CN1791866A - Authentication for admitting parties into a network - Google Patents

Authentication for admitting parties into a network Download PDF

Info

Publication number
CN1791866A
CN1791866A CNA038267179A CN03826717A CN1791866A CN 1791866 A CN1791866 A CN 1791866A CN A038267179 A CNA038267179 A CN A038267179A CN 03826717 A CN03826717 A CN 03826717A CN 1791866 A CN1791866 A CN 1791866A
Authority
CN
China
Prior art keywords
value
remote site
network
code
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA038267179A
Other languages
Chinese (zh)
Inventor
萨钦·萨蒂什·莫迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thomson Licensing SAS
Original Assignee
Thomson Licensing SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing SAS filed Critical Thomson Licensing SAS
Publication of CN1791866A publication Critical patent/CN1791866A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A system and device for authenticating and admitting parties located at remote sites (115) to a secure communication network (100), wherein each remote site includes a device operable to execute code for determining a first authenticating value received from a second site (110), which is blinded with a value associated with the remote site (115), encrypting and transmitting the determined value and decrypting a second authenticating value and validating the transmitting site (110) when the unblinded first authenticating value is equivalent to the second authenticating value. Furthermore, the transmitting site (110) includes a devices operable to execute code for generating and transmitting a first authenticating value blinded by a value associated with a remote site (115), decrypting a value and validating the remote site when the authenticating value is equivalent to the decrypted received value.

Description

Be used to permit that each side enters the authentication of network
Technical field
The application relates to the secure network field, more specifically, relates to a kind of equipment, is used for authentication and permits each side to enter the secure network configuration.
Background technology
Because for example introducing of the public network of the Internet, many commercial activitys have changed its operational mode considerably.By using interactive dialogue pages, manufacturer and retailer allow its consumer to utilize conventional credit card directly to buy product.In this case, the security of credit card information is extremely important, so that prevent the stolen of its credit card information and swindle.Traditionally, come the transmission credit card information by the Secure Sockets Layer(SSL) that utilizes the well-known encryption algorithms of RSA and digital certificate for example that information is encrypted.As skilled in the art to understand, RSA is meant that its calculating according to big prime number produces public keys and private cipher key information by a kind of cryptographic algorithm of Rivest, Shamir and Adleman exploitation.In operation, each side produce public/private cipher key combination to and make public keys all available for all other sides.Then, first party can utilize other side's public keys that item of information is encrypted, and other can be decrypted item of information to utilize corresponding private cipher key.Similarly, one can be with by utilizing its private cipher key that item of information is encrypted the document of digitally signing, and have only the opposing party who has visited corresponding public keys to be decrypted enciphered message.Therefore, utilize public/privately owned cryptographic algorithm, can provide simultaneously and authorize each side to send or receive the safe class of item of information by network security ground transmission information item.
Video conference is the example that the wherein secure communication between the each side is even more important.In this case, each can be the public keys that is provided to be provided or to use its private cipher key that video conference is signed.Then, when each can enough participate in a conference, meeting began to carry out.Yet password may be compromised, cracks or decode, and the authentication of parties network can be doubted, and becomes a side who can be used for not being authorized to receive this information by the information of Network Transmission.The leakage of this information may cause important social and/or economic harm.
Therefore, need a kind of system and equipment that guarantees that each side authenticates, and permit that further the each side that obtains authenticating enters secure network.
Summary of the invention
A kind of system and equipment, be used to authenticate and permit that the each side that is positioned at remote site enters the secure communication network, wherein each remote site comprises that operation is used for the equipment of run time version, described code is used for determining the code of first authentication value that receives from second website, utilize the numerical value relevant to come hidden described first authentication value with described remote site, the determined value of encrypting and transmitting, decipher second authentication value, and when first authentication value of hidden when going (unblinded) was equal to second authentication value, checking sent website.In addition, send website and comprise that operation is used for the equipment of run time version, described code is used to produce and send by the first hidden authentication value of the numerical value relevant with remote site, and logarithm value is decrypted, and when authentication value is equal to deciphering reception numerical value, verify this remote site.
Description of drawings
Fig. 1 shows the block scheme that principle of the present invention is used for the system of authenticating transactions each side;
Fig. 2 shows first process flow diagram of handling that principle according to the present invention is used to authenticate each side;
Fig. 3 shows second process flow diagram of handling that principle according to the present invention is used to authenticate each side;
Fig. 4 shows principle according to the present invention and is used to permit that each side enters the process flow diagram of the processing of transaction;
Fig. 5 shows principle according to the present invention and is used to permit that each side enters second process flow diagram of handling of transaction;
Fig. 6 shows principle according to the present invention and is used to authenticate and set up interactive communication link between the each side, between server and the website; And
Fig. 7 shows the equipment of the processing that is used for execution graph 2 to Fig. 6.
Be appreciated that these accompanying drawings only are used to demonstrate notion of the present invention, not as the qualification of limitation of the present invention.Shown in Fig. 1-7 and hereinafter detailed described embodiment as the embodiment of demonstration, realize sole mode of the present invention and should not be envisioned for.Equally, used identical reference number (may be reference character as required) to identify similar assembly.
Embodiment
Fig. 1 shows the block scheme of system 100 in accordance with the principles of the present invention, needs the secure communications links between a plurality of available remote sites on the network.Shown in figure in, server 110 communicates by network 150 and remote site 115,120,125,130 and 135.In the prior art, for example to provide the agreement of two-way communication by network 150 be known to TCP/IP etc., need not here to go through.
Server 110 also comprises the information of each remote site of unique identification, for example numerical value, code or mark.That is, each remote site is registered to server 110.For example, can utilize that unique numerical value, code or mark identify, association or enrollment station 115, in this case, described unique numerical value, code or mark are called " sign No.1 ".In addition, can utilize for website 120 unique numerical value, code or marks identify, relevant or enrollment station 120.In this case, website 120 can be described as being labeled " sign No.2 " sign uniquely.Similarly, can utilize unique numerical value, code or mark to identify, be correlated with or enrollment station 135, it is expressed as " sign No.5 ".Similarly identify for remote site 125 and 130.
In a scheme of the present invention, each relevant ident value, code or mark can be the combination of optional numerical value or arabic numeral.In another program of the present invention, can select each relevant ident value, code or mark, so that it comprises known attribute, the prime number of for example known exponent number (order) or size.
Server 110 can produce and keep each unique value relevant with each remote site, and this information is provided to relevant remote site.In another program, can provide each unique value to server 110 by corresponding remote site.In another scheme of the present invention, only keep the knowledge of unique remote site code by server 110 and relevant remote site.In addition, server 110 comprises public keys/private key encryption algorithm, for example RSA.In a scheme, the public servicer public keys can be assigned to each remote site.In another scheme of the present invention, server 10 can produce and related public keys/private cipher key at each remote site.In this scheme, provide independently server public key to remote site.Can be according to periodicity time, random time, dynamically or when when remote site is registered to server 110, maybe when the meeting between the scheduling website, asking, public keys is assigned to each remote site.Preferably, when receiving connection request, provide public keys.
Fig. 2 shows the process flow diagram that principle according to the present invention remains on the exemplary process 200 on the server 110, is used to authenticate the each side that carries out Secure Transaction or communication.For the purpose of simplifying, at invitation person and meeting invitee novel solution of the present invention is described now.In this exemplary process 200, the request of secure communication is set up in response between inviter's (for example remote site 120 of Fig. 1) and invitee (for example remote site 130), and server 110 produces the random digit at each side at frame 205 places.At frame 210 places, utilize with website associated unique identification sign indicating number to the random digit that is produced encrypt, distortion or hidden, at frame 210 places.In a preferred embodiment of the invention, the random digit of utilizing following relation to come hideaway to produce:
R_exp1 XOR ID aWherein
R_exp2?XOR?ID b [1]
Wherein R_exp1 and R_exp2 are two random digits that produced;
ID aIt is unique value with first stop spot correlation connection;
ID bIt is unique value with first stop spot correlation connection; And
XOR is traditional boolean logic function.
Then, at frame 215 places, utilize the private cipher key relevant that two blinded value are encrypted with server 110.That is, 110 pairs of blinded value of server are encrypted or scrambling.As skilled in the art to understand, the processing of encrypting numerical value in such a way logarithm value block or scrambling: make numerical value unintelligible, unclear or can not grasped people's decipher of suitable decryption processing.At frame 220, as shown in Figure 1, encrypted blinded values is transmitted by network 150.At frame 225 places, the response that server 110 is waited for from remote site.At frame 230 places, when detecting response, utilize the private cipher key of server 110 to decipher the message that receives.
At frame 235 places, determine whether the reception value of having deciphered is equal to the random value that sends at frame 220 places.If answer is negated then to receive the response from unauthorized website.Then, processing can not be authorized to carry out according to remote site.
Yet, if answer is sure, has only when particular remote site institute's random number of producing and providing can be provided, promptly when R_exp1 or R_exp2, just confirm the identity of remote site.Then, at frame 240 places, utilize the private cipher key pair random number relevant of server 110 to encrypt, and, it is transmitted by network at frame 245 places with website.In frame 250 places, the response of encrypting messages to be transmitted such as server 110.
When receiving response,, obtain the tabulation of each cryptographic algorithm that can use at frame 260 places.At frame 265 places, the safety that server 110 is confirmed to set up between the each side connects and the selection cryptographic algorithm.Preferably, present cryptographic algorithm at each side's website place.In another scheme, each can be to provide the tabulation of available encryption algorithms, and server 110 can be from wherein selecting comparator algorithm.In another scheme, server 110 can provide suitable cryptographic algorithm to each side.
Fig. 3 shows the process flow diagram of exercisable processing 300 on remote site, is used to authenticate and set up the secure communications links between the each side.In this exemplary process, at frame 310 places, for example the remote site of website 130 receives the initial transmission from server 110.At frame 315 places, utilize the public keys of server 110 that message is decrypted.Then, at frame 320 places, utilize the unique identification sign indicating number relevant hidden decrypt of making a return journey with each remote site.In a preferred embodiment of the invention, shown in equation [1], can utilize the following principle hidden information of making a return journey:
{[a?XOR?b]XOR?b}=a [2]
Wherein a represents the random number that produced; And
B represents the remote site ident value.
As understood by those skilled in the art, the remote site that only has the knowledge of correlated identities value, code or mark can correctly be determined the random number that produced.
Then, at frame 325 places, utilize the public keys of server 110 to encrypt hidden random number, and transmit by network.At frame 335 places, remote site awaits is from the response of server 110.
When receiving response, utilize the public keys of server 110 to come decryption information.At frame 345 places, determine from the decrypted value of frame 340 whether with obtain at frame 320 places decipher, go hidden value identical.If answer is negated that because the authorisation process failure, processing finishes.
Yet, if answer is sure, provide the tabulation of the cryptographic algorithm that remote site can use to server 110 at frame 350 places, and the affirmation that provides authentication processing to finish at frame 355 places.
Fig. 4 shows the process flow diagram of exemplary process 400, is used for the permission side of being verified and enters the secure network configuration.In the processing shown in this, at square frame 410 places, server 110 receives the random number that produces from each remote site that can be verified, and, successfully finishes the processing shown in Fig. 2 and 3 that is.Produce random number arbitrarily.Preferably, between the random number that is produced, do not exist relevant.Although not shown, be appreciated that and receive random number according to the form of utilizing public-key encryption or scrambling, and before using subsequently, need utilize the deciphering of local key.
At square frame 415, the random number that server 110 utilizes each unique remote site identification number to come lobe-on-receive to arrive.In a scheme of the present invention, utilize following logical function to come hidden random number:
R_site1 XOR ID 2And
R_site2?XOR?ID 1 [3]
Wherein R_site1 is the random number that is produced by first website;
R_site2 is the random number that is produced by second website;
ID aIt is unique value with the first stop spot correlation;
ID bBe the unique value relevant with second website; And
XOR is traditional boolean logic function.
Then,, blinded value is transferred to corresponding remote site, so that each remote site receives the hidden random number of other remote site at frame 420 places.
In another preferred scheme of the present invention, utilize following logical function to come hidden random number:
R_site1?XOR?R_site2 [4]
Fig. 5 shows the process flow diagram of the exemplary process of carrying out at each remote site 500, is used for the permission side of being verified and enters the secure network configuration.In this exemplary process,, produce random number at frame 510 places.At frame 515 places, utilize the random number that public-key encryption produced of server 110, and, transmit by network at frame 520 places.At frame 525 places, remote site awaits is from the response of server 110.
When receiving response, the numerical value that goes lobe-on-receive to arrive.In the solution of the present invention, can use and the similar hidden numerical value of making a return journey of handling shown in the equation 2 by equation 3 expressions.In the solution of the present invention by equation 4 expression, can be according to the following equation hidden numerical value of making a return journey:
{[a?XOR?b]XOR?b} [5]
Wherein a represents the random number of a website; And
B represents the random number of another website.
Therefore, each remote site is grasped the random number that is produced by another remote site.At frame 535 places, utilize meet selected cryptographic algorithm, by the random number that each website produces, form encryption key.Although not shown, those skilled in the art will appreciate that and to utilize private cipher key to encrypt the blinded value that receives.Therefore, utilize the corresponding public keys that is provided to decipher the numerical value that receives.As further understood, can exchange the order of handling hidden and enciphered message, and can not influence scope of the present invention.
Fig. 6 shows the sequence 600 information transmission, according to time sequence between invitee's (being known as client computer 2) 620 of request one side (being known as client computer 1) 610 of meeting and server 615 and meeting.In the sequence of this demonstration, client computer 1 (610) sends request 630 to server 615, is used for the meeting with invitee 620.Server 615 sends encrypted blinded random value R_exp1 (that is E, respectively to client computer 1 (610) and client computer 2 (620) Kr(R_exp1 XORID1)) and R_exp2 (that is E, Kr(R_exp2 XOR ID2)).
Client computer 1 (610) and client computer 2 (620) send expression R_exp1 (that is E, to server 615 respectively Kr(R_exp1 XOR ID1)) and R_exp2 (that is E, Kr(R_exp2 XOR ID2)) secret value.Then, server 620 respectively to client computer 1 (610) and client computer 2 (620) send digital signature, encrypt random value R_exp1 and R_exp2, that is, and E Kr(R_exp1) and E Kr(R_exp2).
Then, after the value that successfully deciphering sends, client computer 1 (610) and client computer 2 (620) tabulations with cryptographic algorithm (that is cipher code set) send to server 615 and confirm.Then, server 615 provides the indication that the connection between the each side set up and selects password to guarantee communication security between the each side.
Then, in a scheme of the present invention, client computer 1 (610) and client computer 2 (620) can produce random value Rand1 and Rand2 respectively, and the encryption version of Rand1 and Rand2 is sent to server 615.Then, server 615 is with the blinded value E of digital signature Kr(Rand1 XORRand2) sends to client computer 1 (610) and client computer 2 (620).Then, client computer 1 (610) and client computer 2 (620) use the known combination of Rand1 and Rand2 to form the session key that is suitable for selected password.
Fig. 7 shows the system 700 that is used for being implemented in the principle of the present invention that the exemplary process shown in Fig. 1 and 2 describes.In this canonical system embodiment 700, by the input data of network 750 receptions from source 705, and according to handling described input data by one or more software programs of disposal system 710 execution.Processor 710 can be expressed as hand-held calculator, special use or generic processing system, desk-top computer, palmtop computer or PDA(Personal Digital Assistant) equipment etc., and the part or the combination of these and other equipment of operating shown in can execution graph 1-6.Then, by result, so that on display 780, reporting facility 790 and/or second disposal system 795, watch in network 770 transmission process systems 710.
Particularly, disposal system 710 comprises one or more input-output apparatus 740, be used for by network 750 receive from shown in the data of source device 705.Then, the data that receive are applied to processor 720, processor 720 communicates with input-output apparatus 740 and storer 730.Processor 720 can be CPU (central processing unit) (CPU) or dedicated hardware/software, and for example PAL, ASIC, FPGA can operate the combination that is used for computer instructions sign indicating number or code and logical operation.Input-output apparatus 740, processor 720 and storer 730 can communicate by communication media 725.Communication media 725 can be represented communication network, for example one or more inner connection of ISA, PCI, pcmcia bus, circuit, circuit card or other device, and the part of these and other communication media and combination.
In one embodiment, processor 720 can comprise the code of carrying out when the operation shown in carrying out here.This code can be included in the storer 730, from be represented as 783 storage medium (CD-ROM or floppy disk) for example read or download or utilize keyboard or keypad etc. manually input equipment 786 provide, maybe read from processor 720 addressable magnetic or light medium (not shown) when the needs.As shown in the figure, processor 720 can visit the item of information that is provided by input equipment 783,785 and/or magnetic medium by input-output apparatus 740.In addition, the data that received by input-output apparatus 740 can be conducted interviews immediately by processor 720 and maybe can be stored in the storer 730.The result who handles shown in processor 720 can also be incited somebody to action here by I/O equipment 740 is provided to display 780, recording unit 790 or second processing unit 795.
As skilled in the art to understand, term processor, disposal system, computing machine or computer system can be represented one or more processing units of communicating with one or more storage unit and miscellaneous equipment (for example peripherals), and described one or more miscellaneous equipments are electrically connected and communicate with at least one processing unit.In addition, shown equipment can be electrically connected with one or more processing units by following medium: internal bus (for example serial, parallel, isa bus, Micro Channel, pci bus, pcmcia bus, USB, wireless, infrared, radio frequency etc.) or circuit one or more inner is connected, part and the combination or the external network (for example the Internet and Intranet) of circuit card or miscellaneous equipment and these or other communication media.In other embodiments, hardware circuit can be used to replace software instruction or combination with it, to realize the present invention.For example, the assembly shown in here can also be embodied as the isolating hardware assembly and maybe can be integrated into individual unit.
As is understood, can utilize one or more different processors to come order or the operation shown in the execution graph 2-5 concurrently, to determine concrete numerical value.Processor system 710 can also carry out two-way communication with each source 705.Processor system 710 also connects reception by one or more networks and sends data from data in server or to server, for example by global calculation machine communication network, for example part or the combination of the Internet, Intranet, wide area network (WAN), Metropolitan Area Network (MAN) (MAN), Local Area Network, terrestrial broadcast systems, cable TV network, satellite network, wireless network or telephone network (POTS) and these and other type network.As is understood, network 750 and 770 can also be that internal network or circuit one or more inner is connected, circuit card or miscellaneous equipment, and the part of these and other network medium and combination, or the external network of the Internet and Intranet for example.
In a preferred embodiment of the invention, can from the group that comprises stream cipher encrypting or quick block encryption cryptographic algorithm, select selected cryptographic algorithm.As skilled in the art to understand, can determine selected special algorithm according to the overall performance and the network configuration of application program.In addition, the size of random value that is produced or the key that uses in cryptographic algorithm can depend on the estimated length of session.In another scheme of the present invention, can select the duration of encryption key according to the maximum number of the grouping that can send.For example,, can be set the encryption key duration of 10000 groupings, or 20000 groupings can be set for session in 2 hours for session in 1 hour.Therefore, after fixed amount time or fixed number of packets transmission, can stop encryption key and set up new key.
Although illustrate, illustrate and pointed out basic features of novelty of the present invention when being applied to the preferred embodiment of the present invention, be appreciated that, under the premise of without departing from the spirit of the present invention, those skilled in the art can carry out various omissions, replacement and change to the said equipment, disclosed apparatus-form and details and operation thereof.For example, although disclose the present invention, those skilled in the art will appreciate that the present invention can be used for the exchanges data between audio frequency and/or multimedia conferencing or the each side at video conference.Although the present invention has been described, it is contemplated that within the scope of the invention and consider to determine many group keys with respect to single group key.For example, in the multimedia exchange, a group key can be used for audio transmission, can produce second group key at video transmission.In addition, it will be understood by those of skill in the art that and to carry out hidden operation by function and/or the computing similar to described XOR computing.
Obviously, carry out identical function in fact, be intended to drop within scope of the present invention refers to according to identical in fact mode with all combinations of these assemblies of realizing identical result.Can wish and imagine replacement fully from a described embodiment to the assembly of another embodiment.

Claims (24)

1, a kind ofly be used to authenticate and permit that the each side that is positioned at remote site enters the system of secure communication network, wherein each remote site comprises the equipment that communicates with described network, and described system comprises:
Processor with storer communicates is used for run time version, and described code is used for:
Determine by first authentication value of described network, wherein utilize the numerical value relevant to come hidden described first value with described remote site from second website reception of described remote site;
Utilize the encryption key relevant to encrypt determined first authentication value with described second website of described remote site;
Send described encryption first authentication value by described network;
Deciphering wherein utilizes described encryption key to decipher described second value from second authentication value that described network receives; And
When described first authentication value is equal to described second authentication value, verify second website of described remote site.
2, system according to claim 1 is characterized in that described processor also is used for run time version, and described code is used for:
Send at least one indication relevant by described network with at least one cryptographic algorithm.
3, system according to claim 1 is characterized in that encrypting described first authentication value.
4, system according to claim 3 is characterized in that described processor also is used for run time version, and described code is used for:
Utilize described encryption key to decipher first authentication value of described encryption.
5, system according to claim 1 is characterized in that described processor also is used for run time version, and described code is used for:
Send the License Value of encrypting by described network, wherein said License Value is local for described remote site;
Go the hidden second reception value by described network; And
Utilize described License Value and describedly go the second hidden reception to be worth to form session encryption key.
6, system according to claim 5 is characterized in that encrypting the described second reception value.
7, system according to claim 6 is characterized in that described processor also is used for run time version, and described code is used for:
Decipher the described second reception value.
8, system according to claim 5 is characterized in that described License Value is a random value.
9, system according to claim 1 is characterized in that providing described encryption key by described second website of described remote site.
10, system according to claim 9 is characterized in that the public keys that described encryption key is with public keys/the private key encryption algorithm is relevant.
11, system according to claim 1 is characterized in that described equipment also comprises:
I/O unit is used to provide the communication between described processor and the described network.
12, system according to claim 1 is characterized in that code storage in described storer.
13, system according to claim 1, described second website that it is characterized in that described remote site is not a side of described secure communication.
14, system according to claim 1 is characterized in that described processor also is used for run time version, and described code is used for:
The actuating logic computing is so that determine described first authentication value.
15, a kind ofly being used to authenticate and permit that the each side that is positioned at remote site enters the system of secure communication network, wherein is not that described secure communication network one side's special-purpose website comprises the equipment that communicates with described network, and described system comprises:
Processor with storer communicates is used for run time version, and described code is used for:
Send the utilization value hidden authentication value relevant by described network with each described remote site;
Utilization is that local encryption key is deciphered the numerical value that receives by described network for described special-purpose website;
When described authentication value is equal to the reception value of described deciphering, verify described remote site.
16, system according to claim 15 is characterized in that described processor also is used for run time version, and described code is used for:
Utilization is that local encryption key is encrypted described blinded value for described special-purpose website.
17, system according to claim 15 is characterized in that described processor also is used for run time version, and described code is used for:
Send the described authentication value that utilizes the encryption key scrambling that is this locality for described special-purpose website.
18, system according to claim 15 is characterized in that described processor also is used for run time version, and described code is used for:
Reception is from the License Value of related remote website; And
Send the blinded value relevant with the License Value of described reception.
19, system according to claim 18, it is characterized in that utilizing described remote site can with encryption key encrypt described License Value.
20, system according to claim 19 is characterized in that described processor also is used for run time version, and described code is used for:
Decipher the License Value of described encryption.
21, system according to claim 18 is characterized in that described blinded value is based on the License Value that receives from corresponding remote site.
22, system according to claim 18 is characterized in that described blinded value is based on described License Value and remote site ident value.
23, system according to claim 15 is characterized in that also comprising:
The I/O unit that communicates with described processor and described network.
24, system according to claim 15 is characterized in that described code storage in described storer.
CNA038267179A 2003-07-07 2003-07-07 Authentication for admitting parties into a network Pending CN1791866A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2003/021148 WO2005015409A1 (en) 2003-07-07 2003-07-07 Authentication for admitting parties into a network

Publications (1)

Publication Number Publication Date
CN1791866A true CN1791866A (en) 2006-06-21

Family

ID=34134584

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA038267179A Pending CN1791866A (en) 2003-07-07 2003-07-07 Authentication for admitting parties into a network

Country Status (6)

Country Link
EP (1) EP1642205A1 (en)
JP (1) JP2007521525A (en)
CN (1) CN1791866A (en)
AU (1) AU2003261116A1 (en)
IL (1) IL172425A0 (en)
WO (1) WO2005015409A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957499A (en) * 2008-12-11 2014-07-30 高通股份有限公司 Sharing a public addressing system using personal communication devices in an ad-hoc network
CN113727059A (en) * 2021-08-31 2021-11-30 成都卫士通信息产业股份有限公司 Multimedia conference terminal network access authentication method, device, equipment and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4818674B2 (en) * 2005-09-28 2011-11-16 株式会社三菱東京Ufj銀行 Site management device and program

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0750664A (en) * 1993-08-04 1995-02-21 Matsushita Electric Ind Co Ltd Encipherment system based on identification information
JPH0981523A (en) * 1995-09-12 1997-03-28 Toshiba Corp Authentication method
US6073237A (en) * 1997-11-06 2000-06-06 Cybercash, Inc. Tamper resistant method and apparatus
JPH11187012A (en) * 1997-12-22 1999-07-09 Nec Corp Shared key exchanging system
JP2001344214A (en) * 2000-05-31 2001-12-14 Matsushita Electric Ind Co Ltd Method for certifying terminal and cipher communication system
JP2003153353A (en) * 2001-11-13 2003-05-23 Nec Access Technica Ltd Remotely setting method and apparatus thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957499A (en) * 2008-12-11 2014-07-30 高通股份有限公司 Sharing a public addressing system using personal communication devices in an ad-hoc network
CN103957499B (en) * 2008-12-11 2018-06-26 高通股份有限公司 Client terminal device, the method and system that client terminal device is used together with public addressing audio system
CN113727059A (en) * 2021-08-31 2021-11-30 成都卫士通信息产业股份有限公司 Multimedia conference terminal network access authentication method, device, equipment and storage medium
CN113727059B (en) * 2021-08-31 2023-10-24 成都卫士通信息产业股份有限公司 Network access authentication method, device and equipment for multimedia conference terminal and storage medium

Also Published As

Publication number Publication date
IL172425A0 (en) 2006-04-10
JP2007521525A (en) 2007-08-02
AU2003261116A1 (en) 2005-02-25
EP1642205A1 (en) 2006-04-05
WO2005015409A1 (en) 2005-02-17

Similar Documents

Publication Publication Date Title
CN106548345B (en) Method and system for realizing block chain private key protection based on key partitioning
CN1324502C (en) Method for discriminating invited latent member to take part in group
CN107395367B (en) Group signature system based on quantum key
US20130028419A1 (en) System and a method for use in a symmetric key cryptographic communications
CN1879072A (en) System and method providing disconnected authentication
CN1261841C (en) Security system for preventing personal computer from being used by unauthorized people
CN101032117A (en) Method of authentication based on polynomials
US20070074027A1 (en) Methods of verifying, signing, encrypting, and decrypting data and file
CN1697367A (en) A method and system for recovering password protected private data via a communication network without exposing the private data
CN1926837A (en) Method, apparatuses and computer program product for sharing cryptographic key with an embedded agent on a network endpoint in a network domain
JPH1041932A (en) Ciphering key recovery method and equipment
JP2011091864A (en) Anonymous electronic voting system and anonymous electronic voting method
CN110336673B (en) Block chain design method based on privacy protection
CN101064610A (en) Identity authentication process
CN113761582A (en) Group signature based method and system for protecting privacy of block chain transaction under supervision
Pathak et al. Blockchain based e-voting system
Backes et al. Using mobile device communication to strengthen e-voting protocols
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
US20060129812A1 (en) Authentication for admitting parties into a network
CN116090009A (en) Data processing method, device, electronic equipment and readable storage medium
CN113158250B (en) Privacy protection network car booking method and system for eliminating once-matched drivers
CN113965396A (en) Data security communication system and method based on risk assessment
CN1703005A (en) Method for implementing network access authentication
CN1949196A (en) Method, device and system for storage data in portable device safely
US20050160264A1 (en) Trusted authentication credential exchange methods and apparatuses

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20060621