CN112822024A - SDH optical fiber communication network user identity authentication system - Google Patents

SDH optical fiber communication network user identity authentication system Download PDF

Info

Publication number
CN112822024A
CN112822024A CN202110066269.XA CN202110066269A CN112822024A CN 112822024 A CN112822024 A CN 112822024A CN 202110066269 A CN202110066269 A CN 202110066269A CN 112822024 A CN112822024 A CN 112822024A
Authority
CN
China
Prior art keywords
optical fiber
user
identity authentication
fiber communication
authentication system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202110066269.XA
Other languages
Chinese (zh)
Inventor
张友平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110066269.XA priority Critical patent/CN112822024A/en
Publication of CN112822024A publication Critical patent/CN112822024A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • H04L9/3221Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/16Time-division multiplex systems in which the time allocation to individual channels within a transmission cycle is variable, e.g. to accommodate varying complexity of signals, to vary number of channels transmitted
    • H04J3/1605Fixed allocated frame structures
    • H04J3/1611Synchronous digital hierarchy [SDH] or SONET
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of SDH optical fiber communication network user identity authentication, and discloses an SDH optical fiber communication network user identity authentication system, which comprises: the cloud authentication server CASofuias runs with optical fiber user identity authentication system server software, and the computer terminal PCTi runs with optical fiber user identity authentication system client software and is used for accessing an optical fiber communication user OFCUi into an SDH optical fiber communication network; when the optical fiber communication user OFCUi on the computer terminal PCTi sends a network access request to the management server in the SDH optical fiber communication network, the optical fiber user identity authentication system server running on the cloud authentication server casofuis performs data interaction with the optical fiber communication user OFCUi client running on the computer terminal PCTi, thereby realizing authentication of the identity of the optical fiber communication user OFCUi on the computer terminal PCTi. The invention solves the technical problem of how to perform security authentication on the identity of the SDH optical fiber communication network user.

Description

SDH optical fiber communication network user identity authentication system
Technical Field
The invention relates to the technical field of SDH optical fiber communication network user identity authentication, in particular to an SDH optical fiber communication network user identity authentication system.
Background
In recent years, with the gradual development of computer networks, people have higher and higher requirements on the quality of optical fiber communication services, and SDH optical fiber communication networks are in due charge and widely applied. With the rapid development of the SDH optical fiber communication network, the security problem of the SDH optical fiber communication network is increasingly prominent, which affects the further development of the application thereof.
The SDH optical fiber communication network is complex, the related data amount is huge, the realization process of the current user safety identity authentication system is complex, and the current user safety identity authentication system is easy to be interfered by the external environment, so that the identity authentication result is unreliable, and the efficiency is low. Therefore, how to perform secure authentication on the identity of the SDH optical fiber communication network user becomes an urgent problem to be solved.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an SDH optical fiber communication network user identity authentication system to solve the technical problem of how to perform security authentication on the identity of an SDH optical fiber communication network user.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an SDH optical fiber communication network user identity authentication system comprises: the system comprises a cloud authentication server casofias running with optical fiber user identity authentication system server software, and a computer terminal PCTi (i ═ 1,2, …, n) running with optical fiber user identity authentication system client software and used for accessing an optical fiber communication user OFCUi (i ═ 1,2, …, n) into an SDH optical fiber communication network;
the computer terminal PCTi and the cloud authentication server CASofuias are in communication connection with each other;
the identity authentication method of the optical fiber user identity authentication system service end to the optical fiber communication user OFCUi on the computer terminal PCTi is as follows:
step one, an optical fiber communication user OFCUi performs user registration on an optical fiber user identity authentication system server through an optical fiber user identity authentication system user side on a computer terminal PCTi, which is specifically as follows:
selecting prime number a on a system by an optical fiber communication user OFCUi on a computer terminal PCTi1,a2Calculating A ═ a1*a2Is selected to be less than a1B, then a key k is selected, and g-k is calculated2modA, then disclosing A, g and b to an optical fiber user identity authentication system;
step two, when the optical fiber communication user OFCUi on the computer terminal PCTi sends a network access request to the management server in the SDH optical fiber communication network, the service end of the optical fiber user identity authentication system authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, which is specifically as follows:
step1 light on computer terminal PCTiThe optical fiber communication user OFCUi firstly selects a random number c and then calculates d ═ bc*cmodA, then sending d to the fiber user identity authentication system;
step2, the fiber user identity authentication system randomly selects e to be 0 or 1, and sends the e to the fiber communication user OFCUi on the computer terminal PCTi;
step3, after the optical fiber communication user OFCUi on the computer terminal PCTi receives e, it starts to calculate f ═ ckemodA, sending f to the fiber user identity authentication system;
step4, fiber user identity authentication system verification equation df=dgWhether modA holds;
step6, if the above equation is true, the service end of the fiber user identity authentication system passes the identity authentication of the fiber communication user OFCUi on the computer terminal PCTi.
Further, Step5 is included between Step4 and Step 6;
and Step5 is to repeatedly execute the steps from Step1 to Step4 t times (t is more than or equal to 3).
Further, the service end of the optical fiber user identity authentication system on the cloud authentication server casofuis performs data interaction with the user end of the optical fiber communication user OFCUi running on the computer terminal PCTi to authenticate the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, and only if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi passes the authentication of the service end of the optical fiber user identity authentication system, the optical fiber communication user OFCUi is allowed to access the SDH optical fiber communication network through the computer terminal PCTi.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
when an optical fiber communication user OFCUi on a computer terminal PCTi sends a network access request to a management server in the SDH optical fiber communication network, an optical fiber user identity authentication system service end running on a cloud authentication server CASOfuias carries out data interaction with an optical fiber communication user OFCUi user end running on the computer terminal PCTi to authenticate the identity of the optical fiber communication user OFCUi on the computer terminal PCTi;
the identity authentication protocol is safe because the identity authentication of the service end of the optical fiber user identity authentication system to the optical fiber communication user OFCUi on the computer terminal PCTi is zero knowledge.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An SDH optical fiber communication network user identity authentication system comprises: a cloud authentication server casofuis running with optical fiber user identity authentication system server software and deployed at a remote cloud end, and a computer terminal PCTi (i ═ 1,2, …, n) running with optical fiber user identity authentication system client software and used for accessing an optical fiber communication user OFCUi (i ═ 1,2, …, n) into an SDH optical fiber communication network;
the optical fiber communication user OFCUi on the computer terminal PCTi is in communication connection with the optical fiber user identity authentication system server running in the cloud authentication server CASofuias through the optical fiber user identity authentication system user side;
in order to confirm the identity of the optical fiber communication user OFCUi at the computer terminal PCTi (i is 1,2, …, n) accessing the SDH optical fiber communication network and prevent unauthorized users from illegally accessing the SDH optical fiber communication network, when the optical fiber communication user OFCUi at the computer terminal PCTi sends a network access request to a management server in the SDH optical fiber communication network, the optical fiber user identity authentication system service end operating on the cloud authentication server casofuis performs data interaction with the optical fiber communication user OFCUi user end operating on the computer terminal PCTi to authenticate the identity of the optical fiber communication user OFCUi at the computer terminal PCTi;
if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi passes the authentication of the service end of the optical fiber user identity authentication system, allowing the optical fiber communication user OFCUi to access the SDH optical fiber communication network through the computer terminal PCTi;
if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi does not pass the authentication of the service end of the optical fiber user identity authentication system, the optical fiber communication user OFCUi is refused to access the SDH optical fiber communication network through the computer terminal PCTi;
the identity authentication method of the optical fiber user identity authentication system service end to the optical fiber communication user OFCUi on the computer terminal PCTi is as follows:
step one, an optical fiber communication user OFCUi performs user registration on an optical fiber user identity authentication system server through an optical fiber user identity authentication system user side on a computer terminal PCTi, which is specifically as follows:
selecting prime number a on a system by an optical fiber communication user OFCUi on a computer terminal PCTi1,a2Calculating A ═ a1*a2Is selected to be less than a1B, then a key k is selected, and g-k is calculated2modA, then disclosing A, g and b to an optical fiber user identity authentication system;
step two, when the optical fiber communication user OFCUi on the computer terminal PCTi sends a network access request to the management server in the SDH optical fiber communication network, the service end of the optical fiber user identity authentication system authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, which is specifically as follows:
step1, the optical fiber communication user OFCUi on the computer terminal PCTi first selects a random number c, then calculates d ═ bc*cmodA, then sending d to the fiber user identity authentication system;
step2, the fiber user identity authentication system randomly selects e to be 0 or 1, and sends the e to the fiber communication user OFCUi on the computer terminal PCTi;
step3, after the optical fiber communication user OFCUi on the computer terminal PCTi receives e, it starts to calculate f ═ ckemodA, sending f to the fiber user identity authentication system;
step4, fiber user identity authentication system verification equation df=dgWhether modA holds;
step5, repeating the steps from Step1 to Step4 for a total of t (t is more than or equal to 3) times;
step6, if the above equation is established, it is proved that the optical fiber communication user OFCUi on the computer terminal PCTi knows the key k, and the service end of the optical fiber user identity authentication system passes the identity authentication of the optical fiber communication user OFCUi on the computer terminal PCTi;
if the equation is not satisfied, the optical fiber communication user OFCUi on the computer terminal PCTi is proved not to know the key k, and the authentication process is terminated;
after the above-mentioned authentication protocol is executed, the optical fiber user authentication system only knows that the optical fiber communication user OFCUi on the computer terminal PCTi is a legitimate user, but cannot know any information about the key k, so the authentication protocol is zero-knowledge.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (3)

1. An SDH optical fiber communication network user identity authentication system, comprising: the cloud authentication server CASofuias runs with optical fiber user identity authentication system server software, and the computer terminal PCTi runs with optical fiber user identity authentication system client software and is used for accessing an optical fiber communication user OFCUi into an SDH optical fiber communication network;
the computer terminal PCTi and the cloud authentication server CASofuias are in communication connection with each other;
the identity authentication method of the optical fiber user identity authentication system service end to the optical fiber communication user OFCUi on the computer terminal PCTi is as follows:
step one, an optical fiber communication user OFCUi performs user registration on an optical fiber user identity authentication system server through an optical fiber user identity authentication system user side on a computer terminal PCTi, which is specifically as follows:
selecting prime number a on a system by an optical fiber communication user OFCUi on a computer terminal PCTi1,a2Calculating A ═ a1*a2Is selected to be less than a1B, then a key k is selected, and g-k is calculated2modA, then disclosing A, g and b to an optical fiber user identity authentication system;
step two, the service end of the optical fiber user identity authentication system authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, which is specifically as follows:
step1, the optical fiber communication user OFCUi on the computer terminal PCTi first selects a random number c, then calculates d ═ bc* cmodA, then sending d to the fiber user identity authentication system;
step2, the fiber user identity authentication system randomly selects e to be 0 or 1, and sends the e to the fiber communication user OFCUi on the computer terminal PCTi;
step3, after the optical fiber communication user OFCUi on the computer terminal PCTi receives e, it starts to calculate f ═ ckemodA, sending f to the fiber user identity authentication system;
step4, fiber user identity authentication system verification equation df=dgWhether modA holds;
step5, if the above equation is true, the service end of the fiber user identity authentication system passes the identity authentication of the fiber communication user OFCUi on the computer terminal PCTi.
2. The SDH optical fiber communication network user identity authentication system of claim 1, further comprising the following steps between Step4 and Step 5:
the steps from Step1 to Step4 are repeated t (t ≧ 3) times.
3. The SDH optical fiber communication network user identity authentication system according to claim 2, wherein the optical fiber user identity authentication system service end authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, and the optical fiber communication user OFCUi is allowed to access the SDH optical fiber communication network through the computer terminal PCTi only if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi passes the authentication of the optical fiber user identity authentication system service end.
CN202110066269.XA 2021-01-19 2021-01-19 SDH optical fiber communication network user identity authentication system Withdrawn CN112822024A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110066269.XA CN112822024A (en) 2021-01-19 2021-01-19 SDH optical fiber communication network user identity authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110066269.XA CN112822024A (en) 2021-01-19 2021-01-19 SDH optical fiber communication network user identity authentication system

Publications (1)

Publication Number Publication Date
CN112822024A true CN112822024A (en) 2021-05-18

Family

ID=75870019

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110066269.XA Withdrawn CN112822024A (en) 2021-01-19 2021-01-19 SDH optical fiber communication network user identity authentication system

Country Status (1)

Country Link
CN (1) CN112822024A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031365A (en) * 2020-01-13 2020-04-17 祖晓宏 User authentication system suitable for cloud broadcast television network
CN111901118A (en) * 2020-06-10 2020-11-06 陈瑞安 Port enterprise security authentication system based on mobile internet
CN112035809A (en) * 2020-08-13 2020-12-04 刘乾春 Unified access authorization platform based on education cloud

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031365A (en) * 2020-01-13 2020-04-17 祖晓宏 User authentication system suitable for cloud broadcast television network
CN111901118A (en) * 2020-06-10 2020-11-06 陈瑞安 Port enterprise security authentication system based on mobile internet
CN112035809A (en) * 2020-08-13 2020-12-04 刘乾春 Unified access authorization platform based on education cloud

Similar Documents

Publication Publication Date Title
CN101951603B (en) Access control method and system for wireless local area network
CN102201915B (en) Terminal authentication method and device based on single sign-on
CN102438044B (en) Digital content trusted usage control method based on cloud computing
KR20160127167A (en) Multi-factor certificate authority
CN112492602B (en) 5G terminal safety access device, system and equipment
CN112491829B (en) MEC platform identity authentication method and device based on 5G core network and blockchain
CN108881309A (en) Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform
CN113079396B (en) Service management and control method and device, terminal equipment and storage medium
CN112436940A (en) Internet of things equipment trusted boot management method based on zero-knowledge proof
CN109818943A (en) A kind of authentication method suitable for low orbit satellite Internet of Things
CN111935067A (en) Enterprise user identity authentication system based on cloud computing technology
CN115842680A (en) Network identity authentication management method and system
CN111741468A (en) MEC-based AMF (advanced metering library) and identity authentication method, construction method and device thereof
CN110247905A (en) The data backup memory method and system of secure authentication mode based on Token
CN113259350A (en) Cryptographic user authorization and authentication system based on key generation algorithm
CN111641651B (en) Access verification method and device based on Hash chain
CN112865974A (en) Safety protection system based on edge computing access equipment
CN102316119B (en) Security control method and equipment
CN112822024A (en) SDH optical fiber communication network user identity authentication system
EP3123758B1 (en) User equipment proximity requests authentication
CN113068188A (en) External user identity authentication system based on wireless sensor node
CN114615309A (en) Client access control method, device and system, electronic equipment and storage medium
CN111654471A (en) Remote user authentication system based on distributed server architecture
CN104519073A (en) AAA multi-factor security-enhanced authentication method
CN116506221B (en) Industrial switch admission control method, device, computer equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20210518