[go: up one dir, main page]

CN110225011B - Authentication method and device for user node and computer readable storage medium - Google Patents

Authentication method and device for user node and computer readable storage medium Download PDF

Info

Publication number
CN110225011B
CN110225011B CN201910459798.9A CN201910459798A CN110225011B CN 110225011 B CN110225011 B CN 110225011B CN 201910459798 A CN201910459798 A CN 201910459798A CN 110225011 B CN110225011 B CN 110225011B
Authority
CN
China
Prior art keywords
node
isp
information
user
isp node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910459798.9A
Other languages
Chinese (zh)
Other versions
CN110225011A (en
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201910459798.9A priority Critical patent/CN110225011B/en
Publication of CN110225011A publication Critical patent/CN110225011A/en
Application granted granted Critical
Publication of CN110225011B publication Critical patent/CN110225011B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an authentication method and equipment of a user node and a computer readable storage medium. In the embodiment of the invention, the hash value of the information of the first ISP node is sent to the user node for the first time by the first ISP node, the second message is sent to the second ISP node by the first ISP node, so that the second message is encrypted by the second ISP node by adopting the shared key between the second ISP node and the user node to obtain the encrypted information, the encrypted information and the information of the first ISP node are sent to the user node for the second time by the first ISP node, the encrypted information can be decrypted by the user node to obtain the decryption result, and if the decryption result is consistent with the second message, the first ISP node determines that the user node is authenticated, thereby realizing the authentication of the first ISP node to the user node and improving the communication security between the first ISP node and the user node.

Description

Authentication method and device for user node and computer readable storage medium
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to an authentication method and equipment for a user node and a computer readable storage medium.
Background
With the development of the intelligent terminal, a user can install various different Application programs (APPs) on the intelligent terminal, and the different APPs can provide different services for the user.
However, when a user installs an APP on an intelligent terminal, the user needs to register on an Internet Service Provider (ISP) server corresponding to the APP, and since Internet Service providers of different APPs are different, the user needs to register on different ISP servers. With the increasing number of APPs installed on the intelligent terminal by the user, if the user names and passwords registered on different ISP servers by the user are the same, the user names and passwords are easily leaked. If the user names and passwords registered by the user on different ISP servers are different, the user names and passwords corresponding to the APPs are difficult to remember by the user. In order to solve the problem, the prior art proposes to construct a federation block chain by using a large ISP node, for example, Facebook, twitter, wechat, pay pal, or the like, and after a user registers a user name and a password in a certain large ISP node, the large ISP node can provide query service of the user name and the password for other ISP nodes in the federation block chain, for example, a small ISP node.
In the prior art, when a user node communicates with a small ISP node, the authentication of the small ISP node on the user node is lacked, so that the communication security between the small ISP node and the user node is low.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for authenticating a user node, and a computer-readable storage medium, so as to implement authentication of a first ISP node with respect to the user node, and improve security of communication between the first ISP node and the user node.
In a first aspect, an embodiment of the present invention provides an authentication method for a user node, including:
a first Internet Service Provider (ISP) receives an access request sent by a user node, wherein the user node is not registered in the first ISP node;
the first ISP node sends a first message to the user node, wherein the first message comprises a hash value of information of the first ISP node;
the first ISP node sends a second message to a second ISP node, wherein the second message comprises a random number and identification information of the user node, and the user node is registered in the second ISP node;
the first ISP node receives encrypted information sent by the second ISP node, wherein the encrypted information is obtained by encrypting the second message by the second ISP node by adopting a shared key between the second ISP node and the user node;
after the first ISP node receives the confirmation information of the user node to the first message, the first ISP node sends the encryption information and the information of the first ISP node to the user node;
the first ISP node receives a decryption result obtained after the user node decrypts the encrypted information;
and if the decryption result is consistent with the second message, the first ISP node determines that the user node is authenticated.
In a second aspect, an embodiment of the present invention provides an authentication method for a user node, including:
a user node sends an access request to a first ISP node, wherein the user node is not registered in the first ISP node;
the user node receives a first message sent by the first ISP node, wherein the first message comprises a hash value of information of the first ISP node;
the user node transmitting confirmation information to the first ISP node confirming receipt of the first message;
the user node receives encrypted information sent by the first ISP node and information of the first ISP node, wherein the encrypted information is obtained by encrypting a second message by a second ISP node by using a shared key between the second ISP node and the user node, the second message comprises a random number and identification information of the user node, and the user node is registered in the second ISP node;
the user node decrypts the encrypted information by adopting a shared key between the second ISP node and the user node to obtain a decryption result;
and the user node sends the decryption result to the first ISP node.
In a third aspect, an embodiment of the present invention provides a first ISP node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving an access request sent by a user node through the communication interface, wherein the user node is not registered in the first ISP node; .
Sending a first message to the user node via the communication interface, the first message including a hash value of information of the first ISP node;
sending a second message to a second ISP node via the communication interface, the second message including a random number and identification information of the user node, the user node having registered with the second ISP node;
receiving, by the communication interface, encrypted information sent by the second ISP node, where the encrypted information is obtained by encrypting, by the second ISP node, the second message using a shared key between the second ISP node and the user node;
after receiving confirmation information of the user node on the first message through the communication interface, sending the encrypted information and the information of the first ISP node to the user node through the communication interface;
receiving a decryption result obtained after the user node decrypts the encrypted information through the communication interface;
and if the decryption result is consistent with the second message, determining that the user node is authenticated.
In a fourth aspect, an embodiment of the present invention provides a user node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending an access request to a first ISP node through the communications interface, the user node not being registered with the first ISP node;
receiving a first message sent by the first ISP node through the communication interface, wherein the first message comprises a hash value of information of the first ISP node;
sending confirmation information to the first ISP node through the communication interface confirming receipt of the first message;
receiving, by the communication interface, encrypted information sent by the first ISP node and information of the first ISP node, where the encrypted information is obtained by encrypting, by a second ISP node, a second message by using a shared key between the second ISP node and the user node, where the second message includes a random number and identification information of the user node, and the user node is registered in the second ISP node;
decrypting the encrypted information by using a shared key between the second ISP node and the user node to obtain a decryption result;
and sending the decryption result to the first ISP node through the communication interface.
In a fifth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the method of the first aspect or the second aspect.
The authentication method, device and computer-readable storage medium for a user node according to embodiments of the present invention send a hash value of information of a first ISP node to a user node for the first time by a first ISP node, send a second message to a second ISP node by the first ISP node, so that the second ISP node encrypts the second message by using a shared key between the second ISP node and the user node to obtain encrypted information, send the encrypted information and the information of the first ISP node to the user node for the second time by the first ISP node, so that the user node can obtain a decryption result by calculating a hash value of the information of the first ISP node, comparing whether the hash value calculated by the user node and the hash value sent by the first ISP node for the first time are consistent, and if so, the user node can determine that the encrypted information and the information of the first ISP node have not been tampered with each other, and further decrypt the encrypted information by the user node, and the decryption result is sent to the first ISP node, the first ISP node compares whether the decryption result is consistent with a second message sent to a second ISP node by the first ISP node, if so, the user node is determined to pass the authentication, the authentication of the first ISP node to the user node is realized, and the communication security between the first ISP node and the user node is improved.
Drawings
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
fig. 2 is a flowchart of an authentication method for a user node according to an embodiment of the present invention;
fig. 3 is a flowchart of an authentication method of a user node according to another embodiment of the present invention;
fig. 4 is a flowchart of an authentication method of a user node according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of a first ISP node according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a user node according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The authentication method of the user node provided by the embodiment of the invention can be applied to the communication system shown in fig. 1. As shown in fig. 1, the communication system includes: an internet service provider node 1-an internet service provider node 5, and a user node, wherein the internet service provider node 1 may be a small ISP node, and the internet service provider node 2-the internet service provider node 5 may be a large ISP node, e.g. a node of an internet service provider such as Facebook, twitter, wechat, payroll, etc. The user node may specifically be a user terminal device. Large ISP nodes such as internet service provider node 2-internet service provider node 5 may construct a federation blockchain. Optionally, each of the internet service provider node 2-internet service provider node 5 is accessed as a block chain service node in the federation block chain, and provides an identity authentication service for other ISP nodes or user nodes. Optionally, the creation block of the federation block chain stores information such as a block chain identifier, a public key, and an IP address of each of the internet service provider node 2 and the internet service provider node 5. The internet service provider node 2-internet service provider node 5 manages the federation blockchain as an established node of the federation blockchain. For example, the internet service provider node 2-internet service provider node 5 may decide whether to allow access to the federation blockchain for a certain ISP node, e.g., a certain small ISP node. For example, the internet service provider node 1 and the user node may be nodes that access the federation blockchain upon approval by the internet service provider node 2-the internet service provider node 5.
In this embodiment, it is assumed that the user node is registered at any one of the federation blockchain nodes of the internet service provider node 2-the internet service provider node 5, that is, the registration information of the user node is recorded at any one of the federation blockchain nodes of the internet service provider node 2-the internet service provider node 5, and is stored in the ledger of the federation blockchain. And the user node and the block chain alliance node have a shared key, namely the user node and the block chain alliance node communicate through the shared key. For example, the user node registers the user information with the internet service provider node 2, and the user node and the internet service provider node 2 have a shared key therebetween. The user node is not registered with a small ISP node, such as internet service provider node 1.
The authentication method of the user node provided by the embodiment of the invention aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of an authentication method for a user node according to an embodiment of the present invention. The embodiment of the invention provides an authentication method of a user node aiming at the technical problems in the prior art, which comprises the following specific steps:
step 201, a first internet service provider ISP receives an access request sent by a user node, wherein the user node is not registered in the first ISP node.
In this embodiment, the first internet service provider ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. The second ISP node in this embodiment may specifically be an internet service provider node 2 as shown in fig. 1. The user node has registered the user information on the internet service provider node 2. The blockchain network described in this embodiment may specifically be a network including federation blockchain nodes as described above.
For example, when the user node needs to log in to the small ISP node, the user node may send a login request or access request to the small ISP node. However, the login request or the access request does not include any information of the small ISP node, for example, the login request or the access request does not include the identification information and the public key of the small ISP node. The identification information of the small ISP node may be a block chain identification of the small ISP node. However, the login request or the access request may include identification information of the user node, for example, an ID of the user node.
Step 202, the first ISP node sends a first message to the user node, the first message including a hash value of the information of the first ISP node.
And when the small ISP node receives the login request or the access request of the user node, calculating the hash value of the information of the small ISP node according to a predetermined hash algorithm, and sending a first message to the user node, wherein the first message comprises the hash value of the information of the small ISP node. The predetermined hash algorithm may be a predetermined hash algorithm between the small ISP node and the user node.
Optionally, the information of the first ISP node includes: the identification information of the first ISP node and the public key of the first ISP node. For example, the information of the small ISP node may include identification information of the small ISP node and a public key of the small ISP node. That is, after the small ISP node receives the login request or the access request of the user node, the hash value of the identification information of the small ISP node and the public key of the small ISP node is calculated according to a predetermined hash algorithm. In addition, in other embodiments, when the small ISP node calculates the hash value, the information of the small ISP node may include not only the identification information of the small ISP node and the public key of the small ISP node, but also other information of the small ISP node.
Step 203, the first ISP node sends a second message to a second ISP node, where the second message includes a random number and identification information of the user node, and the user node is registered in the second ISP node.
While the small ISP node sends the first message to the user node, the small ISP node may send a second message to the second ISP node, the second message including a random number and identification information of the user node, wherein the random number may specifically be a random authentication factor. Optionally, the small ISP node may sign the random number and the identification information of the user node by using a block chain private key of the small ISP node to obtain signed information, and broadcast the signed information to the block chain network, so that a second ISP node in the block chain network may receive the signed information. And when the second ISP node receives the signed information, the public key of the small ISP node is adopted to verify the private key signature of the small ISP node, and if the verification is passed, the second ISP node adopts a shared key between the second ISP node and the user node and encrypts the second information according to a pre-agreed first encryption algorithm to obtain encrypted information. Optionally, the predetermined first encryption algorithm is a predetermined first encryption algorithm between the second ISP node and the user node. In other embodiments, after the second ISP node receives the second message, only part of the information in the second message may be encrypted by using the shared key, for example, only a random number, i.e., a random authentication factor, in the second message is encrypted to obtain encrypted information. Further, the second ISP node transmits the encrypted information to the small ISP node.
Step 204, the first ISP node receives the encrypted information sent by the second ISP node, where the encrypted information is obtained by the second ISP node encrypting the second message by using the shared key between the second ISP node and the user node.
Accordingly, the small ISP node receives the encrypted information sent by the second ISP node. In this embodiment, optionally, the encrypted information is obtained by encrypting, by the second ISP node, the random authentication factor by using a shared key between the second ISP node and the user node.
Step 205, after the first ISP node receives the confirmation information of the user node to the first message, the first ISP node sends the encrypted information and the information of the first ISP node to the user node.
After the user node receives the first message sent by the small ISP node, if the user node confirms that the first message is received, the user node sends confirmation information to the small ISP node, and after the small ISP node receives the confirmation information, the small ISP node sends the encryption information and the information of the small ISP node to the user node. For example, the small ISP node sends the encrypted information, the identification information of the small ISP node and the public key of the small ISP node to the user node. That is, the small ISP node transmits the encryption information, the identification information of the small ISP node, and the public key of the small ISP node to the user node together as a whole.
And step 206, the first ISP node receives a decryption result obtained by decrypting the encrypted information by the user node.
When the user node receives the encrypted information, the identification information of the mini ISP node and the public key of the mini ISP node, the user node calculates the hash value of the identification information of the mini ISP node and the public key of the mini ISP node by using the hash algorithm as described above, because the user node receives the first message sent by the mini ISP node in the above step 202, the first message includes the identification information of the mini ISP node and the hash value of the public key of the mini ISP node, after the user node calculates the hash value of the identification information of the mini ISP node and the public key of the mini ISP node by using the hash algorithm as described above, the user node further compares whether the hash value calculated by the user node itself and the hash value included in the first message are consistent, if so, the user node determines that the encrypted information, the identification information of the mini ISP node and the public key of the mini ISP node are not tampered, otherwise, the user node determines that the encryption information, the identification information of the small ISP node and the public key of the small ISP node are tampered.
In this embodiment, assuming that the user node determines that the encrypted information, the identification information of the small ISP node, and the public key of the small ISP node are not tampered, the user node further decrypts the encrypted information by using the decryption algorithm corresponding to the pre-agreed first encryption algorithm and the shared key between the user node and the second ISP node, so as to obtain a decryption result. Further, the user node transmits the decryption result to the small ISP node.
Step 207, if the decryption result is consistent with the second message, the first ISP node determines that the user node is authenticated.
And when the small ISP node receives the decryption result, comparing whether the decryption result is consistent with the second message or not. For example, when the second message sent by the small ISP node to the second ISP node includes the random number and the identification information of the user node, if the second ISP node encrypts only the random number to obtain the encrypted information as described above, after the mini ISP node transmits the encrypted information to the user node, the user node may decrypt the random number from the encrypted information, and transmit the random number to the mini-ISP node, the small ISP node may compare the random number decrypted by the user node with the random number included in the second message sent by the small ISP node to the second ISP node, if the user node and the small ISP node are consistent, the shared key used by the user node for decrypting the encrypted information is the same as the shared key used by the second ISP node for encrypting the random number, and the small ISP node determines that the user node is authenticated.
For another example, when the second message sent by the ISP node to the second ISP node includes the random number and the identification information of the user node, if the second ISP node encrypts the random number and the identification information of the user node as a whole to obtain the encrypted information as described above, after the ISP node sends the encrypted information to the user node, the user node may decrypt the random number and the identification information of the user node from the encrypted information, and send the random number and the identification information of the user node to the ISP node, and the ISP node may compare whether the random number decrypted by the user node is consistent with the random number included in the second message sent by the ISP node to the second ISP node, and compare whether the identification information of the user node decrypted by the user node and the identification information of the user node included in the second message sent by the ISP node to the second ISP node are the same or not, and compare whether the identification information of the user node decrypted by the user node and the identification information of the user node included in the second message sent by the ISP node to the second ISP node are the user node If the two are consistent, the shared key used when the user node decrypts the encrypted information is the same as the shared key used when the second ISP node encrypts the random number, and the small ISP node determines that the user node passes the authentication.
In the embodiment of the invention, the first ISP node sends the hash value of the information of the first ISP node to the user node for the first time, and the first ISP node sends the second message to the second ISP node, so that the second ISP node encrypts the second message by using the shared key between the second ISP node and the user node to obtain the encrypted information, the first ISP node sends the encrypted information and the information of the first ISP node to the user node for the second time, so that the user node can calculate the hash value of the information of the first ISP node, compare whether the hash value calculated by the user node is consistent with the hash value sent by the first ISP node for the first time, if so, the user node can determine that the encrypted information and the information of the first ISP node are not tampered, and further, the user node can decrypt the encrypted information to obtain a decryption result, and the decryption result is sent to the first ISP node, the first ISP node compares whether the decryption result is consistent with a second message sent to a second ISP node by the first ISP node, if so, the user node is determined to pass the authentication, the authentication of the first ISP node to the user node is realized, and the communication security between the first ISP node and the user node is improved.
On the basis of the foregoing embodiment, the receiving, by the first ISP node, a decryption result obtained by decrypting the encrypted information by the user node includes: the first ISP node receives the encrypted session key sent by the user node and a decryption result obtained by decrypting the encrypted information by the user node; after the first ISP node determines that the user node is authenticated, the method further comprises: and the first ISP node decrypts the encrypted session key to obtain the session key, wherein the session key is used for communication between the first ISP node and the user node.
For example, in step 206, while the user node sends the decryption result to the small ISP node, the user node may send an encrypted session key to the small ISP node, where the session key is a session key generated by the user node and used for communication between the small ISP node and the user node. Specifically, the user node may encrypt the session key by using the public key of the small ISP node and a second encryption algorithm agreed in advance to obtain the encrypted session key. Wherein the second pre-agreed encryption algorithm is a pre-agreed encryption algorithm between the user node and the small ISP node. The second encryption algorithm may be the same as or different from the first encryption algorithm in the above-described embodiment.
Accordingly, the small ISP node may receive the encrypted session key sent by the user node and the decryption result obtained by decrypting the encrypted information by the user node in the foregoing embodiment at the same time. When the small ISP node compares that the decryption result is consistent with the second message, and the user node is authenticated, the encrypted session key is further decrypted by using the decryption algorithm corresponding to the second encryption algorithm and the private key of the small ISP node, so as to obtain the session key. In the subsequent communication process between the small ISP node and the user node, the two parties can use the session key to encrypt the information to be sent.
Optionally, the second message further includes: identification information of the first ISP node and/or a public key of the first ISP node. For example, while the small ISP node transmits the first message to the user node, the small ISP node may transmit a second message to the second ISP node, where the second message may include information of the small ISP node, such as the identification information of the small ISP node and/or the public key of the small ISP node, in addition to the random number and the identification information of the user node. That is, the second message may include some or all of the information of the small ISP node, in addition to the random number and the identification information of the user node. Accordingly, the information that the small ISP node waits for the second ISP node to encrypt with the shared key as described above may include part or all of the information of the small ISP node, in addition to the random number and the identification information of the user node.
In this embodiment, the encrypted session key and the decryption result obtained by decrypting the encrypted information by the user node are sent to the first ISP node by the user node, so that the first ISP node authenticates the user node through the decryption result and can decrypt the session key required for communication between the user node and the first ISP node, thereby improving the transmission security of the session key, further improving the security of communication between the first ISP node and the user node, and improving the authentication efficiency of the first ISP node on the user node.
Fig. 3 is a flowchart of an authentication method of a user node according to another embodiment of the present invention. The authentication method for the user node provided by the embodiment specifically includes the following steps:
step 301, a user node sends an access request to a first ISP node, said user node not being registered with said first ISP node.
In this embodiment, the first internet service provider ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. The second ISP node in this embodiment may specifically be an internet service provider node 2 as shown in fig. 1. The user node has registered the user information on the internet service provider node 2. The blockchain network described in this embodiment may specifically be a network including federation blockchain nodes as described above.
For example, when the user node needs to log in to the small ISP node, the user node may send a login request or access request to the small ISP node. However, the login request or the access request does not include any information of the small ISP node, for example, the login request or the access request does not include the identification information and the public key of the small ISP node. The identification information of the small ISP node may be a block chain identification of the small ISP node. However, the login request or the access request may include identification information of the user node, for example, an ID of the user node.
Step 302, the user node receives a first message sent by the first ISP node, where the first message includes a hash value of information of the first ISP node.
And when the small ISP node receives the login request or the access request of the user node, calculating the hash value of the information of the small ISP node according to a predetermined hash algorithm, and sending a first message to the user node, wherein the first message comprises the hash value of the information of the small ISP node. Accordingly, the user node receives the first message sent by the small ISP node.
Step 303, said user node sends acknowledgement information to said first ISP node confirming receipt of said first message.
After the user node receives the first message sent by the small ISP node, if the user node confirms that the first message is received, the user node sends confirmation information to the small ISP node.
Step 304, the user node receives encrypted information sent by the first ISP node and information of the first ISP node, where the encrypted information is obtained by encrypting, by a second ISP node, a second message by using a shared key between the second ISP node and the user node, where the second message includes a random number and identification information of the user node, and the user node is registered in the second ISP node.
While the small ISP node sends the first message to the user node, the small ISP node may send a second message to the second ISP node, the second message including a random number and identification information of the user node, wherein the random number may specifically be a random authentication factor. Optionally, the small ISP node may sign the random number and the identification information of the user node by using a block chain private key of the small ISP node to obtain signed information, and broadcast the signed information to the block chain network, so that a second ISP node in the block chain network may receive the signed information. And when the second ISP node receives the signed information, the public key of the small ISP node is adopted to verify the private key signature of the small ISP node, and if the verification is passed, the second ISP node adopts a shared key between the second ISP node and the user node and encrypts the second information according to a pre-agreed first encryption algorithm to obtain encrypted information. Optionally, the predetermined first encryption algorithm is a predetermined first encryption algorithm between the second ISP node and the user node. In other embodiments, after the second ISP node receives the second message, only part of the information in the second message may be encrypted by using the shared key, for example, only a random number, i.e., a random authentication factor, in the second message is encrypted to obtain encrypted information. Further, the second ISP node transmits the encrypted information to the small ISP node.
When the small ISP node receives the confirmation information of the user node, the small ISP node transmits the encrypted information and the information of the small ISP node to the user node. For example, the small ISP node sends the encrypted information, the identification information of the small ISP node and the public key of the small ISP node to the user node. Accordingly, the user node receives the encrypted information, the identification information of the small ISP node and the public key of the small ISP node.
And 305, the user node decrypts the encrypted information by using the shared key between the second ISP node and the user node to obtain a decryption result.
In this embodiment, assuming that the user node determines that the encrypted information, the identification information of the small ISP node, and the public key of the small ISP node are not tampered, the user node further decrypts the encrypted information by using the decryption algorithm corresponding to the pre-agreed first encryption algorithm and the shared key between the user node and the second ISP node, so as to obtain a decryption result.
Step 306, the user node sends the decryption result to the first ISP node.
Further, the user node transmits the decryption result to the small ISP node. And when the small ISP node receives the decryption result, comparing whether the decryption result is consistent with the second message or not. For example, when the second message sent by the small ISP node to the second ISP node includes the random number and the identification information of the user node, if the second ISP node encrypts only the random number to obtain the encrypted information as described above, after the mini ISP node transmits the encrypted information to the user node, the user node may decrypt the random number from the encrypted information, and transmit the random number to the mini-ISP node, the small ISP node may compare the random number decrypted by the user node with the random number included in the second message sent by the small ISP node to the second ISP node, if the user node and the small ISP node are consistent, the shared key used by the user node for decrypting the encrypted information is the same as the shared key used by the second ISP node for encrypting the random number, and the small ISP node determines that the user node is authenticated.
For another example, when the second message sent by the ISP node to the second ISP node includes the random number and the identification information of the user node, if the second ISP node encrypts the random number and the identification information of the user node as a whole to obtain the encrypted information as described above, after the ISP node sends the encrypted information to the user node, the user node may decrypt the random number and the identification information of the user node from the encrypted information, and send the random number and the identification information of the user node to the ISP node, and the ISP node may compare whether the random number decrypted by the user node is consistent with the random number included in the second message sent by the ISP node to the second ISP node, and compare whether the identification information of the user node decrypted by the user node and the identification information of the user node included in the second message sent by the ISP node to the second ISP node are the same or not, and compare whether the identification information of the user node decrypted by the user node and the identification information of the user node included in the second message sent by the ISP node to the second ISP node are the user node If the two are consistent, the shared key used when the user node decrypts the encrypted information is the same as the shared key used when the second ISP node encrypts the random number, and the small ISP node determines that the user node passes the authentication.
In the embodiment of the invention, the first ISP node sends the hash value of the information of the first ISP node to the user node for the first time, and the first ISP node sends the second message to the second ISP node, so that the second ISP node encrypts the second message by using the shared key between the second ISP node and the user node to obtain the encrypted information, the first ISP node sends the encrypted information and the information of the first ISP node to the user node for the second time, so that the user node can calculate the hash value of the information of the first ISP node, compare whether the hash value calculated by the user node is consistent with the hash value sent by the first ISP node for the first time, if so, the user node can determine that the encrypted information and the information of the first ISP node are not tampered, and further, the user node can decrypt the encrypted information to obtain a decryption result, and the decryption result is sent to the first ISP node, the first ISP node compares whether the decryption result is consistent with a second message sent to a second ISP node by the first ISP node, if so, the user node is determined to pass the authentication, the authentication of the first ISP node to the user node is realized, and the communication security between the first ISP node and the user node is improved.
Fig. 4 is a flowchart of an authentication method of a user node according to another embodiment of the present invention. On the basis of the foregoing embodiment, the authentication method for a user node provided in this embodiment specifically includes the following steps:
step 401, a user node sends an access request to a first ISP node, where the user node is not registered in the first ISP node.
The implementation manner and principle of step 401 and step 301 are consistent, and are not described herein again.
Step 402, the user node receives a first message sent by the first ISP node, where the first message includes a hash value of information of the first ISP node.
The implementation and principle of step 402 and step 302 are consistent, and are not described herein again.
Step 403, the user node sends confirmation information to the first ISP node confirming receipt of the first message.
The implementation manner and principle of step 403 and step 303 are consistent, and are not described herein again.
Step 404, the user node receives encrypted information sent by the first ISP node and information of the first ISP node, where the encrypted information is obtained by encrypting, by a second ISP node, a second message by using a shared key between the second ISP node and the user node, where the second message includes a random number and identification information of the user node, and the user node is registered in the second ISP node.
The implementation and principle of step 404 and step 304 are consistent, and are not described herein again.
Step 405, the user node calculates a hash value of the information of the first ISP node.
When the user node receives the encrypted information, the identification information of the small ISP node and the public key of the small ISP node, the user node calculates the hash value of the identification information of the small ISP node and the public key of the small ISP node by using the hash algorithm.
Step 406, if the hash value of the information of the first ISP node calculated by the user node is consistent with the hash value of the information of the first ISP node included in the first message, the user node determines that the encrypted information and the information of the first ISP node are not tampered.
Since the user node receives the first message sent by the mini ISP node in step 302, where the first message includes the identification information of the mini ISP node and the hash value of the public key of the mini ISP node, after the user node calculates the hash values of the identification information of the mini ISP node and the public key of the mini ISP node by using the hash algorithm as described above, it further compares whether the hash value calculated by the user node itself and the hash value included in the first message are consistent, if so, the user node determines that the encryption information, the identification information of the mini ISP node, and the public key of the mini ISP node have not been tampered, otherwise, the user node determines that the encryption information, the identification information of the mini ISP node, and the public key of the mini ISP node have been tampered.
Step 407, the user node decrypts the encrypted information by using the shared key between the second ISP node and the user node, so as to obtain a decryption result.
The implementation and principle of step 407 and step 305 are consistent, and are not described herein again.
And step 408, the user node encrypts the session key by using the public key of the first ISP node to obtain an encrypted session key.
For example, the user node generates a session key for the small ISP node and the user node to communicate with each other, and encrypts the session key by using the public key of the small ISP node and a predetermined second encryption algorithm to obtain the encrypted session key. Wherein the second pre-agreed encryption algorithm is a pre-agreed encryption algorithm between the user node and the small ISP node. The second encryption algorithm may be the same as or different from the first encryption algorithm in the above-described embodiment.
Step 409, the user node sends the encrypted session key and the decryption result to the first ISP node.
Accordingly, the small ISP node may receive the encrypted session key sent by the user node and the decryption result obtained by decrypting the encrypted information by the user node in the foregoing embodiment at the same time. When the small ISP node compares that the decryption result is consistent with the second message, and the user node is authenticated, the encrypted session key is further decrypted by using the decryption algorithm corresponding to the second encryption algorithm and the private key of the small ISP node, so as to obtain the session key. In the subsequent communication process between the small ISP node and the user node, the two parties can use the session key to encrypt the information to be sent.
In the embodiment of the invention, the encrypted session key and the decryption result obtained by decrypting the encrypted information by the user node are sent to the first ISP node by the user node, so that the first ISP node can decrypt the session key required by the communication between the user node and the first ISP node while authenticating the user node by the decryption result, and the transmission security of the session key is improved, thereby further improving the security of the communication between the first ISP node and the user node and simultaneously improving the authentication efficiency of the first ISP node on the user node.
Fig. 5 is a schematic structural diagram of a first ISP node according to an embodiment of the present invention. As shown in fig. 5, the first ISP node 50 may execute the processing procedure provided in the authentication method for a user node in the embodiment of the present invention, where: memory 51, processor 52, computer programs and communication interface 53; wherein the computer program is stored in the memory 51 and is configured to be executed by the processor 52 for: receiving an access request sent by a user node, which is not registered in the first ISP node, through the communication interface 53; sending a first message to said user node over communications interface 53, said first message comprising a hash value of information of said first ISP node; sending a second message to a second ISP node via communication interface 53, said second message including a random number and identification information of said user node, said user node having registered with said second ISP node; receiving, by a communication interface 53, encrypted information sent by the second ISP node, where the encrypted information is obtained by encrypting, by the second ISP node, the second message using a shared key between the second ISP node and the user node; after receiving the confirmation information of the user node to the first message through the communication interface 53, sending the encrypted information and the information of the first ISP node to the user node through the communication interface 53; receiving a decryption result obtained by decrypting the encrypted information by the user node through a communication interface 53; and if the decryption result is consistent with the second message, determining that the user node is authenticated.
Optionally, when the processor 52 receives, through the communication interface 53, a decryption result obtained by decrypting the encrypted information by the user node, the processor is specifically configured to: receiving the encrypted session key sent by the user node and the decryption result of the user node after decrypting the encrypted information through a communication interface 53; after processor 52 determines that the user node is authenticated, it is further configured to: and decrypting the encrypted session key to obtain the session key, wherein the session key is used for the communication between the first ISP node and the user node.
Optionally, the information of the first ISP node includes: the identification information of the first ISP node and the public key of the first ISP node.
Optionally, the second message further includes: identification information of the first ISP node and/or a public key of the first ISP node.
The first ISP node in the embodiment shown in fig. 5 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 6 is a schematic structural diagram of a user node according to an embodiment of the present invention. The user node provided in the embodiment of the present invention may execute the processing flow provided in the embodiment of the method for authenticating a user node, as shown in fig. 6, where the user node 60 includes: memory 61, processor 62, computer programs and communication interface 63; wherein the computer program is stored in the memory 61 and is configured to be executed by the processor 62 to: sending an access request to a first ISP node through communication interface 63, said user node not being registered with said first ISP node; receiving a first message sent by said first ISP node via communication interface 63, said first message comprising a hash of information of said first ISP node; sending confirmation information to said first ISP node through communication interface 63 confirming receipt of said first message; receiving, by a communication interface 63, encrypted information sent by the first ISP node and information of the first ISP node, where the encrypted information is obtained by encrypting, by a second ISP node, a second message by using a shared key between the second ISP node and the user node, where the second message includes a random number and identification information of the user node, and the user node is registered in the second ISP node; decrypting the encrypted information by using a shared key between the second ISP node and the user node to obtain a decryption result; the decryption result is sent to the first ISP node via communication interface 63.
Optionally, before the processor 62 sends the decryption result to the first ISP node through the communication interface 63, the processor is further configured to: encrypting a session key by using the public key of the first ISP node to obtain an encrypted session key; when the processor 62 sends the decryption result to the first ISP node through the communication interface 63, the processor is specifically configured to: and sending the encrypted session key and the decryption result to the first ISP node through a communication interface 63.
Optionally, after receiving the encrypted information sent by the first ISP node and the information of the first ISP node through the communication interface 63, the processor 62 is further configured to: calculating a hash value of the information of the first ISP node; if the hash value of the information of the first ISP node calculated by the processor 62 is identical to the hash value of the information of the first ISP node included in the first message, it is determined that the encrypted information and the information of the first ISP node have not been tampered with.
The user node in the embodiment shown in fig. 6 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the authentication method of the user node described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (15)

1. An authentication method of a user node, comprising:
a first Internet Service Provider (ISP) receives an access request sent by a user node, wherein the user node is not registered in the first ISP node;
the first ISP node sends a first message to the user node, wherein the first message comprises a hash value of information of the first ISP node;
the first ISP node sends a second message to a second ISP node, wherein the second message comprises a random number and identification information of the user node, and the user node is registered in the second ISP node;
the first ISP node receives encrypted information sent by the second ISP node, wherein the encrypted information is obtained by encrypting the second message by the second ISP node by adopting a shared key between the second ISP node and the user node;
after the first ISP node receives the confirmation information of the user node to the first message, the first ISP node sends the encryption information and the information of the first ISP node to the user node;
the first ISP node receives a decryption result obtained after the user node decrypts the encrypted information;
and if the decryption result is consistent with the second message, the first ISP node determines that the user node is authenticated.
2. The method of claim 1, wherein receiving, by the first ISP node, the decryption result obtained by decrypting the encrypted information by the user node comprises:
the first ISP node receives an encrypted session key sent by the user node and a decryption result obtained by decrypting the encrypted information by the user node, where the session key is a session key generated by the user node and used for communication between the first ISP node and the user node, the information of the first ISP node at least includes a public key of the first ISP node, and the encrypted session key is obtained by encrypting the session key by the user node using the public key of the first ISP node;
after the first ISP node determines that the user node is authenticated, the method further comprises:
and the first ISP node decrypts the encrypted session key to obtain the session key, wherein the session key is used for communication between the first ISP node and the user node.
3. The method of claim 1 or 2, wherein the information of the first ISP node comprises: the identification information of the first ISP node and the public key of the first ISP node.
4. The method of claim 3, wherein the second message further comprises: identification information of the first ISP node and/or a public key of the first ISP node.
5. An authentication method of a user node, comprising:
a user node sends an access request to a first ISP node, wherein the user node is not registered in the first ISP node;
the user node receives a first message sent by the first ISP node, wherein the first message comprises a hash value of information of the first ISP node;
the user node transmitting confirmation information to the first ISP node confirming receipt of the first message;
the user node receives encrypted information sent by the first ISP node and information of the first ISP node, wherein the encrypted information is obtained by encrypting a second message by a second ISP node by using a shared key between the second ISP node and the user node, the second message comprises a random number and identification information of the user node, and the user node is registered in the second ISP node;
the user node decrypts the encrypted information by adopting a shared key between the second ISP node and the user node to obtain a decryption result;
and the user node sends the decryption result to the first ISP node.
6. The method of claim 5, wherein before the user node sends the decryption result to the first ISP node, the method further comprises:
the user node generates a session key for communication between the first ISP node and the user node, wherein the information of the first ISP node at least comprises a public key of the first ISP node;
the user node encrypts a session key by adopting the public key of the first ISP node to obtain an encrypted session key;
the user node sending the decryption result to the first ISP node, including:
and the user node sends the encrypted session key and the decryption result to the first ISP node.
7. The method according to claim 5 or 6, wherein after the user node receives the encrypted information transmitted by the first ISP node and the information of the first ISP node, the method further comprises:
the user node calculates a hash value of the information of the first ISP node;
and if the hash value of the information of the first ISP node calculated by the user node is consistent with the hash value of the information of the first ISP node included in the first message, the user node determines that the encrypted information and the information of the first ISP node are not tampered.
8. A first ISP node, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving an access request sent by a user node through the communication interface, wherein the user node is not registered in the first ISP node;
sending a first message to the user node via the communication interface, the first message including a hash value of information of the first ISP node;
sending a second message to a second ISP node via the communication interface, the second message including a random number and identification information of the user node, the user node having registered with the second ISP node;
receiving, by the communication interface, encrypted information sent by the second ISP node, where the encrypted information is obtained by encrypting, by the second ISP node, the second message using a shared key between the second ISP node and the user node;
after receiving confirmation information of the user node on the first message through the communication interface, sending the encrypted information and the information of the first ISP node to the user node through the communication interface;
receiving a decryption result obtained after the user node decrypts the encrypted information through the communication interface;
and if the decryption result is consistent with the second message, determining that the user node is authenticated.
9. The first ISP node of claim 8, wherein when the processor receives, through the communication interface, a decryption result obtained by decrypting the encrypted information by the user node, the processor is specifically configured to:
receiving, by the communications interface, an encrypted session key sent by the user node and a decryption result obtained by decrypting the encrypted information by the user node, where the session key is a session key generated by the user node and used for communication between the first ISP node and the user node, information of the first ISP node at least includes a public key of the first ISP node, and the encrypted session key is obtained by encrypting the session key by the user node using the public key of the first ISP node;
after determining that the user node is authenticated, the processor is further configured to:
and decrypting the encrypted session key to obtain the session key, wherein the session key is used for the communication between the first ISP node and the user node.
10. The first ISP node of claim 8 or 9, wherein the information of the first ISP node comprises: the identification information of the first ISP node and the public key of the first ISP node.
11. The first ISP node of claim 10, wherein the second message further comprises: identification information of the first ISP node and/or a public key of the first ISP node.
12. A user node, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending an access request to a first ISP node through the communications interface, the user node not being registered with the first ISP node;
receiving a first message sent by the first ISP node through the communication interface, wherein the first message comprises a hash value of information of the first ISP node;
sending confirmation information to the first ISP node through the communication interface confirming receipt of the first message;
receiving, by the communication interface, encrypted information sent by the first ISP node and information of the first ISP node, where the encrypted information is obtained by encrypting, by a second ISP node, a second message by using a shared key between the second ISP node and the user node, where the second message includes a random number and identification information of the user node, and the user node is registered in the second ISP node;
decrypting the encrypted information by using a shared key between the second ISP node and the user node to obtain a decryption result;
and sending the decryption result to the first ISP node through the communication interface.
13. The user node of claim 12, wherein before sending the decryption result to the first ISP node via the communication interface, the processor is further configured to:
generating a session key for communication between the first ISP node and the user node, wherein the information of the first ISP node at least comprises a public key of the first ISP node;
encrypting a session key by using the public key of the first ISP node to obtain an encrypted session key;
when the processor sends the decryption result to the first ISP node through the communication interface, the processor is specifically configured to:
and sending the encrypted session key and the decryption result to the first ISP node through the communication interface.
14. The user node of claim 12 or 13, wherein the processor, after receiving the encrypted information sent by the first ISP node and the information of the first ISP node via the communication interface, is further configured to:
calculating a hash value of the information of the first ISP node;
and if the hash value of the information of the first ISP node calculated by the processor is consistent with the hash value of the information of the first ISP node included in the first message, determining that the encrypted information and the information of the first ISP node are not tampered.
15. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN201910459798.9A 2019-05-30 2019-05-30 Authentication method and device for user node and computer readable storage medium Active CN110225011B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910459798.9A CN110225011B (en) 2019-05-30 2019-05-30 Authentication method and device for user node and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910459798.9A CN110225011B (en) 2019-05-30 2019-05-30 Authentication method and device for user node and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110225011A CN110225011A (en) 2019-09-10
CN110225011B true CN110225011B (en) 2021-07-13

Family

ID=67818912

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910459798.9A Active CN110225011B (en) 2019-05-30 2019-05-30 Authentication method and device for user node and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110225011B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664699A (en) * 2022-09-07 2023-01-31 中国建设银行股份有限公司 Method, apparatus, medium, and computer program product for generation and verification of identification codes

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 An authentication method, client, relay device and server
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN109412790A (en) * 2018-10-26 2019-03-01 重庆邮电大学 A kind of user authentication of internet of things oriented and key agreement system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015108410A1 (en) * 2014-01-15 2015-07-23 Xorkey B.V. Secure login without passwords
US10567168B2 (en) * 2017-11-16 2020-02-18 International Business Machines Corporation Blockchain transaction privacy enhancement through broadcast encryption

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 An authentication method, client, relay device and server
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN109412790A (en) * 2018-10-26 2019-03-01 重庆邮电大学 A kind of user authentication of internet of things oriented and key agreement system and method

Also Published As

Publication number Publication date
CN110225011A (en) 2019-09-10

Similar Documents

Publication Publication Date Title
CN107810617B (en) Confidential Authentication and Supply
CN109088889B (en) SSL encryption and decryption method, system and computer readable storage medium
US10142297B2 (en) Secure communication method and apparatus
CN103684766B (en) A kind of private key protection method of terminal use and system
CN109005155B (en) Identity authentication method and device
KR20180095873A (en) Wireless network access method and apparatus, and storage medium
CA2879910C (en) Terminal identity verification and service authentication method, system and terminal
CN104506534A (en) Safety communication secret key negotiation interaction scheme
CN110933484A (en) Management method and device of wireless screen projection equipment
CA2551113A1 (en) Authentication system for networked computer applications
CN106790064B (en) The method that both sides are communicated in credible root server-cloud computing server model
CN111030814A (en) Key negotiation method and device
CN111783068A (en) Device authentication method, system, electronic device and storage medium
CN112543166B (en) Real name login method and device
CN108809633B (en) Identity authentication method, device and system
CN107124433A (en) Internet of things system, internet of things equipment access method, access authorization methods and equipment
CN114513339A (en) Security authentication method, system and device
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
CN105553666A (en) Security authentication system and method for smart power terminal
CN109525565B (en) Defense method and system for short message interception attack
CN119484898B (en) Encrypted video playing method and device, storage medium and computer equipment
CN118174921A (en) Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN118646545A (en) Login ticket acquisition method, device, equipment and storage medium
CN110048842B (en) Session key processing method, device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant