CN104468607B - multi-server authentication method - Google Patents
multi-server authentication method Download PDFInfo
- Publication number
- CN104468607B CN104468607B CN201410815213.XA CN201410815213A CN104468607B CN 104468607 B CN104468607 B CN 104468607B CN 201410815213 A CN201410815213 A CN 201410815213A CN 104468607 B CN104468607 B CN 104468607B
- Authority
- CN
- China
- Prior art keywords
- client
- mac address
- key
- current time
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of Multi-Server Authentication method, this method is the authentication method based on time, IP, MAC, this method can be authenticated on a certificate server, then the authentication data is used on multiple function servers, and the term of validity of certification can be set, MAC legitimacies can be checked simultaneously, beneficial effects of the present invention are:The problem of being mainly used in solving some function needs while being deployed on multiple servers, and need to be authenticated.
Description
Technical field
The present invention relates to communication technical field, specifically related to a kind of Multi-Server Authentication method.
Background technology
In order to identify general all functions with user authentication in user, existing Network Security Device.With enterprise
The industry network equipment increases, and the certification source of most of network equipments, that is, the equipment for the username and password data that are stored with is required for
With enterprise's original subscriber data center compatibility, the authentication service function of possessing multiple certification sources is formed.And existing network peace
Full equipment often only relies on single authentication source and carries out user authentication, when turning to multiple certification sources by single certification source, its certification
Service performance is low.
The content of the invention
It is mainly used in solving some function needs while being deployed in there is provided one kind instant invention overcomes the deficiencies in the prior art
On multiple servers, and Multi-Server Authentication method the problem of need to be authenticated.
To achieve the above object, the present invention uses following technical scheme:
A kind of Multi-Server Authentication method, it is characterised in that it comprises the following steps:A, client obtain oneself first
Client mac address and client current time, then obtain first key by algorithm using client current time, adopt
The first client mac address is encrypted with first key and obtains the second client mac address, reuses the first client mac address
Calculating obtains first information digest algorithm MD5 values;B, certificate server receive the request of client, obtain client ip address,
Parsing obtains client current time, the second client mac address and first information digest algorithm MD5 values;C, authentication service
Device first determines whether whether client current time and the difference of certificate server time meet certification term of validity condition, if discontented
Sufficient condition, then client request is illegal, if meeting condition, certificate server obtains the second client mac by algorithm
The first key of address, is then based on first key the second client mac address of decryption and obtains the first client mac address, so
Calculated afterwards using the first client mac address and obtain the second message digest algorithm MD5 values, compare the second message digest algorithm MD5
Whether value is consistent with first information digest algorithm MD5 values, if inconsistent, client request is illegal, responds as illegal request
Information, if unanimously, carrying out Step d;D, certificate server upset client current time, client ip address using algorithm
The first ciphertext is obtained with the first client mac address, while certificate server produces a random key, is then used with secret
Key encrypts the first ciphertext and obtains the first ciphertext data, while certificate server is worked as using the first client mac address and client
The preceding time obtains the second key, then obtains the 3rd key using the second key encrypted random keys;E, client receive certification
Server response parsing obtains the 3rd key and the first ciphertext data, when obtaining the first client mac address and current client
Between, the second key is obtained using the first client mac address and client's current time, it is then close using the second secret key decryption the 3rd
Key obtains random key, and client sends the first client mac address when being asked to function server using authorization data, random
Key and the first ciphertext data;The request analysis that f, function server receive client obtains the first client mac address, random
Key and the first ciphertext data, the client current time after the first ciphertext data are parsed, solution are decrypted using random key
Whether the first client mac address after client ip address and parsing after analysis, judge the client current time after parsing
Expired, whether client ip address consistent with the client ip address after parsing, the first client mac address whether with after parsing
The first client mac address it is consistent, if one condition of any of which is unsatisfactory for, be considered as illegal request, refusal processing.
Compared with prior art, the beneficial effects of the invention are as follows:
The present invention can be authenticated on a certificate server, and the certification is then used on multiple function servers
Data, and the term of validity of certification can be set, while can check MAC legitimacies.
Embodiment
A kind of Multi-Server Authentication method, it is characterised in that it comprises the following steps:
A, client obtain the first client mac address and client current time of oneself, then using client
Current time obtains first key by algorithm, and encrypting the first client mac address using first key obtains the second client
MAC Address, reuses the calculating of the first client mac address and obtains first information digest algorithm MD5 values;
B, certificate server receive the request of client, obtain client ip address, parsing obtain client current time,
Second client mac address and first information digest algorithm MD5 values;
C, certificate server first determine whether whether client current time and the difference of certificate server time meet certification
Term of validity condition, if being unsatisfactory for condition, client request is illegal, if meeting condition, and certificate server is by calculating
Method obtains the first key of the second client mac address, is then based on first key and decrypts the second client mac address obtaining the
One client mac address, is then calculated using the first client mac address and obtains the second message digest algorithm MD5 values, compare the
Whether two message digest algorithm MD5 values are consistent with first information digest algorithm MD5 values, if inconsistent, client request does not conform to
Method, is responded as illegal request information, if unanimously, carrying out Step d;
D, certificate server use algorithm with upsetting client current time, client ip address and the first client mac
Location obtains the first ciphertext, while certificate server produces a random key, then encrypting the first ciphertext using random key obtains
To the first ciphertext data, while to obtain second using the first client mac address and client current time close for certificate server
Key, then obtains the 3rd key, for example using the second key encrypted random keys:
Three keys=6555F839CE510F468D75795D8A789693
First ciphertext=a5d6a07eb3f43252d05fa597b3282eef5c3f645e9d195a79fb78ede2 a4b
b80c2
E, client receive authentication server response parsing and obtain the 3rd key and the first ciphertext data, obtain the first client
MAC Address and client's current time are held, the second key is obtained using the first client mac address and client's current time, so
Random key is obtained using the key of the second secret key decryption the 3rd afterwards, client is sent out when being asked to function server using authorization data
Send the first client mac address, random key and the first ciphertext data.
The request analysis that f, function server receive client obtains the first client mac address, random key and first
Ciphertext data, the client after the client current time after the first ciphertext data are parsed, parsing is decrypted using random key
The first client mac address after IP address and parsing is held, judges whether the client current time after parsing is expired, client
Whether IP address consistent with the client ip address after parsing, the first client mac address whether with the first client after parsing
Hold MAC Address consistent, if one condition of any of which is unsatisfactory for, be considered as illegal request, refusal processing.
Because based on time certification, it is desirable to which client and certificate server possess identical clock basic point, so wherein wrapping
A time server is contained, client needs to obtain server time to time server when starting client, then herein
Client synchronization is carried out on time basis.Time synchronized (such as one hour) periodically is carried out with server simultaneously, to ensure
Client clock is tried one's best consistent with server clock, as long as ensureing the time difference of client and certificate server, to be less than certification effective
Phase, normal certification can be carried out.
The principle of the present invention is in verification process that certificate server can make full use of client-side information to produce one group of needs
The data being authenticated, then produce a client and do not recognize cyphertext strings also without care, the cyphertext strings its at it
It can be restored on its function server by the random key decryption produced in client authentication process.Client is in itself
The cyphertext strings can not be reduced and change, because client and the algorithm not comprising the authentication data, can only decrypt and obtain the ciphertext
Key.And certificate server can change at any time calculate the ciphertext algorithm find out calculation to prevent other illegal molecules from cracking
Method.Client act as a bridge beam action in whole process, and illegal client can not complete recognizing for certificate server
Card, random key is obtained even if completing certificate server certification and can not decrypt.
The essence of the present invention is described in detail above embodiment, but can not be to protection scope of the present invention
Limited, it should be apparent that, under the enlightenment of the present invention, the art those of ordinary skill can also carry out many improvement
And modification, it should be noted that these are improved and modification all falls within the claims of the present invention.
Claims (1)
1. a kind of Multi-Server Authentication method, it is characterised in that it comprises the following steps:
A, client obtain the first client mac address and client current time of oneself, then current using client
Time obtains first key by algorithm, and the first client mac address is encrypted with obtaining the second client mac using first key
Location, reuses the calculating of the first client mac address and obtains first information digest algorithm MD5 values;
B, certificate server receive the request of client, obtain client ip address, parsing and obtain client current time, second
Client mac address and first information digest algorithm MD5 values;
It is effective that c, certificate server first determine whether whether client current time and the difference of certificate server time meet certification
Phase condition, if being unsatisfactory for condition, client request is illegal, if meeting condition, certificate server is obtained by algorithm
To the first key of the second client mac address, it is then based on first key the second client mac address of decryption and obtains the first visitor
Family end MAC Address, is then calculated using the first client mac address and obtains the second message digest algorithm MD5 values, compare the second letter
Cease whether digest algorithm MD5 values are consistent with first information digest algorithm MD5 values, if inconsistent, client request is illegal, ring
Illegal request information is should be, if unanimously, carrying out Step d;
D, certificate server are upset client current time, client ip address and the first client mac address using algorithm and obtained
To the first ciphertext, while certificate server produces a random key, then encrypt the first ciphertext using random key and obtain the
One ciphertext data, while certificate server obtains the second key using the first client mac address and client current time, so
Afterwards the 3rd key is obtained using the second key encrypted random keys;
E, client receive authentication server response parsing and obtain the 3rd key and the first ciphertext data, obtain the first client
MAC Address and client's current time, obtain the second key, then using the first client mac address and client's current time
Random key is obtained using the key of the second secret key decryption the 3rd, client is sent when being asked to function server using authorization data
First client mac address, random key and the first ciphertext data;
The request analysis that f, function server receive client obtains the first client mac address, random key and the first ciphertext
Data, the client ip after the client current time after the first ciphertext data are parsed, parsing is decrypted using random key
The first client mac address behind address and parsing, judges whether the client current time after parsing is expired, client ip
Whether location consistent with the client ip address after parsing, the first client mac address whether with the first client mac after parsing
Address is consistent, if one condition of any of which is unsatisfactory for, and is considered as illegal request, refusal processing.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410815213.XA CN104468607B (en) | 2014-12-24 | 2014-12-24 | multi-server authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410815213.XA CN104468607B (en) | 2014-12-24 | 2014-12-24 | multi-server authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104468607A CN104468607A (en) | 2015-03-25 |
CN104468607B true CN104468607B (en) | 2017-09-22 |
Family
ID=52913979
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410815213.XA Active CN104468607B (en) | 2014-12-24 | 2014-12-24 | multi-server authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104468607B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104869117B (en) * | 2015-05-14 | 2018-08-24 | 新华三技术有限公司 | A kind of safety certifying method and device |
CN113301432B (en) * | 2021-05-14 | 2023-01-06 | Vidaa(荷兰)国际控股有限公司 | Display device, terminal device and communication connection method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201332401Y (en) * | 2008-08-27 | 2009-10-21 | 深圳市络道科技有限公司 | Compulsory two-way dynamic password authentication system and user password generator |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN103036924A (en) * | 2011-09-29 | 2013-04-10 | 深圳市快播科技有限公司 | Chaining processing method and chaining processing system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014159862A1 (en) * | 2013-03-14 | 2014-10-02 | Headwater Partners I Llc | Automated credential porting for mobile devices |
-
2014
- 2014-12-24 CN CN201410815213.XA patent/CN104468607B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201332401Y (en) * | 2008-08-27 | 2009-10-21 | 深圳市络道科技有限公司 | Compulsory two-way dynamic password authentication system and user password generator |
CN102148685A (en) * | 2010-02-04 | 2011-08-10 | 陈祖石 | Method and system for dynamically authenticating password by multi-password seed self-defined by user |
CN103036924A (en) * | 2011-09-29 | 2013-04-10 | 深圳市快播科技有限公司 | Chaining processing method and chaining processing system |
Non-Patent Citations (1)
Title |
---|
"基于智能卡的多服务器环境下的远端认证协议";张青;《计算机应用研究》;20140731;第31卷(第7期);第2109-2111,2115页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104468607A (en) | 2015-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
CN104219228B (en) | A kind of user's registration, user identification method and system | |
US8130961B2 (en) | Method and system for client-server mutual authentication using event-based OTP | |
US9525557B2 (en) | Certificate issuing system, client terminal, server device, certificate acquisition method, and certificate issuing method | |
CN104735068B (en) | Method based on the close SIP safety certification of state | |
CN106130716B (en) | Key exchange system and method based on authentication information | |
US11018866B2 (en) | Dynamic second factor authentication for cookie-based authentication | |
CN111512608B (en) | Trusted execution environment based authentication protocol | |
CN110048849B (en) | Multi-layer protection session key negotiation method | |
CN105721153B (en) | Key exchange system and method based on authentication information | |
CN108259407B (en) | Symmetric encryption method and system based on timestamp | |
CN108809940B (en) | Interactive encryption method for power grid system server and client | |
CN108809633B (en) | Identity authentication method, device and system | |
CN106850207B (en) | Identity identifying method and system without CA | |
CN103634265B (en) | Method, equipment and the system of safety certification | |
CA2942765C (en) | Persistent authentication system incorporating one time pass codes | |
EP3000216B1 (en) | Secured data channel authentication implying a shared secret | |
CN105025019A (en) | Data safety sharing method | |
CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
CN109905384B (en) | Data migration method and system | |
JP2017163612A (en) | Terminal authentication system, server device, and terminal authentication method | |
CN104125239A (en) | Network authentication method and system based on data link encryption transmission | |
CN109218251B (en) | Anti-replay authentication method and system | |
CN104113410A (en) | Method and device for data encryption transmission based on multi-table encryption method | |
CN102215235B (en) | SIP (session initiation protocol) safety certification method capable of modifying authentication password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |