CN115225323A - Public certificate-based password-free authentication method - Google Patents
Public certificate-based password-free authentication method Download PDFInfo
- Publication number
- CN115225323A CN115225323A CN202210675293.8A CN202210675293A CN115225323A CN 115225323 A CN115225323 A CN 115225323A CN 202210675293 A CN202210675293 A CN 202210675293A CN 115225323 A CN115225323 A CN 115225323A
- Authority
- CN
- China
- Prior art keywords
- authentication
- security terminal
- password
- unified
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims description 3
- 238000005336 cracking Methods 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000033772 system development Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a password-free authentication method based on a public certificate, which comprises the following steps: s1: constructing a password-free authentication system, wherein the password-free authentication system consists of a uniform security terminal, an authentication agent, a zero trust gateway, a uniform authentication service platform and system background services; s2: the user registers through the unified security terminal, the authentication agent sends an authentication request to the unified security terminal, and the unified security terminal performs entity authentication according to user selection. The invention is based on public key algorithm, and utilizes public cipher certificate mechanism to realize the non-encryption of user identity authentication, because the non-encryption eliminates the potential safety hazard of the account related to the cipher, and at the same time, the invention is not afraid of the violent cracking means of the cipher in any form, and supports the non-invasive upgrade and reconstruction of the existing system by providing a unified authentication service platform.
Description
Technical Field
The invention relates to the technical field of password-free authentication, in particular to a password-free authentication method based on a public certificate.
Background
The existing system generally adopts a private key technology-based account and password pairing mode to perform user identity authentication, and has several problems: for a system user, the password is simple and easy to leak, the password is complex and easy to lose, and whether the password is leaked or not cannot be known; for system developers, the non-functional safety requirements such as whether password storage is safe, whether password transmission is safe, whether passwords record logs in a plaintext mode and the like are met, and the system development difficulty and workload are increased; for system operation and maintenance personnel, the frequent occurrence of security events caused by password leakage or password loss is tired of coping with various passwords and security problems caused by passwords provided by system users, and based on the situation, a password-free authentication method based on a public certificate is provided.
Disclosure of Invention
Based on the technical problems in the background art, the invention provides a password-free authentication method based on a public certificate.
The invention provides a password-free authentication method based on a public certificate, which comprises the following steps:
s1: constructing a password-free authentication system, wherein the password-free authentication system consists of a uniform security terminal, an authentication agent, a zero trust gateway, a uniform authentication service platform and system background services;
s2: the user registers through the unified security terminal, the authentication agent sends an authentication request to the unified security terminal, and the unified security terminal performs entity authentication according to user selection;
s3: after the entity authentication is completed by the unified security terminal in the S2, the unified security terminal starts a public key algorithm and dynamically generates a public key certificate;
s4: the unified security terminal sends the public key certificate dynamically generated in the step S3 to the authentication agent;
s5: the authentication agent forwards the public key certificate dynamically generated in the step 3 to the zero trust gateway;
s6: the zero-trust gateway registers the public key certificate in S5 to the unified authentication service platform;
s7: s6, after the public key certificate is registered, the unified authentication service platform issues a system access token to the zero trust gateway;
s8, the zero trust gateway issues an access token to the authentication proxy forwarding system;
s9: the user can log in through the uniform security terminal and then can access the background service of the existing system after the user is successfully registered;
s10: the authentication agent forwards the access request to the zero trust gateway;
s11, the zero trust gateway verifies whether the access token is legal and valid, if the token is invalid, further access is refused, and if the token passes the verification, the zero trust gateway forwards a service request to a system background service;
s12: the user access is successful.
Preferably, in S2, the entity authentication method of the unified security terminal includes fingerprint authentication, iris authentication, portrait authentication and mobile phone authentication, and the entity authentication method of the unified security terminal further supports plug-in authentication.
Preferably, in S2, the entity authentication mode supports predefinition.
Preferably, in S3, the unified security terminal further detects its own unique identification, secure generation, storage, invocation of the public certificate, and a secure environment.
Preferably, in S1, the password-less authentication system is a password-less system that uses a public password certificate mechanism to implement user identity authentication based on a public key algorithm.
Preferably, in S1, the unified security terminal, the authentication proxy, the zero trust gateway, the unified authentication service platform, and the system background service are independent from each other.
Compared with the prior art, the invention is based on the public key algorithm, utilizes the public password certificate mechanism, realizes the password-free user identity authentication, eliminates the password-related account potential safety hazard due to the password-free password, is not afraid of the password brute-force cracking means in any form, and supports the non-invasive upgrading and reconstruction of the prior system by providing the unified authentication service platform.
Drawings
Fig. 1 is a connection diagram of a public certificate-based password-less authentication method according to the present invention.
Detailed Description
The present invention will be further illustrated with reference to the following specific examples.
Examples
Referring to fig. 1, this embodiment proposes a public certificate-based password-less authentication method, which includes the following steps:
s1: the method comprises the following steps of constructing a password-free authentication system, wherein the password-free authentication system is a password-free system which is based on a public key algorithm and utilizes a public password certificate mechanism to realize user identity authentication, the password-free authentication system consists of a uniform security terminal, an authentication proxy, a zero trust gateway, a uniform authentication service platform and system background services, and the uniform security terminal, the authentication proxy, the zero trust gateway, the uniform authentication service platform and the system background services are mutually independent;
s2: the user registers through the unified security terminal, the authentication agent sends an authentication request to the unified security terminal, and the unified security terminal performs entity authentication according to user selection, wherein an entity authentication mode supports predefinition, the entity authentication mode of the unified security terminal comprises fingerprint authentication, iris authentication, portrait authentication and mobile phone authentication, and the entity authentication mode of the unified security terminal also supports plug-in type authentication;
s3: after the entity authentication is completed by the unified security terminal in the S2, the unified security terminal starts a public key algorithm and dynamically generates a public key certificate;
s4: the unified security terminal sends the public key certificate dynamically generated in the step S3 to the authentication agent;
s5: the authentication agent forwards the public key certificate dynamically generated in the S3 to the zero trust gateway;
s6: the zero trust gateway registers the public key certificate in S5 to the unified authentication service platform;
s7: after the registration of the public key certificate in the S6 is completed, the unified authentication service platform issues a system access token to the zero trust gateway;
s8, the zero trust gateway issues an access token to the authentication proxy forwarding system;
s9: the user can log in through the uniform security terminal and then can access background services of the existing system after the user is successfully registered;
s10: the authentication agent forwards the access request to the zero trust gateway;
s11, the zero trust gateway verifies whether the access token is legal and valid, if the token is invalid, further access is refused, and if the token passes the verification, the zero trust gateway forwards a service request to a system background service;
s12: the user access is successful.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (6)
1. A password-free authentication method based on public certificates is characterized by comprising the following steps:
s1: constructing a password-free authentication system, wherein the password-free authentication system consists of a uniform security terminal, an authentication agent, a zero trust gateway, a uniform authentication service platform and system background services;
s2: the user registers through the unified security terminal, the authentication agent sends an authentication request to the unified security terminal, and the unified security terminal performs entity authentication according to user selection;
s3: after the entity authentication is completed by the unified security terminal in the S2, the unified security terminal starts a public key algorithm and dynamically generates a public key certificate;
s4: the unified security terminal sends the public key certificate dynamically generated in the step S3 to the authentication agent;
s5: the authentication agent forwards the public key certificate dynamically generated in the step 3 to the zero trust gateway;
s6: the zero-trust gateway registers the public key certificate in S5 to the unified authentication service platform;
s7: after the registration of the public key certificate in the S6 is completed, the unified authentication service platform issues a system access token to the zero trust gateway;
s8, the zero trust gateway issues an access token to the authentication proxy forwarding system;
s9: the user can log in through the uniform security terminal and then can access the background service of the existing system after the user is successfully registered;
s10: the authentication agent forwards the access request to the zero trust gateway;
s11, the zero trust gateway verifies whether the access token is legal and valid, if the token is invalid, further access is refused, and if the token passes the verification, the zero trust gateway forwards a service request to a system background service;
s12: the user access is successful.
2. The public certificate-based password-free authentication method according to claim 1, wherein in S2, the entity authentication mode of the unified security terminal includes fingerprint authentication, iris authentication, portrait authentication and mobile phone authentication, and the entity authentication mode of the unified security terminal further supports plug-in type authentication.
3. A public certificate-based password-less authentication method according to claim 1, wherein in S2, the entity authentication mode supports predefinition.
4. The public certificate-based password-free authentication method according to claim 1, wherein in S3, the unified security terminal further detects its unique identification, secure generation, storage, invocation of the public certificate, and the secure environment.
5. The public certificate-based password-less authentication method according to claim 1, wherein in S1, the password-less authentication system is a password-less system that uses a public certificate mechanism to authenticate the identity of the user based on a public key algorithm.
6. The public certificate-based password-free authentication method according to claim 1, wherein in S1, the unified security terminal, the authentication agent, the zero trust gateway, the unified authentication service platform and the system background service are independent from each other.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210675293.8A CN115225323A (en) | 2022-06-15 | 2022-06-15 | Public certificate-based password-free authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210675293.8A CN115225323A (en) | 2022-06-15 | 2022-06-15 | Public certificate-based password-free authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115225323A true CN115225323A (en) | 2022-10-21 |
Family
ID=83607466
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210675293.8A Pending CN115225323A (en) | 2022-06-15 | 2022-06-15 | Public certificate-based password-free authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225323A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483513A (en) * | 2009-02-09 | 2009-07-15 | 上海爱数软件有限公司 | Network backup system, data backup and recovery method |
| US20140075524A1 (en) * | 2012-09-11 | 2014-03-13 | Authenticade Llc | System and method to establish and use credentials for a common lightweight identity through digital certificates |
| US20150304847A1 (en) * | 2014-04-17 | 2015-10-22 | Guang Gong | Password-less Authentication System, Method and Device |
| CN107395622A (en) * | 2017-08-18 | 2017-11-24 | 四川长虹电器股份有限公司 | Method without cipher safety authentication |
| CN107508837A (en) * | 2017-09-28 | 2017-12-22 | 山东浪潮通软信息科技有限公司 | A kind of cross-platform heterogeneous system login method based on intelligent code key certification |
| CN108512862A (en) * | 2018-05-30 | 2018-09-07 | 博潮科技(北京)有限公司 | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques |
| CN108830587A (en) * | 2018-04-28 | 2018-11-16 | 广东工业大学 | A kind of NFC method of mobile payment based on no certificate signature |
| US20200327219A1 (en) * | 2019-04-11 | 2020-10-15 | Herbert Bolimovsky | Passwordless authentication |
-
2022
- 2022-06-15 CN CN202210675293.8A patent/CN115225323A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101483513A (en) * | 2009-02-09 | 2009-07-15 | 上海爱数软件有限公司 | Network backup system, data backup and recovery method |
| US20140075524A1 (en) * | 2012-09-11 | 2014-03-13 | Authenticade Llc | System and method to establish and use credentials for a common lightweight identity through digital certificates |
| US20150304847A1 (en) * | 2014-04-17 | 2015-10-22 | Guang Gong | Password-less Authentication System, Method and Device |
| CN107395622A (en) * | 2017-08-18 | 2017-11-24 | 四川长虹电器股份有限公司 | Method without cipher safety authentication |
| CN107508837A (en) * | 2017-09-28 | 2017-12-22 | 山东浪潮通软信息科技有限公司 | A kind of cross-platform heterogeneous system login method based on intelligent code key certification |
| CN108830587A (en) * | 2018-04-28 | 2018-11-16 | 广东工业大学 | A kind of NFC method of mobile payment based on no certificate signature |
| CN108512862A (en) * | 2018-05-30 | 2018-09-07 | 博潮科技(北京)有限公司 | Internet-of-things terminal safety certification control platform based on no certificates identified authentication techniques |
| US20200327219A1 (en) * | 2019-04-11 | 2020-10-15 | Herbert Bolimovsky | Passwordless authentication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9722984B2 (en) | Proximity-based authentication | |
| RU2414086C2 (en) | Application authentication | |
| CN110061842B (en) | Out-of-band remote authentication | |
| EP1254547B1 (en) | Single sign-on process | |
| CA2744971C (en) | Secure transaction authentication | |
| JP5744915B2 (en) | Trusted federated identity management and data access authorization method and apparatus | |
| CN103597799B (en) | service access authentication method and system | |
| US8769289B1 (en) | Authentication of a user accessing a protected resource using multi-channel protocol | |
| US20100058064A1 (en) | Login authentication using a trusted device | |
| CN111600869B (en) | Verification code authentication method and system based on biological characteristics | |
| JP2018504789A (en) | Payment authentication system, method and apparatus | |
| CN110278084B (en) | eID establishing method, related device and system | |
| WO2017076216A1 (en) | Server, mobile terminal, and internet real name authentication system and method | |
| JP2015053674A (en) | Method for safely accessing network from personal device, personal device, network server, and access point | |
| WO2020020008A1 (en) | Authentication method and authentication system | |
| CN108604990A (en) | The application method and device of local authorized certificate in terminal | |
| CN108040044A (en) | A kind of management method and system for realizing eSIM card security authentications | |
| CN112020716A (en) | Remote biometric identification | |
| KR20180087543A (en) | Key management method and fido authenticator software authenticator | |
| TW202207667A (en) | Authentication and validation procedure for improved security in communications systems | |
| CN102404112A (en) | Access authentication method for credible terminal | |
| CN107070918B (en) | A kind of network application login method and system | |
| CN104753886B (en) | It is a kind of to the locking method of remote user, unlocking method and device | |
| CN105873059A (en) | Joint identity authentication method and system for power distribution communication wireless private network | |
| CN110891067B (en) | Revocable multi-server privacy protection authentication method and revocable multi-server privacy protection authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |