CN103327489B - The method and system of certification - Google Patents
The method and system of certification Download PDFInfo
- Publication number
- CN103327489B CN103327489B CN201310269549.6A CN201310269549A CN103327489B CN 103327489 B CN103327489 B CN 103327489B CN 201310269549 A CN201310269549 A CN 201310269549A CN 103327489 B CN103327489 B CN 103327489B
- Authority
- CN
- China
- Prior art keywords
- client
- authentication
- information
- signature
- communication server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004891 communication Methods 0.000 claims abstract description 127
- 238000004364 calculation method Methods 0.000 claims abstract description 5
- 230000005540 biological transmission Effects 0.000 description 15
- 238000012790 confirmation Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000002035 prolonged effect Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of method and system of certification.It is related to communication technical field.Solve when being authenticated to client, the problem that the identity information of client is stolen.Method in the present invention can specifically include:Client is sent for indicating that client performs the certification request of authentication operation with the communication server to the communication server;Client performs authentication operation with the communication server according to echo message, the echo message includes any information different from client identity information and obtained according to P signature calculations by client, determines whether client is configured with legal P signatures for the communication server;The communication server sends authentication response to client, and the authentication response is used to characterize client whether certification success.Can be applicable in device authentication.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and a system for authentication.
Background
The increasingly popular mobile internet brings convenience to communication and information sharing for users and also brings new challenges to security. Due to the openness of the wireless mobile network, wireless communication data is easier to intercept, monitor and tamper, which poses great threat to user privacy. Conventional identity authentication techniques may reveal private information of the authenticated client, such as identity information and the like. Anonymous authentication techniques may prevent the leakage of identity information during the authentication process.
In the prior art authentication process, anonymous authentication of a client to a server requires the assistance of an authentication authority. The authentication process may include: the client sends the blinded identity information to the server, and the server signs the blinded identity information to generate first authentication information and sends the first authentication information back to the client; the client generates a blinded service request and sends the identity information, the blinded service request and the first authentication information of the client to an authentication mechanism for requesting assistance; the authentication mechanism signs the blinded service request according to the received identity information and the first authentication information to generate second authentication information; the client sends the blinded service request and the second authentication information to the server; and the server realizes the authentication of the terminal by verifying the second authentication information.
In the process of implementing the above authentication, the inventor finds that at least the following problems exist in the prior art: the openness of mobile wireless communication enables data transmission between the client and the server to be easily monitored by an attacker, and if the data transmission is monitored by the attacker in the authentication process, the attacker can acquire the identity information of the client, so that the identity information is leaked.
Disclosure of Invention
The embodiment of the invention provides an authentication method and an authentication system, after the scheme is adopted, a communication server authenticates a client according to whether the client is configured with a legal P signature, and identity information of the client is not transmitted in the authentication process, so that the identity information is prevented from being stolen in the transmission process.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, a method of authentication is provided, including:
a client sends an authentication request for instructing the client to execute authentication operation with a communication server to the communication server;
the client executes authentication operation with the communication server according to response information, wherein the response information comprises any information different from the client identity information and is obtained by the client through calculation according to the P signature, and the response information is used for the communication server to determine whether the client is configured with a legal P signature; the response information; and the communication server sends an authentication response to the client, wherein the authentication response is used for representing whether the client is successfully authenticated.
In a second aspect, there is provided another system for authentication, comprising:
a client and a communication server, wherein:
the client comprises: a first transmitting unit and an authentication unit;
the first sending unit is used for sending an authentication request for instructing the client to execute authentication operation with the communication server to the communication server;
the authentication unit is used for executing authentication operation with the communication server according to response information so that the communication server determines whether the client is configured with a legal P signature according to the response information, the response information is calculated by the client according to the P signature, and any information included in the response information is different from identity information of the client;
the communication server includes: a second transmitting unit;
the second sending unit is configured to send an authentication response to the client, where the authentication response is used to characterize whether the client successfully authenticates.
With the above scheme, the communication server may authenticate the client according to whether the client is configured with a valid P-signature, specifically, if the client is configured with the P-signature, the client is authenticated successfully, and if the client is not configured with the P-signature, the client is authenticated unsuccessfully. Specifically, whether the client is configured with a legal P-signature may be determined according to the response information, and the response information includes any information different from the client identity information, in other words, in the authentication process, the identity information of the client is not transmitted between the client and the communication server, so that the identity information is prevented from being stolen in the transmission process, and the security of the identity information is increased.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of an authentication method provided in this embodiment;
fig. 2 is a flowchart of another authentication method provided in this embodiment;
fig. 3 is a data interaction diagram of the authentication operation provided in the present embodiment;
fig. 4 is a data interaction diagram of an authentication operation in a specific scenario provided in the present embodiment;
fig. 5 is a schematic structural diagram of an authentication system provided in this embodiment;
fig. 6 is a schematic structural diagram of another authentication system provided in this embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to solve the problems mentioned in the background art, the present embodiment provides an authentication method, as shown in fig. 1, which may include:
101. the client sends an authentication request to the communication server.
Wherein the authentication request may be used to instruct the client to perform an authentication operation with the communication server.
As an implementation manner of this embodiment, before the client and the communication server perform corresponding operations, the communication server needs to authenticate the client, and after the authentication is successful, the client and the communication server may perform corresponding operations, where the corresponding operations may include: service provisioning, etc.
102. The client executes authentication operation with the communication server according to the response information, so that the communication server determines whether the client is configured with a legal P signature according to the response information.
The response information is calculated by the client according to the P signature, and any information included in the response information is different from the identity information of the client, that is, the response information does not include the identity information of the client.
As an implementation manner of this embodiment, if the client is configured with a valid P-signature, the client authentication is successful, otherwise, the client is not authenticated successfully.
The P-signature is a signature that can determine whether a device is configured with the P-signature without knowing the P-signature itself, and the P-signature can be configured by the authentication server according to the identity information of the client.
The authentication server and the communication server may be two servers independent of each other.
The P-signature and the method for obtaining the P-signature are not limited in this embodiment, and are well known to those skilled in the art, and are not described herein again.
103. The communication server sends an authentication response to the client.
Wherein, the authentication response can be used for characterizing whether the client is successfully authenticated. The client may correspondingly determine an authentication result (i.e., whether the authentication is successful) according to the received authentication, and then may perform subsequent steps according to the authentication result.
After the scheme is adopted, the communication server can authenticate the client according to whether the client is configured with a legal P signature, specifically, if the client is configured with the P signature, the client authentication is successful, and if the client is not configured with the P signature, the client authentication is failed. Specifically, whether the client is configured with a legal P-signature can be determined according to the response information, and any information contained in the response information is different from the identity information of the client, in other words, the identity information of the client is not transmitted between the client and the communication server in the authentication execution process, so that the identity information is prevented from being stolen in the transmission process, and the security of the identity information is increased.
The present embodiment provides another authentication method, which is a further extension and specific limitation on each step in the method shown in fig. 1, and as shown in fig. 2, the method may include:
201. the client acquires the P signature from the authentication server.
Specifically, the client acquiring the P signature from the authentication server may include:
the client sends identity information to the authentication server; the authentication server generates a P signature according to the identity information; and sending the P signature to a corresponding client. The P signatures of different clients are different, and the unique corresponding relation exists between the P signatures and the clients.
The P-signature and the method for obtaining the P-signature are not limited in this embodiment, and are well known to those skilled in the art, and are not described herein again.
As an implementation manner of this embodiment, the client may acquire the P-signature from the authentication server at any time before authentication. Because the devices are communicated before authentication, the transmission identity can not be stolen at the moment.
As a preferred implementation manner of this embodiment, when the client performs initialization setting, the client acquires a P signature from the authentication server.
It should be noted that the client may acquire the P-signature from the authentication server at any time before performing the authentication operation, and is not limited to the scenario in which the client acquires the P-signature from the authentication server when the client performs the initialization setting.
Further, the P-signature may be used to characterize the identity of the client, but the P-signature is different from the identity information of the client.
202. The client sends an authentication request to the communication server.
Wherein the authentication request may be used to instruct the client to perform an authentication operation with the communication server.
As an implementation manner of this embodiment, before the communication server provides the required service to the client, the client may send a service request to the communication server; the communication server sends a confirmation message to the client; the client and the communication server execute authentication operation, and the communication server provides the required service for the client only after the authentication is successful.
The authentication server and the communication server may be two servers independent of each other.
203. The communication server receives an authentication request sent by the client.
204. The client executes authentication operation with the communication server according to the response information, so that the communication server determines whether the client is configured with a legal P signature according to the response information.
The response information includes any information different from the identity information of the client, that is, the response information does not include the identity information of the client.
As an implementation manner of this embodiment, this embodiment may use a commitment challenge response protocol to perform an authentication operation, as shown in fig. 3, which specifically includes:
1. the client sends randomly acquired commitment information to the communication server;
the commitment information includes any information different from the identity information of the client, that is, the commitment information does not include the identity information of the client.
The values of the commitment information may be, but are not limited to: 1. 2, 3, etc.
2. The communication server sends randomly acquired challenge information to the client;
the challenge information includes any information different from the identity information of the client, that is, the challenge information does not include the identity information of the client.
The values of the challenge information may be, but are not limited to: 1. 2, 3, etc.
3. The client receives challenge information sent by the communication server;
4. the client generates response information according to the commitment challenge response protocol;
the calculation method of the response information may be calculated according to a specified formula in the commitment challenge response protocol, where the specified formula may include the following parameters: p-signature, commitment information and challenge information;
as an implementation manner of this embodiment, the client runs the response information generation algorithm specified in the commitment challenge response protocol with the P signature, the commitment information, and the challenge information as parameters, and takes the result rep output by the algorithm as response information, that is: rep ← Generation.
The algorithm generation is not limited in this embodiment, but is a technique known to those skilled in the art, for example, an effective algorithm predetermined in the commitment challenge response protocol can be used to implement the response information generation function, and details thereof are not repeated herein.
5. The client sends response information to the communication server;
6. the communication server receives response information sent by the client;
7. the communication server judges whether the client is configured with a legal P signature according to the promised challenge response protocol and the response information.
The method for judging whether the client is configured with a legal P signature can comprise the following steps:
firstly, a corresponding reference value is calculated according to a specified formula in the commitment challenge response protocol, then, whether the reference value falls into a specified interval set in the commitment challenge response protocol or not is judged, if the reference value falls into the specified interval, the client is configured with a legal P signature, and if the reference value does not fall into the specified interval, the client is not configured with the legal P signature (or not configured with the P signature and the like). Wherein specifying parameters in the formula may include: response information, commitment information and challenge information.
As an implementation manner of this embodiment, the process of determining whether the client is configured with a valid P signature is:
after receiving the response information, the communication server firstly uses the commitment information, the challenge information and the response information as parameters, runs a specified algorithm Ver in a commitment challenge response protocol, and stores an output result r of the algorithm, namely r ← Ver; further, the communication server compares the r value with a predetermined legal interval in the commitment challenge response protocol, if r falls within the legal interval, the communication server considers that the client is configured with a legal P signature, and the authentication is successful, otherwise, the communication server considers that the client is not configured with the legal P signature, and the authentication is unsuccessful.
The algorithm Ver is not limited in this embodiment, and is a technique well known to those skilled in the art, for example, it may be a predetermined effective algorithm in the commitment challenge response protocol; the legal interval against which the r value is compared may also be a predetermined interval in the commitment challenge response protocol, in which a small number of specified values are stored.
The method for generating the response message in step 4 and the method for determining whether the client is configured with the valid P signature in step 7 are not limited in this embodiment, for example, they may be calculated according to a corresponding specific formula in the commitment challenge response protocol, which is a technique well known to those skilled in the art, and may be set according to actual needs, and will not be described herein again.
The commitment challenge response protocol is not limited in this embodiment, and is well known in the art, and will not be described herein.
It should be noted that, when performing an authentication operation, since the client does not transmit the identity information to the communication server, the communication server may only determine whether the client is configured with a valid P-signature, and cannot determine which client the client performing the authentication operation is, when the communication server needs to send challenge information or an authentication response to the client, the communication server may first determine an address of a destination client according to information such as a bottom IP (Internet Protocol, Protocol for interconnection between networks) address of information sent by the corresponding client, and then may send the challenge information or the authentication response to the destination client according to the address of the destination client.
The method for determining the address of the destination client by the communication server in this embodiment is not limited, and is a technique well known to those skilled in the art, and may be set according to actual needs, which is not described herein again.
It can be seen from the above contents that, in the process of performing the authentication operation, the commitment information, the challenge information and the response information transmitted between the client and the communication server do not include the identity information of the client, that is, in the process of performing the authentication operation, the identity information and the P signature of the client are not transmitted between the client and the communication server, so that the identity information and the theft of the client in the process of performing the authentication operation are avoided, and the anonymity of the authentication is effectively ensured.
In addition, in the authentication method of the embodiment, the client communicates with the authentication server only once before the authentication operation is performed for acquiring the P-signature, and the client does not perform any data transmission with the authentication server during the authentication operation, so that the problem of prolonged response time of the communication server due to the communication between the client and the authentication server during the authentication operation is avoided.
205. The communication server sends an authentication response to the client.
The authentication response may be used to characterize whether the client successfully authenticates, and the client may correspondingly determine an authentication result (i.e., whether the authentication is successful) according to the received authentication, and then may perform subsequent steps according to the authentication result.
If the client authentication is successful, the client and the communication device may perform corresponding operations, for example, may provide a desired service to the client for the communication server.
If the authentication of the client fails, the client may perform the authentication operation again with the communication server. Until the authentication is successful; or,
if the authentication of the client fails, the client may end the authentication process.
The operation executed after the authentication of the client is failed is not limited in this embodiment, and may be set according to actual needs, which is not described herein again.
After the scheme is adopted, the communication server can authenticate the client according to whether the client is configured with a legal P signature, specifically, if the client is configured with the P signature, the client authentication is successful, and if the client is not configured with the P signature, the client authentication is failed. Specifically, whether the client is configured with a legal P-signature can be determined according to the response information, and any information contained in the response information is different from the identity information of the client, in other words, the identity information of the client is not transmitted between the client and the communication server in the authentication execution process, so that the identity information is prevented from being stolen in the transmission process, and the security of the identity information is increased.
In addition, in the authentication method of the embodiment, the client communicates with the authentication server only once before the authentication operation is performed for acquiring the P-signature, and the client does not perform any data transmission with the authentication server during the authentication operation, so that the problem of prolonged response time of the communication server due to the communication between the client and the authentication server during the authentication operation is avoided.
In order to better understand the above embodiments, the above embodiments are described below with reference to specific scenarios.
Wherein, the scene can include: the client registers to an authentication server and acquires a P signature; when a client needs a communication server to provide required services, the client requests the communication server for the services, and the client firstly sends a service request to the communication server; and the communication server sends confirmation information to the client after receiving the service request, wherein the confirmation information is used for indicating the client and the communication server to execute authentication operation. In this scenario, after the client successfully registers with the authentication server, the client requests a service from the communication server.
Specifically, as shown in fig. 4, the method may include:
1. the client sends the identity information of the client to the communication server;
2. the communication server verifies the client according to the received identity information, if the verification is successful, the step 3 is executed, and if the verification is unsuccessful, a registration failure message is sent to the client;
3. the communication server generates a P signature according to the identity information by adopting a corresponding signature algorithm;
4. the communication server sends a P signature to the client;
5. the client receives and stores the P signature;
6. the client sends a service request to the communication server;
7. the communication server sends confirmation information to the client after receiving the service request;
8. after receiving the confirmation information, the client sends randomly acquired commitment information to the communication server; the communication server sends randomly acquired challenge information to the client;
9. the client calculates response information according to the received challenge information, the commitment information, the P signature and the commitment challenge response protocol;
10. sending response information to the communication server;
11. the communication server judges whether the client is configured with a P signature according to the received response information, the commitment information, the challenge information and the commitment challenge response protocol, if so, the client is successfully authenticated, and if not, the client is failed to authenticate;
12. the communication server sends an authentication response to the client.
Wherein, any information included in the response information is different from the identity information of the client; the arbitrary information included in the commitment information is different from the identity information of the client; the challenge information includes any information that is not identical to the identity information of the client.
In this embodiment, the communication server may authenticate the client according to whether the client is configured with a valid P-signature, specifically, if the client is configured with the P-signature, the client authentication is successful, and if the client is not configured with the P-signature, the client authentication is failed. Specifically, whether the client is configured with a legal P-signature can be determined according to the response information, and any information contained in the response information is different from the identity information of the client, in other words, the identity information of the client is not transmitted between the client and the communication server in the authentication execution process, so that the identity information is prevented from being stolen in the transmission process, and the security of the identity information is increased.
In addition, in the authentication method of the embodiment, the client communicates with the authentication server only once before the authentication operation is performed for acquiring the P-signature, and the client does not perform any data transmission with the authentication server during the authentication operation, so that the problem of prolonged response time of the communication server due to the communication between the client and the authentication server during the authentication operation is avoided.
System embodiments are provided below, which correspond to the respective method embodiments provided above.
The present embodiment provides an authentication system, as shown in fig. 5, which may include:
a client 51 and a communication server 52, wherein:
the client 51 includes: a first transmission unit 511 and an authentication unit 512;
a first transmitting unit 511 configured to transmit an authentication request to the communication server 52, the authentication request instructing the client 51 to perform an authentication operation with the communication server 52;
an authentication unit 512, configured to perform an authentication operation with the communication server 52 according to response information, so that the communication server 52 determines whether the client 51 is configured with a valid P-signature according to the response information, where the response information is calculated by the client 51 according to the P-signature, and any information included in the response information is different from the identity information of the client 51;
the communication server 52 includes: a second transmitting unit 521;
a second sending unit 521, configured to send an authentication response to the client 51, where the authentication response is used to characterize whether the client 51 has successfully authenticated.
After the scheme is adopted, the communication server can authenticate the client according to whether the client is configured with a legal P signature, specifically, if the client is configured with the P signature, the client authentication is successful, and if the client is not configured with the P signature, the client authentication is failed. Specifically, whether the client is configured with a legal P-signature can be determined according to the response information, and any information contained in the response information is different from the identity information of the client, in other words, the identity information of the client is not transmitted between the client and the communication server in the authentication execution process, so that the identity information is prevented from being stolen in the transmission process, and the security of the identity information is increased.
The present embodiment provides another authentication system, which is a further limitation of the authentication system shown in fig. 5, and as shown in fig. 6, the authentication system may include:
a client 61 and a communication server 62, wherein:
the client 61 includes: a first transmitting unit 611, an authentication unit 612;
a first sending unit 611 configured to send an authentication request to the communication server 62, the authentication request instructing the client 61 to perform an authentication operation with the communication server 62;
an authentication unit 612, configured to perform an authentication operation with the communication server 62 according to the response information, so that the communication server 62 determines whether the client 61 is configured with a valid P-signature according to the response information, where the response information is calculated by the client 61 according to the P-signature, and any information included in the response information is different from the identity information of the client 61;
the communication server 62 includes: a second transmitting unit 621;
a second sending unit 621, configured to send an authentication response to the client 61, where the authentication response is used to characterize whether the client 61 has successfully authenticated.
Further, the client 61 further includes: an acquisition unit 613;
an obtaining unit 613, configured to obtain a P-signature from the authentication server, where the P-signature is generated by the authentication server according to the identity information of the client 61, and the identity information is sent by the client 61 to the authentication server.
Further, the obtaining unit 613 is specifically configured to, when the client 61 performs initialization setting, obtain the P signature from the authentication server by the client 61.
Further, the authentication unit 612 includes:
a generating module 6121, configured to generate response information according to the commitment challenge response protocol;
a sending module 6122, configured to send response information to the communication server;
the communication server 62 further includes: a judging unit 622;
the determining unit 622 is configured to determine whether the ue 61 is configured with the P signature according to the commitment challenge response protocol and the response message.
Further, the P signature obtained by the obtaining unit 613 is used for characterizing the identity of the client 61.
After the scheme is adopted, the communication server can authenticate the client according to whether the client is configured with a legal P signature, specifically, if the client is configured with the P signature, the client authentication is successful, and if the client is not configured with the P signature, the client authentication is failed. Specifically, whether the client is configured with a legal P-signature can be determined according to the response information, and any information contained in the response information is different from the identity information of the client, in other words, the identity information of the client is not transmitted between the client and the communication server in the authentication execution process, so that the identity information is prevented from being stolen in the transmission process, and the security of the identity information is increased.
In addition, in the authentication method of the embodiment, the client communicates with the authentication server only once before the authentication operation is performed for acquiring the P-signature, and the client does not perform any data transmission with the authentication server during the authentication operation, so that the problem of prolonged response time of the communication server due to the communication between the client and the authentication server during the authentication operation is avoided.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present invention may be implemented by software plus necessary general hardware, and certainly may also be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present invention may be substantially implemented or a part of the technical solutions contributing to the prior art may be embodied in the form of a software product, which is stored in a readable storage medium, such as a floppy disk, a hard disk, or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (6)
1. A method of authentication, comprising:
a client acquires a P signature from an authentication server, wherein the P signature is generated by the authentication server according to identity information of the client, and the identity information is sent to the authentication server by the client;
the client sends an authentication request for instructing the client to execute authentication operation with the communication server to the communication server;
the client generates response information according to a commitment challenge response protocol, wherein the response information comprises any information different from the client identity information and is obtained by the client through calculation according to the P signature, the commitment information and the challenge information and is used for the communication server to determine whether the client is configured with a legal P signature;
the client sends the response information to the communication server;
the communication server judges whether the client is configured with the P signature according to the promised challenge response protocol and the response information;
and the communication server sends an authentication response to the client, wherein the authentication response is used for representing whether the client is successfully authenticated.
2. The method according to claim 1, wherein the step of the client obtaining the P-signature from the authentication server specifically comprises:
and when the client side carries out initialization setting, the client side acquires the P signature from the authentication server.
3. The method of claim 1, wherein the P-signature is used to characterize the identity of the client, and wherein a unique correspondence exists between the P-signature and the client.
4. A system for authentication, comprising: a client and a communication server, wherein:
the client comprises: the device comprises an acquisition unit, a first sending unit and an authentication unit;
the acquiring unit is used for acquiring a P signature from an authentication server, wherein the P signature is generated by the authentication server according to the identity information of the client, and the identity information is sent to the authentication server by the client;
the first sending unit is used for sending an authentication request for instructing the client to execute authentication operation with the communication server to the communication server;
the authentication unit is used for executing authentication operation with the communication server according to response information, wherein the response information comprises any information different from the client identity information and is obtained by the client through calculation according to a P signature, commitment information and challenge information, and the response information is used for determining whether the client is configured with a legal P signature or not by the communication server;
the authentication unit includes: the generating module is used for generating the response information according to a commitment challenge response protocol; a sending module, configured to send the response information to the communication server;
the communication server includes: a judging unit and a second sending unit;
the determining unit is configured to determine whether the client is configured with the P-signature according to the commitment challenge response protocol and the response information;
the second sending unit is configured to send an authentication response to the client, where the authentication response is used to characterize whether the client successfully authenticates.
5. The system according to claim 4, wherein the obtaining unit is specifically configured to, when the client performs initialization setting, obtain the P-signature from the authentication server.
6. The system according to claim 4, wherein the P-signature obtained by the obtaining unit is used to characterize the identity of the client, and there is a unique correspondence with the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310269549.6A CN103327489B (en) | 2013-06-28 | 2013-06-28 | The method and system of certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310269549.6A CN103327489B (en) | 2013-06-28 | 2013-06-28 | The method and system of certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103327489A CN103327489A (en) | 2013-09-25 |
| CN103327489B true CN103327489B (en) | 2017-04-05 |
Family
ID=49195967
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310269549.6A Active CN103327489B (en) | 2013-06-28 | 2013-06-28 | The method and system of certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103327489B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005101727A1 (en) * | 2004-04-15 | 2005-10-27 | Matsushita Electric Industrial Co., Ltd. | Communication device, communication system, and authentication method |
| CN102238192A (en) * | 2010-07-27 | 2011-11-09 | 微软公司 | Anonymous health care and record system |
| CN102546179A (en) * | 2011-12-31 | 2012-07-04 | 珠海市君天电子科技有限公司 | Identity authentication method applied between server side and client side |
| CN102663591A (en) * | 2012-03-19 | 2012-09-12 | 樊俊锋 | Product anti-counterfeiting method and system based on electronic tag |
| CN102801528A (en) * | 2012-08-17 | 2012-11-28 | 珠海市载舟软件技术有限公司 | Authentication system and method based on intelligent mobile communication equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100499453C (en) * | 2004-07-29 | 2009-06-10 | 华为技术有限公司 | Method of the authentication at client end |
| CN101924635B (en) * | 2010-08-04 | 2013-02-13 | 吴晓军 | Method and device for user identity authentication |
-
2013
- 2013-06-28 CN CN201310269549.6A patent/CN103327489B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005101727A1 (en) * | 2004-04-15 | 2005-10-27 | Matsushita Electric Industrial Co., Ltd. | Communication device, communication system, and authentication method |
| CN102238192A (en) * | 2010-07-27 | 2011-11-09 | 微软公司 | Anonymous health care and record system |
| CN102546179A (en) * | 2011-12-31 | 2012-07-04 | 珠海市君天电子科技有限公司 | Identity authentication method applied between server side and client side |
| CN102663591A (en) * | 2012-03-19 | 2012-09-12 | 樊俊锋 | Product anti-counterfeiting method and system based on electronic tag |
| CN102801528A (en) * | 2012-08-17 | 2012-11-28 | 珠海市载舟软件技术有限公司 | Authentication system and method based on intelligent mobile communication equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103327489A (en) | 2013-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102549272B1 (en) | Method and Apparatus for Authenticated Key Exchange Using Password and Identity-based Signature | |
| US11729612B2 (en) | Secure BLE just works pairing method against man-in-the-middle attack | |
| CN113099443B (en) | Equipment authentication method, device, equipment and system | |
| CN109246053B (en) | A data communication method, apparatus, device and storage medium | |
| CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
| Eldefrawy et al. | OTP-based two-factor authentication using mobile phones | |
| US10411884B2 (en) | Secure bootstrapping architecture method based on password-based digest authentication | |
| US8285989B2 (en) | Establishing a secured communication session | |
| CN109413201B (en) | SSL communication method, device and storage medium | |
| CN109729523B (en) | Terminal networking authentication method and device | |
| CN101204067B (en) | Method and apparatus for securely computing a time-based length between two devices | |
| US10158608B2 (en) | Key establishment for constrained resource devices | |
| TW201706900A (en) | Method and device for authentication using dynamic passwords | |
| US10693879B2 (en) | Methods, devices and management terminals for establishing a secure session with a service | |
| CN104135494A (en) | Same-account incredible terminal login method and system based on credible terminal | |
| CN111405036A (en) | Service access method, device, related equipment and computer readable storage medium | |
| KR100842267B1 (en) | Integrated user authentication server, client and method in a system with multiple authentication means | |
| CN112312393A (en) | 5G application access authentication method and 5G application access authentication network architecture | |
| CN105681259A (en) | Open authorization method and apparatus and open platform | |
| WO2011063744A1 (en) | Method, system and device for identity authentication in extensible authentication protocol (eap) authentication | |
| CN105656854B (en) | A method, device and system for verifying the source of wireless local area network users | |
| WO2023124958A1 (en) | Key update method, server, client and storage medium | |
| CN111031540A (en) | Wireless network connection method and computer storage medium | |
| CN116707961A (en) | User authentication method, computer device, and computer storage medium | |
| Dey et al. | A light-weight authentication scheme based on message digest and location for mobile cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |