CN106790261B - Distributed file system and method for authenticating communication between its interior joint - Google Patents
Distributed file system and method for authenticating communication between its interior joint Download PDFInfo
- Publication number
- CN106790261B CN106790261B CN201710063684.3A CN201710063684A CN106790261B CN 106790261 B CN106790261 B CN 106790261B CN 201710063684 A CN201710063684 A CN 201710063684A CN 106790261 B CN106790261 B CN 106790261B
- Authority
- CN
- China
- Prior art keywords
- node
- signature
- identity
- resource
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000004891 communication Methods 0.000 title claims abstract description 13
- 238000012795 verification Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000032696 parturition Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
A kind of method the invention discloses distributed file system and for authenticating communication between its interior joint, distributed file system include first node, second node and server;First node sends request and the first signature to server;Server authentication first is signed, and after being verified, is searched second node, is generated session key, and the second signature is generated, and is generated the first ciphertext and be sent to first node;First node decrypts the first ciphertext, and generates third signature, and generate the second ciphertext, and the second ciphertext is sent to second node;Second node decrypts the second ciphertext, verifies second signature and third signature, if being verified, provides resource with the session key for first node;First node verifies resource with session key, and resource is received after being verified.The present invention provides data consistency checks for the node of demand file resource, and guarantee receives correct, legal file resource.
Description
Technical field
The present invention relates to a kind of information security fields, more particularly to a kind of distributed file system and are used for its interior joint
Between authenticate the method for communication.
Background technique
Distributed file system stores file on node in a network, so that it is insufficient to solve local storage space
Problem.The design of distributed file system is based on Client/Server pattern, and the node in system both can be used as storage file
Server, can also be used as the client computer of demand file.
Access control in traditional distributed file system mostly uses greatly access list or function division, access control
Permissions list needs to be stored on the node of storage file resource, and when permission changes, these nodes require to update column
Table, this process are relatively complicated.In addition, in practical applications, the node for obtaining resource, which is also required to the received resource of verifying, to be come
Derived from oneself requested node and resource is not tampered in transmission process, the scheme based on access control right list
It can not solve the problems, such as this.
Summary of the invention
The technical problem to be solved by the present invention is to provide resource to overcome in distributed file system in the prior art
Node can not judge that the node of request resource and its legitimacy of request, the node for receiving resource can not also verify the resource received
Whether source is legal not in defect transmission process favorite outer damage or be maliciously tampered, and provides a kind of distributed file system
And the method for authenticating communication between its interior joint.
The present invention is to solve above-mentioned technical problem by following technical proposals:
The present invention provides a kind of distributed file systems, it is characterized in that, including first node, second node and clothes
Business device;
The first node is used to send request and the first signature to the server, and the request is for requesting resource;
The server is used for after receiving the request and the first signature, verifies first signature, and verifying
By rear, the second node for being stored with resource is found, and generate session key for the first node and the second node,
And identity to the second node and session key generate the second signature, and with the second section of the identity ciphering of the first node
Identity, session key and the second signature of point are the first ciphertext, and first ciphertext is sent to the first node;
The first node is used to decrypt identity, session key and the second signature that first ciphertext obtains second node,
And third signature is generated to the request, the identity of second node, session key and the second signature, and with the second node
Request, the identity of second node, session key described in identity ciphering, the second signature and third signature are the second ciphertext, and by institute
It states the second ciphertext and is sent to second node;
The second node is used for after receiving second ciphertext, and decryption obtains the body of the request, second node
Part, session key, the second signature and third signature, verifying second signature and third signature, if being verified, described in
Session key provides resource for the first node;
The first node is also used to after receiving the resource that the second node provides, and is verified with the session key
Resource, and resource is received after being verified.
Preferably, the second node is also used to when second signature and third signature verification do not pass through, Xiang Suoshu
First node sends failure information.
Preferably, the first node be also used to resource verify not by when abandon resource.
Preferably, the identity of the identity of first node, the identity of server and second node is in the distributed field system
It is used in system as respective public key, for verifying signature and encryption;The private key of first node, the private key of server and second node
Private key difference secure store in first node, server and second node, for generating signature and decryption.
Preferably, including timestamp information in first signature, the second signature and third signature.
It is an object of the invention to additionally provide a kind of method for authenticating communication between the interior joint for distributed file system,
It is characterized in that being realized using above-mentioned distributed file system, comprising the following steps:
S1, the first node send request and the first signature to the server, and the request is for requesting resource;
S2, the server verify first signature after receiving the request and the first signature, and logical in verifying
Later, the second node for being stored with resource is found, and generates session key for the first node and the second node, and
Identity to the second node and session key generate the second signature, and with the identity ciphering second node of the first node
Identity, session key and second signature be the first ciphertext, first ciphertext is sent to the first node;
S3, the first node decrypt identity, session key and the second signature that first ciphertext obtains second node, and
Third signature is generated to the request, the identity of second node, session key and the second signature, and with the body of the second node
Part encrypting the request, the identity of second node, session key, the second signature and third signature is the second ciphertext, and will described in
Second ciphertext is sent to second node;
After receiving second ciphertext, decryption obtains the body of the request, second node for S4, the second node
Part, session key, the second signature and third signature, verifying second signature and third signature, if being verified, described in
Session key provides resource for the first node;
S5, the first node are verified with the session key and are provided after receiving the resource that the second node provides
Source, and resource is received after being verified.
Preferably, in step S4 it is described second signature and third signature verification do not pass through when, the second node also to
The first node sends failure information.
Preferably, first node described in step S5 also resource verifying not by when abandon resource.
Preferably, before step S1 further include:
S01, first node is generated according to the identity of the identity of the first node, the identity of server and second node
The private key of private key, the private key of server and second node;The wherein identity of the first node, the identity of server and the second section
Point identity respectively as the public key of first node, the public key of server and second node public key, in the distributed document
It is disclosed in system, for verifying signature and encryption;The private key of the private key of the first node, the private key of server and second node
Secure store is in first node, server and second node respectively, for generating signature and decryption.
Preferably, including timestamp information in first signature, the second signature and third signature.
The positive effect of the present invention is that: the present invention compared with tradition is based on the scheme of access control right list,
It is not necessary that permissions list is stored on the node for providing store function, this kind of node modification list when so as to avoid permission update
Complex process.In addition, node of the present invention also for demand file resource provides data consistency checks, ensure that such node connects
Receive correct, legal file resource.
Detailed description of the invention
Fig. 1 is the module diagram of the distributed file system of presently preferred embodiments of the present invention.
Fig. 2 is the stream of the method for authenticating communication between distributed file system interior joint of presently preferred embodiments of the present invention
Cheng Tu.
Specific embodiment
The present invention is further illustrated below by the mode of embodiment, but does not therefore limit the present invention to the reality
It applies among a range.
As shown in Figure 1, distributed file system of the invention includes first node 1, second node 2 and server 3,
Described in first node 1 communicated to connect respectively with the second node 2 and the server 3;
In the distributed file system that the first node 1, second node 2 and server 3 are constituted, the server
3 records and trace files resource storage location, and can be searched according to the request of the first node 1 and determine resource storage location the
Two nodes 2;
When the first node 1 needs to obtain file resource from the distributed file system, first to the service
Device 3 sends request and the first signature, and the request is for requesting resource, and first signature is for ensureing that the server receives
Request from first node 1 and not being tampered or damage in transmission process;
The server 3 is used for after receiving the request and the first signature, can verify the first signature and first node 1
Identity, i.e. whether the request that receives of judgement consistent with the request that the first node 1 issues, and judges the first node
Whether 1 be the legitimate user of system, if so, verifying first signature, and after being verified, is searched according to the request
Session key is generated to the second node 2 for being stored with resource, and for the first node 1 and the second node 2, and to described
The identity and session key of second node 2 generate the second signature, and with the identity ciphering second node 2 of the first node 1
Identity, session key and the second signature are the first ciphertext, and first ciphertext is sent to the first node 1;Described second
It signs for ensureing that the session key that the first node 1 and second node 2 obtain is generated by the server 3, and
It is not tampered in transmission process,
The first node 1 is used for after receiving first ciphertext, is decrypted first ciphertext and is obtained second node 2
Identity, session key and the second signature, and to the request, the identity of second node 2, session key and the second signature generation the
Three signatures, and request, the identity of second node 2, session key described in the identity ciphering of the second node 2, the second signature
It is the second ciphertext with third signature, and second ciphertext is sent to second node 2;The third signature is described for ensureing
The request that second node 2 receives derives from the first node 1, and the request is verified by server 3, and is being transmitted
It is not tampered in the process.
The second node 2 is used for after receive second ciphertext, and decryption obtains the request, second node 2
Identity, session key, the second signature and third signature verify second signature and third signature, if being verified, use institute
Stating session key is that the first node 1 provides resource;If verifying does not pass through, failure information is sent to the first node 1.
The first node 1 is also used to after receiving the resource that the second node 2 provides, and is tested with the session key
Resource is demonstrate,proved, and receives resource after being verified;Resource is abandoned after verifying does not pass through.
Wherein, in the present invention, it is preferred to, the identity of the identity of first node 1, the identity of server 3 and second node 2
It is used in the distributed file system as respective public key, for verifying signature and encryption;Private key, the clothes of first node 1
The private key of business device 3 and the private key difference secure store of second node 2 are in first node 1, server 3 and second node 2, for giving birth to
At signature and decryption.
It include timestamp information in first signature, the second signature and third signature, for preventing Replay Attack.
As shown in Fig. 2, the present invention also provides a kind of method for authenticating communication between interior joint for distributed file system,
It is characterized in that being realized using above-mentioned distributed file system, comprising the following steps:
Step 101 generates first segment according to the identity of the identity of the first node, the identity of server and second node
Private key, the private key of server and the private key of second node of point;The wherein identity of the first node, the identity of server and
The identity of two nodes respectively as the public key of first node, the public key of server and second node public key, in the distribution
It is disclosed in file system, for verifying signature and encryption;The private key of the first node, the private key of server and second node
Private key distinguishes secure store in first node, server and second node, for generating signature and decryption;
Step 102, the first node send request and the first signature to the server, and the request is for requesting money
Source;First signature specifically the private key of the first node can be used to carry out signature algorithm to the request and obtain;
Step 103, the server first determine whether that the first node is after receiving the request and the first signature
No is system legitimate user, if so, the first signature described in the authentication with the first node, and after being verified,
The second node for being stored with resource is found according to the request, and generates session for the first node and the second node
Key, and the second signature is generated with identity and session-key computation signature of the private key of server to the second node, it is used in combination
Identity, session key and the second signature of the identity ciphering second node of the first node are the first ciphertext, by described first
Ciphertext is sent to the first node;
Step 104, the first node decrypt institute after receiving first ciphertext, with the private key of the first node
It states the first ciphertext and obtains the identity of second node, session key and the second signature, second described in the authentication with the server
Signature, if being verified, with the private key of the first node to the request, the identity of second node, session key and the
Two signatures generate third signature, and request, the identity of second node, session described in the identity ciphering of the second node are close
Key, the second signature and third signature are the second ciphertext, and second ciphertext is sent to second node;
Step 105, the second node decrypt institute after receiving second ciphertext, with the private key of the second node
It states the second ciphertext and obtains the request, the identity of second node, session key, the second signature and third signature, and with described the
Second signature described in the signature of third described in the authentication of one node, the authentication with the server, if verifying all passes through,
Cryptographic Hash then is calculated to file resource with the session key, and the file resource and cryptographic Hash are sent to the first segment
Point;If verifying does not pass through, the second node also sends failure information to the first node;
Step 106, the first node use institute after receiving the file resource and cryptographic Hash that the second node provides
The cryptographic Hash that session key verifies the file resource is stated, file resource is received if being verified, if verifying is not by giving up
Abandon file resource.
Wherein, in a step 101, the identity of the identity of the first node, the identity of server and second node can be set
It is set to first node address, server address and second node address, and respectively as the public affairs of the public key of first node, server
The public key of key and second node can avoid the maintenance in the security framework based on conventional public-key cipher system to public key certificate.In
Step 102, step 103 and step 104, it is preferable that further include timestamp in first signature, the second signature and third signature
Information, for preventing Replay Attack.In step 103, the server generates the session key by random number generator.
In step 105, it is preferable that the cryptographic Hash further includes timestamp information.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that these
It is merely illustrative of, protection scope of the present invention is defined by the appended claims.Those skilled in the art is not carrying on the back
Under the premise of from the principle and substance of the present invention, many changes and modifications may be made, but these are changed
Protection scope of the present invention is each fallen with modification.
Claims (10)
1. a kind of distributed file system, which is characterized in that including first node, second node and server;
The first node is used to send request and the first signature to the server, and the request is for requesting resource;
The server is used for after receiving the request and the first signature, verifies first signature, and be verified
Afterwards, the second node for being stored with resource is found, and generates session key for the first node and the second node, and right
The identity and session key of the second node generate the second signature, and with the identity ciphering second node of the first node
Identity, session key and the second signature are the first ciphertext, and first ciphertext is sent to the first node;
The first node is used to decrypt identity, session key and the second signature that first ciphertext obtains second node, and right
The request, the identity of second node, session key and the second signature generate third signature, and with the identity of the second node
Encrypting the request, the identity of second node, session key, the second signature and third signature is the second ciphertext, and by described the
Two ciphertexts are sent to second node;
The second node is used for after receiving second ciphertext, and decryption obtains the request, the identity of second node, meeting
Key, the second signature and third signature are talked about, second signature and third signature are verified, if being verified, with the session
Key provides resource for the first node;
The first node is also used to after receiving the resource that the second node provides, and is verified and is provided with the session key
Source, and resource is received after being verified.
2. distributed file system as described in claim 1, which is characterized in that the second node is also used to described second
When signature and third signature verification do not pass through, Xiang Suoshu first node sends failure information.
3. distributed file system as described in claim 1, which is characterized in that the first node is also used to verify in resource
Not by when abandon resource.
4. distributed file system as described in claim 1, which is characterized in that identity, the identity of server of first node
And the identity of second node uses in the distributed file system as respective public key, for verifying signature and encryption;The
The private key difference secure store of the private key of one node, the private key of server and second node is in first node, server and second
Node, for generating signature and decryption.
5. distributed file system as described in claim 1, which is characterized in that first signature, the second signature and third
It include timestamp information in signature.
6. authenticating the method for communication between a kind of interior joint for distributed file system, which is characterized in that it is wanted using such as right
Distributed file system described in asking 1 is realized, comprising the following steps:
S1, the first node send request and the first signature to the server, and the request is for requesting resource;
S2, the server verify first signature after receiving the request and the first signature, and are being verified
Afterwards, the second node for being stored with resource is found, and generates session key for the first node and the second node, and right
The identity and session key of the second node generate the second signature, and with the identity ciphering second node of the first node
Identity, session key and the second signature are the first ciphertext, and first ciphertext is sent to the first node;
S3, the first node decrypt identity, session key and the second signature that first ciphertext obtains second node, and to institute
It states request, the identity of second node, session key and the second signature and generates third signature, and added with the identity of the second node
The close request, the identity of second node, session key, the second signature and third signature are the second ciphertext, and by described second
Ciphertext is sent to second node;
After receiving second ciphertext, decryption obtains the request, the identity of second node, meeting for S4, the second node
Key, the second signature and third signature are talked about, second signature and third signature are verified, if being verified, with the session
Key provides resource for the first node;
S5, the first node verify resource after receiving the resource that the second node provides, with the session key, and
Resource is received after being verified.
7. the method for authenticating communication between distributed file system interior joint as claimed in claim 6, which is characterized in that step
In rapid S4 when second signature and third signature verification do not pass through, the second node also sends to the first node and loses
Lose information.
8. the method for authenticating communication between distributed file system interior joint as claimed in claim 6, which is characterized in that step
First node described in rapid S5 also resource verifying not by when abandon resource.
9. the method for authenticating communication between distributed file system interior joint as claimed in claim 6, which is characterized in that step
Before rapid S1 further include:
S01, the private that first node is generated according to the identity of the identity of the first node, the identity of server and second node
The private key of key, the private key of server and second node;The wherein identity of the first node, the identity of server and second node
Identity respectively as the public key of first node, the public key of server and second node public key, in the distributed field system
It is disclosed in system, for verifying signature and encryption;The private key of the private key of the first node, the private key of server and second node point
Other secure store is in first node, server and second node, for generating signature and decryption.
10. the method for authenticating communication between distributed file system interior joint as claimed in claim 6, which is characterized in that
It include timestamp information in first signature, the second signature and third signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710063684.3A CN106790261B (en) | 2017-02-03 | 2017-02-03 | Distributed file system and method for authenticating communication between its interior joint |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710063684.3A CN106790261B (en) | 2017-02-03 | 2017-02-03 | Distributed file system and method for authenticating communication between its interior joint |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106790261A CN106790261A (en) | 2017-05-31 |
| CN106790261B true CN106790261B (en) | 2019-11-08 |
Family
ID=58956727
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710063684.3A Expired - Fee Related CN106790261B (en) | 2017-02-03 | 2017-02-03 | Distributed file system and method for authenticating communication between its interior joint |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790261B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10764291B2 (en) | 2018-09-04 | 2020-09-01 | International Business Machines Corporation | Controlling access between nodes by a key server |
| US11025413B2 (en) | 2018-09-04 | 2021-06-01 | International Business Machines Corporation | Securing a storage network using key server authentication |
| US11088829B2 (en) | 2018-09-04 | 2021-08-10 | International Business Machines Corporation | Securing a path at a node |
| US10833856B2 (en) | 2018-09-04 | 2020-11-10 | International Business Machines Corporation | Automatic re-authentication of links using a key server |
| US11038671B2 (en) | 2018-09-04 | 2021-06-15 | International Business Machines Corporation | Shared key processing by a storage device to secure links |
| US11038698B2 (en) | 2018-09-04 | 2021-06-15 | International Business Machines Corporation | Securing a path at a selected node |
| US11991273B2 (en) | 2018-09-04 | 2024-05-21 | International Business Machines Corporation | Storage device key management for encrypted host data |
| US10833860B2 (en) | 2018-09-04 | 2020-11-10 | International Business Machines Corporation | Shared key processing by a host to secure links |
| CN110891061B (en) * | 2019-11-26 | 2021-08-06 | 中国银联股份有限公司 | Data encryption and decryption method and device, storage medium and encrypted file |
| CN112560113B (en) * | 2020-12-24 | 2024-06-07 | 珠海格力电器股份有限公司 | Node signature management method, system, electronic equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101184086A (en) * | 2006-11-16 | 2008-05-21 | 达诺媒体有限公司 | Systems and methods for distributed digital rights management |
| CN101420413A (en) * | 2007-10-25 | 2009-04-29 | 华为技术有限公司 | Session cipher negotiating method, network system, authentication server and network appliance |
| CN101461176A (en) * | 2006-06-01 | 2009-06-17 | 日本电气株式会社 | Communication node authentication system and method, and communication node authentication program |
| CN101771537A (en) * | 2008-12-26 | 2010-07-07 | 中国移动通信集团公司 | Processing method and certificating method for distribution type certificating system and certificates of certification thereof |
| CN102065423A (en) * | 2010-12-13 | 2011-05-18 | 中国联合网络通信集团有限公司 | Node access authentication method, access authenticated node, access node and communication system |
| US8019989B2 (en) * | 2003-06-06 | 2011-09-13 | Hewlett-Packard Development Company, L.P. | Public-key infrastructure in network management |
| CN105163309A (en) * | 2015-09-10 | 2015-12-16 | 电子科技大学 | Method for secure communication of wireless sensor network based on combined password |
-
2017
- 2017-02-03 CN CN201710063684.3A patent/CN106790261B/en not_active Expired - Fee Related
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8019989B2 (en) * | 2003-06-06 | 2011-09-13 | Hewlett-Packard Development Company, L.P. | Public-key infrastructure in network management |
| CN101461176A (en) * | 2006-06-01 | 2009-06-17 | 日本电气株式会社 | Communication node authentication system and method, and communication node authentication program |
| CN101184086A (en) * | 2006-11-16 | 2008-05-21 | 达诺媒体有限公司 | Systems and methods for distributed digital rights management |
| CN101420413A (en) * | 2007-10-25 | 2009-04-29 | 华为技术有限公司 | Session cipher negotiating method, network system, authentication server and network appliance |
| CN101771537A (en) * | 2008-12-26 | 2010-07-07 | 中国移动通信集团公司 | Processing method and certificating method for distribution type certificating system and certificates of certification thereof |
| CN102065423A (en) * | 2010-12-13 | 2011-05-18 | 中国联合网络通信集团有限公司 | Node access authentication method, access authenticated node, access node and communication system |
| CN105163309A (en) * | 2015-09-10 | 2015-12-16 | 电子科技大学 | Method for secure communication of wireless sensor network based on combined password |
Non-Patent Citations (2)
| Title |
|---|
| Vidya N. Chiwande;Animesh R. Tayal.An Approach to Balance the Load with Security for Distributed File System in Cloud.《2014 International Conference on Electronic Systems, Signal Processing and Computing Technologies》.2014,第266-270页. * |
| 分布式文件交互系统节点身份认证方案;何文才,杜敏,陈志伟,刘培鹤,韩妍妍;《通信学报》;20130831;第34卷(第Z1期);第15-20页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106790261A (en) | 2017-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106790261B (en) | Distributed file system and method for authenticating communication between its interior joint | |
| CN110968743B (en) | Data storage and data reading method and device for private data | |
| JP6547079B1 (en) | Registration / authorization method, device and system | |
| CN110537346B (en) | Safe decentralized domain name system | |
| CN111010410B (en) | Mimicry defense system based on certificate identity authentication and certificate signing and issuing method | |
| CN110750803B (en) | Method and device for providing and fusing data | |
| CN110022217B (en) | Advertisement media service data credible storage system based on block chain | |
| CN101189827B (en) | Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method | |
| US8683209B2 (en) | Method and apparatus for pseudonym generation and authentication | |
| KR20190012969A (en) | Data access management system based on blockchain and method thereof | |
| CN111147460B (en) | Block chain-based cooperative fine-grained access control method | |
| CN108809633B (en) | Identity authentication method, device and system | |
| KR20080004165A (en) | Method for device authentication using broadcast encryption | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| CN103634265B (en) | Method, equipment and the system of safety certification | |
| Tong et al. | CCAP: a complete cross-domain authentication based on blockchain for Internet of Things | |
| CN110086818B (en) | Cloud file secure storage system and access control method | |
| CN114091009A (en) | Method for establishing secure link by using distributed identity | |
| Liou et al. | T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs | |
| WO2017008556A1 (en) | Authentication method and device for wireless access point and management platform | |
| CN115208656B (en) | Supply chain data sharing method and system based on blockchain and authority management | |
| US11570008B2 (en) | Pseudonym credential configuration method and apparatus | |
| CN106790185B (en) | CP-ABE-based method and device for safely accessing authority dynamic update centralized information | |
| CN116318637A (en) | Method and system for secure network access communication of equipment | |
| CN115913521A (en) | Method for identity authentication based on quantum key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20191108 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |