WO2014092534A1 - A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation - Google Patents

A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation Download PDF

Info

Publication number
WO2014092534A1
WO2014092534A1 PCT/MY2013/000230 MY2013000230W WO2014092534A1 WO 2014092534 A1 WO2014092534 A1 WO 2014092534A1 MY 2013000230 W MY2013000230 W MY 2013000230W WO 2014092534 A1 WO2014092534 A1 WO 2014092534A1
Authority
WO
WIPO (PCT)
Prior art keywords
peer
user
peers
key
matching
Prior art date
Application number
PCT/MY2013/000230
Other languages
French (fr)
Inventor
Geong Sen POH
Nurman Mohd Nazir MOHD AMRIL
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2014092534A1 publication Critical patent/WO2014092534A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1044Group management mechanisms 
    • H04L67/1046Joining mechanisms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Definitions

  • the present invention relates to a system and method for peer-to-peer entity authentication with nearest neighbours credential delegation.
  • the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery and authentication for direct submission of jobs.
  • SSH Secure Shell
  • the user simply logs in to the front-end host via SSH. Once the user is authenticated by the front-end host, he or she can start to request virtual machines. The front-end will then use the user credential to login to a scheduled cloud host via SSH. The user then SSH directly into the VM using the information provided by the front end. These steps are repeated each time a user requests for a virtual machines.
  • SSH Secure Shell
  • US 188 Patent Another related existing mechanism, while not for the cloud system but towards peer-to- peer network is the United States Patent No. 7,899,188 B2, hereby denoted as US 188 Patent. It relates to authenticating peers in a peer-to-peer network, particularly for mobile devices.
  • US 188 Patent provides entity authentication in a peer-to-peer setting by utilizing a symmetric key that is further used to generate a public key pair based in user identity as compared to the present invention which utilizes a hybrid approach of pre- shared symmetric keys on client level and PKI (public key infrastructure) on the host level.
  • the said US 188 Patent exemplifies a system strictly for peer-to-peer authentication whereby no pre-shared key is required as compared to the present invention which utilizes hybrid authentication approach and authenticated credential generation which permits host discovery for direct submission of jobs.
  • US 613 Patent also provides secure mechanism under peer-to-peer networking, but particularly to a system and method for secure exchange of messages and other data between peers in a peer-to-peer environment.
  • entity authentication is provided only on user level authentication through public key schemes.
  • the peer-to-peer system is strictly for peer-to-peer authentication through generation of session keys and does not utilize hybrid authentication approach and authenticated credential generation which permits host discovery for direct submission of jobs as provided in the present application.
  • entity authentication is provided by verifying authentication of user and peer through authentication information and public key infrastructure (PKI) of a user and a peer. It does not provide for user and job delegations as provided in the present invention.
  • PKI public key infrastructure
  • It exemplifies a peer-to-peer system which is strictly for peer-to-peer authentication through generation of session keys and does not utilize hybrid authentication approach and authenticated credential generation which permits host discovery for direct submission of jobs as provided in the present application.
  • the present invention relates to a system and method for peer-to-peer entity authentication with nearest neighbours credential delegation.
  • the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery and authentication for direct submission of jobs.
  • One aspect of the present invention provides a system for peer-to-peer entity authentication with nearest neighbours credential delegation.
  • the system comprising at least one Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre- shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine; at least one User Authenticator module (114) configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication; at least one Peer Authenticator module (124) configured for mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication; at least one Credential Delegator module (132) configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport; and at least one Job-Authentication-Delegator module (128) configured for matching, authenticating and providing authentication credential for de
  • the invention provides a system wherein the said Initiator module (108) further comprising at least one Key Generation Engine (110) having means for generating long-term master secret key using at least one pseudo-random bit generator; generating long term secret keys using said master secret and said pseudo-random bit generator; and generating public private key pairs and digital certificates.
  • the said Initiator module (108) further comprising at least one Key Generation Engine (110) having means for generating long-term master secret key using at least one pseudo-random bit generator; generating long term secret keys using said master secret and said pseudo-random bit generator; and generating public private key pairs and digital certificates.
  • said User Authenticator module (114) further comprising at least one Identity Verification Engine (118) having means for generating at least one authentication token in the form of a Message Authentication Code (MAC) containing at least a user ID and a random nonce; and computing and verifying MACs with pre-shared key.
  • MAC Message Authentication Code
  • said Credential Delegator module (132) further comprising at least one Authenticated Identity Distribution Engine (134) having means for broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID; verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers; retrieving pre-shared key by a matching peer and encrypting the retrieved key with the public key of the original peer; signing said user ID and encrypted key by a matching peer and forwarding said user ID together with said encrypted key to said original peer; and verifying said signature, decrypting said key and verifying authenticity of user requesting job submission by said original peer.
  • said Credential Delegator module (132) further comprising at least one Authenticated Identity Distribution Engine (134) having means for broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID; verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers;
  • Job- Authenticator Delegator (128) module further comprising at least one Authenticated Job Distribution Engine (130) having means for broadcasting at least one user ID and job ID by an original peer to other peers capable of processing jobs; verifying said request of original peer by other peers, matching job description in ID with capabilities of original peer by other peers; informing original peer its capability of processing said job upon determining matching peer for authentication; and verifying and informing job requestor of availability of at least one peer capable of processing said job by said original peer.
  • the invention provides a method for peer-to-peer entity authentication with nearest neighbours credential delegation.
  • the method comprising steps of registering all users and peers and generating pre-shared long lived secret keys using master secret key (202); registering peers and generating certificates for all peers (204); generating at least one authenticated user credential for mutually authenticating users and peers (206); matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport (208); matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs (210); and mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication (212).
  • a method wherein generating at least one authenticated user credential for mutually authenticating users and peers further comprising steps of authenticating user to peer by providing user and job IDs and computing at least a MAC with a pre-shared key (302); matching peer with user ID with peer's list of nearest neighbours containing user ID and pre-shared key (304); directing to Credential Delegator module if there is no matching user ID (306); retrieving pre- shared key matching said ID by said peer and computing a MAC based on said key by said peer when user ID is available upon matching by first peer and when user ID is available upon matching steps from Credential Delegator module (308); verifying job, ID and application by peer to process job when there are matching MACs (310); and allowing user to access resources and computing session key for secure communication (312) when there are available applications; else directing to Job-Authentication Delegator module when applications are not available.
  • matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport further comprising steps of broadcasting user ID by peer to other peers by signing user ID with freshness mechanism (402); verifying said signature by other peers (404); matching user ID with nearest neighbors list by other peers upon verification of said signature (406); directing to first time job request when user ID is not available (408); retrieving pre-shared key of said user by said peer with matching ID and encrypting said key with original host key upon availability of user ID (410); signing user ID and encrypted key by peer with matching ID and sending said signature to original peer (412); verifying said signature by original peer and return to User Authenticator module upon successful verification (414).
  • directing to first time job request when user ID is not available further comprises steps of sending user ID to trusted authority by original peer (502); mutual verification between trusted authority and peer using MAC (504); matching user ID with its register list by trusted authority (506); directing to Credential Delegator module if there is no matching user ID (508); encrypting long-lived shared key using shared key with peer by trusted authority when user ID is available (510); and sending encrypted shared key to peer and return to User Authenticator module (512).
  • matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs further comprises steps of broadcasting user and job IDs by peer to other peer by generating at least one signature on job ID with freshness mechanism (602); verifying signature by other peers (604); matching job ID with list of applications by other peers upon successful verification of signature (606); signing job ID by peer with matching application sending said job ID to original peer when matching jobs are available (608);verifying signature by original peers (610); and informing user by original peer on peer having capability to process said jobs (612).
  • the invention provides a method wherein mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication further comprises steps of agreeing on authentication and freshness mechanism by peers (702); first peer authenticating second peer by computing at least one credential token which is at least a digital signature using at least one private key (704); verifying said signature by second peer (706); said second peer authenticating to first peer by computing a credential token which is at least a digital signature using a private key (708); said first peer verifying said signature (710); and mutual authentication between said first peer and said second peer and computing at least one session key for subsequent secure communication (712).
  • FIG. 1.0 illustrates the system of an embodiment of the invention.
  • FIG. 2.0 is a flowchart illustrating the method for peer-to-peer entity authentication with nearest neighbours credential delegation.
  • FIG. 3.0 is a flowchart illustrating the system flow of User Authenticator module.
  • FIG. 4.0 is a flowchart illustrating the system flow of Credential Delegator module.
  • FIG. 5.0 is a flowchart illustrating the system flow of first time job request.
  • FIG. 6.0 is a flowchart illustrating the system flow of Job-Authentication-Delegator module.
  • FIG. 7.0 is a flowchart illustrating the system flow of Peer Authenticator module.
  • the present invention provides a system and method for peer-to-peer entity authentication with nearest neighbours credential delegation.
  • the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery for direct submission of jobs for authentication.
  • the system (100) includes an Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre-shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine.
  • the Initiator module (108) is in communication with an User Authenticator module (114) wherein the User Authentication module is configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication.
  • a Peer Authenticator module (124) is provided and is configured for mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication.
  • a Credential Delegator module (132) is also provided and configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport.
  • a Job-Authentication-Delegator module (128) is also provided. This is configured for matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs.
  • the Initiator module (108) includes a Key Generation Engine (110) for generating long-term master secret key using at least one pseudo-random bit generator; generating long term secret keys using said master secret and said pseudo-random bit generator; and generating public private key pairs and digital certificates.
  • the User Authenticator module (114) further comprising an Identity Verification Engine (118) having means for generating at least one authentication token in the form of a Message Authentication Code (MAC) containing at least a user ID and a random nonce; and computing and verifying MACs with pre-shared key.
  • MAC Message Authentication Code
  • the Credential Delegator module (132) generally includes an Authenticated Identity Distribution Engine (134) having means for broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID; verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers; retrieving pre-shared key by a matching peer and encrypting the retrieved key with the public key of the original peer; signing said user ID and encrypted key by a matching peer and forwarding said user ID together with said encrypted key to said original peer; and verifying said signature, decrypting said key and verifying authenticity of user requesting job submission by said original peer.
  • an Authenticated Identity Distribution Engine having means for broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID; verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers; retrieving pre-shared key by a matching peer and encrypting the retrieved key
  • the Job-Authenticator Delegator (128) module further comprising an Authenticated Job Distribution Engine (130),
  • the Authenticated Job Distribution Engine ( 30) is configured for broadcasting at least one user ID and job ID by an original peer to other peers capable of processing jobs; verifying said request of original peer by other peers, matching job description in ID with capabilities of original peer by other peers; informing original peer its capability of processing said job upon determining matching peer for authentication; and verifying and informing job requestor of availability of at least one peer capable of processing said job by said original peer.
  • the invention includes the steps of registering all users and peers and generating pre-shared long lived secret keys using master secret key (202); registering peers and generating certificates for all peers (204); generating at least one authenticated user credential for mutually authenticating users and peers (206); matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport (208); matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs (210); and mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication (212).
  • the step of generating at least one authenticated user credential for mutually authenticating users and peers further includes authenticating user to peer by providing user and job IDs and computing at least a MAC with a pre-shared key (302); matching peer with user ID with peer's list of nearest neighbours containing user ID and pre- shared key (304); directing to Credential Delegator module if there is no matching user ID (306); retrieving pre-shared key matching said ID by said peer and computing a MAC based on said key by said peer when user ID is available upon matching by first peer and when user ID is available upon matching steps from Credential Delegator module (308); verifying job ID and application by peer to process job when there are matching MACs (310); and allowing user to access resources and computing session key for secure communication (312) when there are available applications; else directing to Job- Authentication-Delegator module when applications are not available.
  • the step of matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport further includes broadcasting user ID by peer to other peers by signing user ID with freshness mechanism (402); verifying said signature by other peers (404); matching user ID with nearest neighbors list by other peers upon verification of said signature (406); directing to first time job request when user ID is not available (408); retrieving pre-shared key of said user by said peer with matching ID and encrypting said key with original host key upon availability of user ID (410); signing user ID and encrypted key by peer with matching ID and sending said signature to original peer (412); verifying said signature by original peer and return to User Authenticator module upon successful verification (414).
  • the step of directing to first time job request when user ID is not available further includes sending user ID to trusted authority by original peer (502); mutual verification between trusted authority and peer using MAC (504); matching user ID with its register list by trusted authority (506); directing to Credential Delegator module if there is no matching user ID (508); encrypting long-lived shared key using shared key with peer by trusted authority when user ID is available (510); and sending encrypted shared key to peer and return to User Authenticator module (512).
  • the step of matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs further includes broadcasting user and job IDs by peer to other peer by generating at least one signature on job ID with freshness mechanism (602); verifying signature by other peers (604); matching job ID with list of applications by other peers upon successful verification of signature (606); signing job ID by peer with matching application sending said job ID to original peer when matching jobs are available (608); verifying signature by original peers (610); and informing user by original peer on peer having capability to process said jobs (612).
  • the step of mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication further includes agreeing on authentication and freshness mechanism by peers (702); first peer authenticating second peer by computing at least one credential token which is at least a digital signature using at least one private key (704); verifying said signature by second peer (706); said second peer authenticating to first peer by computing a credential token which is at least a digital signature using a private key (708); said first peer verifying said signature (710); and mutual authentication between said first peer and said second peer and computing at least one session key for subsequent secure communication (712).
  • the present invention provides for peer-to-peer entity authentication with nearest neighbours credential delegation by utilizing hybrid approach of the pre-shared symmetric keys on the client level and the public key infrastructure (PKI) of the host level.
  • PKI public key infrastructure
  • the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery for direct submission of jobs for authentication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation is provided by using a hybrid approach of pre-shared symmetric keys on the user level and PKI on the peer level. The system includes an Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre-shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine; an User Authenticator module (114) configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication; a Peer Authenticator module (124) configured for mutually authenticating at least two peers through public key signature scheme and creating a session key for secure communication; a Credential Delegator module (132) configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport; and a Job-Authentication-Delegator module (128) configured for matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs. The hybrid authentication approach and authenticated credential generation permits flexible peer discovery for direct submission of jobs.

Description

A SYSTEM AND METHOD FOR PEER-TO-PEER ENTITY AUTHENTICATION WITH NEAREST NEIGHBOURS CREDENTIAL DELEGATION
FIELD OF INVENTION
The present invention relates to a system and method for peer-to-peer entity authentication with nearest neighbours credential delegation. In particular, the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery and authentication for direct submission of jobs.
BACKGROUND ART
Current architecture for virtualized environments in a cloud system does not provide mechanisms to verify authenticity of users and peers, job requests, and mutual authentication between peers. On the other hand, existing cloud authentication mechanism relies on centralized management infrastructure. Therefore, existing cloud authentication mechanism is not suitable in a virtual peer-to-peer environment as virtual peers are not centralized.
In current centralized cloud, all users and cloud hosts are registered to the front-end in a centralized architecture. In a peer-to-peer case, how do users and cloud hosts authenticate with one another in a decentralized environment without a centralized authority? Similarly, in centralized cloud, the cloud front-end initiates virtual machine provisioning to a particular cloud host that matches the user's specification. All cloud hosts are under the control of a centralized front-end. In decentralized peer-to-peer cloud, there is no single entity that controls and maintains information of all the cloud hosts. How can one be sure that incoming request (i.e., virtual machine provisioning request) and outgoing results from an entity are authentic?
These are the two main issues that the present invention addresses. Generally, in the existing cloud system, authentication and verification of users in a cloud is provided using Secure Shell (SSH). The user simply logs in to the front-end host via SSH. Once the user is authenticated by the front-end host, he or she can start to request virtual machines. The front-end will then use the user credential to login to a scheduled cloud host via SSH. The user then SSH directly into the VM using the information provided by the front end. These steps are repeated each time a user requests for a virtual machines.
Another related existing mechanism, while not for the cloud system but towards peer-to- peer network is the United States Patent No. 7,899,188 B2, hereby denoted as US 188 Patent. It relates to authenticating peers in a peer-to-peer network, particularly for mobile devices. US 188 Patent provides entity authentication in a peer-to-peer setting by utilizing a symmetric key that is further used to generate a public key pair based in user identity as compared to the present invention which utilizes a hybrid approach of pre- shared symmetric keys on client level and PKI (public key infrastructure) on the host level. The said US 188 Patent exemplifies a system strictly for peer-to-peer authentication whereby no pre-shared key is required as compared to the present invention which utilizes hybrid authentication approach and authenticated credential generation which permits host discovery for direct submission of jobs.
Similar to the above, the United States Patent No. 7,127,613 B2, hereby denoted as US 613 Patent, also provides secure mechanism under peer-to-peer networking, but particularly to a system and method for secure exchange of messages and other data between peers in a peer-to-peer environment. In US 613 Patent, entity authentication is provided only on user level authentication through public key schemes. The peer-to-peer system is strictly for peer-to-peer authentication through generation of session keys and does not utilize hybrid authentication approach and authenticated credential generation which permits host discovery for direct submission of jobs as provided in the present application.
Also, Celesti et al. in their paper entitled Three-Phase Cross-Cloud Federation Model: The Cloud SSO Authentication" proposed a peer-to-peer network environment, particularly, to a super peer based peer-to-peer network system, which is capable of providing a high-reliability service through secure user authentication, and a peer authentication method. In their proposal, entity authentication is provided by verifying authentication of user and peer through authentication information and public key infrastructure (PKI) of a user and a peer. It does not provide for user and job delegations as provided in the present invention. It exemplifies a peer-to-peer system which is strictly for peer-to-peer authentication through generation of session keys and does not utilize hybrid authentication approach and authenticated credential generation which permits host discovery for direct submission of jobs as provided in the present application.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practiced.
SUMMARY OF INVENTION
The present invention relates to a system and method for peer-to-peer entity authentication with nearest neighbours credential delegation. In particular, the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery and authentication for direct submission of jobs.
One aspect of the present invention provides a system for peer-to-peer entity authentication with nearest neighbours credential delegation. The system comprising at least one Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre- shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine; at least one User Authenticator module (114) configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication; at least one Peer Authenticator module (124) configured for mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication; at least one Credential Delegator module (132) configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport; and at least one Job-Authentication-Delegator module (128) configured for matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs.
In another aspect the invention provides a system wherein the said Initiator module (108) further comprising at least one Key Generation Engine (110) having means for generating long-term master secret key using at least one pseudo-random bit generator; generating long term secret keys using said master secret and said pseudo-random bit generator; and generating public private key pairs and digital certificates.
In yet another aspect of the invention there is provided a system wherein said User Authenticator module (114) further comprising at least one Identity Verification Engine (118) having means for generating at least one authentication token in the form of a Message Authentication Code (MAC) containing at least a user ID and a random nonce; and computing and verifying MACs with pre-shared key.
In still another aspect of the invention there is provided a system wherein said Credential Delegator module (132) further comprising at least one Authenticated Identity Distribution Engine (134) having means for broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID; verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers; retrieving pre-shared key by a matching peer and encrypting the retrieved key with the public key of the original peer; signing said user ID and encrypted key by a matching peer and forwarding said user ID together with said encrypted key to said original peer; and verifying said signature, decrypting said key and verifying authenticity of user requesting job submission by said original peer.
In a further aspect of the invention there is provided a system wherein said Job- Authenticator Delegator (128) module further comprising at least one Authenticated Job Distribution Engine (130) having means for broadcasting at least one user ID and job ID by an original peer to other peers capable of processing jobs; verifying said request of original peer by other peers, matching job description in ID with capabilities of original peer by other peers; informing original peer its capability of processing said job upon determining matching peer for authentication; and verifying and informing job requestor of availability of at least one peer capable of processing said job by said original peer. In another aspect the invention provides a method for peer-to-peer entity authentication with nearest neighbours credential delegation. The method comprising steps of registering all users and peers and generating pre-shared long lived secret keys using master secret key (202); registering peers and generating certificates for all peers (204); generating at least one authenticated user credential for mutually authenticating users and peers (206); matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport (208); matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs (210); and mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication (212).
In a further aspect of the invention there is provided a method wherein generating at least one authenticated user credential for mutually authenticating users and peers further comprising steps of authenticating user to peer by providing user and job IDs and computing at least a MAC with a pre-shared key (302); matching peer with user ID with peer's list of nearest neighbours containing user ID and pre-shared key (304); directing to Credential Delegator module if there is no matching user ID (306); retrieving pre- shared key matching said ID by said peer and computing a MAC based on said key by said peer when user ID is available upon matching by first peer and when user ID is available upon matching steps from Credential Delegator module (308); verifying job, ID and application by peer to process job when there are matching MACs (310); and allowing user to access resources and computing session key for secure communication (312) when there are available applications; else directing to Job-Authentication Delegator module when applications are not available.
In still a further aspect of the invention there is provided a method wherein matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport further comprising steps of broadcasting user ID by peer to other peers by signing user ID with freshness mechanism (402); verifying said signature by other peers (404); matching user ID with nearest neighbors list by other peers upon verification of said signature (406); directing to first time job request when user ID is not available (408); retrieving pre-shared key of said user by said peer with matching ID and encrypting said key with original host key upon availability of user ID (410); signing user ID and encrypted key by peer with matching ID and sending said signature to original peer (412); verifying said signature by original peer and return to User Authenticator module upon successful verification (414). In yet another aspect of the invention there is provided a method wherein directing to first time job request when user ID is not available (408) further comprises steps of sending user ID to trusted authority by original peer (502); mutual verification between trusted authority and peer using MAC (504); matching user ID with its register list by trusted authority (506); directing to Credential Delegator module if there is no matching user ID (508); encrypting long-lived shared key using shared key with peer by trusted authority when user ID is available (510); and sending encrypted shared key to peer and return to User Authenticator module (512). In another aspect of the invention there is provided a method wherein matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs further comprises steps of broadcasting user and job IDs by peer to other peer by generating at least one signature on job ID with freshness mechanism (602); verifying signature by other peers (604); matching job ID with list of applications by other peers upon successful verification of signature (606); signing job ID by peer with matching application sending said job ID to original peer when matching jobs are available (608);verifying signature by original peers (610); and informing user by original peer on peer having capability to process said jobs (612). In yet another aspect the invention provides a method wherein mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication further comprises steps of agreeing on authentication and freshness mechanism by peers (702); first peer authenticating second peer by computing at least one credential token which is at least a digital signature using at least one private key (704); verifying said signature by second peer (706); said second peer authenticating to first peer by computing a credential token which is at least a digital signature using a private key (708); said first peer verifying said signature (710); and mutual authentication between said first peer and said second peer and computing at least one session key for subsequent secure communication (712).
The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1.0 illustrates the system of an embodiment of the invention.
FIG. 2.0 is a flowchart illustrating the method for peer-to-peer entity authentication with nearest neighbours credential delegation. FIG. 3.0 is a flowchart illustrating the system flow of User Authenticator module.
FIG. 4.0 is a flowchart illustrating the system flow of Credential Delegator module.
FIG. 5.0 is a flowchart illustrating the system flow of first time job request.
FIG. 6.0 is a flowchart illustrating the system flow of Job-Authentication-Delegator module.
FIG. 7.0 is a flowchart illustrating the system flow of Peer Authenticator module.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention provides a system and method for peer-to-peer entity authentication with nearest neighbours credential delegation. In particular, the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery for direct submission of jobs for authentication.
Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.
Referring to FIG 1.0, the system (100) according to an embodiment of the invention is illustrated. The system (100) includes an Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre-shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine. The Initiator module (108) is in communication with an User Authenticator module (114) wherein the User Authentication module is configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication. A Peer Authenticator module (124) is provided and is configured for mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication. A Credential Delegator module (132) is also provided and configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport. A Job-Authentication-Delegator module (128) is also provided. This is configured for matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs.
A more detailed description of the Initiator module (108) may be seen within the system architecture of FIG. 2.0. More particularly, the Initiator module (108) includes a Key Generation Engine (110) for generating long-term master secret key using at least one pseudo-random bit generator; generating long term secret keys using said master secret and said pseudo-random bit generator; and generating public private key pairs and digital certificates. The User Authenticator module (114) further comprising an Identity Verification Engine (118) having means for generating at least one authentication token in the form of a Message Authentication Code (MAC) containing at least a user ID and a random nonce; and computing and verifying MACs with pre-shared key.
The Credential Delegator module (132) generally includes an Authenticated Identity Distribution Engine (134) having means for broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID; verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers; retrieving pre-shared key by a matching peer and encrypting the retrieved key with the public key of the original peer; signing said user ID and encrypted key by a matching peer and forwarding said user ID together with said encrypted key to said original peer; and verifying said signature, decrypting said key and verifying authenticity of user requesting job submission by said original peer.
The Job-Authenticator Delegator (128) module further comprising an Authenticated Job Distribution Engine (130), The Authenticated Job Distribution Engine ( 30) is configured for broadcasting at least one user ID and job ID by an original peer to other peers capable of processing jobs; verifying said request of original peer by other peers, matching job description in ID with capabilities of original peer by other peers; informing original peer its capability of processing said job upon determining matching peer for authentication; and verifying and informing job requestor of availability of at least one peer capable of processing said job by said original peer.
Referring to FIGs. 2 through 7, an embodiment of the methodology (200) of the invention is illustrated. Generally, the invention includes the steps of registering all users and peers and generating pre-shared long lived secret keys using master secret key (202); registering peers and generating certificates for all peers (204); generating at least one authenticated user credential for mutually authenticating users and peers (206); matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport (208); matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs (210); and mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication (212). The step of generating at least one authenticated user credential for mutually authenticating users and peers further includes authenticating user to peer by providing user and job IDs and computing at least a MAC with a pre-shared key (302); matching peer with user ID with peer's list of nearest neighbours containing user ID and pre- shared key (304); directing to Credential Delegator module if there is no matching user ID (306); retrieving pre-shared key matching said ID by said peer and computing a MAC based on said key by said peer when user ID is available upon matching by first peer and when user ID is available upon matching steps from Credential Delegator module (308); verifying job ID and application by peer to process job when there are matching MACs (310); and allowing user to access resources and computing session key for secure communication (312) when there are available applications; else directing to Job- Authentication-Delegator module when applications are not available.
The step of matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport further includes broadcasting user ID by peer to other peers by signing user ID with freshness mechanism (402); verifying said signature by other peers (404); matching user ID with nearest neighbors list by other peers upon verification of said signature (406); directing to first time job request when user ID is not available (408); retrieving pre-shared key of said user by said peer with matching ID and encrypting said key with original host key upon availability of user ID (410); signing user ID and encrypted key by peer with matching ID and sending said signature to original peer (412); verifying said signature by original peer and return to User Authenticator module upon successful verification (414).
The step of directing to first time job request when user ID is not available (408) further includes sending user ID to trusted authority by original peer (502); mutual verification between trusted authority and peer using MAC (504); matching user ID with its register list by trusted authority (506); directing to Credential Delegator module if there is no matching user ID (508); encrypting long-lived shared key using shared key with peer by trusted authority when user ID is available (510); and sending encrypted shared key to peer and return to User Authenticator module (512).
The step of matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs further includes broadcasting user and job IDs by peer to other peer by generating at least one signature on job ID with freshness mechanism (602); verifying signature by other peers (604); matching job ID with list of applications by other peers upon successful verification of signature (606); signing job ID by peer with matching application sending said job ID to original peer when matching jobs are available (608); verifying signature by original peers (610); and informing user by original peer on peer having capability to process said jobs (612).
The step of mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication further includes agreeing on authentication and freshness mechanism by peers (702); first peer authenticating second peer by computing at least one credential token which is at least a digital signature using at least one private key (704); verifying said signature by second peer (706); said second peer authenticating to first peer by computing a credential token which is at least a digital signature using a private key (708); said first peer verifying said signature (710); and mutual authentication between said first peer and said second peer and computing at least one session key for subsequent secure communication (712).
The present invention provides for peer-to-peer entity authentication with nearest neighbours credential delegation by utilizing hybrid approach of the pre-shared symmetric keys on the client level and the public key infrastructure (PKI) of the host level. In addition, the present invention provides for hybrid authentication approach and authenticated credential generation which permits flexible host discovery for direct submission of jobs for authentication.
Unless the context requires otherwise or specifically stated to the contrary, integers, steps or elements of the invention recited herein as singular integers, steps or elements clearly encompass both singular and plural forms of the recited integers, steps or elements. Throughout this specification, unless the context requires otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated step or element or integer or group of steps or elements or integers, but not the exclusion of any other step or element or integer or group of steps, elements or integers. Thus, in the context of this specification, the term "comprising" is used in an inclusive sense and thus should be understood as meaning "including principally, but not necessarily solely". It will be appreciated that the foregoing description has been given by way of illustrative example of the invention and that all such modifications and variations thereto as would be apparent to persons of skill in the art are deemed to fall within the broad scope and ambit of the invention as herein set forth.

Claims

1. A system (100) for peer-to-peer entity authentication with nearest neighbours credential delegation, the system comprising:
at least one Initiator module (108) within a Trusted Authority (102); said Initiator module (108) is configured for registering users and peers, generating and distributing pre-shared keys to users and peers, wherein user submits job request and obtains processed results and a peer is at least a virtual machine;
at least one User Authenticator module (114) configured for mutually authenticating users and peers through pre-shared keys and creating at least one session key for secure communication;
at least one Peer Authenticator module (124) configured for mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication;
at least one Credential Delegator module (132) configured for matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport; and at least one Job-Authentication-Delegator module (128) configured for matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs characterized in that
the at least one Initiator module (108) within a Trusted Authority (102) further comprising at least one Key Generation Engine (110) having means for:
generating long-term master secret key using at least one pseudo-random bit generator;
generating long term secret keys using said master secret and said pseudo-random bit generator; and
generating public private key pairs and digital certificates; the at least one Credential Delegator module (132) further comprising at least one Authenticated Identity Distribution Engine (134) having means for: broadcasting at least one user ID by an original peer to request for an authenticated user credential which matches said user ID;
verifying said request of original peer by other peers, searching and comparing said user ID with nearest neighbours lists of different peers by other peers;
retrieving pre-shared key by a matching peer and encrypting the retrieved key with the public key of the original peer;
signing said user ID and encrypted key by a matching peer and forwarding said user ID together with said encrypted key to said original peer; and
verifying said signature, decrypting said key and verifying authenticity of user requesting job submission by said original peer; and
the Job-Authenticator Delegator (128) module further comprising at least one Authenticated Job Distribution Engine (130) having means for:
broadcasting at least one user ID and job ID by an original peer to other peers capable of processing jobs;
verifying said request of original peer by other peers, matching job description in ID with capabilities of original peer by other peers;
informing original peer its capability of processing said job upon determining matching peer for authentication; and verifying and informing job requestor of availability of at least one peer capable of processing said job by said original peer.
2. A system (104) according to Claim 1 , wherein said User Authenticator module (114) further comprising at least one Identity Verification Engine (118) having means for: generating at least one authentication token in the form of a Message Authentication Code (MAC) containing at least a user ID and a random nonce; and
computing and verifying MACs with pre-shared key.
3. A method (200) for peer-to-peer entity authentication with nearest neighbours credential delegation, the method comprising steps of:
registering all users and peers and generating pre-shared long lived secret keys using master secret key (202);
registering peers and generating certificates for all peers (204); generating at least one authenticated user credential for mutually authenticating users and peers (206);
matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport (208);
matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs (210); and
mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication (212)
characterized in that
matching, retrieving and providing authentication credential of user not in the peer list to other peers, and further providing user's secret key transport further com rising steps of:
broadcasting user ID by peer to other peers by signing user ID with freshness mechanism (402);
verifying said signature by other peers (404);
matching user ID with nearest neighbors list by other peers upon verification of said signature (406);
directing to first time job request when user ID is not available (408); retrieving pre-shared key of said user by said peer with matching ID and encrypting said key with original host key upon availability of user ID (410);
signing user ID and encrypted key by peer with matching ID and sending said signature to original peer (412);
verifying said signature by original peer and return to User
Authenticator module upon successful verification (414);
matching, authenticating and providing authentication credential for delegating jobs to peer with applications suitable for processing jobs further comprises steps of:
broadcasting user and job IDs by peer to other peer by generating at least one signature on job ID with freshness mechanism (602); verifying signature by other peers (604);
matching job ID with list of applications by other peers upon successful verification of signature (606);
signing job ID by peer with matching application sending said job
ID to original peer when matching jobs are available (608);
verifying signature by original peers (610); and informing user by original peer on peer having capability to process said jobs (612).
4. A method (300) according to Claim 3, wherein generating at least one authenticated user credential for mutually authenticating users and peers further comprising steps of:
authenticating user to peer by providing user and job IDs and computing at least a MAC with a pre-shared key (302);
matching peer with user ID with peer's list of nearest neighbours containing user ID and pre-shared key (304);
directing to Credential Delegator module if there is no matching user ID (306);
retrieving pre-shared key matching said ID by said peer and computing a MAC based on said key by said peer when user ID is available upon matching by first peer and when user ID is available upon matching steps from Credential Delegator module (308); verifying job ID and application by peer to process job when there are matching MACs (310); and
allowing user to access resources and computing session key for secure communication (312) when there are available applications; else directing to Job-Authentication-Delegator module when applications are not available.
A method (500) according to Claim 3, wherein directing to first time job request when user ID is not available (408) further comprises steps of:
sending user ID to trusted authority by original peer (502);
mutual verification between trusted authority and peer using MAC (504); matching user ID with its register list by trusted authority (506);
directing to Credential Delegator module if there is no matching user ID
(508);
encrypting long-lived shared key using shared key with peer by trusted authority when user ID is available (510); and
sending encrypted shared key to peer and return to User Authenticator module (512).
A method according to Claim 3, wherein mutually authenticating at least two peers through public key signature scheme and creating at least one session key for secure communication further comprises steps of:
agreeing on authentication and freshness mechanism by peers (702); first peer authenticating second peer by computing at least one credential token which is at least a digital signature using at least one private key
(704);
verifying said signature by second peer (706);
said second peer authenticating to first peer by computing a credential token which is at least a digital signature using a private key (708);
said first peer verifying said signature (710); and
mutual authentication between said first peer and said second peer and computing at least one session key for subsequent secure communication (712).
PCT/MY2013/000230 2012-12-11 2013-12-05 A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation WO2014092534A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2012005356A MY167516A (en) 2012-12-11 2012-12-11 A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation
MYPI2012005356 2012-12-11

Publications (1)

Publication Number Publication Date
WO2014092534A1 true WO2014092534A1 (en) 2014-06-19

Family

ID=50030408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2013/000230 WO2014092534A1 (en) 2012-12-11 2013-12-05 A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation

Country Status (2)

Country Link
MY (1) MY167516A (en)
WO (1) WO2014092534A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107637026A (en) * 2015-05-19 2018-01-26 亚马逊技术有限公司 Order is performed in virtual machine instance in a distributed computing environment
JP2019528030A (en) * 2016-08-08 2019-10-03 コグニアン テクノロジーズ リミテッド Network device
CN112039851A (en) * 2020-08-07 2020-12-04 郑州阿帕斯数云信息科技有限公司 Server login method, system and device
US10872336B2 (en) 2017-10-13 2020-12-22 Intensity Analytics Corporation System and method for independent user effort-based validation
US11438321B2 (en) * 2015-12-19 2022-09-06 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for trust based authentication in SDN clustering
US11533341B2 (en) * 2015-02-04 2022-12-20 Intel Corporation Technologies for scalable security architecture of virtualized networks
US11580002B2 (en) 2018-08-17 2023-02-14 Intensity Analytics Corporation User effort detection

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060072148A1 (en) * 2004-10-06 2006-04-06 Xerox Corporation Load sharing among networked image processing devices
US7127613B2 (en) 2002-02-25 2006-10-24 Sun Microsystems, Inc. Secured peer-to-peer network data exchange
US20080313715A1 (en) * 2007-06-12 2008-12-18 Massimo Nardone Node authentication
EP2056563A1 (en) * 2007-11-05 2009-05-06 Alcatel Lucent Peer-to-peer network
US7899188B2 (en) 2007-05-31 2011-03-01 Motorola Mobility, Inc. Method and system to authenticate a peer in a peer-to-peer network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7127613B2 (en) 2002-02-25 2006-10-24 Sun Microsystems, Inc. Secured peer-to-peer network data exchange
US20060072148A1 (en) * 2004-10-06 2006-04-06 Xerox Corporation Load sharing among networked image processing devices
US7899188B2 (en) 2007-05-31 2011-03-01 Motorola Mobility, Inc. Method and system to authenticate a peer in a peer-to-peer network
US20080313715A1 (en) * 2007-06-12 2008-12-18 Massimo Nardone Node authentication
EP2056563A1 (en) * 2007-11-05 2009-05-06 Alcatel Lucent Peer-to-peer network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CELESTI ET AL., THREE-PHASE CROSS-CLOUD FEDERATION MODEL: THE CLOUD SSO AUTHENTICATION

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11533341B2 (en) * 2015-02-04 2022-12-20 Intel Corporation Technologies for scalable security architecture of virtualized networks
CN107637026A (en) * 2015-05-19 2018-01-26 亚马逊技术有限公司 Order is performed in virtual machine instance in a distributed computing environment
US11438321B2 (en) * 2015-12-19 2022-09-06 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for trust based authentication in SDN clustering
JP2019528030A (en) * 2016-08-08 2019-10-03 コグニアン テクノロジーズ リミテッド Network device
JP7215998B2 (en) 2016-08-08 2023-01-31 コグニアン テクノロジーズ リミテッド network device
US10872336B2 (en) 2017-10-13 2020-12-22 Intensity Analytics Corporation System and method for independent user effort-based validation
US10891616B2 (en) 2017-10-13 2021-01-12 Intensity Analytics Corporation System and method for effort-based user authentication
US11176553B2 (en) * 2017-10-13 2021-11-16 Intensity Analytics Corporation Method and system providing peer effort-based validation
US11580002B2 (en) 2018-08-17 2023-02-14 Intensity Analytics Corporation User effort detection
CN112039851A (en) * 2020-08-07 2020-12-04 郑州阿帕斯数云信息科技有限公司 Server login method, system and device

Also Published As

Publication number Publication date
MY167516A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
Xue et al. RAAC: Robust and auditable access control with multiple attribute authorities for public cloud storage
CA2619420C (en) Distributed single sign-on service
CN110677240B (en) Method, apparatus and medium for providing highly available computing services through certificate issuance
US8413221B2 (en) Methods and apparatus for delegated authentication
US8572387B2 (en) Authentication of a peer in a peer-to-peer network
WO2014092534A1 (en) A system and method for peer-to-peer entity authentication with nearest neighbours credential delegation
CN111147460A (en) Block chain-based cooperative fine-grained access control method
CN113572765A (en) Lightweight identity authentication key negotiation method for resource-limited terminal
Raniyal et al. Passphrase protected device‐to‐device mutual authentication schemes for smart homes
KR101165350B1 (en) An Authentication Method of Device Member In Ubiquitous Computing Network
JP2024501326A (en) Access control methods, devices, network equipment, terminals and blockchain nodes
JP2007074745A (en) Method for performing encrypted communication by obtaining authentication, authentication system and method
Chatterjee et al. A novel multi-server authentication scheme for e-commerce applications using smart card
CN110557365A (en) Safe single sign-on method based on message authentication code
Wacker et al. Towards an authentication service for peer-to-peer based massively multiuser virtual environments
CN114915494B (en) Anonymous authentication method, system, equipment and storage medium
Meher et al. A location-based multi-factor authentication scheme for mobile devices
WO2023077280A1 (en) Certificate-less authentication and secure communication
JP2007043750A (en) Method for performing encryption communication after autentication, system and method for authentication
Guo et al. Design of Multi-dimensional Electronic Channel Unified Identity Authentication Method for Power Information System
An et al. Mutual Authentication Protocol in a Distributed Heterogeneous Environment: A Blockchain-Based Approach
Wang et al. Trust management for iaas with group signature
Domb Advanced Lightweight Encryption Key Management Algorithms for IoT Networks
Jacob et al. Security Enhancement of Single Sign on Mechanism for Distributed Computer Networks
CN115118431A (en) Cross-domain identity authentication bill conversion method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13826646

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13826646

Country of ref document: EP

Kind code of ref document: A1