CN103780584A - Cloud computing-based identity authentication fusion method - Google Patents
Cloud computing-based identity authentication fusion method Download PDFInfo
- Publication number
- CN103780584A CN103780584A CN201210405729.8A CN201210405729A CN103780584A CN 103780584 A CN103780584 A CN 103780584A CN 201210405729 A CN201210405729 A CN 201210405729A CN 103780584 A CN103780584 A CN 103780584A
- Authority
- CN
- China
- Prior art keywords
- authentication
- application server
- client
- cloud computing
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a cloud computing-based identity authentication fusion method. The method comprises a first step in which a client confirms authentication terminal equipment according to the choice of a user; a second step in which the request data are automatically encrypted and packaged by the client; a third step in which the client sends the request data to an application server; a fourth step in which the application server forwards the received request data to an authentication server; a fifth step in which the authentication server judges whether the user exists, if yes, the sixth step is carried out; a sixth step in which the authentication server continues to judge whether the user authentication data are correct or not, if yes, the seventh step is carried out; a seventh step in which the authentication server returns the authentication result to the application server; an eighth step in which the application server judges whether to provide corresponding application service according to the given condition, if yes, and the ninth step is carried out; and a ninth step in which the authentication server records the application execution result from the application server in the database. Compared with the prior art, the cloud computing-based identity authentication fusion method ahs the advantages of effectively solving the contradictory situation between security and convenience of the network identity and the like.
Description
Technical field
The present invention relates to a kind of identity identifying method, especially relate to a kind of fusion identity identifying method based on cloud computing.
Background technology
In the cloud computing epoch, internet information faces safely higher threat, but the safety precaution of user side more needs to be reinforced.For each user provides safe, that privacy obtains protecting, calculates and experience reliably, it is day by day urgent current demand.
In information system; inseparable with the quality of authentication techniques to user's identity protection; authentication means is only referred to as single-factor authentication by the identity that meets to prove a people of a condition; owing to only using a kind of condition judgment user's identity easily by counterfeit; the identity that can prove by combining two kinds of different conditions a people, is referred to as double factor authentication.
Identity identifying technology, from whether using hardware can be divided into software authentication and hardware identification, needs the condition of checking from authentication, can be divided into single-factor authentication and double factor authentication.From authentication information, can be divided into static authentication and dynamic authentication.The development of identity identifying technology, has experienced from software authentication to hardware identification, authenticates to double factor authentication from single-factor, authenticates to the process of dynamic authentication from static state.
If there is no effective authentication means, visitor's identity is just easy to be forged, and the firm safety precaution system again of foundation all performs practically no function, so authentication is the basis of whole information security system,
In the network environment of whole cloud computing, fire compartment wall has guaranteed that unwarranted user cannot access corresponding port or use corresponding agreement; Intruding detection system can be found the attempt of unauthorized user's attacking system; VPN sets up a user who authorizes for process through the virtual designated lane of encrypting on public network; Security gateway has guaranteed that user cannot enter the unwarranted network segment, and security catalog has guaranteed that authorized user can be to location and the access rapidly of the resource in the system of being stored in.These safety products are in fact all the rights managements for number identity, and authentication could solve user's the physical identity problem corresponding with digital identity, and the foundation of rights management is provided to them.
At present, usemame/password is to be the most also the most frequently used identity identifying method, but in fact, many users exist many potential safety hazards, very easily causes password to reveal.
Enable to guarantee that user cipher is not leaked, because password is static data, and need in calculator memory He in network, transmit in proof procedure, and the authorization information that each proof procedure uses is all identical, the audiomonitor that is easy to reside in trojan horse program or the network in calculator memory is intercepted and captured.Therefore usemame/password mode is a kind of is the identification authentication mode being absolutely unsafe.There is no that any fail safe can say.
At present the strong identity authentication means of main flow mainly also have dynamic password, token technology, USB Key digital certificate, biological identification technology etc., and these technology cut both ways, and the contradiction between between convenience and fail safe is difficult to solve.
Summary of the invention
Object of the present invention is exactly to provide a kind of fusion identity identifying method based on cloud computing in order to overcome the defect that above-mentioned prior art exists.
Object of the present invention can be achieved through the following technical solutions:
A fusion identity identifying method based on cloud computing, is characterized in that, comprises the following steps:
1) client is determined authentication terminal equipment according to user's selection, then performs step 2);
2) request msg under the authentication terminal equipment of selection is automatically encrypted packing by client, then performs step 3);
3) request msg of encrypting after packing is sent to application server by client, then performs step 4);
4) request msg receiving is forwarded to certificate server by application server, then performs step 5);
5) certificate server judges whether user exists, if yes, and execution step 6); Otherwise return to step 1);
6) certificate server continues to judge that whether user authentication data is correct, if yes, and execution step 7); Otherwise return to step 1);
7) authentication result is back to application server by certificate server, then performs step 8);
8) whether application server provides corresponding application service according to given condition judgment, if yes, and execution step 9); Otherwise, perform step 10);
9) application execution result that certificate server returns to application server, is recorded in database, and identifying procedure finishes;
10) application server generates denial of service result data automatically, then encrypts packing and sends to client, execution step 9).
Described authentication terminal equipment comprises fingerprint instrument, mobile phone and Mi Bao.
Described client has unified man-machine interface and software interface, can support the existing and following various identity authentication terminal equipment.
Between described application server and certificate server, be connected by publicly-owned cloud or privately owned cloud.
Between described client and certificate server, isolate by application server.
Between described application server and client, adopt C/S or B/S network architecture.
Compared with prior art, the present invention has the following advantages:
1, network identity fail safe and convenience contradictory situation have effectively been solved, and adopt the mode of client/server (C/S) pattern and browser/service end (B/S) pattern Auto-matching, the different demands that can adapt to easily user, have good autgmentability.
2, terminal authentication terminal equipment, security client, application server, certificate server have formed trusted identity protection chain complete in cloud computing environment; efficiently solve the worry of user to virtual network world identity security risk under cloud computing environment, there is great commercial value and social value.
Accompanying drawing explanation
Fig. 1 is flow chart of the present invention;
Fig. 2 is the hardware configuration schematic diagram that the present invention realizes.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
Embodiment
As shown in Figure 1; a kind of fusion identity identifying method based on cloud computing; the method adopts the distinctive distributed type assemblies management of cloud computing; unlimited many existing strong identity authentication means are merged by unified standard interface; the authentication interface of single entrance is provided to user; and independently selected the authentication means of different security levels according to its instant demand by user, and realizing the effective protection that connects the network identity safety of publicly-owned cloud and privately owned cloud framework under cloud computing environment, concrete steps are as follows:
In step 101, user is autonomous selective authenticate mode in client, then performs step 102;
In step 102, the request msg under different authentication mode is encrypted packing automatically, then performs step 103;
In step 103, encrypt request msg and be sent to application server, then perform step 104;
In step 104, encryption request msg is employed server and is forwarded to certificate server, then performs step 105;
Does certificate server judge that user exists in step 105? if existed, execution step 106; If there is no get back to step 101 initial condition;
In step 106, certificate server continues to judge that whether user authentication data is correct, if correct, performs step 107; If incorrect, get back to step 101 initial condition;
In step 107, authentication result is returned application server, then performs step 108;
In step 108, whether application server provides corresponding application service according to given condition judgment, if provided, and execution step 109; If service is not provided, arrive step 110;
In step 109, the certificate server execution result that will be applied, and be recorded in database, as postaudit foundation, identifying procedure finishes;
In step 110, application server generates denial of service result data by the reflecting software of disposing automatically, then encrypts packing, execution step 109.
As shown in Figure 2, the present invention is by software and hardwares such as authentication terminal equipment 1, client 2, application server 3, certificate servers 4, safe, convenient, efficiently for the user under cloud computing environment provides identity protection.Authentication terminal equipment 1 is connected with client, for gathering verify data; Application server 3, for forwarding verify data, receives authentication result, carries out data interaction with application service end; Certificate server 4 is for concurrent processing authentication request return authentication result.
Claims (6)
1. the fusion identity identifying method based on cloud computing, is characterized in that, comprises the following steps:
1) client is determined authentication terminal equipment according to user's selection, then performs step 2);
2) request msg under the authentication terminal equipment of selection is automatically encrypted packing by client, then performs step 3);
3) request msg of encrypting after packing is sent to application server by client, then performs step 4);
4) request msg receiving is forwarded to certificate server by application server, then performs step 5);
5) certificate server judges whether user exists, if yes, and execution step 6); Otherwise return to step 1);
6) certificate server continues to judge that whether user authentication data is correct, if yes, and execution step 7); Otherwise return to step 1);
7) authentication result is back to application server by certificate server, then performs step 8);
8) whether application server provides corresponding application service according to given condition judgment, if yes, and execution step 9); Otherwise, perform step 10);
9) application execution result that certificate server returns to application server, is recorded in database, and identifying procedure finishes;
10) application server generates denial of service result data automatically, then encrypts packing and sends to client, execution step 9).
2. a kind of fusion identity identifying method based on cloud computing according to claim 1, is characterized in that, described authentication terminal equipment comprises fingerprint instrument, mobile phone and Mi Bao.
3. a kind of fusion identity identifying method based on cloud computing according to claim 1, is characterized in that, described client has unified man-machine interface and software interface, can support existing various identity authentication terminal equipment.
4. a kind of fusion identity identifying method based on cloud computing according to claim 1, is characterized in that, between described application server and certificate server, is connected by publicly-owned cloud or privately owned cloud.
5. a kind of fusion identity identifying method based on cloud computing according to claim 1, is characterized in that, between described client and certificate server, isolates by application server.
6. a kind of fusion identity identifying method based on cloud computing according to claim 1, is characterized in that, adopts C/S or B/S network architecture between described application server and client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210405729.8A CN103780584A (en) | 2012-10-22 | 2012-10-22 | Cloud computing-based identity authentication fusion method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210405729.8A CN103780584A (en) | 2012-10-22 | 2012-10-22 | Cloud computing-based identity authentication fusion method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103780584A true CN103780584A (en) | 2014-05-07 |
Family
ID=50572417
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210405729.8A Pending CN103780584A (en) | 2012-10-22 | 2012-10-22 | Cloud computing-based identity authentication fusion method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103780584A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104135489A (en) * | 2014-08-13 | 2014-11-05 | 百度在线网络技术(北京)有限公司 | Login authentication method and device |
CN104320391A (en) * | 2014-10-22 | 2015-01-28 | 南京绿云信息技术有限公司 | Cloud authentication method and system |
CN104394214A (en) * | 2014-11-26 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method and system for protecting desktop cloud service through access control |
WO2015188568A1 (en) * | 2014-06-12 | 2015-12-17 | 中兴通讯股份有限公司 | Public cloud-based authentication method, security authentication middleware and cloud computing resource pool |
CN107533790A (en) * | 2015-03-19 | 2018-01-02 | 夫斯特21有限公司 | System and method for managing the identity information being stored in Cloud Server |
CN109102050A (en) * | 2018-08-20 | 2018-12-28 | 北京旷视科技有限公司 | Checking method, device and server, application server, system of real name verifying system |
CN109981662A (en) * | 2019-03-31 | 2019-07-05 | 西安电子科技大学 | A kind of safe communication system and method |
CN112632497A (en) * | 2020-12-26 | 2021-04-09 | 深圳市八方通达科技有限公司 | Identity information verification method and system based on block chain |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1728628A (en) * | 2004-07-30 | 2006-02-01 | 迈普(四川)通信技术有限公司 | Multiplexing method of security proxy channel, and multiplexing server of security proxy channel |
CN101022337A (en) * | 2007-03-28 | 2007-08-22 | 胡祥义 | Network identification card realizing method |
CN101064717A (en) * | 2006-04-26 | 2007-10-31 | 北京华科广通信息技术有限公司 | Safety protection system of information system or equipment and its working method |
US20080091613A1 (en) * | 2006-09-28 | 2008-04-17 | Microsoft Corporation | Rights management in a cloud |
CN101282259A (en) * | 2007-04-04 | 2008-10-08 | 中国电信股份有限公司 | System, application and method for IP network access authentication based on personal identification module IM |
CN101388777A (en) * | 2008-10-16 | 2009-03-18 | 中兴通讯股份有限公司 | Third party authentication method and system for cross-system access in communication system |
CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
CN102314566A (en) * | 2010-07-07 | 2012-01-11 | 上鋐科技股份有限公司 | Machine-machine authentication method and human-machine authentication method applied to cloud computing |
US20120030475A1 (en) * | 2010-08-02 | 2012-02-02 | Ma Felix Kuo-We | Machine-machine authentication method and human-machine authentication method for cloud computing |
-
2012
- 2012-10-22 CN CN201210405729.8A patent/CN103780584A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1728628A (en) * | 2004-07-30 | 2006-02-01 | 迈普(四川)通信技术有限公司 | Multiplexing method of security proxy channel, and multiplexing server of security proxy channel |
CN101064717A (en) * | 2006-04-26 | 2007-10-31 | 北京华科广通信息技术有限公司 | Safety protection system of information system or equipment and its working method |
US20080091613A1 (en) * | 2006-09-28 | 2008-04-17 | Microsoft Corporation | Rights management in a cloud |
CN101022337A (en) * | 2007-03-28 | 2007-08-22 | 胡祥义 | Network identification card realizing method |
CN101282259A (en) * | 2007-04-04 | 2008-10-08 | 中国电信股份有限公司 | System, application and method for IP network access authentication based on personal identification module IM |
CN101388777A (en) * | 2008-10-16 | 2009-03-18 | 中兴通讯股份有限公司 | Third party authentication method and system for cross-system access in communication system |
CN101719238A (en) * | 2009-11-30 | 2010-06-02 | 中国建设银行股份有限公司 | Method and system for managing, authenticating and authorizing unified identities |
CN102314566A (en) * | 2010-07-07 | 2012-01-11 | 上鋐科技股份有限公司 | Machine-machine authentication method and human-machine authentication method applied to cloud computing |
US20120030475A1 (en) * | 2010-08-02 | 2012-02-02 | Ma Felix Kuo-We | Machine-machine authentication method and human-machine authentication method for cloud computing |
Non-Patent Citations (1)
Title |
---|
邱柏云: "基于云存储的个人数据安全保护机制", 《电脑知识与技术》 * |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015188568A1 (en) * | 2014-06-12 | 2015-12-17 | 中兴通讯股份有限公司 | Public cloud-based authentication method, security authentication middleware and cloud computing resource pool |
CN105207970A (en) * | 2014-06-12 | 2015-12-30 | 中兴通讯股份有限公司 | Authentication method based on public cloud, security authentication middleware, and cloud computing resource pool |
CN105207970B (en) * | 2014-06-12 | 2019-09-27 | 南京中兴新软件有限责任公司 | Authentication method, safety certification middleware and cloud computing resource pool based on public cloud |
CN104135489A (en) * | 2014-08-13 | 2014-11-05 | 百度在线网络技术(北京)有限公司 | Login authentication method and device |
CN104320391A (en) * | 2014-10-22 | 2015-01-28 | 南京绿云信息技术有限公司 | Cloud authentication method and system |
CN104394214A (en) * | 2014-11-26 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | Method and system for protecting desktop cloud service through access control |
CN107533790A (en) * | 2015-03-19 | 2018-01-02 | 夫斯特21有限公司 | System and method for managing the identity information being stored in Cloud Server |
CN109102050A (en) * | 2018-08-20 | 2018-12-28 | 北京旷视科技有限公司 | Checking method, device and server, application server, system of real name verifying system |
CN109102050B (en) * | 2018-08-20 | 2021-08-10 | 北京旷视科技有限公司 | Verification method and device, server, application server and real-name verification system |
CN109981662A (en) * | 2019-03-31 | 2019-07-05 | 西安电子科技大学 | A kind of safe communication system and method |
CN112632497A (en) * | 2020-12-26 | 2021-04-09 | 深圳市八方通达科技有限公司 | Identity information verification method and system based on block chain |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6941146B2 (en) | Data security service | |
CN112073400B (en) | Access control method, system, device and computing equipment | |
CN103780584A (en) | Cloud computing-based identity authentication fusion method | |
TWI587672B (en) | Login authentication method, client, server and system | |
CN101227468B (en) | Method, device and system for authenticating user to network | |
CN108111473B (en) | Unified management method, device and system for hybrid cloud | |
CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
CN105703910B (en) | Dynamic token verification method based on wechat service number | |
CN104735065A (en) | Data processing method, electronic device and server | |
Dua et al. | Replay attack prevention in Kerberos authentication protocol using triple password | |
Crossman et al. | Study of authentication with IoT testbed | |
CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
Doshi et al. | A review paper on security concerns in cloud computing and proposed security models | |
CN109076054A (en) | System and method for managing the encryption key of single-sign-on application program | |
Strobl et al. | Connected cars—Threats, vulnerabilities and their impact | |
CN103428698B (en) | Mobile interchange participant's identity strong authentication method | |
CN101118639A (en) | Safety electric national census system | |
Feng et al. | Autonomous vehicles' forensics in smart cities | |
Kaushik et al. | a novel approach for an automated advanced MITM attack on IoT networks | |
CN104852902A (en) | SWIM user identity authentication method based on improved Diameter/EAP-TLS protocol | |
Binu et al. | A mobile based remote user authentication scheme without verifier table for cloud based services | |
CN105376242A (en) | Cloud terminal data access authentication method, cloud terminal data access authentication system and cloud terminal management system | |
Iskhakov et al. | The Internet of Things in the security industry | |
Alhassan et al. | Threat modeling of electronic health systems and mitigating countermeasures | |
Dincer et al. | Big data security: Requirements, challenges and preservation of private data inside mobile operators |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140507 |
|
RJ01 | Rejection of invention patent application after publication |