CN112822024A - SDH optical fiber communication network user identity authentication system - Google Patents
SDH optical fiber communication network user identity authentication system Download PDFInfo
- Publication number
- CN112822024A CN112822024A CN202110066269.XA CN202110066269A CN112822024A CN 112822024 A CN112822024 A CN 112822024A CN 202110066269 A CN202110066269 A CN 202110066269A CN 112822024 A CN112822024 A CN 112822024A
- Authority
- CN
- China
- Prior art keywords
- optical fiber
- user
- identity authentication
- fiber communication
- authentication system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
- H04L9/3221—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs interactive zero-knowledge proofs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J3/00—Time-division multiplex systems
- H04J3/16—Time-division multiplex systems in which the time allocation to individual channels within a transmission cycle is variable, e.g. to accommodate varying complexity of signals, to vary number of channels transmitted
- H04J3/1605—Fixed allocated frame structures
- H04J3/1611—Synchronous digital hierarchy [SDH] or SONET
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of SDH optical fiber communication network user identity authentication, and discloses an SDH optical fiber communication network user identity authentication system, which comprises: the cloud authentication server CASofuias runs with optical fiber user identity authentication system server software, and the computer terminal PCTi runs with optical fiber user identity authentication system client software and is used for accessing an optical fiber communication user OFCUi into an SDH optical fiber communication network; when the optical fiber communication user OFCUi on the computer terminal PCTi sends a network access request to the management server in the SDH optical fiber communication network, the optical fiber user identity authentication system server running on the cloud authentication server casofuis performs data interaction with the optical fiber communication user OFCUi client running on the computer terminal PCTi, thereby realizing authentication of the identity of the optical fiber communication user OFCUi on the computer terminal PCTi. The invention solves the technical problem of how to perform security authentication on the identity of the SDH optical fiber communication network user.
Description
Technical Field
The invention relates to the technical field of SDH optical fiber communication network user identity authentication, in particular to an SDH optical fiber communication network user identity authentication system.
Background
In recent years, with the gradual development of computer networks, people have higher and higher requirements on the quality of optical fiber communication services, and SDH optical fiber communication networks are in due charge and widely applied. With the rapid development of the SDH optical fiber communication network, the security problem of the SDH optical fiber communication network is increasingly prominent, which affects the further development of the application thereof.
The SDH optical fiber communication network is complex, the related data amount is huge, the realization process of the current user safety identity authentication system is complex, and the current user safety identity authentication system is easy to be interfered by the external environment, so that the identity authentication result is unreliable, and the efficiency is low. Therefore, how to perform secure authentication on the identity of the SDH optical fiber communication network user becomes an urgent problem to be solved.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an SDH optical fiber communication network user identity authentication system to solve the technical problem of how to perform security authentication on the identity of an SDH optical fiber communication network user.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an SDH optical fiber communication network user identity authentication system comprises: the system comprises a cloud authentication server casofias running with optical fiber user identity authentication system server software, and a computer terminal PCTi (i ═ 1,2, …, n) running with optical fiber user identity authentication system client software and used for accessing an optical fiber communication user OFCUi (i ═ 1,2, …, n) into an SDH optical fiber communication network;
the computer terminal PCTi and the cloud authentication server CASofuias are in communication connection with each other;
the identity authentication method of the optical fiber user identity authentication system service end to the optical fiber communication user OFCUi on the computer terminal PCTi is as follows:
step one, an optical fiber communication user OFCUi performs user registration on an optical fiber user identity authentication system server through an optical fiber user identity authentication system user side on a computer terminal PCTi, which is specifically as follows:
selecting prime number a on a system by an optical fiber communication user OFCUi on a computer terminal PCTi1,a2Calculating A ═ a1*a2Is selected to be less than a1B, then a key k is selected, and g-k is calculated2modA, then disclosing A, g and b to an optical fiber user identity authentication system;
step two, when the optical fiber communication user OFCUi on the computer terminal PCTi sends a network access request to the management server in the SDH optical fiber communication network, the service end of the optical fiber user identity authentication system authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, which is specifically as follows:
step1 light on computer terminal PCTiThe optical fiber communication user OFCUi firstly selects a random number c and then calculates d ═ bc*cmodA, then sending d to the fiber user identity authentication system;
step2, the fiber user identity authentication system randomly selects e to be 0 or 1, and sends the e to the fiber communication user OFCUi on the computer terminal PCTi;
step3, after the optical fiber communication user OFCUi on the computer terminal PCTi receives e, it starts to calculate f ═ ckemodA, sending f to the fiber user identity authentication system;
step4, fiber user identity authentication system verification equation df=dgWhether modA holds;
step6, if the above equation is true, the service end of the fiber user identity authentication system passes the identity authentication of the fiber communication user OFCUi on the computer terminal PCTi.
Further, Step5 is included between Step4 and Step 6;
and Step5 is to repeatedly execute the steps from Step1 to Step4 t times (t is more than or equal to 3).
Further, the service end of the optical fiber user identity authentication system on the cloud authentication server casofuis performs data interaction with the user end of the optical fiber communication user OFCUi running on the computer terminal PCTi to authenticate the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, and only if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi passes the authentication of the service end of the optical fiber user identity authentication system, the optical fiber communication user OFCUi is allowed to access the SDH optical fiber communication network through the computer terminal PCTi.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
when an optical fiber communication user OFCUi on a computer terminal PCTi sends a network access request to a management server in the SDH optical fiber communication network, an optical fiber user identity authentication system service end running on a cloud authentication server CASOfuias carries out data interaction with an optical fiber communication user OFCUi user end running on the computer terminal PCTi to authenticate the identity of the optical fiber communication user OFCUi on the computer terminal PCTi;
the identity authentication protocol is safe because the identity authentication of the service end of the optical fiber user identity authentication system to the optical fiber communication user OFCUi on the computer terminal PCTi is zero knowledge.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An SDH optical fiber communication network user identity authentication system comprises: a cloud authentication server casofuis running with optical fiber user identity authentication system server software and deployed at a remote cloud end, and a computer terminal PCTi (i ═ 1,2, …, n) running with optical fiber user identity authentication system client software and used for accessing an optical fiber communication user OFCUi (i ═ 1,2, …, n) into an SDH optical fiber communication network;
the optical fiber communication user OFCUi on the computer terminal PCTi is in communication connection with the optical fiber user identity authentication system server running in the cloud authentication server CASofuias through the optical fiber user identity authentication system user side;
in order to confirm the identity of the optical fiber communication user OFCUi at the computer terminal PCTi (i is 1,2, …, n) accessing the SDH optical fiber communication network and prevent unauthorized users from illegally accessing the SDH optical fiber communication network, when the optical fiber communication user OFCUi at the computer terminal PCTi sends a network access request to a management server in the SDH optical fiber communication network, the optical fiber user identity authentication system service end operating on the cloud authentication server casofuis performs data interaction with the optical fiber communication user OFCUi user end operating on the computer terminal PCTi to authenticate the identity of the optical fiber communication user OFCUi at the computer terminal PCTi;
if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi passes the authentication of the service end of the optical fiber user identity authentication system, allowing the optical fiber communication user OFCUi to access the SDH optical fiber communication network through the computer terminal PCTi;
if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi does not pass the authentication of the service end of the optical fiber user identity authentication system, the optical fiber communication user OFCUi is refused to access the SDH optical fiber communication network through the computer terminal PCTi;
the identity authentication method of the optical fiber user identity authentication system service end to the optical fiber communication user OFCUi on the computer terminal PCTi is as follows:
step one, an optical fiber communication user OFCUi performs user registration on an optical fiber user identity authentication system server through an optical fiber user identity authentication system user side on a computer terminal PCTi, which is specifically as follows:
selecting prime number a on a system by an optical fiber communication user OFCUi on a computer terminal PCTi1,a2Calculating A ═ a1*a2Is selected to be less than a1B, then a key k is selected, and g-k is calculated2modA, then disclosing A, g and b to an optical fiber user identity authentication system;
step two, when the optical fiber communication user OFCUi on the computer terminal PCTi sends a network access request to the management server in the SDH optical fiber communication network, the service end of the optical fiber user identity authentication system authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, which is specifically as follows:
step1, the optical fiber communication user OFCUi on the computer terminal PCTi first selects a random number c, then calculates d ═ bc*cmodA, then sending d to the fiber user identity authentication system;
step2, the fiber user identity authentication system randomly selects e to be 0 or 1, and sends the e to the fiber communication user OFCUi on the computer terminal PCTi;
step3, after the optical fiber communication user OFCUi on the computer terminal PCTi receives e, it starts to calculate f ═ ckemodA, sending f to the fiber user identity authentication system;
step4, fiber user identity authentication system verification equation df=dgWhether modA holds;
step5, repeating the steps from Step1 to Step4 for a total of t (t is more than or equal to 3) times;
step6, if the above equation is established, it is proved that the optical fiber communication user OFCUi on the computer terminal PCTi knows the key k, and the service end of the optical fiber user identity authentication system passes the identity authentication of the optical fiber communication user OFCUi on the computer terminal PCTi;
if the equation is not satisfied, the optical fiber communication user OFCUi on the computer terminal PCTi is proved not to know the key k, and the authentication process is terminated;
after the above-mentioned authentication protocol is executed, the optical fiber user authentication system only knows that the optical fiber communication user OFCUi on the computer terminal PCTi is a legitimate user, but cannot know any information about the key k, so the authentication protocol is zero-knowledge.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (3)
1. An SDH optical fiber communication network user identity authentication system, comprising: the cloud authentication server CASofuias runs with optical fiber user identity authentication system server software, and the computer terminal PCTi runs with optical fiber user identity authentication system client software and is used for accessing an optical fiber communication user OFCUi into an SDH optical fiber communication network;
the computer terminal PCTi and the cloud authentication server CASofuias are in communication connection with each other;
the identity authentication method of the optical fiber user identity authentication system service end to the optical fiber communication user OFCUi on the computer terminal PCTi is as follows:
step one, an optical fiber communication user OFCUi performs user registration on an optical fiber user identity authentication system server through an optical fiber user identity authentication system user side on a computer terminal PCTi, which is specifically as follows:
selecting prime number a on a system by an optical fiber communication user OFCUi on a computer terminal PCTi1,a2Calculating A ═ a1*a2Is selected to be less than a1B, then a key k is selected, and g-k is calculated2modA, then disclosing A, g and b to an optical fiber user identity authentication system;
step two, the service end of the optical fiber user identity authentication system authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, which is specifically as follows:
step1, the optical fiber communication user OFCUi on the computer terminal PCTi first selects a random number c, then calculates d ═ bc* cmodA, then sending d to the fiber user identity authentication system;
step2, the fiber user identity authentication system randomly selects e to be 0 or 1, and sends the e to the fiber communication user OFCUi on the computer terminal PCTi;
step3, after the optical fiber communication user OFCUi on the computer terminal PCTi receives e, it starts to calculate f ═ ckemodA, sending f to the fiber user identity authentication system;
step4, fiber user identity authentication system verification equation df=dgWhether modA holds;
step5, if the above equation is true, the service end of the fiber user identity authentication system passes the identity authentication of the fiber communication user OFCUi on the computer terminal PCTi.
2. The SDH optical fiber communication network user identity authentication system of claim 1, further comprising the following steps between Step4 and Step 5:
the steps from Step1 to Step4 are repeated t (t ≧ 3) times.
3. The SDH optical fiber communication network user identity authentication system according to claim 2, wherein the optical fiber user identity authentication system service end authenticates the identity of the optical fiber communication user OFCUi on the computer terminal PCTi, and the optical fiber communication user OFCUi is allowed to access the SDH optical fiber communication network through the computer terminal PCTi only if the identity of the optical fiber communication user OFCUi on the computer terminal PCTi passes the authentication of the optical fiber user identity authentication system service end.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110066269.XA CN112822024A (en) | 2021-01-19 | 2021-01-19 | SDH optical fiber communication network user identity authentication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110066269.XA CN112822024A (en) | 2021-01-19 | 2021-01-19 | SDH optical fiber communication network user identity authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112822024A true CN112822024A (en) | 2021-05-18 |
Family
ID=75870019
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110066269.XA Withdrawn CN112822024A (en) | 2021-01-19 | 2021-01-19 | SDH optical fiber communication network user identity authentication system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112822024A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031365A (en) * | 2020-01-13 | 2020-04-17 | 祖晓宏 | User authentication system suitable for cloud broadcast television network |
CN111901118A (en) * | 2020-06-10 | 2020-11-06 | 陈瑞安 | Port enterprise security authentication system based on mobile internet |
CN112035809A (en) * | 2020-08-13 | 2020-12-04 | 刘乾春 | Unified access authorization platform based on education cloud |
-
2021
- 2021-01-19 CN CN202110066269.XA patent/CN112822024A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031365A (en) * | 2020-01-13 | 2020-04-17 | 祖晓宏 | User authentication system suitable for cloud broadcast television network |
CN111901118A (en) * | 2020-06-10 | 2020-11-06 | 陈瑞安 | Port enterprise security authentication system based on mobile internet |
CN112035809A (en) * | 2020-08-13 | 2020-12-04 | 刘乾春 | Unified access authorization platform based on education cloud |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101951603B (en) | Access control method and system for wireless local area network | |
CN102201915B (en) | Terminal authentication method and device based on single sign-on | |
CN102438044B (en) | Digital content trusted usage control method based on cloud computing | |
KR20160127167A (en) | Multi-factor certificate authority | |
CN112492602B (en) | 5G terminal safety access device, system and equipment | |
CN112491829B (en) | MEC platform identity authentication method and device based on 5G core network and blockchain | |
CN108881309A (en) | Access method, device, electronic equipment and the readable storage medium storing program for executing of big data platform | |
CN113079396B (en) | Service management and control method and device, terminal equipment and storage medium | |
CN112436940A (en) | Internet of things equipment trusted boot management method based on zero-knowledge proof | |
CN109818943A (en) | A kind of authentication method suitable for low orbit satellite Internet of Things | |
CN111935067A (en) | Enterprise user identity authentication system based on cloud computing technology | |
CN115842680A (en) | Network identity authentication management method and system | |
CN111741468A (en) | MEC-based AMF (advanced metering library) and identity authentication method, construction method and device thereof | |
CN110247905A (en) | The data backup memory method and system of secure authentication mode based on Token | |
CN113259350A (en) | Cryptographic user authorization and authentication system based on key generation algorithm | |
CN111641651B (en) | Access verification method and device based on Hash chain | |
CN112865974A (en) | Safety protection system based on edge computing access equipment | |
CN102316119B (en) | Security control method and equipment | |
CN112822024A (en) | SDH optical fiber communication network user identity authentication system | |
EP3123758B1 (en) | User equipment proximity requests authentication | |
CN113068188A (en) | External user identity authentication system based on wireless sensor node | |
CN114615309A (en) | Client access control method, device and system, electronic equipment and storage medium | |
CN111654471A (en) | Remote user authentication system based on distributed server architecture | |
CN104519073A (en) | AAA multi-factor security-enhanced authentication method | |
CN116506221B (en) | Industrial switch admission control method, device, computer equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20210518 |