CN107135228B - Authentication system and authentication method based on central node - Google Patents
Authentication system and authentication method based on central node Download PDFInfo
- Publication number
- CN107135228B CN107135228B CN201710405971.8A CN201710405971A CN107135228B CN 107135228 B CN107135228 B CN 107135228B CN 201710405971 A CN201710405971 A CN 201710405971A CN 107135228 B CN107135228 B CN 107135228B
- Authority
- CN
- China
- Prior art keywords
- authentication
- local
- verification
- key
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an authentication system based on a central node, which comprises a local verification authentication unit and a remote verification authentication unit, wherein the local verification authentication unit comprises local authentication equipment, the remote verification authentication unit comprises authentication center equipment, the authentication center equipment and a plurality of local authentication equipment are respectively connected with key relay equipment, and the local verification authentication unit is connected with corresponding external equipment. Compared with the prior art, the method and the device realize the communication connection between the external equipment and all equipment connected with the authentication center on the basis of the communication between the local authentication and the remote authentication center through the local authentication or the remote authentication, eliminate the defect that the external equipment can only authenticate with the appointed equipment, and provide convenience for multi-point authentication communication; in addition, the authentication information is transmitted in multiple times in an encryption manner in the authentication process, and the security of the authentication information transmission is ensured.
Description
Technical Field
The present invention relates to the field of secure communications technologies, and in particular, to an authentication system and an authentication method based on a central node.
Background
An access authentication device is the device closest to the access terminal and is typically used to interact with an authentication server in messages to forward access requests from the access terminal to the authentication server for network access authentication by the authentication server.
The traditional authentication mode is mostly unidirectional, namely, the external equipment sends request information to the access authentication equipment, the access authentication equipment verifies after receiving the request information, the external equipment can access the request information after verification, the security during information transmission cannot be guaranteed while authentication is completed, the external equipment can only authenticate with the appointed access authentication equipment and cannot simultaneously authenticate and communicate with the multi-terminal equipment, and under the general authentication condition, if mobile behaviors occur, the terminal equipment cannot authenticate with other equipment under the condition of no authentication information of other equipment.
Disclosure of Invention
The invention aims to provide an authentication system and an authentication method based on a central node, which are used for solving the technical defects that in the prior art, external equipment can only authenticate with appointed access authentication equipment, the information transmission safety cannot be ensured, and the external equipment cannot simultaneously authenticate and communicate with multi-terminal equipment.
The technical scheme of the invention is realized as follows:
the authentication system based on the central node comprises a local verification authentication unit and a remote verification authentication unit, wherein the local verification authentication unit comprises local authentication equipment, the local authentication equipment is provided with a local proxy authentication module, the remote verification authentication unit comprises authentication central equipment, the authentication central equipment is provided with a remote proxy authentication module, the remote proxy authentication module can be connected with a plurality of local proxy authentication modules, the remote proxy authentication module and the plurality of local proxy authentication modules are also respectively connected with key relay equipment, and the local verification authentication unit is connected with corresponding external equipment.
Preferably, a key relay device is connected between the external device and the remote verification authentication unit.
Preferably, the key relay device is a quantum key relay device.
The invention also provides a center node-based authentication method, which comprises the following steps:
local verification authentication
1) The external equipment sends an authentication request message to a local verification authentication unit, the local authentication equipment performs verification authentication on the authentication request message, if the verification authentication is passed, an authentication key of the local authentication equipment is returned to the external equipment, and if the verification authentication is not passed, the local authentication equipment enters remote verification authentication;
2) The external equipment receives the self-authentication key returned by the local authentication equipment, the external equipment verifies whether the self-authentication key is correct or not, if the self-authentication key is incorrect, authentication failure is returned, if the self-authentication key is correct, a session link is created, and authentication success is returned;
3) After receiving the authentication success message, the local authentication equipment creates a corresponding session link, if receiving the authentication failure message, does not process,
remote verification authentication
1) The external equipment sends an authentication request message to the local verification authentication unit, the local authentication equipment performs verification authentication on the authentication request message, and if the verification authentication does not pass, the authentication request message is transmitted to the local agent authentication module;
2) After receiving the authentication request message, the local proxy authentication module creates an encrypted information packet based on the request, and the authentication request message is added into the encrypted information packet and is sent to the remote proxy authentication module;
3) After receiving the information package, the remote proxy authentication module decrypts the information package and then transmits the authentication request message to an authentication module of a remote check authentication unit;
4) The authentication module decrypts after receiving the authentication request message, verifies the authentication information, and encrypts authentication result data needing to be returned to the external device through shared key encryption between the external device and the remote verification authentication unit;
5) Sending the authentication result data and the authentication information to a remote agent authentication module, and packaging the authentication result and the authentication information by the remote agent authentication module and encrypting the package through a secret key shared with a local agent authentication module;
6) The remote agent authentication module sends the encrypted packet to the local agent authentication module, and the local agent authentication module decrypts the packet to obtain authentication information and encrypted authentication result data;
7) The authentication module of the local authentication device records the authentication information and the encrypted authentication result data and sends the authentication information and the encrypted authentication result data to the external device;
8) The external equipment receives the authentication information and the encrypted authentication result data, verifies whether the authentication key is correct, returns failure if the authentication key is incorrect, and returns successful authentication if the session link is correctly established;
9) After receiving the authentication success information, the authentication module of the local authentication equipment creates a corresponding session link, and if receiving the authentication failure information, the authentication module does not process the session link.
Preferably, in the step 1) of the local verification authentication, the value of the key_id of the encrypted message is first searched from a local database of the local verification authentication unit, and then corresponding authentication information is searched from the local database, where the authentication information includes an authentication user and an authentication Key.
Preferably, in the step 2) of remote verification authentication, on the basis of the request message, a custom message type is added, a agent_id is randomly generated, the agent_id is used as a header to be added to a message header of an information packet, and the message header is directly sent to a remote proxy authentication module through an established Session, and the TCP connection information between the agent_id and an access external device is stored through a data structure.
Preferably, in the step 4) of remote verification authentication, the authentication module of the authentication center device decrypts after receiving the request message, searches the user information, the authentication key and the authentication key information of the authentication center device in the center database, verifies the user information and the authentication key, encrypts the authentication result through the key known by the external device, and invokes the encrypted authentication result and verification state to the remote proxy authentication module.
Preferably, the data transferred to the remote proxy authentication module further comprises authentication key information of the authentication center device and the generated Session key.
Compared with the prior art, the invention has the following beneficial effects:
according to the authentication system and the authentication method based on the center node, communication connection between the external equipment and all equipment connected with the authentication center is realized on the basis of communication between the local verification authentication and the authentication center of the remote verification authentication through the local verification authentication or the local verification failure through the remote verification authentication, the defect that the external equipment can only be authenticated with the appointed equipment is overcome, and convenience is provided for multi-point authentication communication; in addition, the method realizes the multiple encryption transmission of the authentication information in the authentication process, ensures the security of the authentication information transmission, is beneficial to central management, and can record all the access devices in the center for management when all the devices need to pass through the central node for device authentication in the access network.
Drawings
FIG. 1 is a schematic block diagram of a central node-based authentication system of the present invention;
fig. 2 is a flow chart of the authentication method based on the central node of the present invention.
In the figure: the authentication system comprises a local verification authentication unit 100, a local authentication device 110, a local proxy authentication module 111, a remote verification authentication unit 200, an authentication center device 210, a remote proxy authentication module 211, a key relay device 300 and an external device 400.
Detailed Description
The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which embodiments of the invention are shown.
The access authentication of the present invention is divided into two cases: first, authentication information is stored in an accessed local verification authentication unit; second, authentication information is stored in a remote verification authentication unit. The first case only requires local verification at the access local verification authentication unit, while the second case requires transmission of authentication information to the remote verification authentication unit for proxy access authentication verification. The specific authentication system and the authentication method are as follows:
as shown in fig. 1, the authentication system based on the central node comprises a local verification authentication unit 100 and a remote verification authentication unit 200, wherein the local verification authentication unit 100 comprises a local authentication device 110, the local authentication device 110 is provided with a local proxy authentication module 111, the remote verification authentication unit 200 comprises an authentication central device 210, the authentication central device 210 is provided with a remote proxy authentication module 211, the remote proxy authentication module 211 can be connected with a plurality of local proxy authentication modules 111, the remote proxy authentication module 200 and the plurality of local proxy authentication modules 111 are respectively connected with a key relay device 300, and the local verification authentication unit 100 is connected with a corresponding external device 400. A key relay device 300 is connected between the external device 400 and the remote verification authentication unit 200. The key relay device 300 is a quantum key relay device, and the existing authentication mode is mostly verified by adopting a certificate mode, while the present invention uses a quantum key generated by quantum communication as an authentication key of access authentication, which is superior to an authentication certificate generated by an algorithm in terms of security, wherein a plurality of local authentication devices 110 can share one set of key relay device 300, so that the key relay device 300 relays keys of a plurality of local authentication devices 110 and an authentication center device 210, for example, when an external device a initiates access authentication to the local authentication device a, the accessed local authentication device a can first search a key_id in a message header received locally, and if a corresponding key_value is found, it is indicated that verification can be performed locally. If not, the local proxy module is called to package the encrypted message, and the message is encrypted by using a secret key shared by the local authentication equipment A and the authentication center equipment and forwarded to the remote verification authentication unit 200, and authentication is completed by the authentication center equipment 210.
As shown in fig. 2, the invention further provides a center node-based authentication method, which comprises the following steps:
local verification authentication
1) The external equipment sends an authentication request message to a local verification authentication unit, the local authentication equipment performs verification authentication on the authentication request message, if the verification authentication is passed, an authentication key of the local authentication equipment is returned to the external equipment, and if the verification authentication is not passed, the local authentication equipment enters remote verification authentication;
2) The external equipment receives the self-authentication key returned by the local authentication equipment, the external equipment verifies whether the self-authentication key is correct or not, if the self-authentication key is incorrect, authentication failure is returned, if the self-authentication key is correct, a session link is created, and authentication success is returned;
3) After receiving the authentication success message, the local authentication equipment creates a corresponding session link, if receiving the authentication failure message, does not process,
remote verification authentication
1) The external equipment sends an authentication request message to the local verification authentication unit, the local authentication equipment performs verification authentication on the authentication request message, and if the verification authentication does not pass, the authentication request message is transmitted to the local agent authentication module;
2) After receiving the authentication request message, the local proxy authentication module creates an encrypted information packet based on the request, and the authentication request message is added into the encrypted information packet and is sent to the remote proxy authentication module;
3) After receiving the information package, the remote proxy authentication module decrypts the information package and then transmits the authentication request message to an authentication module of a remote check authentication unit;
4) The authentication module decrypts after receiving the authentication request message, verifies the authentication information, and encrypts authentication result data needing to be returned to the external device through shared key encryption between the external device and the remote verification authentication unit;
5) Sending the authentication result data and the authentication information to a remote agent authentication module, and packaging the authentication result and the authentication information by the remote agent authentication module and encrypting the package through a secret key shared with a local agent authentication module;
6) The remote agent authentication module sends the encrypted packet to the local agent authentication module, and the local agent authentication module decrypts the packet to obtain authentication information and encrypted authentication result data;
7) The authentication module of the local authentication device records the authentication information and the encrypted authentication result data and sends the authentication information and the encrypted authentication result data to the external device;
8) The external equipment receives the authentication information and the encrypted authentication result data, verifies whether the authentication key is correct, returns failure if the authentication key is incorrect, and returns successful authentication if the session link is correctly established;
9) After receiving the authentication success information, the authentication module of the local authentication equipment creates a corresponding session link, and if receiving the authentication failure information, the authentication module does not process the session link.
Preferably, in the step 1) of the local verification authentication, the value of the key_id of the encrypted message is first searched from a local database of the local verification authentication unit, and then corresponding authentication information is searched from the local database, where the authentication information includes an authentication user and an authentication Key.
Preferably, in the step 2) of remote verification authentication, on the basis of the request message, a custom message type is added, a agent_id is randomly generated, the agent_id is used as a header to be added to a message header of an information packet, and the message header is directly sent to a remote proxy authentication module through an established Session, and the TCP connection information between the agent_id and an access external device is stored through a data structure.
Preferably, in the step 4) of remote verification authentication, the authentication module of the authentication center device decrypts after receiving the request message, searches the user information, the authentication key and the authentication key information of the authentication center device in the center database, verifies the user information and the authentication key, encrypts the authentication result through the key known by the external device, and invokes the encrypted authentication result and verification state to the remote proxy authentication module.
Preferably, the data transferred to the remote proxy authentication module further comprises authentication key information of the authentication center device and the generated Session key.
The authentication process is bidirectional authentication, namely the initiating terminal and the receiving terminal need to transmit authentication information known by both sides, and the parties can establish normal communication connection under the condition that both sides pass authentication. The authentication information sent by the initiator needs to be encrypted, a pair of preset shared keys (key_id, key_value) are used for encryption and decryption, the key_id is assembled into a message in a plaintext format in the transmission process and is placed in a message header, and the authentication information is encrypted by using the key_value corresponding to the key_id and is assembled in a message body of the message. Thereafter, the message is transmitted to the device requiring access.
In addition to authentication information, the message REQ requested to be accessed by the external equipment also needs to carry a randomly generated Session key id and Session key value corresponding to the Session key id, a preset shared key is used for encrypting the message, and if the access authentication equipment cannot analyze, the message is forwarded to a remote verification authentication unit; after decryption and authentication, the remote verification authentication unit 200 encrypts and transmits the Session information and an authentication result encrypted by using a shared key in an external device request message back to the local verification authentication unit in the form of a message ACK through the shared key of the authentication center device and the local authentication device, and the local verification authentication unit stores the Session key information; if authentication fails, directly returning to a failure state; in the message CONF, the key used for encrypting the message is the result of exclusive OR of the two Session key ids and Session key value, that is, the key of the last frame is not preset, and the message analysis is not needed to be carried out by the authentication center. The authentication adopts a three-way handshake mode similar to TCP connection, and relevant authentication information is carried in three frames of REQ (request), ACK (response) and CONF (acknowledgement), so that bidirectional authentication can be better realized. In addition, in the one-time authentication process, different keys are used for encrypting and decrypting the message, and the security of information transmission is ensured while the authentication is completed.
As can be seen from the system structure and the authentication method provided by the invention, the authentication system and the authentication method based on the central node realize communication connection between the external device and all devices connected with the authentication center on the basis of communication between the local verification authentication and the authentication center of the remote verification authentication by the local verification authentication or the local verification failure through the remote verification authentication, eliminate the defect that the external device can only authenticate with the appointed device, and provide convenience for multi-point authentication communication; in addition, the authentication information is transmitted in multiple times in an encryption manner in the authentication process, and the security of the authentication information transmission is ensured.
Claims (4)
1. The authentication method based on the central node comprises a local verification authentication unit and a remote verification authentication unit, wherein the local verification authentication unit comprises local authentication equipment, the local authentication equipment is provided with a local proxy authentication module, the remote verification authentication unit comprises authentication central equipment, the authentication central equipment is provided with a remote proxy authentication module, the remote proxy authentication module can be connected with a plurality of local proxy authentication modules, the remote proxy authentication module and the plurality of local proxy authentication modules are also respectively connected with key relay equipment, the local verification authentication unit is connected with corresponding external equipment, key relay equipment is connected between the external equipment and the remote verification authentication unit, and the key relay equipment is quantum key relay equipment, and the authentication method is characterized by comprising the following steps:
local verification authentication
1) The external equipment sends an authentication request message to a local verification authentication unit, the local authentication equipment performs verification authentication on the authentication request message, if the verification authentication is passed, an own authentication Key is returned to the external equipment, if the verification authentication is not passed, remote verification authentication is entered, firstly, the value of an encrypted message Key_id is searched from a local database of the local verification authentication unit, and then corresponding authentication information is searched from the local database, wherein the authentication information comprises an authentication user and the authentication Key;
2) The external equipment receives the self-authentication key returned by the local authentication equipment, the external equipment verifies whether the self-authentication key is correct or not, if the self-authentication key is incorrect, authentication failure is returned, if the self-authentication key is correct, a session link is created, and authentication success is returned;
3) After receiving the authentication success message, the local authentication equipment creates a corresponding session link, and if receiving the authentication failure message, the local authentication equipment does not process the session link;
remote verification authentication
1) The external equipment sends an authentication request message to the local verification authentication unit, the local authentication equipment performs verification authentication on the authentication request message, and if the verification authentication does not pass, the authentication request message is transmitted to the local agent authentication module;
2) After receiving the authentication request message, the local proxy authentication module creates an encrypted information packet based on the request, and the authentication request message is added into the encrypted information packet and is sent to the remote proxy authentication module;
3) After receiving the information package, the remote proxy authentication module decrypts the information package and then transmits the authentication request message to an authentication module of a remote check authentication unit;
4) The authentication module decrypts after receiving the authentication request message, verifies the authentication information, and encrypts authentication result data needing to be returned to the external device through a shared key between the external device and the remote verification authentication unit;
5) Sending the authentication result data and the authentication information to a remote agent authentication module, and packaging the authentication result and the authentication information by the remote agent authentication module and encrypting the package through a secret key shared with a local agent authentication module;
6) The remote agent authentication module sends the encrypted packet to the local agent authentication module, and the local agent authentication module decrypts the packet to obtain authentication information and encrypted authentication result data;
7) The authentication module of the local authentication device records the authentication information and the encrypted authentication result data and sends the authentication information and the encrypted authentication result data to the external device;
8) The external equipment receives the authentication information and the encrypted authentication result data, verifies whether the authentication key is correct, returns failure if the authentication key is incorrect, and returns successful authentication if the session link is correctly established;
9) After receiving the authentication success information, the authentication module of the local authentication equipment creates a corresponding session link, and if receiving the authentication failure information, the authentication module does not process the session link.
2. The authentication method based on the central node of claim 1, wherein in the step 2) of remote verification authentication, a custom message type is added on the basis of a request message, a agent_id is randomly generated, the agent_id is added as a header to a message header of an information packet, the message header is directly sent to a remote agent authentication module through an established Session, and TCP connection information between the agent_id and an access external device is stored through a data structure.
3. The authentication method based on the central node according to claim 1, wherein in the step 4) of remote verification authentication, the authentication module of the authentication center device decrypts after receiving the request message, searches the user information, the authentication key and the authentication key information of itself of the external device in the center database, verifies the user information and the authentication key, encrypts the authentication result by the key known to the external device, and simultaneously invokes the encrypted authentication result and verification state to the remote proxy authentication module.
4. The center node-based authentication method of claim 1, wherein the data invoked to the remote proxy authentication module further comprises authentication key information of the authentication center device and a generated Session key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710405971.8A CN107135228B (en) | 2017-06-01 | 2017-06-01 | Authentication system and authentication method based on central node |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710405971.8A CN107135228B (en) | 2017-06-01 | 2017-06-01 | Authentication system and authentication method based on central node |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107135228A CN107135228A (en) | 2017-09-05 |
CN107135228B true CN107135228B (en) | 2023-09-22 |
Family
ID=59733492
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710405971.8A Active CN107135228B (en) | 2017-06-01 | 2017-06-01 | Authentication system and authentication method based on central node |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107135228B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110704823A (en) * | 2019-09-10 | 2020-01-17 | 平安科技(深圳)有限公司 | Data request method, device, storage medium and electronic equipment |
CN111541719B (en) * | 2020-05-19 | 2021-08-24 | 北京天融信网络安全技术有限公司 | Authentication method and device and information processing equipment |
CN115695055B (en) * | 2023-01-05 | 2023-03-14 | 中国电子科技集团公司第三十研究所 | High-reliability high-concurrency security authentication system and method based on memory database |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6856800B1 (en) * | 2001-05-14 | 2005-02-15 | At&T Corp. | Fast authentication and access control system for mobile networking |
CN101436969A (en) * | 2007-11-15 | 2009-05-20 | 华为技术有限公司 | Network access method, apparatus and system |
CN104052608A (en) * | 2014-07-07 | 2014-09-17 | 西安电子科技大学 | Certificate-free remote anonymous authentication method based on third party in cloud application |
CN104506509A (en) * | 2014-12-15 | 2015-04-08 | 广东汇卡商务服务有限公司 | Multifunctional security authentication terminal and authentication method based on terminal |
CN106656488A (en) * | 2016-12-07 | 2017-05-10 | 百富计算机技术(深圳)有限公司 | Key downloading method and device of POS terminal |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7350076B1 (en) * | 2001-05-16 | 2008-03-25 | 3Com Corporation | Scheme for device and user authentication with key distribution in a wireless network |
US20070136587A1 (en) * | 2005-12-08 | 2007-06-14 | Freescale Semiconductor, Inc. | Method for device authentication |
CN101212294A (en) * | 2006-12-29 | 2008-07-02 | 北大方正集团有限公司 | Method and system for implementing network access authentication |
US9712324B2 (en) * | 2013-03-19 | 2017-07-18 | Forcepoint Federal Llc | Methods and apparatuses for reducing or eliminating unauthorized access to tethered data |
CN105471576B8 (en) * | 2015-12-28 | 2017-07-21 | 科大国盾量子技术股份有限公司 | A kind of method of quantum key relaying, quantum terminal node and system |
-
2017
- 2017-06-01 CN CN201710405971.8A patent/CN107135228B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6856800B1 (en) * | 2001-05-14 | 2005-02-15 | At&T Corp. | Fast authentication and access control system for mobile networking |
CN101436969A (en) * | 2007-11-15 | 2009-05-20 | 华为技术有限公司 | Network access method, apparatus and system |
CN104052608A (en) * | 2014-07-07 | 2014-09-17 | 西安电子科技大学 | Certificate-free remote anonymous authentication method based on third party in cloud application |
CN104506509A (en) * | 2014-12-15 | 2015-04-08 | 广东汇卡商务服务有限公司 | Multifunctional security authentication terminal and authentication method based on terminal |
CN106656488A (en) * | 2016-12-07 | 2017-05-10 | 百富计算机技术(深圳)有限公司 | Key downloading method and device of POS terminal |
Non-Patent Citations (5)
Title |
---|
Privacy-Preserving Palm Print Authentication Using Homomorphic Encryption;Jong-Hyuk Im等;《 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing》;全文 * |
基于Linux PAM机制的双因素身份认证系统的设计;李更深;王丽芳;蒋泽军;;微电子学与计算机(07);全文 * |
基于Restful的身份认证服务;濮琳;《计算机与现代化》;全文 * |
基于代理的异构云认证方案;郭继文;周贤伟;;电信科学(03);全文 * |
远程访问安全认证方案的设计与分析;白跃彬,刘轶,郑守淇,侯宗浩;西安交通大学学报(08);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN107135228A (en) | 2017-09-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110380852B (en) | Bidirectional authentication method and communication system | |
EP1748594B1 (en) | Method for realizing transmission of syncml synchronous data | |
US7885411B2 (en) | Key agreement and re-keying over a bidirectional communication path | |
CN102833253B (en) | Set up method and server that client is connected with server security | |
EP2522100B1 (en) | Secure multi-uim authentication and key exchange | |
WO2018137713A1 (en) | Internal network slice authentication method, slice authentication proxy entity, and session management entity | |
CN104702611A (en) | Equipment and method for protecting session key of secure socket layer | |
JP2009524369A (en) | Method, system, and authentication center for authentication in end-to-end communication based on a mobile network | |
US11218873B2 (en) | Communication system and method | |
CN103428221A (en) | Safety logging method, system and device of mobile application | |
CN113630407B (en) | Method and system for enhancing transmission security of MQTT protocol by using symmetric cryptographic technology | |
CN111756529B (en) | Quantum session key distribution method and system | |
CN107769913A (en) | A kind of communication means and system based on quantum UKey | |
CN104756458A (en) | Method and apparatus for securing a connection in a communications network | |
CN113015159B (en) | Initial security configuration method, security module and terminal | |
CN106411926A (en) | Data encryption communication method and system | |
JP2016519873A (en) | Establishing secure voice communication using a generic bootstrapping architecture | |
CN107135228B (en) | Authentication system and authentication method based on central node | |
CN103973438B (en) | communication channel dynamic encrypting method | |
CN106790078A (en) | Safety communicating method and device between a kind of SDK and electronic certificate system | |
JPH10242957A (en) | User authentication method, system therefor and storage medium for user authentication | |
CN107181739B (en) | Data security interaction method and device | |
CN113098830B (en) | Communication method and related product | |
CN103986716A (en) | Establishing method for SSL connection and communication method and device based on SSL connection | |
CN109088731B (en) | Internet of things cloud communication method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |