CN104780052B - Network equipment group authentication method in a kind of software defined network - Google Patents

Network equipment group authentication method in a kind of software defined network Download PDF

Info

Publication number
CN104780052B
CN104780052B CN201510204633.9A CN201510204633A CN104780052B CN 104780052 B CN104780052 B CN 104780052B CN 201510204633 A CN201510204633 A CN 201510204633A CN 104780052 B CN104780052 B CN 104780052B
Authority
CN
China
Prior art keywords
signature
controller
network equipment
value
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510204633.9A
Other languages
Chinese (zh)
Other versions
CN104780052A (en
Inventor
刘建伟
毛可飞
陈杰
王蒙蒙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN201510204633.9A priority Critical patent/CN104780052B/en
Publication of CN104780052A publication Critical patent/CN104780052A/en
Application granted granted Critical
Publication of CN104780052B publication Critical patent/CN104780052B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses network equipment group authentication method in a kind of software defined network, and in particular to a kind of group's authentication method based on aggregate signature technology, belongs to communication field.Mainly include:1) initialization module;2) signature blocks;3) authentication module and seven big steps.The present invention is under SDN structures, propose network equipment group authentication method in SDN, make full use of the data link of the southbound interface and LA Management Room between the network equipment and controller, controller only needs once certification can to complete the overall network device authentication on a network device link, reduces consumption of the conventional authentication method to controller bandwidth.In addition, including upper network equipment authenticating step in SDN device subscription module, the identity problems of a network equipment can be found in time.The present invention uses the technology of aggregate signature, and the bandwidth consumption that signed data is brought can be transmitted with effectively save LA Management Room.

Description

Network equipment group authentication method in a kind of software defined network
Technical field
The present invention relates to network equipment group authentication method in a kind of software defined network, and in particular to one kind is based on polymerization Group's authentication method of signature technology, belongs to communication field.
Background technology
With the fast development of Internet technology, software defined network (Software Defined Network, SDN) by Network control planes and datum plane are separated by using controller in it, network security is improved, can manage and control The ability of system, there is good application space in many industries, and it is exactly safety problem that SDN, which has the problem of primary, at present.It is right For controller in SDN, the parameter for obtaining True Data plane is to implement the necessary operation of control and management.Therefore, it is right The network equipment implements authentication in SDN, ensures the authenticity of controller collection network device parameter, so as to find network in time Plant issue is particularly critical.SDN normal work forms a plurality of data link by multiple network equipments and completed.Therefore, to SDN Implement certification per the network equipment on data link, so as to ensure that the authenticity of the network equipment in data link is important work Make.
The certification of network equipment group refers to that controller is recognized network equipment unified implementation in a data link in SDN Card.At present, the method that such certification can use the one-to-one certification of tradition, i.e. controller are each in the certification data link one by one The individual network equipment, certainly this authentication method is feasible.But due to every one network equipment of certification, controller is all Same controller is needed repeatedly to be communicated, this authentication method can excessively take the bandwidth money between controller and the network equipment Source, while increase the resource consumption of controller, reduce the secure threshold of controller.With SDN progressively application, controller management The quantity of the network equipment gradually increases, and the authentication efficiency of the network equipment is also stepping up, and conventional authentication mode can not expire Sufficient SDN implements the demand of certification to the network equipment on a network device link.Therefore, the present invention proposes network in a kind of SDN Equipment group authentication method, there are highly important theory value and realistic meaning to SDN applications and popularization.
The content of the invention
It is an object of the invention to overcome the shortcomings of that prior art solves network equipment group certification in SDN, propose a kind of Network equipment group authentication method in software defined network, it is a kind of label that each network equipment is combined by aggregate signature Name, finally by the method for controller unified implementation certification, is not only able to effectively solve network equipment group authentication question, keeps away simultaneously Exempt to be transmitted across more redundancy signing messages, reduce the consumption to bandwidth resources of network equipment group certification.
In order to achieve the above object, integrated use SDN structure and aggregate signature technology of the present invention, its technical scheme is such as Under.
Main mathematic sign and algorithmic translation:
1) bilinear mapG1×G1→G2, in the initialization module of the present invention program, by inputting security parameter λ, so Algorithm g (1 is run afterwardsλ) the cyclic group G that two exponent numbers are prime number q can be obtained1And G2
Bilinear map meets following three characteristics:
1. bilinear characteristics:For all g, h ∈ G1, a, b ∈ ZNHaveSet up;
2. non-degeneracy:G1An element g at least be present in group so that after calculatingIn G2There is exponent number q in group;
3. computability:In the presence of effective algorithm so that all g, h ∈ G1Can effectively it calculateValue;
2) hash algorithm:The impact resistant hash function H used in the present invention1,H2:{0,1}*→G1Possess two spies substantially Property:One-way and anti-collision;One-way, which refers to input from hash function, derives output, and can not be defeated from hash function Go out and calculate input;Anti-collision refers to that can not find two different inputs simultaneously makes the complete phase of hash function output result Together.
The present invention discloses one kind and realizes network equipment group authentication method in SDN, and it includes two major class entities:Controller and The network equipment.Wherein, the network equipment can be according to three kinds of entities of position segmentation in network device link:Initial network equipment, Intermediary network device and end Network equipment.In summary, the present invention is involved amounts to 4 kinds of entities:1) controller:Pacified according to system Population parameter produces public key and master key, calculates to provide network equipment secret value and sign and challenges, and finally implements network equipment group The equipment of group certification;2) initial network equipment:First network equipment in network device link to be certified, it is received under controller The signature command of hair and challenge, complete signature and data are forwarded to the latter intermediary network device;3) end Network equipment:Wait to recognize Last network equipment in network device link is demonstrate,proved, it receives the data and signature of the transmission of last intermediary network device, And the signature after signature and polymerization is sent to controller;4) intermediary network device:Except starting in network device link to be certified The network equipment outside the network equipment and end Network equipment, its order receive data and the signature that the previous network equipment is sent, Signature after polymerization is sent to the latter network equipment after signature and signature polymerization to be done, wherein first go-between is set The standby data for receiving initial network equipment, last intermediary network device terminad network equipment send data.
Three sequence of modules of the present invention point perform, i.e. initialization module, signature blocks and authentication module, share 7 steps. Network equipment group authentication method in a kind of software defined network of the present invention, this method specific implementation step are as follows:
Module one:Initialization module.Controller, as inputting, exports public key PK and master key according to system security parameter λ MSK.Public key PK external disclosures, master key MSK are then taken care of by controller.Controller sets the secret value sP of the network equipment simultaneouslyi, Treat that the later stage implements certification use.The specific implementation of the functions of modules is divided into four steps:
Step 1:Controller input system security parameter λ first, export the group G that two exponent numbers are prime number q1、G2It is double with one Linear Mapping computingG1×G1→G2.Controller random selection group G1In generation a first P, simultaneous selection number field Z/qZ in A random element s, and calculate Q=sP.Controller selects two hash function H1,H2:{0,1}*→G1
So far, controller can obtain:Public keyMaster key MSK=(s).Wherein, PK is taken care of as common parameter external disclosure, MSK as secret value by controller, and is ensured not compromised.
Step 2:Controller is according to the identity ID of the network equipmenti, calculate secret value sPi, and it is by the passage of safety that this is secret Close value is distributed to corresponding user.Identity is IDiThe network equipment obtain secret value sPi, oneself secret preservation.
Module two:Signature blocks.Controller sends signature challenge m, and initial network equipment forms label after receiving signature challenge Name challenge data bag enters link to be certified, network equipment transmission, signature and the polymerization of packet successively in a link, until end The network equipment is held to complete after signing and by its (P that will signm,Sn,Tn) return to controller.
Step 3:Controller selection random value m ∈ { 0,1 }*Challenge as signature, and risen with network device link to be certified Beginning network appliance IP address AddressstartWith end Network IP address of equipment AddressfinalForm packet Data.Control Device sends packet Data by southbound interface to initial network equipment.
Step 4:Initial network device id1The Data that controller issues is connected to, calculates signature (S1,T1) and adjacent networks set Standby authentication secret valueThen it is signature challenge Hash Value, signature value and adjacent network device certification is secret Close value Data1=(Pm,S1,T1,P1') combination be sent to next intermediary network device ID2
Step 5:Intermediary network device IDi, i ∈ (2,3 ..., n-1) receive coupled network equipment IDi-1Send Data (Pm,Si-1,Ti-1,P′i-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message " Fail ", module is continued to run with if success.Intermediary network device IDiCalculate the signature (S ' of oneselfi,T′i) and calculate adjacent Network equipment authentication secret valueThen by signature challenge Hash Value, signature value and adjacent network device certification Secret value Datai=(Pm,Si,Ti,P′i) the next network equipment ID of combination transmissioni+1.The step 7 that reruns is until in all Between the network equipment all operation finish, i.e. IDn-1Send (Pm,Sn-1,Tn-1,P′n-1)。
Step 6:End Network device idnIt is secret to receive signature challenge Hash Value, signature value and adjacent network device certification Close value (Pm,Sn-1,Tn-1,P′n-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message " Fail ", module is continued to run with if success.End Network device idnCalculate the signature (S' of oneselfn,T′n), and will signature Data is challenged with signaturen=(Pm,Sn,Tn) controller is forwarded to by southbound interface.
Module three:Authentication module.Controller input signature and signature challenge (Pm,Sn,Tn), authentication output failed message " Fail " or certification success message " Success ".
Step 7:The correctness of controller verification challenging value, authentification failure message " Fail " is sent if failure, if It is successful then continue to run with module.Controller verification signature (Sn,Tn), if success authentication output success message " Success ", no Then send authentification failure message " Fail ".
Good effect and advantage compared with the conventional method of the invention is:
Network equipment group authentication method in SDN is proposed, makes full use of the southbound interface between the network equipment and controller With the data link of LA Management Room, controller only needs once certification can to complete whole nets on a network device link Network device authentication, reduce consumption of the conventional authentication method to controller bandwidth;Upper one is included in SDN device subscription module Network equipment authenticating step, the identity problems of a network equipment can be found in time;Using the technology of aggregate signature, Ke Yiyou Effect saves the bandwidth consumption that LA Management Room transmission signed data is brought.
Brief description of the drawings
Fig. 1 is network equipment group authentication method overall procedure in a kind of software defined network of the present invention.
Symbol description is as follows in figure:
Step 1, step 2, step 3, step 4, step 5, step 6 represents each step and sequence number of the inventive method;PK Represent controller generation and disclosed public key;Data represents the data that controller is sent by southbound interface to initial network equipment Bag;ID1Represent the identity of initial network equipment;sP1Controller is represented to calculate and be distributed to ID1Secret value;Data1Represent just Beginning network equipment ID1The packet sent to coupled next network equipment;ID2Represent first intermediary network device Identity;sP2Controller is represented to calculate and be distributed to ID2Secret value;Data2Represent intermediary network device ID2To coupled Next network equipment send packet;IDi, i ∈ (2 ..., n-1) represent the identity of some intermediary network device;sPi Controller is represented to calculate and be distributed to IDiSecret value;DataiRepresent intermediary network device IDiTo coupled next net The packet that network equipment is sent;Datan-1Represent network equipment IDn-1The data sent to coupled end Network equipment Bag;IDnRepresent the identity of end Network equipment;sPnController is represented to calculate and be distributed to IDnSecret value;DatanRepresent end Hold network equipment IDnThe packet sent to controller;Authentification failure " Fail " represents the network equipment and sends authentification failure instruction To controller;(Pm,Sn,Tn) represent end Network device idnThe packet particular content sent to controller, wherein PmFor Signature challenge, SnAnd TnTo challenge P to signaturemSignature;" Fail " or " Success " represents controller authentication output and unsuccessfully disappeared Cease " Fail " or certification success message " Success ".
Embodiment
Below in conjunction with accompanying drawing 1 and embodiment, the present invention is described in further detail.
In the present embodiment, SDN includes controller and n ∈ (3,4,5 ...) individual network equipment, the identity of the network equipment are IDi, i ∈ (1 ..., n), i.e. ID1For initial network equipment identities, ID2~IDn-1For intermediary network device identity, IDnFor end Network equipment identity.
Module one:Initialization module.Controller, as inputting, exports public key PK and master key according to system security parameter λ MSK.Public key PK external disclosures, master key MSK are then taken care of by controller.Controller sets the secret value sP of the network equipment simultaneouslyi, Treat that the later stage implements certification use.The specific implementation of the functions of modules is divided into four steps:
Step 1:Controller input system security parameter λ first, then run algorithm g (1λ), two exponent numbers are exported as element Number q group G1、G2With a bilinear map computingG1×G1→G2.Wherein, described " operation algorithm g (1λ) ", its way It is as follows:Controller selects suitable elliptic curve according to the security parameter λ of input size:y2=x3(wherein a and b are+ax+b Coefficient).Group G is formed according to the point on selected elliptic curve1And G2Select a kind of Function MappingBy group G1In element mapping To group G2In;Security parameter λ numerical value is bigger, and the point on selected elliptic curve is also more, and group is also bigger.
Then, controller operation Generating Random Number, random selection group G1In a first P of generation, simultaneous selection number A random element s in the Z/qZ of domain, and calculate Q=sP.Wherein, described " operation Generating Random Number ", its way is such as Under:According to elliptic curve selected in step 1:y2=x3+ ax+b, a random selection independent variable x value x1, calculate to strain Measure y value y1;If point (x1,y1) in the group that we want mapping, then it has been successfully generated random element.If point (x1,y1) do not exist In group, then continue to select x value, crowd G is appeared in until finding1In point.Operation Generating Random Number hereinafter is identical.
Then, controller selects two hash function H1,H2:{0,1}*→G1.Wherein, described " hash function H1,H2: {0,1}*→G1" represent:The character string being made up of binary number 0 and 1 is passed through into hash function H1,H2It is mapped to groupIn.
So far, controller can obtain:Public keyMaster key MSK=(s).Wherein, PK is taken care of as common parameter external disclosure, MSK as secret value by controller, and is ensured not compromised.
Step 2:The network equipment possesses identity IDi∈{0,1}*, the ID of the network equipment itselfiExternal disclosure.Controller according to The identity ID of the network equipmenti, calculate secret value sPi=sH1(IDi).Afterwards, controller by the passage of safety by this secret value It is distributed to corresponding user.Identity is IDiThe network equipment obtain secret value sPi, oneself secret preservation.Wherein, described " net Network equipment selection identity IDi∈{0,1}*" represent:The character string that network equipment identity is made up of binary number 0 and 1.
Module two:Signature blocks.Controller sends signature challenge m, and initial network equipment forms label after receiving signature challenge Name challenge data bag enters link to be certified, network equipment transmission, signature and the polymerization of packet successively in a link, until end The network equipment is held to complete after signing and by its (P that will signm,Sn,Tn) return to controller.
Step 3:Controller runs Generating Random Number, selects random value m ∈ { 0,1 }*Challenge, and and treat as signature Certification link initial network IP address of equipment AddressstartWith end Network IP address of equipment AddressfinalForm packet Data=(m, Addressstart,Addressfinal).Controller sends packet by southbound interface to initial network equipment Data。
Step 4:Initial network device id1The Data that controller issues is connected to, calculates Pm=H2(m)∈G1, run random number Generating algorithm produces random value r1∈ Z/qZ, calculate signature (S1,T1), wherein S1=r1Pm+sP1And T1=r1P.Initial network is set For according to coupled intermediary network device ID2, calculate P2=H2(ID2), and adjacent network device authentication secret is calculated with this ValueThen by signature challenge Hash Value, signature value and adjacent network device authentication secret value Data1=(Pm, S1,T1,P′1) combination be sent to next intermediary network device ID2
Step 5:Intermediary network device IDi, i ∈ (2,3 ..., n-1) receive a network equipment IDi-1The number sent According to (Pm,Si-1,Ti-1,P′i-1), P is calculated firsti-1=H2(IDi-1), and with its secret value sP with oneselfiCalculate adjacent networks Device authentication secret valueCompareWhether it is same as above an equipment and sends P 'i-1It is equal, if unequal Authentification failure message " Fail " is sent, module is continued to run with if equal.Intermediary network device IDiProduce random value ri∈Z/ QZ, calculate the signature (S ' of oneselfi,T′i), wherein S 'i=riPm+sPiWith T 'i=riP.Then signature S is calculatedi=Si-1+S′iWith Ti=Ti-1+T′i.Intermediary network device IDiAccording to coupled network equipment IDi+1, calculate Pi+1=H2(IDi+1), and with this Calculate adjacent network device authentication secret valueThen signature challenge Hash Value, signature value and adjacent networks are set Standby authentication secret value Datai=(Pm,Si,Ti,P′i) the next network equipment ID of combination transmissioni+1.The step 7 that reruns is until institute All operation finishes some intermediary network devices, i.e. IDn-1Send (Pm,Sn-1,Tn-1,P′n-1)。
Step 6:End Network device idnIt is secret to receive signature challenge Hash Value, signature value and adjacent network device certification Close value (Pm,Sn-1,Tn-1,P′n-1), P is calculated firstn-1=H2(IDn-1), and with its secret value sP with oneselfnCalculate adjacent net Network device authentication secret valueCompareWhether it is same as above a network equipment and sends P 'n-1It is equal, if not It is equal, authentification failure message " Fail " is sent, module is continued to run with if equal.End Network device idnProduce random value rn∈ Z/qZ, calculate the signature (S' of oneselfn,T′n), wherein S'n=rnPm+sPnWith T 'n=rnP.Then S is calculatedn=Sn-1+S'n And Tn=Tn-1+T′nAnd will signature and signature challenge Datan=(Pm,Sn,Tn) controller is forwarded to by southbound interface.
Module three:Authentication module.Controller input signature and signature challenge (Pm,Sn,Tn), authentication output failed message " Fail " or certification success message " Success ".
Step 7:Controller calculates P using signature challenge mm=H2(m), and P is comparedmWhether sent with end Network equipment PmIt is equal, authentification failure message " Fail " is sent if unequal, module is continued to run with if equal.Controller is distinguished CalculateWithJudge whether the two is equal, if equal authentication output success message " Success ", otherwise send authentification failure message " Fail ".
By above-mentioned module and step, we realize the scheme of network equipment group certification in SDN.

Claims (1)

  1. A kind of 1. network equipment group authentication method in software defined network, it is characterised in that:This method specific implementation step is such as Under:
    Initialization module:Controller, as inputting, exports public key PK and master key MSK, PK pairs of public key according to system security parameter λ Outer disclosure, master key MSK are then taken care of by controller;Controller sets the secret value sP of the network equipment simultaneouslyi, treat that the later stage implements to recognize Card uses;The specific implementation of the functions of modules is divided into four steps:
    Step 1:Controller input system security parameter λ first, export the group G that two exponent numbers are prime number q1、G2With a bilinearity Mapping operationsController random selection group G1In generation a first P, simultaneous selection number field Z/qZ in One random element s, and Q=sP is calculated, controller selects two hash function H1,H2:{0,1}*→G1
    So far, controller obtains:Public keyMaster key MSK=(s);Wherein, PK is as public Parameter external disclosure, MSK are taken care of as secret value by controller altogether, and are ensured not compromised;
    Step 2:Controller is according to the identity ID of the network equipmenti, calculate secret value sPi, and by the passage of safety by this secret value It is distributed to corresponding user;Identity is IDiThe network equipment obtain secret value sPi, oneself secret preservation;
    Signature blocks:Controller sends signature challenging value m, and initial network equipment forms signature challenge data after receiving signature challenge Bag enters link to be certified, network equipment transmission, signature and the polymerization of packet successively in a link, until end Network equipment Complete signature after and by its will signature challenge Hash Value and signature value combine (Pm,Sn,Tn) return to controller;
    Step 3:Controller selection random value m ∈ { 0,1 }*Net is originated as signature challenging value, and with network device link to be certified Network IP address of equipment AddressstartWith end Network IP address of equipment AddressfinalForm packet Data;Controller leads to Cross southbound interface and send packet Data to initial network equipment;
    Step 4:Initial network device id1The Data that controller issues is connected to, calculates signature value (S1,T1) and adjacent network device Authentication secret valueThen by signature challenge Hash Value, signature value and adjacent network device authentication secret Value combination Data1=(Pm,S1,T1,P'1) it is sent to next intermediary network device ID2
    Step 5:Intermediary network device IDi, i ∈ (2,3 ..., n-1) receive coupled network equipment IDi-1The number sent According to (Pm,Si-1,Ti-1,P′i-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message " Fail ", Module is continued to run with if success;Intermediary network device IDiCalculate signature median (S 'i,T′i) and calculate adjacent networks set Standby authentication secret valueThen by signature challenge Hash Value, signature value and adjacent network device authentication secret value group Close;Wherein, Pi=H1(IDi),i∈(1,…,n);
    Datai=(Pm,Si,Ti,P′i) send next network equipment IDi+1;The step 5 that reruns is up to all go-betweens All operation finishes equipment, i.e. IDn-1Send (Pm,Sn-1,Tn-1,P′n-1);
    Step 6:End Network device idnReceive signature challenge Hash Value, signature value and adjacent network device authentication secret value (Pm,Sn-1,Tn-1,P′n-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message " Fail ", such as Fruit success then continues to run with module;End Network device idnCalculate signature median (S'n,T′n), and signature is challenged into Hash Value Data is combined with signature valuen=(Pm,Sn,Tn) controller is forwarded to by southbound interface;Wherein, Si=Si-1+S′i, Ti=Ti-1+ T′i;S'n=rnPm+sPn, T 'n=rnP;
    Authentication module:Controller input signature challenge Hash Value and signature value challenge combination (Pm,Sn,Tn), authentication output unsuccessfully disappears Cease " Fail " or certification success message " Success ";
    Step 7:The correctness of controller verification signature challenge Hash Value, authentification failure message " Fail " is sent if failure, Module is continued to run with if success;Controller verification signature value (Sn,Tn), if success authentication output success message " Success ", otherwise send authentification failure message " Fail ".
CN201510204633.9A 2015-04-27 2015-04-27 Network equipment group authentication method in a kind of software defined network Active CN104780052B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510204633.9A CN104780052B (en) 2015-04-27 2015-04-27 Network equipment group authentication method in a kind of software defined network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510204633.9A CN104780052B (en) 2015-04-27 2015-04-27 Network equipment group authentication method in a kind of software defined network

Publications (2)

Publication Number Publication Date
CN104780052A CN104780052A (en) 2015-07-15
CN104780052B true CN104780052B (en) 2018-03-02

Family

ID=53621311

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510204633.9A Active CN104780052B (en) 2015-04-27 2015-04-27 Network equipment group authentication method in a kind of software defined network

Country Status (1)

Country Link
CN (1) CN104780052B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106817348B (en) * 2015-11-30 2020-06-26 北京华为数字技术有限公司 SDN-based security authentication method and related equipment
US10887295B2 (en) 2016-10-26 2021-01-05 Futurewei Technologies, Inc. System and method for massive IoT group authentication
CN110392033B (en) * 2018-04-23 2022-01-04 北京华为数字技术有限公司 Password management method and device
CN112104461A (en) * 2019-06-18 2020-12-18 中国科学院沈阳自动化研究所 SDN-based wireless security routing method in edge scene
CN111586026B (en) * 2020-04-30 2021-01-29 广州市品高软件股份有限公司 Software defined boundary implementation method and system based on SDN
CN116527408B (en) * 2023-07-05 2023-09-08 中国电子科技集团公司第十五研究所 Authentication management method and application based on friend bus

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977110A (en) * 2010-10-09 2011-02-16 北京航空航天大学 Group signature method based on elliptic curve
CN103929422A (en) * 2014-04-08 2014-07-16 北京工业大学 Trusted inter-domain safety certificate protocol based on SDN
CN104113839A (en) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 Mobile data safety protection system and method based on SDN

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8078876B2 (en) * 2007-04-30 2011-12-13 Intel Corporation Apparatus and method for direct anonymous attestation from bilinear maps

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101977110A (en) * 2010-10-09 2011-02-16 北京航空航天大学 Group signature method based on elliptic curve
CN103929422A (en) * 2014-04-08 2014-07-16 北京工业大学 Trusted inter-domain safety certificate protocol based on SDN
CN104113839A (en) * 2014-07-14 2014-10-22 蓝盾信息安全技术有限公司 Mobile data safety protection system and method based on SDN

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于网络认证的动态群签名方案";司光东;《哈尔滨工程大学学报》;20080901;全文 *

Also Published As

Publication number Publication date
CN104780052A (en) 2015-07-15

Similar Documents

Publication Publication Date Title
CN104780052B (en) Network equipment group authentication method in a kind of software defined network
CN104378374B (en) A kind of method and system that communication is set up based on SSL
CN107437993A (en) One kind is based on without the side's authentication key agreement method of certificate two and device
CN102983971B (en) Certificateless signature algorithm for user identity authentication in network environment
CN107689947A (en) A kind of method and apparatus of data processing
CN105024994A (en) Secure certificateless hybrid signcryption method without pairing
CN108667616A (en) Across cloud security Verification System based on mark and method
CN107342859A (en) A kind of anonymous authentication method and its application
CN106130716A (en) Cipher key exchange system based on authentication information and method
JP7164672B2 (en) Digital signature method, signature information verification method, related device and electronic device
CN109981265B (en) Identity-based ciphertext equivalence determination method without using bilinear pairings
Lee et al. Sequential aggregate signatures with short public keys: Design, analysis and implementation studies
CN105141419B (en) The attribute base endorsement method and system in large attribute domain
CN109951288B (en) Hierarchical signature method and system based on SM9 digital signature algorithm
Pan et al. An enhanced secure smart card-based password authentication scheme.
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN112152813B (en) Certificateless content extraction signcryption method supporting privacy protection
CN107241190A (en) The key agreement construction method and the network platform of a kind of identity-based
CN109995509A (en) Authentication key based on message recovery signature exchanges method
CN107171788A (en) A kind of identity-based and the constant online offline aggregate signature method of signature length
JP2022095852A (en) Digital signature method, signature information verification method, related device, and electronic device
Kosba et al. C $\emptyset $ C $\emptyset $: A Framework for Building Composable Zero-Knowledge Proofs
Harishma et al. POSTER: Authenticated key-exchange protocol for heterogeneous CPS
CN109743162A (en) A kind of operated using ideal lattice carries out the matched encryption method of identity attribute
CN112800482A (en) Identity-based online/offline security cloud storage auditing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant