CN112711754A - User identity authentication system based on distance education system - Google Patents
User identity authentication system based on distance education system Download PDFInfo
- Publication number
- CN112711754A CN112711754A CN202110072190.8A CN202110072190A CN112711754A CN 112711754 A CN112711754 A CN 112711754A CN 202110072190 A CN202110072190 A CN 202110072190A CN 112711754 A CN112711754 A CN 112711754A
- Authority
- CN
- China
- Prior art keywords
- remote user
- computer terminal
- dui
- authentication system
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of user identity authentication of a remote education system, and discloses a user identity authentication system based on the remote education system, which comprises the following components: the system comprises a cloud authentication server CASdata and a computer terminal PCTi, wherein the cloud authentication server CASdata is operated with remote user identity authentication system server side software, the computer terminal PCTi is operated with remote user identity authentication system client side software, and the computer terminal PCTi is communicated with the cloud authentication server CASdata; when the remote user DUi on the computer terminal PCTi sends a login access request to the application server ASj in the distance education system, the remote user identity authentication system server running on the cloud authentication server casdlias authenticates the identity of the remote user DUi on the computer terminal PCTi, and only if the identity of the remote user DUi passes the authentication of the system server, the remote user DUi is allowed to login and access the education resources on the application server ASj in the distance education system. The invention solves the technical problem of how to improve the safety of the user identity authentication of the remote education system.
Description
Technical Field
The invention relates to the technical field of user identity authentication of a remote education system, in particular to a user identity authentication system based on the remote education system.
Background
The remote education is a novel education form developed by using modern information technology means such as network technology, multimedia technology and the like, is network education established on the basis of the modern electronic information communication technology, takes face-to-face teaching, letter teaching and broadcast television teaching as assistance, takes learners as main bodies, and mainly uses various media and various interaction means between students and teachers, and between students and education institutions to carry out system teaching and communication connection.
In the existing remote education system, the validity of the user identity is mostly judged by adopting a static authentication mode of 'user name + password' from the links of login, online learning, network resource acquisition, examination and the like. The identity management mode can not ensure the legality and uniqueness of the user, and is easy to cause the illegal use and loss of resources.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a user identity authentication system based on a remote education system, which aims to solve the technical problem of improving the safety of user identity authentication of the remote education system.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
a user identity authentication system based on a distance education system, comprising: the system comprises a cloud authentication server CASdata and a computer terminal PCTi, wherein the cloud authentication server CASdata is operated with remote user identity authentication system server side software, the computer terminal PCTi is operated with remote user identity authentication system client side software, and the computer terminal PCTi is communicated with the cloud authentication server CASdata;
the identity authentication method of the remote user identity authentication system server side to the remote user DUi on the computer terminal PCTi is as follows:
step one, the remote user DUi performs user registration on the remote user authentication system server side through the remote user authentication system client side on the computer terminal PCTi, which is specifically as follows:
step1, the remote user identity authentication system server performs the following initialization operations:
let E be a finite field FqAn upper elliptic curve;
remote user identity authentication system will have a finite field FqThe elliptic curve E above is disclosed to the remote user DUi on the computer terminal PCTi;
step2, the remote user DUi at the computer terminal PCTi selects one base point G on the elliptic curve E and selects the key n, calculates the public key P as nG and lets P as E;
thereafter, the remote user DUi at the computer terminal PCTi discloses the base point G and the public key P to the remote user authentication system;
step two, the remote user identity authentication system server side authenticates the identity of the remote user DUi of the computer terminal PCTi, specifically as follows:
step1, the remote user DUi at the computer terminal PCTi randomly selects an integer k (k < Q), calculates Q ═ kG, and sends Q to the remote user identity authentication system server;
step2, the remote user identity authentication system server randomly selects an integer r (r < q), and sends r to the remote user DUi on the computer terminal PCTi;
step3, the remote user DUi at the computer terminal PCTi calculates m-k-rn (modq-1), and sends m to the remote user identity authentication system server;
step4, the remote user identity authentication system server side verifies whether Q ═ mG + rP is true;
step5, repeating the steps from Step1 to Step4 for k (k is more than or equal to 3) times;
if the above equation is true, the remote user authentication system server passes the authentication of the remote user DUi on the computer terminal PCTi.
Further, the cloud authentication server casdlias is deployed at a remote cloud end and used for managing login access rights of the application server ASj in the remote education system.
Further, the computer terminal PCTi is used for logging in the remote education system by the remote user DUi to access the application server ASj.
Further, the remote user DUi on the computer terminal PCTi is in communication connection with the remote user authentication system server running on the cloud authentication server casdlias through the remote user authentication system client.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
in order to ensure the validity and uniqueness of a remote user DUi in a remote education system and prevent an unauthorized user from illegally using education resources on an application server ASj in the remote education system, when a remote user DUi on a computer terminal PCTi sends a login access request to the application server ASj in the remote education system, a remote user identity authentication system service end running on a cloud authentication server CASdluis authenticates the identity of a remote user DUi on the computer terminal PCTi;
and because the service end of the remote user identity authentication system has zero knowledge on the identity authentication protocol of the remote user DUi on the computer terminal PCTi, a third party eavesdropper cannot know the key n even though eavesdropping the whole process of the authentication protocol, thereby improving the security of the remote education system user identity authentication and avoiding the illegal use and loss of resources.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A user identity authentication system based on a distance education system, comprising: the computer terminal PCTi (i ═ 1,2, …, n) runs with remote user identity authentication system server software and is deployed in a remote cloud end and used for managing login access authority of an application server ASj (j ═ 1,2, …, m) in the remote education system, and the computer terminal PCTi (i ═ 1,2, …, n) runs with remote user identity authentication system client software and is used for a remote user DUi (i ═ 1,2, …, n) to login and access the application server ASj in the remote education system;
the remote user DUi on the computer terminal PCTi is in communication connection with the remote user identity authentication system server running on the cloud authentication server CASDeluais through the remote user identity authentication system client;
in order to ensure the validity and uniqueness of the remote user DUi in the remote education system and prevent unauthorized users from illegally using education resources on the application server ASj in the remote education system, when the remote user DUi on the computer terminal PCTi sends a login access request to the application server ASj in the remote education system, the remote user identity authentication system service end running on the cloud authentication server casdlias authenticates the identity of the remote user DUi on the computer terminal PCTi;
if the identity of the remote user DUi on the computer terminal PCTi passes the authentication of the remote user identity authentication system server, allowing the remote user DUi on the computer terminal PCTi to log in and access educational resources on an application server ASj in the remote education system;
if the identity of the remote user DUi on the computer terminal PCTi does not pass the authentication of the remote user identity authentication system server, the remote user DUi on the computer terminal PCTi is refused to log in and access the educational resources on the application server ASj in the remote education system;
the identity authentication method of the remote user identity authentication system server side to the remote user DUi on the computer terminal PCTi is as follows:
step one, the remote user DUi performs user registration on the remote user authentication system server side through the remote user authentication system client side on the computer terminal PCTi, which is specifically as follows:
step1, the remote user identity authentication system server performs the following initialization operations:
let E be a finite field FqAn upper elliptic curve;
remote user identity authentication system will have a finite field FqThe elliptic curve E above is disclosed to the remote user DUi on the computer terminal PCTi;
step2, the remote user DUi at the computer terminal PCTi selects one base point G on the elliptic curve E and selects the key n, calculates the public key P as nG and lets P as E;
thereafter, the remote user DUi at the computer terminal PCTi discloses the base point G and the public key P to the remote user authentication system;
step two, when the remote user DUi on the computer terminal PCTi sends a login access request to the application server ASj in the remote education system, the remote user identity authentication system server side authenticates the identity of the remote user DUi of the computer terminal PCTi, specifically as follows:
step1, the remote user DUi at the computer terminal PCTi randomly selects an integer k (k < Q), calculates Q ═ kG, and sends Q to the remote user identity authentication system server;
step2, the remote user identity authentication system server randomly selects an integer r (r < q), and sends r to the remote user DUi on the computer terminal PCTi;
step3, the remote user DUi at the computer terminal PCTi calculates m-k-rn (modq-1), and sends m to the remote user identity authentication system server;
step4, the remote user identity authentication system server side verifies whether Q ═ mG + rP is true;
step5, repeating the steps from Step1 to Step4 for k (k is more than or equal to 3) times;
if the above equation is established, it is proved that the remote user DUi on the computer terminal PCTi knows the key n, and the remote user authentication system server passes the authentication of the remote user DUi on the computer terminal PCTi;
assuming that a third-party eavesdropper finds out the values of Q, r and m, the eavesdropper cannot obtain the key n as well as the remote user authentication system server side, because to obtain the key n, the eavesdropper must know k in the equation m-k-rn (modq-1), and k is obtained only from the equation Q-kG, but this is a difficult problem based on the discrete logarithm problem on the elliptic curve E, and therefore, the third-party eavesdropper cannot know the key n even though the third-party eavesdropper overhears the whole process of the authentication protocol.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (4)
1. A user authentication system based on a distance education system, comprising: the system comprises a cloud authentication server CASdata and a computer terminal PCTi, wherein the cloud authentication server CASdata is operated with remote user identity authentication system server side software, the computer terminal PCTi is operated with remote user identity authentication system client side software, and the computer terminal PCTi is communicated with the cloud authentication server CASdata;
the identity authentication method of the remote user identity authentication system server side to the remote user DUi on the computer terminal PCTi is as follows:
step one, the remote user DUi performs user registration on the remote user authentication system server side through the remote user authentication system client side on the computer terminal PCTi, which is specifically as follows:
step1, the remote user identity authentication system server performs the following initialization operations:
let E be a finite field FqAn upper elliptic curve;
remote user identity authentication system will have a finite field FqThe elliptic curve E above is disclosed to the remote user DUi on the computer terminal PCTi;
step2, the remote user DUi at the computer terminal PCTi selects one base point G on the elliptic curve E and selects the key n, calculates the public key P as nG and lets P as E;
thereafter, the remote user DUi at the computer terminal PCTi discloses the base point G and the public key P to the remote user authentication system;
step two, the remote user identity authentication system server side authenticates the identity of the remote user DUi of the computer terminal PCTi, specifically as follows:
step1, the remote user DUi at the computer terminal PCTi randomly selects an integer k (k < Q), calculates Q ═ kG, and sends Q to the remote user identity authentication system server;
step2, the remote user identity authentication system server randomly selects an integer r (r < q), and sends r to the remote user DUi on the computer terminal PCTi;
step3, the remote user DUi at the computer terminal PCTi calculates m-k-rn (modq-1), and sends m to the remote user identity authentication system server;
step4, the remote user identity authentication system server side verifies whether Q ═ mG + rP is true;
step5, repeating the steps from Step1 to Step4 for k (k is more than or equal to 3) times;
if the above equation is true, the remote user authentication system server passes the authentication of the remote user DUi on the computer terminal PCTi.
2. The system of claim 1, wherein the cloud authentication server casdlias is deployed in a cloud for managing ASj login access rights of application servers in the remote education system.
3. The system of claim 2, wherein the computer terminal PCTi is adapted to log DUi into the system for accessing the application server ASj.
4. The system of claim 3, wherein the remote user DUi at the PCTi is communicatively connected to the remote user authentication system server running on the cloud authentication server CASDeltias through the remote user authentication system client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110072190.8A CN112711754A (en) | 2021-01-20 | 2021-01-20 | User identity authentication system based on distance education system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110072190.8A CN112711754A (en) | 2021-01-20 | 2021-01-20 | User identity authentication system based on distance education system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112711754A true CN112711754A (en) | 2021-04-27 |
Family
ID=75549508
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110072190.8A Withdrawn CN112711754A (en) | 2021-01-20 | 2021-01-20 | User identity authentication system based on distance education system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112711754A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110138176A1 (en) * | 2009-12-09 | 2011-06-09 | Ebay Inc. | Systems and methods for facilitating user identity verification over a network |
CN111585762A (en) * | 2020-04-10 | 2020-08-25 | 谢广钦 | Server login authentication system based on zero-knowledge proof |
CN111695147A (en) * | 2020-05-13 | 2020-09-22 | 刘中恕 | Data security management system based on cloud storage technology |
CN111835524A (en) * | 2020-06-04 | 2020-10-27 | 魏勇 | Remote user identity authentication system based on cloud computing technology |
CN111865604A (en) * | 2020-06-10 | 2020-10-30 | 胡全生 | User identity authentication system based on remote control technology |
-
2021
- 2021-01-20 CN CN202110072190.8A patent/CN112711754A/en not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110138176A1 (en) * | 2009-12-09 | 2011-06-09 | Ebay Inc. | Systems and methods for facilitating user identity verification over a network |
CN111585762A (en) * | 2020-04-10 | 2020-08-25 | 谢广钦 | Server login authentication system based on zero-knowledge proof |
CN111695147A (en) * | 2020-05-13 | 2020-09-22 | 刘中恕 | Data security management system based on cloud storage technology |
CN111835524A (en) * | 2020-06-04 | 2020-10-27 | 魏勇 | Remote user identity authentication system based on cloud computing technology |
CN111865604A (en) * | 2020-06-10 | 2020-10-30 | 胡全生 | User identity authentication system based on remote control technology |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8171538B2 (en) | Authentication and authorization of extranet clients to a secure intranet business application in a perimeter network topology | |
CN105516163B (en) | A kind of login method and terminal device and communication system | |
CN111031365B (en) | User authentication system suitable for cloud broadcast television network | |
EP2391083B1 (en) | Method for realizing authentication center and authentication system | |
CN108282779B (en) | Space-ground integrated space information network low-delay anonymous access authentication method | |
KR20170106515A (en) | Multi-factor certificate authority | |
CN104125226A (en) | Locking and unlocking application method, device and system | |
CN102651739A (en) | Login verification method, system and instant messaging (IM) server | |
CN113079396B (en) | Service management and control method and device, terminal equipment and storage medium | |
EP2289222A1 (en) | Method, authentication server and service server for authenticating a client | |
CN101488945B (en) | Authentication method oriented to SIP | |
CN104283681B (en) | The method, apparatus and system that a kind of legitimacy to user is verified | |
JP2016521029A (en) | Network system comprising security management server and home network, and method for including a device in the network system | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
KR20080104594A (en) | Online certificate verification apparatus and method for offline device | |
CN102571874B (en) | On-line audit method and device in distributed system | |
CN111259352A (en) | Cloud storage data access control system based on zero-knowledge proof | |
CN111585762A (en) | Server login authentication system based on zero-knowledge proof | |
CN108111518B (en) | Single sign-on method and system based on secure password proxy server | |
CN103902880A (en) | Windows system two-factor authentication method based on challenge responding type dynamic passwords | |
CN111935067A (en) | Enterprise user identity authentication system based on cloud computing technology | |
WO2017124922A1 (en) | Method and device for cross-domain system login verification | |
CN112865974A (en) | Safety protection system based on edge computing access equipment | |
CN112711754A (en) | User identity authentication system based on distance education system | |
CN105187409B (en) | A kind of device authorization system and its authorization method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210427 |