CN109040060A - Terminal-Matching and system, computer equipment - Google Patents

Terminal-Matching and system, computer equipment Download PDF

Info

Publication number
CN109040060A
CN109040060A CN201810862370.4A CN201810862370A CN109040060A CN 109040060 A CN109040060 A CN 109040060A CN 201810862370 A CN201810862370 A CN 201810862370A CN 109040060 A CN109040060 A CN 109040060A
Authority
CN
China
Prior art keywords
terminal
identity
ciphertext
proof
response message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810862370.4A
Other languages
Chinese (zh)
Other versions
CN109040060B (en
Inventor
林凡
成杰
张振华
张秋镇
杨峰
李盛阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GCI Science and Technology Co Ltd
Original Assignee
GCI Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GCI Science and Technology Co Ltd filed Critical GCI Science and Technology Co Ltd
Priority to CN201810862370.4A priority Critical patent/CN109040060B/en
Publication of CN109040060A publication Critical patent/CN109040060A/en
Application granted granted Critical
Publication of CN109040060B publication Critical patent/CN109040060B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of Terminal-Matchings and system, computer equipment.Above-mentioned Terminal-Matching includes: terminal according to the authentication key of certificate server and certification public key generation proof of identity ciphertext, and proof of identity ciphertext is sent to management server;The proof of identity ciphertext is decrypted in certificate server, obtain proof of identity plaintext and terminal check parameter, if the third cryptographic Hash determined by proof of identity plaintext and terminal check parameter and first ciphertext of the product equal to the carrying of proof of identity ciphertext for generating member, construct verification application response message;The management server identifies the terminal identity information in the verification application response message, if the terminal identity information recognized is consistent with the terminal identity information prestored, then it is configured to access request response message, the access request response message is sent to terminal, and carries out terminal coupling after receiving the matching confirmation message that the terminal is fed back according to access request response message.

Description

Terminal-Matching and system, computer equipment
Technical field
The present invention relates to internet of things field, more particularly to a kind of Terminal-Matching and system, computer equipment.
Background technique
Currently, internet of things equipment has been widely used in military and national defense, environmental monitoring, medical treatment & health, industry and high-risk neck The fields such as the data monitoring in domain.Its application value and the scientific research value highest attention by countries in the world.Since Internet of Things is set Standby architecture be it is open, the Some features of its own determine that the safety of network is poor, and criminal can be easy Ground eavesdropping, the information for intercepting and capturing and forging transmission, therefore safety becomes one of internet of things equipment critical issue urgently to be solved.
Ternary peer framework including sensing layer, network layer and application layer is a kind of Internet of Things information security field universality Entity authentication method, ternary peer framework belongs to cryptography authentication, passes through self-contained cipher key pair information encryption and decryption.It is mentioned Out repeatedly transmit and call credible verification scheme, suitable for the dual bidirectional identity authentication between entity, and to realization such as close The communication of method terminal access legitimate network and network security prevent the information security issues such as information unauthorized use, misuse from rising To supporting role.In traditional scheme, the terminal device of sensing layer, the management platform of network layer and trusted third party are (as certification takes Business device) between matching certification carried out by digital certificate, and the matching verification process for relying on digital certificate is easy to be cracked or surreptitiously It listens, safety is low.
Summary of the invention
Based on this, it is necessary to be directed in traditional ternary peer framework between terminal device, management platform and trusted third party The low technical problem of safety for matching verification process provides a kind of Terminal-Matching and system, computer equipment.
A kind of Terminal-Matching, comprising:
Terminal generates proof of identity ciphertext according to the authentication key and certification public key of certificate server, by the proof of identity Ciphertext is sent to management server;Wherein, the proof of identity ciphertext is sent to certificate server by the management server;
The proof of identity ciphertext is decrypted in the certificate server, obtains proof of identity and joins in plain text with terminal check Number, if the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to the body The first ciphertext that part verification ciphertext carries then constructs verification application response message, and the verification is applied for that response message is sent To management server;
The management server identifies the terminal identity information in the verification application response message, if the terminal recognized Identity information is consistent with the terminal identity information prestored, then is configured to access request response message, and the access request is responded Information is sent to terminal, and carries out eventually after receiving the matching confirmation message that the terminal is fed back according to access request response message End matching.
In above-mentioned Terminal-Matching, terminal can generate identity according to the authentication key and certification public key of certificate server Ciphertext is verified, certificate server is decrypted to the proof of identity ciphertext, proof of identity is obtained and is examined in plain text with terminal Parameter is tested, in plain text and terminal check parameter building verification application response message according to above-mentioned proof of identity, and by the verification Shen Please response message be sent to management server, allow management server identify it is described verification application response message in terminal body Part information is configured to access request response letter if the terminal identity information recognized is consistent with the terminal identity information prestored The access request response message is sent to terminal, and is fed back receiving the terminal according to access request response message by breath Matching confirmation message after carry out terminal coupling, during completing above-mentioned terminal coupling, need respectively terminal, certification clothes Identity validation and verification, safety with higher are carried out in device and the management server of being engaged in.
The terminal receives the access request response message in one of the embodiments, identifies the access request Management identity information in response message, if the management identity information recognized is consistent with the management identity information prestored, to The management server feedback matching confirmation message.
In the present embodiment, terminal can identify the management identity information in the access request response message, carry out corresponding Proof of identity, proof of identity success after just to management server feed back matching confirmation message, further improve and matched Safety in journey.
The terminal generates identity according to the authentication key and certification public key of certificate server in one of the embodiments, Ciphertext is verified, the proof of identity ciphertext is sent to before the process of management server, further includes:
Authentication key and certification public key are sent to management server by the certificate server;The management server is connecing When entering terminal, the authentication key and certification public key are sent to terminal.
The present embodiment can guarantee the timeliness of the authentication key for being sent to management server and certification public key.
The terminal generates identity according to the authentication key and certification public key of certificate server in one of the embodiments, Ciphertext is verified, the proof of identity ciphertext is sent to before the process of management server, further includes:
The generation member of the certificate server setting first circulation group is determined according to the generation member and authenticating identity information Public key is authenticated, and the first hash function for determining the first cryptographic Hash, second for determining the second cryptographic Hash is set separately Hash function, the third hash function for determining third cryptographic Hash and the 4th Hash letter for determining the 4th cryptographic Hash Number;Recognized according to the determination of the generation member, the first hash function, the second hash function, third hash function and the 4th hash function Demonstrate,prove key.
As one embodiment, the authentication key according to certificate server and certification public key generate proof of identity ciphertext Process include:
It is identified according to the authentication key and generates member, identify authenticating identity information from the certification public key;
Terminal public key field is determined according to terminal secret value and generation member, according to the authenticating identity information, terminal Secret value, generation member and terminal public key field determine intermediate cryptographic information;
The first encryption parameter and the first ciphertext are respectively obtained according to third cryptographic Hash and the product for generating member, according to described the The product of three cryptographic Hash and intermediate cryptographic information determines the second encryption parameter;
The second ciphertext is determined according to the 4th cryptographic Hash determined by first encryption parameter and the second encryption parameter;According to Which local time generates proof of identity ciphertext, the first ciphertext and the second ciphertext and generates proof of identity ciphertext.
The present embodiment can guarantee the accuracy of proof of identity ciphertext generated.
It is described according to the authenticating identity information, terminal secret value, generation member and terminal public key word as one embodiment Section determines that the process of intermediate cryptographic information includes:
The authenticating identity information, terminal secret value, generation member and terminal public key field are substituted into encryption formula meter respectively Calculate intermediate cryptographic information;Wherein, the encryption formula includes:
ΓID=xREQ+(H1(IDAS,U)+H2(IDAS, i)) P,
In formula, ΓIDIndicate intermediate cryptographic information, xREQIndicate terminal secret value, IDASIndicate authenticating identity information, U is indicated Terminal public key field, i indicate which local time generates proof of identity ciphertext, and P indicates to generate member, H1(IDAS, U) and it indicates according to IDAS The first cryptographic Hash determined with U, H2(IDAS, i) and it indicates according to IDASThe second cryptographic Hash determined with i.
It is described in one of the embodiments, that the proof of identity ciphertext is decrypted, obtain proof of identity in plain text and Terminal check parameter, if the third cryptographic Hash determined by the proof of identity plaintext and terminal check parameter and the product for generating member Equal to the first ciphertext that the proof of identity ciphertext carries, then the process for constructing verification application response message includes:
It is close to identify which time of terminal in the proof of identity ciphertext generates proof of identity ciphertext, the first ciphertext and second Text calculates separately proof of identity plaintext and terminal check parameter according to authentication secret value, number, the first ciphertext and the second ciphertext;
Proof of identity third cryptographic Hash corresponding with terminal check parameter in plain text is calculated, judges the third cryptographic Hash Whether it is equal to the first ciphertext that the proof of identity ciphertext carries with the product for generating member;
If so, building verification application response message.
It is described that identity is calculated separately according to authentication secret value, number, the first ciphertext and the second ciphertext as one embodiment Verification is in plain text and the process of terminal check parameter includes:
Authentication secret value, number, the first ciphertext and the second ciphertext are substituted into identification formula in plain text respectively and calculate proof of identity Plaintext and terminal check parameter;Wherein, the plaintext identification formula includes:
In formula, M indicates proof of identity in plain text, and σ indicates terminal check parameter, c1Indicate the first ciphertext, c2Indicate that second is close Text, xASAuthentication secret value, i indicate which time of terminal generates proof of identity ciphertext, H4(xAS·c1,i·c1) indicate according to xAS· c1And ic1The 4th determining cryptographic Hash, symbol indicate to be multiplied, symbolIndicate exclusive or.
The present embodiment can guarantee the accuracy of application response message constructed by certificate server, further improve end Hold the security performance of matching process.
A kind of terminal coupling system, the generation module including being set to terminal are set to set on the deciphering module of certificate server The building module of management server and matching module set on management server:
The generation module is used to generate proof of identity ciphertext according to the authentication key and certification public key of certificate server, will The proof of identity ciphertext is sent to management server;Wherein, the proof of identity ciphertext is sent to by the management server Certificate server;
The deciphering module obtains proof of identity plaintext and terminal check for the proof of identity ciphertext to be decrypted Parameter, if the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to described in The first ciphertext that proof of identity ciphertext carries then constructs verification application response message, and verification application response message is sent out It send to management server;
The terminal identity information in response message is applied in the verification to the building module for identification, if the end recognized It holds identity information consistent with the terminal identity information prestored, is then configured to access request response message, the access request is rung Information is answered to be sent to terminal;
The matching module is used for the matching confirmation message fed back in the reception terminal according to access request response message After carry out terminal coupling.
In above-mentioned terminal coupling system, generation module can be generated according to the authentication key and certification public key of certificate server The deciphering module of certificate server is decrypted to the proof of identity ciphertext in proof of identity ciphertext, obtains identity school Text and terminal check parameter are identified, applies for response message with the building verification of terminal check parameter in plain text according to above-mentioned proof of identity, And verification application response message is sent to management server, the building module of such management server can identify described Terminal identity information in verification application response message, if the terminal identity information recognized and the terminal identity information one prestored It causes, is then configured to access request response message, the access request response message is sent to terminal, matching module is receiving institute Terminal coupling is carried out after stating the matching confirmation message that terminal is fed back according to access request response message, completes above-mentioned terminal coupling During, need to carry out identity validation and verification in terminal, certificate server and management server respectively, it is with higher Safety.
A kind of computer equipment, including memory, processor and be stored on the memory and can be in the processing The computer program run on device, the processor realize the end that any of the above-described embodiment provides when executing the computer program Hold matching process.
A kind of computer storage medium, is stored thereon with computer program, which is characterized in that the program is executed by processor The Terminal-Matching that any of the above-described embodiment of Shi Shixian provides.
Terminal-Matching according to the present invention, the present invention also provides a kind of computer equipment and computer storage medium, For realizing above-mentioned Terminal-Matching by program.Above-mentioned computer equipment and computer storage medium can effectively improve end Hold the safety in matching process.
Detailed description of the invention
Fig. 1 is the Terminal-Matching flow chart of one embodiment;
Fig. 2 is the terminal, management server and certificate server connection schematic diagram of one embodiment;
Fig. 3 is the terminal coupling system structure diagram of one embodiment.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention more comprehensible, with reference to the accompanying drawings and embodiments, to this Invention is described in further detail.It should be appreciated that the specific embodiments described herein are only used to explain the present invention, And the scope of protection of the present invention is not limited.
It should be noted that term involved in the embodiment of the present invention " first second third " be only distinguish it is similar Object does not represent the particular sorted for object, it is possible to understand that ground, " first second third " can be mutual in the case where permission Change specific sequence or precedence.It should be understood that the object that " first second third " is distinguished in the appropriate case can be mutual It changes, so that the embodiment of the present invention described herein can be real with the sequence other than those of illustrating or describing herein It applies.
The term " includes " of the embodiment of the present invention and " having " and their any deformations, it is intended that cover non-exclusive Include.Such as contain series of steps or module process, method, system, product or equipment be not limited to it is listed Step or module, but optionally further comprising the step of not listing or module, or optionally further comprising for these processes, side Method, product or equipment intrinsic other steps or module.
Referenced herein " embodiment " is it is meant that a particular feature, structure, or characteristic described can wrap in conjunction with the embodiments It is contained at least one embodiment of the application.Each position in the description occur the phrase might not each mean it is identical Embodiment, nor the independent or alternative embodiment with other embodiments mutual exclusion.Those skilled in the art explicitly and Implicitly understand, embodiment described herein can be combined with other embodiments.
Referenced herein " multiple " refer to two or more."and/or", the association for describing affiliated partner are closed System indicates may exist three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, individualism These three situations of B.Character "/" typicallys represent the relationship that forward-backward correlation object is a kind of "or".
Refering to what is shown in Fig. 1, Fig. 1 is the Terminal-Matching flow chart of one embodiment, comprising:
S10, terminal generates proof of identity ciphertext according to the authentication key and certification public key of certificate server, by the identity Verification ciphertext is sent to management server;Wherein, the proof of identity ciphertext is sent to authentication service by the management server Device;
Above-mentioned terminal (REQ) can be wearable smart machine (such as Intelligent bracelet) intelligent terminal, usually can integrate Multiple sensing equipments are set, set on the sensing layer of ternary peer framework;Certificate server (AS) may include Intelligent treatment equipment, Set on the application layer of ternary peer framework;Management server (NSP) can be Intelligent management device, set on ternary peer framework Network layer (network management platform).Above-mentioned terminal, certificate server, the connection relationship between management server can refer to Fig. 2 It is shown, it can be in communication with each other between terminal and management server, can be in communication with each other between management server and certificate server.
Above-mentioned certificate server can be initialized first, and first circulation group is set, and the generation of first circulation group is first, and first Hash function, the second hash function, third hash function and the 4th hash function etc. are public to generate its authentication key and certification Above-mentioned authentication key and certification public key are sent to management server by key.
The proof of identity ciphertext is decrypted in S20, the certificate server, obtains proof of identity and examines in plain text with terminal Parameter is tested, if the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to institute The first ciphertext for stating the carrying of proof of identity ciphertext then constructs verification application response message, and response message is applied in the verification It is sent to management server;
Above-mentioned certificate server can identify that the decryption formula such as formula is decrypted to proof of identity ciphertext is stated by plaintext, The corresponding proof of identity plaintext of terminal and terminal check parameter are obtained, further according to above-mentioned proof of identity plaintext and terminal check parameter Calculating, if in plain text and the third cryptographic Hash that determines of terminal check parameter and generating first product equal to institute by the proof of identity The first ciphertext for stating the carrying of proof of identity ciphertext then constructs verification application response message, continues terminal coupling;If by described The product of third cryptographic Hash and generation member that proof of identity plaintext and terminal check parameter determine is close not equal to the proof of identity The first ciphertext that text carries determines that key can not match, i.e., corresponding terminal coupling failure, and terminates to verify.
S30, the management server identify the terminal identity information (identity of terminal in the verification application response message Information), if the terminal identity information recognized is consistent with the terminal identity information prestored, it is configured to access request response letter The access request response message is sent to terminal, and is fed back receiving the terminal according to access request response message by breath Matching confirmation message after carry out terminal coupling.
In above-mentioned steps, if the terminal identity information recognized and the terminal identity information prestored are inconsistent, show to work as Preceding communication is dangerous, it is possible to determine that current sensor verification failure terminates matching work, to guarantee safety.
Specifically, after terminal receives access request response message, the pipe in the access request response message can be identified It manages identity information (identity information of management server), if the management identity information recognized and the management identity information one prestored It causes, matching confirmation message can be fed back to the management server, if the management identity information recognized and the management body prestored Part information is inconsistent, then determines that present communications are dangerous, the verifying work of terminating terminal.
In Terminal-Matching provided in this embodiment, terminal can be public according to the authentication key of certificate server and certification Key generates proof of identity ciphertext, and certificate server is decrypted to the proof of identity ciphertext, and it is bright to obtain proof of identity Text and terminal check parameter construct verification application response message according to above-mentioned proof of identity with terminal check parameter in plain text, and will The verification application response message is sent to management server, and management server is allow to identify the verification application response message In terminal identity information be configured to access if the terminal identity information recognized is consistent with the terminal identity information prestored Response message is requested, the access request response message is sent to terminal, and ring according to access request receiving the terminal Terminal coupling is carried out after the matching confirmation message for answering information to feed back, during completing above-mentioned terminal coupling, needs to exist respectively Identity validation and verification, safety with higher are carried out in terminal, certificate server and management server.
In one embodiment, the terminal receives the access request response message, identifies the access request response Management identity information in information, if the management identity information recognized is consistent with the management identity information prestored, to described Management server feedback matching confirmation message.
Above-mentioned terminal receives the access request response message, above-mentioned access request response message can be decrypted, Identify check results information { N thereinREQ,RESNSP,NSPREQ,IAS-REQ,INSP-REQ, wherein above-mentioned NREQIndicate that terminal generates Random real number, RESNSPIndicate certificate server to the proof of identity of management server as a result, terminal can be sent it to, Terminal is according to above-mentioned RESNSPJudge whether the identity of management server is safe, NSPREQIndicate management server to certificate server Proof of identity as a result, can from management server to terminal send, IAS-REQIndicate the proof of identity parameter between AS and REQ, INSP-REQIndicate the proof of identity parameter between NSP and REQ, above-mentioned proof of identity parameter may include node identity information sum number Word signature, according to RESNSPWhether the management identity information for determining NSP, specifically can accurate by random number therein, accordingly Whether identity information is consistent with prestored information, to determine whether present communications are safe.
In the present embodiment, terminal can identify the management identity information in the access request response message, carry out corresponding Proof of identity, proof of identity success after just to management server feed back matching confirmation message, further improve and matched Safety in journey.
In one embodiment, the terminal generates proof of identity according to the authentication key and certification public key of certificate server The proof of identity ciphertext is sent to before the process of management server by ciphertext, further includes:
Authentication key and certification public key are sent to management server by the certificate server;The management server is connecing When entering terminal, the authentication key and certification public key are sent to terminal.
Certificate server generates authentication key in the key create-rule that can be determined according to its initialization procedure, according to public Key create-rule generates certification public key, to guarantee the timeliness of the authentication key for being sent to management server and certification public key.
After management server receives above-mentioned authentication key and certification public key, the management secret value x of itself can be generatedNSP, on State xNSP∈Zq, ZqIt indicates second circulation group, and new terminal is waited to be added.In access terminal, management server is sent out to terminal Send challenge inquiry grouping: { params, PKAS, i.e., authentication key and certification public key are sent to accessed terminal, make terminal one Access can enter matching work, guarantee matching efficiency.
In one embodiment, the terminal generates proof of identity according to the authentication key and certification public key of certificate server Ciphertext can also include: before the proof of identity ciphertext is sent to the process of management server
The generation member of the certificate server setting first circulation group is determined according to the generation member and authenticating identity information Public key is authenticated, and the first hash function for determining the first cryptographic Hash, second for determining the second cryptographic Hash is set separately Hash function, the third hash function for determining third cryptographic Hash and the 4th Hash letter for determining the 4th cryptographic Hash Number;Recognized according to the determination of the generation member, the first hash function, the second hash function, third hash function and the 4th hash function Demonstrate,prove key.
Specifically, certificate server can set security parameter k, k ∈ Z+, wherein Z+Module is indicated, according to above-mentioned safety Parameter k generates two k prime number ps and q, and wherein q can be divided exactly (i.e. q | p-1) by p-1;And set first circulation group's Member P is generated, it is random to obtainTo obtain the public key parameter P of certificate serverpub=xP, according to above-mentioned public key parameter and Authenticating identity information determines certification public key.
Above-mentioned first hash function H1, the second hash function H2, third hash function H3With the 4th hash function H4It can divide Not are as follows:
Wherein, l0, l1 are respectively natural number.
As one embodiment, certificate server can also set master-key, and help-key is that x these assistance are close Key parameter, and authentication key is generated according to following key create-rule:
Params=(p, q, P, x, H1,H2,H3,H4),
Wherein, params indicates authentication key.
In the present embodiment, the certificate server first circulation group of setting for determining certification public key before terminal access The generation member of first circulation group, is also set separately the first hash function for determining the first cryptographic Hash, for determining the second Kazakhstan Second hash function of uncommon value, the third hash function for determining third cryptographic Hash and for determining the 4th cryptographic Hash 4th hash function realizes the initialization of certificate server, it is ensured that certification public key needed for it generates progress terminal coupling With the order of authentication key.
As one embodiment, the authentication key according to certificate server and certification public key generate proof of identity ciphertext Process include:
It is identified according to the authentication key and generates member, identify authenticating identity information from the certification public key;
Terminal public key field is determined according to terminal secret value and generation member, according to the authenticating identity information, terminal Secret value, generation member and terminal public key field determine intermediate cryptographic information;
The first encryption parameter and the first ciphertext are respectively obtained according to third cryptographic Hash and the product for generating member, according to described the The product of three cryptographic Hash and intermediate cryptographic information determines the second encryption parameter;
The second ciphertext is determined according to the 4th cryptographic Hash determined by first encryption parameter and the second encryption parameter;According to Which local time generates proof of identity ciphertext, the first ciphertext and the second ciphertext and generates proof of identity ciphertext.
Specifically, the above-mentioned third cryptographic Hash r=H determined in plain text with terminal check parameter by the proof of identity3(M, σ);Above-mentioned first encryption parameter k1=rP, the first encryption parameter k2=r ΓID;Above-mentioned first ciphertext c1It is=rP, second close Literary c2It is the 4th cryptographic Hash and the exclusive or of the binary sequence as composed by proof of identity plaintext and terminal check parameter as a result, i.e.Above-mentioned proof of identity ciphertext C=(i, c1,c2)。
The present embodiment can guarantee the accuracy of proof of identity ciphertext generated.
It is described according to the authenticating identity information, terminal secret value, generation member and terminal public key word as one embodiment Section determines that the process of intermediate cryptographic information includes:
The authenticating identity information, terminal secret value, generation member and terminal public key field are substituted into encryption formula meter respectively Calculate intermediate cryptographic information;Wherein, the encryption formula includes:
ΓID=xREQ+(H1(IDAS,U)+H2(IDAS, i)) P,
In formula, ΓIDIndicate intermediate cryptographic information, xREQIndicate terminal secret value, IDASIndicate (the certification of authenticating identity information The identity information of server), U indicates terminal public key field, and i indicates which local time generates proof of identity ciphertext (i.e. terminal the Private key is generated several times), P indicates to generate member, H1(IDAS, U) and it indicates according to IDASThe first cryptographic Hash determined with U, H2(IDAS, i) and table Show according to IDASThe second cryptographic Hash determined with i.
Specifically, above-mentioned terminal (REQ) is close according to the authentication key and certification public key generation proof of identity of certificate server In the process of text, following process can also be performed:
REQ identifies authentication key params, according to a random number and generates first product computing terminal secret value xREQ∈ Zq
REQ is according to self-identity information IDREQ, authentication key params calculate initial private key SREQ,0, randomly choose s ∈ Zp(ZpIndicate third cyclic group), calculating section public key PID=sP, following operation obtain initial private key SREQ,0:
SREQ,0=s+xREQH1(IDREQ,s·P)+xREQH2(IDREQ,0);
Wherein, H1(IDREQ, sP) and it indicates according to IDREQThe first cryptographic Hash determined with sP, H2(IDREQ, 0) and indicate root According to IDREQThe first cryptographic Hash determined with 0.
REQ is according to authentication key params and secret value xREQPass through computing terminal public key field U=xREQP is determined eventually Hold public key PKREQ=(Ω, U);
REQ constructs access request and is grouped { NREQ,PKREQ,IREQ, wherein NREQIndicate random real number, PKREQIndicate the public affairs of REQ Key (terminal public key), IREQFor the proof of identity parameter of REQ, IREQIncluding node identities parameter and digital signature, and use PKASIt is right Identity verifying information carries out cryptographic calculation, and the process of cryptographic calculation may include:
(1)ΓID=xREQ+(H1(IDAS,U)+H2(IDAS, i)) P,
(2) it randomly choosesCalculate r=H3(M, σ), wherein M is proof of identity plaintext.
(3) the first ciphertext c is constructed according to following equation1, the second ciphertext c2, the first encryption parameter k1, the first encryption parameter k2:
c1=rP,k1=rP, k2=r ΓID
(4) proof of identity ciphertext C=(i, c are exported1,c2)。
In one embodiment, described that the proof of identity ciphertext is decrypted, obtain proof of identity plaintext and terminal Inspection parameter, if the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to The first ciphertext that the proof of identity ciphertext carries, the then process for constructing verification application response message may include:
It is close to identify which time of terminal in the proof of identity ciphertext generates proof of identity ciphertext, the first ciphertext and second Text calculates separately proof of identity plaintext and terminal check parameter according to authentication secret value, number, the first ciphertext and the second ciphertext;
Proof of identity third cryptographic Hash corresponding with terminal check parameter in plain text is calculated, judges the third cryptographic Hash Whether it is equal to the first ciphertext that the proof of identity ciphertext carries with the product for generating member, that is, judges equation H3(M, σ) P=c1 It is whether true;
If so, building verification application response message.
If above-mentioned third cryptographic Hash and the product for generating member are not equal to the first ciphertext that the proof of identity ciphertext carries, i.e., Judge equation H3(M, σ) P=c1It is invalid, then it can be determined that key can not match, terminate current verification.
Specifically, certificate server can construct application response message as follows: { (NNSP,RESREQ,IAS-REQ), (NREQ,RESNSP,IAS-NSP), wherein NNSPIndicate the random real number that management server generates, RESREQIndicate certificate server pair The identity of terminal is examined as a result, RESNSPIndicate that certificate server examines as a result, I the identity of management serverAS-REQIndicate AS Proof of identity parameter between REQ, NREQIndicate the random real number that terminal generates, IAS-NSPIndicate the identity between AS and NSP Checking parameter;Can also transmission target (such as management server) according to response encrypted using corresponding public key, and will be above-mentioned Application response message is sent to management server in the form of response message.
It is described that identity is calculated separately according to authentication secret value, number, the first ciphertext and the second ciphertext as one embodiment Verification is in plain text and the process of terminal check parameter includes:
Authentication secret value, number, the first ciphertext and the second ciphertext are substituted into identification formula in plain text respectively and calculate proof of identity Plaintext and terminal check parameter;Wherein, the plaintext identification formula includes:
In formula, M indicates proof of identity in plain text, and σ indicates terminal check parameter, c1Indicate the first ciphertext, c2Indicate that second is close Text, xASAuthentication secret value, i indicate which time of terminal generates proof of identity ciphertext (i-th generates proof of identity ciphertext or private key), H4(xAS·c1,i·c1) indicate according to xAS·c1And ic1The 4th determining cryptographic Hash, symbol indicate to be multiplied, symbolTable Show exclusive or.
The present embodiment can guarantee the accuracy of application response message constructed by certificate server, further improve end Hold the security performance of matching process.
The terminal coupling system structure diagram of one embodiment is shown with reference to Fig. 3, Fig. 3, the life including being set to terminal At module 10, set on the deciphering module 20 of certificate server, set on the building module 31 of management server and set on management clothes The matching module 32 of business device:
The generation module 10 is used to generate proof of identity ciphertext according to the authentication key and certification public key of certificate server, The proof of identity ciphertext is sent to management server;Wherein, the management server sends the proof of identity ciphertext To certificate server;
The deciphering module 20 obtains proof of identity and examines in plain text with terminal for the proof of identity ciphertext to be decrypted Parameter is tested, if the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to institute The first ciphertext for stating the carrying of proof of identity ciphertext then constructs verification application response message, and response message is applied in the verification It is sent to management server;
The terminal identity information in response message is applied in the verification to the building module 31 for identification, if recognize Terminal identity information is consistent with the terminal identity information prestored, then is configured to access request response message, by the access request Response message is sent to terminal;
The matching module 32 is used for the matching confirmation letter fed back in the reception terminal according to access request response message Terminal coupling is carried out after breath.
In one embodiment, the terminal coupling system further includes the feedback module set on terminal:
The feedback module identifies in the access request response message for receiving the access request response message Identity information is managed, if the management identity information recognized is consistent with the management identity information prestored, to the management service Device feedback matching confirmation message.
In one embodiment, the terminal coupling system further include set on certificate server the first sending module and Set on the second sending module of management server:
First sending module is used to authentication key and certification public key being sent to management server;
Second sending module is used in management server in access terminal, by the authentication key and certification public key It is sent to terminal.
In one embodiment, the terminal coupling system further includes the determining module set on certificate server:
The determining module is used to set the generation member of first circulation group, true according to the generation member and authenticating identity information Surely public key is authenticated, and the first hash function for determining the first cryptographic Hash, for determining the second cryptographic Hash is set separately Two hash functions, the third hash function for determining third cryptographic Hash and the 4th Hash for determining the 4th cryptographic Hash Function;It is determined according to the generation member, the first hash function, the second hash function, third hash function and the 4th hash function Authentication key.
As one embodiment, the generation module is further used for:
It is identified according to the authentication key and generates member, identify authenticating identity information from the certification public key;
Terminal public key field is determined according to terminal secret value and generation member, according to the authenticating identity information, terminal Secret value, generation member and terminal public key field determine intermediate cryptographic information;
The first encryption parameter and the first ciphertext are respectively obtained according to third cryptographic Hash and the product for generating member, according to described the The product of three cryptographic Hash and intermediate cryptographic information determines the second encryption parameter;
The second ciphertext is determined according to the 4th cryptographic Hash determined by first encryption parameter and the second encryption parameter;According to Which local time generates proof of identity ciphertext, the first ciphertext and the second ciphertext and generates proof of identity ciphertext.
As one embodiment, the generation module is further used for:
The authenticating identity information, terminal secret value, generation member and terminal public key field are substituted into encryption formula meter respectively Calculate intermediate cryptographic information;Wherein, the encryption formula includes:
ΓID=xREQ+(H1(IDAS,U)+H2(IDAS, i)) P,
In formula, ΓIDIndicate intermediate cryptographic information, xREQIndicate terminal secret value, IDASIndicate authenticating identity information, U is indicated Terminal public key field, i indicate which local time generates proof of identity ciphertext, and P indicates to generate member, H1(IDAS, U) and it indicates according to IDAS The first cryptographic Hash determined with U, H2(IDAS, i) and it indicates according to IDASThe second cryptographic Hash determined with i.
In one embodiment, the deciphering module is further used for:
It is close to identify which time of terminal in the proof of identity ciphertext generates proof of identity ciphertext, the first ciphertext and second Text calculates separately proof of identity plaintext and terminal check parameter according to authentication secret value, number, the first ciphertext and the second ciphertext;
Proof of identity third cryptographic Hash corresponding with terminal check parameter in plain text is calculated, judges the third cryptographic Hash Whether it is equal to the first ciphertext that the proof of identity ciphertext carries with the product for generating member;
If so, building verification application response message.
As one embodiment, the deciphering module is further used for:
Authentication secret value, number, the first ciphertext and the second ciphertext are substituted into identification formula in plain text respectively and calculate proof of identity Plaintext and terminal check parameter;Wherein, the plaintext identification formula includes:
In formula, M indicates proof of identity in plain text, and σ indicates terminal check parameter, c1Indicate the first ciphertext, c2Indicate that second is close Text, xASAuthentication secret value, i indicate which time of terminal generates proof of identity ciphertext, H4(xAS·c1,i·c1) indicate according to xAS· c1And ic1The 4th determining cryptographic Hash, symbol indicate to be multiplied, symbolIndicate exclusive or.
Terminal coupling system of the invention and Terminal-Matching of the invention correspond, in above-mentioned Terminal-Matching Embodiment illustrate technical characteristic and its advantages suitable for the embodiment of terminal coupling system.
Based on example as described above, a kind of computer equipment is also provided in one embodiment, the computer equipment packet The computer program that includes memory, processor and storage on a memory and can run on a processor, wherein processor executes It realizes when described program such as any one Terminal-Matching in the various embodiments described above.
Above-mentioned computer equipment realizes Internet of Things ternary peer by the computer program run on the processor Terminal coupling in framework, safety with higher.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, it is non-volatile computer-readable that the program can be stored in one It takes in storage medium, in the embodiment of the present invention, which be can be stored in the storage medium of computer system, and by the calculating At least one processor in machine system executes, and includes the process such as the embodiment of above-mentioned Terminal-Matching with realization.Wherein, The storage medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random storage note Recall body (Random Access Memory, RAM) etc..
Accordingly, a kind of computer storage medium is also provided in one embodiment, is stored thereon with computer program, In, it realizes when which is executed by processor such as any one Terminal-Matching in the various embodiments described above.
Above-mentioned computer storage medium can more safely carry out authentication service by the computer program that it is stored The corresponding terminal coupling of device.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection of the invention Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.

Claims (10)

1. a kind of Terminal-Matching characterized by comprising
Terminal generates proof of identity ciphertext according to the authentication key and certification public key of certificate server, by the proof of identity ciphertext It is sent to management server;Wherein, the proof of identity ciphertext is sent to certificate server by the management server;
The proof of identity ciphertext is decrypted in the certificate server, obtains proof of identity plaintext and terminal check parameter, If the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to the identity The first ciphertext that ciphertext carries is verified, then constructs verification application response message, and verification application response message is sent to Management server;
The management server identifies the terminal identity information in the verification application response message, if the terminal identity recognized Information is consistent with the terminal identity information prestored, then is configured to access request response message, by the access request response message It is sent to terminal, and carries out terminal after receiving the matching confirmation message that the terminal is fed back according to access request response message Match.
2. Terminal-Matching according to claim 1, which is characterized in that the terminal receives the access request response Information identifies the management identity information in the access request response message, if the management identity information that recognizes with prestore It is consistent to manage identity information, then feeds back matching confirmation message to the management server.
3. Terminal-Matching according to claim 1, which is characterized in that the terminal is according to the certification of certificate server Key and certification public key generate proof of identity ciphertext, before the proof of identity ciphertext is sent to the process of management server, Further include:
Authentication key and certification public key are sent to management server by the certificate server;The management server is whole in access When end, the authentication key and certification public key are sent to terminal.
4. Terminal-Matching according to claim 1, which is characterized in that the terminal is according to the certification of certificate server Key and certification public key generate proof of identity ciphertext, before the proof of identity ciphertext is sent to the process of management server, Further include:
The generation member of the certificate server setting first circulation group determines certification according to the generation member and authenticating identity information Public key, and the first hash function for determining the first cryptographic Hash, the second Hash for determining the second cryptographic Hash is set separately Function, the third hash function for determining third cryptographic Hash and the 4th hash function for determining the 4th cryptographic Hash;Root Determine that certification is close according to the generation member, the first hash function, the second hash function, third hash function and the 4th hash function Key.
5. Terminal-Matching according to claim 4, which is characterized in that the authentication key according to certificate server Include: with the process for authenticating public key generation proof of identity ciphertext
It is identified according to the authentication key and generates member, identify authenticating identity information from the certification public key;
Terminal public key field is determined according to terminal secret value and generation member, it is secret according to the authenticating identity information, terminal Value, generation member and terminal public key field determine intermediate cryptographic information;
The first encryption parameter and the first ciphertext are respectively obtained according to third cryptographic Hash and the product for generating member, is breathed out according to the third The product of uncommon value and intermediate cryptographic information determines the second encryption parameter;
The second ciphertext is determined according to the 4th cryptographic Hash determined by first encryption parameter and the second encryption parameter;According to local Which time generates proof of identity ciphertext, the first ciphertext and the second ciphertext and generates proof of identity ciphertext.
6. Terminal-Matching according to claim 5, which is characterized in that described according to the authenticating identity information, end End secret value, generation member and terminal public key field determine that the process of intermediate cryptographic information includes:
The authenticating identity information, terminal secret value, generation member and terminal public key field are substituted into encryption formula calculating respectively Between encryption information;Wherein, the encryption formula includes:
ΓID=xREQ+(H1(IDAS,U)+H2(IDAS, i)) P,
In formula, ΓIDIndicate intermediate cryptographic information, xREQIndicate terminal secret value, IDASIndicate authenticating identity information, U indicates terminal Public key field, i indicate which local time generates proof of identity ciphertext, and P indicates to generate member, H1(IDAS, U) and it indicates according to IDASAnd U The first determining cryptographic Hash, H2(IDAS, i) and it indicates according to IDASThe second cryptographic Hash determined with i.
7. Terminal-Matching according to any one of claims 1 to 6, which is characterized in that described to the proof of identity Ciphertext is decrypted, and obtains proof of identity plaintext and terminal check parameter, if being joined in plain text with terminal check by the proof of identity The determining third cryptographic Hash of number and the product for generating member are equal to the first ciphertext that the proof of identity ciphertext carries, then construct verification Application response message process include:
Identify which time of terminal in the proof of identity ciphertext generates proof of identity ciphertext, the first ciphertext and the second ciphertext, root Proof of identity plaintext and terminal check parameter are calculated separately according to authentication secret value, number, the first ciphertext and the second ciphertext;
Proof of identity third cryptographic Hash corresponding with terminal check parameter in plain text is calculated, judges the third cryptographic Hash and life Whether the product of Cheng Yuan is equal to the first ciphertext that the proof of identity ciphertext carries;
If so, building verification application response message.
8. Terminal-Matching according to claim 7, which is characterized in that described according to authentication secret value, number, first Ciphertext and the second ciphertext calculate separately proof of identity in plain text and the process of terminal check parameter includes:
Authentication secret value, number, the first ciphertext and the second ciphertext are substituted into identification formula in plain text respectively and calculate proof of identity in plain text With terminal check parameter;Wherein, the plaintext identification formula includes:
In formula, M indicates proof of identity in plain text, and σ indicates terminal check parameter, c1Indicate the first ciphertext, c2Indicate the second ciphertext, xAS Authentication secret value, i indicate which time of terminal generates proof of identity ciphertext, H4(xAS·c1,i·c1) indicate according to xAS·c1And i c1The 4th determining cryptographic Hash, symbol indicate to be multiplied, symbolIndicate exclusive or.
9. a kind of terminal coupling system, which is characterized in that the generation module including being set to terminal, set on the decryption of certificate server Module, set on the building module of management server and set on the matching module of management server:
The generation module is used to generate proof of identity ciphertext according to the authentication key and certification public key of certificate server, will be described Proof of identity ciphertext is sent to management server;Wherein, the proof of identity ciphertext is sent to certification by the management server Server;
The deciphering module obtains proof of identity and joins in plain text with terminal check for the proof of identity ciphertext to be decrypted Number, if the product of the third cryptographic Hash and generation member that are determined by the proof of identity plaintext and terminal check parameter is equal to the body The first ciphertext that part verification ciphertext carries then constructs verification application response message, and the verification is applied for that response message is sent To management server;
The terminal identity information in response message is applied in the verification to the building module for identification, if the terminal body recognized Part information is consistent with the terminal identity information prestored, then is configured to access request response message, and the access request is responded and is believed Breath is sent to terminal;
The matching confirmation message that the matching module is used to be fed back in the reception terminal according to access request response message is laggard Row terminal coupling.
10. a kind of computer equipment, including memory, processor and it is stored on the memory and can be in the processor The computer program of upper operation, which is characterized in that the processor realized when executing the computer program as claim 1 to Terminal-Matching described in 8 any one.
CN201810862370.4A 2018-08-01 2018-08-01 Terminal matching method and system and computer equipment Active CN109040060B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810862370.4A CN109040060B (en) 2018-08-01 2018-08-01 Terminal matching method and system and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810862370.4A CN109040060B (en) 2018-08-01 2018-08-01 Terminal matching method and system and computer equipment

Publications (2)

Publication Number Publication Date
CN109040060A true CN109040060A (en) 2018-12-18
CN109040060B CN109040060B (en) 2021-03-02

Family

ID=64647365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810862370.4A Active CN109040060B (en) 2018-08-01 2018-08-01 Terminal matching method and system and computer equipment

Country Status (1)

Country Link
CN (1) CN109040060B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111064571A (en) * 2020-01-09 2020-04-24 青岛海信移动通信技术股份有限公司 Communication terminal, server and method for dynamically updating pre-shared key
CN111401672A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Block chain based validity checking method, equipment and system
CN111510214A (en) * 2020-04-23 2020-08-07 京东方科技集团股份有限公司 Optical communication device, optical communication system, and communication connection establishment method
CN113079506A (en) * 2020-01-03 2021-07-06 中国移动通信集团广东有限公司 Network security authentication method, device and equipment
CN114826654A (en) * 2022-03-11 2022-07-29 中国互联网络信息中心 Client authentication method and system based on domain name system naming

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447992A (en) * 2008-12-08 2009-06-03 西安西电捷通无线网络通信有限公司 Trusted network connection implementing method based on three-element peer-to-peer authentication
CN101527907A (en) * 2009-03-31 2009-09-09 刘建 Wireless local area network access authentication method and wireless local area network system
US20100293370A1 (en) * 2007-12-29 2010-11-18 China Iwncomm Co., Ltd. Authentication access method and authentication access system for wireless multi-hop network
WO2011069355A1 (en) * 2009-12-11 2011-06-16 西安西电捷通无线网络通信股份有限公司 Network transmission method adapted for tri-element peer authentication trusted network connection architecture
CN107707360A (en) * 2017-11-10 2018-02-16 西安电子科技大学 Isomerization polymerization label decryption method under environment of internet of things
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN107948140A (en) * 2017-11-10 2018-04-20 广州杰赛科技股份有限公司 The method of calibration and system of portable set
CN108259164A (en) * 2016-12-29 2018-07-06 华为技术有限公司 The identity identifying method and equipment of a kind of internet of things equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100293370A1 (en) * 2007-12-29 2010-11-18 China Iwncomm Co., Ltd. Authentication access method and authentication access system for wireless multi-hop network
CN101447992A (en) * 2008-12-08 2009-06-03 西安西电捷通无线网络通信有限公司 Trusted network connection implementing method based on three-element peer-to-peer authentication
CN101527907A (en) * 2009-03-31 2009-09-09 刘建 Wireless local area network access authentication method and wireless local area network system
WO2011069355A1 (en) * 2009-12-11 2011-06-16 西安西电捷通无线网络通信股份有限公司 Network transmission method adapted for tri-element peer authentication trusted network connection architecture
CN108259164A (en) * 2016-12-29 2018-07-06 华为技术有限公司 The identity identifying method and equipment of a kind of internet of things equipment
CN107707360A (en) * 2017-11-10 2018-02-16 西安电子科技大学 Isomerization polymerization label decryption method under environment of internet of things
CN107948140A (en) * 2017-11-10 2018-04-20 广州杰赛科技股份有限公司 The method of calibration and system of portable set
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HSIU-LIEN YEH ET AL: "A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography", 《SENSORS》 *
龙昭华等: "基于Te PA的无线传感器网络安全方案", 《计算机应用研究》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111401672A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Block chain based validity checking method, equipment and system
CN111401672B (en) * 2019-01-02 2023-11-28 中国移动通信有限公司研究院 Block chain-based validity verification method, device and system
CN113079506A (en) * 2020-01-03 2021-07-06 中国移动通信集团广东有限公司 Network security authentication method, device and equipment
CN113079506B (en) * 2020-01-03 2023-04-25 中国移动通信集团广东有限公司 Network security authentication method, device and equipment
CN111064571A (en) * 2020-01-09 2020-04-24 青岛海信移动通信技术股份有限公司 Communication terminal, server and method for dynamically updating pre-shared key
CN111510214A (en) * 2020-04-23 2020-08-07 京东方科技集团股份有限公司 Optical communication device, optical communication system, and communication connection establishment method
CN114826654A (en) * 2022-03-11 2022-07-29 中国互联网络信息中心 Client authentication method and system based on domain name system naming
CN114826654B (en) * 2022-03-11 2023-09-12 中国互联网络信息中心 Client authentication method and system based on domain name system naming

Also Published As

Publication number Publication date
CN109040060B (en) 2021-03-02

Similar Documents

Publication Publication Date Title
US10609014B2 (en) Un-password: risk aware end-to-end multi-factor authentication via dynamic pairing
AU2018352026B2 (en) System and method for generating and depositing keys for multi-point authentication
CN109040060A (en) Terminal-Matching and system, computer equipment
Li et al. Applying biometrics to design three‐factor remote user authentication scheme with key agreement
US9118661B1 (en) Methods and apparatus for authenticating a user using multi-server one-time passcode verification
Azrour et al. New Efficient and Secured Authentication Protocol for Remote Healthcare Systems in Cloud‐IoT
KR101634158B1 (en) Method for authenticating identity and generating share key
US10742426B2 (en) Public key infrastructure and method of distribution
Chen et al. Lightweight one‐time password authentication scheme based on radio‐frequency fingerprinting
CN108599925A (en) A kind of modified AKA identity authorization systems and method based on quantum communication network
US10263782B2 (en) Soft-token authentication system
JP7302606B2 (en) system and server
CN110020524A (en) A kind of mutual authentication method based on smart card
CN106330862A (en) Secure transmission method and system for dynamic password
Alzuwaini et al. An Efficient Mechanism to Prevent the Phishing Attacks.
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
Fareed et al. A lightweight and secure multilayer authentication scheme for wireless body area networks in healthcare system
CN105162592B (en) A kind of method and system of certification wearable device
Lee et al. Secure and anonymous authentication scheme for mobile edge computing environments
CN102291396A (en) Anonymous authentication algorithm for remote authentication between credible platforms
CN106230840A (en) A kind of command identifying method of high security
CN112311553B (en) Equipment authentication method based on challenge response
CN111753276A (en) Traceable multi-party electronic signing method, computer equipment and storage medium
Chen et al. A secure YS-like user authentication scheme
Nandan et al. Blockchain Encryption using Biometric Authentication.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant