CN104780052B - Network equipment group authentication method in a kind of software defined network - Google Patents
Network equipment group authentication method in a kind of software defined network Download PDFInfo
- Publication number
- CN104780052B CN104780052B CN201510204633.9A CN201510204633A CN104780052B CN 104780052 B CN104780052 B CN 104780052B CN 201510204633 A CN201510204633 A CN 201510204633A CN 104780052 B CN104780052 B CN 104780052B
- Authority
- CN
- China
- Prior art keywords
- signature
- controller
- network equipment
- value
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses network equipment group authentication method in a kind of software defined network, and in particular to a kind of group's authentication method based on aggregate signature technology, belongs to communication field.Mainly include:1) initialization module;2) signature blocks;3) authentication module and seven big steps.The present invention is under SDN structures, propose network equipment group authentication method in SDN, make full use of the data link of the southbound interface and LA Management Room between the network equipment and controller, controller only needs once certification can to complete the overall network device authentication on a network device link, reduces consumption of the conventional authentication method to controller bandwidth.In addition, including upper network equipment authenticating step in SDN device subscription module, the identity problems of a network equipment can be found in time.The present invention uses the technology of aggregate signature, and the bandwidth consumption that signed data is brought can be transmitted with effectively save LA Management Room.
Description
Technical field
The present invention relates to network equipment group authentication method in a kind of software defined network, and in particular to one kind is based on polymerization
Group's authentication method of signature technology, belongs to communication field.
Background technology
With the fast development of Internet technology, software defined network (Software Defined Network, SDN) by
Network control planes and datum plane are separated by using controller in it, network security is improved, can manage and control
The ability of system, there is good application space in many industries, and it is exactly safety problem that SDN, which has the problem of primary, at present.It is right
For controller in SDN, the parameter for obtaining True Data plane is to implement the necessary operation of control and management.Therefore, it is right
The network equipment implements authentication in SDN, ensures the authenticity of controller collection network device parameter, so as to find network in time
Plant issue is particularly critical.SDN normal work forms a plurality of data link by multiple network equipments and completed.Therefore, to SDN
Implement certification per the network equipment on data link, so as to ensure that the authenticity of the network equipment in data link is important work
Make.
The certification of network equipment group refers to that controller is recognized network equipment unified implementation in a data link in SDN
Card.At present, the method that such certification can use the one-to-one certification of tradition, i.e. controller are each in the certification data link one by one
The individual network equipment, certainly this authentication method is feasible.But due to every one network equipment of certification, controller is all
Same controller is needed repeatedly to be communicated, this authentication method can excessively take the bandwidth money between controller and the network equipment
Source, while increase the resource consumption of controller, reduce the secure threshold of controller.With SDN progressively application, controller management
The quantity of the network equipment gradually increases, and the authentication efficiency of the network equipment is also stepping up, and conventional authentication mode can not expire
Sufficient SDN implements the demand of certification to the network equipment on a network device link.Therefore, the present invention proposes network in a kind of SDN
Equipment group authentication method, there are highly important theory value and realistic meaning to SDN applications and popularization.
The content of the invention
It is an object of the invention to overcome the shortcomings of that prior art solves network equipment group certification in SDN, propose a kind of
Network equipment group authentication method in software defined network, it is a kind of label that each network equipment is combined by aggregate signature
Name, finally by the method for controller unified implementation certification, is not only able to effectively solve network equipment group authentication question, keeps away simultaneously
Exempt to be transmitted across more redundancy signing messages, reduce the consumption to bandwidth resources of network equipment group certification.
In order to achieve the above object, integrated use SDN structure and aggregate signature technology of the present invention, its technical scheme is such as
Under.
Main mathematic sign and algorithmic translation:
1) bilinear mapG1×G1→G2, in the initialization module of the present invention program, by inputting security parameter λ, so
Algorithm g (1 is run afterwardsλ) the cyclic group G that two exponent numbers are prime number q can be obtained1And G2。
Bilinear map meets following three characteristics:
1. bilinear characteristics:For all g, h ∈ G1, a, b ∈ ZNHaveSet up;
2. non-degeneracy:G1An element g at least be present in group so that after calculatingIn G2There is exponent number q in group;
3. computability:In the presence of effective algorithm so that all g, h ∈ G1Can effectively it calculateValue;
2) hash algorithm:The impact resistant hash function H used in the present invention1,H2:{0,1}*→G1Possess two spies substantially
Property:One-way and anti-collision;One-way, which refers to input from hash function, derives output, and can not be defeated from hash function
Go out and calculate input;Anti-collision refers to that can not find two different inputs simultaneously makes the complete phase of hash function output result
Together.
The present invention discloses one kind and realizes network equipment group authentication method in SDN, and it includes two major class entities:Controller and
The network equipment.Wherein, the network equipment can be according to three kinds of entities of position segmentation in network device link:Initial network equipment,
Intermediary network device and end Network equipment.In summary, the present invention is involved amounts to 4 kinds of entities:1) controller:Pacified according to system
Population parameter produces public key and master key, calculates to provide network equipment secret value and sign and challenges, and finally implements network equipment group
The equipment of group certification;2) initial network equipment:First network equipment in network device link to be certified, it is received under controller
The signature command of hair and challenge, complete signature and data are forwarded to the latter intermediary network device;3) end Network equipment:Wait to recognize
Last network equipment in network device link is demonstrate,proved, it receives the data and signature of the transmission of last intermediary network device,
And the signature after signature and polymerization is sent to controller;4) intermediary network device:Except starting in network device link to be certified
The network equipment outside the network equipment and end Network equipment, its order receive data and the signature that the previous network equipment is sent,
Signature after polymerization is sent to the latter network equipment after signature and signature polymerization to be done, wherein first go-between is set
The standby data for receiving initial network equipment, last intermediary network device terminad network equipment send data.
Three sequence of modules of the present invention point perform, i.e. initialization module, signature blocks and authentication module, share 7 steps.
Network equipment group authentication method in a kind of software defined network of the present invention, this method specific implementation step are as follows:
Module one:Initialization module.Controller, as inputting, exports public key PK and master key according to system security parameter λ
MSK.Public key PK external disclosures, master key MSK are then taken care of by controller.Controller sets the secret value sP of the network equipment simultaneouslyi,
Treat that the later stage implements certification use.The specific implementation of the functions of modules is divided into four steps:
Step 1:Controller input system security parameter λ first, export the group G that two exponent numbers are prime number q1、G2It is double with one
Linear Mapping computingG1×G1→G2.Controller random selection group G1In generation a first P, simultaneous selection number field Z/qZ in
A random element s, and calculate Q=sP.Controller selects two hash function H1,H2:{0,1}*→G1。
So far, controller can obtain:Public keyMaster key MSK=(s).Wherein,
PK is taken care of as common parameter external disclosure, MSK as secret value by controller, and is ensured not compromised.
Step 2:Controller is according to the identity ID of the network equipmenti, calculate secret value sPi, and it is by the passage of safety that this is secret
Close value is distributed to corresponding user.Identity is IDiThe network equipment obtain secret value sPi, oneself secret preservation.
Module two:Signature blocks.Controller sends signature challenge m, and initial network equipment forms label after receiving signature challenge
Name challenge data bag enters link to be certified, network equipment transmission, signature and the polymerization of packet successively in a link, until end
The network equipment is held to complete after signing and by its (P that will signm,Sn,Tn) return to controller.
Step 3:Controller selection random value m ∈ { 0,1 }*Challenge as signature, and risen with network device link to be certified
Beginning network appliance IP address AddressstartWith end Network IP address of equipment AddressfinalForm packet Data.Control
Device sends packet Data by southbound interface to initial network equipment.
Step 4:Initial network device id1The Data that controller issues is connected to, calculates signature (S1,T1) and adjacent networks set
Standby authentication secret valueThen it is signature challenge Hash Value, signature value and adjacent network device certification is secret
Close value Data1=(Pm,S1,T1,P1') combination be sent to next intermediary network device ID2。
Step 5:Intermediary network device IDi, i ∈ (2,3 ..., n-1) receive coupled network equipment IDi-1Send
Data (Pm,Si-1,Ti-1,P′i-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message
" Fail ", module is continued to run with if success.Intermediary network device IDiCalculate the signature (S ' of oneselfi,T′i) and calculate adjacent
Network equipment authentication secret valueThen by signature challenge Hash Value, signature value and adjacent network device certification
Secret value Datai=(Pm,Si,Ti,P′i) the next network equipment ID of combination transmissioni+1.The step 7 that reruns is until in all
Between the network equipment all operation finish, i.e. IDn-1Send (Pm,Sn-1,Tn-1,P′n-1)。
Step 6:End Network device idnIt is secret to receive signature challenge Hash Value, signature value and adjacent network device certification
Close value (Pm,Sn-1,Tn-1,P′n-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message
" Fail ", module is continued to run with if success.End Network device idnCalculate the signature (S' of oneselfn,T′n), and will signature
Data is challenged with signaturen=(Pm,Sn,Tn) controller is forwarded to by southbound interface.
Module three:Authentication module.Controller input signature and signature challenge (Pm,Sn,Tn), authentication output failed message
" Fail " or certification success message " Success ".
Step 7:The correctness of controller verification challenging value, authentification failure message " Fail " is sent if failure, if
It is successful then continue to run with module.Controller verification signature (Sn,Tn), if success authentication output success message " Success ", no
Then send authentification failure message " Fail ".
Good effect and advantage compared with the conventional method of the invention is:
Network equipment group authentication method in SDN is proposed, makes full use of the southbound interface between the network equipment and controller
With the data link of LA Management Room, controller only needs once certification can to complete whole nets on a network device link
Network device authentication, reduce consumption of the conventional authentication method to controller bandwidth;Upper one is included in SDN device subscription module
Network equipment authenticating step, the identity problems of a network equipment can be found in time;Using the technology of aggregate signature, Ke Yiyou
Effect saves the bandwidth consumption that LA Management Room transmission signed data is brought.
Brief description of the drawings
Fig. 1 is network equipment group authentication method overall procedure in a kind of software defined network of the present invention.
Symbol description is as follows in figure:
Step 1, step 2, step 3, step 4, step 5, step 6 represents each step and sequence number of the inventive method;PK
Represent controller generation and disclosed public key;Data represents the data that controller is sent by southbound interface to initial network equipment
Bag;ID1Represent the identity of initial network equipment;sP1Controller is represented to calculate and be distributed to ID1Secret value;Data1Represent just
Beginning network equipment ID1The packet sent to coupled next network equipment;ID2Represent first intermediary network device
Identity;sP2Controller is represented to calculate and be distributed to ID2Secret value;Data2Represent intermediary network device ID2To coupled
Next network equipment send packet;IDi, i ∈ (2 ..., n-1) represent the identity of some intermediary network device;sPi
Controller is represented to calculate and be distributed to IDiSecret value;DataiRepresent intermediary network device IDiTo coupled next net
The packet that network equipment is sent;Datan-1Represent network equipment IDn-1The data sent to coupled end Network equipment
Bag;IDnRepresent the identity of end Network equipment;sPnController is represented to calculate and be distributed to IDnSecret value;DatanRepresent end
Hold network equipment IDnThe packet sent to controller;Authentification failure " Fail " represents the network equipment and sends authentification failure instruction
To controller;(Pm,Sn,Tn) represent end Network device idnThe packet particular content sent to controller, wherein PmFor
Signature challenge, SnAnd TnTo challenge P to signaturemSignature;" Fail " or " Success " represents controller authentication output and unsuccessfully disappeared
Cease " Fail " or certification success message " Success ".
Embodiment
Below in conjunction with accompanying drawing 1 and embodiment, the present invention is described in further detail.
In the present embodiment, SDN includes controller and n ∈ (3,4,5 ...) individual network equipment, the identity of the network equipment are
IDi, i ∈ (1 ..., n), i.e. ID1For initial network equipment identities, ID2~IDn-1For intermediary network device identity, IDnFor end
Network equipment identity.
Module one:Initialization module.Controller, as inputting, exports public key PK and master key according to system security parameter λ
MSK.Public key PK external disclosures, master key MSK are then taken care of by controller.Controller sets the secret value sP of the network equipment simultaneouslyi,
Treat that the later stage implements certification use.The specific implementation of the functions of modules is divided into four steps:
Step 1:Controller input system security parameter λ first, then run algorithm g (1λ), two exponent numbers are exported as element
Number q group G1、G2With a bilinear map computingG1×G1→G2.Wherein, described " operation algorithm g (1λ) ", its way
It is as follows:Controller selects suitable elliptic curve according to the security parameter λ of input size:y2=x3(wherein a and b are+ax+b
Coefficient).Group G is formed according to the point on selected elliptic curve1And G2Select a kind of Function MappingBy group G1In element mapping
To group G2In;Security parameter λ numerical value is bigger, and the point on selected elliptic curve is also more, and group is also bigger.
Then, controller operation Generating Random Number, random selection group G1In a first P of generation, simultaneous selection number
A random element s in the Z/qZ of domain, and calculate Q=sP.Wherein, described " operation Generating Random Number ", its way is such as
Under:According to elliptic curve selected in step 1:y2=x3+ ax+b, a random selection independent variable x value x1, calculate to strain
Measure y value y1;If point (x1,y1) in the group that we want mapping, then it has been successfully generated random element.If point (x1,y1) do not exist
In group, then continue to select x value, crowd G is appeared in until finding1In point.Operation Generating Random Number hereinafter is identical.
Then, controller selects two hash function H1,H2:{0,1}*→G1.Wherein, described " hash function H1,H2:
{0,1}*→G1" represent:The character string being made up of binary number 0 and 1 is passed through into hash function H1,H2It is mapped to groupIn.
So far, controller can obtain:Public keyMaster key MSK=(s).Wherein,
PK is taken care of as common parameter external disclosure, MSK as secret value by controller, and is ensured not compromised.
Step 2:The network equipment possesses identity IDi∈{0,1}*, the ID of the network equipment itselfiExternal disclosure.Controller according to
The identity ID of the network equipmenti, calculate secret value sPi=sH1(IDi).Afterwards, controller by the passage of safety by this secret value
It is distributed to corresponding user.Identity is IDiThe network equipment obtain secret value sPi, oneself secret preservation.Wherein, described " net
Network equipment selection identity IDi∈{0,1}*" represent:The character string that network equipment identity is made up of binary number 0 and 1.
Module two:Signature blocks.Controller sends signature challenge m, and initial network equipment forms label after receiving signature challenge
Name challenge data bag enters link to be certified, network equipment transmission, signature and the polymerization of packet successively in a link, until end
The network equipment is held to complete after signing and by its (P that will signm,Sn,Tn) return to controller.
Step 3:Controller runs Generating Random Number, selects random value m ∈ { 0,1 }*Challenge, and and treat as signature
Certification link initial network IP address of equipment AddressstartWith end Network IP address of equipment AddressfinalForm packet
Data=(m, Addressstart,Addressfinal).Controller sends packet by southbound interface to initial network equipment
Data。
Step 4:Initial network device id1The Data that controller issues is connected to, calculates Pm=H2(m)∈G1, run random number
Generating algorithm produces random value r1∈ Z/qZ, calculate signature (S1,T1), wherein S1=r1Pm+sP1And T1=r1P.Initial network is set
For according to coupled intermediary network device ID2, calculate P2=H2(ID2), and adjacent network device authentication secret is calculated with this
ValueThen by signature challenge Hash Value, signature value and adjacent network device authentication secret value Data1=(Pm,
S1,T1,P′1) combination be sent to next intermediary network device ID2。
Step 5:Intermediary network device IDi, i ∈ (2,3 ..., n-1) receive a network equipment IDi-1The number sent
According to (Pm,Si-1,Ti-1,P′i-1), P is calculated firsti-1=H2(IDi-1), and with its secret value sP with oneselfiCalculate adjacent networks
Device authentication secret valueCompareWhether it is same as above an equipment and sends P 'i-1It is equal, if unequal
Authentification failure message " Fail " is sent, module is continued to run with if equal.Intermediary network device IDiProduce random value ri∈Z/
QZ, calculate the signature (S ' of oneselfi,T′i), wherein S 'i=riPm+sPiWith T 'i=riP.Then signature S is calculatedi=Si-1+S′iWith
Ti=Ti-1+T′i.Intermediary network device IDiAccording to coupled network equipment IDi+1, calculate Pi+1=H2(IDi+1), and with this
Calculate adjacent network device authentication secret valueThen signature challenge Hash Value, signature value and adjacent networks are set
Standby authentication secret value Datai=(Pm,Si,Ti,P′i) the next network equipment ID of combination transmissioni+1.The step 7 that reruns is until institute
All operation finishes some intermediary network devices, i.e. IDn-1Send (Pm,Sn-1,Tn-1,P′n-1)。
Step 6:End Network device idnIt is secret to receive signature challenge Hash Value, signature value and adjacent network device certification
Close value (Pm,Sn-1,Tn-1,P′n-1), P is calculated firstn-1=H2(IDn-1), and with its secret value sP with oneselfnCalculate adjacent net
Network device authentication secret valueCompareWhether it is same as above a network equipment and sends P 'n-1It is equal, if not
It is equal, authentification failure message " Fail " is sent, module is continued to run with if equal.End Network device idnProduce random value
rn∈ Z/qZ, calculate the signature (S' of oneselfn,T′n), wherein S'n=rnPm+sPnWith T 'n=rnP.Then S is calculatedn=Sn-1+S'n
And Tn=Tn-1+T′nAnd will signature and signature challenge Datan=(Pm,Sn,Tn) controller is forwarded to by southbound interface.
Module three:Authentication module.Controller input signature and signature challenge (Pm,Sn,Tn), authentication output failed message
" Fail " or certification success message " Success ".
Step 7:Controller calculates P using signature challenge mm=H2(m), and P is comparedmWhether sent with end Network equipment
PmIt is equal, authentification failure message " Fail " is sent if unequal, module is continued to run with if equal.Controller is distinguished
CalculateWithJudge whether the two is equal, if equal authentication output success message
" Success ", otherwise send authentification failure message " Fail ".
By above-mentioned module and step, we realize the scheme of network equipment group certification in SDN.
Claims (1)
- A kind of 1. network equipment group authentication method in software defined network, it is characterised in that:This method specific implementation step is such as Under:Initialization module:Controller, as inputting, exports public key PK and master key MSK, PK pairs of public key according to system security parameter λ Outer disclosure, master key MSK are then taken care of by controller;Controller sets the secret value sP of the network equipment simultaneouslyi, treat that the later stage implements to recognize Card uses;The specific implementation of the functions of modules is divided into four steps:Step 1:Controller input system security parameter λ first, export the group G that two exponent numbers are prime number q1、G2With a bilinearity Mapping operationsController random selection group G1In generation a first P, simultaneous selection number field Z/qZ in One random element s, and Q=sP is calculated, controller selects two hash function H1,H2:{0,1}*→G1;So far, controller obtains:Public keyMaster key MSK=(s);Wherein, PK is as public Parameter external disclosure, MSK are taken care of as secret value by controller altogether, and are ensured not compromised;Step 2:Controller is according to the identity ID of the network equipmenti, calculate secret value sPi, and by the passage of safety by this secret value It is distributed to corresponding user;Identity is IDiThe network equipment obtain secret value sPi, oneself secret preservation;Signature blocks:Controller sends signature challenging value m, and initial network equipment forms signature challenge data after receiving signature challenge Bag enters link to be certified, network equipment transmission, signature and the polymerization of packet successively in a link, until end Network equipment Complete signature after and by its will signature challenge Hash Value and signature value combine (Pm,Sn,Tn) return to controller;Step 3:Controller selection random value m ∈ { 0,1 }*Net is originated as signature challenging value, and with network device link to be certified Network IP address of equipment AddressstartWith end Network IP address of equipment AddressfinalForm packet Data;Controller leads to Cross southbound interface and send packet Data to initial network equipment;Step 4:Initial network device id1The Data that controller issues is connected to, calculates signature value (S1,T1) and adjacent network device Authentication secret valueThen by signature challenge Hash Value, signature value and adjacent network device authentication secret Value combination Data1=(Pm,S1,T1,P'1) it is sent to next intermediary network device ID2;Step 5:Intermediary network device IDi, i ∈ (2,3 ..., n-1) receive coupled network equipment IDi-1The number sent According to (Pm,Si-1,Ti-1,P′i-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message " Fail ", Module is continued to run with if success;Intermediary network device IDiCalculate signature median (S 'i,T′i) and calculate adjacent networks set Standby authentication secret valueThen by signature challenge Hash Value, signature value and adjacent network device authentication secret value group Close;Wherein, Pi=H1(IDi),i∈(1,…,n);Datai=(Pm,Si,Ti,P′i) send next network equipment IDi+1;The step 5 that reruns is up to all go-betweens All operation finishes equipment, i.e. IDn-1Send (Pm,Sn-1,Tn-1,P′n-1);Step 6:End Network device idnReceive signature challenge Hash Value, signature value and adjacent network device authentication secret value (Pm,Sn-1,Tn-1,P′n-1), a network equipment certification is carried out first, if unsuccessfully sending authentification failure message " Fail ", such as Fruit success then continues to run with module;End Network device idnCalculate signature median (S'n,T′n), and signature is challenged into Hash Value Data is combined with signature valuen=(Pm,Sn,Tn) controller is forwarded to by southbound interface;Wherein, Si=Si-1+S′i, Ti=Ti-1+ T′i;S'n=rnPm+sPn, T 'n=rnP;Authentication module:Controller input signature challenge Hash Value and signature value challenge combination (Pm,Sn,Tn), authentication output unsuccessfully disappears Cease " Fail " or certification success message " Success ";Step 7:The correctness of controller verification signature challenge Hash Value, authentification failure message " Fail " is sent if failure, Module is continued to run with if success;Controller verification signature value (Sn,Tn), if success authentication output success message " Success ", otherwise send authentification failure message " Fail ".
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510204633.9A CN104780052B (en) | 2015-04-27 | 2015-04-27 | Network equipment group authentication method in a kind of software defined network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510204633.9A CN104780052B (en) | 2015-04-27 | 2015-04-27 | Network equipment group authentication method in a kind of software defined network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104780052A CN104780052A (en) | 2015-07-15 |
CN104780052B true CN104780052B (en) | 2018-03-02 |
Family
ID=53621311
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510204633.9A Active CN104780052B (en) | 2015-04-27 | 2015-04-27 | Network equipment group authentication method in a kind of software defined network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104780052B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106817348B (en) * | 2015-11-30 | 2020-06-26 | 北京华为数字技术有限公司 | SDN-based security authentication method and related equipment |
US10887295B2 (en) | 2016-10-26 | 2021-01-05 | Futurewei Technologies, Inc. | System and method for massive IoT group authentication |
CN110392033B (en) * | 2018-04-23 | 2022-01-04 | 北京华为数字技术有限公司 | Password management method and device |
CN112104461A (en) * | 2019-06-18 | 2020-12-18 | 中国科学院沈阳自动化研究所 | SDN-based wireless security routing method in edge scene |
CN111586026B (en) * | 2020-04-30 | 2021-01-29 | 广州市品高软件股份有限公司 | Software defined boundary implementation method and system based on SDN |
CN116527408B (en) * | 2023-07-05 | 2023-09-08 | 中国电子科技集团公司第十五研究所 | Authentication management method and application based on friend bus |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977110A (en) * | 2010-10-09 | 2011-02-16 | 北京航空航天大学 | Group signature method based on elliptic curve |
CN103929422A (en) * | 2014-04-08 | 2014-07-16 | 北京工业大学 | Trusted inter-domain safety certificate protocol based on SDN |
CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8078876B2 (en) * | 2007-04-30 | 2011-12-13 | Intel Corporation | Apparatus and method for direct anonymous attestation from bilinear maps |
-
2015
- 2015-04-27 CN CN201510204633.9A patent/CN104780052B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101977110A (en) * | 2010-10-09 | 2011-02-16 | 北京航空航天大学 | Group signature method based on elliptic curve |
CN103929422A (en) * | 2014-04-08 | 2014-07-16 | 北京工业大学 | Trusted inter-domain safety certificate protocol based on SDN |
CN104113839A (en) * | 2014-07-14 | 2014-10-22 | 蓝盾信息安全技术有限公司 | Mobile data safety protection system and method based on SDN |
Non-Patent Citations (1)
Title |
---|
"基于网络认证的动态群签名方案";司光东;《哈尔滨工程大学学报》;20080901;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN104780052A (en) | 2015-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104780052B (en) | Network equipment group authentication method in a kind of software defined network | |
CN104378374B (en) | A kind of method and system that communication is set up based on SSL | |
CN107437993A (en) | One kind is based on without the side's authentication key agreement method of certificate two and device | |
CN102983971B (en) | Certificateless signature algorithm for user identity authentication in network environment | |
CN107689947A (en) | A kind of method and apparatus of data processing | |
CN105024994A (en) | Secure certificateless hybrid signcryption method without pairing | |
CN108667616A (en) | Across cloud security Verification System based on mark and method | |
CN107342859A (en) | A kind of anonymous authentication method and its application | |
CN106130716A (en) | Cipher key exchange system based on authentication information and method | |
JP7164672B2 (en) | Digital signature method, signature information verification method, related device and electronic device | |
CN109981265B (en) | Identity-based ciphertext equivalence determination method without using bilinear pairings | |
Lee et al. | Sequential aggregate signatures with short public keys: Design, analysis and implementation studies | |
CN105141419B (en) | The attribute base endorsement method and system in large attribute domain | |
CN109951288B (en) | Hierarchical signature method and system based on SM9 digital signature algorithm | |
Pan et al. | An enhanced secure smart card-based password authentication scheme. | |
CN110719172B (en) | Signature method, signature system and related equipment in block chain system | |
CN112152813B (en) | Certificateless content extraction signcryption method supporting privacy protection | |
CN107241190A (en) | The key agreement construction method and the network platform of a kind of identity-based | |
CN109995509A (en) | Authentication key based on message recovery signature exchanges method | |
CN107171788A (en) | A kind of identity-based and the constant online offline aggregate signature method of signature length | |
JP2022095852A (en) | Digital signature method, signature information verification method, related device, and electronic device | |
Kosba et al. | C $\emptyset $ C $\emptyset $: A Framework for Building Composable Zero-Knowledge Proofs | |
Harishma et al. | POSTER: Authenticated key-exchange protocol for heterogeneous CPS | |
CN109743162A (en) | A kind of operated using ideal lattice carries out the matched encryption method of identity attribute | |
CN112800482A (en) | Identity-based online/offline security cloud storage auditing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |