CN110048842B - Session key processing method, device and computer readable storage medium - Google Patents

Session key processing method, device and computer readable storage medium Download PDF

Info

Publication number
CN110048842B
CN110048842B CN201910466909.9A CN201910466909A CN110048842B CN 110048842 B CN110048842 B CN 110048842B CN 201910466909 A CN201910466909 A CN 201910466909A CN 110048842 B CN110048842 B CN 110048842B
Authority
CN
China
Prior art keywords
node
isp
user
session key
isp node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910466909.9A
Other languages
Chinese (zh)
Other versions
CN110048842A (en
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201910466909.9A priority Critical patent/CN110048842B/en
Publication of CN110048842A publication Critical patent/CN110048842A/en
Application granted granted Critical
Publication of CN110048842B publication Critical patent/CN110048842B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention provides a session key processing method, session key processing equipment and a computer-readable storage medium. The embodiment of the invention obtains a first session key between a first ISP node and a user node through a block chain network and a second ISP node in the block chain network by the first ISP node unregistered by the user node, receives a second random number sent by the user node through a short message mode or a point-to-point P2P mode of an IP address, and generates the second session key according to the first session key and the second random number, so that the second session key comprises a random number factor, only the first ISP node and the user node can obtain the second session key, and the second ISP node in the block chain network and the block chain network cannot obtain the second session key.

Description

Session key processing method, device and computer readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a session key processing method, a device, and a computer-readable storage medium.
Background
With the development of the intelligent terminal, a user can install various different Application programs (APPs) on the intelligent terminal, and the different APPs can provide different services for the user.
However, when a user installs an APP on an intelligent terminal, the user needs to register on an Internet Service Provider (ISP) server corresponding to the APP, and since Internet Service providers of different APPs are different, the user needs to register on different ISP servers. With the increasing number of APPs installed on the intelligent terminal by the user, if the user names and passwords registered on different ISP servers by the user are the same, the user names and passwords are easily leaked. If the user names and passwords registered by the user on different ISP servers are different, the user names and passwords corresponding to the APPs are difficult to remember by the user. In order to solve the problem, the prior art proposes to construct a federation block chain by using a large ISP node, for example, Facebook, twitter, wechat, pay pal, or the like, and after a user registers a user name and a password in a certain large ISP node, the large ISP node can provide query service of the user name and the password for other ISP nodes in the federation block chain, for example, a small ISP node.
For example, the large ISP node may act as an intermediary between the user node and the small ISP node, but the large ISP node may obtain the session key between the user node and the small ISP node completely, resulting in low security of communication between the user node and the small ISP node.
Disclosure of Invention
Embodiments of the present invention provide a session key processing method, a device, and a computer-readable storage medium, so as to improve security of communication between a first ISP node and a user node.
In a first aspect, an embodiment of the present invention provides a session key processing method, including:
a first Internet Service Provider (ISP) node receives a login request sent by a user node, wherein the login request comprises a user name corresponding to the user node;
the first ISP node generates a first random number according to the login request, and signs the first random number and the user name by adopting a private key of the first ISP node;
the first ISP node broadcasts the signed first random number and the user name to a block chain network to request to acquire registration information of the user node on a second ISP node in the block chain network;
the first ISP node receives first encryption information sent by the user node and second encryption information sent by the second ISP node, wherein the first encryption information is obtained by encrypting the first random number by the user node, and the second encryption information is obtained by encrypting the first random number by the second ISP node;
if the first encryption information is consistent with the second encryption information, the first ISP node determines to provide service for the user node;
the first ISP node acquires a first session key between the first ISP node and the user node through the second ISP node and the block chain network;
the first ISP node receives a second random number sent by the user node in a short message mode or a point-to-point P2P mode of an IP address;
and the first ISP node generates a second session key according to the first session key and the second random number, wherein the second session key is used for the communication between the first ISP node and the user node.
In a second aspect, an embodiment of the present invention provides a first internet service provider ISP node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a login request sent by a user node through the communication interface, wherein the login request comprises a user name corresponding to the user node;
generating a first random number according to the login request, and signing the first random number and the user name by adopting a private key of the first ISP node;
broadcasting the signed first random number and the user name to a block chain network through the communication interface so as to request to acquire registration information of the user node on a second ISP node in the block chain network;
receiving first encryption information sent by the user node and second encryption information sent by the second ISP node through the communication interface, wherein the first encryption information is obtained by encrypting the first random number by the user node, and the second encryption information is obtained by encrypting the first random number by the second ISP node;
if the first encryption information is consistent with the second encryption information, determining to provide service for the user node;
obtaining a first session key between the first ISP node and the user node through the second ISP node and the blockchain network;
receiving a second random number sent by the user node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address;
and generating a second session key according to the first session key and the second random number, wherein the second session key is used for the communication between the first ISP node and the user node.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the method in the first aspect.
The session key processing method, device and computer-readable storage medium provided by the embodiments of the present invention, a first ISP node which is not registered by a user node acquires a first session key between the first ISP node and the user node through a block chain network and a second ISP node in the block chain network, receiving the second random number sent by the user node by a short message mode or a point-to-point P2P mode of an IP address, generating a second session key based on the first session key and a second random number, such that the second session key includes a random number factor, and only the first ISP node and the user node can obtain the second session key, which cannot be obtained by the blockchain network and the second ISP node in the blockchain network, and therefore, when the first ISP node and the user node communicate by adopting the second session key, the security of the communication between the first ISP node and the user node is improved.
Drawings
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
fig. 2 is a flowchart of a session key processing method according to an embodiment of the present invention;
fig. 3 is a flowchart of a session key processing method according to another embodiment of the present invention;
fig. 4 is a flowchart of a session key processing method according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of an ISP node of a first internet service provider according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The session key processing method provided by the embodiment of the invention can be applied to the communication system shown in fig. 1. As shown in fig. 1, the communication system includes: an internet service provider node 1-an internet service provider node 5, and a user node, wherein the internet service provider node 1 may be a small ISP node, and the internet service provider node 2-the internet service provider node 5 may be a large ISP node, e.g. a node of an internet service provider such as Facebook, twitter, wechat, payroll, etc. The user node may specifically be a user terminal device. Large ISP nodes such as internet service provider node 2-internet service provider node 5 may construct a federation blockchain. Optionally, each of the internet service provider node 2-internet service provider node 5 is accessed as a block chain service node in the federation block chain, and provides an identity authentication service for other ISP nodes or user nodes. Optionally, the creation block of the federation block chain stores information such as a block chain identifier, a public key, and an IP address of each of the internet service provider node 2 and the internet service provider node 5. The internet service provider node 2-internet service provider node 5 manages the federation blockchain as an established node of the federation blockchain. For example, the internet service provider node 2-internet service provider node 5 may decide whether to allow access to the federation blockchain for a certain ISP node, e.g., a certain small ISP node. For example, the internet service provider node 1 and the user node may be nodes that access the federation blockchain upon approval by the internet service provider node 2-the internet service provider node 5.
In this embodiment, it is assumed that the user node is registered at any one of the federation blockchain nodes of the internet service provider node 2-the internet service provider node 5, that is, the registration information of the user node is recorded at any one of the federation blockchain nodes of the internet service provider node 2-the internet service provider node 5, and is stored in the ledger of the federation blockchain. And the user node and the block chain alliance node have a shared key, namely the user node and the block chain alliance node communicate through the shared key. For example, the user node registers the user information with the internet service provider node 2, and the user node and the internet service provider node 2 have a shared key therebetween. The user node is not registered with a small ISP node, such as internet service provider node 1.
The session key processing method provided by the embodiment of the invention aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a session key processing method according to an embodiment of the present invention. The embodiment of the invention provides a session key processing method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
step 201, a first internet service provider ISP node receives a login request sent by a user node, where the login request includes a user name corresponding to the user node.
In this embodiment, the first internet service provider ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. When the user node needs to log in the small ISP node, the user node may send a login request to the small ISP node, where the login request includes a user name corresponding to the user node, and correspondingly, the small ISP node receives the login request sent by the user node, and obtains the user name corresponding to the user node from the login request.
Step 202, the first ISP node generates a first random number according to the login request, and signs the first random number and the user name by using a private key of the first ISP node.
The small ISP node receives the login request, and generates a random number according to the login request, where the random number generated by the small ISP node is denoted as a first random number. Further, the small ISP node signs the first random number and the user name with its own private key.
Step 203, the first ISP node broadcasts the signed first random number and the user name to a block chain network to request to acquire registration information of the user node on a second ISP node in the block chain network.
In this embodiment, the second ISP node may specifically be the internet service provider node 2 shown in fig. 1. The small ISP node broadcasts the signed first random number and the user name to a blockchain network in a manner of broadcasting a message, where the blockchain network may specifically be a network including the federation blockchain node as described above, so as to apply for obtaining information registered by the user node in the federation blockchain, such as information of a user account and a password, from other ISP nodes in the federation blockchain. For example, the user node registers user information on the internet service provider node 2, and the mini ISP node broadcasts the signed first random number and the user name to the blockchain network in a manner of broadcasting a message, so as to apply for obtaining the user information, such as a user account and a password, registered by the user node on the internet service provider node 2.
Step 204, the first ISP node receives first encryption information sent by the user node and second encryption information sent by the second ISP node, where the first encryption information is obtained by encrypting the first random number by the user node, and the second encryption information is obtained by encrypting the first random number by the second ISP node.
As shown in fig. 1, the user node is also a node in the federation blockchain, and therefore, when the small ISP node broadcasts the signed first random number and username in the federation blockchain network, the user node may also receive the signed first random number and username. When the user node receives the signed first random number and the user name, firstly, a block chain account book in the alliance block chain is inquired, a public key of the small ISP node is obtained from the block chain account book, and the signature is verified by adopting the public key of the small ISP node. If the verification is passed, the user node can prompt the user to input the user key, and further, the user inputs the user key on the user node according to the memory of the user. And the user node encrypts the first random number by adopting the user key according to a first algorithm agreed with the small ISP node in advance to obtain a result after the first encryption. And then, the public key of the small ISP node is adopted, and the result after the first encryption is encrypted again according to a second algorithm agreed with the small ISP node in advance to obtain the result after the second encryption. Further, the user node signs the result after the second encryption by using a private key of the user node to obtain the signed result, and broadcasts the signed result to the block chain network, so that the small ISP node in the block chain network can receive the signed result of the user node. In other embodiments, the user node may not broadcast the signed result to the blockchain network, but the user directly inputs the signed result to a login interface or a registration interface of the mini ISP node, so that the mini ISP node directly obtains the signed result.
As shown in fig. 1, since a large ISP node such as an internet service provider node 2-an internet service provider node 5 is also a node in the federation blockchain, when the small ISP node broadcasts the signed first random number and user name in the federation blockchain network, each large ISP node may also receive the signed first random number and user name. Taking the internet service provider node 2 as an example, after the internet service provider node 2 receives the signed first random number and the user name, first, the block chain account book in the federation block chain is queried, the public key of the small ISP node is obtained from the block chain account book, and the signature is verified by using the public key of the small ISP node. If the verification is passed, the internet service provider node 2 queries the block chain account book according to the signed first random number and the user name in the user name, and acquires the user key corresponding to the user name from the block chain account book. The internet service provider node 2 encrypts the first random number according to a first algorithm agreed in advance with the small ISP node by using the user key, and obtains a result after the first encryption. Then, the internet service provider node 2 encrypts the result of the first encryption again according to a second algorithm agreed in advance with the small ISP node by using the public key of the small ISP node, to obtain a result of the second encryption. Further, the internet service provider node 2 signs the result obtained after the second encryption by using its own private key to obtain the signed result, and broadcasts the signed result to the blockchain network, so that the small ISP node in the blockchain network can receive the signed result of the internet service provider node 2.
In this embodiment, the user node may adopt the user key, and an encrypted result of the first random number obtained by encrypting the first random number according to a first algorithm agreed with the small ISP node in advance may be recorded as the first encrypted information. And recording a first encrypted result obtained by encrypting the first random number by the internet service provider node 2 by using the user key according to a first algorithm agreed with the small ISP node in advance as second encrypted information.
Step 205, if the first encrypted information and the second encrypted information are consistent, the first ISP node determines to provide service for the user node.
When the small ISP node receives the result obtained by signing the user node and the result obtained by signing the internet service provider node 2 as described above, the signature of the user node is verified according to the public key of the user node, and the signature of the internet service provider node 2 is verified according to the public key of the internet service provider node 2. Assuming that the signature of the small ISP node on the user node and the signature of the internet service provider node 2 are both successfully verified, the small ISP node further decrypts the second encrypted result of the user node by using its own private key according to a decryption algorithm corresponding to a second algorithm agreed in advance by the user node, so as to obtain first encrypted information. Meanwhile, the small ISP node decrypts the second encrypted result of the internet service provider node 2 by using its own private key according to a decryption algorithm corresponding to a second algorithm agreed in advance by the internet service provider node 2, so as to obtain second encrypted information.
The small ISP node compares the first encryption information with the second encryption information to determine whether the first encryption information and the second encryption information are consistent, if so, the authentication is passed, and the small ISP node determines to provide services for the user node. If not, authentication fails and the small ISP node determines not to provide service to the user node.
In this embodiment, assuming that the first encryption information and the second encryption information are identical, the small ISP node determines to provide a service to the user node. At this time, a session key for communication is required between the small ISP node and the user node.
In this embodiment, the small ISP node and the user node may communicate a session key through the blockchain network, where the session key is denoted as SK, and a random number may also be directly communicated between the small ISP node and the user node. This second Random number is denoted as Random. The small ISP node and the user node can generate a new session Key according to SK and Random respectively, the new session Key is marked as Key, and Key is f (SK, Random). The small ISP node and the user node communicate by using the new session Key, that is, the new session Key is the real communication session Key of the small ISP node and the user node. Optionally, in this embodiment, the small ISP node and the user node may agree in advance on an algorithm for computing Key according to SK and Random. In addition, the session Key SK can be recorded as a first session Key, and the new session Key can be recorded as a second session Key.
Step 206, the first ISP node obtains a first session key between the first ISP node and the user node through the second ISP node and the blockchain network.
In this embodiment, the first session key may be generated by any one of the small ISP node, the user node, and the internet service provider node 2. For example, the user node generates the first session key and transmits the first session key to the small ISP node through the blockchain network and the internet service provider node 2. Accordingly, the small ISP node obtains the first session key between the small ISP node and the user node through the blockchain network and the internet service provider node 2.
And step 207, the first ISP node receives the second random number sent by the user node through a short message mode or a peer-to-peer P2P mode of an IP address.
After the small ISP node obtains the first session key between the small ISP node and the user node through the blockchain network and the internet service provider node 2, a Random number, i.e., the second Random number Random as described above, may be directly transmitted between the small ISP node and the user node through a short message method of a mobile switching network or a point-to-point (P2P) method of an IP address. For example, the user node may send the second Random number Random to the small ISP node in a short message manner or in a P2P manner of the IP address, and accordingly, the small ISP node receives the second Random number Random sent by the user node in a short message manner or in a P2P manner of the IP address.
Optionally, the receiving, by the first ISP node, the second random number sent by the user node in a short message manner or a peer-to-peer P2P manner of an IP address includes: the first ISP node receives a second random number which is sent by the user node and encrypted by a public key of the first ISP node through a short message mode or a point-to-point P2P mode of an IP address; and the first ISP node decodes the encrypted second random number by adopting a private key of the first ISP node to obtain the second random number.
For example, the user node is an online node in the blockchain network, and the user node has an authenticated blockchain access capability, or has a capability of querying a blockchain ledger in the blockchain network, before the user node sends the second Random number Random in a short message manner or in a P2P manner of an IP address, the user node may query the blockchain ledger to obtain a public key of the small ISP node, and encrypt the second Random number Random with the public key according to a pre-agreed algorithm to obtain an encrypted second Random number Random, and further send the encrypted second Random number Random to the small ISP node in a short message manner or in a P2P manner of an IP address. And when the small ISP node receives the second Random number Random after the user node is encrypted, the small ISP node decrypts the encrypted second Random number Random by adopting the private key of the small ISP node according to a decryption algorithm corresponding to the pre-agreed algorithm to obtain the second Random number Random.
And step 208, the first ISP node generates a second session key according to the first session key and the second random number, where the second session key is used for the communication between the first ISP node and the user node.
The small ISP node generates a second session Key, Key ═ f (SK, Random), according to the first session Key SK obtained in step 206 and the second Random number Random received in step 207. Correspondingly, the user node may also calculate the second session Key through f (SK, Random). The second session Key is the final session Key generated by the small ISP node and the user node, and the small ISP node and the user node will only use the second session Key for communication in the subsequent communication process.
In the embodiment of the invention, a first ISP node which is not registered by a user node acquires a first session key between the first ISP node and the user node through a block chain network and a second ISP node in the block chain network, receives a second random number sent by the user node through a short message mode or a point-to-point P2P mode of an IP address, and generates a second session key according to the first session key and the second random number, so that the second session key comprises a random number factor, only the first ISP node and the user node can obtain the second session key, and the second ISP node in the block chain network cannot obtain the second session key.
Fig. 3 is a flowchart of a session key processing method according to another embodiment of the present invention. On the basis of the foregoing embodiment, the step of acquiring, by the first ISP node through the second ISP node and the blockchain network, the first session key between the first ISP node and the user node specifically includes the following steps:
step 301, the first ISP node receives first information broadcast by the second ISP node in the block chain network, where the first information is generated by the second ISP node encrypting the first session key by using the public key of the first ISP node, and then signing the encrypted first session key by using the private key of the second ISP node.
In this embodiment, the first ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. The second ISP node is in particular an internet service provider node 2 as described above.
Optionally, the first session key is generated by the user node or the second ISP node.
For example, in one possible approach, the first session key is generated by the user node. After the user node generates the first session key, the first session key is encrypted according to a predetermined algorithm by using a shared key between the user node and the internet service provider node 2 to obtain an encrypted first session key, further, the user node signs the encrypted first session key by using a private key of the user node, and broadcasts a signed result to the block chain network, so that a large ISP node in the block chain network can receive the signed result. For example, the internet service provider node 2 receives the signed result. The internet service provider node 2 firstly verifies the private key signature of the user node, and if the verification is passed, the internet service provider node 2 decrypts the encrypted first session key according to a decryption algorithm corresponding to a pre-agreed algorithm and a shared key between the internet service provider node 2 and the user node to obtain the first session key.
Further, the internet service provider node 2 encrypts the first session key according to a predetermined algorithm by using the public key of the small ISP node to obtain an encrypted first session key, and further, the internet service provider node 2 signs the encrypted first session key by using its own private key to obtain the first information. The internet service provider node 2 then broadcasts the first information in a broadcast manner into the blockchain network so that small ISP nodes in the blockchain network can receive the first information.
Step 302, if the first ISP node verifies the private key signature of the second ISP node, the first ISP node decrypts the encrypted first session key by using the private key of the first ISP node to obtain the first session key.
After receiving the first information, the small ISP node verifies the private key signature of the internet service provider node 2 in the first information, and if the verification is passed, the small ISP node decrypts the encrypted first session key according to a decryption algorithm corresponding to a pre-agreed algorithm and by using the private key of the small ISP node, so as to obtain the first session key.
In another possible approach, the first session key is generated by the internet service provider node 2. After the internet service provider node 2 generates a first session key, the first session key is encrypted according to a shared key between the internet service provider node 2 and a user node, the encrypted first session key is signed by using a private key of the internet service provider node 2 to obtain a signed result, and the signed result is sent to the user node, so that when the user node receives the signed result, the private key signature of the internet service provider node 2 is verified first, and after the verification is passed, the first session key is obtained by decrypting through the shared key between the internet service provider node 2 and the user node. In addition, after the internet service provider node 2 generates the first session key, the first session key may be encrypted according to the public key of the small ISP node to obtain the encrypted first session key, and further, the internet service provider node 2 signs the encrypted first session key with its own private key to obtain a signed result and sends the signed result to the small ISP node, so that when the small ISP node receives the signed result, the private key signature of the internet service provider node 2 is verified first, and after the verification is passed, the private key of the small ISP node is decrypted to obtain the first session key. So that the small ISP node and the user node respectively receive the first session key generated by the internet service provider node 2.
In this embodiment, the user node may be an online node in the blockchain network, and may receive a message broadcasted in the blockchain network in real time, or broadcast a message in the blockchain network.
In the embodiment of the invention, the first session key is generated by the user node or the second ISP node, so that the first ISP node acquires the first session key between the first ISP node and the user node through the second ISP node and the block chain network, thereby improving the flexibility of the generation mode of the first session key.
Fig. 4 is a flowchart of a session key processing method according to another embodiment of the present invention. On the basis of the foregoing embodiment, the first session key is generated by the user node or the second ISP node, and in this embodiment, the first session key may also be generated by a first ISP node, for example, the small ISP node in the foregoing embodiment, specifically, the method further includes the following steps:
step 401, the first ISP node generates the first session key.
For example, the small ISP node generates a first session key.
Step 402, the first ISP node encrypts the first session key using the public key of the second ISP node to obtain third encrypted information, and signs the third encrypted information using the private key of the first ISP node to obtain second information.
The small ISP node encrypts the first session key according to a predetermined algorithm using the public key of the internet service provider node 2 to obtain an encrypted first session key, where the encrypted first session key is recorded as third encrypted information, and further, the small ISP node signs the third encrypted information using its own private key to obtain second information.
Step 403, the first ISP node sends the second information to the second ISP node in a broadcast manner, so that the second ISP node obtains the first session key from the second information, encrypts the first session key by using a shared key between the second ISP node and the user node to obtain fourth encrypted information, signs the fourth encrypted information by using a private key of the second ISP node to obtain third information, and sends the third information to the user node, so that the user node obtains the first session key from the third information.
The small ISP node broadcasts the second information to the blockchain network by way of broadcasting so that the internet service provider node 2 in the blockchain network can receive the second information. When the internet service provider node 2 receives the second information, the private key signature of the small ISP node is verified, and if the verification is passed, the internet service provider node 2 decrypts the third encrypted information by using the private key of the internet service provider node 2 according to a decryption algorithm corresponding to a pre-agreed algorithm to obtain a first session key. Further, the internet service provider node 2 encrypts the first session key using the shared key between the internet service provider node 2 and the user node to obtain fourth encrypted information, and signs the fourth encrypted information using the own private key of the internet service provider node 2 to obtain third information. Further, the internet service provider node 2 broadcasts the third information into the blockchain network so that user nodes in the blockchain network can receive the third information.
When the user node receives the third information, firstly, the private key signature of the internet service provider node 2 in the third information is verified, if the verification is passed, the user node decrypts the fourth encrypted information according to a decryption algorithm corresponding to a pre-agreed algorithm and by adopting a shared key between the internet service provider node 2 and the user node, and the first session key is obtained.
In this embodiment, the user node may be an online node in the blockchain network, and may receive the message broadcasted in the blockchain network in real time.
The embodiment of the invention produces the first session key through the first ISP node and sends the first session key to the user node through the second ISP node and the block chain network, thereby further improving the flexibility of the generation mode of the first session key.
In the above embodiment, the user node may be an online node in the blockchain network, and may receive the message broadcast in the blockchain network in real time, or may broadcast the message in the blockchain network in real time. However, in general, the user node may be an intelligent terminal, and the intelligent terminal is not suitable for being used as an online node in the blockchain network due to power consumption, that is, the intelligent terminal is in an offline state in the blockchain network. At this point, the user node and the small ISP node as described above need to be in single line contact, for example, the user node and the small ISP node may communicate via short message service over a mobile switching network or P2P for IP addresses.
In a possible manner, the internet service provider node 2 generates a first session key, further, the internet service provider node 2 performs a first encryption process on the first session key by using a shared key between the internet service provider node 2 and the user node to obtain a first encryption result, and further, the internet service provider node 2 performs a second encryption process on the first encryption result by using a public key of a small ISP node which the user node wants to register to obtain a second encryption result. Further, the internet service provider node 2 signs the second encryption result by using its own private key to obtain a signature result, and broadcasts the signature result to the blockchain network in a broadcast manner, so that the small ISP node in the blockchain network can receive the signature result. After receiving the signature result, the small ISP node firstly verifies the private key signature of the internet service provider node 2 in the signature result by using the public key of the internet service provider node 2, and if the verification is passed, the small ISP node decrypts the second encryption result by using its own private key to obtain the first encryption result. Further, the small ISP node sends the first encryption result to the user node in a short message manner between the small ISP node and the user node or in a P2P manner of an IP address, and after receiving the first encryption result, the user node may decrypt the first encryption result according to a shared key between the user node and the internet service provider node 2 to obtain a first session key.
In another possible manner, the small ISP node generates a first session key, further, the small ISP node encrypts the first session key by using the public key of the internet service provider node 2 to obtain an encrypted result, further, the small ISP node signs the encrypted result by using its own private key to obtain a signed result, and broadcasts the signed result to the blockchain network in a broadcast manner, so that the internet service provider node 2 in the blockchain network can receive the signed result. After the internet service provider node 2 receives the signature result, the public key of the small ISP node is used to verify the private key signature of the small ISP node in the signature result, and if the signature passes the verification, the internet service provider node 2 decrypts the encrypted result by using its own private key to obtain the first session key. Further, the internet service provider node 2 encrypts the first session key using the shared key between the internet service provider node 2 and the user node to obtain an encrypted result. Further, the internet service provider node 2 signs the encryption result by using its own private key to obtain a signature result, and broadcasts the signature result to the blockchain network in a broadcast manner, so that the small ISP node in the blockchain network can receive the signature result. After receiving the signature result, the small ISP node first verifies the private key signature of the internet service provider node 2 in the signature result by using the public key of the internet service provider node 2, if the verification is passed, the small ISP node sends an encrypted result obtained by encrypting the first session key by the internet service provider node 2 by using a shared key to the user node in a short message mode or a P2P mode of an IP address, and after receiving the encrypted result, the user node can decrypt the encrypted result according to the shared key between the user node and the internet service provider node 2 to obtain the first session key.
In this embodiment, when the user node is in an offline state in the blockchain network, the small ISP node sends the encryption result of the first session key to the user node through a short message or a P2P method of the IP address, so that the user node can decrypt the encryption result through the shared key between the user node and the large ISP node that the user node has registered, to obtain the first session key, thereby further improving the flexibility of the first session key to be transmitted between the small ISP node and the user node.
Fig. 5 is a schematic structural diagram of an ISP node of a first internet service provider according to an embodiment of the present invention. As shown in fig. 5, a first internet service provider ISP node 50 may execute a processing procedure provided in the embodiment of the session key processing method, where the processing procedure is as follows: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: receiving a login request sent by a user node through the communication interface, wherein the login request comprises a user name corresponding to the user node; generating a first random number according to the login request, and signing the first random number and the user name by adopting a private key of the first ISP node; broadcasting the signed first random number and the user name to a block chain network through the communication interface so as to request to acquire registration information of the user node on a second ISP node in the block chain network; receiving first encryption information sent by the user node and second encryption information sent by the second ISP node through the communication interface, wherein the first encryption information is obtained by encrypting the first random number by the user node, and the second encryption information is obtained by encrypting the first random number by the second ISP node; if the first encryption information is consistent with the second encryption information, determining to provide service for the user node; obtaining a first session key between the first ISP node and the user node through the second ISP node and the blockchain network; receiving a second random number sent by the user node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address; and generating a second session key according to the first session key and the second random number, wherein the second session key is used for the communication between the first ISP node and the user node.
Optionally, when the processor receives the second random number sent by the user node through the communication interface in a short message manner or in a peer-to-peer P2P manner of the IP address, the processor is specifically configured to: receiving a second random number which is sent by the user node and encrypted by using the public key of the first ISP node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address; and decoding the encrypted second random number by adopting the private key of the first ISP node to obtain the second random number.
Optionally, when the processor obtains the first session key between the first ISP node and the user node through the second ISP node and the blockchain network, the processor is specifically configured to: receiving first information broadcast by the second ISP node in the block chain network through the communication interface, wherein the first information is generated after the second ISP node encrypts the first session key by using a public key of the first ISP node and signs the encrypted first session key by using a private key of the second ISP node; and if the first ISP node verifies the signature of the private key of the second ISP node, decrypting the encrypted first session key by using the private key of the first ISP node to obtain the first session key.
Optionally, the first session key is generated by the user node or the second ISP node.
Optionally, the processor is further configured to: generating the first session key; encrypting the first session key by using the public key of the second ISP node to obtain third encrypted information, and signing the third encrypted information by using the private key of the first ISP node to obtain second information; and sending the second information to the second ISP node through the communication interface in a broadcasting manner, so that the second ISP node acquires the first session key from the second information, encrypts the first session key by using a shared key between the second ISP node and the user node to obtain fourth encrypted information, signs the fourth encrypted information by using a private key of the second ISP node to obtain third information, and sends the third information to the user node, so that the user node acquires the first session key from the third information.
The first internet service provider ISP node of the embodiment shown in fig. 5 may be configured to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, and are not described herein again.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the session key processing method described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. A session key processing method, comprising:
a first Internet Service Provider (ISP) node receives a login request sent by a user node, wherein the login request comprises a user name corresponding to the user node;
the first ISP node generates a first random number according to the login request, and signs the first random number and the user name by adopting a private key of the first ISP node;
the first ISP node broadcasts the signed first random number and the user name to a block chain network to request to acquire registration information of the user node on a second ISP node in the block chain network;
the first ISP node receives first encryption information sent by the user node and second encryption information sent by the second ISP node, wherein the first encryption information is obtained by encrypting the first random number by the user node, and the second encryption information is obtained by encrypting the first random number by the second ISP node;
if the first encryption information is consistent with the second encryption information, the first ISP node determines to provide service for the user node;
if a first session key between the first ISP node and the user node is generated by the user node or the second ISP node, the first ISP node acquires the first session key between the first ISP node and the user node through the second ISP node and the blockchain network;
the first ISP node receives a second random number sent by the user node in a short message mode or a point-to-point P2P mode of an IP address;
and the first ISP node generates a second session key according to the first session key and the second random number, wherein the second session key is used for the communication between the first ISP node and the user node.
2. The method as claimed in claim 1, wherein said receiving, by said first ISP node, said second random number transmitted by said user node via short message or peer-to-peer P2P with IP address comprises:
the first ISP node receives a second random number which is sent by the user node and encrypted by a public key of the first ISP node through a short message mode or a point-to-point P2P mode of an IP address;
and the first ISP node decodes the encrypted second random number by adopting a private key of the first ISP node to obtain the second random number.
3. The method of claim 1 or 2, wherein the first ISP node obtaining a first session key between the first ISP node and the user node through the second ISP node and the block chain network comprises:
the first ISP node receives first information broadcast by the second ISP node in the block chain network, wherein the first information is generated by the second ISP node encrypting the first session key by adopting a public key of the first ISP node and then signing the encrypted first session key by adopting a private key of the second ISP node;
and if the first ISP node verifies the private key signature of the second ISP node, the first ISP node decrypts the encrypted first session key by using the private key of the first ISP node to obtain the first session key.
4. The method of claim 1 or 2, wherein if the first session key between the first ISP node and the user node is generated by the first ISP node, the method further comprises:
the first ISP node encrypts the first session key by adopting the public key of the second ISP node to obtain third encrypted information, and signs the third encrypted information by adopting the private key of the first ISP node to obtain second information;
and the first ISP node sends the second information to the second ISP node in a broadcasting mode so that the second ISP node acquires the first session key from the second information, encrypts the first session key by using a shared key between the second ISP node and the user node to obtain fourth encrypted information, signs the fourth encrypted information by using a private key of the second ISP node to obtain third information, and sends the third information to the user node so that the user node acquires the first session key from the third information.
5. A first internet service provider, ISP, node comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a login request sent by a user node through the communication interface, wherein the login request comprises a user name corresponding to the user node;
generating a first random number according to the login request, and signing the first random number and the user name by adopting a private key of the first ISP node;
broadcasting the signed first random number and the user name to a block chain network through the communication interface so as to request to acquire registration information of the user node on a second ISP node in the block chain network;
receiving first encryption information sent by the user node and second encryption information sent by the second ISP node through the communication interface, wherein the first encryption information is obtained by encrypting the first random number by the user node, and the second encryption information is obtained by encrypting the first random number by the second ISP node;
if the first encryption information is consistent with the second encryption information, determining to provide service for the user node;
if the first session key between the first ISP node and the user node is generated by the user node or the second ISP node, acquiring the first session key between the first ISP node and the user node through the second ISP node and the blockchain network;
receiving a second random number sent by the user node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address;
and generating a second session key according to the first session key and the second random number, wherein the second session key is used for the communication between the first ISP node and the user node.
6. The first ISP node of claim 5, wherein the processor, when receiving the second random number sent by the user node via the communication interface in a short message manner or in a peer-to-peer P2P manner with respect to an IP address, is further configured to:
receiving a second random number which is sent by the user node and encrypted by using the public key of the first ISP node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address;
and decoding the encrypted second random number by adopting the private key of the first ISP node to obtain the second random number.
7. The first ISP node of claim 5 or 6, wherein the processor, when obtaining the first session key between the first ISP node and the user node via the second ISP node and the blockchain network, is specifically configured to:
receiving first information broadcast by the second ISP node in the block chain network through the communication interface, wherein the first information is generated after the second ISP node encrypts the first session key by using a public key of the first ISP node and signs the encrypted first session key by using a private key of the second ISP node;
and if the first ISP node verifies the signature of the private key of the second ISP node, decrypting the encrypted first session key by using the private key of the first ISP node to obtain the first session key.
8. The first ISP node of claim 5 or 6, wherein if the first session key between the first ISP node and the user node was generated by the first ISP node, the processor is further configured to:
encrypting the first session key by using the public key of the second ISP node to obtain third encrypted information, and signing the third encrypted information by using the private key of the first ISP node to obtain second information;
and sending the second information to the second ISP node through the communication interface in a broadcasting manner, so that the second ISP node acquires the first session key from the second information, encrypts the first session key by using a shared key between the second ISP node and the user node to obtain fourth encrypted information, signs the fourth encrypted information by using a private key of the second ISP node to obtain third information, and sends the third information to the user node, so that the user node acquires the first session key from the third information.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-4.
CN201910466909.9A 2019-05-30 2019-05-30 Session key processing method, device and computer readable storage medium Active CN110048842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910466909.9A CN110048842B (en) 2019-05-30 2019-05-30 Session key processing method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910466909.9A CN110048842B (en) 2019-05-30 2019-05-30 Session key processing method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110048842A CN110048842A (en) 2019-07-23
CN110048842B true CN110048842B (en) 2021-09-10

Family

ID=67284325

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910466909.9A Active CN110048842B (en) 2019-05-30 2019-05-30 Session key processing method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110048842B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111065101A (en) * 2019-12-30 2020-04-24 全链通有限公司 5G communication information encryption and decryption method and device based on block chain and storage medium
CN114553426B (en) * 2020-11-26 2023-08-15 中移物联网有限公司 Signature verification method, key management platform, security terminal and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143487A (en) * 2010-02-03 2011-08-03 中兴通讯股份有限公司 Negotiation method and negotiation system for end-to-end session key
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 Identity verification method, client, relay device and server
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN109087100A (en) * 2018-08-02 2018-12-25 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015108410A1 (en) * 2014-01-15 2015-07-23 Xorkey B.V. Secure login without passwords
US10567168B2 (en) * 2017-11-16 2020-02-18 International Business Machines Corporation Blockchain transaction privacy enhancement through broadcast encryption

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143487A (en) * 2010-02-03 2011-08-03 中兴通讯股份有限公司 Negotiation method and negotiation system for end-to-end session key
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 Identity verification method, client, relay device and server
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN109087100A (en) * 2018-08-02 2018-12-25 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110048842A (en) 2019-07-23

Similar Documents

Publication Publication Date Title
CN111949953B (en) Identity authentication method, system and device based on block chain and computer equipment
KR102018971B1 (en) Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium
CN103051628B (en) Obtain the method and system of authentication token based on server
RU2417422C2 (en) Single network login distributed service
CN106487765B (en) Authorized access method and device using the same
US20110093710A1 (en) Low-latency peer session establishment
US9979716B2 (en) Certificate authority
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
TW201709691A (en) Method and device for multi-user cluster identity authentication
JP2020526146A (en) Symmetric mutual authentication method between first application and second application
CN110933484A (en) Management method and device of wireless screen projection equipment
WO2011088658A1 (en) Method, server and system for authenticating identification information in domain name system (dns) messages
CN105391734A (en) Secure login system, secure login method, login server and authentication server
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN110351364B (en) Data storage method, device and computer readable storage medium
US20240137221A1 (en) Implementation of one-touch login service
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
CN107040501B (en) Authentication method and device based on platform as a service
CN110048842B (en) Session key processing method, device and computer readable storage medium
JP2024501326A (en) Access control methods, devices, network equipment, terminals and blockchain nodes
CN114374522B (en) Trusted device authentication method and device, computer device and storage medium
CN115801287A (en) Signature authentication method and device
CN103368918A (en) Method, device and system for dynamic password authentication
CN112241548A (en) User authentication and authorization based on block chain and authentication and authorization method
CN116707961A (en) User authentication method, computer device, and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant