B CN 102761520B CN 201110104879 A CN201110104879 A CN 201110104879A CN 102761520 B CN102761520 B CN 102761520B
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- node
- authentication information
- rotational order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a technology for processing authentication information, and the technology can cycle authentication information between a plurality of authentication nodes, thereby disenabling hackers to acquire the authentication information permanently. Specifically, the invention provides a method for processing the authentication information, wherein the authentication information is stored in the first authentication node. The method comprises the steps as follows: determining the cycling sequence of the authentication information, determining the cycling triggering condition of the authentication information, responding if the cycling triggering condition holds, and sending at least one part of the authentication information to the second authentication node so that the second authentication node processes authentication requests related to the authentication information according to the cycling sequence.
Description
Technical field
Present invention relates in general to the method and system that data are processed, the present invention relates to the method and system that authentication information is processed especially.
Background technology
Authentication techniques are in order to determine whether some users or other entity are allowed to access specific system or resource, and authentication techniques have been widely used in various computer application.Authentication mode based on password is a kind of modal technology.In password authentication, transmission one is comprised the logging request of user account and password by user, this logging request is forwarded to authentication node (Authentication Node) by server end, carries out certification by authentication node according to the authentication information that node stores to the authentication information in logging request.
In prior art, authentication information (Authentication Information) is often stored on one or more fixing authentication node.The fail safe of the Verification System of an authentication node is only had to be poor, because this authentication node is than being easier to the target becoming assault.Lightweight Directory Access Protocol, namely Lightweight DirectoryAccess Protocol (LDAP) is the agreement of access line directory service.Distributed LDAP system has been widely used in field of authentication thus has allowed multiple authentication node to be interconnected composition certification bunch (cluster).For performance optimization and the standby consideration of calamity, authentication information will be distributed on multiple authentication node.If such as there are 100 employees in a company, employee is number from No.1-No.100.The authentication information that user logs in company's internal network is distributed on 5 authentication nodes.In order to make logging request obtain in time response, and being against any misfortune or loss of data that mechanical disorder is brought, the authentication information of these 100 employees can being stored in a redundant way on 5 authentication nodes, authentication information distribution results is see table 1 below:
table 1
As shown in Table 1, the authentication information of every employee is stored on two different authentication nodes.
Summary of the invention
The present inventor finds, in prior art, every part of authentication information is stored on one or more authentication node, but authentication information is once be stored on this portion or many parts of authentication nodes and would not be updated again, but be stored on original authentication node always.Therefore the mode of this fixing authentication storage information brings certain potential safety hazard, breaks through this one or more authentication node just can obtain corresponding authentication information once hacker (hacker).If the authentication information of the internal web site of company is centrally stored on an authentication node, as long as so hacker breaks through the authentication information that this authentication node just forever can obtain all employees.Be stored on multiple authentication nodes of multiple country if the authentication information of the internal web site of company is distributed formula, so hacker can by attacking the on-site authentication node in corporate HQ thus the authentication information of permanent acquisition Top Management.That is, the mode of fixing authentication storage information makes hacker have more possibility to obtain and forever uses the authentication information obtained.
In order to solve the problem, the present invention proposes a kind of authentication information treatment technology, this technology can make authentication information between multiple authentication node, carry out wheel to turn, thus hacker is had no idea permanent certified Information.
Specifically, the invention provides a kind of method that authentication information is processed, wherein said authentication information is stored on the first authentication node, described method comprises: the rotational order determining described authentication information, determine that the wheel of described authentication information turns trigger condition, and in response to described take turns turn trigger condition set up, according to described rotational order send described authentication information at least partially to the second authentication node.
The present invention also provides a kind of system processed authentication information, wherein said authentication information is stored on the first authentication node, described system comprises: rotational order determining device, be configured to the rotational order determining described authentication information, wheel turns trigger condition determining device, be configured to determine that the wheel of described authentication information turns trigger condition, and dispensing device, be configured in response to described take turns turn trigger condition set up according to described rotational order send described authentication information at least partially to the second authentication node.
According to one aspect of the present invention, described authentication information comprises accounts information and authentication module information, wherein said rotational order comprises the rotational order of accounts information and the rotational order of authentication module information, and describedly send comprising to the second authentication node at least partially of described authentication information according to described rotational order: according to the rotational order of accounts information, described accounts information is sent to described second authentication node, described method comprises further, according to the rotational order of authentication module information, described authentication module information is sent to the 3rd authentication node.
According to one aspect of the present invention, comprise timestamp information in described authentication information to show the valid period of described authentication information.
Accompanying drawing explanation
Accompanying drawing referenced in this explanation, only for example exemplary embodiments of the present invention, should not be considered as and limits the scope of the present invention.Fig. 1 shows the block diagram of the exemplary computer system be suitable for for realizing one embodiment of the present invention.Fig. 2 shows authentication information process flow figure of the present invention.Fig. 3 shows the flow chart of the rotational order of the determination authentication information according to a kind of embodiment of the present invention.Fig. 4 A shows the authentication information schematic diagram according to one embodiment of the present of invention.Fig. 4 B shows the authentication information schematic diagram according to an alternative embodiment of the invention.Fig. 5 shows the flow chart of sending authentication request according to one embodiment of the present of invention.Fig. 6 shows the flow chart of sending authentication request according to an alternative embodiment of the invention.Fig. 7 shows the flow chart of the process authentication request according to one embodiment of the present of invention.Verification System schematic diagram before Fig. 8 A shows and turns according to the authentication information wheel of one embodiment of the present of invention.Verification System schematic diagram after Fig. 8 B shows and turns according to the authentication information wheel of one embodiment of the present of invention.Verification System schematic diagram before Fig. 9 A shows and turns according to the authentication information wheel of an alternative embodiment of the invention.Verification System schematic diagram after Fig. 9 B shows and turns according to the authentication information wheel of an alternative embodiment of the invention.Figure 10 shows authentication information treatment system flow chart of the present invention.
Embodiment
Term used herein, is only used to describe specific embodiment, and is not intended to limit the present invention." one " and " being somebody's turn to do " of singulative used herein, is intended to also comprise plural form, unless pointed out separately clearly in context.Also to know, " comprise " word when using in this manual, feature pointed by existing, entirety, step, operation, unit and/or assembly are described, but do not get rid of and exist or increase one or more further feature, entirety, step, operation, unit and/or assembly, and/or their combination.
The equivalent replacement of the counter structure in claim, material, device (means) that operation and all functions limit or step, be intended to comprise any for other unit specifically noted in the claims combined perform the structure of this function, material or operation.The given description of this invention its object is to signal and describes, and being not exhaustive, is also not the present invention will be limited to stated form.For person of an ordinary skill in the technical field, when not departing from the scope of the invention and spirit, obviously can make many amendments and modification.To selection and the explanation of embodiment, be to explain principle of the present invention and practical application best, person of an ordinary skill in the technical field is understood, the present invention can have the various execution modes with various change of applicable desired special-purpose.
Person of ordinary skill in the field knows, many aspects of the present invention can be presented as system, method or computer program.Therefore, many aspects of the present invention can be implemented as following form, that is, can be hardware, completely software (comprising firmware, resident software, microcode etc.) or be commonly referred to as " circuit ", " module " or the software section of " system " and the combination of hardware components herein completely.In addition, many aspects of the present invention can also take the form of the computer program be embodied in one or more computer-readable medium, comprise in this computer-readable medium computer can procedure code.
Any combination of one or more computer-readable medium can be used.Computer-readable medium can be computer-readable signal media or computer-readable recording medium.Computer-readable recording medium such as may be-but not limited to-electricity, magnetic, light, electromagnetism, the system of ultrared or semiconductor, device, device or any above combination.The example more specifically (non exhaustive list) of computer-readable recording medium comprises following: have the electrical connection of one or more wire, portable computer diskette, hard disk, random access memory (RAM), read-only memory (ROM), erasable type programmable read only memory (EPROM or flash memory), optical fiber, Portable, compact disk read-only memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any suitable combination.In the linguistic context of presents, computer-readable recording medium can be any comprising or stored program tangible medium, and this program is used by instruction execution system, device or device or is combined with it.
Computer-readable signal media can comprise in a base band or propagate as a carrier wave part, the data-signal of the propagation that wherein embodies computer-readable procedure code.The signal of this propagation can adopt various ways, comprises---but being not limited to---electromagnetic signal, light signal or any above suitable combination.But computer-readable signal media can be not for computer-readable recording medium can send, propagates or transmit any computer-readable medium for the program used by instruction execution system, device or device or be combined with it.The program code that computer-readable medium comprises can with any suitable medium transmission, comprises that---but being not limited to---is wireless, electric wire, optical cable, RF etc., or any suitable combinations thereof.
The program code that computer-readable medium comprises can with any suitable medium transmission, comprises that---but being not limited to---is wireless, electric wire, optical cable, RF etc., or any suitable combinations thereof.
For performing the computer program code of operation of the present invention, can write with any combination of one or more programming languages, described programming language comprises object oriented program language-such as Java, Smalltalk, C++ and so on, also comprises conventional process type programming language-such as " C " programming language or similar programming language.Procedure code can fully in the calculating of user perform, partly on the computer of user perform, as one independently software kit perform, part perform on the remote computer in the computer upper part of user or perform on remote computer or server completely.In rear a kind of situation, remote computer can by the network of any kind---comprise the computer of local area network (LAN) (LAN) or wide area network (WAN)-be connected to user, or, (can such as utilize ISP to pass through internet) and be connected to outer computer.
Referring to according to the flow chart of the method for the embodiment of the present invention, device (system) and computer program and/or block diagram, many aspects of the present invention are described.It is clear that the combination of each square frame in each square frame of flow chart and/or block diagram and flow chart and/or block diagram, can be realized by computer program instructions.These computer program instructions can be supplied to the processor of all-purpose computer, special-purpose computer or other programmable data processing unit, thus produce a kind of machine, make these instructions performed by computer or other programmable data processing unit, produce the device of the function/operation specified in the square frame in realization flow figure and/or block diagram.
Also these computer program instructions can be stored in can in the computer-readable medium that works in a specific way of instructs computer or other programmable data processing unit, like this, the instruction be stored in computer-readable medium produces the manufacture of the command device (instructionmeans) of the function/operation specified in a square frame comprising in realization flow figure and/or block diagram.
Also can computer program instructions be loaded on computer or other programmable data processing unit, make to perform sequence of operations step on computer or other programmable data processing unit, to produce computer implemented process, thus the instruction performed on computer or other programmable device just provides the process of the function/operation specified in the square frame in realization flow figure and/or block diagram.
Flow chart in accompanying drawing of the present invention and block diagram, illustrate according to the architectural framework in the cards of the system of various embodiments of the invention, method and computer program product, function and operation.In this, each square frame in flow chart or block diagram can represent a part for module, program segment or a code, and a part for described module, program segment or code comprises one or more executable instruction for realizing the logic function specified.Also it should be noted that at some as in the realization of replacing, the function marked in square frame also can be different from occurring in sequence of marking in accompanying drawing.Such as, in fact the square frame that two adjoining lands represent can perform substantially concurrently, and they also can perform by contrary order sometimes, and this determines according to involved function.Also it should be noted that, the combination of the square frame in each square frame in block diagram and/or flow chart and block diagram and/or flow chart, can realize by the special hardware based system of the function put rules into practice or operation, or can realize with the combination of specialized hardware and computer instruction.
Fig. 1 shows the block diagram of the exemplary computer system be suitable for for realizing one embodiment of the present invention.As shown, computer system 100 can comprise: CPU (CPU) 101, RAM (random access memory) 102, ROM (read-only memory) 103, system bus 104, hard disk controller 105, keyboard controller 106, serial interface controller 107, parallel interface controller 108, display controller 109, hard disk 110, keyboard 111, serial peripheral equipment 112, concurrent peripheral equipment 113 and display 114.In such devices, what be coupled with system bus 104 has CPU 101, RAM 102, ROM103, hard disk controller 105, keyboard controller 106, serialization controller 107, parallel controller 108 and display controller 109.Hard disk 110 is coupled with hard disk controller 105, keyboard 111 is coupled with keyboard controller 106, serial peripheral equipment 112 is coupled with serial interface controller 107, and concurrent peripheral equipment 113 is coupled with parallel interface controller 108, and display 114 is coupled with display controller 109.Should be appreciated that the structured flowchart described in Fig. 1 illustrates just to the object of example, instead of limitation of the scope of the invention.In some cases, can increase or reduce some equipment as the case may be.
Fig. 2 shows authentication information process flow figure of the present invention.Authentication information in authentication information processing method shown in Fig. 2 is stored on the first authentication node.According to a kind of embodiment of the present invention, described authentication information comprises accounts information, such as account ID, personal identity number PIN etc., described account ID can be any account ID such as user name, email, license plate number, and described identifier can be any identifier such as password, ID card No..Fig. 4 A shows the authentication information schematic diagram according to one embodiment of the present of invention, and in this schematic diagram, authentication information comprises accounts information Acc A.If described accounts information stores with list mode, can be as shown in table 1 below:
Table 1
| ID | PIN |
| James | XXXXXX |
| Thomas | XXXXXX |
| ...... | ...... |
According to another kind of embodiment of the present invention, described authentication information comprises accounts information (Account Information) and authentication module information (AuthenticationModule Information).Fig. 4 B shows the authentication information schematic diagram according to an alternative embodiment of the invention, and in this schematic diagram, authentication information comprises accounts information Acc A and authentication module information Mod A.Described accounts information also comprises authentication module label (Authentication Module Tag) further except comprising the information such as ID and PIN.Described authentication module packets of information is containing authentication module label and cryptographic algorithm.Described authentication module label is as the bridge connecting accounts information and cryptographic algorithm.The affiliated technical staff of this area understands, and in general, PIN leaves on authentication node with encrypted test mode, and ID leaves on authentication node with encrypted test mode, also can be leave on authentication node with clear-text way.Described plaintext is realized to the conversion of ciphertext by described cryptographic algorithm.Different accounts informations can be suitable for unified cryptographic algorithm, also can be suitable for different cryptographic algorithm.If different accounts informations is suitable for unified cryptographic algorithm, then do not need authentication storage module tag on authentication node.If different accounts informations is suitable for different cryptographic algorithm, then need to distinguish different cryptographic algorithm in authentication information, fairly simple embodiment is the authentication module label that storage accounts ID is corresponding in authentication node, to identify corresponding cryptographic algorithm.Suppose there are two kinds of cryptographic algorithm, represent the first cryptographic algorithm applicable with Tag=0, represent applicable the second cryptographic algorithm with Tag=1, then accounts information can be as shown in table 2 below in the present embodiment:
Table 2
| ID | PIN | Tag |
| James | XXXXXX | 0 |
| Thomas | XXXXXX | 1 |
| ...... | ...... | ...... |
Authentication module information can be as shown in table 3 below in the present embodiment:
Table 3
| Tag | Cryptographic algorithm |
| 0 | The first cryptographic algorithm |
| 1 | The second cryptographic algorithm |
By table 2 and table 3 just can determine an account the cryptographic algorithm that is suitable for.
As a distortion of above-described embodiment, the quantity that can set Tag is greater than the quantity of cryptographic algorithm, can increase the fail safe of system like this, even if make an authentication node attack by hacker, this hacker is also difficult to infer to use which cryptographic algorithm.Accounts information can be as shown in table 4 below, and authentication module information can be as shown in table 5 below:
Table 4
Table 5
| ID | PIN | Tag |
| James | XXXXXX | 0 |
| Thomas | XXXXXX | 1 |
| Anna | XXXXXX | 2 |
| Rose | XXXXXX | 3 |
| Marry | XXXXXX | 4 |
| ...... | ...... | ...... |
| Tag | Cryptographic algorithm |
| 0、2、4 | The first cryptographic algorithm |
| 1、3 | The second cryptographic algorithm |
Can be similar by the mechanism disperseing to be stored in different node from accounts information, authentication module information also can be stored on different authentication nodes by dispersion.
The storage format of the present invention to authentication information is not particularly limited.It can be text-only file (such as CVS file), database, list or directory tree (as LDAP and NIS (Network Information Service) directory tree etc.).
Get back to Fig. 1, determine the rotational order of described authentication information in step 201.Described rotational order at least describes an authentication node and which authentication node will send the authentication information that it stores to.According to one embodiment of the present of invention, described rotational order is determined before wheel turns temporarily (such as wheel turns the previous day or wheel turns previous hour).Hacker determines that rotational order can increase the fail safe of system, because cannot judge where the authentication information on a certain node will be forwarded to by wheel temporarily.
According to an alternative embodiment of the invention, described rotational order just determines in certain hour before wheel turns (such as wheel turns the last week, one month, even last wheel just determines the rotational order that next next round turns after turning).In such an embodiment, because in advance a period of time just determines rotational order, therefore save and turn advance row rotational order at wheel and determine brought expense.
If described authentication information comprises accounts information and authentication module information, then described rotational order may further include the rotational order of accounts information and the rotational order of authentication module information.The rotational order of described accounts information and the rotational order of authentication module information can be the same or different.When the rotational order of accounts information is different from the rotational order of authentication module information, described accounts information take turns that the authentication node that forwards to can to take turns the authentication node forwarded to different from described authentication module information, such as described accounts information can be sent to the second authentication node and described authentication module information is sent to the 3rd authentication node.
Determine that the wheel of described authentication information turns trigger condition in step 203.Described wheel turns trigger condition and describes wheel and when turn or start under what conditions to carry out.From macroscopically (general perspective), describedly take turns that to turn trigger condition also can be able to be Dynamic trigger condition for static trigger condition.Static trigger condition can be reach predetermined time (after such as three months), and the wheel namely carrying out an authentication information every cycle predetermined time turns.According to the cycle (being such as three months) that cycle predetermined time described in a kind of embodiment of the present invention can be fixing always.According to another kind of embodiment of the present invention, the described special time cycle can constantly be adjusted (such as the first next round turns and the second next round turns interval three months, and the second next round turns and third time take turns turn interval two months).Adopt the management cost of static trigger condition lower, as long as ensure that the wheel that clock accurate stable on each authentication node just can carry out authentication information according to static trigger condition turns.
In another kind of embodiment, describedly take turns that to turn trigger condition be Dynamic trigger condition.Such as can turn by the wheel of triggering authentication information when a certain authentication node is subject to assault.For another example system manager can as the case may be at any time the wheel of triggering authentication information turn.In addition, if a certain authentication node is accessed frequently, so also can the wheel of triggering authentication information turn when the access times of this authentication node reach some time.Further, turn if authentication node does not repeatedly participate in wheel owing to being always in busy (busy) state, so this authentication node also can the wheel of triggering authentication information voluntarily turn.The present invention can also comprise other Dynamic trigger condition.And the Dynamic trigger condition in the present invention can use with static trigger condition simultaneously.Such as static trigger condition is that every three months wheel turns once, and a certain authentication node is owing to being subject to assault, turns with regard to the wheel triggering authentication information in the some day of second month.
From microcosmic, described take turns turn trigger condition be included in node idle time start authentication information wheel and turn.Such as, at night, authentication node can not be accessed frequently usually, then the wheel carrying out authentication information at night can be selected to turn.Or such as a certain authentication node turns the moment in predetermined wheel and is still in busy state, then can skip over this node and not make it participate in wheel and turn over journey.Also such as, the busy state of each authentication node can be inquired before the wheel of agreement turns time arrival, if there is a node to be in busy state, then postpones wheel and turn the time started, until all authentication nodes are all in idle condition.
In step 205, turn trigger condition in response to wheel to set up, send described authentication information at least partially according to described rotational order, such as the authentication information that it stores is sent to the second authentication node with by the second authentication node process authentication request relevant with described authentication information by the first authentication node.
In Fig. 2, the order of step 201 and step 203 is not fixing, both can first carry out step 201 and carry out step 203 again, can first carry out step 203 yet and carry out step 201 again, or parallel carries out step 201 and 203.
Fig. 3 shows the flow chart of the rotational order of the determination authentication information according to a kind of embodiment of the present invention.Fig. 3 is further describing step 201 in Fig. 2.A random number is produced in step 301 by each authentication node.In step 303 according to produced random number determination command node (Commander Node).In step 305 by command node determination rotational order.
The process of the rotational order confirming authentication information is described below in conjunction with Fig. 8 A, Fig. 8 B.
Verification System schematic diagram before Fig. 8 A shows and turns according to the authentication information wheel of one embodiment of the present of invention.In the Verification System shown in Fig. 8 A, have five authentication nodes, be respectively Node 1-Node 5.In this embodiment, suppose that the cryptographic algorithm of each authentication information is all identical, the authentication information therefore authentication node stored only comprises accounts information and does not comprise authentication module information.In this embodiment, suppose to store authentication information Acc A in current Node 1, store authentication information Acc B in Node 2, in Node 4, store authentication information Acc C.
Produce the random number between 0 to 99 by each authentication node in step 301, each authentication node produces the result of random number as shown in Table 6 below:
Table 6
| Node 1 | Node 2 | Node 3 | Node 4 | Node 5 |
| 1 | 50 | 79 | 44 | 32 |
In step 303, by random number determination command node that each certification produces.Node that such as can be maximum using the random number produced is as command node.The random number that in table 6, Node 3 produces is maximum, so Node 3 becomes command node.
Next, rotational order is determined by command node Node 3 in step 305.Node 3 can generate an integer sequence be made up of digital 1-5 temporarily, such as 5->3->4->1-Gre atT.GreaT.GT2->5.This integer sequence describes next round and takes turns the rotational order turned in journey, if namely Node 5 has authentication information, then sends to Node 3; If Node 3 has authentication information, then send to Node 4; If Node 4 has authentication information, then send to Node 1; If Node 1 has authentication information, then send to Node 2; If Node 2 has authentication information, then send to Node 5.Can judge according to above-mentioned rule, the Acc A in Fig. 8 A will send to Node 2; Acc B will send to Node 5; Acc C will send to Node 1.Verification System schematic diagram after Fig. 8 B shows and turns according to the authentication information wheel of one embodiment of the present of invention.After wheel turns, authentication information is stored by new authentication node, and the authentication request relevant to described authentication information also processes by new authentication node.Rotational order in the present invention both can refer to send the order of the authentication information it to another authentication node from an authentication node, as 5->3, also the rotational order of the authentication information between multiple authentication node can be referred to, as 5->3->4->1-Gre atT.GreaT.GT2->5.
According to another kind of embodiment of the present invention, do not need setting command node.First produce a random number by each authentication node, such as reference table 6.Then according to the size order producing random number, determine rotational order, such as 3->2->4->5-Gre atT.GreaT.GT1, if Node 3 has authentication information, then send to Node 2; If Node 2 has authentication information, then send to Node 4; If Node 4 has authentication information, then send to Node 5; If Node 5 has authentication information, then send to Node 1; If Node 1 has authentication information, then can send to Node 3.
According to another embodiment of the present invention, do not need setting command node.First produce a random number by each authentication node, then modulo operation is carried out to produced random number, according to the size order determination rotational order of the remainder after modulo operation.
According to also a kind of embodiment of the present invention, by initiatively initiate authentication information take turns turn authentication node produce a random sequence, as this random sequence is made up of (such as 31245) 1-5 five numerals, then according to produce random sequence determination rotational order be 3->1->2->4-Gre atT.GreaT.GT5->3.The determination that determination and the wheel of the rotational order as can be seen here in the present invention turn trigger condition may be related, turns trigger condition, may have different rotational order producing methods for different wheels.On this section in this example, described when taking turns that to turn trigger condition be Dynamic trigger condition, therefore dynamically can determine rotational order by some authentication nodes.
The present invention is not limited to the producing method of the above-mentioned rotational order enumerated, but can be expanded into the producing method of more rotational order.Reduced further by the possibility that hacker obtains to make the rotational order produced, can by the described rotational order of random number determination authentication information, described random number can be the random sequence produced by an authentication node, also can be the random number produced by multiple node.
Verification System schematic diagram before Fig. 9 A shows and turns according to the authentication information wheel of an alternative embodiment of the invention.In the embodiment shown in Fig. 9 A, accounts information in authentication information and corresponding authentication module information before wheel turns be stored in same authentication node (accounts information Acc A and authentication module information Mod A is stored in authentication node Node1, accounts information Acc B and authentication module information Mod B is stored in authentication node Node 2, accounts information Acc C and authentication module information Mod C is stored in authentication node Node 4), and wheel turn after, accounts information is stored in different authentication nodes from corresponding authentication module information.Verification System schematic diagram after Fig. 9 B shows and turns according to the authentication information wheel of an alternative embodiment of the invention.In the embodiment shown in Fig. 9 B, accounts information Acc C and authentication module information Mod A is stored in authentication node Node 1, accounts information Acc A is stored in authentication node Node 2, authentication module information Mod B is stored in authentication node Node 3, store authentication module information Mod C in authentication node Node 4, in authentication node Node 5, store accounts information Acc B.
Mention above, if different accounts informations is suitable for different cryptographic algorithm, then need to distinguish different cryptographic algorithm in authentication information, a kind of fairly simple embodiment is the authentication module label that storage accounts is corresponding in authentication node, to identify corresponding cryptographic algorithm.The rotational order of wherein said authentication module information with can be the same or different of the rotational order of accounts information.If the rotational order of authentication module information is identical with the rotational order of accounts information, authentication module information will bind together with corresponding accounts information forever.If authentication module information is different from the rotational order of accounts information, the two may be stored on different authentication nodes, and accounts information and authentication module information can proceed subsequent rounds separately in an independent way respectively turns.
Only can take turns to turn accounts information and do not take turns according to a kind of embodiment of the present invention and turn authentication module information.Only can take turns to turn authentication module information and do not take turns according to another kind of embodiment of the present invention and turn accounts information.
Optionally, when wheel turns authentication module information, described authentication module label Tag can be modified, thus the fail safe of further increase system.Such as can modify by the Tag in his-and-hers watches 2 and table 3, Tag=0 is become Tag=3, Tag=1 is become Tag=4.Amended accounts information and authentication module information are respectively as shown in following table 7 and table 8:
Table 7
Table 8
| ID | PIN | Tag |
| James | XXXXXX | 3 |
| Thomas | XXXXXX | 4 |
| ...... | ...... | ...... |
| Tag | Cryptographic algorithm |
| 3 | The first cryptographic algorithm |
| 4 | The second cryptographic algorithm |
According to one embodiment of the present of invention, timestamp (timestamp) information can also be comprised in authentication information to show the valid period of described authentication information.In one example in which, described timestamp information is " 20110417,3 ", represent this authentication information be April 17 in 2011 sun forward local authentication node to, its term of validity is three months.That is need to carry out next next round after three months to turn.In another example, described timestamp information is " 20110717 ", represents that this authentication information was all effective before 17 days July in 2011.In another example, described timestamp information is " 20110417, effectively ", represent this authentication information be April 17 in 2011 sun forward local authentication node to, and " effectively " mode bit of this authentication information is " effectively ".Wheel once authentication information turns, and should will be set to engineering noise by " effectively " mode bit.This example adopts Dynamic trigger condition to trigger in the scheme of taking turns and turning than being more suitable for.Certain the present invention do not limit be suitable for other expression way to represent timestamp information.Adopt the authentication information of timestamp can increase the fail safe of system further, once a certain authentication node of assault, it cannot use the authentication information in this node always.
According to one embodiment of the present of invention, the wheel that only can carry out partial authentication node between a next round refunding turns (partial rotation).It is 2:00am that such as original wheel turns the time, but turn before the time starts at wheel, assess the actual performance (Real Performance) of the second authentication node, if be in busy state through assessment discovery second authentication node, this next round turns over Cheng Ze may ignore (skip) second authentication node, and the wheel carrying out authentication information between other node turns.Further, be left in the basket in order to avoid some authentication nodes repeatedly turn in journey at wheel, can prevent this authentication node from forever cannot participate in wheel to the actual performance correction of authentication node and turn.The value of such as actual performance be one from 0 to 100 mark, mark higher explanation authentication node is busier, and mark lower explanation authentication node is notr busy.Correcting feature after so correcting actual performance can as follows shown in formula 1: CP=RP-(W*T) formula 1
Wherein CP represents the performance scores after calibration, and RP represents the actual performance mark of authentication node, and W represents weight, and T represents the number of times that this authentication node has neither part nor lot in wheel and turns.Can find out that from formula 1 performance scores after calibration will reduce, if the performance scores after calibration is lower than certain threshold value, the wheel that this authentication node just should participate in authentication information turns along with a certain authentication node has neither part nor lot in the increasing of number of times that wheel turns.The wheel that formula 1 prevents a certain authentication node from always cannot participate in authentication information owing to being always in busy state turns.
Certain the present invention does not get rid of and uses other method to be left in the basket to avoid a certain authentication node always to turn in journey at wheel, such as can specify that any authentication node all can not turn over journey by the double wheel not participating in authentication information.
Fig. 5 shows the flow chart of sending authentication request according to one embodiment of the present of invention.Fig. 5 and Fig. 8 A, 8B are corresponding.In the embodiment shown in fig. 5, suppose that authentication information comprises accounts information, and do not comprise authentication module information, that is identical cryptographic algorithm is all suitable for for all accounts informations.In step 501, authentication request is received.Described authentication request can from client, the logging request sent when such as described authentication request can will log in its company's internal network from an employee.
In step 503, described authentication request is distributed in corresponding authentication node.By authentication request, the method be distributed in corresponding authentication node has a lot, according to a kind of embodiment of the present invention, the mode of multicast (multicast) can be adopted authentication request to be broadcasted in the authenticating network be made up of authentication node.The address of the authentication node in authenticating network forms multicast address set, once there be new authentication node to add authenticating network, then the network address of new authentication node also can be added this multicast address set.Whether the authentication node receiving authentication request in authenticating network has on this node of inspection the information meeting authentication request.If no, then do not replied.If had, then can continue follow-up step.In a kind of example, suppose that user is at client input account ID and password PIN, described ID and PIN (or variant of PIN) is sent on a certain authentication node, and this authentication node checks ID stored thereon is to determine whether it has the information meeting authentication request.This authentication node is verified this user according to the PIN of user's input more afterwards.
In another kind of example, suppose that user is at client input account ID and password PIN, described ID is only had to be sent on a certain authentication node, when determining it to have the information meeting authentication request after the id information that this authentication node is stored thereon, this authentication node can further with client contacts to obtain described PIN, thus carry out follow-up treatment step.In more complicated example, authentication node not only needs with client contacts to obtain PIN, even also need the process carrying out with special authentication node contacting to carry out follow-up authentication request, such as need with the server contact in portions of government whether correct with the ID card No. confirming user and input.
Described above is the details utilizing the mode of multicast authentication request to be distributed to each authentication node, the following describes and utilize node router (Node Router) authentication request to be distributed to process on corresponding authentication node.Described node router is responsible for authentication request to be distributed to the corresponding enterprising row relax of authentication node.Described node router can be taken on by a special node, also can be taken on by multiple authentication node.Node router can store a dispatch table, this dispatch table is as shown in table 9 below:
Table 9
| User name (ID) | Authentication node |
| James | Node 1 |
| ...... | ...... |
Content representation in table 9, the authentication information that user is called James is stored on first node.Therefore the authentication request relevant with James can be forwarded on first node by node router.Turn if wheel occurs the authentication information on authentication node, then, after wheel turns, described dispatch table will be updated to reflect up-to-date authentication information store status.Such as, if the authentication information on Node 1 is forwarded on Node 2 by wheel, then described dispatch table can carry out the amendment as following table 10:
Table 10
| User name (ID) | Authentication node |
| James | Node 2 |
| ...... | ...... |
Get back to Fig. 5 now, process described authentication request in step 505.The detailed content of step 505 will be described in further details hereinafter.In step 507, return authentication result is to show described authentication request and have passed certification or not by certification.
Fig. 6 shows the flow chart of sending authentication request according to an alternative embodiment of the invention.Embodiment in Fig. 6 is corresponding with Fig. 9 A, 9B.In the embodiment shown in fig. 6, suppose that authentication information comprises accounts information and authentication module information, that is different cryptographic algorithm is suitable for for different accounts informations.In step 601, receive authentication request.In step 603, obtain the accounts information corresponding to described authentication request according to described authentication request.In step 605, check the authentication module label in described authentication request, and determine the authentication node at authentication module information (such as cryptographic algorithm) place corresponding with described authentication module label.In step 607, described accounts information and described authentication request are distributed to the authentication node comprising described authentication module information, with by authentication request described in the described authentication node process comprising authentication module information.In step 609, process described authentication request.The details of step 609 will be described in more detail below.In step 611, return authentication result is to determine that whether described authentication request is successful.
Fig. 7 shows the flow chart of the process authentication request according to one embodiment of the present of invention.Flow chart in Fig. 7 is the further refinement to the step 609 in the step 505 in Fig. 5 and Fig. 6.No matter for the embodiment shown in Fig. 8 A, 8B or for the embodiment shown in Fig. 9 A, 9B, can suspend during transmission authentication information or not suspend the process for authentication request.If suspend the process to authentication request, described authentication request processes being forwarded to new authentication node after wheel turns end, that is described authentication information can be sent to new authentication node in the mode sheared from original authentication node, and original authentication node no longer preserves the copy of described authentication information.If do not suspend the process to authentication request, still can by authentication request described in original authentication node process during transmission authentication information, after waiting for that all authentication informations all copy new authentication node to by original authentication node, again by authentication request described in new authentication node process, under this embodiment, described authentication information can be sent to new authentication node to copy the mode of pasting again from original authentication node.
Specifically, during step 701 judges that whether described authentication node is the transmission at authentication information.If during described authentication node is just in time in and sends authentication information, then judge whether further to need to suspend the process to described authentication request in step 703.If need to suspend the process to described authentication request, then in step 705, after terminating during the transmission of authentication information, described authentication request is distributed to other authentication node, and by authentication request described in other authentication node process.Wherein be distributed to the action of other authentication node, can be completed by multicast mode as described above, also can have been assisted by node router as described above, directly described authentication request to be solved can also be forwarded on other authentication node by authentication node.If judge not need to suspend the process to authentication request in step 703, then, in step 707, complete the process to described authentication request by described authentication node.If in step 701, judge described authentication node not during the transmission of authentication information, then directly forward step 707 to, by authentication request described in described authentication node process.
Figure 10 shows authentication information treatment system flow chart of the present invention.Authentication information treatment system in Figure 10 comprises rotational order determining device, wheel turns trigger condition determining device and dispensing device.In the authentication information treatment system described in Figure 10, described authentication information is stored on the first authentication node.Rotational order determining device in Figure 10, is configured to the rotational order determining authentication information.Wheel turns trigger condition determining device, is configured to determine that the wheel of authentication information turns trigger condition.Dispensing device, be configured in response to wheel turn trigger condition set up according to described rotational order send described authentication information at least partially to the second authentication node with by the second authentication node process authentication request relevant with described authentication information.
According to a kind of embodiment of the present invention, the authentication information in Figure 10 comprises accounts information.
According to another kind of embodiment of the present invention, the authentication information in Figure 10 also comprises authentication module information except accounts information.
According to a kind of embodiment of the present invention, described rotational order in Figure 10 comprises the rotational order of accounts information and the rotational order of authentication module information, and described dispensing device is configured to further: described accounts information is sent to the second authentication node and described authentication module information is sent to the 3rd authentication node.
According to a kind of embodiment of the present invention, described wheel turns trigger condition and is included in interval special time week after date and starts authentication information wheel and turn.
According to another kind of embodiment of the present invention, describedly take turns that to turn trigger condition be Dynamic trigger condition.
According to another embodiment of the present invention, described take turns turn trigger condition be included in node idle time start authentication information wheel and turn.
According to a kind of embodiment of the present invention, comprise timestamp information in described authentication information to show the valid period of described authentication information.
The function of the modules in the authentication information treatment system shown in Figure 10 has been described in detail in the introduction of authentication information processing method in the preceding article, does not repeat them here.
Various embodiment of the present invention can provide many advantages, comprises having enumerated in summary of the invention, and can to derive from technical scheme itself.But no matter whether an embodiment obtains all advantages, and also no matter whether such advantage is considered to obtain substantive raising, should not be construed as limiting the invention.Meanwhile, the various execution modes above mentioned are only for purposes of illustration, and those of ordinary skill in the art can make various modifications and changes to above-mentioned execution mode, and does not depart from essence of the present invention.Scope of the present invention is defined by the appended claims completely.
Claims (19)
1., to the method that authentication information processes, described authentication information is stored on the first authentication node, and described method comprises:
Determine the rotational order of described authentication information,
Determine that the wheel of described authentication information turns trigger condition, and
In response to described take turns turn trigger condition set up, according to described rotational order send described authentication information at least partially to the second authentication node.
2. in accordance with the method for claim 1, wherein said authentication information comprises accounts information and authentication module information, and described authentication module packets of information is containing at least one item in the following: authentication module label and cryptographic algorithm.
3. in accordance with the method for claim 2, wherein said rotational order comprises the rotational order of accounts information and the rotational order of authentication module information,
And describedly send comprising to the second authentication node at least partially of described authentication information according to described rotational order:
According to the rotational order of accounts information, described accounts information is sent to described second authentication node,
And described method also comprises:
According to the rotational order of authentication module information, described authentication module information is sent to the 3rd authentication node.
4. in accordance with the method for claim 1, wherein said wheel turns trigger condition and comprises and reach the scheduled time.
5. in accordance with the method for claim 1, wherein saidly take turns that to turn trigger condition be Dynamic trigger condition.
6. according to the method described in claim arbitrary in claim 1 to 5, wherein said take turns turn trigger condition be included in described first authentication node idle time start described authentication information wheel turn.
7. in accordance with the method for claim 1, wherein determine that the rotational order of described authentication information comprises the described rotational order determining described authentication information at random further.
8. in accordance with the method for claim 1, wherein said first authentication node suspends the process to the authentication request relevant with described authentication information during the transmission of described authentication information.
9. in accordance with the method for claim 1, wherein said first authentication node does not suspend the process to the authentication request relevant with described authentication information during the transmission of described authentication information.
10. in accordance with the method for claim 1, comprise timestamp information in wherein said authentication information to show the valid period of described authentication information.
11. according to the method in claim 8,9 described in any one, and wherein said authentication request is distributed to multiple authentication node by the mode of multicast.
12. according to the method in claim 8,9 described in any one, and wherein said authentication request is distributed to the second authentication node by node router, and wherein said node router stores the dispatch table of described authentication information.
13. 1 kinds of systems that authentication information is processed, wherein said authentication information is stored on the first authentication node, and described system comprises:
Rotational order determining device, is configured to the rotational order determining described authentication information,
Wheel turns trigger condition determining device, is configured to determine that the wheel of described authentication information turns trigger condition, and
Dispensing device, be configured in response to described take turns turn trigger condition set up according to described rotational order send described authentication information at least partially to the second authentication node.
14. according to system according to claim 13, and wherein said authentication information comprises accounts information and authentication module information, and described authentication module packets of information is containing at least one item in the following: authentication module label and cryptographic algorithm.
15. according to system according to claim 14, and wherein said rotational order comprises the rotational order of accounts information and the rotational order of authentication module information,
And described dispensing device is configured to further: according to the rotational order of accounts information described accounts information be sent to described second authentication node and according to the rotational order of authentication module information, described authentication module information be sent to the 3rd authentication node.
16. according to system according to claim 13, and wherein said wheel turns trigger condition and comprise and reach the scheduled time.
17. according to system according to claim 13, wherein saidly takes turns that to turn trigger condition be Dynamic trigger condition.
18. according to the system described in the arbitrary claim of claim 13 to 17, wherein said take turns turn trigger condition be included in described first authentication node idle time start described authentication information wheel turn.
19. according to system according to claim 13, comprises timestamp information to show the valid period of described authentication information in wherein said authentication information.
Priority Applications (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110104879.0A CN102761520B (en) | 2011-04-26 | 2011-04-26 | Method and system for processing authentication information |
| PCT/CN2012/072183 WO2012146091A1 (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
| SG2013074091A SG194072A1 (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
| DE112012000780.8T DE112012000780B4 (en) | 2011-04-26 | 2012-03-12 | Processing Authorization Check Data |
| GB1313857.3A GB2505563B (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
| JP2014506730A JP6034368B2 (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110104879.0A CN102761520B (en) | 2011-04-26 | 2011-04-26 | Method and system for processing authentication information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102761520A CN102761520A (en) | 2012-10-31 |
| CN102761520B true CN102761520B (en) | 2015-04-22 |
Family
ID=47055842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110104879.0A Expired - Fee Related CN102761520B (en) | 2011-04-26 | 2011-04-26 | Method and system for processing authentication information |
Country Status (6)
| Country | Link |
|---|---|
| JP (1) | JP6034368B2 (en) |
| CN (1) | CN102761520B (en) |
| DE (1) | DE112012000780B4 (en) |
| GB (1) | GB2505563B (en) |
| SG (1) | SG194072A1 (en) |
| WO (1) | WO2012146091A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201811773D0 (en) * | 2018-07-19 | 2018-09-05 | Nchain Holdings Ltd | Computer-implemented system and method |
| CN110704823A (en) * | 2019-09-10 | 2020-01-17 | 平安科技(深圳)有限公司 | Data request method, device, storage medium and electronic equipment |
| CN112738045A (en) * | 2020-12-23 | 2021-04-30 | 中科三清科技有限公司 | Multi-source fusion identity authentication system and method |
| CN113312656B (en) * | 2021-07-29 | 2022-04-15 | 阿里云计算有限公司 | Data rotation method, device, equipment and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1767437A (en) * | 2004-10-29 | 2006-05-03 | 国际商业机器公司 | Systems and methods for efficiently authenticating multiple objects based on access patterns |
| CN101938461A (en) * | 2009-06-29 | 2011-01-05 | 索尼公司 | Netscape messaging server Netscape, messaging device and information processing method |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0668047A (en) * | 1992-08-13 | 1994-03-11 | Nippon Telegr & Teleph Corp <Ntt> | Shared storage method using network of distributed system |
| JP3559471B2 (en) * | 1999-03-31 | 2004-09-02 | 株式会社東芝 | Setting information server device, user computer and setting information delivery method |
| US7322040B1 (en) * | 2001-03-27 | 2008-01-22 | Microsoft Corporation | Authentication architecture |
| US7617257B2 (en) * | 2004-12-03 | 2009-11-10 | Oracle International Corporation | System for persistent caching of LDAP metadata in a cluster LDAP server topology |
| US20070162862A1 (en) * | 2005-07-06 | 2007-07-12 | Gemini Mobile Technologies, Inc. | Selective user monitoring in an online environment |
| US9390156B2 (en) * | 2009-06-29 | 2016-07-12 | International Business Machines Corporation | Distributed directory environment using clustered LDAP servers |
-
2011
- 2011-04-26 CN CN201110104879.0A patent/CN102761520B/en not_active Expired - Fee Related
-
2012
- 2012-03-12 WO PCT/CN2012/072183 patent/WO2012146091A1/en active Application Filing
- 2012-03-12 DE DE112012000780.8T patent/DE112012000780B4/en active Active
- 2012-03-12 JP JP2014506730A patent/JP6034368B2/en not_active Expired - Fee Related
- 2012-03-12 SG SG2013074091A patent/SG194072A1/en unknown
- 2012-03-12 GB GB1313857.3A patent/GB2505563B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1767437A (en) * | 2004-10-29 | 2006-05-03 | 国际商业机器公司 | Systems and methods for efficiently authenticating multiple objects based on access patterns |
| CN101938461A (en) * | 2009-06-29 | 2011-01-05 | 索尼公司 | Netscape messaging server Netscape, messaging device and information processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102761520A (en) | 2012-10-31 |
| DE112012000780B4 (en) | 2014-07-31 |
| JP6034368B2 (en) | 2016-11-30 |
| GB201313857D0 (en) | 2013-09-18 |
| GB2505563B (en) | 2015-07-01 |
| WO2012146091A1 (en) | 2012-11-01 |
| SG194072A1 (en) | 2013-11-29 |
| DE112012000780T5 (en) | 2013-11-14 |
| GB2505563A (en) | 2014-03-05 |
| JP2014513351A (en) | 2014-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2022188831A1 (en) | Block consensus method based on blockchain, and related device | |
| CN108681965B (en) | Block chain network transaction processing method and device for offline node | |
| US20220239496A1 (en) | Blockchain consensus method, device and system | |
| WO2020186788A1 (en) | Blockchain-based certificate verification method and device, storage medium, and electronic device | |
| US11080691B2 (en) | Fork-tolerant consensus protocol | |
| CN110115001A (en) | Promote practical Byzantine failure tolerance block chain common recognition synchronous with node | |
| CN109447645B (en) | Equipment linkage method, block chain network and storage medium | |
| US20230316273A1 (en) | Data processing method and apparatus, computer device, and storage medium | |
| CN103179099B (en) | A kind ofly access the uniform authentication method of open website platform and a kind of website platform | |
| US9401911B2 (en) | One-time password certificate renewal | |
| CN111698315B (en) | Data processing method and device for block and computer equipment | |
| EP4216077A1 (en) | Blockchain network-based method and apparatus for data processing, and computer device | |
| CN109361753A (en) | A kind of Internet of things system framework and encryption method | |
| CN102761520B (en) | Method and system for processing authentication information | |
| CN109450685B (en) | local link node offline consensus method and node | |
| JP2014524204A (en) | Method and system for storing and retrieving data from key-value storage | |
| CN109586949A (en) | Block generation method and computer storage medium | |
| CN110442601B (en) | Openstack mirror image data parallel acceleration method and device | |
| US20090290714A1 (en) | Protocol for Verifying Integrity of Remote Data | |
| US7933962B1 (en) | Reducing reliance on a central data store while maintaining idempotency in a multi-client, multi-server environment | |
| US9641343B1 (en) | Efficient unified certificate revocation lists | |
| CN109309671A (en) | A kind of communications device data management method and device based on block chain | |
| CN113986578A (en) | Message checking method and first equipment | |
| CN101656661B (en) | Method, system and equipment for implementing transmission of trusted information | |
| US11122081B2 (en) | Preventing unauthorized access to information resources by deploying and utilizing multi-path data relay systems and sectional transmission techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150422 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |