[go: up one dir, main page]

CN111935067A - Enterprise user identity authentication system based on cloud computing technology - Google Patents

Enterprise user identity authentication system based on cloud computing technology Download PDF

Info

Publication number
CN111935067A
CN111935067A CN202010522581.0A CN202010522581A CN111935067A CN 111935067 A CN111935067 A CN 111935067A CN 202010522581 A CN202010522581 A CN 202010522581A CN 111935067 A CN111935067 A CN 111935067A
Authority
CN
China
Prior art keywords
identity authentication
user identity
authentication system
computer terminal
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010522581.0A
Other languages
Chinese (zh)
Inventor
陈瑞安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202010522581.0A priority Critical patent/CN111935067A/en
Publication of CN111935067A publication Critical patent/CN111935067A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to the technical field of cloud computing enterprise user authentication, and discloses an enterprise user identity authentication system based on a cloud computing technology, which comprises: cloud authentication server CAS running with user identity authentication system software and deployed in cloud computing architectureVA CCS deployed in a cloud computing architecture and used for providing external servicesPjLocal server LS running with user identity authentication system software and deployed in enterprise user information systemiOr computer terminal PCTi(ii) a Operating in a cloud authentication server CASVThe user identity authentication system on the network is paired with a local server LS deployed in an enterprise user information systemiOr computer terminal PCTiOnly the local server LS performs security authenticationiOr a computer terminalTerminal PCTiThe identity of the local server LS is allowed after passing the security authentication of the user identity authentication systemiOr computer terminal PCTiAccessing a cloud computing server CCSPj. The invention solves the problem of how to ensure the identity authentication security of enterprise users in the cloud computing environment.

Description

Enterprise user identity authentication system based on cloud computing technology
Technical Field
The invention relates to the technical field of cloud computing enterprise user authentication, in particular to an enterprise user identity authentication system based on a cloud computing technology.
Background
When user data is transmitted and stored in a cloud computing environment, the user does not have actual control capability on the safety risk of the user data in the cloud, and the data safety completely depends on a service provider. In the process of providing service to the outside by a cloud computing service provider, if an identity authentication management mechanism has a defect or an identity authentication management system has a security vulnerability, an account password of an enterprise user may be counterfeited, so that an illegal user steals enterprise data in a false manner. Therefore, how to ensure the identity authentication security of different enterprise users is the first barrier for ensuring the security of user data.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides an enterprise user identity authentication system based on a cloud computing technology, and aims to solve the problem of how to ensure the identity authentication security of enterprise users in a cloud computing environment.
(II) technical scheme
In order to achieve the purpose, the invention provides the following technical scheme:
an enterprise user identity authentication system based on cloud computing technology comprises: cloud authentication server CAS running with user identity authentication system software and deployed in cloud computing architectureVA CCS deployed in a cloud computing architecture and used for providing external servicesPjLocal server LS running with user identity authentication system software and deployed in enterprise user information systemiOr computer terminal PCTi
Local server LSiOr computer terminal PCTiWith cloud computing server CCSPjCarrying out communication connection, and carrying out CCS (communication center server)PjWith cloud authentication server CASVFor communication connection, cloud authentication server CASVIn user identity authentication system and local server LSiOr computer terminal PCTi
Operating in a cloud authentication server CASVThe user identity authentication system on the network is opposite to a local server LS deployed in an enterprise user information systemiOr computer terminal PCTiThe identity of (2) is securely authenticated, and the authentication method comprises the following steps:
the method comprises the following steps: local server LSiOr computer terminal PCTiAt cloud authentication server CASVThe user registration on the user identity authentication system specifically comprises:
firstly, a user identity authentication system generates parameters: p is a large prime number, q is a prime factor of p-1, and g, h are
Figure BDA0002532680980000021
Two q-order generators in the network, to the local server LSiOr computer terminal PCTiParameters (p, q, g, h) are disclosed;
② local server LSiOr computer terminal PCTiRandomly selecting w, r epsilon to ZqSelecting 2n (n is more than or equal to 1) random numbers w1,w2,…,wn,r1,r2,…,rnSo that h is gwhrmod p,
Figure BDA0002532680980000022
Wherein i is 1,2, …, n;
step two: user identity authentication system to local server LSiOr computer terminal PCTiAnd carrying out safety certification, wherein the specific certification process is as follows:
(local server LS)iOr computer terminal PCTiTwo random numbers alpha are selectedi∈ZqAnd betai∈ZqCalculating
Figure BDA0002532680980000023
Sending xiGiving the user an identity authentication system, wherein i is 1,2, …, n;
secondly, the user identity authentication system selects a random number c to return to the local server LSiOr computer terminal PCTi
③ local Server LSiOr computer terminal PCTiAfter receiving the value c returned by the user identity authentication system, starting to calculate si=αi-cwi(mod q) and ti=βi-cri(mod q), send siGiving the user an identity authentication system, wherein i is 1,2, …, n;
verification equation of user identity authentication system
Figure BDA0002532680980000031
Whether the result is true or not;
if etc. areIf the formula is established, the user identity authentication system passes through the local server LSiOr computer terminal PCTiThe identity authentication of (1).
Preferably, the cloud authentication server CASVThe user identity authentication system of the enterprise user information system is used for the local server LS deployed in the enterprise user information systemiOr computer terminal PCTiOnly the local server LS performs security authenticationiOr computer terminal PCTiThe identity of the local server LS is allowed after passing the security authentication of the user identity authentication systemiOr computer terminal PCTiAccessing a cloud computing server CCSPj
Preferably, the array (w)i,ri) For local servers LSiOr computer terminal PCTiPrivate key PSKi
Preferably, the value range of the value c is {1,2 }.
(III) advantageous technical effects
Compared with the prior art, the invention has the following beneficial technical effects:
1. in order to ensure the identity authentication security of enterprise users in the cloud computing environment, the invention works as the local server LSiOr computer terminal PCTiTo cloud computing server CCSPjWhen sending the access request, the CAS runs in the cloud authentication serverVThe user identity authentication system on the network is opposite to a local server LS deployed in an enterprise user information systemiOr computer terminal PCTiIs securely authenticated and only has a local server LSiOr computer terminal PCTiThe identity of the local server LS is allowed after passing the security authentication of the user identity authentication systemiOr computer terminal PCTiAccessing a cloud computing server CCSPj
The authentication protocol is based on a 'challenge-response' method, and a user identity authentication system as a verifier can determine s through a generated random number ciEach time of interaction siIs random when the listener wants to impersonate the prover's local server LSiOr computer terminal PCTiThe user identity authentication system can not determine what the received challenge is, and is difficult to obtain the trust of the user identity authentication system of the verifier;
in the course of the authentication protocol, the local server LSiOr computer terminal PCTiDoes not reveal its own value (w)i,ri) This private key PSKiKnowledge, local Server LSiOr computer terminal PCTiBy PSK of own private keyiHiding the transmitted random number xiIn order to prevent knowledge disclosure, even if an attacker intercepts the transmission content, the attacker can not obtain any private key PSK from the transmission contentiInformation;
therefore, the problem of how to ensure the identity authentication safety of the enterprise user in the cloud computing environment is solved.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An enterprise user identity authentication system based on cloud computing technology comprises: cloud authentication server CAS running with user identity authentication system software and deployed in cloud computing architectureVA CCS deployed in a cloud computing architecture and used for providing external servicesPjLocal server LS running with user identity authentication system software and deployed in enterprise user information systemiOr computer terminal PCTi
Local server LSiOr computer terminal PCTiThrough network communication equipment and cloud computing server CCSPjCarrying out communication connection, and carrying out CCS (communication center server)PjThrough network communication equipment and cloud authentication server CASVFor communication connection, cloud authentication server CASVCommunicating via a networkBackup user identity authentication system and local server LSiOr computer terminal PCTi
In order to ensure the identity authentication security of enterprise users in the cloud computing environment, the local server LSiOr computer terminal PCTiTo cloud computing server CCSPjWhen sending the access request, the CAS runs in the cloud authentication serverVThe user identity authentication system on the network is opposite to a local server LS deployed in an enterprise user information systemiOr computer terminal PCTiOnly the local server LS performs security authenticationiOr computer terminal PCTiPasses through the CAS operating on the cloud authentication serverVThe security authentication of the user identity authentication system in (2) is performed, and the local server LS is allowediOr computer terminal PCTiAccessing a cloud computing server CCSPj
Operating in a cloud authentication server CASVThe user identity authentication system on the network is opposite to a local server LS deployed in an enterprise user information systemiOr computer terminal PCTiThe identity of (2) is securely authenticated, and the authentication method comprises the following steps:
the method comprises the following steps: local server LSiOr computer terminal PCTiAt cloud authentication server CASVThe user registration on the user identity authentication system specifically comprises:
firstly, a user identity authentication system generates parameters: let p be a large prime number, q be a prime factor for p-1, and g, h be
Figure BDA0002532680980000051
Two q-order generators in (1);
user identity authentication system to local server LSiOr computer terminal PCTiDisclosing parameters p, q, g, h;
② local server LSiOr computer terminal PCTiRandomly selecting w, r epsilon to ZqSelecting 2n (n is more than or equal to 1) random numbers w1,w2,…,wn,r1,r2,…,rnSo that h is gwhrmod p,
Figure BDA0002532680980000052
Wherein i is 1,2, …, n;
wherein (w)i,ri) For local servers LSiOr computer terminal PCTiPrivate key PSKi
Step two: operating in a cloud authentication server CASVUser identity authentication system on local server LSiOr computer terminal PCTiAnd carrying out safety certification, wherein the specific certification process is as follows:
(local server LS)iOr computer terminal PCTiTwo random numbers alpha are selectedi∈ZqAnd betai∈ZqCalculating
Figure BDA0002532680980000061
Sending xiGiving the user an identity authentication system, wherein i is 1,2, …, n;
secondly, the user identity authentication system selects a random number c E (1, 2), and sends the value c to the local server LSiOr computer terminal PCTi
③ local Server LSiOr computer terminal PCTiAfter receiving the value c returned by the user identity authentication system, starting to calculate si=αi-cwi(modq) and ti=βi-cri(modq), transmitting siGiving the user an identity authentication system, wherein i is 1,2, …, n;
verification equation of user identity authentication system
Figure BDA0002532680980000062
Whether the result is true or not;
if the equation holds, the local server LS is certifiediOr computer terminal PCTiLearned value (w)i,ri) This private key PSKiIf the user identity authentication system passes through the local server LSiOr computer terminal PCTiThe identity authentication of (2);
the authentication protocol is based on a 'challenge-response' method, and a user identity authentication system as a verifier can determine s through a generated random number ciEach time of interaction siIs random when the listener wants to impersonate the prover's local server LSiOr computer terminal PCTiThe user identity authentication system can not determine what the received challenge is, and is difficult to obtain the trust of the user identity authentication system of the verifier;
in the course of the authentication protocol, the local server LSiOr computer terminal PCTiDoes not reveal its own value (w)i,ri) This private key PSKiKnowledge, local Server LSiOr computer terminal PCTiBy PSK of own private keyiHiding the transmitted random number xiIn order to prevent knowledge disclosure, even if an attacker intercepts the transmission content, the attacker can not obtain any private key PSK from the transmission contentiAnd (4) information.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (4)

1. An enterprise user identity authentication system based on cloud computing technology, comprising: cloud authentication server CAS running with user identity authentication system software and deployed in cloud computing architectureVA CCS deployed in a cloud computing architecture and used for providing external servicesPjLocal server LS running with user identity authentication system software and deployed in enterprise user information systemiOr computer terminal PCTi
Local server LSiOr computer terminal PCTiWith cloud computing server CCSPjCarrying out communication connection, and carrying out CCS (communication center server)PjWith cloud authentication server CASVThe communication connection is made to the communication terminal,cloud authentication server CASVIn user identity authentication system and local server LSiOr computer terminal PCTi
Operating in a cloud authentication server CASVThe user identity authentication system on the network is opposite to a local server LS deployed in an enterprise user information systemiOr computer terminal PCTiThe identity of (2) is securely authenticated, and the authentication method comprises the following steps:
the method comprises the following steps: local server LSiOr computer terminal PCTiAt cloud authentication server CASVThe user registration on the user identity authentication system specifically comprises:
firstly, a user identity authentication system generates parameters: p is a large prime number, q is a prime factor of p-1, and g, h are
Figure FDA0002532680970000011
Two q-order generators in the network, to the local server LSiOr computer terminal PCTiParameters (p, q, g, h) are disclosed;
② local server LSiOr computer terminal PCTiRandomly selecting w, r epsilon to ZqSelecting 2n (n is more than or equal to 1) random numbers w1,w2,…,wn,r1,r2,…,rnSo that h is gwhrmodp,
Figure FDA0002532680970000012
Wherein i is 1,2, …, n;
step two: user identity authentication system to local server LSiOr computer terminal PCTiAnd carrying out safety certification, wherein the specific certification process is as follows:
(local server LS)iOr computer terminal PCTiTwo random numbers alpha are selectedi∈ZqAnd betai∈ZqCalculating
Figure FDA0002532680970000021
Sending xiTo a user identity authentication system, whereini=1,2,…,n;
Secondly, the user identity authentication system selects a random number c to return to the local server LSiOr computer terminal PCTi
③ local Server LSiOr computer terminal PCTiAfter receiving the value c returned by the user identity authentication system, starting to calculate si=αi-cwi(modq) and ti=βi-cri(modq), transmitting siGiving the user an identity authentication system, wherein i is 1,2, …, n;
verification equation of user identity authentication system
Figure FDA0002532680970000022
Whether the result is true or not;
if the equality is true, the user identity authentication system passes through the local server LSiOr computer terminal PCTiThe identity authentication of (1).
2. The cloud computing technology-based enterprise user identity authentication system as claimed in claim 1, wherein the cloud authentication server CASVThe user identity authentication system of the enterprise user information system is used for the local server LS deployed in the enterprise user information systemiOr computer terminal PCTiOnly the local server LS performs security authenticationiOr computer terminal PCTiThe identity of the local server LS is allowed after passing the security authentication of the user identity authentication systemiOr computer terminal PCTiAccessing a cloud computing server CCSPj
3. The cloud computing technology-based enterprise user identity authentication system of claim 2, wherein the array (w) isi,ri) For local servers LSiOr computer terminal PCTiPrivate key PSKi
4. The cloud computing technology-based enterprise user identity authentication system of claim 3, wherein the value range of the value c is {1,2 }.
CN202010522581.0A 2020-06-10 2020-06-10 Enterprise user identity authentication system based on cloud computing technology Withdrawn CN111935067A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010522581.0A CN111935067A (en) 2020-06-10 2020-06-10 Enterprise user identity authentication system based on cloud computing technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010522581.0A CN111935067A (en) 2020-06-10 2020-06-10 Enterprise user identity authentication system based on cloud computing technology

Publications (1)

Publication Number Publication Date
CN111935067A true CN111935067A (en) 2020-11-13

Family

ID=73317377

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010522581.0A Withdrawn CN111935067A (en) 2020-06-10 2020-06-10 Enterprise user identity authentication system based on cloud computing technology

Country Status (1)

Country Link
CN (1) CN111935067A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112749382A (en) * 2021-01-19 2021-05-04 赖庭坤 Single sign-on management system based on cloud service
CN112907855A (en) * 2021-01-18 2021-06-04 天津创通科技股份有限公司 Remote alarm system for home security monitoring
CN113034811A (en) * 2021-03-23 2021-06-25 深圳市顺易通信息技术有限公司 Intelligent electronic cabinet supporting remote control protocol
CN115412262A (en) * 2022-09-01 2022-11-29 工云智慧科技(江苏)有限公司 A Multi-Regional Entity Authentication System Based on Cloud Sharing Mechanism

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110011803A (en) * 2019-02-27 2019-07-12 武汉大学 A kind of method that two side of lightweight SM2 cooperates with generation digital signature
CN110011802A (en) * 2019-02-27 2019-07-12 武汉大学 A kind of two side of efficient SM9 cooperates with the method and system of generation digital signature
CN110740033A (en) * 2019-08-19 2020-01-31 杭州云象网络技术有限公司 block chain multi-party data sharing method based on secret sharing technology
CN111245835A (en) * 2020-01-13 2020-06-05 万庆文 Power transmission and distribution production management system based on micro-service architecture

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110011803A (en) * 2019-02-27 2019-07-12 武汉大学 A kind of method that two side of lightweight SM2 cooperates with generation digital signature
CN110011802A (en) * 2019-02-27 2019-07-12 武汉大学 A kind of two side of efficient SM9 cooperates with the method and system of generation digital signature
CN110740033A (en) * 2019-08-19 2020-01-31 杭州云象网络技术有限公司 block chain multi-party data sharing method based on secret sharing technology
CN111245835A (en) * 2020-01-13 2020-06-05 万庆文 Power transmission and distribution production management system based on micro-service architecture

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
唐春明: "防泄露的秘密共享方案及其在群身份认证协议中应用", 《中国科学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112907855A (en) * 2021-01-18 2021-06-04 天津创通科技股份有限公司 Remote alarm system for home security monitoring
CN112749382A (en) * 2021-01-19 2021-05-04 赖庭坤 Single sign-on management system based on cloud service
CN113034811A (en) * 2021-03-23 2021-06-25 深圳市顺易通信息技术有限公司 Intelligent electronic cabinet supporting remote control protocol
CN115412262A (en) * 2022-09-01 2022-11-29 工云智慧科技(江苏)有限公司 A Multi-Regional Entity Authentication System Based on Cloud Sharing Mechanism

Similar Documents

Publication Publication Date Title
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
CN101697540B (en) Method for authenticating user identity through P2P service request
CN111935067A (en) Enterprise user identity authentication system based on cloud computing technology
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN103747036A (en) Trusted security enhancement method in desktop virtualization environment
TW201019683A (en) Access control system and method based on hierarchical key, and authentication key exchange thereof
CN102201915A (en) Terminal authentication method and device based on single sign-on
CN109639426B (en) Bidirectional self-authentication method based on identification password
CN101986598B (en) Authentication method, server and system
CN111490968A (en) Block chain technology-based alliance multi-node network identity authentication method
CN106713236A (en) End-to-end identity authentication and encryption method based on CPK identifier authentication
CN111294796A (en) Smart phone login management system based on zero-knowledge proof
CN115473655A (en) Terminal authentication method, device and storage medium for access network
CN116886352A (en) Authentication and authorization method and system for digital intelligent products
US20100310078A1 (en) System for user-centric identity management and method thereof
CN113794721A (en) Government organization, financial institution and enterprise security direct connection method
CN111818015A (en) Security protection system suitable for remote node access
CN111865604A (en) User identity authentication system based on remote control technology
CN109639695A (en) Dynamic identity authentication method, electronic equipment and storage medium based on mutual trust framework
US20210184847A1 (en) Authentication through secure sharing of digital secrets previously established between devices
CN113068188A (en) External user identity authentication system based on wireless sensor node
CN111654471A (en) Remote user authentication system based on distributed server architecture
CN112804236A (en) User identity authentication system based on online network application program
CN111800386A (en) Intelligent household terminal user communication safety authentication system
CN111680277A (en) Enterprise application login system based on unified identity authentication mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication

Application publication date: 20201113

WW01 Invention patent application withdrawn after publication