CN111654471A - Remote user authentication system based on distributed server architecture - Google Patents

Remote user authentication system based on distributed server architecture Download PDF

Info

Publication number
CN111654471A
CN111654471A CN202010405558.3A CN202010405558A CN111654471A CN 111654471 A CN111654471 A CN 111654471A CN 202010405558 A CN202010405558 A CN 202010405558A CN 111654471 A CN111654471 A CN 111654471A
Authority
CN
China
Prior art keywords
remote user
user terminal
authentication system
server
user registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010405558.3A
Other languages
Chinese (zh)
Inventor
周伟达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010405558.3A priority Critical patent/CN111654471A/en
Publication of CN111654471A publication Critical patent/CN111654471A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to the technical field of multi-server communication security, and discloses a remote user authentication system based on a distributed server architecture, which comprises: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei(ii) a Central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal U is allowediAccess to application services in a services network systemDevice ASiAccess is performed. The invention solves the problem of remote user terminal U by adopting a single server authentication protocoliMultiple registrations and multiple authentications are required to obtain different application services provided by the same service provider.

Description

Remote user authentication system based on distributed server architecture
Technical Field
The invention relates to the technical field of multi-server communication safety, in particular to a remote user authentication system based on a distributed server architecture.
Background
With the rapid increase of the application demand of the internet, the multi-server network gradually shows wide application prospects in the fields of commerce, military affairs, transportation, entertainment, medical treatment and the like. Such networks are networked in such a way that multiple servers provide multiple services, allowing users to access different network services provided by the same service provider. Because the distributed computing architecture has the characteristics of mobility, openness, device heterogeneity and the like, how to ensure the authenticity of the communication entity, prevent abuse of services and illegal access of resources, and simultaneously not reduce the availability of the system is a serious challenge facing the current multi-server network environment.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a remote user authentication system based on a distributed server architecture, which aims to solve the problem that a single-server authentication protocol is adopted, and a remote user terminal UiMultiple registrations and multiple authentications are required to obtain different application services provided by the same service provider.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a remote user authentication system based on a distributed server architecture, comprising: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei
Remote user terminal UiUser registration authentication system and central management server S through network communication equipmentcmfPerforming communication connection between them, and central management server ScmfBy means of network communication devices and application servers ASiMaking communication connections between them, application server ASiThrough network communication equipment and remote user terminal UiPerforming communication connection between each other;
operating in a central management server ScmfThe user registration authentication system on the remote user terminal UiThe identity of (2) is subjected to security authentication, and the security authentication method specifically comprises the following steps:
step S1: remote user terminal UiManaging a server S centrallycmfThe user registration authentication system for performing user registration specifically comprises:
user registration authentication system and remote user terminal UiTwo prime numbers are selected togetherP and Q, Q being the prime factor of P-1, selected α (α ≠ 1) satisfying αQ≡1(modP);
Remote user terminal UiSelecting a random number s smaller than Q as private key, calculating public key v ≡ α- smodP;
Step S2: when remote user terminal UiApplication server AS in a request access service network systemiThen, the user registration authentication system is used for remote user terminal UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) remote user terminal UiSelecting a random number r smaller than Q, and calculating x ≡ αrmodP, sending x to the user registration authentication system;
(2) the user registration authentication system selects a random number e and sends the random number e to a remote user terminal UiWherein 0 is<e<2t-1;
(3) Remote user terminal UiCalculating y ≡ (r + se) modQ and sending y to a user registration authentication system;
(4) user enrollment authentication system verification x ≡ αyveWhether modP holds;
(5) if equation x ≡ αyvemodP is established through remote user terminal UiThe identity authentication of (1).
Further, the central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal U is allowediApplication server AS in access service network systemiAccess is performed.
Further, the private key is a unique legal certification key and is only a remote user terminal UiBeing owned alone, i.e. the user registration authentication system is not aware of s.
Further, in the step S2, the step (5) is performed according to the equation x ≡ αyvemodP establishment proving remote user terminalUiKnowing the private key s, the user registration authentication system passes through the remote user terminal UiThe identity authentication of (1).
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. the invention operates in a central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the central management server ScmfOnly the remote user terminal U is allowediApplication server AS in access service network systemiAccess is made once the remote user terminal UiThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal UiAccess to the application server AS in the service network system is possibleiAccess is made and remote user terminal U is madeiThe rapid and safe switching is carried out among the application servers in the service network system without carrying out identity authentication for many times, and the application server AS in the service network system can be accessed only by one-time safety authenticationiThe technical effects of different application services provided by the same service provider can be obtained, and meanwhile, the remote user terminal U is improvediThe access efficiency of the system solves the problem that a protocol adopting single server authentication is adopted, and a remote user terminal UiMultiple registrations and multiple authentications are required to obtain different application services provided by the same service provider.
2. After the authentication is finished, the user registration authentication system only knows the remote user UiIs legitimate and does not know the remote user UiI.e. the remote user UiUnder the premise of not revealing the private key s of the user, the identity security authentication is completed, and the authentication mode remarkably improves the remote user UiSecurity of the identity authentication process.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A remote user authentication system based on a distributed server architecture, comprising: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei
Remote user terminal UiUser registration authentication system and central management server S through network communication equipmentcmfPerforming communication connection between them, and central management server ScmfBy means of network communication devices and application servers ASiMaking communication connections between them, application server ASiThrough network communication equipment and remote user terminal UiPerforming communication connection between each other;
for securing a communication entity remote user terminal UiAgainst application servers AS within the service network systemiMisuse of service and illegal access of resources as long-distance user terminal UiRequesting access to an application server ASiThen, it runs in the central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the central management server ScmfOnly the remote user terminal U is allowediApplication server AS in access service network systemiAccess is made once the remote user terminal UiIdentity cardAfter the safety certification of the user registration certification system, the remote user terminal UiAccess to the application server AS in the service network system is possibleiAccess is made and remote user terminal U is madeiThe rapid and safe switching is carried out among the application servers in the service network system without carrying out identity authentication for many times, thereby realizing that the AS in the service network system can be accessed only by one-time safety authenticationiThe technical effects of different application services provided by the same service provider can be obtained, and the remote user terminal U is improvediThe access efficiency of the system solves the problem that a protocol adopting single server authentication is adopted, and a remote user terminal UiThe problem that multiple registrations and multiple authentications are needed to obtain different application services provided by the same service provider;
operating in a central management server ScmfThe user registration authentication system on the remote user terminal UiThe identity of (2) is subjected to security authentication, and the security authentication method specifically comprises the following steps:
step S1: remote user terminal UiManaging a server S centrallycmfThe user registration authentication system for performing user registration specifically comprises:
user registration authentication system and remote user terminal UiTwo prime numbers P and Q are selected together, Q is a prime number factor of P-1, α is selected (α ≠ 1), and α is satisfiedQ≡1(modP);
Remote user terminal UiSelecting a random number s smaller than Q as private key, calculating public key v ≡ α- smodP;
Where s is a private key that is the only legitimate proof key and is only the remote user terminal UiIndependently owned, i.e. the user registration authentication system is not aware of s
Step S2: when remote user terminal UiApplication server AS in a request access service network systemiThen, the user registration authentication system is used for remote user terminal UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) remote user terminal UiSelecting a random number r smaller than Q, and calculating x ≡ αrmodP, sending x to the user registration authentication system;
(2) the user registration authentication system selects a random number e and sends the random number e to a remote user terminal UiWherein 0 is<e<2t-1;
(3) Remote user terminal UiCalculating y ≡ (r + se) modQ and sending y to a user registration authentication system;
(4) user enrollment authentication system verification x ≡ αyveWhether modP holds;
(5) if equation x ≡ αyvemodP establishment proving remote user terminal UiKnowing the private key s, the user registration authentication system passes through the remote user terminal UiThe identity authentication of (2);
remote user U at communication entityiAfter the identity authentication is completed, the user registration authentication system only knows the remote user UiIs legitimate and does not know the remote user UiI.e. the remote user UiUnder the premise of not revealing the private key s of the user, the identity security authentication is completed, and the authentication mode remarkably improves the remote user UiSecurity performance of the identity authentication process;
on the contrary, if the communication entity is a remote user UiIf the identity of the user is illegal, it will not pass the security authentication of the user registration authentication system, and the central management server S is usedcmfAccess to the application server AS in the service network system will be preventediAccess is performed.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. Remote based on distributed server architectureA program user authentication system, comprising: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei
Remote user terminal UiUser registration authentication system and central management server S through network communication equipmentcmfPerforming communication connection between them, and central management server ScmfBy means of network communication devices and application servers ASiMaking communication connections between them, application server ASiThrough network communication equipment and remote user terminal UiPerforming communication connection between each other;
operating in a central management server ScmfThe user registration authentication system on the remote user terminal UiThe identity of (2) is subjected to security authentication, and the authentication method comprises the following steps:
step S1: remote user terminal UiManaging a server S centrallycmfThe user registration authentication system for performing user registration specifically comprises:
user registration authentication system and remote user terminal UiTwo prime numbers P and Q are selected together, Q is a prime number factor of P-1, α is selected (α ≠ 1), and α is satisfiedQ≡1(modP);
Remote user terminal UiSelecting a random number s smaller than Q as private key, calculating public key v ≡ α-smodP;
Step S2: when remote user terminal UiApplication server AS in a request access service network systemiThen, the user registration authentication system is used for remote user terminal UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) remote user terminal UiSelecting a random number r smaller than Q, and calculating x ≡ αrmod P tox is sent to a user registration authentication system;
(2) the user registration authentication system selects a random number e and sends the random number e to a remote user terminal UiWherein 0 is<e<2t-1;
(3) Remote user terminal UiCalculating y ≡ (r + se) modQ and sending y to a user registration authentication system;
(4) user enrollment authentication system verification x ≡ αyveWhether modP holds;
(5) if equation x ≡ αyvemodP is established through remote user terminal UiThe identity authentication of (1).
2. The distributed server architecture based remote user authentication system as claimed in claim 1, wherein said central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal U is allowediApplication server AS in access service network systemiAccess is performed.
3. The distributed server architecture based remote user authentication system of claim 2, wherein the private key is a unique legal attestation key and is only a remote user terminal UiBeing owned alone, i.e. the user registration authentication system is not aware of s.
4. The remote user authentication system based on distributed server architecture as claimed in claim 3, wherein said step (5) of step S2 is performed according to equation x ≡ αyvemodP establishment proving remote user terminal UiKnowing the private key s, the user registration authentication system passes through the remote user terminal UiThe identity authentication of (1).
CN202010405558.3A 2020-05-14 2020-05-14 Remote user authentication system based on distributed server architecture Withdrawn CN111654471A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010405558.3A CN111654471A (en) 2020-05-14 2020-05-14 Remote user authentication system based on distributed server architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010405558.3A CN111654471A (en) 2020-05-14 2020-05-14 Remote user authentication system based on distributed server architecture

Publications (1)

Publication Number Publication Date
CN111654471A true CN111654471A (en) 2020-09-11

Family

ID=72348529

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010405558.3A Withdrawn CN111654471A (en) 2020-05-14 2020-05-14 Remote user authentication system based on distributed server architecture

Country Status (1)

Country Link
CN (1) CN111654471A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112907856A (en) * 2021-01-18 2021-06-04 天津创通科技股份有限公司 Office door security protection monitoring remote alarm system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112907856A (en) * 2021-01-18 2021-06-04 天津创通科技股份有限公司 Office door security protection monitoring remote alarm system

Similar Documents

Publication Publication Date Title
US8255977B2 (en) Trusted network connect method based on tri-element peer authentication
CN101951603B (en) Access control method and system for wireless local area network
US20090158394A1 (en) Super peer based peer-to-peer network system and peer authentication method thereof
US20100082977A1 (en) SIP Signaling Without Constant Re-Authentication
CN111031365B (en) User authentication system suitable for cloud broadcast television network
WO2004046849A2 (en) Cryptographic methods and apparatus for secure authentication
CN101697540A (en) Method for authenticating user identity through P2P service request
CN103475666A (en) Internet of things resource digital signature authentication method
CN110768954B (en) Lightweight security access authentication method suitable for 5G network equipment and application
Yao et al. GBS-AKA: Group-based secure authentication and key agreement for M2M in 4G network
CN117256124A (en) Methods, systems, and computer readable media for generating and using a one-time OAUTH 2.0 access token to secure a particular service-based architecture (SBA) interface
CN114629720A (en) Industrial Internet cross-domain authentication method based on block chain and Handle identification
CN114466318B (en) Method, system and equipment for realizing multicast service effective authentication and key distribution protocol
CN111935067A (en) Enterprise user identity authentication system based on cloud computing technology
CN111294796A (en) Smart phone login management system based on zero-knowledge proof
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN116074019A (en) Identity authentication method, system and medium between mobile client and server
CN114866248A (en) Distributed credible identity authentication method and system in edge computing environment
CN111654471A (en) Remote user authentication system based on distributed server architecture
CN110891067B (en) Revocable multi-server privacy protection authentication method and revocable multi-server privacy protection authentication system
CN111865604A (en) User identity authentication system based on remote control technology
CN1225941C (en) Roaming access method of mobile node in radio IP system
CN114422106B (en) Security authentication method and system for Internet of things system under multi-server environment
Wang et al. Secure single sign-on schemes constructed from nominative signatures
Ramezan et al. EAP-ZKP: a zero-knowledge proof based authentication protocol to prevent DDoS attacks at the edge in beyond 5G

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20200911

WW01 Invention patent application withdrawn after publication