CN111654471A - Remote user authentication system based on distributed server architecture - Google Patents
Remote user authentication system based on distributed server architecture Download PDFInfo
- Publication number
- CN111654471A CN111654471A CN202010405558.3A CN202010405558A CN111654471A CN 111654471 A CN111654471 A CN 111654471A CN 202010405558 A CN202010405558 A CN 202010405558A CN 111654471 A CN111654471 A CN 111654471A
- Authority
- CN
- China
- Prior art keywords
- remote user
- user terminal
- authentication system
- server
- user registration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0838—Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the technical field of multi-server communication security, and discloses a remote user authentication system based on a distributed server architecture, which comprises: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei(ii) a Central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal U is allowediAccess to application services in a services network systemDevice ASiAccess is performed. The invention solves the problem of remote user terminal U by adopting a single server authentication protocoliMultiple registrations and multiple authentications are required to obtain different application services provided by the same service provider.
Description
Technical Field
The invention relates to the technical field of multi-server communication safety, in particular to a remote user authentication system based on a distributed server architecture.
Background
With the rapid increase of the application demand of the internet, the multi-server network gradually shows wide application prospects in the fields of commerce, military affairs, transportation, entertainment, medical treatment and the like. Such networks are networked in such a way that multiple servers provide multiple services, allowing users to access different network services provided by the same service provider. Because the distributed computing architecture has the characteristics of mobility, openness, device heterogeneity and the like, how to ensure the authenticity of the communication entity, prevent abuse of services and illegal access of resources, and simultaneously not reduce the availability of the system is a serious challenge facing the current multi-server network environment.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a remote user authentication system based on a distributed server architecture, which aims to solve the problem that a single-server authentication protocol is adopted, and a remote user terminal UiMultiple registrations and multiple authentications are required to obtain different application services provided by the same service provider.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a remote user authentication system based on a distributed server architecture, comprising: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei;
Remote user terminal UiUser registration authentication system and central management server S through network communication equipmentcmfPerforming communication connection between them, and central management server ScmfBy means of network communication devices and application servers ASiMaking communication connections between them, application server ASiThrough network communication equipment and remote user terminal UiPerforming communication connection between each other;
operating in a central management server ScmfThe user registration authentication system on the remote user terminal UiThe identity of (2) is subjected to security authentication, and the security authentication method specifically comprises the following steps:
step S1: remote user terminal UiManaging a server S centrallycmfThe user registration authentication system for performing user registration specifically comprises:
user registration authentication system and remote user terminal UiTwo prime numbers are selected togetherP and Q, Q being the prime factor of P-1, selected α (α ≠ 1) satisfying αQ≡1(modP);
Remote user terminal UiSelecting a random number s smaller than Q as private key, calculating public key v ≡ α- smodP;
Step S2: when remote user terminal UiApplication server AS in a request access service network systemiThen, the user registration authentication system is used for remote user terminal UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) remote user terminal UiSelecting a random number r smaller than Q, and calculating x ≡ αrmodP, sending x to the user registration authentication system;
(2) the user registration authentication system selects a random number e and sends the random number e to a remote user terminal UiWherein 0 is<e<2t-1;
(3) Remote user terminal UiCalculating y ≡ (r + se) modQ and sending y to a user registration authentication system;
(4) user enrollment authentication system verification x ≡ αyveWhether modP holds;
(5) if equation x ≡ αyvemodP is established through remote user terminal UiThe identity authentication of (1).
Further, the central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal U is allowediApplication server AS in access service network systemiAccess is performed.
Further, the private key is a unique legal certification key and is only a remote user terminal UiBeing owned alone, i.e. the user registration authentication system is not aware of s.
Further, in the step S2, the step (5) is performed according to the equation x ≡ αyvemodP establishment proving remote user terminalUiKnowing the private key s, the user registration authentication system passes through the remote user terminal UiThe identity authentication of (1).
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. the invention operates in a central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the central management server ScmfOnly the remote user terminal U is allowediApplication server AS in access service network systemiAccess is made once the remote user terminal UiThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal UiAccess to the application server AS in the service network system is possibleiAccess is made and remote user terminal U is madeiThe rapid and safe switching is carried out among the application servers in the service network system without carrying out identity authentication for many times, and the application server AS in the service network system can be accessed only by one-time safety authenticationiThe technical effects of different application services provided by the same service provider can be obtained, and meanwhile, the remote user terminal U is improvediThe access efficiency of the system solves the problem that a protocol adopting single server authentication is adopted, and a remote user terminal UiMultiple registrations and multiple authentications are required to obtain different application services provided by the same service provider.
2. After the authentication is finished, the user registration authentication system only knows the remote user UiIs legitimate and does not know the remote user UiI.e. the remote user UiUnder the premise of not revealing the private key s of the user, the identity security authentication is completed, and the authentication mode remarkably improves the remote user UiSecurity of the identity authentication process.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A remote user authentication system based on a distributed server architecture, comprising: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei;
Remote user terminal UiUser registration authentication system and central management server S through network communication equipmentcmfPerforming communication connection between them, and central management server ScmfBy means of network communication devices and application servers ASiMaking communication connections between them, application server ASiThrough network communication equipment and remote user terminal UiPerforming communication connection between each other;
for securing a communication entity remote user terminal UiAgainst application servers AS within the service network systemiMisuse of service and illegal access of resources as long-distance user terminal UiRequesting access to an application server ASiThen, it runs in the central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the central management server ScmfOnly the remote user terminal U is allowediApplication server AS in access service network systemiAccess is made once the remote user terminal UiIdentity cardAfter the safety certification of the user registration certification system, the remote user terminal UiAccess to the application server AS in the service network system is possibleiAccess is made and remote user terminal U is madeiThe rapid and safe switching is carried out among the application servers in the service network system without carrying out identity authentication for many times, thereby realizing that the AS in the service network system can be accessed only by one-time safety authenticationiThe technical effects of different application services provided by the same service provider can be obtained, and the remote user terminal U is improvediThe access efficiency of the system solves the problem that a protocol adopting single server authentication is adopted, and a remote user terminal UiThe problem that multiple registrations and multiple authentications are needed to obtain different application services provided by the same service provider;
operating in a central management server ScmfThe user registration authentication system on the remote user terminal UiThe identity of (2) is subjected to security authentication, and the security authentication method specifically comprises the following steps:
step S1: remote user terminal UiManaging a server S centrallycmfThe user registration authentication system for performing user registration specifically comprises:
user registration authentication system and remote user terminal UiTwo prime numbers P and Q are selected together, Q is a prime number factor of P-1, α is selected (α ≠ 1), and α is satisfiedQ≡1(modP);
Remote user terminal UiSelecting a random number s smaller than Q as private key, calculating public key v ≡ α- smodP;
Where s is a private key that is the only legitimate proof key and is only the remote user terminal UiIndependently owned, i.e. the user registration authentication system is not aware of s
Step S2: when remote user terminal UiApplication server AS in a request access service network systemiThen, the user registration authentication system is used for remote user terminal UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) remote user terminal UiSelecting a random number r smaller than Q, and calculating x ≡ αrmodP, sending x to the user registration authentication system;
(2) the user registration authentication system selects a random number e and sends the random number e to a remote user terminal UiWherein 0 is<e<2t-1;
(3) Remote user terminal UiCalculating y ≡ (r + se) modQ and sending y to a user registration authentication system;
(4) user enrollment authentication system verification x ≡ αyveWhether modP holds;
(5) if equation x ≡ αyvemodP establishment proving remote user terminal UiKnowing the private key s, the user registration authentication system passes through the remote user terminal UiThe identity authentication of (2);
remote user U at communication entityiAfter the identity authentication is completed, the user registration authentication system only knows the remote user UiIs legitimate and does not know the remote user UiI.e. the remote user UiUnder the premise of not revealing the private key s of the user, the identity security authentication is completed, and the authentication mode remarkably improves the remote user UiSecurity performance of the identity authentication process;
on the contrary, if the communication entity is a remote user UiIf the identity of the user is illegal, it will not pass the security authentication of the user registration authentication system, and the central management server S is usedcmfAccess to the application server AS in the service network system will be preventediAccess is performed.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. Remote based on distributed server architectureA program user authentication system, comprising: application server AS deployed within a service network system1Application server AS2…, application server ASi…, application server ASnFor unified management of application servers ASiCentral management server S with access authority and running user registration authentication system softwarecmfRemote user terminal U running user registration authentication system softwarei;
Remote user terminal UiUser registration authentication system and central management server S through network communication equipmentcmfPerforming communication connection between them, and central management server ScmfBy means of network communication devices and application servers ASiMaking communication connections between them, application server ASiThrough network communication equipment and remote user terminal UiPerforming communication connection between each other;
operating in a central management server ScmfThe user registration authentication system on the remote user terminal UiThe identity of (2) is subjected to security authentication, and the authentication method comprises the following steps:
step S1: remote user terminal UiManaging a server S centrallycmfThe user registration authentication system for performing user registration specifically comprises:
user registration authentication system and remote user terminal UiTwo prime numbers P and Q are selected together, Q is a prime number factor of P-1, α is selected (α ≠ 1), and α is satisfiedQ≡1(modP);
Remote user terminal UiSelecting a random number s smaller than Q as private key, calculating public key v ≡ α-smodP;
Step S2: when remote user terminal UiApplication server AS in a request access service network systemiThen, the user registration authentication system is used for remote user terminal UiThe identity of the user is subjected to security authentication, and the specific authentication process is as follows:
(1) remote user terminal UiSelecting a random number r smaller than Q, and calculating x ≡ αrmod P tox is sent to a user registration authentication system;
(2) the user registration authentication system selects a random number e and sends the random number e to a remote user terminal UiWherein 0 is<e<2t-1;
(3) Remote user terminal UiCalculating y ≡ (r + se) modQ and sending y to a user registration authentication system;
(4) user enrollment authentication system verification x ≡ αyveWhether modP holds;
(5) if equation x ≡ αyvemodP is established through remote user terminal UiThe identity authentication of (1).
2. The distributed server architecture based remote user authentication system as claimed in claim 1, wherein said central management server ScmfThe user registration authentication system on the remote user terminal UiOnly if the identity of the remote user terminal U is authenticatediThe identity of the user passes the safety certification of the user registration certification system, and the remote user terminal U is allowediApplication server AS in access service network systemiAccess is performed.
3. The distributed server architecture based remote user authentication system of claim 2, wherein the private key is a unique legal attestation key and is only a remote user terminal UiBeing owned alone, i.e. the user registration authentication system is not aware of s.
4. The remote user authentication system based on distributed server architecture as claimed in claim 3, wherein said step (5) of step S2 is performed according to equation x ≡ αyvemodP establishment proving remote user terminal UiKnowing the private key s, the user registration authentication system passes through the remote user terminal UiThe identity authentication of (1).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010405558.3A CN111654471A (en) | 2020-05-14 | 2020-05-14 | Remote user authentication system based on distributed server architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010405558.3A CN111654471A (en) | 2020-05-14 | 2020-05-14 | Remote user authentication system based on distributed server architecture |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111654471A true CN111654471A (en) | 2020-09-11 |
Family
ID=72348529
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010405558.3A Withdrawn CN111654471A (en) | 2020-05-14 | 2020-05-14 | Remote user authentication system based on distributed server architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111654471A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112907856A (en) * | 2021-01-18 | 2021-06-04 | 天津创通科技股份有限公司 | Office door security protection monitoring remote alarm system |
-
2020
- 2020-05-14 CN CN202010405558.3A patent/CN111654471A/en not_active Withdrawn
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112907856A (en) * | 2021-01-18 | 2021-06-04 | 天津创通科技股份有限公司 | Office door security protection monitoring remote alarm system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8255977B2 (en) | Trusted network connect method based on tri-element peer authentication | |
CN101951603B (en) | Access control method and system for wireless local area network | |
US20090158394A1 (en) | Super peer based peer-to-peer network system and peer authentication method thereof | |
US20100082977A1 (en) | SIP Signaling Without Constant Re-Authentication | |
CN111031365B (en) | User authentication system suitable for cloud broadcast television network | |
WO2004046849A2 (en) | Cryptographic methods and apparatus for secure authentication | |
CN101697540A (en) | Method for authenticating user identity through P2P service request | |
CN103475666A (en) | Internet of things resource digital signature authentication method | |
CN110768954B (en) | Lightweight security access authentication method suitable for 5G network equipment and application | |
Yao et al. | GBS-AKA: Group-based secure authentication and key agreement for M2M in 4G network | |
CN117256124A (en) | Methods, systems, and computer readable media for generating and using a one-time OAUTH 2.0 access token to secure a particular service-based architecture (SBA) interface | |
CN114629720A (en) | Industrial Internet cross-domain authentication method based on block chain and Handle identification | |
CN114466318B (en) | Method, system and equipment for realizing multicast service effective authentication and key distribution protocol | |
CN111935067A (en) | Enterprise user identity authentication system based on cloud computing technology | |
CN111294796A (en) | Smart phone login management system based on zero-knowledge proof | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
CN116074019A (en) | Identity authentication method, system and medium between mobile client and server | |
CN114866248A (en) | Distributed credible identity authentication method and system in edge computing environment | |
CN111654471A (en) | Remote user authentication system based on distributed server architecture | |
CN110891067B (en) | Revocable multi-server privacy protection authentication method and revocable multi-server privacy protection authentication system | |
CN111865604A (en) | User identity authentication system based on remote control technology | |
CN1225941C (en) | Roaming access method of mobile node in radio IP system | |
CN114422106B (en) | Security authentication method and system for Internet of things system under multi-server environment | |
Wang et al. | Secure single sign-on schemes constructed from nominative signatures | |
Ramezan et al. | EAP-ZKP: a zero-knowledge proof based authentication protocol to prevent DDoS attacks at the edge in beyond 5G |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200911 |
|
WW01 | Invention patent application withdrawn after publication |