CN104468607B - multi-server authentication method - Google Patents

multi-server authentication method Download PDF

Info

Publication number
CN104468607B
CN104468607B CN201410815213.XA CN201410815213A CN104468607B CN 104468607 B CN104468607 B CN 104468607B CN 201410815213 A CN201410815213 A CN 201410815213A CN 104468607 B CN104468607 B CN 104468607B
Authority
CN
China
Prior art keywords
client
mac address
key
current time
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410815213.XA
Other languages
Chinese (zh)
Other versions
CN104468607A (en
Inventor
林小平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Jinwangtong Electronic Technology Co Ltd
Original Assignee
Sichuan Jinwangtong Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Jinwangtong Electronic Technology Co Ltd filed Critical Sichuan Jinwangtong Electronic Technology Co Ltd
Priority to CN201410815213.XA priority Critical patent/CN104468607B/en
Publication of CN104468607A publication Critical patent/CN104468607A/en
Application granted granted Critical
Publication of CN104468607B publication Critical patent/CN104468607B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of Multi-Server Authentication method, this method is the authentication method based on time, IP, MAC, this method can be authenticated on a certificate server, then the authentication data is used on multiple function servers, and the term of validity of certification can be set, MAC legitimacies can be checked simultaneously, beneficial effects of the present invention are:The problem of being mainly used in solving some function needs while being deployed on multiple servers, and need to be authenticated.

Description

Multi-Server Authentication method
Technical field
The present invention relates to communication technical field, specifically related to a kind of Multi-Server Authentication method.
Background technology
In order to identify general all functions with user authentication in user, existing Network Security Device.With enterprise The industry network equipment increases, and the certification source of most of network equipments, that is, the equipment for the username and password data that are stored with is required for With enterprise's original subscriber data center compatibility, the authentication service function of possessing multiple certification sources is formed.And existing network peace Full equipment often only relies on single authentication source and carries out user authentication, when turning to multiple certification sources by single certification source, its certification Service performance is low.
The content of the invention
It is mainly used in solving some function needs while being deployed in there is provided one kind instant invention overcomes the deficiencies in the prior art On multiple servers, and Multi-Server Authentication method the problem of need to be authenticated.
To achieve the above object, the present invention uses following technical scheme:
A kind of Multi-Server Authentication method, it is characterised in that it comprises the following steps:A, client obtain oneself first Client mac address and client current time, then obtain first key by algorithm using client current time, adopt The first client mac address is encrypted with first key and obtains the second client mac address, reuses the first client mac address Calculating obtains first information digest algorithm MD5 values;B, certificate server receive the request of client, obtain client ip address, Parsing obtains client current time, the second client mac address and first information digest algorithm MD5 values;C, authentication service Device first determines whether whether client current time and the difference of certificate server time meet certification term of validity condition, if discontented Sufficient condition, then client request is illegal, if meeting condition, certificate server obtains the second client mac by algorithm The first key of address, is then based on first key the second client mac address of decryption and obtains the first client mac address, so Calculated afterwards using the first client mac address and obtain the second message digest algorithm MD5 values, compare the second message digest algorithm MD5 Whether value is consistent with first information digest algorithm MD5 values, if inconsistent, client request is illegal, responds as illegal request Information, if unanimously, carrying out Step d;D, certificate server upset client current time, client ip address using algorithm The first ciphertext is obtained with the first client mac address, while certificate server produces a random key, is then used with secret Key encrypts the first ciphertext and obtains the first ciphertext data, while certificate server is worked as using the first client mac address and client The preceding time obtains the second key, then obtains the 3rd key using the second key encrypted random keys;E, client receive certification Server response parsing obtains the 3rd key and the first ciphertext data, when obtaining the first client mac address and current client Between, the second key is obtained using the first client mac address and client's current time, it is then close using the second secret key decryption the 3rd Key obtains random key, and client sends the first client mac address when being asked to function server using authorization data, random Key and the first ciphertext data;The request analysis that f, function server receive client obtains the first client mac address, random Key and the first ciphertext data, the client current time after the first ciphertext data are parsed, solution are decrypted using random key Whether the first client mac address after client ip address and parsing after analysis, judge the client current time after parsing Expired, whether client ip address consistent with the client ip address after parsing, the first client mac address whether with after parsing The first client mac address it is consistent, if one condition of any of which is unsatisfactory for, be considered as illegal request, refusal processing.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention can be authenticated on a certificate server, and the certification is then used on multiple function servers Data, and the term of validity of certification can be set, while can check MAC legitimacies.
Embodiment
A kind of Multi-Server Authentication method, it is characterised in that it comprises the following steps:
A, client obtain the first client mac address and client current time of oneself, then using client Current time obtains first key by algorithm, and encrypting the first client mac address using first key obtains the second client MAC Address, reuses the calculating of the first client mac address and obtains first information digest algorithm MD5 values;
B, certificate server receive the request of client, obtain client ip address, parsing obtain client current time, Second client mac address and first information digest algorithm MD5 values;
C, certificate server first determine whether whether client current time and the difference of certificate server time meet certification Term of validity condition, if being unsatisfactory for condition, client request is illegal, if meeting condition, and certificate server is by calculating Method obtains the first key of the second client mac address, is then based on first key and decrypts the second client mac address obtaining the One client mac address, is then calculated using the first client mac address and obtains the second message digest algorithm MD5 values, compare the Whether two message digest algorithm MD5 values are consistent with first information digest algorithm MD5 values, if inconsistent, client request does not conform to Method, is responded as illegal request information, if unanimously, carrying out Step d;
D, certificate server use algorithm with upsetting client current time, client ip address and the first client mac Location obtains the first ciphertext, while certificate server produces a random key, then encrypting the first ciphertext using random key obtains To the first ciphertext data, while to obtain second using the first client mac address and client current time close for certificate server Key, then obtains the 3rd key, for example using the second key encrypted random keys:
Three keys=6555F839CE510F468D75795D8A789693
First ciphertext=a5d6a07eb3f43252d05fa597b3282eef5c3f645e9d195a79fb78ede2 a4b b80c2
E, client receive authentication server response parsing and obtain the 3rd key and the first ciphertext data, obtain the first client MAC Address and client's current time are held, the second key is obtained using the first client mac address and client's current time, so Random key is obtained using the key of the second secret key decryption the 3rd afterwards, client is sent out when being asked to function server using authorization data Send the first client mac address, random key and the first ciphertext data.
The request analysis that f, function server receive client obtains the first client mac address, random key and first Ciphertext data, the client after the client current time after the first ciphertext data are parsed, parsing is decrypted using random key The first client mac address after IP address and parsing is held, judges whether the client current time after parsing is expired, client Whether IP address consistent with the client ip address after parsing, the first client mac address whether with the first client after parsing Hold MAC Address consistent, if one condition of any of which is unsatisfactory for, be considered as illegal request, refusal processing.
Because based on time certification, it is desirable to which client and certificate server possess identical clock basic point, so wherein wrapping A time server is contained, client needs to obtain server time to time server when starting client, then herein Client synchronization is carried out on time basis.Time synchronized (such as one hour) periodically is carried out with server simultaneously, to ensure Client clock is tried one's best consistent with server clock, as long as ensureing the time difference of client and certificate server, to be less than certification effective Phase, normal certification can be carried out.
The principle of the present invention is in verification process that certificate server can make full use of client-side information to produce one group of needs The data being authenticated, then produce a client and do not recognize cyphertext strings also without care, the cyphertext strings its at it It can be restored on its function server by the random key decryption produced in client authentication process.Client is in itself The cyphertext strings can not be reduced and change, because client and the algorithm not comprising the authentication data, can only decrypt and obtain the ciphertext Key.And certificate server can change at any time calculate the ciphertext algorithm find out calculation to prevent other illegal molecules from cracking Method.Client act as a bridge beam action in whole process, and illegal client can not complete recognizing for certificate server Card, random key is obtained even if completing certificate server certification and can not decrypt.
The essence of the present invention is described in detail above embodiment, but can not be to protection scope of the present invention Limited, it should be apparent that, under the enlightenment of the present invention, the art those of ordinary skill can also carry out many improvement And modification, it should be noted that these are improved and modification all falls within the claims of the present invention.

Claims (1)

1. a kind of Multi-Server Authentication method, it is characterised in that it comprises the following steps:
A, client obtain the first client mac address and client current time of oneself, then current using client Time obtains first key by algorithm, and the first client mac address is encrypted with obtaining the second client mac using first key Location, reuses the calculating of the first client mac address and obtains first information digest algorithm MD5 values;
B, certificate server receive the request of client, obtain client ip address, parsing and obtain client current time, second Client mac address and first information digest algorithm MD5 values;
It is effective that c, certificate server first determine whether whether client current time and the difference of certificate server time meet certification Phase condition, if being unsatisfactory for condition, client request is illegal, if meeting condition, certificate server is obtained by algorithm To the first key of the second client mac address, it is then based on first key the second client mac address of decryption and obtains the first visitor Family end MAC Address, is then calculated using the first client mac address and obtains the second message digest algorithm MD5 values, compare the second letter Cease whether digest algorithm MD5 values are consistent with first information digest algorithm MD5 values, if inconsistent, client request is illegal, ring Illegal request information is should be, if unanimously, carrying out Step d;
D, certificate server are upset client current time, client ip address and the first client mac address using algorithm and obtained To the first ciphertext, while certificate server produces a random key, then encrypt the first ciphertext using random key and obtain the One ciphertext data, while certificate server obtains the second key using the first client mac address and client current time, so Afterwards the 3rd key is obtained using the second key encrypted random keys;
E, client receive authentication server response parsing and obtain the 3rd key and the first ciphertext data, obtain the first client MAC Address and client's current time, obtain the second key, then using the first client mac address and client's current time Random key is obtained using the key of the second secret key decryption the 3rd, client is sent when being asked to function server using authorization data First client mac address, random key and the first ciphertext data;
The request analysis that f, function server receive client obtains the first client mac address, random key and the first ciphertext Data, the client ip after the client current time after the first ciphertext data are parsed, parsing is decrypted using random key The first client mac address behind address and parsing, judges whether the client current time after parsing is expired, client ip Whether location consistent with the client ip address after parsing, the first client mac address whether with the first client mac after parsing Address is consistent, if one condition of any of which is unsatisfactory for, and is considered as illegal request, refusal processing.
CN201410815213.XA 2014-12-24 2014-12-24 multi-server authentication method Active CN104468607B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410815213.XA CN104468607B (en) 2014-12-24 2014-12-24 multi-server authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410815213.XA CN104468607B (en) 2014-12-24 2014-12-24 multi-server authentication method

Publications (2)

Publication Number Publication Date
CN104468607A CN104468607A (en) 2015-03-25
CN104468607B true CN104468607B (en) 2017-09-22

Family

ID=52913979

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410815213.XA Active CN104468607B (en) 2014-12-24 2014-12-24 multi-server authentication method

Country Status (1)

Country Link
CN (1) CN104468607B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104869117B (en) * 2015-05-14 2018-08-24 新华三技术有限公司 A kind of safety certifying method and device
CN113301432B (en) * 2021-05-14 2023-01-06 Vidaa(荷兰)国际控股有限公司 Display device, terminal device and communication connection method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201332401Y (en) * 2008-08-27 2009-10-21 深圳市络道科技有限公司 Compulsory two-way dynamic password authentication system and user password generator
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN103036924A (en) * 2011-09-29 2013-04-10 深圳市快播科技有限公司 Chaining processing method and chaining processing system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014159862A1 (en) * 2013-03-14 2014-10-02 Headwater Partners I Llc Automated credential porting for mobile devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201332401Y (en) * 2008-08-27 2009-10-21 深圳市络道科技有限公司 Compulsory two-way dynamic password authentication system and user password generator
CN102148685A (en) * 2010-02-04 2011-08-10 陈祖石 Method and system for dynamically authenticating password by multi-password seed self-defined by user
CN103036924A (en) * 2011-09-29 2013-04-10 深圳市快播科技有限公司 Chaining processing method and chaining processing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于智能卡的多服务器环境下的远端认证协议";张青;《计算机应用研究》;20140731;第31卷(第7期);第2109-2111,2115页 *

Also Published As

Publication number Publication date
CN104468607A (en) 2015-03-25

Similar Documents

Publication Publication Date Title
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN104219228B (en) A kind of user's registration, user identification method and system
US8130961B2 (en) Method and system for client-server mutual authentication using event-based OTP
US9525557B2 (en) Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method
CN104735068B (en) Method based on the close SIP safety certification of state
CN106130716B (en) Key exchange system and method based on authentication information
US11018866B2 (en) Dynamic second factor authentication for cookie-based authentication
CN111512608B (en) Trusted execution environment based authentication protocol
CN110048849B (en) Multi-layer protection session key negotiation method
CN105721153B (en) Key exchange system and method based on authentication information
CN108259407B (en) Symmetric encryption method and system based on timestamp
CN108809940B (en) Interactive encryption method for power grid system server and client
CN108809633B (en) Identity authentication method, device and system
CN106850207B (en) Identity identifying method and system without CA
CN103634265B (en) Method, equipment and the system of safety certification
CA2942765C (en) Persistent authentication system incorporating one time pass codes
EP3000216B1 (en) Secured data channel authentication implying a shared secret
CN105025019A (en) Data safety sharing method
CN111080299B (en) Anti-repudiation method for transaction information, client and server
CN109905384B (en) Data migration method and system
JP2017163612A (en) Terminal authentication system, server device, and terminal authentication method
CN104125239A (en) Network authentication method and system based on data link encryption transmission
CN109218251B (en) Anti-replay authentication method and system
CN104113410A (en) Method and device for data encryption transmission based on multi-table encryption method
CN102215235B (en) SIP (session initiation protocol) safety certification method capable of modifying authentication password

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant