CN111556028A - Access management system based on background database - Google Patents

Access management system based on background database Download PDF

Info

Publication number
CN111556028A
CN111556028A CN202010278888.0A CN202010278888A CN111556028A CN 111556028 A CN111556028 A CN 111556028A CN 202010278888 A CN202010278888 A CN 202010278888A CN 111556028 A CN111556028 A CN 111556028A
Authority
CN
China
Prior art keywords
management system
terminal
access management
dialog box
background
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010278888.0A
Other languages
Chinese (zh)
Inventor
王尧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010278888.0A priority Critical patent/CN111556028A/en
Publication of CN111556028A publication Critical patent/CN111556028A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs

Abstract

The invention relates to the technical field of background database access management, and discloses an access management system based on a background database, which comprises: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other; the access management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiAfter the user identity passes the verification of the access management systemTable server ShtOnly allow the PC terminal UiFor background database SiAccess request of otherwise background server ShtRejecting PC terminal UiFor background database SiTo access the data. The invention solves the technical problem that the data in the background database is illegally accessed and stolen.

Description

Access management system based on background database
Technical Field
The invention relates to the technical field of background database access management, in particular to an access management system based on a background database.
Background
With the development of internet and mobile internet technologies and applications, a scene environment for verifying the validity of a user identity is more complicated, but at present, a commonly used identity verification mode is a mainstream mode based on a user name and a password, and the identification of the user identity is realized by combining technologies such as a short message verification code and a picture verification code, but the database appearing in the user name and password mode is removed from a library, an explosion library and injected events are more violent, so that the key, important and private data of governments, enterprises and individuals are frequently stolen and are randomly spread on the internet or illegal underground transactions are carried out, so that the key information is stolen and abused, and even the short message verification code and the picture verification code are used, so that the traditional and single methods for identity verification are still faced, the low cost of counterfeiting and identity stealing is caused, and the identity security verification is broken through in the same way, causing the background data to be driven in for a long time and stolen.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an access management system based on a background database, which aims to solve the technical problem that the data in the background database is illegally accessed and stolen.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a background database based access management system, comprising: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other;
background server ShtAccess management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt background server ShtThe user registration on the access management system specifically includes:
(1) the access management system pops up and PC terminal U on the registration pageiA dialog box for interactive communication;
(2) setting an elliptic curve E to be defined on a finite field K, generating a primitive P ∈ E, and a PC terminal UiSelecting k integers (X)1,X2,…,Xk) As private key, calculate Y1=X1P,Y2=X2P,…,Yk=XkP is used as a public key and is input into the dialog box, namely is sent to the access management system;
step two: when PC terminal UiTo a background server ShtWhen an access request is sent, the access management system starts to access the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) the access management system pops up on the verification page and is connected with the PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiRandomly selecting an integer R, calculating V as RP, and sending V to an access management system, namely inputting the V into a dialog box;
(3) the access management system generates a k-bit 0, 1 string (b)1,b2,…,bk) And will be (b)1,b2,…,bk) Send to PC terminal UiI.e. displayed within a dialog box;
(4) PC terminal UiComputing
Figure BDA0002445813820000021
And transmitting to the access management system, namely inputting into the dialog box;
(5) the access management system performs the following authentication:
Figure BDA0002445813820000031
whether or not equal to
Figure BDA0002445813820000032
If the above equation is true, the PC terminal U is provediAware private key (X)1,X2,…,Xk) Then the access management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity authentication of (1).
Preferably, said (X)1,X2,…,Xk) Is a private key which is the only legal certification key and is only the PC terminal UiIndependently owned, i.e. the access management system does not know the private key (X)1,X2,…,Xk)。
Preferably, in the second step, the step (2), the step (3) and the step (4) constitute one round of authentication, and k is repeatedly executediSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiThe authentication of the access management system is not passed.
Preferably, the interactive communication dialog box has traceless communication function, that is, all interactive communication contents in the dialog box have no backup record.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
the access management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity of the user passes the verification of the access management system, and the background server ShtOnly allow the PC terminal UiFor background database SiAccess request of otherwise background server ShtRejecting PC terminal UiFor background database SiAn access request of (2);
and PC terminal UiAfter the user identity passes the verification of the access management system, the access management system only knows the PC terminal UiIf the identity of (2) is legal, it does not know the PC terminal UiPrivate key (X)1,X2,…,Xk) I.e. PC terminal UiWithout revealing its own private key (X)1,X2,…,Xk) On the premise of finishing the identity verification;
therefore, the technical problem that the data in the background database is illegally accessed and stolen is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A background database based access management system, comprising: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other;
in order to prevent or avoid unauthorized PC terminals UiIllegal pair background server ShtBackground database SiThe access is carried out, and the access management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity of the user passes the verification of the access management system, and the background server ShtOnly allow the PC terminal UiFor background database SiAccess request of otherwise background server ShtRejecting PC terminal UiFor background database SiAn access request of (2);
background server ShtAccess management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt background server ShtThe user registration on the access management system specifically includes:
(1) the access management system pops up and PC terminal U on the registration pageiA dialog box for interactive communication;
(2) setting an elliptic curve E to be defined on a finite field K, generating a primitive P ∈ E, and a PC terminal UiSelecting k integers (X)1,X2,…,Xk) As private key, calculate Y1=X1P,Y2=X2P,…,Yk=XkP is used as a public key and is input into the dialog box, namely is sent to the access management system;
wherein (X)1,X2,…,Xk) Is a private key which is the only legal certification key and is only the PC terminal UiIndependently owned, i.e. the access management system does not know the private key (X)1,X2,…,Xk);
Step two: when PC terminal UiTo a background server ShtWhen an access request is sent, the access management system starts to access the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) the access management system pops up on the verification page and is connected with the PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiRandomly selecting an integer R, calculating V as RP, and sending V to an access management system, namely inputting the V into a dialog box;
(3) the access management system generates a k-bit 0, 1 string (b)1,b2,…,bk) And will be (b)1,b2,…,bk) Send to PC terminal UiI.e. displayed within a dialog box;
(4) PC terminal UiComputing
Figure BDA0002445813820000051
And transmitting to the access management system, namely inputting into the dialog box;
(5) the access management system performs the following authentication:
Figure BDA0002445813820000052
whether or not equal to
Figure BDA0002445813820000053
If the above equation is true, the PC terminal U is provediAware private key (X)1,X2,…,Xk) Then the access management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity of (2) is verified;
(5) forming a round of authentication by the step (2), the step (3) and the step (4), and repeatedly executingkiSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiIdentity verification by the access management system is not passed;
the interactive communication dialog box has a traceless communication function, namely all interactive communication contents in the dialog box have no backup record;
after the authentication is completed, the access management system only knows the PC terminal UiIf the identity of (2) is legal, it does not know the PC terminal UiPrivate key (X)1,X2,…,Xk) I.e. PC terminal UiWithout revealing its own private key (X)1,X2,…,Xk) On the premise of (2), identity verification is completed.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A background database based access management system, comprising: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other;
background server ShtAccess management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt background server ShtThe user registration on the access management system specifically includes:
(1) the access management system pops up and PC terminal U on the registration pageiA dialog box for interactive communication;
(2) setting an elliptic curve E to be defined on a finite field K, generating a primitive P ∈ E, and a PC terminal UiSelecting k integers (X)1,X2,…,Xk) As private key, calculate Y1=X1P,Y2=X2P,…,Yk=XkP is used as a public key and is input into the dialog box, namely is sent to the access management system;
step two: when PC terminal UiTo a background server ShtWhen an access request is sent, the access management system starts to access the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) the access management system pops up on the verification page and is connected with the PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiRandomly selecting an integer R, calculating V as RP, and sending V to an access management system, namely inputting the V into a dialog box;
(3) the access management system generates a k-bit 0, 1 string (b)1,b2,…,bk) And will be (b)1,b2,…,bk) Send to PC terminal UiI.e. displayed within a dialog box;
(4) PC terminal UiComputing
Figure FDA0002445813810000021
And transmitting to the access management system, namely inputting into the dialog box;
(5) the access management system performs the following authentication:
Figure FDA0002445813810000022
whether or not equal to
Figure FDA0002445813810000023
If the above equation is true, the PC terminal U is provediAware private key (X)1,X2,…,Xk) Then the access management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity authentication of (1).
2. Background database based access management system according to claim 1, characterized in that (X)1,X2,…,Xk) Is a private key which is the only legal certification key and is only the PC terminal UiIndependently owned, i.e. the access management system does not know the private key (X)1,X2,…,Xk)。
3. The background database-based access management system of claim 1, wherein in the second step, the step (2), the step (3) and the step (4) are combined into one round of authentication, and the k is repeatedly executediSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiThe authentication of the access management system is not passed.
4. A background database-based access management system according to claim 1, wherein said interactive communication dialog box is capable of traceless communication, i.e. all interactive communication content in the dialog box is not recorded as backup.
CN202010278888.0A 2020-04-10 2020-04-10 Access management system based on background database Withdrawn CN111556028A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010278888.0A CN111556028A (en) 2020-04-10 2020-04-10 Access management system based on background database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010278888.0A CN111556028A (en) 2020-04-10 2020-04-10 Access management system based on background database

Publications (1)

Publication Number Publication Date
CN111556028A true CN111556028A (en) 2020-08-18

Family

ID=72007315

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010278888.0A Withdrawn CN111556028A (en) 2020-04-10 2020-04-10 Access management system based on background database

Country Status (1)

Country Link
CN (1) CN111556028A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712264A (en) * 2018-06-12 2018-10-26 陈继 A kind of identity identifying method based on zero-knowledge proof
CN108833373A (en) * 2018-05-29 2018-11-16 东北大学 The instant messaging and anonymous access method of facing relation secret protection social networks
US20190020641A1 (en) * 2017-07-17 2019-01-17 Thirdwayv, Inc. Secure communication for medical devices
CN110826084A (en) * 2019-10-14 2020-02-21 李纳 Block chain-based internet public service system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190020641A1 (en) * 2017-07-17 2019-01-17 Thirdwayv, Inc. Secure communication for medical devices
CN108833373A (en) * 2018-05-29 2018-11-16 东北大学 The instant messaging and anonymous access method of facing relation secret protection social networks
CN108712264A (en) * 2018-06-12 2018-10-26 陈继 A kind of identity identifying method based on zero-knowledge proof
CN110826084A (en) * 2019-10-14 2020-02-21 李纳 Block chain-based internet public service system

Similar Documents

Publication Publication Date Title
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
US20210279736A1 (en) Blockchain secure transaction method and device based on biomarker authentication
CN111429254B (en) Business data processing method and device and readable storage medium
CN110473318B (en) Unlocking method, equipment for realizing unlocking and computer readable medium
CN109687965A (en) The real name identification method of subscriber identity information in a kind of protection network
CN113435888B (en) Account data processing method, device, equipment and storage medium
CN110674531B (en) Residential information management method, device, server and medium based on block chain
CN111695147A (en) Data security management system based on cloud storage technology
CN109816386A (en) Data get through method on a kind of chain of the unified identity authentication based on block chain
CN115380303A (en) Trusted platform based on block chain
WO2020042508A1 (en) Method, system and electronic device for processing claim incident based on blockchain
CN112131309A (en) Data evidence storing method and system based on block chain technology
CN111294796A (en) Smart phone login management system based on zero-knowledge proof
CN111259352A (en) Cloud storage data access control system based on zero-knowledge proof
CN110572392A (en) Identity authentication method based on HyperLegger network
CN114969786A (en) Block chain-based insurance function data processing method, node and system
CN111259351A (en) User identity verification system based on Access database login
US20060200667A1 (en) Method and system for consistent recognition of ongoing digital relationships
CN110634072A (en) Block chain transaction system based on multiple tags and hardware encryption and operation mechanism thereof
CN111274572A (en) User login authentication system based on online banking safety management
CN113747425B (en) RFID label anonymous authentication and key agreement method based on smart city security system
CN111556028A (en) Access management system based on background database
CN113285934B (en) Method and device for detecting IP (Internet protocol) of server cryptographic machine client based on digital signature
CN111600838A (en) Authority management system based on network database
CN112926983A (en) Block chain-based deposit certificate transaction encryption system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200818