CN114598463A - Data authentication system - Google Patents
Data authentication system Download PDFInfo
- Publication number
- CN114598463A CN114598463A CN202210222923.6A CN202210222923A CN114598463A CN 114598463 A CN114598463 A CN 114598463A CN 202210222923 A CN202210222923 A CN 202210222923A CN 114598463 A CN114598463 A CN 114598463A
- Authority
- CN
- China
- Prior art keywords
- authentication
- node
- application server
- user
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 claims abstract description 48
- 238000000034 method Methods 0.000 description 11
- 238000007726 management method Methods 0.000 description 10
- 230000008569 process Effects 0.000 description 6
- 238000002955 isolation Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000001174 ascending effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000008570 general process Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Abstract
The invention discloses a data authentication system, which comprises an authentication and authorization server, an application server, a user client, an authentication center and a digital certificate bank, wherein: the application service is used for providing application service for the user client; the authentication and authorization server, the application server, the authentication center and the digital certificate library are used for providing authorization and authentication for the application service request of the user client; the authentication and authorization server is used for authenticating and authorizing the user identity, and the invention can greatly improve the network security.
Description
The application is a divisional application of an invention patent application with the application number of ' 201911162942.9 ', the application date of ' 2019, 11 and 25 months and the invention name of ' a user, service and data authentication system '.
Technical Field
The invention relates to the field of information encryption communication, in particular to a user, service and data authentication system.
Background
The coming of the 5G era lays a necessary network foundation for unmanned driving of motor vehicles. Because the motor vehicle has the characteristic of high dynamic change, the information transmission of motor vehicle nodes is unstable under the condition of intermittent and weak connection of the motor vehicle nodes in the environment of suburbs, remote mountainous areas and the like, the nodes on the motor vehicle are in different ad hoc networks which dynamically change anytime and anywhere, and the management of how to safely and stably realize multi-node integrated authorization becomes an important problem in addition to possible malicious attack behaviors on the network, and once authorization has errors, inestimable loss is caused.
Therefore, the invention provides a user, service and data authentication system which can greatly improve the network security and effectively avoid malicious attacks.
Disclosure of Invention
In order to realize the purpose of the invention, the following technical scheme is adopted for realizing the purpose:
a user, service and data authentication system comprises an authentication and authorization server, an application server, a user client, an authentication center and a digital certificate bank, wherein: the application service is used for providing the application service for the user client; the authentication and authorization server, the application server, the authentication center and the digital certificate bank are used for providing authorization and authentication for the application service request of the user client.
The authentication system described, wherein: for a user client and an application server which need to access an authentication and authorization server, an identity authentication request needs to be sent to an authentication center, after the authentication center completes the identity authentication of the user client and the application server, the private key of the authentication center is used for signing user information and a public key thereof, application server information and a public key thereof, a user client digital certificate is generated for the user client, an application server digital certificate is generated for the application server, and the user client digital certificate and the application server digital certificate are stored in a digital certificate library.
The authentication system of, wherein: when a user client needs to access an application server, an authentication and authorization server needs to be sent to acquire a service permission bill, then the user client generates a disposable authentication identifier, the user client encrypts a service request, the service permission bill and the authentication identifier through a private key of the user client to obtain a user request message and sends the user request message to the application server, after receiving the user client request message, the application server sends a digital certificate of the user client to a digital certificate library to acquire the digital certificate of the user client, the encrypted user request message is decrypted by using the digital certificate, if the user request message is successfully decrypted, the application server sends the data needing to be returned to the authentication and authorization server according to the service permission bill and the authentication identifier in the user request message for authentication, if the authentication and authorization server authenticates the data of the user client, the application server sends the data needing to be returned to the user client through the private key of the application server, and after receiving the information, the user client acquires the digital certificate of the application server from the digital certificate library, decrypts the encrypted message by using the digital certificate, and receives the decrypted message if the message is successfully decrypted.
The authentication system of, wherein: the authentication and authorization server is used for authenticating and authorizing the user identity: the user client sends an authentication request to an authentication and authorization server, the authentication and authorization server verifies the validity of the user identity through identity information input by a user, then generates an authorization bill according to the user authority and sends the authorization bill to the user client; and after receiving the authorization bill, the user client generates an authentication identifier and transmits the authentication identifier and the authorization bill to the application server.
The authentication system described, wherein: the application server provides specific application service, and also needs to verify the validity of the user client through the digital certificate bank, namely, the application server receives the service permission ticket and the authentication identifier and then authenticates the authentication authorization server, if the data of the user client is legal, the application server encrypts the data to be returned by using a private key of the application server and sends the data to the user client.
The authentication system described, wherein: the authentication center is used for generating a digital certificate by using a private key of the authentication center to sign a public key and basic information of a service needing authentication.
The authentication system described, wherein: the digital certificate library is used for storing digital certificates of various users and services.
The authentication system described, wherein: at least one of the authorization server, the application server, the authentication center and the digital certificate library is formed by a multi-node mobile information service network, the multi-node mobile information service network comprises a version control server, and latest data copy version information and a node waiting queue transmitted in the current network are recorded in the version control server.
The authentication system described, wherein: when a node A in the multi-node mobile information service network is updated, the node A requests a version control server to acquire a latest copy version number; after receiving the request information of the node A, the version control server stores the request into a node waiting queue, updates the current data copy version number of the data copy version information in the version control server at the same time, and sends the updated data copy version number to the node A of the request; and the node A receives the new data copy version number replied by the version control server, generates the updating information U according to the copy version number, and sends the updating information U to a father node B and a child node of the node A in the tree structure.
The authentication system described, wherein: and the node B updates according to the received update information U, then updates the copy version number, changes the data source node in the update information U into the node B, and sends the changed update information U to the rest child nodes of the node B and the father node of the node B.
The authentication system described, wherein: when the node C and the node D are updated simultaneously in the updating process and the two nodes simultaneously request the version control server to acquire a new copy version number, the version control server stores the new copy version number into a waiting queue according to the arrangement of the updating request and returns the new copy version number in sequence; after other nodes receive the update message of a certain node, the received copy version number is checked firstly, and if the copy version number is smaller than or equal to the copy version number stored in the other nodes, the update message is discarded; if the former is only 1 larger than the latter, the update message can be directly processed; if the difference between the former and the latter is greater than 1, it is necessary to wait for receiving other update messages between the two version numbers to be updated in sequence until the latter turns.
The authentication system described, wherein: the data stored in at least one of the authorization server, the application server, the authentication center and the digital certificate library are protected by a data access control method facing a multi-node system, and the data access control method comprises data unit isolation, data unit key encryption and data unit access control.
The authentication system described, wherein: data cell isolation proceeds as follows: in the construction of a data pool, each node is assigned a software-emulated I/O device, i.e., a virtual I/O device, all nodes share a memory and a cache for a virtual physical I/O device, in secure I/O management, an I/O access request of each node is sent to an I/O bus via the respective virtual I/O device, a virtual I/O controller determines a current I/O operation according to a protocol and data in the memory, and accesses an actual I/O device via the virtual I/O bus.
The authentication system described, wherein: the data unit key encryption comprises management, generation and distribution of keys, and adopts a two-stage key structure, namely, the data unit key encrypts and decrypts the data unit, and the master key encrypts and decrypts the data unit key.
The authentication system described, wherein: the data unit access control comprises data unit access authority application, data unit access authority verification and data unit access authority control, wherein the data unit access authority application is responsible for processing access application of nodes to data resources and comprises a data resource application range and an application reason; the data unit access authority is checked according to the data unit access application submitted by the node, and the data unit access application submitted by the node is checked and approved; and the data unit access authority control determines the access range of the data unit according to the auditing result of the data unit access authority, and performs authority control on the data unit access request.
Drawings
FIG. 1 is a schematic diagram of a user, service and data authentication system;
FIG. 2 is a diagram of version consistency management.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings.
As shown in fig. 1, the user, service and data authentication system includes an authentication and authorization server, an application server, a user client, an authentication center, and a digital certificate repository. The data interaction process of each component is as follows: for a user client and an application server which need to access an authentication and authorization server, an identity authentication request needs to be sent to an authentication Center (CA) first. After the authentication center completes the identity authentication of the user side and the application server side, the private key of the authentication center is used for signing the user information and the public key thereof, the application server information and the public key thereof, a user side digital certificate is generated for the user side, an application server digital certificate is generated for the application server, and the digital certificate is stored in a digital certificate library. When a user end needs to access an application server, an authentication and authorization server needs to be firstly removed to obtain a service permission bill, then the user end generates a one-time authentication identifier, the user end encrypts a service request, the service permission bill and the authentication identifier through a private key of the user end to obtain a user request message and sends the user request message to the application server, after the application server receives the user client request message, a digital certificate library is removed to obtain a digital certificate of the user client, the encrypted user request message is decrypted by using the digital certificate, if the user request message is successfully decrypted, the message sent by the user client is reliable, the application server can respond to the request of the client end, namely, the authentication and authorization server performs authentication according to the service permission bill and the authentication identifier in the user request message, if the data of the user end is authenticated by the authentication and authorization server, the application server sends the data to be returned to the user terminal by encrypting the data with the private key of the application server. And after receiving the information, the user side goes to the digital certificate library to obtain the digital certificate of the application server, the encrypted message is decrypted by using the digital certificate, and if the message is successfully decrypted, the message sent by the server side is reliable and can be accepted.
1) The authentication and authorization server is used for authenticating and authorizing the identity of the user. The user client sends an authentication request to the authentication and authorization server, the authentication and authorization server verifies the validity of the user identity through identity information input by a user, then generates an authorization bill according to the user authority, and sends the authorization bill to the user client. After receiving the authorization bill, the user client generates an authentication identifier, transmits the authentication identifier and the authorization bill to the application server, the application server sends a verification request containing the authentication identifier and the authorization bill to the authentication server, the authentication server judges the legality of the authentication identifier and the authorization bill, if the authentication identifier and the authorization bill are legal, the application server transmits information of the legal request to the application server, and the application server encrypts the data to be returned by using a private key of the application server and sends the data to the user client; otherwise, transmitting information of requesting illegal to the application server, and refusing to provide related data to the user terminal by the application server. To this end, the user client may access a particular service. Since one authentication mark automatically fails after being authenticated once, the entity can be protected from repeated attacks. Because the authentication identification is generated by the user client, even if the other user clients eavesdrop the authorization bill in the network transmission process, the other user clients still cannot finish the authentication to the application server because of no effective authentication identification, and the risk caused by the eavesdropping of the authorization bill is reduced. The invention adopts the asymmetric encryption algorithm to encrypt the data transmitted during communication, thereby preventing malicious instruction attack on the network
2) An application server refers to a server that provides a specific service. The application server provides specific application services, and also needs to verify the validity of the user client through the digital certificate bank, that is, the application server receives the service permission ticket and the authentication identifier and then authenticates the service by the authentication authorization server. If the data of the user side is legal, the application server encrypts the data needing to be returned by using a private key of the application server and sends the data to the user side. The method enhances the privacy of communication between the user client and the application server.
3) A user client refers to a specific user terminal through which a user accesses a specific application service. The user client side sends the service request to the application server by the proxy user, and also decrypts the service side message through the digital certificate of the service side, so that the message received by the user is ensured to be from the service side.
4) The authentication center is used for authenticating the validity of each service public key. As access services in a network increase, if each service needs to record the certificate of the corresponding service, the certificate that the service needs to record will grow exponentially. Secondly, if there is no certification authority in the public key transmission process, the validity of the public key can not be guaranteed. Therefore, the authentication center is added, the authentication center uses a private key of the authentication center to sign the public key and the basic information of the service to be authenticated to generate a digital certificate, and the application needing to access the service can verify the validity of the public key of the application server through the digital certificate. For example, after a user client sends a data request to an application server, the application server verifies the validity of the user client, encrypts data required by the user client with a private key of the application server, and returns the information to the user client. After the user client verifies the validity of the public key of the application server, the public key of the application server is used for decrypting the message of the application server, and if the message can be decrypted normally, the message is legal. .
5) The digital certificate library stores digital certificates of various users and services. The digital certificate is generated by the certificate authority CA. The authentication model combines the Kerberos protocol with the PKI public key infrastructure, with digital certificates as credentials for the user's identity. Meanwhile, the users of the enterprises and public institutions uniformly adopt a certificate issued by a certification center CA to provide an authoritative user resource information base.
As shown in fig. 2, the cross-node multiple data version consistency management method provides a cross-node multiple data version consistency service. The authorization server, the application server, the authentication center and the digital certificate library in the authentication system in fig. 1 may be in the form of a multi-node mobile information service network, and therefore management of consistency of multiple data versions across nodes is required.
In the cross-node multi-data version consistency management mechanism, each node in the multi-node mobile information service network forms a tree structure, as shown in fig. 2, the multi-node mobile information service network includes a version control server, the version control server records the latest data copy version information transmitted in the current network and a node waiting queue, and each corresponding node has a version update queue.
The general process of the cross-node multi-data version consistency management mechanism is as follows:
the node A is subjected to updating operation, and simultaneously the node A requests the version control server to obtain the latest copy version number.
After receiving the request information of the node A, the version control server stores the request into a node waiting queue, updates the current data copy version number of the data copy version information in the version control server, and sends the updated data copy version number to the requested node A.
And the node A receives the new data copy version number replied by the version control server, generates updating information U (comprising a previous copy version number, a new copy version number, updating content and a data source node) according to the copy version number, and sends the updating information U to a father node B and a child node of the node A in the tree structure.
And the node B updates according to the received updating information U, then updates the copy version number, and then changes the data source node in the updating information U into the node B. And sends the changed update information U to the remaining child nodes of the node B and the parent node of the node B.
And the rest nodes of the tree network carry out similar updating processes until all the nodes in the network meet the requirement of consistent version.
When a plurality of nodes, such as a node C and a node D, are updated simultaneously in the updating process, and the two nodes simultaneously request the version control server to acquire new copy version numbers, the version control server stores the new copy version numbers into a waiting queue according to the arrangement of the updating requests and returns the new copy version numbers in sequence. After the node C and the node D obtain the new copy version numbers, the node C and the node D respectively generate update information U2, and then the node C and the node D execute update operations according to the obtained copy version numbers in the ascending order from the small to the big, and simultaneous update is not allowed. When the copy version number of the node C is smaller than that of the node D, other nodes can process the update of the node D only after processing the update message of the node C, namely after receiving the update message of a certain node, other nodes firstly check the copy version number, and if the copy version number is smaller than or equal to the copy version number stored in other nodes, the update message is discarded; if the former is only 1 larger than the latter, the update message can be directly processed; if the difference between the former and the latter is greater than 1, it is necessary to wait for receiving further update messages between the two version numbers to be updated in sequence until the latter turns. During the waiting process, other nodes can temporarily store the update message of the node D in the node waiting queue.
The authorization server, the application server, the authentication center, and the digital certificate repository in the authentication system in fig. 1 all store data, and data access control methods for a multi-node system are required to be adopted to protect the data, including data unit isolation, data unit key encryption, and data unit access control.
1) Data cell isolation
In the construction of the data pool, each node is allocated with a software-simulated I/O device in a virtualized manner, i.e., a virtual I/O device, which is used for scheduling I/O resources among different nodes, including resource multiplexing, resource division and resource scheduling. At this point, all nodes share memory and cache for the virtual physical I/O devices. In the secure I/O management, an I/O access request of each node is sent to an I/O bus through respective virtual I/O devices, a virtual I/O controller determines the current I/O operation according to a protocol and data in a memory, the actual I/O device is accessed through the virtual I/O bus, and the I/O operations of the nodes are isolated by customizing a special virtual I/O device for each node. From the aspect of I/O operation, the failure of a single node does not affect the whole I/O system.
2) Data unit key encryption
In the data pool environment, the security of the data unit is ensured through secret key encryption, including soft encryption and hard encryption. The data unit realizes fusion storage encryption based on soft encryption, and is encrypted in a software mode through a security key, so that the deployment and the use are more flexible.
The data unit key encryption comprises management, generation and distribution of keys, a two-stage key structure is adopted, the data unit key encrypts and decrypts the data unit, and the master key encrypts and decrypts the data unit key.
Each independent data unit in the data pool has a randomly generated key, and even if one key is cracked, only one data unit can be decrypted, and other data units are not influenced at all.
3) Data unit access control
The access control provides a right control mechanism for the data unit sharing service, and sets corresponding access right according to the attributes of the data unit, such as source, content, security level and the like. The data unit access control comprises data unit access authority application, data unit access authority verification, data unit access authority control and the like. The data unit access authority application is responsible for processing the access application of the node to the data resource, including the range of the data resource application, the reason of the application and the like; the data unit access authority is checked and approved according to the data unit access application submitted by the node; and the data unit access authority control determines the access range of the data unit according to the auditing result of the data unit access authority, and performs authority control on the data unit access request.
The execution flow of the access strategy is as follows: firstly, collecting the relevant information (such as node label, data unit label and access operation type) of the access operation of the node, then judging the access authority of the node to the requested data unit, and finally implementing the access control strategy.
The data pool manager may control data cell sharing and isolation between multiple containers on a single physical node.
By the method and the system, the password does not need to be transmitted for authentication between the user client and the authentication server, so that the safety is improved; the user client does not have a plaintext storage password, so that the attack difficulty is increased; any piece of information of the user side and the client side is subjected to double encryption, so that the safety level of communication is greatly increased; the developer of the application service does not need to care about the encryption details and can easily access the system; the authentication information of the user and the client is time-efficient, and the authentication information is not valid after expiration.
Claims (4)
1. A data authentication system comprises an authentication and authorization server, an application server, a user client, an authentication center and a digital certificate bank, and is characterized in that: the application service is used for providing application service for the user client; the authentication and authorization server, the application server, the authentication center and the digital certificate library are used for providing authorization and authentication for the application service request of the user client; the authentication and authorization server is used for authenticating and authorizing the identity of the user.
2. The authentication system according to claim 1, wherein: for a user client and an application server which need to be accessed to an authentication and authorization server, an identity authentication request needs to be sent to an authentication center, after the authentication center completes the identity authentication of the user client and the application server, the private key of the authentication center is used for signing user information and a public key thereof, application server information and a public key thereof, a user client digital certificate is generated for the user client, an application server digital certificate is generated for the application server, and the user client digital certificate and the application server digital certificate are stored in a digital certificate library.
3. The authentication system according to claim 1, wherein: the authentication center is used for generating digital certificates.
4. The authentication system according to claim 1, wherein: the digital certificate library is used for storing digital certificates.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210222923.6A CN114598463A (en) | 2019-11-25 | 2019-11-25 | Data authentication system |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210222923.6A CN114598463A (en) | 2019-11-25 | 2019-11-25 | Data authentication system |
| CN201911162942.9A CN111131160B (en) | 2019-11-25 | 2019-11-25 | User, service and data authentication system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911162942.9A Division CN111131160B (en) | 2019-11-25 | 2019-11-25 | User, service and data authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114598463A true CN114598463A (en) | 2022-06-07 |
Family
ID=70496488
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210222923.6A Pending CN114598463A (en) | 2019-11-25 | 2019-11-25 | Data authentication system |
| CN201911162942.9A Active CN111131160B (en) | 2019-11-25 | 2019-11-25 | User, service and data authentication system |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911162942.9A Active CN111131160B (en) | 2019-11-25 | 2019-11-25 | User, service and data authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN114598463A (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003865A (en) * | 2021-10-29 | 2022-02-01 | 支付宝(杭州)信息技术有限公司 | Data management and control method and system of zero-trust security container |
| CN114844686B (en) * | 2022-04-14 | 2023-05-26 | 重庆长安汽车股份有限公司 | Authorization system and authorization method based on local area network service bus |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
| CN105577665A (en) * | 2015-12-24 | 2016-05-11 | 西安电子科技大学 | Identity and access control and management system and method in cloud environment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20030035025A (en) * | 2001-10-29 | 2003-05-09 | 쓰리알소프트(주) | System for providing identification service using official certificate based on Public Key Infrastructure and method thereof |
| CN106713276B (en) * | 2016-11-25 | 2019-08-02 | 国信优易数据有限公司 | A kind of data capture method and its system based on authorization identifying |
-
2019
- 2019-11-25 CN CN202210222923.6A patent/CN114598463A/en active Pending
- 2019-11-25 CN CN201911162942.9A patent/CN111131160B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102970299A (en) * | 2012-11-27 | 2013-03-13 | 西安电子科技大学 | File safe protection system and method thereof |
| CN105577665A (en) * | 2015-12-24 | 2016-05-11 | 西安电子科技大学 | Identity and access control and management system and method in cloud environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111131160A (en) | 2020-05-08 |
| CN111131160B (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4226665B2 (en) | Logon certificate | |
| US8332920B2 (en) | Token-based client to server authentication of a secondary communication channel by way of primary authenticated communication channels | |
| US8856530B2 (en) | Data storage incorporating cryptographically enhanced data protection | |
| US8788811B2 (en) | Server-side key generation for non-token clients | |
| US5687235A (en) | Certificate revocation performance optimization | |
| US6192130B1 (en) | Information security subscriber trust authority transfer system with private key history transfer | |
| US9137017B2 (en) | Key recovery mechanism | |
| US20110296171A1 (en) | Key recovery mechanism | |
| US20180324158A1 (en) | Assuring external accessibility for devices on a network | |
| US11909889B2 (en) | Secure digital signing | |
| JP2013026747A (en) | Information processor, server device, and program | |
| EP4096147A1 (en) | Secure enclave implementation of proxied cryptographic keys | |
| JPH05333775A (en) | User authentication system | |
| CN111131160B (en) | User, service and data authentication system | |
| KR20220006234A (en) | Method for creating decentralized identity able to manage user authority and system for managing user authority using the same | |
| CN115277168A (en) | Method, device and system for accessing server | |
| US20190305940A1 (en) | Group shareable credentials | |
| KR102472471B1 (en) | Blockchain-based access control method for the internet of thing device | |
| JP4499575B2 (en) | Network security method and network security system | |
| CN115622812A (en) | Digital identity verification method and system based on block chain intelligent contract | |
| CN111682941B (en) | Centralized identity management, distributed authentication and authorization method based on cryptography | |
| US20210111906A1 (en) | Pseudonym credential configuration method and apparatus | |
| JP2000261428A (en) | Authentication device in decentralized processing system | |
| Fugkeaw et al. | A robust single sign-on model based on multi-agent system and PKI | |
| JP2023163173A (en) | Secure reconstruction of private key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |