CN113742710A - Bidirectional authentication system - Google Patents
Bidirectional authentication system Download PDFInfo
- Publication number
- CN113742710A CN113742710A CN202111073224.1A CN202111073224A CN113742710A CN 113742710 A CN113742710 A CN 113742710A CN 202111073224 A CN202111073224 A CN 202111073224A CN 113742710 A CN113742710 A CN 113742710A
- Authority
- CN
- China
- Prior art keywords
- server
- response
- information
- certificate
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 33
- 230000004044 response Effects 0.000 claims abstract description 135
- 238000012795 verification Methods 0.000 claims description 33
- 238000010586 diagram Methods 0.000 description 11
- 238000000034 method Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
Abstract
Embodiments of the present disclosure disclose a mutual authentication system. One embodiment of the system comprises: the system comprises a front end and a server end; the front end is used for sending first request information to the server; the server is used for responding to the received first request information, generating first response information according to the first request information and returning the first response information to the front end; the front end is also used for responding to the received first response information, generating second request information according to the first response information and sending the second request information to the server; the server is also used for responding to the received second request information, generating second response information according to the second request information and returning the second response information to the front end; and the front end is also used for receiving the second response information and verifying whether the second response information is legal or not. The implementation mode improves the efficiency of bidirectional authentication by carrying the digital certificate in the authentication message.
Description
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a bidirectional authentication system.
Background
The mutual authentication is a process that when the front-end equipment or the user terminal is registered to the video monitoring security management platform, the two parties mutually confirm the legal identity of the other party. In the mutual authentication process, in order to verify the digital signature information sent by the other party, a digital certificate of the other party needs to be obtained. At present, when acquiring a digital certificate of a counterpart, a method is generally adopted: the digital certificate of the authentication party is inquired on line in a CA system through LDAP (Lightweight Directory Access Protocol) or the digital certificate of the other party is imported in advance before the authentication.
However, when the digital certificate of the counterpart is acquired in the above manner, there are often technical problems as follows:
firstly, when a digital certificate is acquired through LDAP, both sides needing to be authenticated are connected to a CA LDAP server, and if the digital certificate cannot be connected to the CA LDAP server, bidirectional authentication cannot be performed;
secondly, by means of pre-importing the digital certificate, especially the server, a large amount of memory is occupied along with the increase of the imported digital certificate, and resource consumption is increased.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Some embodiments of the present disclosure propose a mutual authentication system to solve one or more of the technical problems mentioned in the background section above.
Some embodiments of the present disclosure provide a mutual authentication system, the system comprising: a front end and a server end; the front end is used for sending first request information to the server; the server is configured to generate first response information according to the first request information in response to receiving the first request information, and return the first response information to the front end; the front end is further configured to generate second request information according to the first response information in response to receiving the first response information, and send the second request information to the server; the server is further configured to generate second response information according to the second request information in response to receiving the second request information, and return the second response information to the front end; the front end is further configured to receive the second response message and verify whether the second response message is legal.
The above embodiments of the present disclosure have the following beneficial effects: with the bidirectional authentication system of some embodiments of the present disclosure, both authentication parties can complete bidirectional authentication by acquiring a digital certificate transmitted by the other party in the case where they cannot connect to a CA LDAP server. Specifically, the reason why the two parties of authentication cannot complete the bidirectional authentication if they cannot connect to the CA LDAP server is that: the digital certificates of the front end and the server are pre-stored in the CA LDAP server, and the subsequent front end and the server need to be connected to the CA LDAP server to acquire the digital certificate of the other side. Based on this, in the bidirectional authentication system according to some embodiments of the present disclosure, first, the front end sends first request information to the server. Then, the server generates first response information according to the first request information in response to receiving the first request information, and returns the first response information to the front end. Therefore, the front end can start to perform bidirectional authentication with the server end according to the received first response information. Then, the front end responds to the received first response message, generates second request message according to the first response message, and sends the second request message to the server. Therefore, the front end can send the second request information to the server according to the received first response information, so as to perform the authentication of the server on the front end in the bidirectional authentication. And then, the server responds to the received second request message, generates a second response message according to the second request message, and returns the second response message to the front end. Therefore, the server can send the second response information to the front end according to the received second request information, so as to perform the authentication of the front end to the server in the bidirectional authentication. Finally, the front end receives the second response message and verifies whether the second response message is legal. Therefore, the front end can complete the authentication of the front end to the server end in the bidirectional authentication according to the received second response information, and the bidirectional authentication is completed. And the bidirectional authentication between the front end and the server side under the condition that the connection to the CA LDAP server cannot be realized is realized by sending the digital certificate of the front end to the other side in the authentication process.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and elements are not necessarily drawn to scale.
Fig. 1 is a system architecture diagram of a mutual authentication system of some embodiments of the present disclosure;
fig. 2 is a timing diagram of some embodiments of a mutual authentication system according to the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a system architecture 100 of a mutual authentication system of some embodiments of the present disclosure.
As shown in fig. 1, system architecture 100 may include a front end 101, a network 102, and a server 103. Network 102 serves as a medium for providing communication links between head end 101 and server 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few. The front end 101 may be a front end device (e.g., a webcam), a user terminal (e.g., a video monitoring client), or a video monitoring subordinate platform (e.g., a video monitoring security management platform sub-platform). The front end 101 may receive the response information sent by the server 103 and perform corresponding processing on the response information. The server 103 may be a server that provides various services. The server 103 may receive the request information sent by the front end 101 and perform corresponding processing on the request information.
It should be understood that the number of front ends, servers, and networks in fig. 1 is merely illustrative. There may be any number of front ends, servers, and networks, as desired for an implementation.
With continued reference to fig. 2, a timing diagram 200 of some embodiments of a mutual authentication system according to the present disclosure is shown. The mutual authentication system comprises a front end and a server, wherein the front end and the server are used for executing the following steps:
step 201, sending first request information to a server.
In some embodiments, the front end (e.g., the front end 101 shown in fig. 1) may send the first request message to the server via a wired connection or a wireless connection (e.g., the network 102 shown in fig. 1). The first request message is a registration request message sent by the front end to the server in the mutual authentication process. It should be noted that the wireless connection means may include, but is not limited to, a 3G/4G connection, a WiFi connection, a bluetooth connection, a WiMAX connection, a ZigBee connection, a uwb (ultra wideband) connection, and other wireless connection means now known or developed in the future.
Step 202, in response to receiving the first request message, generating a first response message according to the first request message, and returning the first response message to the front end.
In some embodiments, the server (e.g., the server 103 shown in fig. 1) may generate a first response message according to the first request message in response to receiving the first request message, and return the first response message to the front end. The first response message is a response message sent by the server to the front end after receiving the first request message.
Therefore, the front end can start to perform bidirectional authentication with the server end according to the received first response information.
Step 203, responding to the received first response information, generating second request information according to the first response information, and sending the second request information to the server.
In some embodiments, after receiving the first response message, the front end may generate a second request message according to the first response message, and send the second request message to the server. The second request message is a front-end identity authentication message sent to the server by the front end after receiving the first response message.
Therefore, the front end can send the second request information to the server according to the received first response information, so as to perform the authentication of the server on the front end in the bidirectional authentication.
Optionally, before sending the first request message to the server, the front end may perform the following steps:
first, a front-end private key and a front-end public key are generated.
And secondly, acquiring a front-end digital certificate based on the front-end public key. Wherein, the front-end digital certificate includes the front-end public key.
Therefore, the front-end private key and the front-end digital certificate can provide data support for the front-end to generate the second request message.
Optionally, before sending the first request message to the server, the front end may perform the following steps:
and acquiring the certificate of at least one first electronic Certificate Authority (CA) to obtain a first CA certificate set.
Optionally, before sending the first request message to the server, the front end may perform the following steps:
and regularly acquiring the certificate revocation list of each first CA certificate in the first CA certificate set to obtain a first certificate revocation list set.
Therefore, the acquired first CA certificate set and the first certificate revocation list set can provide verification support for the validity of the digital certificate at the front-end verification server.
In some optional implementation manners of some embodiments, the generating, by the front end, the second request information according to the first response information in response to receiving the first response information may include:
the first step, in response to receiving the first response message, generating request authentication information according to the first response message.
The method for generating the request authentication information may refer to steps in the standard of GB35114 "technical requirement for information security of video surveillance networking for public security", which is not described herein again.
And secondly, signing the request authentication information by using the front-end private key to obtain signature request authentication information.
And thirdly, determining the signature request authentication information and the front-end digital certificate as second request information.
Therefore, the front end can generate request authentication information according to the first response information, encapsulate the request authentication information and the front end digital certificate into second request information and send the second request information to the server, so as to authenticate the front end by the server.
Step 204, in response to receiving the second request message, generating a second response message according to the second request message, and returning the second response message to the front end.
In some embodiments, after receiving the second request message, the server may generate a second response message according to the second request message, and return the second response message to the front end. The second response message is the server identity authentication message sent by the server to the front end after receiving the second request message.
Therefore, the server side can send second response information to the front end according to the received second request information, so that the front end authenticates the server side in the bidirectional authentication.
Optionally, the server may perform the following steps:
first, a server private key and a server public key are generated.
And secondly, acquiring a server digital certificate based on the server public key. Wherein, the server digital certificate includes the server public key.
Therefore, the server private key and the server digital certificate can provide data support for the server to generate the second response information.
Optionally, the server may perform the following steps:
and acquiring the certificate of at least one second CA to obtain a second CA certificate set.
Optionally, the server may perform the following steps:
and regularly acquiring the certificate revocation list of each second CA certificate in the second CA certificate set to obtain a second certificate revocation list set.
Therefore, the acquired second CA certificate set and the second certificate revocation list set can provide verification support for the server to verify the validity of the front-end digital certificate.
In some optional implementation manners of some embodiments, the generating, by the server, second response information according to the second request information in response to receiving the second request information may include:
and a first step of verifying whether the front-end digital certificate included in the second request information is legal or not by using the second CA certificate set and the second certificate revocation list set in response to receiving the second request information, so as to obtain a first verification result.
After receiving the second request message, the server may verify, by using the second CA certificate set, whether the front-end digital certificate included in the second request message is a digital certificate issued by a second CA certificate in the second CA certificate set and may verify, by using the current system time, whether the front-end digital certificate included in the second request message is expired, and may verify, by using the second certificate revocation list set, whether the front-end digital certificate is on a second certificate revocation list in the second certificate revocation list set, to obtain a first verification result.
And secondly, in response to the fact that the first verification result represents that the verification is legal, verifying whether signature request authentication information included in the second request information is legal or not by using a front-end public key in a front-end digital certificate included in the second request information to obtain a second verification result.
The server may determine, by using the second CA certificate set, that the front-end digital certificate included in the second request information is a digital certificate issued by a second CA certificate in the second CA certificate set, and determine, by using the current system time, that the front-end digital certificate included in the second request information is not expired, and determine, by using the second certificate revocation list set, that the front-end digital certificate is not on a second certificate revocation list in the second certificate revocation list set, that the first verification result represents that verification is legal.
And thirdly, responding to the second verification result which is determined to represent that the verification is legal, and generating response authentication information according to the second request information.
The method for generating the response authentication information may refer to the steps in the standard of GB35114 "technical requirement for information security of video surveillance networking for public security", which is not described herein again.
And fourthly, signing the response authentication information by using a server private key to obtain signature response authentication information.
And fifthly, determining the signature response authentication information and the server digital certificate as second response information.
Therefore, the server can complete the authentication of the server to the front end in the bidirectional authentication according to the received second request information, and then the server sends second response information to the front end to perform the authentication of the front end to the server.
Step 205, receiving the second response message, and verifying whether the second response message is legal.
In some embodiments, the front end may receive the second response message and verify whether the second response message is legal. Therefore, the front end can complete the authentication of the front end to the server end in the bidirectional authentication according to the received second response information, and the bidirectional authentication is completed.
In some optional implementation manners of some embodiments, the front end receives the second response message, and verifies whether the second response message is legal, and may perform the following steps:
and a first step of verifying whether the server-side digital certificate included in the second response message is legal by using the first CA certificate set and the first certificate revocation list set in response to receiving the second response message, and obtaining a third verification result.
After receiving the second response message, the front end may verify, by using the first CA certificate set, whether the server-side digital certificate included in the second response message is a digital certificate issued by a first CA certificate in the first CA certificate set, and may verify, by using the current system time, whether the server-side digital certificate included in the second response message is expired, and may verify, by using the first certificate revocation list set, whether the server-side digital certificate is on a first certificate revocation list in the first certificate revocation list set, to obtain a third verification result.
And secondly, in response to the third verification result representing that the verification is legal, verifying whether the signature response authentication information included in the second response information is legal or not by using the server public key in the server digital certificate included in the second response information to obtain a fourth verification result.
The front end may determine, by using the first CA certificate set, that the server-side digital certificate included in the second response information is a digital certificate issued by a certain first CA certificate in the first CA certificate set, and determine, by using the current system time, that the server-side digital certificate included in the second response information is not expired, and determine, by using the first certificate revocation list set, that the server-side digital certificate is not on a certain first certificate revocation list in the first certificate revocation list set, and determine that the third verification result represents verification validity.
And thirdly, in response to the fact that the fourth verification result represents that the verification is legal, determining that the bidirectional authentication is successful.
The above embodiments of the present disclosure have the following beneficial effects: with the bidirectional authentication system of some embodiments of the present disclosure, both authentication parties can complete bidirectional authentication by acquiring a digital certificate transmitted by the other party in the case where they cannot connect to a CA LDAP server. Specifically, the reason why the two parties of authentication cannot complete the bidirectional authentication if they cannot connect to the CA LDAP server is that: the digital certificates of the front end and the server are pre-stored in the CA LDAP server, and the subsequent front end and the server need to be connected to the CA LDAP server to acquire the digital certificate of the other side. Based on this, in the bidirectional authentication system according to some embodiments of the present disclosure, first, the front end sends first request information to the server. Then, the server generates first response information according to the first request information in response to receiving the first request information, and returns the first response information to the front end. Therefore, the front end can start to perform bidirectional authentication with the server end according to the received first response information. Then, the front end responds to the received first response message, generates second request message according to the first response message, and sends the second request message to the server. Therefore, the front end can send the second request information to the server according to the received first response information, so as to perform the authentication of the server on the front end in the bidirectional authentication. And then, the server responds to the received second request message, generates a second response message according to the second request message, and returns the second response message to the front end. Therefore, the server can send the second response information to the front end according to the received second request information, so as to perform the authentication of the front end to the server in the bidirectional authentication. Finally, the front end receives the second response message and verifies whether the second response message is legal. Therefore, the front end can complete the authentication of the front end to the server end in the bidirectional authentication according to the received second response information, and the bidirectional authentication is completed. And the bidirectional authentication between the front end and the server side under the condition that the connection to the CA LDAP server cannot be realized is realized by sending the digital certificate of the front end to the other side in the authentication process.
In some embodiments, the front-end, the server-side may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The timing diagram and system architecture diagram in the drawings illustrate an architecture that a system may implement according to various embodiments of the present disclosure. In this regard, each block in the timing diagrams or system architecture diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the system architecture diagram and/or timing diagram, and combinations of blocks in the system architecture diagram and/or timing diagram, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.
Claims (10)
1. A mutual authentication system comprising a front end and a server, wherein:
the front end is used for sending first request information to the server;
the server is used for responding to the received first request information, generating first response information according to the first request information, and returning the first response information to the front end;
the front end is further used for responding to the received first response information, generating second request information according to the first response information, and sending the second request information to the server;
the server is further configured to generate second response information according to the second request information in response to receiving the second request information, and return the second response information to the front end;
the front end is further configured to receive the second response message and verify whether the second response message is legal.
2. The system of claim 1, wherein the front end is further to:
and acquiring the certificate of at least one first electronic Certificate Authority (CA) to obtain a first CA certificate set.
3. The system of claim 2, wherein the front end is further to:
and regularly acquiring a certificate revocation list of each first CA certificate in the first CA certificate set to obtain a first certificate revocation list set.
4. The system of claim 3, wherein the server is further configured to:
and acquiring the certificate of at least one second CA to obtain a second CA certificate set.
5. The system of claim 4, wherein the server is further configured to:
and regularly acquiring a certificate revocation list of each second CA certificate in the second CA certificate set to obtain a second certificate revocation list set.
6. The system of claim 5, wherein the front end is further to:
generating a front-end private key and a front-end public key;
and acquiring a front-end digital certificate based on the front-end public key, wherein the front-end digital certificate comprises the front-end public key.
7. The system of claim 6, wherein the front end is further to:
in response to receiving the first response information, generating request authentication information according to the first response information;
signing the request authentication information by using the front-end private key to obtain signature request authentication information;
and determining the signature request authentication information and the front-end digital certificate as second request information.
8. The system of claim 7, wherein the server is further configured to:
generating a server private key and a server public key;
and acquiring a server digital certificate based on the server public key, wherein the server digital certificate comprises the server public key.
9. The system of claim 8, wherein the server is further configured to:
in response to receiving the second request message, verifying whether the front-end digital certificate included in the second request message is legal by using the second CA certificate set and the second certificate revocation list set to obtain a first verification result;
in response to the fact that the first verification result represents that the verification is legal, verifying whether signature request authentication information included in the second request information is legal or not by using a front-end public key in a front-end digital certificate included in the second request information to obtain a second verification result;
responding to the second verification result representation and verification validity, and generating response authentication information according to the second request information;
signing the response authentication information by using the server private key to obtain signature response authentication information;
and determining the signature response authentication information and the server-side digital certificate as second response information.
10. The system of claim 9, wherein the front end is further to:
in response to receiving the second response message, verifying whether the server-side digital certificate included in the second response message is legal by using the first CA certificate set and the first certificate revocation list set, and obtaining a third verification result;
in response to determining that the third verification result represents that the verification is legal, verifying whether signature response authentication information included in the second response information is legal or not by using a server public key in a server digital certificate included in the second response information to obtain a fourth verification result;
and determining that the bidirectional authentication is successful in response to determining that the fourth verification result represents that the verification is legal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111073224.1A CN113742710A (en) | 2021-09-14 | 2021-09-14 | Bidirectional authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111073224.1A CN113742710A (en) | 2021-09-14 | 2021-09-14 | Bidirectional authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113742710A true CN113742710A (en) | 2021-12-03 |
Family
ID=78738592
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111073224.1A Pending CN113742710A (en) | 2021-09-14 | 2021-09-14 | Bidirectional authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113742710A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
| CN108696536A (en) * | 2018-07-03 | 2018-10-23 | 北京科东电力控制系统有限责任公司 | A kind of safety certifying method |
| CN110380852A (en) * | 2019-07-22 | 2019-10-25 | 中国联合网络通信集团有限公司 | Mutual authentication method and communication system |
| CN111698204A (en) * | 2020-04-28 | 2020-09-22 | 视联动力信息技术股份有限公司 | Bidirectional identity authentication method and device |
| CN112953970A (en) * | 2021-04-01 | 2021-06-11 | 国民认证科技(北京)有限公司 | Identity authentication method and identity authentication system |
-
2021
- 2021-09-14 CN CN202111073224.1A patent/CN113742710A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
| CN108696536A (en) * | 2018-07-03 | 2018-10-23 | 北京科东电力控制系统有限责任公司 | A kind of safety certifying method |
| CN110380852A (en) * | 2019-07-22 | 2019-10-25 | 中国联合网络通信集团有限公司 | Mutual authentication method and communication system |
| CN111698204A (en) * | 2020-04-28 | 2020-09-22 | 视联动力信息技术股份有限公司 | Bidirectional identity authentication method and device |
| CN112953970A (en) * | 2021-04-01 | 2021-06-11 | 国民认证科技(北京)有限公司 | Identity authentication method and identity authentication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102065141B (en) | Method and system for realizing single sign-on of cross-application and browser | |
| US8272038B2 (en) | Method and apparatus for secure authorization | |
| CN101478396B (en) | Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof | |
| CN101569217B (en) | Method and arrangement for integration of different authentication infrastructures | |
| EP2214429B1 (en) | Entity bi-directional identificator method and system based on trustable third party | |
| US7865173B2 (en) | Method and arrangement for authentication procedures in a communication network | |
| CN105025041A (en) | File upload method, file upload apparatus and system | |
| CN112398798B (en) | Network telephone processing method, device and terminal | |
| CN112261022A (en) | Security authentication method based on API gateway | |
| EP1610528A2 (en) | System and method of asserting identities in a telecommunications network | |
| CN105075219A (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
| CN104247485A (en) | Network application function authorisation in a generic bootstrapping architecture | |
| CN114390524B (en) | Method and device for realizing one-key login service | |
| CN112087412B (en) | Service access processing method and device based on unique token | |
| CN114158046B (en) | Method and device for realizing one-key login service | |
| CN113742710A (en) | Bidirectional authentication system | |
| CN116170144A (en) | Smart power grid anonymous authentication method, electronic equipment and storage medium | |
| CN104604188A (en) | Direct electronic mail | |
| CN101442415A (en) | Charging method and system for P2P network and network node | |
| CN113169953A (en) | Method and apparatus for authenticating a device or user | |
| CN114158047B (en) | Method and device for realizing one-key login service | |
| CN117395652B (en) | Bidirectional identity authentication method and system for communication at two ends of wireless network | |
| CN116094834A (en) | Method, device, equipment and storage medium for verifying client equipment | |
| KR100845235B1 (en) | ENUM system and user authentication method | |
| CN117556401A (en) | Electronic signature method and device based on third party platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |