CN112711754A - User identity authentication system based on distance education system - Google Patents

User identity authentication system based on distance education system Download PDF

Info

Publication number
CN112711754A
CN112711754A CN202110072190.8A CN202110072190A CN112711754A CN 112711754 A CN112711754 A CN 112711754A CN 202110072190 A CN202110072190 A CN 202110072190A CN 112711754 A CN112711754 A CN 112711754A
Authority
CN
China
Prior art keywords
remote user
computer terminal
dui
authentication system
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110072190.8A
Other languages
Chinese (zh)
Inventor
尹善宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110072190.8A priority Critical patent/CN112711754A/en
Publication of CN112711754A publication Critical patent/CN112711754A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of user identity authentication of a remote education system, and discloses a user identity authentication system based on the remote education system, which comprises the following components: the system comprises a cloud authentication server CASdata and a computer terminal PCTi, wherein the cloud authentication server CASdata is operated with remote user identity authentication system server side software, the computer terminal PCTi is operated with remote user identity authentication system client side software, and the computer terminal PCTi is communicated with the cloud authentication server CASdata; when the remote user DUi on the computer terminal PCTi sends a login access request to the application server ASj in the distance education system, the remote user identity authentication system server running on the cloud authentication server casdlias authenticates the identity of the remote user DUi on the computer terminal PCTi, and only if the identity of the remote user DUi passes the authentication of the system server, the remote user DUi is allowed to login and access the education resources on the application server ASj in the distance education system. The invention solves the technical problem of how to improve the safety of the user identity authentication of the remote education system.

Description

User identity authentication system based on distance education system
Technical Field
The invention relates to the technical field of user identity authentication of a remote education system, in particular to a user identity authentication system based on the remote education system.
Background
The remote education is a novel education form developed by using modern information technology means such as network technology, multimedia technology and the like, is network education established on the basis of the modern electronic information communication technology, takes face-to-face teaching, letter teaching and broadcast television teaching as assistance, takes learners as main bodies, and mainly uses various media and various interaction means between students and teachers, and between students and education institutions to carry out system teaching and communication connection.
In the existing remote education system, the validity of the user identity is mostly judged by adopting a static authentication mode of 'user name + password' from the links of login, online learning, network resource acquisition, examination and the like. The identity management mode can not ensure the legality and uniqueness of the user, and is easy to cause the illegal use and loss of resources.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a user identity authentication system based on a remote education system, which aims to solve the technical problem of improving the safety of user identity authentication of the remote education system.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a user identity authentication system based on a distance education system, comprising: the system comprises a cloud authentication server CASdata and a computer terminal PCTi, wherein the cloud authentication server CASdata is operated with remote user identity authentication system server side software, the computer terminal PCTi is operated with remote user identity authentication system client side software, and the computer terminal PCTi is communicated with the cloud authentication server CASdata;
the identity authentication method of the remote user identity authentication system server side to the remote user DUi on the computer terminal PCTi is as follows:
step one, the remote user DUi performs user registration on the remote user authentication system server side through the remote user authentication system client side on the computer terminal PCTi, which is specifically as follows:
step1, the remote user identity authentication system server performs the following initialization operations:
let E be a finite field FqAn upper elliptic curve;
remote user identity authentication system will have a finite field FqThe elliptic curve E above is disclosed to the remote user DUi on the computer terminal PCTi;
step2, the remote user DUi at the computer terminal PCTi selects one base point G on the elliptic curve E and selects the key n, calculates the public key P as nG and lets P as E;
thereafter, the remote user DUi at the computer terminal PCTi discloses the base point G and the public key P to the remote user authentication system;
step two, the remote user identity authentication system server side authenticates the identity of the remote user DUi of the computer terminal PCTi, specifically as follows:
step1, the remote user DUi at the computer terminal PCTi randomly selects an integer k (k < Q), calculates Q ═ kG, and sends Q to the remote user identity authentication system server;
step2, the remote user identity authentication system server randomly selects an integer r (r < q), and sends r to the remote user DUi on the computer terminal PCTi;
step3, the remote user DUi at the computer terminal PCTi calculates m-k-rn (modq-1), and sends m to the remote user identity authentication system server;
step4, the remote user identity authentication system server side verifies whether Q ═ mG + rP is true;
step5, repeating the steps from Step1 to Step4 for k (k is more than or equal to 3) times;
if the above equation is true, the remote user authentication system server passes the authentication of the remote user DUi on the computer terminal PCTi.
Further, the cloud authentication server casdlias is deployed at a remote cloud end and used for managing login access rights of the application server ASj in the remote education system.
Further, the computer terminal PCTi is used for logging in the remote education system by the remote user DUi to access the application server ASj.
Further, the remote user DUi on the computer terminal PCTi is in communication connection with the remote user authentication system server running on the cloud authentication server casdlias through the remote user authentication system client.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
in order to ensure the validity and uniqueness of a remote user DUi in a remote education system and prevent an unauthorized user from illegally using education resources on an application server ASj in the remote education system, when a remote user DUi on a computer terminal PCTi sends a login access request to the application server ASj in the remote education system, a remote user identity authentication system service end running on a cloud authentication server CASdluis authenticates the identity of a remote user DUi on the computer terminal PCTi;
and because the service end of the remote user identity authentication system has zero knowledge on the identity authentication protocol of the remote user DUi on the computer terminal PCTi, a third party eavesdropper cannot know the key n even though eavesdropping the whole process of the authentication protocol, thereby improving the security of the remote education system user identity authentication and avoiding the illegal use and loss of resources.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A user identity authentication system based on a distance education system, comprising: the computer terminal PCTi (i ═ 1,2, …, n) runs with remote user identity authentication system server software and is deployed in a remote cloud end and used for managing login access authority of an application server ASj (j ═ 1,2, …, m) in the remote education system, and the computer terminal PCTi (i ═ 1,2, …, n) runs with remote user identity authentication system client software and is used for a remote user DUi (i ═ 1,2, …, n) to login and access the application server ASj in the remote education system;
the remote user DUi on the computer terminal PCTi is in communication connection with the remote user identity authentication system server running on the cloud authentication server CASDeluais through the remote user identity authentication system client;
in order to ensure the validity and uniqueness of the remote user DUi in the remote education system and prevent unauthorized users from illegally using education resources on the application server ASj in the remote education system, when the remote user DUi on the computer terminal PCTi sends a login access request to the application server ASj in the remote education system, the remote user identity authentication system service end running on the cloud authentication server casdlias authenticates the identity of the remote user DUi on the computer terminal PCTi;
if the identity of the remote user DUi on the computer terminal PCTi passes the authentication of the remote user identity authentication system server, allowing the remote user DUi on the computer terminal PCTi to log in and access educational resources on an application server ASj in the remote education system;
if the identity of the remote user DUi on the computer terminal PCTi does not pass the authentication of the remote user identity authentication system server, the remote user DUi on the computer terminal PCTi is refused to log in and access the educational resources on the application server ASj in the remote education system;
the identity authentication method of the remote user identity authentication system server side to the remote user DUi on the computer terminal PCTi is as follows:
step one, the remote user DUi performs user registration on the remote user authentication system server side through the remote user authentication system client side on the computer terminal PCTi, which is specifically as follows:
step1, the remote user identity authentication system server performs the following initialization operations:
let E be a finite field FqAn upper elliptic curve;
remote user identity authentication system will have a finite field FqThe elliptic curve E above is disclosed to the remote user DUi on the computer terminal PCTi;
step2, the remote user DUi at the computer terminal PCTi selects one base point G on the elliptic curve E and selects the key n, calculates the public key P as nG and lets P as E;
thereafter, the remote user DUi at the computer terminal PCTi discloses the base point G and the public key P to the remote user authentication system;
step two, when the remote user DUi on the computer terminal PCTi sends a login access request to the application server ASj in the remote education system, the remote user identity authentication system server side authenticates the identity of the remote user DUi of the computer terminal PCTi, specifically as follows:
step1, the remote user DUi at the computer terminal PCTi randomly selects an integer k (k < Q), calculates Q ═ kG, and sends Q to the remote user identity authentication system server;
step2, the remote user identity authentication system server randomly selects an integer r (r < q), and sends r to the remote user DUi on the computer terminal PCTi;
step3, the remote user DUi at the computer terminal PCTi calculates m-k-rn (modq-1), and sends m to the remote user identity authentication system server;
step4, the remote user identity authentication system server side verifies whether Q ═ mG + rP is true;
step5, repeating the steps from Step1 to Step4 for k (k is more than or equal to 3) times;
if the above equation is established, it is proved that the remote user DUi on the computer terminal PCTi knows the key n, and the remote user authentication system server passes the authentication of the remote user DUi on the computer terminal PCTi;
assuming that a third-party eavesdropper finds out the values of Q, r and m, the eavesdropper cannot obtain the key n as well as the remote user authentication system server side, because to obtain the key n, the eavesdropper must know k in the equation m-k-rn (modq-1), and k is obtained only from the equation Q-kG, but this is a difficult problem based on the discrete logarithm problem on the elliptic curve E, and therefore, the third-party eavesdropper cannot know the key n even though the third-party eavesdropper overhears the whole process of the authentication protocol.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. A user authentication system based on a distance education system, comprising: the system comprises a cloud authentication server CASdata and a computer terminal PCTi, wherein the cloud authentication server CASdata is operated with remote user identity authentication system server side software, the computer terminal PCTi is operated with remote user identity authentication system client side software, and the computer terminal PCTi is communicated with the cloud authentication server CASdata;
the identity authentication method of the remote user identity authentication system server side to the remote user DUi on the computer terminal PCTi is as follows:
step one, the remote user DUi performs user registration on the remote user authentication system server side through the remote user authentication system client side on the computer terminal PCTi, which is specifically as follows:
step1, the remote user identity authentication system server performs the following initialization operations:
let E be a finite field FqAn upper elliptic curve;
remote user identity authentication system will have a finite field FqThe elliptic curve E above is disclosed to the remote user DUi on the computer terminal PCTi;
step2, the remote user DUi at the computer terminal PCTi selects one base point G on the elliptic curve E and selects the key n, calculates the public key P as nG and lets P as E;
thereafter, the remote user DUi at the computer terminal PCTi discloses the base point G and the public key P to the remote user authentication system;
step two, the remote user identity authentication system server side authenticates the identity of the remote user DUi of the computer terminal PCTi, specifically as follows:
step1, the remote user DUi at the computer terminal PCTi randomly selects an integer k (k < Q), calculates Q ═ kG, and sends Q to the remote user identity authentication system server;
step2, the remote user identity authentication system server randomly selects an integer r (r < q), and sends r to the remote user DUi on the computer terminal PCTi;
step3, the remote user DUi at the computer terminal PCTi calculates m-k-rn (modq-1), and sends m to the remote user identity authentication system server;
step4, the remote user identity authentication system server side verifies whether Q ═ mG + rP is true;
step5, repeating the steps from Step1 to Step4 for k (k is more than or equal to 3) times;
if the above equation is true, the remote user authentication system server passes the authentication of the remote user DUi on the computer terminal PCTi.
2. The system of claim 1, wherein the cloud authentication server casdlias is deployed in a cloud for managing ASj login access rights of application servers in the remote education system.
3. The system of claim 2, wherein the computer terminal PCTi is adapted to log DUi into the system for accessing the application server ASj.
4. The system of claim 3, wherein the remote user DUi at the PCTi is communicatively connected to the remote user authentication system server running on the cloud authentication server CASDeltias through the remote user authentication system client.
CN202110072190.8A 2021-01-20 2021-01-20 User identity authentication system based on distance education system Withdrawn CN112711754A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110072190.8A CN112711754A (en) 2021-01-20 2021-01-20 User identity authentication system based on distance education system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110072190.8A CN112711754A (en) 2021-01-20 2021-01-20 User identity authentication system based on distance education system

Publications (1)

Publication Number Publication Date
CN112711754A true CN112711754A (en) 2021-04-27

Family

ID=75549508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110072190.8A Withdrawn CN112711754A (en) 2021-01-20 2021-01-20 User identity authentication system based on distance education system

Country Status (1)

Country Link
CN (1) CN112711754A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110138176A1 (en) * 2009-12-09 2011-06-09 Ebay Inc. Systems and methods for facilitating user identity verification over a network
CN111585762A (en) * 2020-04-10 2020-08-25 谢广钦 Server login authentication system based on zero-knowledge proof
CN111695147A (en) * 2020-05-13 2020-09-22 刘中恕 Data security management system based on cloud storage technology
CN111835524A (en) * 2020-06-04 2020-10-27 魏勇 Remote user identity authentication system based on cloud computing technology
CN111865604A (en) * 2020-06-10 2020-10-30 胡全生 User identity authentication system based on remote control technology

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110138176A1 (en) * 2009-12-09 2011-06-09 Ebay Inc. Systems and methods for facilitating user identity verification over a network
CN111585762A (en) * 2020-04-10 2020-08-25 谢广钦 Server login authentication system based on zero-knowledge proof
CN111695147A (en) * 2020-05-13 2020-09-22 刘中恕 Data security management system based on cloud storage technology
CN111835524A (en) * 2020-06-04 2020-10-27 魏勇 Remote user identity authentication system based on cloud computing technology
CN111865604A (en) * 2020-06-10 2020-10-30 胡全生 User identity authentication system based on remote control technology

Similar Documents

Publication Publication Date Title
US8171538B2 (en) Authentication and authorization of extranet clients to a secure intranet business application in a perimeter network topology
CN105516163B (en) A kind of login method and terminal device and communication system
CN111031365B (en) User authentication system suitable for cloud broadcast television network
EP2391083B1 (en) Method for realizing authentication center and authentication system
CN108282779B (en) Space-ground integrated space information network low-delay anonymous access authentication method
KR20170106515A (en) Multi-factor certificate authority
CN104125226A (en) Locking and unlocking application method, device and system
CN102651739A (en) Login verification method, system and instant messaging (IM) server
CN113079396B (en) Service management and control method and device, terminal equipment and storage medium
EP2289222A1 (en) Method, authentication server and service server for authenticating a client
CN101488945B (en) Authentication method oriented to SIP
CN104283681B (en) The method, apparatus and system that a kind of legitimacy to user is verified
JP2016521029A (en) Network system comprising security management server and home network, and method for including a device in the network system
CN108011873A (en) A kind of illegal connection determination methods based on set covering
KR20080104594A (en) Online certificate verification apparatus and method for offline device
CN102571874B (en) On-line audit method and device in distributed system
CN111259352A (en) Cloud storage data access control system based on zero-knowledge proof
CN111585762A (en) Server login authentication system based on zero-knowledge proof
CN108111518B (en) Single sign-on method and system based on secure password proxy server
CN103902880A (en) Windows system two-factor authentication method based on challenge responding type dynamic passwords
CN111935067A (en) Enterprise user identity authentication system based on cloud computing technology
WO2017124922A1 (en) Method and device for cross-domain system login verification
CN112865974A (en) Safety protection system based on edge computing access equipment
CN112711754A (en) User identity authentication system based on distance education system
CN105187409B (en) A kind of device authorization system and its authorization method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210427