CN101883115A - Access authentication method and system thereof - Google Patents
Access authentication method and system thereof Download PDFInfo
- Publication number
- CN101883115A CN101883115A CN2010102195608A CN201010219560A CN101883115A CN 101883115 A CN101883115 A CN 101883115A CN 2010102195608 A CN2010102195608 A CN 2010102195608A CN 201010219560 A CN201010219560 A CN 201010219560A CN 101883115 A CN101883115 A CN 101883115A
- Authority
- CN
- China
- Prior art keywords
- node
- key
- access authentication
- tree
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides an access authentication method which comprises the following steps: physical nodes in a network is organized by a hierarchical mode to form a node tree; in order to realize access authentication, each father node in the identification framework tree respectively generates a key pair aiming at each child node, sends a private key in the key pair to the corresponding child node, and then sends the private key of each ancestor node from the father nodes to each child node of the father nodes; each leaf node of the identification framework tree reserves the private key of each ancestor node close to a certain range as a key sequence, and then requests access authentication by virtue of a cryptograph encrypted by the key sequence; and finally each father node in the identification framework tree related to an access authentication request decrypts the cryptograph of the access authentication request by a public key corresponding to the private key so as to obtain an authentication conclusion. The invention has the beneficial effect that the hierarchical network has obvious hierarchy in access authentication compared with the previous network system.
Description
Technical field
The present invention relates to a kind of access authentication method and system of communication network, be specifically related to a kind of access authentication method and system that is adapted in the hierarchical network framework according to identify label level segmentation encryption and decryption.
Background technology
Along with the fast development of Internet technology and various application services, some original design defectives of existing Internet framework reveal gradually, IP address identity and position double grading just one of them.The double attribute of IP address on semantics in the Internet protocol system is one of basic reason that causes problems.In the conventional the Internet protocol system, the address is the identity information of representation node both, also the positional information of representation node.But the double attribute of IP address has caused the serious route scaling problem in the Internet, makes the Internet be difficult to support mobile and many locals etc.
Therefore, separate with location address (Locator) about identify label (ID), and the hierarchical network Research on Architecture has become the focus of current Internet technology.The LISP agreement of CISCO is exactly a kind of hierarchical network framework under the IP geologic condition, be intended to propose a kind of practicable identify label (ID) and location address (Locator) mapping mechanism, realize IP address identity sign and separating that location address identifies, be mobile IP, many locals provide strong technical support.
If the network object of hierarchical network framework layering has the feature of object-oriented and recurrence, procotol and technical complexity are very heavy for simplifying, it is the developing direction of future network framework, yet present cryptosystem is the plane formula structure, can not satisfy the needs of hierarchical network framework on the principle, hinder above developing direction.
Summary of the invention
For overcoming the problem that prior art exists, the objective of the invention is to propose a kind of access authentication method and system, this access authentication method is that the characteristic at the hierarchical network framework proposes, it is applicable to the hierarchical network framework.
According to an aspect of the present invention, a kind of access authentication method is provided, it is characterized in that, with the physical node in a kind of mode organization network of level, form a node tree, this node tree is called identification framework tree, right in order to realize that each father node in the described identification framework tree of access authentication generates a key respectively at its each child node, and the private key of described cipher key pair issued corresponding child node, and each child node of also issuing described father node from the private key of the ancestor node of described father node; Each leaf node of described identification framework tree keeps the private key of the ancestor node of necessarily closing on scope as key sequence, asks access authentication by utilizing the ciphertext after described key sequence is encrypted; And the corresponding PKI of each father node utilization in the described identification framework tree relevant with described access authentication request and private key comes described access authentication request ciphertext is decrypted, thereby draws the authentication conclusion.
According to a further aspect in the invention, a kind of access authentication system is provided, it is characterized in that, the tree of network being formed a level with identification framework tree, described access authentication system is used for realizing the promptly basic access authentication of netting the territory of each leaf node of described tree, described access authentication system comprises: key generating device, described key generating device is arranged in each father node of described tree, it is right to generate a key respectively at its each child node, and the private key of described cipher key pair issued corresponding child node, and each child node of issuing described father node from the private key of the ancestor node of described father node; Encryption device, described encryption device are arranged in each leaf node of described tree, and all private keys that will receive from ancestor node are asked access authentication as key sequence by utilizing the ciphertext after described key sequence is encrypted; And decryption device, described decryption device is arranged in and each father node, and the described decryption device utilization that is arranged in the father node of the described tree relevant with described access authentication request is come described access authentication request is decrypted by the PKI that father node generated under it.
The invention has the beneficial effects as follows, make the hierarchical network ratio network system in the past aspect access authentication, have tangible level.Specifically, following beneficial effect is arranged:
1. because social fractal characteristic, should have fractal characteristic so cover the new generation network of society, the hierarchical network framework is the necessary condition that network has fractal characteristic, and the access authentication method of the level segmentation encryption and decryption that the present invention proposes is the necessary condition of hierarchical network framework, so content of the present invention is the important technology of new generation network.
According in the hierarchical network for the definition of identify label and identification framework tree, characteristics according to the layering that it had, the present invention will adopt the encryption and decryption scheme of segmentation, being applied to hierarchical network nets in the middle of the access authentication in territory substantially, thereby realize the authentication of stratification, due to the following characteristic of hierarchical network identify label and identification framework tree:
(i) level of identify label.ID is abbreviated as in identify label, and a node has an identify label.Identify label is mainly given according to the social membership between the network object.To unique requirement of identify label is that full name of the combination of many levels claims to be identified at the uniqueness in this organizational structure.Relation between the simple identification is a layer level, and is similar with the level of social organization relation.
The (ii) level of password.After identification framework tree formed, it is right that all nodes that have a child node all will produce the key that is made of PKI and private key, and the right quantity of key is decided according to the number of child node.Private key is presented to child node, is used for the encrypting and authenticating request package.PKI keeps by issuing node oneself, is used for the decrypted authentication request package.
The (iii) level of authentication request bag.The design of authentication request bag is as follows: Head Cmd [authentication request node ID] [[Target id]] [Time, ID component k, CODE1] ... [Time, ID component 2, CODE2] [CODE 1 for Time, ID component 1].Therefrom has stronger level as can be seen.
3. fail safe.Mainly show following two aspects:
(i) distributed authentication mechanism: will authenticate a plurality of nodes of decentralization of functions in the network architecture, and can avoid focusing on the risk of bringing by certificate server, the data volume that each relative node need be handled also can decrease;
The (ii) authentication mechanism of stratification: ID layering, password layered, the design of authentication request bag layered encryption and the layering of authentication realize, can cut down the influence of Password Length to a certain extent, improve security performance, simultaneously, need the cooperation of many levels in the network, just can finish once authentication, strengthen the difficulty of security attack, also improve security performance to a certain extent.
Description of drawings
Fig. 1 is the schematic diagram of identification framework tree;
Fig. 2 is that key is provided schematic diagram under the public-key cryptosystem;
Fig. 3 is that (thick-line arrow is represented the path of authentication request bag to the identifying procedure of A111 when moving to A12 nerve of a covering territory; Thin-line arrow represents to authenticate the return path of corresponding bag);
Fig. 4 is that (thick-line arrow is represented the path of authentication request bag to the identifying procedure of A111 when moving to A21 nerve of a covering territory; Thin-line arrow is represented the return path of authentication response bag).
Specific embodiments
With the physical node in a kind of mode organization network of level, forming a node tree is effective network organization mode, the present invention is with reference to a kind of concrete node tree of the PNNI protocol definition of atm forum, and this node tree is called as identification framework tree, and Fig. 1 illustrates the example of an identification framework tree.
For what further specifies is identification framework tree, and at first defined notion is netted the territory substantially.Basic net territory is a physical node or a physical subnets, and netting the territory substantially has one or morely to external port, can produce, consumes or transmit data, can independently move change annexation to each other.In the hierarchical network framework, netting the territory substantially is the smallest object that identifies, operates, uses and manage, and whole network does not need to know the interior details in basic net territory, only knows that external function and feature get final product.
Group one by one can be formed by affiliated relation in one or more basic nets territory, be called basic peer-group, a plurality of basic peer-group can be formed bigger group one by one, be called general peer-group, a plurality of general peer-group can also further be formed more high-rise peer-group, finally, whole network forms a tree, this tree is exactly the identification framework tree of network, the leaf nodes of identification framework tree is to net the territory substantially, and the node corresponding to basic peer-group and general peer-group on upper strata is called logical node.For each node in the identification framework tree (node is the general designation of netting territory or logical node substantially) is given a simple identification, the simple identification of each node and the simple identification of necessarily closing on scope ancestor node thereof form with different levels identifier of an orderly similar IP network domain name form, can be in certain network range this node of unique identification, this identifier is called the identify label of this node, be designated as ID, each simple identification is called as the ID component.In addition, further define following notion:
Network root: the root node of whole network corresponding identification framework tree, i.e. the peer-group node of top layer.
Ancestor node: with the father node of a node in the whole identification framework tree and more the older generation's node be referred to as the ancestor node of this node.
Descendent node: if node A is the ancestor node of Node B, then Node B is exactly the descendent node of node A.
Common ancestor's node: refer in the common ancestor node of node A and Node B, be positioned at the node of lowermost layer in whole identification framework tree.That is to say that one, common ancestor's node are the ancestor node of node A, is again the ancestor node of Node B, its two, all be the ancestor node of node A be again that the residing layer of common ancestor's node is minimum in the node of ancestor node of Node B.
Top layer ancestor node: each nets the territory substantially a top layer ancestor node, is that this nets the top ancestor node that the territory is known substantially, and this top ID component of netting territory ID substantially is this simple identification of netting the top layer ancestor node in territory substantially.The range size that move according to plan in basic net territory determines the hierarchical position of its top layer ancestor node, top layer ancestor node is selected to have determined this to net territory ID length substantially, basic net territory ID is the simple identification by its top layer ancestor node, the simple identification of the ancestor node that top layer ancestor node is following, and the simple identification sequence that should net the simple identification composition in territory substantially.Basic net territory also has a key sequence, and this key sequence is made up of the key of basic net territory ID component correspondence, but does not comprise the key of top layer ancestor node ID component correspondence, nets the order of key in the key sequence in territory and the sequence consensus of ID component substantially.
Fig. 1 is an example of identification framework tree, and is less for illustrating simple branches, is 2 even 1, but discussion is not general down.Basic net territory A111 and A112 form basic peer-group A11, and logical node A11 is the external representative of peer-group A11, and logical node A11 is a software process object that operates among A111 or the A112 usually; In like manner, net territory A221 and A222 substantially and form peer-group A22, logical node A22 is the external representative of peer-group A22; Logical node A12 and logical node A21 also represent corresponding peer-group.
Logical node A11 and logical node A12 further form general peer-group A1, and logical node A1 is the external representative of general peer-group A1, and logical node A1 operates among A11 or the A12 usually, i.e. a software process object among A111, A112 or the A121; Logical node A1 also represents corresponding peer-group.
At last, logical node A1 and logical node A2 further form general peer-group A, and logical node A operates among A1 or the A2 usually, i.e. a software process object among A111, A112, A121, A211, A221 or the A222.
Among Fig. 1, the literal that is marked on each node in the identification framework tree is its simple identification, if being exactly all, network root A nets the top layer ancestor node in territory substantially, the identify label of netting territory A121 so substantially is A.A1.A12.A121, the identify label of basic net territory A221 is A.A2.A22.A221, and the identify label of logical node A11 is A.A1.A11.If the scope that A121 moves is limited in the scope of A1, to net the top layer ancestor node of territory A121 so substantially and can select A1, A121 identify label is at this moment simplified becomes A1.A12.A121.
In identification framework tree, the key information of superior node storage downstream site, the superior node that downstream site is only trusted, logical node with downstream site all should have the authentication service function, the certificate server role who serves as the part of equivalence is responsible for work such as the generation and the granting of key, the enciphered message that reads authentication request bag, decrypted authentication request package, generation authentication response bag.As seen, the access authentication at hierarchical network uses with different at the employed authentication mode of the access authentication of traditional centralized system.Requirement is used distributed authentication mode at the access authentication of hierarchical network, and authentication module is distributed on the different nodes in the identification framework tree.
The form of authentication request bag
Head Cmd [authentication request node ID] [authentication response node ID] [Time, ID component k, CODEk] ... [Time, ID component 2, CODE2] [Time, ID component 1, CODE1]
Wherein, each symbolic significance is as follows:
Head: data packet head mainly comprises the field of the information such as version number, transmission priority, congested control, error detection, type of data packet of data packet format.
Cmd: command code, get a set point.
The authentication request node ID: the identify label of authentication authorization and accounting requesting node is used for the authentication request bag is directed to top layer ancestor node, and then is directed to the father node of authentication request node.
The authentication response node ID: the identify label of authentication authorization and accounting responsive node is used for the authentication response bag is directed to the authentication response node.
Time: time tag is mainly used in and prevents to distort and Replay Attack.
ID component i: the ID component of authentication request node, i=1,2, ..., k, ID component k is the simple identification of authentication request node as a basic net territory, and last ID component 1 is the simple identification of an ancestor node of authentication request node, and this ancestor node is the direct child of the top layer ancestor node of authentication request node.
CODEi: be the component of key sequence, i=1,2 ..., k, CODEi is corresponding with ID component i's.
The level of authentication request bag is embodied in: the authentication request bag is that segmentation is encrypted.In the authentication request bag: Time and ID component 1 are encrypted by CODE1, and Time and ID component 2 are encrypted by CODE2, by that analogy, and always total k section.
The authentication response packet format
Head, Cmd, [authentication response node ID], [Return Message]
Wherein each symbolic significance is as follows:
Head: data packet head mainly comprises the field of the information such as version number, transmission priority, congested control, error detection, type of data packet of data packet format.
Cmd: command code, get a set point.
Authentication response node ID: the identify label of authentication response node.
Return Message: receive the response, should comprise the identify label of authentication request end, and authenticate the expression of whether passing through.
Detailed implementation process based on RSA arithmetic
1. the distribution process of key
Illustrate that below with reference to Fig. 2 the key in the forming process of identification framework tree sends out process.Wherein X is a private key, and Y is a PKI.
(1) root node A is according to its son node number, and it is right to determine to produce 2 keys, is { X1, Y1}{X2, Y2}; And with private key { X1} and { X2} issues its child node A1 and A2 respectively.
(2) node A1 is same produces two keys to { X3, Y3} and { X4, Y4} issue its child node A11 and A12 respectively with private key X3 and X4; Oneself keeps PKI Y3 and Y4, uses during in order to deciphering, and will also together issue its child node A11 and A12 from the private key X1 of its ancestor node A.Equally, A2 produces key to { X5, Y5} and { X6, Y6}, and respectively private key X5 and X6 are issued its child node A21 and A22, own reservation PKI Y5 and Y6, and will also issue its child node A21 and A22 from the private key X2 of its ancestor node A.
(3) node A11 produces key to { Y8} issues A111 and A112 respectively with private key X7 and X8 for X7, Y7}{X8, own reservation PKI Y7 and Y8, and will be respectively also issue its child node A111 and A112 from private key X1 and the X3 of its ancestor node A and A1.Equally, A12 produces key to { X9, Y9}, and private key X9 issued its child node A121 keep PKI Y9, and will be respectively also issue its child node A121 from private key X1 and the X4 of its ancestor node A and A1.
(4) node A21 produces key to { X10, Y10} issue A211 with X10, and oneself keeps Y10, and will.A22 produces key to { X11, Y11}{X12, Y12}, and private key X11 and X12 issued its child node A221 and A222 respectively, own reservation PKI Y11 and Y12.
Node A111 with its from ancestor node (is A, A1 and A11 at this) receive X7}, X3} with { obtain these three keys of X1} mutually in succession, the key sequence of A111.That is to say that the encryption key distribution process makes each node all obtain key sequence.For example, node A111 obtains by { X7}, { X3} and { these three key sequence { X7}{X3}{X1} that key is formed mutually in succession of X1}.
But, if A111 plan only in the scope that does not exceed A1 when mobile, then the key sequence of A111 can be { X7}{X3} rather than { X7}{X3}{X1}, corresponding identify label is also shortened and become A1.A11.A111 rather than A.A1.A11.A111.In this case, A11 is being known A111 only in the scope that does not exceed A1 when mobile, can be not { X1} issues A111, and it also will not keep even issue A111 with the private key of A1.
2. the detailed design of authentication request bag
Being without loss of generality, is example near moving to A121 with A111, and the detailed design of authentication request bag is described.According to the Distribution Results of top key, net territory A111 substantially and have three private keys altogether and be respectively X7, X3, X1.So, when this node arrives a new network site, such as moving near the A121, when setting up link with A121, if obtain communication service by A121 just must carry out authentication, to the identity of A121 proof oneself, so node A111 structure authentication request bag is as follows:
Head,Cmd,[A.A1.A11.A111],[A.A1.A12.A121],[Time,A111,X7][Time,A11,X3][Time,A1,X1]
Ciphertext in this authentication request bag has three ciphertext sections, respectively by key X7, and X3, X1 encrypts and obtains, and is exactly X1 encrypts formation to simple identification A1 and Time ciphertext such as [Time, A1, X1].
3, detailed realization flow
Be without loss of generality, move with A111 and be example, detailed realization flow is described.
Move to different network ranges according to basic net territory A111 and can be divided into two kinds of situations, be respectively in the territory and between the territory and authenticate, concrete certificate scheme mainly contains following two kinds:
Scheme one: the node in the identification framework tree as shown in Figure 1 is moved, when moving to the network range that A12 covers, basic net territory A111 forms situation shown in Figure 3, when A111 and A121 set up communication link, just must be through A121, send authentication request bag request authentication by A12 to network, otherwise A111 can't obtain service from network.Identifying procedure as shown in Figure 3, step is as follows:
(1) A111 sends authentication request bag (thick arrow path) through A121, A12 and A1 to A:
Head,Cmd,[A.A1.A11.A111],[A.A1.A12.A121],[Time,A111,X7][Time,A11,X3][Time,A1,X1]
(2) after A receives this authentication request bag, read the Cmd in packet header, know that this is an authentication request bag, identify label A.A1.A11.A111 according to A111, just can confirm oneself to be exactly the top layer ancestor node of authentication request node, decipher first ciphertext section with the public-key cryptography of A1, if successfully deciphering sends to its child node A1 with the authentication request bag.
(3) after A1 receives this authentication request bag, with second ciphertext section of public-key cryptography deciphering of A11, if successfully deciphering sends to its child node A11 with the authentication request bag.
(4) and the like, father node A11 up to the authentication request node, after it receives this authentication request bag, the last ciphertext section of public-key cryptography deciphering with A111, if successfully deciphering, then whole authentication success, generation authentication response bag is responded to A121 and A12 and is got final product, and the authentication response packet format is as follows:
Head,Cmd,[A.A1.A12.A121],[Return?Message]
If the top layer ancestor node of this scheme A111 is A1, this can work equally, and difference be A to the thick arrow path of A1 process is no longer directly passed through A111, A12, A1, A11.
Scheme two:
Node in the identification framework tree as shown in Figure 1 is moved, when moving to the network range that A21 covers, basic net territory A111 forms situation shown in Figure 4, when A111 and A211 set up communication link, A111 will obtain service from network, just must be through A211, send authentication request bag request authentication (thick arrow path) by A21 to network, the identifying procedure of this kind scheme is as follows:
(1) A111 sends the authentication request bag by A211, A21 and A2 to A:
Head,Cmd,[A.A1.A11.A111],[A.A2.A21.A211],[Time,A111,X7][Time,A11,X3][Time,A1,X1]
(2) after A receives this authentication request bag, read the Cmd in packet header, know that this is an authentication request bag, identify label A.A1.A11.A111 according to A111, just can confirm oneself to be exactly grandfather's node of requesting node, decipher first ciphertext section with the public-key cryptography of A1, if successfully deciphering sends to its child node A1 with the authentication request bag.
(3) after A1 receives this authentication request bag, decipher first ciphertext section, if successfully deciphering sends to its child node A11 with the authentication request bag with the public-key cryptography of A11.
(4) after A11 receives this authentication request bag, decipher first ciphertext section with the public-key cryptography of A111, if successfully deciphering, then whole authentication success, generation authentication response bag is responded to A21 and A211 and is got final product, and packet format is as follows:
Head,Cmd,[A.A2.A21.A211],[Return?Message]
It is right to adopt public key algorithms such as RSA, EIGamal to produce the encryption and decryption key of each segmentation among the above embodiment.The RSA public key encryption algorithm is to be developed in (Massachusetts Institute Technology) by Ron Rivest, Adi Shamirh and LenAdleman in 1977.RSA is named the name from they three of exploitation.RSA is the most influential public key encryption algorithm at present, and it can resist all up to the present known cryptographic attacks, is recommended as the public key data encryption standard by ISO.RSA Algorithm is based on a foolproof number theory fact: it is very easy that two big prime numbers are multiplied each other, but it is extremely difficult to want that at that time its product is carried out factorization, therefore can product is open as encryption key.The EIGamal algorithm not only can be used for digital signature but also can be used for encrypting, and its fail safe depends on the difficulty of calculating discrete logarithm on the finite field.In addition, the transmission course of authentication response bag can be encrypted carrying out segmentation with encryption key at all levels, with the fail safe of the transmission course that improves the authentication response bag.
Claims (6)
1. an access authentication method is characterized in that,
With the physical node in a kind of mode organization network of level, form a node tree, this node tree is called identification framework tree, right in order to realize that each father node in the described identification framework tree of access authentication generates a key respectively at its each child node, and the private key of described cipher key pair issued corresponding child node, and each child node of also issuing described father node from the private key of the ancestor node of described father node;
Each leaf node of described identification framework tree keeps the private key of the ancestor node of necessarily closing on scope as key sequence, asks access authentication by utilizing the ciphertext after described key sequence is encrypted;
And the corresponding PKI of each father node utilization in the described identification framework tree relevant with described access authentication request and private key comes described access authentication request ciphertext is decrypted, thereby draws the authentication conclusion.
2. access authentication method according to claim 1 is characterized in that, described to utilize the ciphertext after described key sequence is encrypted be that segmentation is encrypted.
3. access authentication method according to claim 2 is characterized in that, it is right that employing RSA, EIGamal public key algorithm produce the encryption and decryption key of each described segmentation.
4. access authentication method according to claim 2 is characterized in that, the segmentation of the ciphertext after described key sequence is encrypted is in proper order corresponding one by one with private key in the described key sequence.
5. access authentication method according to claim 1, it is characterized in that, when a node, the authentication authorization and accounting requesting node, when setting up new link to the peer node of new link, the authentication authorization and accounting responsive node, request authentication, method are that described node provides the key sequence encrypted ciphertext of using oneself to the other side, with the identity to described the other side's node proof oneself, described the other side's node will upwards transmit this ciphertext step by step, until arriving an ancestor node, it has first section deciphering PKI of described ciphertext, is used for deciphering the first step that realizes authentication, indicate by the identify label of described node afterwards, to each segmentation of one section ground of next section decrypted authentication ciphertext, till arriving the father node of described node, if above whole authentication successs of per step in identification framework tree, the authentication success of then described node request, otherwise failure.
6. an access authentication system is characterized in that, the tree of a level of network composition, described access authentication system is used for realizing the promptly basic access authentication of netting the territory of each leaf node of described tree with identification framework tree, and described access authentication system comprises:
Key generating device, described key generating device is arranged in each father node of described tree, it is right to generate a key respectively at its each child node, and the private key of described cipher key pair issued corresponding child node, and each child node of issuing described father node from the private key of the ancestor node of described father node;
Encryption device, described encryption device are arranged in each leaf node of described tree, and all private keys that will receive from ancestor node are asked access authentication as key sequence by utilizing the ciphertext after described key sequence is encrypted; And
Decryption device, described decryption device is arranged in and each father node, and the described decryption device utilization that is arranged in the father node of the described tree relevant with described access authentication request is come described access authentication request is decrypted by the PKI that father node generated under it.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010219560 CN101883115B (en) | 2010-06-25 | 2010-06-25 | Access authentication method and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010219560 CN101883115B (en) | 2010-06-25 | 2010-06-25 | Access authentication method and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101883115A true CN101883115A (en) | 2010-11-10 |
| CN101883115B CN101883115B (en) | 2013-04-17 |
Family
ID=43055001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010219560 Expired - Fee Related CN101883115B (en) | 2010-06-25 | 2010-06-25 | Access authentication method and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101883115B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468585A (en) * | 2014-12-12 | 2015-03-25 | 西安电子科技大学 | Proxy-based user equipment trusted access authentication method |
| CN105262848A (en) * | 2015-06-30 | 2016-01-20 | 清华大学 | User internet identity and generation method and system thereof |
| CN107395356A (en) * | 2012-09-19 | 2017-11-24 | 交互数字专利控股公司 | It is layered certification |
| CN109257343A (en) * | 2018-09-05 | 2019-01-22 | 沈阳理工大学 | A kind of anti-access authentication method of compound dimension based on matrix mapping |
| CN110213228A (en) * | 2019-04-25 | 2019-09-06 | 平安科技(深圳)有限公司 | A kind of method, apparatus, storage medium and the computer equipment of certification communication |
| CN112187454A (en) * | 2020-09-14 | 2021-01-05 | 国网浙江省电力有限公司信息通信分公司 | Key management method and system based on block chain |
| CN112333701A (en) * | 2020-10-23 | 2021-02-05 | 中国科学技术大学 | Cross-domain authentication method based on identity in large-scale Internet of things scene |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1383643A (en) * | 2000-04-06 | 2002-12-04 | 索尼公司 | Information recording/reproducing appts. and method |
| CN101060479A (en) * | 2007-05-28 | 2007-10-24 | 广州杰赛科技股份有限公司 | Wireless self-organized network distribution authentication multi-layer tree route method |
| CN101075870A (en) * | 2006-05-16 | 2007-11-21 | 华为技术有限公司 | Method for generating and distributing movable IP Key |
| US7539313B1 (en) * | 2000-09-13 | 2009-05-26 | Nortel Networks Limited | System and method for key management across geographic domains |
| CN101557587A (en) * | 2009-04-08 | 2009-10-14 | 哈尔滨工程大学 | Management method of hierarchical tree key in wireless sensor network (WSN) |
| CN101742496A (en) * | 2002-11-26 | 2010-06-16 | 思科技术公司 | Wireless local area network context control protocol |
-
2010
- 2010-06-25 CN CN 201010219560 patent/CN101883115B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1383643A (en) * | 2000-04-06 | 2002-12-04 | 索尼公司 | Information recording/reproducing appts. and method |
| US7539313B1 (en) * | 2000-09-13 | 2009-05-26 | Nortel Networks Limited | System and method for key management across geographic domains |
| CN101742496A (en) * | 2002-11-26 | 2010-06-16 | 思科技术公司 | Wireless local area network context control protocol |
| CN101075870A (en) * | 2006-05-16 | 2007-11-21 | 华为技术有限公司 | Method for generating and distributing movable IP Key |
| CN101060479A (en) * | 2007-05-28 | 2007-10-24 | 广州杰赛科技股份有限公司 | Wireless self-organized network distribution authentication multi-layer tree route method |
| CN101557587A (en) * | 2009-04-08 | 2009-10-14 | 哈尔滨工程大学 | Management method of hierarchical tree key in wireless sensor network (WSN) |
Non-Patent Citations (2)
| Title |
|---|
| 伍华凤,戴新发,陈鹏: "一种层次化移动IP接入认证机制", 《计算机工程》, vol. 34, no. 24, 31 December 2008 (2008-12-31) * |
| 张宇: "基于接入控制的安全网络模型与协议研究", 《中国优秀硕士学位论文全文数据库》, 29 December 2009 (2009-12-29), pages 8 - 17 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395356A (en) * | 2012-09-19 | 2017-11-24 | 交互数字专利控股公司 | It is layered certification |
| CN104468585B (en) * | 2014-12-12 | 2017-10-24 | 西安电子科技大学 | The credible access authentication method of user equipment based on agency |
| CN104468585A (en) * | 2014-12-12 | 2015-03-25 | 西安电子科技大学 | Proxy-based user equipment trusted access authentication method |
| CN105262848A (en) * | 2015-06-30 | 2016-01-20 | 清华大学 | User internet identity and generation method and system thereof |
| CN105262848B (en) * | 2015-06-30 | 2018-08-28 | 清华大学 | The identity of user internet and generation method and system |
| CN109257343B (en) * | 2018-09-05 | 2020-11-10 | 沈阳理工大学 | Composite dimension reverse access authentication method based on matrix mapping |
| CN109257343A (en) * | 2018-09-05 | 2019-01-22 | 沈阳理工大学 | A kind of anti-access authentication method of compound dimension based on matrix mapping |
| CN110213228A (en) * | 2019-04-25 | 2019-09-06 | 平安科技(深圳)有限公司 | A kind of method, apparatus, storage medium and the computer equipment of certification communication |
| CN110213228B (en) * | 2019-04-25 | 2021-09-07 | 平安科技(深圳)有限公司 | Method, device, storage medium and computer equipment for authenticating communication |
| CN112187454A (en) * | 2020-09-14 | 2021-01-05 | 国网浙江省电力有限公司信息通信分公司 | Key management method and system based on block chain |
| CN112187454B (en) * | 2020-09-14 | 2022-12-02 | 国网浙江省电力有限公司 | Key management method and system based on block chain |
| CN112333701A (en) * | 2020-10-23 | 2021-02-05 | 中国科学技术大学 | Cross-domain authentication method based on identity in large-scale Internet of things scene |
| CN112333701B (en) * | 2020-10-23 | 2021-12-10 | 中国科学技术大学 | Cross-domain authentication method based on identity in large-scale Internet of things scene |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101883115B (en) | 2013-04-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101883115B (en) | Access authentication method and system thereof | |
| Zhang et al. | Blockchain-assisted public-key encryption with keyword search against keyword guessing attacks for cloud storage | |
| CN110311883A (en) | Identity management method, equipment, communication network and storage medium | |
| CN105577383A (en) | Management of cryptographic keys | |
| AU2006205987A1 (en) | Identifier-based private key generating method and device | |
| CN110278086A (en) | Compatibility method, device, terminal, system and storage medium based on CPK and PKI | |
| CN110881177A (en) | Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing | |
| CN110913390A (en) | Anti-quantum computing vehicle networking method and system based on identity secret sharing | |
| CN108259413A (en) | It is a kind of to obtain certificate, the method for authentication and the network equipment | |
| US20230362002A1 (en) | Systems and methods for block data security for digital communications from a physical device | |
| Bhattacharjya et al. | Present scenarios of IoT projects with security aspects focused | |
| Srikanth et al. | An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems | |
| Li et al. | An identity-based data integrity auditing scheme for cloud-based maritime transportation systems | |
| Ma et al. | Decentralized privacy-preserving reputation management for mobile crowdsensing | |
| CN113079177B (en) | Remote sensing data sharing method based on time and decryption frequency limitation | |
| CN113709191A (en) | Method for safely adjusting deterministic time delay | |
| CN111343273A (en) | Attribute-based strategy hiding outsourcing signcryption method in Internet of vehicles environment | |
| CN109412809A (en) | SDN information access control method based on identifiable stratification encryption attribute | |
| Zhang et al. | An improved scheme for key management of RFID in vehicular Adhoc networks | |
| Wang et al. | Identity-based cross-domain authentication by blockchain via pki environment | |
| Cahyadi et al. | An improved efficient authentication scheme for vehicular ad hoc networks with batch verification using bilinear pairings | |
| EP3729850B1 (en) | A method for controlling by a server the use of at least one data element of a data owner | |
| Wang et al. | Analysis and Design of Identity Authentication for IoT Devices in the Blockchain Using Hashing and Digital Signature Algorithms | |
| Wang et al. | A privacy enhancement scheme based on blockchain and blind signature for Internet of vehicles | |
| CN112560073A (en) | Method, device and system for verifying data source reliability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130417 Termination date: 20190625 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |