CN102769606B - A kind of network digital identity identifying method based on gene certificate - Google Patents
A kind of network digital identity identifying method based on gene certificate Download PDFInfo
- Publication number
- CN102769606B CN102769606B CN201110443146.XA CN201110443146A CN102769606B CN 102769606 B CN102769606 B CN 102769606B CN 201110443146 A CN201110443146 A CN 201110443146A CN 102769606 B CN102769606 B CN 102769606B
- Authority
- CN
- China
- Prior art keywords
- gene
- certificate
- network
- user
- network user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a kind of network digital identity identifying method based on gene certificate, adopt browser/server framework design, be made up of gene certificate server, authentication server and management system thereof.First operator submits the log-on message such as name in an account book, description, IP, subnet mask, MAC, identification card number or device number to gene certificate server, after gene certificate server verification succeeds by assigning gene, digital signature is the network user or equipment generation is unique, the gene certificate that can not crack; Before operator's access application system, authentication server is by the consistency of the signing messages on checking gene certificate and gene loci Data Matching checked operation person's physical identity and digital identity.The present invention has the advantages that accuracy rate is high, fail safe is good, solve that password difficulty is remembered, easily forgotten, unsafe problem, compensate for the indefinite defect of conventional digital certificate main information, the authentication techniques overcome based on biological characteristic can not the deficiency of authentication equipment identity.
Description
Technical field
The present invention relates to a kind of network security technology for authentication, particularly relate to a kind of network digital identity identifying method based on gene certificate.
Background technology
In information system, the identity information of the network user and the network equipment all represents by one group of specific data.In a computer network, the correct user of identification and equipment digital identity and and then ensure the physical identity of operator corresponding with digital identity be the first road barrier of guarantee information system safety.At present, two kinds of situations of the digital identification authentication technical point in computer network: the certification between user and main frame, the certification between main frame and main frame.But the pros and cons of existing digital identification authentication technology are summarized as follows:
(1) the digital identification authentication technology based on static password realizes simply, is widely used, but the certification that only can be used between user and main frame, and have that short password is easily guessed, the memory of long password difficulty, plaintext password are are easily intercepted and captured, ciphertext password is easily by problems such as dictionary attacks.
(2) based on the digital identification authentication technology of dynamic password solve password easily guessed, intercept and capture after the problem reused, but this technology is only for the certification between user and main frame, and is difficult to the time of sync client and server end.
(3) the digital identification authentication technology based on smart card (as IC-card) overcomes the memory of password difficulty, is difficult to ensure the defect of depositing, but this technology is also only for the certification between user and main frame, and existence is falsely used, is difficult to take precautions against the deficiencies such as internal memory scanning and network monitoring attack.
(4) certification between user and main frame can be used for based on the identity identifying technology of conventional digital certificate (as X.509 certificate), the certification between main frame and main frame can be used for again, be widely used at present.But there is certificate main information indefinite (being difficult to distinguish the network user of the same name in reality), amount of calculation is large, efficiency is low, key management difficulty large, system realizes complicated, operation and maintenance high in cost of production defect.
(5) the digital identification authentication technology based on biological characteristic (as fingerprint, sound, retina, gait etc.) differentiates user identity by the unique physiology of human body or behavioural characteristic, but impalpable drawback under there is the situations such as user's body is injured, spot serious, specific group (labourer that callus is many), and this technology can not be used for the certification between main frame and main frame.
At present, based on technology such as password, smart card, digital certificate, biological characteristics, the domestic patent application case having disclosed many Values authentications, but they are each has something to recommend him.Patent publication No. is the digital identity of application case by the discriminating user that fingerprints of CN1674499, CN1674500, but these two kinds of methods can not be used for the certification between main frame and main frame.Patent publication No. is the identity identifying method that the application case of CN1564511, CN1614924 proposes based on dynamic password, solve decodement transmission unsafe problems, but they is only for mobile radio network.Patent publication No. is the identity identifying technology that the application case of CN1444169, CN1545243 belongs to based on digital certificate, has that certificate main information is indefinite, amount of calculation is large, efficiency is low, key management difficulty is large, system realizes complicated, operation and maintenance high in cost of production defect.
According to the fact that gene information can not change, DNA identity verify result accuracy rate is high of people, use for reference the Related Mechanism of Public Key Infrastructure(PKI), the present invention, by signing and issuing digital signature information on gene certificate, checking gene certificate to the network user and the network equipment and the approach such as icp gene site information, proposes a kind of new network digital identity identifying method.
Summary of the invention
The object of this invention is to provide a kind of network digital identity identifying method based on gene certificate, network user faciation high for demand for security is to the occasion of fixing (IP fixes).
Based on a network digital identity identifying method for gene certificate, adopt B/S architecture design, foundation gene certificate also carries out certification by certifying digital signature and gene loci information to the digital identity under network environment; The present invention includes following steps: gene certificate registration; Network gene and member gene generate; Gene certificates constructing; Based on the digital identification authentication of gene certificate.
Gene certificate registration comprises the following steps:
The Login Register page;
The input network user or device name
ename;
The IP address of input network user used terminal equipment
eipand check its legitimacy;
The MAC Address of input network user used terminal equipment
emacand check the correctness of its form;
The subnet mask of input network user used terminal equipment
emaskand formal check is carried out to it;
The identification card number of input user
idcardnoor the device number of the network equipment
deviceid, and its legitimacy is checked;
Preserve the network user or device name
ename, network user's used terminal equipment IP address
eip, network user's used terminal equipment MAC Address
emac, network user's used terminal equipment subnet mask
emaskwith the identification card number of user
idcardnoor the device number of the network equipment
deviceid.
Comprise the following steps in the generation step of network gene and member gene:
Read the network user or device name
ename, network user's used terminal equipment IP address
eip, network user's used terminal equipment MAC Address
emac, network user's used terminal equipment subnet mask
emaskwith the identification card number of user
idcardnoor the device number of the network equipment
deviceid;
Generating network gene
network_gene=eip & emask;
If that apply for the registration of is the network user, then member gene
member_gene=emac‖
idcardno, otherwise member gene
member_gene=emac‖
deviceid.
Comprise the following steps in the generation step of gene certificate:
For the network user or the equipment establishment gene certificate object of application gene certificate
og;
Read the network user or device name
ename, descriptor
edesc;
For gene certificate object
ogthe version of gene certificate
ver, network entity name
name, network entity describe
descassignment:
og.ver=version number,
og.name=ename,
og.desc=edesc;
Generating network gene and member gene;
With
hash_idthe hash algorithm of specifying (
h hash_id ()) calculate digital digest
h, that is:
h=H hash_id (og.ver+og.name+og.dese+og.network_gene+og.member_gene);
Signature result
og.sign_val=E key (h), wherein
e key (h)expression private key
keyto digital digest
hbe encrypted;
Preserve gene certificate object
og.
Comprise the following steps in the step of the digital identification authentication of gene certificate:
Application server receives the service request of operator, and asks authentication server authentication operation person identity;
Authentication server prompting user submits gene certificate to;
Authentication server receives gene certificate
gC;
The authentication server public key decryptions of gene certificate server
gC.sign_valobtain
h 1 ;
Authentication server is reruned gene certificate
gCin except signature result
sign_valthe digital digest of outer out of Memory system
h 2 ;
If
h 1 =h 2 then turn next step, otherwise prompting operation identity is illegal, and terminates;
If
gCon gene loci information equally with the site information of this operator of gene certificate server then point out that to operate identity legal, and to terminate.
Adopt the present invention of technique scheme, gene certificate server is by assigning the approach such as gene, digital signature to be the gene certificate that the network user and the network equipment sign and issue for identifying its digital identity, authentication server, by the consistency of the signing messages on checking gene certificate, gene loci matching operation and then checked operation person's physical identity and digital identity, reaches network digital authentication object.
Accompanying drawing explanation
Fig. 1 is system configurations.
Fig. 2 is the step of gene certificate registration.
Fig. 3 is the step that network gene and member gene generate.
Fig. 4 is the step of gene certificates constructing.
Fig. 5 is the step of the digital identification authentication based on gene certificate.
Embodiment
Network digital identity identifying method based on gene certificate of the present invention comprises the network user or facility registration, network gene and member gene's generation, gene certificates constructing, differentiates that four parts are formed based on the digital identity of gene certificate, specific as follows:
1, system configurations
The present invention adopts browser/server (B/S) architecture design, and the network user, by browser access application server, first carries out identity verify by authentication server before access.Digital identification authentication method based on gene certificate of the present invention mainly comprises the network user or facility registration, network gene and member gene's generation, gene certificates constructing and the digital identity based on gene certificate differentiate four steps.
2, the network user or facility registration
Log-on message comprises the information for generating gene certificate site such as title, physical address, IP address, subnet mask of the network user or equipment.By online or offline mode, the network user or equipment being registered, laying the groundwork for generating gene certificate.During enforcement, after user logs in the registered information managing subsystem of gene certificate server by browser, the title of the input network user or equipment, physical address, IP address, subnet mask, log-on message writes in the database of gene certificate server by registered information managing subsystem after data re-scheduling, validity checking.Detailed process comprises the steps:
A, the Login Register page;
B, the input network user or device name
ename, check
enamewhether be sky, whether exist, and check
enamelength, complexity whether meet the requirement of specifying;
The IP address of C, input network user used terminal equipment
eipand check its legitimacy;
The MAC Address of D, input network user used terminal equipment
emacand check the correctness of its form;
The subnet mask of E, input network user used terminal equipment
emaskand formal check is carried out to it;
If F network user register then inputs the identification card number of user
idcardnoif be the network equipment, as router, the switch registration of webmaster can then input the device number of this network equipment
deviceid, and carry out validity checking;
G, the preservation network user or device name
ename, network user's used terminal equipment IP address
eip, network user's used terminal equipment MAC Address
emac, network user's used terminal equipment subnet mask
emaskwith the identification card number of user
idcardnoor the device number of the network equipment
deviceid.
3, network gene and member gene generate
In the present invention, the network gene in the gene certificate of marked network user or apparatus figure identity and member gene are respectively used to identify the network at this entity place, concrete main frame and user profile.The generation step of network gene and member gene is as follows:
A, the reading network user or device name
ename, network user's used terminal equipment IP address
eip, network user's used terminal equipment MAC Address
emac, network user's used terminal equipment subnet mask
emaskwith the identification card number of user
idcardnoor the device number of the network equipment
deviceid;
B, generating network gene
network_gene=eip & emask;;
If that C applies for the registration of is the network user, then member gene
member_gene=emac‖
idcardno, otherwise member gene
member_gene=emac‖
deviceid.
4, gene certificates constructing
First gene certificate server keeper audits log-on message, is then that lawful registration person generates gene certificate by gene certificate management software systems
gC; Gene certificate is a kind of digital information file being used for indicating and proving network entity identity.Gene certificates constructing process comprises the steps:
A, create gene certificate object for the network user of application gene certificate or equipment
og;
B, from the log-on message preserved, read the network user or device name
ename, descriptor
edesc;
C, foundation gene certificate
gCdefinition, be gene certificate object
ogthe version of gene certificate
ver, network entity name
name, network entity describe
descassignment:
og.ver=version number,
og.name=ename,
og.desc=edesc;
D, calling above-mentioned network gene and member gene, to generate method be gene certificate object
ogattribute
network_genewith
member_geneassignment;
E, use message digest algorithm identifier
hash_idthe hash algorithm of specifying (is designated as
h hash_id ()) computing information summary
h:
h=H hash_id (og.ver+og.name+og.dese+og.network_gene+og.member_gene);
F, by the following method calculating gene certificate object
ogsignature result
sign_val:
og.sign_val=E key (h), wherein
e key (h)expression private key
keyto digital digest
hbe encrypted;
G, preservation gene certificate object
og.
Through above-mentioned steps, obtain gene certificate
gC, its formal definitions is:
,
Wherein
ver,
name,
desc,
network_gene,
member_gene,
hash_id,
sign_valrepresent the version of gene certificate, network entity name, network entity description, network gene, member gene, message digest algorithm identifier and signature result respectively,
n=﹛ 0,1 ..., 9, A ..., F ﹜, namely
nrepresent optional hexadecimal character set.Gene certificates constructing produces network gene and member gene according to log-on message, and by digital signature be the network user, the network equipment generate for identify its digital identity and can not be counterfeit the process of gene certificate.
5, based on the digital identification authentication of gene certificate
Authentication server receives the gene certificate that operator submits to online
gC, and realize digital identification authentication by the signing messages on checking gene certificate.Concrete steps are as follows:
A, application server receive the service request of operator, and ask authentication server authentication operation person identity;
B, authentication server prompting user submits gene certificate to;
C, authentication server receive gene certificate
gC;
D, the authentication server public key decryptions of gene certificate server
gC.
sign_valobtain
h 1 ;
E, authentication server are reruned gene certificate
gCin except signature result
sign_valthe informative abstract of outer out of Memory system
h 2 ;
If F
h 1 =h 2 then turn next step, otherwise prompting operation identity is illegal, and terminates;
If G gene certificate
gCon gene loci information equally with the site information of this operator of gene certificate server then point out that to operate identity legal, and to terminate.
Claims (2)
1. based on a network digital identity identifying method for gene certificate, it is characterized in that: adopt B/S framework to establish, foundation gene certificate also carries out certification by certifying digital signature and gene loci information to the digital identity under network environment; Comprise the following steps: gene certificate registration; Network gene and member gene generate; Gene certificates constructing; Based on the digital identification authentication of gene certificate;
Comprise the following steps in the generation step of network gene and member gene:
Read the network user or device name
ename, network user's used terminal equipment IP address
eip, network user's used terminal equipment MAC Address
emac, network user's used terminal equipment subnet mask
emaskwith the identification card number of user
idcardnoor the device number of the network equipment
deviceid;
Generating network gene
network_gene=eip & emask;
If that apply for the registration of is the network user, then member gene
member_gene=
emac‖
idcardno, otherwise member gene
member_gene=
emac‖
deviceid;
Comprise the following steps in the generation step of gene certificate:
For the network user or the equipment establishment gene certificate object of application gene certificate
og;
Read the network user or device name
ename, descriptor
edesc;
For gene certificate object
ogthe version of gene certificate
ver, network entity name
name, network entity describe
descassignment:
og.ver=version number,
og.name=
ename,
og.desc=
edesc;
Generating network gene and member gene;
With
hash_idthe hash algorithm of specifying (
h hash_id ()) calculate digital digest
h, that is:
h=H
hash_id(
og.ver+og.name+og.dese+og.network_gene+og.member_gene);
Signature result
og.sign_val=Ekey (h), wherein
ekey (h)expression private key
keyto digital digest
hbe encrypted;
Preserve gene certificate object
og;
Comprise the following steps in the step of the digital identification authentication of gene certificate:
Application server receives the service request of operator, and asks authentication server authentication operation person identity;
Authentication server prompting user submits gene certificate to;
Authentication server receives gene certificate
gC;
The authentication server public key decryptions of gene certificate server
gC.sign_valobtain
h1;
Authentication server is reruned gene certificate
gCin except signature result
sign_valthe digital digest of outer out of Memory system
h2;
If
h1=
h2then turn next step, otherwise prompting operation identity is illegal, and terminates;
If
gCon gene loci information equally with the site information of this operator of gene certificate server then point out that to operate identity legal, and to terminate.
2. a kind of network digital identity identifying method based on gene certificate according to claim 1, its feature in:
Gene certificate registration comprises the following steps:
The Login Register page;
The input network user or device name
ename;
The IP address of input network user used terminal equipment
eipand check its legitimacy;
The MAC Address of input network user used terminal equipment
emacand check the correctness of its form;
The subnet mask of input network user used terminal equipment
emaskand formal check is carried out to it;
The identification card number of input user
idcardnoor the device number of the network equipment
deviceid, and its legitimacy is checked;
Preserve the network user or device name
ename, network user's used terminal equipment IP address
eip, network user's used terminal equipment MAC Address
emac, network user's used terminal equipment subnet mask
emaskwith the identification card number of user
idcardnoor the device number of the network equipment
deviceid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110443146.XA CN102769606B (en) | 2011-12-27 | 2011-12-27 | A kind of network digital identity identifying method based on gene certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110443146.XA CN102769606B (en) | 2011-12-27 | 2011-12-27 | A kind of network digital identity identifying method based on gene certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102769606A CN102769606A (en) | 2012-11-07 |
| CN102769606B true CN102769606B (en) | 2015-12-09 |
Family
ID=47096856
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110443146.XA Expired - Fee Related CN102769606B (en) | 2011-12-27 | 2011-12-27 | A kind of network digital identity identifying method based on gene certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102769606B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161350B (en) * | 2015-03-31 | 2020-03-10 | 华为技术有限公司 | Method and device for managing application identifier |
| CN106209730B (en) * | 2015-04-30 | 2020-03-10 | 华为技术有限公司 | Method and device for managing application identifier |
| CN111431853A (en) * | 2020-02-21 | 2020-07-17 | 北京邮电大学 | Centerless instant network identity authentication method and client |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123499A (en) * | 2006-08-11 | 2008-02-13 | 华为技术有限公司 | A method for identity authentication based on biologic certificate |
-
2011
- 2011-12-27 CN CN201110443146.XA patent/CN102769606B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123499A (en) * | 2006-08-11 | 2008-02-13 | 华为技术有限公司 | A method for identity authentication based on biologic certificate |
Non-Patent Citations (1)
| Title |
|---|
| 《一种基于基因证书的身份鉴别方法》;孙飞显等;《计算机应用研究》;20080831;第25卷(第8期);2454-2456 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102769606A (en) | 2012-11-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2017376036B2 (en) | Two-dimensional barcode processing method, device, and system | |
| CN108777684B (en) | Identity authentication method, system and computer readable storage medium | |
| CN104753881B (en) | A kind of WebService safety certification access control method based on software digital certificate and timestamp | |
| CN107070667B (en) | Identity authentication method | |
| CN101442407B (en) | Method and system for identification authentication using biology characteristics | |
| CN109150535A (en) | A kind of identity identifying method, equipment, computer readable storage medium and device | |
| RU2011153984A (en) | TRUSTED AUTHORITY ADMINISTRATOR (TIM) | |
| CN106713279A (en) | Video terminal identity authentication system | |
| CN108206821A (en) | A kind of identity authentication method and system | |
| CN105164689A (en) | User authentication | |
| CN110838920B (en) | Password authentication and key agreement protocol in web system without storing password related information | |
| CN103701787A (en) | User name password authentication method implemented on basis of public key algorithm | |
| CN105119721A (en) | Three-factor remote identity authentication method based on intelligent card | |
| CN105554018A (en) | Network real name verification method | |
| CN102769606B (en) | A kind of network digital identity identifying method based on gene certificate | |
| CN111010279A (en) | Remote multi-factor authentication protocol based on zero-knowledge proof | |
| Tanwar et al. | A proposed scheme for remedy of man-in-the-middle attack on certificate authority | |
| CN112383401B (en) | User name generation method and system for providing identity authentication service | |
| US9716707B2 (en) | Mutual authentication with anonymity | |
| CN106533681A (en) | Attribute attestation method and system supporting partial presentation | |
| US20130205374A1 (en) | Method and system for network access control | |
| CN105610570A (en) | Registration method and system for installation of compiling environment | |
| CN113468596B (en) | Multi-element identity authentication method and system for outsourcing calculation of power grid data | |
| CN107919960A (en) | The authentication method and system of a kind of application program | |
| KR102547590B1 (en) | Apparatus and method for performing non-face-to-face identification using a bio-certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151209 Termination date: 20181227 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |