CN109347885A - A kind of network authentication system and its authentication method - Google Patents

A kind of network authentication system and its authentication method Download PDF

Info

Publication number
CN109347885A
CN109347885A CN201811480876.5A CN201811480876A CN109347885A CN 109347885 A CN109347885 A CN 109347885A CN 201811480876 A CN201811480876 A CN 201811480876A CN 109347885 A CN109347885 A CN 109347885A
Authority
CN
China
Prior art keywords
data packet
authentication
message identifying
secondary data
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811480876.5A
Other languages
Chinese (zh)
Other versions
CN109347885B (en
Inventor
于复兴
索依娜
杨爱民
苏亚光
赵全明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongke Chenxiao (Beijing) Technology Co.,Ltd.
Original Assignee
North China University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by North China University of Science and Technology filed Critical North China University of Science and Technology
Priority to CN201811480876.5A priority Critical patent/CN109347885B/en
Publication of CN109347885A publication Critical patent/CN109347885A/en
Application granted granted Critical
Publication of CN109347885B publication Critical patent/CN109347885B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of network authentication systems, including several certificate servers, for handling network authentication task;Several authentication interface terminals, for connecting accessed node to be certified;Encrypting module is connect with authentication interface terminal, is encrypted for the message identifying to accessed node;Address selection module is connect with encrypting module, is selected for the transmitting path to encrypted data packet;Deciphering module is connect with certificate server, for decompressing data packet, is sent to corresponding certificate server and is authenticated.The present invention can improve the deficiencies in the prior art, improve the safety of network authentication.

Description

A kind of network authentication system and its authentication method
Technical field
The present invention relates to technical field of network security, especially a kind of network authentication system and its authentication method.
Background technique
With the development of network technology, people's lives and work are increasingly dependent on the various information that network provides.Therewith And come, it is exactly the promotion of network security importance.In order to guarantee the network information security, existing network, which mostly passes through, all kinds of to be recognized Card means carry out safety assurance.But existing authentication method is easy by hacker attack and cracks, overall security is not high.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of network authentication system and its authentication methods, are able to solve existing The deficiency of technology improves the safety of network authentication.
In order to solve the above technical problems, the technical solution used in the present invention is as follows.
A kind of network authentication system, including,
Several certificate servers, for handling network authentication task;
Several authentication interface terminals, for connecting accessed node to be certified;
Encrypting module is connect with authentication interface terminal, is encrypted for the message identifying to accessed node;
Address selection module is connect with encrypting module, is selected for the transmitting path to encrypted data packet;
Deciphering module is connect with certificate server, for decompressing data packet, is sent to corresponding certificate server and is authenticated.
A kind of authentication method of above-mentioned network authentication system, comprising the following steps:
A, accessed node to be certified tests the speed to each authentication interface terminal, the authentication interface terminal for selecting connection speed most fast It is attached;
B, message identifying is sent to encrypting module by authentication interface terminal and encrypted by accessed node to be certified;
C, encrypted data packet is established transmitting path with certificate server and connect by address selection module;For each transmission path Diameter, will be located at the packet marking in transmitting path is main data packet, is secondary data packet by other packet markings;
D, master data packet and randomly selected several secondary data packets are sent to deciphering module, deciphering module pair by transmitting path Master data packet is decrypted to obtain message identifying, and secondary data packet directly passes through deciphering module and do not deal with;
E, the certificate server of message identifying and secondary data packet is received according to the consistency of message identifying and the number of secondary data packet Authentication processing is carried out according to amount distribution characteristics.
In step B, encrypting module will select real-time connection speed of the authentication interface terminal of connection in encryption in step A As encrypted object, encrypted after being combined with the check bit of message identifying.
Preferably, handled secondary data packet by hash function in step D, obtain hashed value, according to calculating The hashed value arrived determines the real-time Transmission rate of secondary data packet.
Preferably, in step E, certificate server is according to the distortion and message identifying other positions of message identifying check bit The linearity of distortion judge the safety of message identifying, if the linearity is lower than given threshold, be determined as dangerous, certification is lost It loses, is otherwise determined as safety, then the real-time Transmission rate of secondary data packet is measured, if real-time Transmission rate curve and pre- If curve identical, then success is authenticated, otherwise authentification failure.
Preferably, by due to real-time Transmission rate curve and not identical and authentification failure the message identifying weight of pre-programmed curve New selection real-time Transmission rate curve, and secondary data packet is sent according to new real-time Transmission rate curve, carry out secondary measurement.
Brought beneficial effect is by adopting the above technical scheme: by the present invention in that with " authentication of message+traffic characteristic The double authentication mode of verifying ", improves the safety of verification process.At the same time, it by improving message encryption process, improves The safety that message transmissions are constituted;By obtaining hashed value using hash function, real-time control is carried out to traffic characteristic, it can be with A possibility that traffic characteristic is illegally imitated is effectively reduced, to improve double authentication side provided by the invention on the whole The safety of formula.
Detailed description of the invention
Fig. 1 is the structure chart of a specific embodiment of the invention.
In figure: 1, certificate server;2, authentication interface terminal;3, encrypting module;4, address selection module;5, mould is decrypted Block.
Specific embodiment
Referring to Fig.1, a specific embodiment of the invention includes
Several certificate servers 1, for handling network authentication task;
Several authentication interface terminals 2, for connecting accessed node to be certified;
Encrypting module 3 is connect with authentication interface terminal 2, is encrypted for the message identifying to accessed node;
Address selection module 4 is connect with encrypting module 3, is selected for the transmitting path to encrypted data packet;
Deciphering module 5 is connect with certificate server 1, for decompressing data packet, is sent to corresponding certificate server 1 and is authenticated.
A kind of authentication method of above-mentioned network authentication system, comprising the following steps:
A, accessed node to be certified tests the speed to each authentication interface terminal 2, and the authentication interface for selecting connection speed most fast is whole End 2 is attached;
B, message identifying is sent to encrypting module 3 by authentication interface terminal 2 and encrypted by accessed node to be certified;
C, encrypted data packet is established transmitting path with certificate server 1 and connect by address selection module 4;For each transmission Path, will be located at the packet marking in transmitting path is main data packet, is secondary data packet by other packet markings;
D, master data packet and randomly selected several secondary data packets are sent to deciphering module 5, deciphering module 5 by transmitting path Master data packet is decrypted to obtain message identifying, secondary data packet directly passes through deciphering module 5 and do not deal with;
E, the certificate server 1 of message identifying and secondary data packet is received according to the consistency of message identifying and the number of secondary data packet Authentication processing is carried out according to amount distribution characteristics.
In step B, encrypting module 3 will select real-time connection speed of the authentication interface terminal 2 of connection in encryption in step A Degree is used as encrypted object, is encrypted after being combined with the check bit of message identifying.
In step D, secondary data packet is handled by hash function, hashed value is obtained, according to the hash being calculated Value determines the real-time Transmission rate of secondary data packet.
In step E, certificate server 1 is according to the distortion of message identifying check bit and the distortion of message identifying other positions The linearity judges the safety of message identifying, if the linearity is lower than given threshold, is determined as dangerous, authentification failure, otherwise It is determined as safety, then the real-time Transmission rate of secondary data packet is measured, if real-time Transmission rate curve and pre-programmed curve It is identical, then success is authenticated, otherwise authentification failure.
Reality will be reselected due to real-time Transmission rate curve and not identical and authentification failure the message identifying of pre-programmed curve When transmission rate curve, and send secondary data packet according to new real-time Transmission rate curve, carry out secondary measurement.Reselect reality When transmission rate curve when, use secondary data packet real as the real time rate and original transmitted in the transmitting path of master data packet at it When transmission rate curve be weighted and averaged, the real-time Transmission rate curve reselected.Pass through two to message identifying Secondary measurement is weighted processing using to former real-time Transmission rate curve, and the transmission rate as caused by hardware problem is avoided to become Change the interference for certification.
In the description of the present invention, it is to be understood that, term " longitudinal direction ", " transverse direction ", "upper", "lower", "front", "rear", The orientation or positional relationship of the instructions such as "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outside" is based on attached drawing institute The orientation or positional relationship shown is merely for convenience of the description present invention, rather than the device or element of indication or suggestion meaning must There must be specific orientation, be constructed and operated in a specific orientation, therefore be not considered as limiting the invention.
The above shows and describes the basic principles and main features of the present invention and the advantages of the present invention.The technology of the industry Personnel are it should be appreciated that the present invention is not limited to the above embodiments, and the above embodiments and description only describe this The principle of invention, without departing from the spirit and scope of the present invention, various changes and improvements may be made to the invention, these changes Change and improvement all fall within the protetion scope of the claimed invention.The claimed scope of the invention by appended claims and its Equivalent thereof.

Claims (6)

1. a kind of network authentication system, it is characterised in that: including several certificate servers (1) are appointed for handling network authentication Business;Several authentication interface terminals (2), for connecting accessed node to be certified;Encrypting module (3), with authentication interface terminal (2) it connects, is encrypted for the message identifying to accessed node;Address selection module (4) is connect with encrypting module (3), is used It is selected in the transmitting path to encrypted data packet;Deciphering module (5) is connect, for decompressing with certificate server (1) Data packet is sent to corresponding certificate server (1) and is authenticated.
2. a kind of authentication method of network authentication system described in claim 1, it is characterised in that the following steps are included:
A, accessed node to be certified tests the speed to each authentication interface terminal (2), the authentication interface for selecting connection speed most fast Terminal (2) is attached;
B, message identifying is sent to encrypting module (3) by authentication interface terminal (2) and encrypted by accessed node to be certified;
C, encrypted data packet is established transmitting path with certificate server (1) and connect by address selection module (4);For each Transmitting path, will be located at the packet marking in transmitting path is main data packet, is secondary data packet by other packet markings;
D, master data packet and randomly selected several secondary data packets are sent to deciphering module (5) by transmitting path, decrypt mould Block (5) is decrypted master data packet to obtain message identifying, and secondary data packet directly passes through deciphering module (5) and do not deal with;
E, the certificate server (1) of message identifying and secondary data packet is received according to the consistency of message identifying and secondary data packet Data volume distribution characteristics carries out authentication processing.
3. the authentication method of network authentication system according to claim 2, it is characterised in that: in step B, encrypting module (3) it will select real-time connection speed of the authentication interface terminal (2) of connection in encryption as encrypted object in step A, and recognize The check bit of card message is encrypted after being combined.
4. the authentication method of network authentication system according to claim 3, it is characterised in that: in step D, by secondary data packet It is handled by hash function, obtains hashed value, the real-time Transmission speed of secondary data packet is determined according to the hashed value being calculated Rate.
5. the authentication method of network authentication system according to claim 4, it is characterised in that: in step E, certificate server (1) safety of message identifying is judged according to the linearity of the distortion of message identifying check bit and the distortion of message identifying other positions Property, if the linearity is lower than given threshold, it is determined as dangerous, authentification failure, is otherwise determined as safety, then to secondary data packet Real-time Transmission rate be measured, if real-time Transmission rate curve is identical as pre-programmed curve, authenticate success, otherwise certification lose It loses.
6. the authentication method of network authentication system according to claim 5, it is characterised in that: will be due to real-time Transmission rate Curve and not identical and authentification failure the message identifying of pre-programmed curve reselect real-time Transmission rate curve, and according to new reality When transmission rate curve send secondary data packet, carry out secondary measurement.
CN201811480876.5A 2018-12-05 2018-12-05 Authentication method of network authentication system Active CN109347885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811480876.5A CN109347885B (en) 2018-12-05 2018-12-05 Authentication method of network authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811480876.5A CN109347885B (en) 2018-12-05 2018-12-05 Authentication method of network authentication system

Publications (2)

Publication Number Publication Date
CN109347885A true CN109347885A (en) 2019-02-15
CN109347885B CN109347885B (en) 2020-12-08

Family

ID=65320034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811480876.5A Active CN109347885B (en) 2018-12-05 2018-12-05 Authentication method of network authentication system

Country Status (1)

Country Link
CN (1) CN109347885B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100067524A1 (en) * 2006-09-28 2010-03-18 Vinod Luthra Method and system for selecting a data transmission rate
CN104486336A (en) * 2014-12-12 2015-04-01 冶金自动化研究设计院 Device for safely isolating and exchanging industrial control networks
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
CN108737414A (en) * 2018-05-15 2018-11-02 河南职业技术学院 A kind of internet data safe transmission method and its safe transmission device and its implementation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100067524A1 (en) * 2006-09-28 2010-03-18 Vinod Luthra Method and system for selecting a data transmission rate
CN104486336A (en) * 2014-12-12 2015-04-01 冶金自动化研究设计院 Device for safely isolating and exchanging industrial control networks
CN106027463A (en) * 2016-01-21 2016-10-12 李明 Data transmission method
CN108737414A (en) * 2018-05-15 2018-11-02 河南职业技术学院 A kind of internet data safe transmission method and its safe transmission device and its implementation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
于复兴;索依娜: "A Module of the Public Safety Information", 《IEEE》 *

Also Published As

Publication number Publication date
CN109347885B (en) 2020-12-08

Similar Documents

Publication Publication Date Title
CN107749848B (en) Internet of things data processing method and device and Internet of things system
CN103581173B (en) Safe data transmission method, system and device based on industrial Ethernet
CN105847034B (en) Source verifying and path authentication method and device
CN106452721A (en) Method and system for instruction identification of intelligent device based on identification public key
US11153077B2 (en) Secure vehicle to vehicle communication
KR101831604B1 (en) Method for transmitting data, method for authentication, and server for executing the same
CN105429945B (en) A kind of method, apparatus and system of data transmission
CN104883367B (en) A kind of method, system and applications client that auxiliary verification logs in
CN103905194B (en) Identity traceability authentication method and system
CN109714370B (en) HTTP (hyper text transport protocol) -based cloud security communication implementation method
CN103067402A (en) Method and system for digital certificate generation
CN106534171B (en) Security authentication method, device and terminal
CN106850207A (en) Identity identifying method and system without CA
CN105933245A (en) Secure and credible access method in software defined network
CN104580553A (en) Identification method and device for network address translation device
CN107332819A (en) A kind of method for authenticating and device for conference system
CN109347875A (en) Internet of things equipment, platform of internet of things and the method and system for accessing platform of internet of things
CN107800723A (en) CC attack guarding methods and equipment
CN105024813A (en) Server, user equipment and interactive method of the user equipment and the server
CN101888296B (en) Method, device, equipment and system for detecting shadow user
US20220038906A1 (en) Secure vehicle to vehicle ptc communication
CN105577706A (en) Network safety defense system and method thereof
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN106656504A (en) Signature device and system and working method thereof
CN106549924B (en) A kind of communication security protection methods, devices and systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Yang Aimin

Inventor after: Yu Fuxing

Inventor after: Suo Yina

Inventor after: Su Yaguang

Inventor after: Zhao Quanming

Inventor before: Yu Fuxing

Inventor before: Suo Yina

Inventor before: Yang Aimin

Inventor before: Su Yaguang

Inventor before: Zhao Quanming

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220211

Address after: 100087 3201-e02, 32nd floor, building 4, fangqunyuan Third District, Fengtai District, Beijing

Patentee after: Zhongke Chenxiao (Beijing) Technology Co.,Ltd.

Address before: 063009 Tangshan City Caofeidian District, Hebei Province, Tangshan Bay eco Town, Bohai Road, 21

Patentee before: NORTH CHINA University OF SCIENCE AND TECHNOLOGY

TR01 Transfer of patent right