CN103152178A - Cloud computing verification method and system - Google Patents
Cloud computing verification method and system Download PDFInfo
- Publication number
- CN103152178A CN103152178A CN2013100435920A CN201310043592A CN103152178A CN 103152178 A CN103152178 A CN 103152178A CN 2013100435920 A CN2013100435920 A CN 2013100435920A CN 201310043592 A CN201310043592 A CN 201310043592A CN 103152178 A CN103152178 A CN 103152178A
- Authority
- CN
- China
- Prior art keywords
- client
- user
- cloud computing
- obtains
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a cloud computing verification method and a cloud computing verification system, and relates to the field of cloud computing. The cloud computing verification method and the cloud computing verification system resolve the problem that verification means in the prior art are poor in safety. The method comprises that during logging-in, a user obtains a dynamic code (dc) from a cloud computing server (CS) through a client; the client obtains dynamic code ciphertext 1 (dcc1) after encrypting the encrypt dynamic code according to a preset random dynamic code secret key of the user, and the dcc1 and a preset password (p) of the client are sent to the CS; bidirectional authentication is mutually conducted between the CS and an authentication server (AS); and after the bidirectional authentication is successful, the CS utilizes a public key of the AS to encrypt the p and the dcc1 and obtains dcc13, and the dcc13 is sent to the AS. The cloud computing verification method and the cloud computing verification system are suitable for technology security of cloud computing and achieve a user authentication mode based on encrypting.
Description
Technical field
The present invention relates to the cloud computing field, relate in particular to a kind of cloud computing verification method and system.
Background technology
Along with constantly applying at cloud computing technology, the problem of cloud security becomes the emphasis that the user is concerned about gradually.For service provider, as the cloud computing environment of He Jianshe safety, how to provide high security to guarantee to the client is its outline; For the client, its concern be that the own service system preserves or the safety of the core data that uses, these data are in case leak or lose the interests that will damage the user.
Under cloud computing environment, requiring of access side is low, and the user just can conveniently access everywhere at random and some Secretaries occur, and particularly after the service model of IaaS occurred, service provider need to provide the Self-Service administration interface for each user.Weak user authentication scheme, or the checking of monofactorial user cipher probably produces potential safety hazard, and the potential security hole of cloud Self-Service managing portal will cause various unwarranted unauthorized access, thus produce new security risk.
At present, input user name, password and identifying code by the user, terminal is sent to these authentication informations carries out authentication in the webserver; If user name, password and identifying code confirmation, the webserver think that this user is validated user, allow the user to use function of application; Otherwise think that this user is illegal user, forbid that the user uses function of application.Yet this method can not guarantee the safety of password, and password is easily revealed, in input process, be easy to be seen by other people or utilize the hacker software intercepting, password is easily cracked by hacker software, as long as obtained username and password, can login on mobile terminal or computer arbitrarily.
And based on the mobile phone short message verification code, the website sends to accidental validation code on user mobile phone with the note form.The user is at Website page input handset number, and the website sends the accidental validation code to this phone number, and the user inputs correct accidental validation code and completes the phone number authentication on the page at the appointed time.When user identity need to be confirmed in the website, send the note random code to the phone number with binding, the user at the appointed time on the inherent page the correct accidental validation code of input complete authentication.
The general delay of mobile phone checking is larger, affected greatly by the mobile network, does not have the place that the mobile network covers not use, can not be in batches, and automation is processed, but also needs user's optional equipment mobile phone.
Summary of the invention
The invention provides a kind of cloud computing verification method and system, solved the low problem of prior art checking means fail safe.
A kind of cloud computing verification method comprises:
When login, the user obtains random dynamic puzzle (dc) by client from cloud computing server (CS);
Described client is obtained random dynamic puzzle ciphertext (dcc1) after according to the described user's who presets random dynamic puzzle key, described random dynamic puzzle being encrypted, and the password (p) that described random dynamic puzzle ciphertext and described client are set in advance sends to described CS;
Described CS and certificate server (AS) carry out mutually two-way authentication;
After described two-way authentication success, described CS uses the PKI of described AS to obtain dcc13 to described p and described dcc1 encryption, and described dcc13 is sent to described AS;
Described AS obtains described p to described dcc13 deciphering, verifies described p;
After described p was proved to be successful, described AS was decrypted described dcc13 and obtains dcc1, re-used the described dcc1 of secret key decryption of described client, obtained dc;
Described AS obtains dcc2 after described dc is used the CS public key encryption, and described dcc2 is sent to described CS;
Described CS uses the private key of described CS that described dcc2 is decrypted, the dc that the checking deciphering obtains whether when initial described CS identical to the dc that described client sends;
When the dc that described CS obtains in the deciphering dc that described CS sends to described client when initial is identical, returns to described client and be proved to be successful notice.
Preferably, when login, client also comprises before obtaining the step of dc from CS:
The user registers to described CS by client.
Preferably, described user comprises to described CS registration by client:
Described AS issue registration invitation code (ic);
Described user sends described registration invitation code by client to described CS, and user name, p and random dynamic puzzle key (k1) are set;
Described CS and described AS carry out two-way authentication;
After two-way authentication success, described CS will from described client to p, k1 and ic use the AS PKI to be encrypted and obtain pc3, k1c3 and icc3, and send to AS;
The described pc3 of described AS deciphering, k1c3 and icc3 obtain p, and k1 and ic verify described ic;
After the described ic success of described AS checking, preserve described p and k1, simultaneously described ic is cancelled;
Described AS sends to described CS with the information of succeeding in registration.
Preferably, described AS deciphers described user cipher ciphertext (pc3) and obtains described p, after the step of the described p of checking, also comprises:
After the described p failure of checking, described AS returns to failure notification to described CS.
Preferably, described CS uses the private key of described CS that described dcc2 is decrypted, and after the identical step of the dc that the checking deciphering the obtains dc that described CS sends to described client when initial, also comprises:
The dc that obtains in the described deciphering CS that described CS sends to described client when initial not simultaneously, described CS returns to the authentication failed notice to described client.
Preferably, the described dc that obtains in the described deciphering CS that described CS sends to described client when initial not simultaneously, described CS also comprises after described client is returned to the step of authentication failed notice:
When the number of times of described user rs authentication failure surpasses the logon attempt thresholding that presets, the described user's login of refusal within login interval time of presetting.
Preferably, described random dynamic puzzle key comprises cryptographic object according to keeping intact and/or add and/or replacement and/or displacement and/or recurring rule carry out conversion, and the described replacement unit of being specially replaces or multidigit is replaced.
The present invention also provides a kind of cloud computing verification system, comprises client, CS and AS:
Described client, be used for when the user logins, obtain dc from described CS, obtain dcc1 after according to the described user's who presets random dynamic puzzle key, described random dynamic puzzle being encrypted, with described random dynamic puzzle expressly and the p that sets in advance of described client send to described CS, receive the notice that is proved to be successful that described CS returns;
Described CS, be used for after carrying out mutually the two-way authentication success with described AS, use the PKI of described AS to obtain pc3 and dcc13 to described p and described dcc1 encryption, and described pc3 and dcc13 are sent to described AS, AS receives described and sends dcc2 to CS, CS uses the private key of described CS that described dcc12 is decrypted, the dc that checking deciphering obtains whether when initial described CS identical to the dc that described client sends, when the dc that obtains in the deciphering dc that described CS sends to described client when initial is identical, returns to described client and be proved to be successful notice;
Described AS, be used for described p is obtained in described pc3 deciphering, verify described p, after described p is proved to be successful, described dcc13 is decrypted obtains dcc1, re-use the described dcc1 of secret key decryption of described client, obtain dc, obtain dcc2 after described dc is used the CS public key encryption, described dcc2 is sent to described CS.
the invention provides a kind of cloud computing verification method and system, when login, the user obtains dc by client from CS, described client is obtained dcc1 after according to the described user's who presets random dynamic puzzle key, described random dynamic puzzle being encrypted, with described random dynamic puzzle expressly and the p that sets in advance of described client send to described CS, described CS and AS carry out mutually two-way authentication, after described two-way authentication success, described CS uses the PKI of described AS to obtain pc3 and dcc13 to described p and described dcc1 encryption, and described pc3 and dcc13 are sent to described AS, described AS obtains described p to described pc3 deciphering, verify described p, after described p is proved to be successful, described AS is decrypted described dcc13 and obtains dcc1, re-use the described dcc13 of secret key decryption of described client, obtain dc, described AS obtains dcc2 after described dc is used the CS public key encryption, described dcc2 is sent to described CS, described CS uses the private key of described CS that described dcc2 is decrypted, the dc that checking deciphering obtains whether when initial described CS identical to the dc that described client sends, when the dc that described CS obtains in the deciphering MD that described CS sends to described client when initial is identical, return to described client and be proved to be successful notice, realized based on the user rs authentication mode of encrypting, solved the low problem of prior art checking means fail safe.
Description of drawings
The structural representation of a kind of cloud computing verification system that Fig. 1 provides for embodiments of the invention one;
The flow chart of registration phase in a kind of cloud computing verification method that Fig. 2 provides for embodiments of the invention two;
The flow chart of entry stage in a kind of cloud computing verification method that Fig. 3 provides for embodiments of the invention two;
The flow chart of registration phase in a kind of cloud computing verification method that Fig. 4 provides for embodiments of the invention three;
The flow chart of entry stage in a kind of cloud computing verification method that Fig. 5 provides for embodiments of the invention three.
Embodiment
In order to solve the low problem of prior art checking means fail safe, embodiments of the invention provide a kind of cloud computing verification method and system.Hereinafter in connection with accompanying drawing, embodiments of the invention are elaborated.Need to prove, in the situation that do not conflict, the embodiment in the application and the feature in embodiment be combination in any mutually.
At first by reference to the accompanying drawings, embodiments of the invention one are described.
The embodiment of the present invention provides a kind of cloud computing verification system, and its structure comprises as shown in Figure 1:
Described client 101, be used for when the user logins, obtain random dynamic puzzle (dc) from described CS102, obtain dcc1 after according to the described user's who presets k1, described dc being encrypted, the user cipher (p) that described dc and described client 101 are set in advance sends to described CS102, receives the notice that is proved to be successful that described CS102 returns;
described CS102, be used for after carrying out mutually the two-way authentication success with described AS103, use the pk3 of described AS103 to obtain pc3 and dcc13 to described p and described dcc1 encryption, and described pc3 and dcc13 are sent to described AS103, receive the dcc2 that described AS103 sends, use the sk2 of described CS102 that described dcc2 is decrypted, the dc that checking deciphering obtains whether when initial described CS102 identical to the dc that described client 101 sends, the dc that obtains in deciphering is when described CS102 is identical to the dc of described client 101 transmissions when initial, return to described client 101 and be proved to be successful notice,
Described AS103, use sk3 to obtain described p to described pc3 deciphering, verify described p, after described p is proved to be successful, use sk3 that described dcc13 is decrypted and obtain dcc1, re-use the described dcc1 of k1 deciphering of described client 101, obtain dc, obtain dcc2 after using pk2 to encrypt described dc, described dcc2 is sent to described CS102.
Below in conjunction with accompanying drawing, embodiments of the invention two are described.
The embodiment of the present invention provides a kind of cloud computing verification method take cloud computing verification system shown in Figure 1 as applied environment, uses the flow process of the method completing user authentication to be divided into two stages: registration phase and entry stage.
At first by reference to the accompanying drawings registration phase is described, idiographic flow as shown in Figure 2:
In this step, CS, AS issue PKI separately, and AS issues ic, for new user provides registration and qualification.
In this step, after the user obtained ic by client, login CS register interface input ic arranged u and p, and random dynamic puzzle key (k1) is set at last, k1 can integral body or step-by-step set, specifically can be the arbitrary or a plurality of combination arbitrarily in following rule:
1. keep intact, such as ab keeps ab;
2. add, such as ab becomes abcd;
3. replace the position, such as ab replaces with cd;
4. multidigit is replaced, and such as ab replaces to cdef, can replace with the position (1,2 replaces) and add (3,4 add) combination and realize;
5. displacement is such as abcd becomes bcda;
6. repeat, such as abcd becomes aaabbccdd.
More than can the step-by-step combination carry out, repeat such as abcd becomes aa() cb(2,3 displacements) f(4 position replacement) gh(6,7 add), rule is arranged by the client.
The user sets p and submits CS to, before CS submits log-on message to, need to carry out the CS authentication, guarantees the Data Source uniqueness of AS registration, and AS oppositely authenticates simultaneously, guarantees authorization administration information unique source.
After two-way authentication, CS uses the pk3 encryption to obtain user's random dynamic puzzle key ciphertext (k1c3) user's random dynamic puzzle key (k1) and sends to AS, guaranteeing data security property.
In this step, AS uses sk3 deciphering k1c3 to obtain k1.
After step 206, the described ic success of described AS checking, described ic is cancelled;
AS obtains p, uses Message Digest 5 (MD5) to calculate the md5 code (pmd5) of p, preserves described pmd5, preserves described u and k1.
The information of succeeding in registration can be delivered to CS, then sends client.
Below in conjunction with accompanying drawing, entry stage is described, idiographic flow comprises as shown in Figure 3:
The user initiates logging request to CS, and CS returns to user name, and password prompt sends dc simultaneously.
The user need to submit user name (u) to, password (p), and the ciphertext (dcc1) according to key k1 generates dynamic password sends to CS with these information.
The dc that step 309, described CS obtain in deciphering returns to described client and is proved to be successful notice when described CS is identical to the dc of described client transmission when initial.
In addition, the dc that obtains in the described deciphering dc that described CS sends to described client when initial not simultaneously, described CS returns to the authentication failed notice to described client.One logon attempt thresholding and login interval time can also be set, when the number of times of described user rs authentication failure surpasses the logon attempt thresholding that presets, the described user's login of refusal within login interval time of presetting.
Below in conjunction with accompanying drawing, embodiments of the invention three are described.
The embodiment of the present invention provides a kind of cloud computing verification method, and business is placed on cloud computing server (CS), and user's authority, management, registration, authentication function are placed on certificate server (AS), and key data is regularly in the backup of cloud computing server copy.The user can not directly access AS, and two-way authentication between CS and AS effectively prevents from trespassing and attacking.
As shown in Figure 4, in the time of deployment, CS and AS issue PKI separately, AS issue registration invitation code (ic) provides new user's registration and qualification.After the user obtained ic, login CS register interface input ic arranged u and p, dynamic password key (k1) is set at last, key can integral body or step-by-step set, specifically can be the arbitrary or a plurality of combination arbitrarily in following rule: 1. keep intact, such as ab keeps ab; 2. add, such as ab becomes abcd; 3. replace the position, such as ab replaces with cd; 4. multidigit is replaced, and such as ab replaces to cdef, can replace with the position (1,2 replaces) and add (3,4 add) combination and realize; 5. displacement is such as abcd becomes bcda; 6. repeat, such as abcd becomes aaabbccdd.More than can the step-by-step combination carry out, repeat such as abcd becomes aa() cb(2,3 displacements) f(4 position replacement) gh(6,7 add), rule is arranged by the client.
The user sets p and submits CS to, before CS submits log-on message to, need to carry out the CS authentication, guarantees the Data Source uniqueness of AS registration, and AS oppositely authenticates simultaneously, guarantees authorization administration information unique source more than to be the process that CS and AS carry out two-way authentication.After two-way authentication, u, p, ic and k1 information obtain user name ciphertext (uc3) user cipher ciphertext (pc3), registration invitation code ciphertext (icc3) and user's random dynamic puzzle key ciphertext (k1c3) after using AS PKI (pk3) to encrypt, uc3, pc3 and k1c3 are sent to AS, guaranteeing data security property.Then AS uses private key (sk3) deciphering pc3, icc3 and the k1c3 of AS to obtain u, p, ic and k1, after checking ic, uses Message Digest 5 (MD5) to calculate the md5 code (pmd5) of p, preserves described pmd5, preserves described u and k1, simultaneously ic is cancelled.The information of succeeding in registration can be delivered to CS, then sends to client.
User cipher (p) and user's random dynamic puzzle key (k1) can be revised after registration, after current p need to being provided during modification and using current k1 checking dc success, just new p and k1 can be set.
Figure 5 shows that the login authentication process, the user initiates logging request by client to CS, CS returns to u, the p prompting, send simultaneously dc, the user need to submit u to, p, generate dcc1 according to k1, these information are sent to CS, then CS and AS carry out two-way authentication, use AS PKI (pk3) encryption to obtain uc3 p and dcc1 after CS after two-way authentication, pc3 and random dynamic puzzle secondary ciphertext (dcc13) send to AS, AS uses the above-mentioned uc3 of AS private key (sk3) deciphering, pc3 and dcc13 obtain u, p and dcc1, checking p, authentication failed, return to failure, after being verified, take out k1 and further decipher dcc1, obtain dc, using CS PKI (pk2) to encrypt dc obtains random dynamic puzzle ciphertext (dcc2) and sends it back CS, CS uses the private key (sk3) of CS to decipher the dc that obtains of dcc2, whether dc is with initially consistent in checking, unanimously return successfully, otherwise failure.
The user logins unsuccessful continuously several times in the short time, force users just can be logined every a period of time.
CS and AS two-way authentication are completed authentication by digital certificate.The CS digital certificate is installed on AS, the AS digital certificate is installed to CS103.The CS verification process is as follows, and CS first produces a random number (r), uses Message Digest 5 (MD5) to calculate the md5 code (rmd5) of r, uses sk2 to encrypt the ciphertext (rc2) that r obtains r, sends rc2 and rmd5 to AS; AS uses the r that obtains of pk2 deciphering rc2, and calculates the md5 value (rmd5*) of r, if rmd5* is the same with the rmd5 value that receives, and CS authentication success, otherwise failure.And then carry out similar process authentication AS.Only have all authentication successs of CS and AS, two-way authentication is only successfully.Wherein authentication and encryption and decryption process are use RSA Algorithm to generate key and carry out encryption and decryption and calculate.
Dynamic password is made of letter and number, alphabetical case-insensitive.User's random dynamic puzzle key (k1) is preserved according to the position, uses CSV between the position.Encryption and decryption is undertaken by the position.Specific as follows: 1. keep intact, key data record is K, and such as ab keeps ab, key is (K, K), and encryption and decryption keeps former state; 2. add, key data record is A and the element that adds interpolation, and such as ab becomes abcd, key data record is (K, K, Acd), and the second encryption function is: x
n=x
n, x
N+1, n+2=cd, decryption function is x
n=x
n, checking x
N+1, n+2Be to be cd, delete in this way next two, as not being to report an error.3. replace the position, and key data record is that D adds difference, alphabetical case-insensitive, and the letter and number separate computations, alphabetical value space is 0 to 25.If one's own department or unit is letter, encryption function is x
n=x
n+ d (mod26), the digital encryption function is x in this way
n=x
n+ d (mod10), d are the difference after initial value and replacement.The decryption function of letter and number is for being respectively x
n=x
n-d (mod26), x
n=x
n-d (mod10) is such as ab replaces with cd; Key is (D2, D2); 4. multidigit is replaced, and can regard the position as and replaces and add combination and realize, encryption and decryption is first replaced the encryption and decryption computing for doing the position, re-uses the encryption and decryption computing of interpolation.Such as ab replaces to cdef, key is (D2, D2, Aef), 5. displacement, and key data record is S and position numerical value, on the occasion of for forward facing position moves, negative value is position movement backward, encryption function x
n=x
N+d*, decryption function is x
n=x
N+d*, wherein d* is mobile position, such as abcd becomes bcda, key is (S1, S1, S1, S-3); 6. repeat, key data record is R and number of repetition d**, and encryption function is x
n=x
n,x
n+1=x
n., decryption function is to check x
nWhether the d** of back code with current consistent, inconsistent reporting an error, and unanimously currency is x
n=x
n, such as abcd becomes aaabbccdd, key is (R2, R1, R1, R1).Step-by-step combination is carried out, and repeats such as abcd becomes aa() cb(2,3 displacements) the f(4 position replaces) gh(6,7 add), the key positional record be (R1, S1, S1, D2, Agh), encryption and decryption is calculated respectively according to the function of every encryption and decryption.
CS use current cloud computing system in the server group or be arranged on virtual unit on server, CS possesses random code and generates, login interface, digital certificate is processed, and encryption and decryption functions consists of, and these can be realized with software or hardware, AS can use the station server in cloud computing system, can communicate with other servers, but the user can not access AS, AS, comprise user rs authentication, digital certificate, encryption and decryption, the database of meaning storing subscriber information consists of.
embodiments of the invention provide a kind of cloud computing verification method and system, when login, the user obtains dc by client from CS, described client is obtained dcc1 after according to the described user's who presets random dynamic puzzle key, described random dynamic puzzle being encrypted, with described random dynamic puzzle expressly and the p that sets in advance of described client send to described CS, described CS and AS carry out mutually two-way authentication, after described two-way authentication success, described CS uses the PKI of described AS to obtain pc3 and dcc13 to described p and described dcc1 encryption, and described pc3 and dcc13 are sent to described AS, described AS obtains described p to described pc3 deciphering, verify described p, after described p is proved to be successful, described AS is decrypted described dcc13 and obtains dcc1, re-use the described dcc1 of secret key decryption of described client, obtain dc, described AS obtains dcc2 after described dc is used the CS public key encryption, described dcc2 is sent to described CS, described CS uses the PKI of described CS that described dcc2 is decrypted, the dc that checking deciphering obtains whether when initial described CS identical to the dc that described client sends, when the dc that described CS obtains in the deciphering MD that described CS sends to described client when initial is identical, return to described client and be proved to be successful notice, realized based on the user rs authentication mode of encrypting, solved the low problem of prior art checking means fail safe.
The all or part of step that one of ordinary skill in the art will appreciate that above-described embodiment can realize with the computer program flow process, described computer program can be stored in a computer-readable recording medium, described computer program (as system, unit, device etc.) on corresponding hardware platform is carried out, when carrying out, comprise step of embodiment of the method one or a combination set of.
Alternatively, all or part of step of above-described embodiment also can realize with integrated circuit, and these steps can be made into respectively integrated circuit modules one by one, perhaps a plurality of modules in them or step is made into the single integrated circuit module and realizes.Like this, the present invention is not restricted to any specific hardware and software combination.
Each device/functional module/functional unit in above-described embodiment can adopt general calculation element to realize, they can concentrate on single calculation element, also can be distributed on the network that a plurality of calculation elements form.
Each device/functional module/functional unit in above-described embodiment is realized with the form of software function module and during as independently production marketing or use, can be stored in a computer read/write memory medium.The above-mentioned computer read/write memory medium of mentioning can be read-only memory, disk or CD etc.
Anyly be familiar with those skilled in the art in the technical scope that the present invention discloses, can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the described protection range of claim.
Claims (8)
1. a cloud computing encryption and authentication method, is characterized in that, comprising:
When login, the user obtains random dynamic puzzle (dc) by client from cloud computing server (CS);
Described client is obtained random dynamic puzzle ciphertext (dcc1) after according to the described user's who presets random dynamic puzzle key, described random dynamic puzzle being encrypted, and the password (p) that described random dynamic puzzle ciphertext and described client are set in advance sends to described CS;
Described CS and certificate server (AS) carry out mutually two-way authentication;
After described two-way authentication success, described CS uses the PKI of described AS to obtain dcc13 to described p and described dcc1 encryption, and described dcc13 is sent to described AS;
Described AS obtains described p to described dcc13 deciphering, verifies described p;
After described p was proved to be successful, described AS was decrypted described dcc13 and obtains dcc1, re-used the described dcc1 of secret key decryption of described client, obtained dc;
Described AS obtains dcc2 after described dc is used the CS public key encryption, and described dcc2 is sent to described CS;
Described CS uses the private key of described CS that described dcc2 is decrypted, the dc that the checking deciphering obtains whether when initial described CS identical to the dc that described client sends;
When the dc that described CS obtains in the deciphering dc that described CS sends to described client when initial is identical, returns to described client and be proved to be successful notice.
2. cloud computing verification method according to claim 1, is characterized in that, when login, client also comprises before obtaining the step of dc from CS:
The user registers to described CS by client.
3. cloud computing verification method according to claim 2, is characterized in that, described user comprises to described CS registration by client:
Described AS issue registration invitation code (ic);
Described user sends described registration invitation code by client to described CS, and user name, p and random dynamic puzzle key (k1) are set;
Described CS and described AS carry out two-way authentication;
After two-way authentication success, described CS will from described client to p, k1 and ic use the AS PKI to be encrypted and obtain pc3, k1c3 and icc3, and send to AS;
The described pc3 of described AS deciphering, k1c3 and icc3 obtain p, and k1 and ic verify described ic;
After the described ic success of described AS checking, preserve described p and k1, simultaneously described ic is cancelled;
Described AS sends to described CS with the information of succeeding in registration.
4. cloud computing verification method according to claim 1, is characterized in that, described AS deciphers described user cipher ciphertext (pc3) and obtains described p, after the step of the described p of checking, also comprises:
After the described p failure of checking, described AS returns to failure notification to described CS.
5. cloud computing verification method according to claim 1, it is characterized in that, described CS uses the private key of described CS that described dcc2 is decrypted, and after the identical step of the dc that the checking deciphering the obtains dc that described CS sends to described client when initial, also comprises:
The dc that obtains in the described deciphering CS that described CS sends to described client when initial not simultaneously, described CS returns to the authentication failed notice to described client.
6. cloud computing verification method according to claim 5, it is characterized in that, the described dc that obtains in the described deciphering CS that described CS sends to described client when initial not simultaneously, described CS also comprises after described client is returned to the step of authentication failed notice:
When the number of times of described user rs authentication failure surpasses the logon attempt thresholding that presets, the described user's login of refusal within login interval time of presetting.
7. cloud computing verification method according to claim 2, it is characterized in that, described random dynamic puzzle key comprises cryptographic object according to keeping intact and/or add and/or replacement and/or displacement and/or recurring rule carry out conversion, and the described replacement unit of being specially replaces or multidigit is replaced.
8. a cloud computing verification system, is characterized in that, comprises client, CS and AS:
Described client, be used for when the user logins, obtain dc from described CS, obtain dcc1 after according to the described user's who presets random dynamic puzzle key, described random dynamic puzzle being encrypted, with described random dynamic puzzle expressly and the p that sets in advance of described client send to described CS, receive the notice that is proved to be successful that described CS returns;
Described CS, be used for after carrying out mutually the two-way authentication success with described AS, use the PKI of described AS to obtain pc3 and dcc13 to described p and described dcc1 encryption, and described pc3 and dcc13 are sent to described AS, AS receives described and sends dcc2 to CS, CS uses the private key of described CS that described dcc12 is decrypted, the dc that checking deciphering obtains whether when initial described CS identical to the dc that described client sends, when the dc that obtains in the deciphering dc that described CS sends to described client when initial is identical, returns to described client and be proved to be successful notice;
Described AS, be used for described p is obtained in described pc3 deciphering, verify described p, after described p is proved to be successful, described dcc13 is decrypted obtains dcc1, re-use the described dcc1 of secret key decryption of described client, obtain dc, obtain dcc2 after described dc is used the CS public key encryption, described dcc2 is sent to described CS.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310043592.0A CN103152178B (en) | 2013-02-04 | 2013-02-04 | cloud computing verification method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310043592.0A CN103152178B (en) | 2013-02-04 | 2013-02-04 | cloud computing verification method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103152178A true CN103152178A (en) | 2013-06-12 |
CN103152178B CN103152178B (en) | 2015-11-11 |
Family
ID=48550053
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310043592.0A Active CN103152178B (en) | 2013-02-04 | 2013-02-04 | cloud computing verification method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103152178B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639516A (en) * | 2013-11-13 | 2015-05-20 | 华为技术有限公司 | Method, equipment and system for authenticating identities |
CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
CN105376221A (en) * | 2015-10-30 | 2016-03-02 | 福建天晴数码有限公司 | Game message encryption mechanism based on dynamic password, and game system |
CN105656941A (en) * | 2016-03-14 | 2016-06-08 | 美的集团股份有限公司 | Identity authentication device and method |
CN107222311A (en) * | 2017-07-04 | 2017-09-29 | 四川云物益邦科技有限公司 | A kind of processing system of multiple communication verification identity |
CN107688729A (en) * | 2017-07-27 | 2018-02-13 | 大唐高鸿信安(浙江)信息科技有限公司 | Protection system of application program and method based on trusted host |
CN111898114A (en) * | 2020-07-15 | 2020-11-06 | 浙江甬恒科技有限公司 | Intelligent early warning type intellectual property monitoring management platform |
CN112738103A (en) * | 2020-12-29 | 2021-04-30 | 北京深思数盾科技股份有限公司 | Information verification method and device and electronic equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1427351A (en) * | 2001-12-17 | 2003-07-02 | 北京兆日科技有限责任公司 | User's identity authentication method of dynamic electron cipher equipment and its resources sharing system |
CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
US8284933B2 (en) * | 2009-03-19 | 2012-10-09 | Ca, Inc. | Encrypting variable-length passwords to yield fixed-length encrypted passwords |
CN102868705A (en) * | 2012-10-24 | 2013-01-09 | 张仁平 | Device for achieving network login certification by using dynamic passwords and using method of device |
-
2013
- 2013-02-04 CN CN201310043592.0A patent/CN103152178B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1427351A (en) * | 2001-12-17 | 2003-07-02 | 北京兆日科技有限责任公司 | User's identity authentication method of dynamic electron cipher equipment and its resources sharing system |
CN101465735A (en) * | 2008-12-19 | 2009-06-24 | 北京大学 | Network user identification verification method, server and client terminal |
US8284933B2 (en) * | 2009-03-19 | 2012-10-09 | Ca, Inc. | Encrypting variable-length passwords to yield fixed-length encrypted passwords |
CN102685093A (en) * | 2011-12-08 | 2012-09-19 | 陈易 | Mobile-terminal-based identity authentication system and method |
CN102868705A (en) * | 2012-10-24 | 2013-01-09 | 张仁平 | Device for achieving network login certification by using dynamic passwords and using method of device |
Non-Patent Citations (1)
Title |
---|
杨栋 等: "一种基于公钥体制的双向认证及密钥协商方案", 《计算机安全》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639516A (en) * | 2013-11-13 | 2015-05-20 | 华为技术有限公司 | Method, equipment and system for authenticating identities |
CN104639516B (en) * | 2013-11-13 | 2018-02-06 | 华为技术有限公司 | Identity identifying method, equipment and system |
CN105099690A (en) * | 2014-05-19 | 2015-11-25 | 江苏博智软件科技有限公司 | OTP and user behavior-based certification and authorization method in mobile cloud computing environment |
CN105376221A (en) * | 2015-10-30 | 2016-03-02 | 福建天晴数码有限公司 | Game message encryption mechanism based on dynamic password, and game system |
CN105376221B (en) * | 2015-10-30 | 2019-05-21 | 福建天晴数码有限公司 | Game message encryption mechanism and game system based on dynamic password |
CN105656941A (en) * | 2016-03-14 | 2016-06-08 | 美的集团股份有限公司 | Identity authentication device and method |
CN107222311A (en) * | 2017-07-04 | 2017-09-29 | 四川云物益邦科技有限公司 | A kind of processing system of multiple communication verification identity |
CN107688729A (en) * | 2017-07-27 | 2018-02-13 | 大唐高鸿信安(浙江)信息科技有限公司 | Protection system of application program and method based on trusted host |
CN111898114A (en) * | 2020-07-15 | 2020-11-06 | 浙江甬恒科技有限公司 | Intelligent early warning type intellectual property monitoring management platform |
CN112738103A (en) * | 2020-12-29 | 2021-04-30 | 北京深思数盾科技股份有限公司 | Information verification method and device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN103152178B (en) | 2015-11-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107171794B (en) | A kind of electronic document signature method based on block chain and intelligent contract | |
CN103152178B (en) | cloud computing verification method and system | |
CN108768988B (en) | Block chain access control method, block chain access control equipment and computer readable storage medium | |
CN110915183B (en) | Block chain authentication via hard/soft token validation | |
CN103051453B (en) | A kind of mobile terminal network affaris safety trade system based on digital certificate and method | |
US8171527B2 (en) | Method and apparatus for securing unlock password generation and distribution | |
CN104125565A (en) | Method for realizing terminal authentication based on OMA DM, terminal and server | |
US8302175B2 (en) | Method and system for electronic reauthentication of a communication party | |
CN1937498A (en) | Dynamic cipher authentication method, system and device | |
CN103297403A (en) | Method and system for achieving dynamic password authentication | |
CN101207482A (en) | System and method for implementation of single login | |
US20210234850A1 (en) | System and method for accessing encrypted data remotely | |
CN108471403B (en) | Account migration method and device, terminal equipment and storage medium | |
AU2020100734A4 (en) | Systems and methods for secure digital file sharing and authenticating | |
CN109889518B (en) | Encryption storage method | |
CN111884811B (en) | Block chain-based data evidence storing method and data evidence storing platform | |
CN101841814B (en) | Terminal authentication method and system | |
CN103906052A (en) | Mobile terminal authentication method, service access method and equipment | |
CN104253801A (en) | Method, device and system for realizing login authentication | |
CN112084521A (en) | Unstructured data processing method, device and system for block chain | |
CN111355591A (en) | Block chain account safety management method based on real-name authentication technology | |
CN111639952A (en) | Returned goods checking method, returned goods checking system, returned goods checking server and returned goods checking terminal based on block chain | |
CN106302316A (en) | Cipher management method and device, system | |
CN112507296A (en) | User login verification method and system based on block chain | |
KR101680536B1 (en) | Method for Service Security of Mobile Business Data for Enterprise and System thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |