CN111556028A - Access management system based on background database - Google Patents
Access management system based on background database Download PDFInfo
- Publication number
- CN111556028A CN111556028A CN202010278888.0A CN202010278888A CN111556028A CN 111556028 A CN111556028 A CN 111556028A CN 202010278888 A CN202010278888 A CN 202010278888A CN 111556028 A CN111556028 A CN 111556028A
- Authority
- CN
- China
- Prior art keywords
- management system
- terminal
- access management
- dialog box
- background
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
Abstract
The invention relates to the technical field of background database access management, and discloses an access management system based on a background database, which comprises: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other; the access management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiAfter the user identity passes the verification of the access management systemTable server ShtOnly allow the PC terminal UiFor background database SiAccess request of otherwise background server ShtRejecting PC terminal UiFor background database SiTo access the data. The invention solves the technical problem that the data in the background database is illegally accessed and stolen.
Description
Technical Field
The invention relates to the technical field of background database access management, in particular to an access management system based on a background database.
Background
With the development of internet and mobile internet technologies and applications, a scene environment for verifying the validity of a user identity is more complicated, but at present, a commonly used identity verification mode is a mainstream mode based on a user name and a password, and the identification of the user identity is realized by combining technologies such as a short message verification code and a picture verification code, but the database appearing in the user name and password mode is removed from a library, an explosion library and injected events are more violent, so that the key, important and private data of governments, enterprises and individuals are frequently stolen and are randomly spread on the internet or illegal underground transactions are carried out, so that the key information is stolen and abused, and even the short message verification code and the picture verification code are used, so that the traditional and single methods for identity verification are still faced, the low cost of counterfeiting and identity stealing is caused, and the identity security verification is broken through in the same way, causing the background data to be driven in for a long time and stolen.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an access management system based on a background database, which aims to solve the technical problem that the data in the background database is illegally accessed and stolen.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a background database based access management system, comprising: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other;
background server ShtAccess management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt background server ShtThe user registration on the access management system specifically includes:
(1) the access management system pops up and PC terminal U on the registration pageiA dialog box for interactive communication;
(2) setting an elliptic curve E to be defined on a finite field K, generating a primitive P ∈ E, and a PC terminal UiSelecting k integers (X)1,X2,…,Xk) As private key, calculate Y1=X1P,Y2=X2P,…,Yk=XkP is used as a public key and is input into the dialog box, namely is sent to the access management system;
step two: when PC terminal UiTo a background server ShtWhen an access request is sent, the access management system starts to access the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) the access management system pops up on the verification page and is connected with the PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiRandomly selecting an integer R, calculating V as RP, and sending V to an access management system, namely inputting the V into a dialog box;
(3) the access management system generates a k-bit 0, 1 string (b)1,b2,…,bk) And will be (b)1,b2,…,bk) Send to PC terminal UiI.e. displayed within a dialog box;
(4) PC terminal UiComputingAnd transmitting to the access management system, namely inputting into the dialog box;
If the above equation is true, the PC terminal U is provediAware private key (X)1,X2,…,Xk) Then the access management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity authentication of (1).
Preferably, said (X)1,X2,…,Xk) Is a private key which is the only legal certification key and is only the PC terminal UiIndependently owned, i.e. the access management system does not know the private key (X)1,X2,…,Xk)。
Preferably, in the second step, the step (2), the step (3) and the step (4) constitute one round of authentication, and k is repeatedly executediSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiThe authentication of the access management system is not passed.
Preferably, the interactive communication dialog box has traceless communication function, that is, all interactive communication contents in the dialog box have no backup record.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
the access management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity of the user passes the verification of the access management system, and the background server ShtOnly allow the PC terminal UiFor background database SiAccess request of otherwise background server ShtRejecting PC terminal UiFor background database SiAn access request of (2);
and PC terminal UiAfter the user identity passes the verification of the access management system, the access management system only knows the PC terminal UiIf the identity of (2) is legal, it does not know the PC terminal UiPrivate key (X)1,X2,…,Xk) I.e. PC terminal UiWithout revealing its own private key (X)1,X2,…,Xk) On the premise of finishing the identity verification;
therefore, the technical problem that the data in the background database is illegally accessed and stolen is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A background database based access management system, comprising: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other;
in order to prevent or avoid unauthorized PC terminals UiIllegal pair background server ShtBackground database SiThe access is carried out, and the access management system adopts a verification method based on zero knowledge certification to the PC terminal UiAnd only the PC terminal U performs authenticationiThe user identity of the user passes the verification of the access management system, and the background server ShtOnly allow the PC terminal UiFor background database SiAccess request of otherwise background server ShtRejecting PC terminal UiFor background database SiAn access request of (2);
background server ShtAccess management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt background server ShtThe user registration on the access management system specifically includes:
(1) the access management system pops up and PC terminal U on the registration pageiA dialog box for interactive communication;
(2) setting an elliptic curve E to be defined on a finite field K, generating a primitive P ∈ E, and a PC terminal UiSelecting k integers (X)1,X2,…,Xk) As private key, calculate Y1=X1P,Y2=X2P,…,Yk=XkP is used as a public key and is input into the dialog box, namely is sent to the access management system;
wherein (X)1,X2,…,Xk) Is a private key which is the only legal certification key and is only the PC terminal UiIndependently owned, i.e. the access management system does not know the private key (X)1,X2,…,Xk);
Step two: when PC terminal UiTo a background server ShtWhen an access request is sent, the access management system starts to access the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) the access management system pops up on the verification page and is connected with the PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiRandomly selecting an integer R, calculating V as RP, and sending V to an access management system, namely inputting the V into a dialog box;
(3) the access management system generates a k-bit 0, 1 string (b)1,b2,…,bk) And will be (b)1,b2,…,bk) Send to PC terminal UiI.e. displayed within a dialog box;
(4) PC terminal UiComputingAnd transmitting to the access management system, namely inputting into the dialog box;
If the above equation is true, the PC terminal U is provediAware private key (X)1,X2,…,Xk) Then the access management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity of (2) is verified;
(5) forming a round of authentication by the step (2), the step (3) and the step (4), and repeatedly executingkiSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiIdentity verification by the access management system is not passed;
the interactive communication dialog box has a traceless communication function, namely all interactive communication contents in the dialog box have no backup record;
after the authentication is completed, the access management system only knows the PC terminal UiIf the identity of (2) is legal, it does not know the PC terminal UiPrivate key (X)1,X2,…,Xk) I.e. PC terminal UiWithout revealing its own private key (X)1,X2,…,Xk) On the premise of (2), identity verification is completed.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. A background database based access management system, comprising: background server S running with access management systemhtBackground server ShtIs provided with a background database SiPC terminal U running with access management systemiPC terminal UiWith background server S on access management system through network communication equipmenthtRealizing communication connection among each other;
background server ShtAccess management system and PC terminal UiThe interactive verification method comprises the following steps:
the method comprises the following steps: PC terminal UiAt background server ShtThe user registration on the access management system specifically includes:
(1) the access management system pops up and PC terminal U on the registration pageiA dialog box for interactive communication;
(2) setting an elliptic curve E to be defined on a finite field K, generating a primitive P ∈ E, and a PC terminal UiSelecting k integers (X)1,X2,…,Xk) As private key, calculate Y1=X1P,Y2=X2P,…,Yk=XkP is used as a public key and is input into the dialog box, namely is sent to the access management system;
step two: when PC terminal UiTo a background server ShtWhen an access request is sent, the access management system starts to access the PC terminal UiThe identity of the user is verified, and the specific verification process comprises the following steps:
(1) the access management system pops up on the verification page and is connected with the PC terminal UiA dialog box for interactive communication;
(2) PC terminal UiRandomly selecting an integer R, calculating V as RP, and sending V to an access management system, namely inputting the V into a dialog box;
(3) the access management system generates a k-bit 0, 1 string (b)1,b2,…,bk) And will be (b)1,b2,…,bk) Send to PC terminal UiI.e. displayed within a dialog box;
(4) PC terminal UiComputingAnd transmitting to the access management system, namely inputting into the dialog box;
If the above equation is true, the PC terminal U is provediAware private key (X)1,X2,…,Xk) Then the access management system passes through the PC terminal UiOtherwise, the authentication is refused to pass through the PC terminal UiThe identity authentication of (1).
2. Background database based access management system according to claim 1, characterized in that (X)1,X2,…,Xk) Is a private key which is the only legal certification key and is only the PC terminal UiIndependently owned, i.e. the access management system does not know the private key (X)1,X2,…,Xk)。
3. The background database-based access management system of claim 1, wherein in the second step, the step (2), the step (3) and the step (4) are combined into one round of authentication, and the k is repeatedly executediSecondly, in the execution process of a certain round of verification, the PC terminal UiIf the authentication is not passed, the entire authentication process is terminated, i.e. the PC terminal UiThe authentication of the access management system is not passed.
4. A background database-based access management system according to claim 1, wherein said interactive communication dialog box is capable of traceless communication, i.e. all interactive communication content in the dialog box is not recorded as backup.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010278888.0A CN111556028A (en) | 2020-04-10 | 2020-04-10 | Access management system based on background database |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010278888.0A CN111556028A (en) | 2020-04-10 | 2020-04-10 | Access management system based on background database |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111556028A true CN111556028A (en) | 2020-08-18 |
Family
ID=72007315
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010278888.0A Withdrawn CN111556028A (en) | 2020-04-10 | 2020-04-10 | Access management system based on background database |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111556028A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108712264A (en) * | 2018-06-12 | 2018-10-26 | 陈继 | A kind of identity identifying method based on zero-knowledge proof |
CN108833373A (en) * | 2018-05-29 | 2018-11-16 | 东北大学 | The instant messaging and anonymous access method of facing relation secret protection social networks |
US20190020641A1 (en) * | 2017-07-17 | 2019-01-17 | Thirdwayv, Inc. | Secure communication for medical devices |
CN110826084A (en) * | 2019-10-14 | 2020-02-21 | 李纳 | Block chain-based internet public service system |
-
2020
- 2020-04-10 CN CN202010278888.0A patent/CN111556028A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190020641A1 (en) * | 2017-07-17 | 2019-01-17 | Thirdwayv, Inc. | Secure communication for medical devices |
CN108833373A (en) * | 2018-05-29 | 2018-11-16 | 东北大学 | The instant messaging and anonymous access method of facing relation secret protection social networks |
CN108712264A (en) * | 2018-06-12 | 2018-10-26 | 陈继 | A kind of identity identifying method based on zero-knowledge proof |
CN110826084A (en) * | 2019-10-14 | 2020-02-21 | 李纳 | Block chain-based internet public service system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11496310B2 (en) | Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication | |
US20210279736A1 (en) | Blockchain secure transaction method and device based on biomarker authentication | |
CN111429254B (en) | Business data processing method and device and readable storage medium | |
CN110473318B (en) | Unlocking method, equipment for realizing unlocking and computer readable medium | |
CN109687965A (en) | The real name identification method of subscriber identity information in a kind of protection network | |
CN113435888B (en) | Account data processing method, device, equipment and storage medium | |
CN110674531B (en) | Residential information management method, device, server and medium based on block chain | |
CN111695147A (en) | Data security management system based on cloud storage technology | |
CN109816386A (en) | Data get through method on a kind of chain of the unified identity authentication based on block chain | |
CN115380303A (en) | Trusted platform based on block chain | |
WO2020042508A1 (en) | Method, system and electronic device for processing claim incident based on blockchain | |
CN112131309A (en) | Data evidence storing method and system based on block chain technology | |
CN111294796A (en) | Smart phone login management system based on zero-knowledge proof | |
CN111259352A (en) | Cloud storage data access control system based on zero-knowledge proof | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
CN114969786A (en) | Block chain-based insurance function data processing method, node and system | |
CN111259351A (en) | User identity verification system based on Access database login | |
US20060200667A1 (en) | Method and system for consistent recognition of ongoing digital relationships | |
CN110634072A (en) | Block chain transaction system based on multiple tags and hardware encryption and operation mechanism thereof | |
CN111274572A (en) | User login authentication system based on online banking safety management | |
CN113747425B (en) | RFID label anonymous authentication and key agreement method based on smart city security system | |
CN111556028A (en) | Access management system based on background database | |
CN113285934B (en) | Method and device for detecting IP (Internet protocol) of server cryptographic machine client based on digital signature | |
CN111600838A (en) | Authority management system based on network database | |
CN112926983A (en) | Block chain-based deposit certificate transaction encryption system and method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200818 |