CN112738135A - 一种基于数字证书的无感知认证方法 - Google Patents
一种基于数字证书的无感知认证方法 Download PDFInfo
- Publication number
- CN112738135A CN112738135A CN202110122332.7A CN202110122332A CN112738135A CN 112738135 A CN112738135 A CN 112738135A CN 202110122332 A CN202110122332 A CN 202110122332A CN 112738135 A CN112738135 A CN 112738135A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- authentication
- authentication method
- method based
- perception
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
本发明提供了一种基于数字证书的无感知认证方法,用于处理以下问题:1、解决,每一次采用数字证书登录的繁琐2、设备每一次登录都要进行认证,当登陆人数基数增大,会增大服务器的负担,同时会影响登录速度,给用户带来糟糕的访问体验问题;3、无感知认证的安全性并不是非常好,并不能对登录者的身份进行确认,若出现黑客的攻击,将会没有方法进行识别。4、解决了在连接的过程中用户权限认证的问题。
Description
技术领域
本发明涉及安全认证领域,尤其涉及一种基于数字证书的无感知认证方法。
背景技术
科学技术不断发展的今天,互联网成为了每个人都必须接触的一项生活事件,不可避免的,在访问浏览器网页的过程会涉及到身份认证的问题,但是无论在什么网站上每一次重新登录会使用户的访问体验非常差,因此很多时候,采取无感知认证已经成为在B/S架构上的常用形态,但是因为这样不能保证登录人的身份,无法应对黑客入侵,一旦账号信息泄露,就无法成功认证登陆。因此,可以采用基于数字证书的无感知认证,进行强身份认证,解决这一系列问题。
发明内容
针对现有技术中的不足,本发明的目的在于本发明提供了一种基于数字证书的无感知认证方法,所提出的方法完善安全领域的无感知认证,完善了用户权限认证的问题。本发明针对的是一种基于数字证书的无感知认证方法。采取的方法是:用户接入局域网发送对应的用户端登录请求,BRAS将把用户所处网的MAC地址发送,传送至Radius中,Radius将会与后台进行比对认证。若是成功认证, Radius将会把认证成功的消息发送给BRAS,BRAS承担着DHCP服务器的功能,将会对认证成功的MAC地址所属处下发动态IP且授权访问权限,最后用户成功登入。若是认证失败,将会进行数字证书的检测,对数字证书的认证采用CRT改进的RSA算法进行解密,确认身份。
在进行RSA算法解密后,再进行SHA-256算法求哈希值,形成256bit的哈希值。然后采取SHA-256算法进行验证,当前后端两次哈希算法得出的值是一样的,就可以说明在传输过程中没有被中间入侵,使得数据传输更加安全。
若是用户登录设备中含有数字证书将会进行是否认证的判断,若是认证成功,将会进行下一步,对所属的MAC地址进行录入后台,授予登录权限,若是数字证书没有认证,将会认证失败。
附图说明
图1为一种基于数字证书的无感知认证方法的流程图。
具体实施方式
步骤S101开始后,步骤S102用户接入局域网,在保证可上网的情况下,步骤S103发送对应的用户端登录请求。
请求发送之后,步骤S104,BRAS将把用户所处网的MAC地址发送,传送至Radius中,Radius将会与后台进行比对认证。
在N1处的判断中,若是成功认证,步骤S106,Radius将会把认证成功的消息发送给BRAS, 步骤S109,BRAS承担着DHCP服务器的功能,将会对拥有认证成功的MAC地址所属处下发动态IP且授权访问权限,步骤S113,最后用户成功登入。
在N1处若是认证失败,在Radius传回失败信息后,步骤S105将进行数字证书的检测,即N2处判断。通过检测用户登录设备中是否含有数字证书进行判断。
如果用户登录设备中含有数字证书,将会进行下一步判断:步骤S108验证数字证书,在这里的数字证书是采用CRT改进的RSA算法进行解密,确认身份,具体过程为:
在进行RSA算法解密后,再进行SHA-256算法求哈希值,形成256bit的哈希值;然后采取SHA-256算法进行验证,当前后端两次哈希算法得出的值是一样的,就可以说明在传输过程中没有被中间入侵,使得数据传输更加安全;步骤S111当验证失败,Radius发送拒绝访问的信息,BRAS将会把验证失败相关信息传回用户登陆界面;当验证成功,步骤S112,Radius将会把数字证书验证成功处的MAC地址和数字证书的相关信息进行绑定,录入,储存在后台数据库之中,下一步将会返回到S106处进行后台处理,最后成功登入。
若是在N2处检测失败,BRAS将会把信息传回用户端,步骤S107用户将会收到下载数字证书的弹窗提示,步骤S110当用户下载完证书并且再次提交登陆申请时,将会返回到N2处进行循环。
Claims (4)
1.一种基于数字证书的无感知认证方法,其特征在于使用基于CRT的RSA进行解密,SHA-256验证。
2.一种基于数字证书的无感知认证方法,其特征在于采用MAC与Portal技术相结合从而实现无感知认证。
3.一种基于数字证书的无感知认证方法,其特征在于验证成功后,以DHCP进行分配动态IP提供访问权限。
4.一种基于数字证书的无感知认证方法,其特征在与无感知认证的服务器端包括:BRAS设备,Portal,Radius,以及后台数据库;其中,BRAS具有推送,汇总信息,承载DHCP服务器的功能。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110122332.7A CN112738135A (zh) | 2021-01-29 | 2021-01-29 | 一种基于数字证书的无感知认证方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110122332.7A CN112738135A (zh) | 2021-01-29 | 2021-01-29 | 一种基于数字证书的无感知认证方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112738135A true CN112738135A (zh) | 2021-04-30 |
Family
ID=75594460
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110122332.7A Pending CN112738135A (zh) | 2021-01-29 | 2021-01-29 | 一种基于数字证书的无感知认证方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112738135A (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113377813A (zh) * | 2021-06-08 | 2021-09-10 | 上海商米科技集团股份有限公司 | 全局唯一标识码生成方法、设备、系统和计算机可读介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651682A (zh) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | 一种安全认证的方法、系统和装置 |
CN106685643A (zh) * | 2015-11-07 | 2017-05-17 | 上海复旦微电子集团股份有限公司 | Crt模式下公钥验证的方法及装置 |
CN112055031A (zh) * | 2020-09-19 | 2020-12-08 | 黑龙江讯翱科技有限公司 | 一种基于mac地址的无感知认证方法 |
-
2021
- 2021-01-29 CN CN202110122332.7A patent/CN112738135A/zh active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101651682A (zh) * | 2009-09-15 | 2010-02-17 | 杭州华三通信技术有限公司 | 一种安全认证的方法、系统和装置 |
CN106685643A (zh) * | 2015-11-07 | 2017-05-17 | 上海复旦微电子集团股份有限公司 | Crt模式下公钥验证的方法及装置 |
CN112055031A (zh) * | 2020-09-19 | 2020-12-08 | 黑龙江讯翱科技有限公司 | 一种基于mac地址的无感知认证方法 |
Non-Patent Citations (1)
Title |
---|
叶秀芳: "RSA算法的优化策略", 《电子设计工程》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113377813A (zh) * | 2021-06-08 | 2021-09-10 | 上海商米科技集团股份有限公司 | 全局唯一标识码生成方法、设备、系统和计算机可读介质 |
CN113377813B (zh) * | 2021-06-08 | 2023-08-29 | 上海商米科技集团股份有限公司 | 全局唯一标识码生成方法、设备、系统和计算机可读介质 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9871791B2 (en) | Multi factor user authentication on multiple devices | |
CN112970236B (zh) | 协作风险感知认证 | |
US8819803B1 (en) | Validating association of client devices with authenticated clients | |
US9602468B2 (en) | Techniques to authenticate a client to a proxy through a domain name server intermediary | |
US9298890B2 (en) | Preventing unauthorized account access using compromised login credentials | |
CN101465735B (zh) | 网络用户身份验证方法、服务器及客户端 | |
US9887997B2 (en) | Web authentication using client platform root of trust | |
US8627424B1 (en) | Device bound OTP generation | |
US20220394026A1 (en) | Network identity protection method and device, and electronic equipment and storage medium | |
WO2015031014A1 (en) | Systems and methods for managing resetting of user online identities or accounts | |
CN113672897B (zh) | 数据通信方法、装置、电子设备及存储介质 | |
CN104735065A (zh) | 一种数据处理方法、电子设备及服务器 | |
CN101534192A (zh) | 一种提供跨域令牌的系统和方法 | |
CN103036924A (zh) | 一种链接处理方法及系统 | |
CN101155033B (zh) | 一种确认客户端身份的方法 | |
CN113569210A (zh) | 分布式身份认证方法、设备访问方法及装置 | |
US8875244B1 (en) | Method and apparatus for authenticating a user using dynamic client-side storage values | |
CN115842680A (zh) | 一种网络身份认证管理方法及系统 | |
WO2014062707A2 (en) | Certificate installation and delivery process, four factor authentication, and applications utilizing same | |
CN105187417B (zh) | 权限获取方法和装置 | |
CN112738135A (zh) | 一种基于数字证书的无感知认证方法 | |
JP2011165193A (ja) | ハイブリッド端末のユーザ認証方法及び装置 | |
CN105071993A (zh) | 加密状态检测方法和系统 | |
CN113612729A (zh) | 一种鉴权认证方法和相关装置 | |
CN104519073A (zh) | 一种aaa多因子安全增强认证方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210430 |
|
WD01 | Invention patent application deemed withdrawn after publication |