[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN109104288A - A kind of Authentication protocol design and its implementation based on common key cryptosystem - Google Patents

A kind of Authentication protocol design and its implementation based on common key cryptosystem Download PDF

Info

Publication number
CN109104288A
CN109104288A CN201810858536.5A CN201810858536A CN109104288A CN 109104288 A CN109104288 A CN 109104288A CN 201810858536 A CN201810858536 A CN 201810858536A CN 109104288 A CN109104288 A CN 109104288A
Authority
CN
China
Prior art keywords
server
public key
authentication
user
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810858536.5A
Other languages
Chinese (zh)
Inventor
余磊
卓泽朋
郭宇燕
江明明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaibei Normal University
Original Assignee
Huaibei Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaibei Normal University filed Critical Huaibei Normal University
Priority to CN201810858536.5A priority Critical patent/CN109104288A/en
Publication of CN109104288A publication Critical patent/CN109104288A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了信息安全技术领域的一种基于公钥密码系统的认证协议设计及其实现方法,包括客户端、加密模块、用户程序、身份认证服务器、管理服务器、应用服务器、应用接口、系统数据库、数据库管理模块;所述客户端包括支持IEEE8 0.21X协议的网络设备和RADIUS服务器,用于对上网用户的访问进行认证控制;所述应用接口提供所述客户端和应用服务器的应用开发接口,本发明采用无证书签名体制,签名验证者在验证签名时无需像在传统公钥密码系统下那样验证签名者公钥的有效性,没有基于身份密码系统中的密钥托管问题,采用高层消息格式传递公钥认证的相关消息,无需了解底层细节,其认证模式安全性高、可靠性好,同时具有良好的系统拓展性能。

The invention discloses an authentication protocol design and implementation method based on a public key cryptosystem in the technical field of information security, including a client, an encryption module, a user program, an identity authentication server, a management server, an application server, an application interface, and a system database , a database management module; the client includes a network device and a RADIUS server supporting the IEEE8 0.21X protocol, which are used to authenticate and control access to Internet users; the application interface provides an application development interface for the client and the application server, The present invention adopts a certificateless signature system, and the signature verifier does not need to verify the validity of the signer's public key as in the traditional public key cryptosystem when verifying the signature, and there is no key custody problem in the identity-based cryptosystem, and the high-level message format is adopted It does not need to understand the underlying details to transmit relevant information of public key authentication. Its authentication mode has high security, good reliability, and good system expansion performance.

Description

A kind of Authentication protocol design and its implementation based on common key cryptosystem
Technical field
The invention discloses a kind of Authentication protocol design and its implementation based on common key cryptosystem, specially information Security technology area.
Background technique
Public key cryptography technology, which is that one kind is widely applied, adds the information such as the file, the message that are sent to specified recipient Close technology.The system for using this cryptographic technique needs to generate a pair of associated public key and private mathematically for each user Key, public key are published by certain mode, so that any sender can get the public key of recipient, private key then has recipient Secret saves.
Common key cryptosystem application in an important demand for security be to ensure that the public key used it is exact belong to it is specified Recipient, that is, need a kind of user identifier (ID) and its public key to be bound together security mechanism.Conventional public-key password body In system, for example, by using the system of RSA, DSA, ECC scheduling algorithm, the generation of public key and the mark of user are not related, need by Tripartite authentication center (CA) provides certificate, i.e., signs to the public key of user and mark, the two is bound.Public key KPI can Authentication and authorization server are provided for a large amount of user, is adapted as the base of the basic identity authentication protocol on internet Infrastructure.The identity authentication protocol degree of safety of public key mode is high, but its computing cost is big, standard disunity, and user identifier is private After key is lost, the mark of user and public key are bound together in conventional public-key system, if private key for user is lost, user can be weighed Newborn public key and private key in a pair, and in id password system, the mark of user is exactly public key, therefore can not be canceled.For This, we have proposed a kind of Authentication protocol designs based on common key cryptosystem and its implementation to come into operation, on solving State problem.
Summary of the invention
The purpose of the present invention is to provide a kind of Authentication protocol design and its implementation based on common key cryptosystem, with Solve the problems mentioned above in the background art.
To achieve the above object, the invention provides the following technical scheme: a kind of authentication protocol based on common key cryptosystem Design and its implementation, including client, encrypting module, user program, authentication server, management server, application Server, application interface, system database, database management module;
The client includes supporting the network equipment and radius server of IEEE8 0.21X agreement, for online The access of user carries out certification control;The application interface provides the application and development interface of the client and application server, It includes creating or reading ID authentication request routine, the routine of safety or classified information is created;The encrypting module is used for will User identifier ID and its public key are bound, and carry out data encryption using key encryption block algorithm DES;The system database is for remembering Sensitive information, shared key and its failure period data of each user are recorded, and information is carried out by the database management module Security maintenance;The management server provides the network operation interface being written and read to the application server, and customer can It operates on any machine on network;The authentication server is requestor's generation session key, and periodically from described The key of update is obtained in user program.
Preferably, the authentication server in dialup server and leaves authentication information concentratedly using charging is dialled in Radius server between certified transmission, authorization and configuration information agreement.
Preferably, controlled ports built in the application interface and uncontrolled port, wherein the uncontrolled port is located always In diconnected state, for transmitting EAP protocol packet;The controlled ports can be configured to the controlled two kinds of sides of bi-direction controlled, defeated people Formula, to adapt to different application environments.
Preferably, the client further includes WEB server, for register user by WEB mode to internet records into Row inquiry, system manager are counted and are managed by price bidding of the WEB server to registration user.
Preferably, specific step is as follows for the implementation method:
S1: sending certification request to authenticator pae, input security parameter k, is carried out just using KGC operation algorithm to system Beginningization;
S2: receiving the EAP Request of authenticator pae, and carries out response, and KGC is after the identity for confirming user, input system ginseng The status identifier ID of number params, master key master-key and a userA, IDA∈{0,1}*, calculate qA=H1(IDA) ∈G1And return to the part private key D of userA=(s+qA)-1 p∈G1, then by DAUser is sent to by safe lane;
S3: the secret value x of user is inputtedA, public key RAWith part private key DA, calculateAnd SA=(xA+ yA)-1DA∈G1, and return to the private key SK of userA=SA
S4: input message plaintext m ∈ M, signer identity IDA, private key SAAnd system parameter params, nothing is carried out to system Certificate signature;
S5: verifying the information of input, if passing through, completes authentication protocol, if not passing through, return step S2 into Row is verified again.
Preferably, KGC algorithm are as follows: output < G1, G2, e >, wherein G1And G2It is two q rank cyclic groups, e:G1×G2→G2It is One bilinear map selects a random numberAnd G1A generation member P ∈ G1, calculate Ppub=sP and g=e (p, P), three cryptographic Hash functions are selected WithAnd open system parameter Params=< G1, G2, e, q, g, P, Ppub, H1, H2, H3>, message space is M={ 0,1 }*, system master key master-key is
Preferably, the algorithm when carrying out without certificate signature operates to one random number of selectionCalculate U=gr=e (P, P)rIfCalculate V=(r+h) SA, σ=(U, V) is returned as signer A to the signature of m.
Preferably, when being verified, Q is calculatedA=(s+qA) P=Ppub+H1(IDA) P, yA=H2(RA) and h=H3(m, U), e (V, R are checkedA+yAQA)=UghWhether true, if equation is set up, otherwise verifier's output 1 exports 0.
Compared with prior art, the beneficial effects of the present invention are: the present invention is using no certificate signature system, signature verifier When verifying signature without verifying the validity of signer public key as under conventional public-key cryptographic system, it is not based on identity Key escrow in cryptographic system, using the related news of higher layer message format transmitting authentication public key, without understanding bottom Details, certification mode is highly-safe, good reliability, while there is good system to expand performance.
Detailed description of the invention
Fig. 1 is present system functional block diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment, it shall fall within the protection scope of the present invention.
Referring to Fig. 1, the present invention provides a kind of technical solution: a kind of Authentication protocol design based on common key cryptosystem, Including client, encrypting module, user program, authentication server, management server, application server, application interface, it is System database, database management module;
The client includes supporting the network equipment and radius server of IEEE8 0.21X agreement, for online The access of user carries out certification control;The application interface provides the application and development interface of the client and application server, It includes creating or reading ID authentication request routine, the routine of safety or classified information is created;The encrypting module is used for will User identifier ID and its public key are bound, and carry out data encryption using key encryption block algorithm DES;The system database is for remembering Sensitive information, shared key and its failure period data of each user are recorded, and information is carried out by the database management module Security maintenance;The management server provides the network operation interface being written and read to the application server, and customer can It operates on any machine on network;The authentication server is requestor's generation session key, and periodically from described The key of update is obtained in user program.
Wherein, the authentication server in dialup server and leaves authentication information concentratedly using charging is dialled in Certified transmission between radius server, authorization and configuration information agreement, controlled ports built in the application interface and it is non-by Port is controlled, wherein the uncontrolled port is in diconnected state always, for transmitting EAP protocol packet;The controlled ports It can be configured to bi-direction controlled, the defeated controlled two ways of people, to adapt to different application environments, the client further includes WEB clothes Business device, inquires internet records by WEB mode for registering user, system manager passes through the WEB server pair The price bidding of registration user is counted and is managed.
The present invention also provides a kind of implementation methods of Authentication protocol design based on common key cryptosystem, and specific steps are such as Under:
S1: sending certification request to authenticator pae, input security parameter k, is carried out just using KGC operation algorithm to system Beginningization, KGC algorithm are as follows: output < G1, G2, e >, wherein G1And G2It is two q rank cyclic groups, e:G1×G2→G2It is a bilinearity Mapping, selects a random numberAnd G1A generation member P ∈ G1, calculate Ppub=sP and g=e (p, p) selects three Cryptographic Hash function WithAnd open system parameter params=< G1, G2, e, q, g, P, Ppub, H1, H2, H3>, message space is M={ 0,1 }*, system master key master-key is
S2: receiving the EAP Request of authenticator pae, and carries out response, and KGC is after the identity for confirming user, input system ginseng The status identifier ID of number params, master key master-key and a userA, IDA∈{0,1}*, calculate qA=H1(IDA) ∈G1And return to the part private key D of userA=(s+qA)-1p∈G1, then by DAUser is sent to by safe lane;
S3: the secret value x of user is inputtedA, public key RAWith part private key DA, calculateAnd SA=(xA+ yA)-1DA∈G1, and return to the private key SK of userA=SA
S4: input message plaintext m ∈ M, signer identity IDA, private key SAAnd system parameter params, nothing is carried out to system Certificate signature, the algorithm when carrying out without certificate signature operate to one random number of selectionCalculate U=gr=e (P, P)r, IfCalculate V=(r+h) SA, σ=(U, V) is returned as signer A to the signature of m;
S5: verifying the information of input, if passing through, completes authentication protocol, if not passing through, return step S2 into Row is verified again, when being verified, calculates QA=(s+qA) P=Ppub+H1(IDA) P, yA=H2(RA) and h=H3(m, U), inspection Look into e (V, RA+yAQA)=UghWhether true, if equation is set up, otherwise verifier's output 1 exports 0.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding And modification, the scope of the present invention is defined by the appended.

Claims (8)

1.一种基于公钥密码系统的认证协议设计,其特征在于:包括客户端、加密模块、用户程序、身份认证服务器、管理服务器、应用服务器、应用接口、系统数据库、数据库管理模块;1. A kind of authentication protocol design based on public key cryptosystem, it is characterized in that: comprise client end, encryption module, user program, identity authentication server, management server, application server, application interface, system database, database management module; 所述客户端包括支持IEEE8 0.21X协议的网络设备和RADIUS服务器,用于对上网用户的访问进行认证控制;所述应用接口提供所述客户端和应用服务器的应用开发接口,其包含创建或读取身份认证请求例程,创建安全或秘密消息的例程;所述加密模块用于将用户标识ID和其公钥绑定,采用密钥加密块算法DES进行数据加密;所述系统数据库用于记录每个用户的敏感信息、共享密钥及其失效期数据,并通过所述数据库管理模块进行信息安全维护;所述管理服务器提供对所述应用服务器进行读写的网络操作接口,其客户方可运行在网络上的任何机器上;所述身份认证服务器为请求者产生会话密钥,并定期从所述用户程序中获取更新的密钥。The client includes a network device and a RADIUS server supporting the IEEE8 0.21X protocol, which are used to authenticate and control the access of Internet users; the application interface provides the application development interface of the client and the application server, which includes creating or reading Get the identity authentication request routine, create a safe or secret message routine; the encryption module is used to bind the user ID and its public key, and use the key encryption block algorithm DES to encrypt data; the system database is used for Record each user's sensitive information, shared key and its expiration date data, and maintain information security through the database management module; the management server provides a network operation interface for reading and writing the application server, and its client side It can run on any machine on the network; the identity authentication server generates a session key for the requester, and periodically obtains an updated key from the user program. 2.根据权利要求1所述的一种基于公钥密码系统的认证协议设计,其特征在于:所述身份认证服务器采用拨入计费,在拨号服务器和集中存放认证信息的RADIUS服务器之间传输认证、授权和配置信息的协议。2. a kind of authentication protocol design based on public key cryptosystem according to claim 1, is characterized in that: described identity authentication server adopts dial-in billing, transmits between the dial-up server and the RADIUS server that centrally stores authentication information A protocol for authentication, authorization, and configuration information. 3.根据权利要求1所述的一种基于公钥密码系统的认证协议设计,其特征在于:所述应用接口内置受控端口和非受控端口,其中所述非受控端口始终处于双向连通状态,用于传递EAP协议包;所述受控端口可配置为双向受控、输人受控两种方式,以适应不同的应用环境。3. A kind of authentication protocol design based on public key cryptosystem according to claim 1, characterized in that: said application interface has built-in controlled ports and uncontrolled ports, wherein said uncontrolled ports are always in bidirectional communication The state is used to transmit EAP protocol packets; the controlled port can be configured as two-way controlled and input controlled to adapt to different application environments. 4.根据权利要求1所述的一种基于公钥密码系统的认证协议设计,其特征在于:所述客户端还包括WEB服务器,用于注册用户通过WEB方式对上网记录进行查询,系统管理员通过所述WEB服务器对注册用户的上网情况进行统计和管理。4. a kind of authentication protocol design based on public key cryptosystem according to claim 1, it is characterized in that: described client also comprises WEB server, is used for registered user to query online record by WEB mode, system administrator Through the WEB server, statistics and management are performed on the online status of the registered users. 5.一种基于公钥密码系统的认证协议设计的实现方法,其特征在于:该实现方法的具体步骤如下:5. an implementation method based on the authentication protocol design of public key cryptosystem, it is characterized in that: the concrete steps of this implementation method are as follows: S1:向认证者PAE发送认证请求,输入安全参数k,采用KGC运行算法对系统进行初始化;S1: Send an authentication request to the authenticator PAE, input the security parameter k, and use the KGC operation algorithm to initialize the system; S2:接收认证者PAE的EAP请求,并进行应答,KGC在证实用户的身份后,输入系统参数params、主密钥master-key和一个用户的身份识别符IDA,IDA∈{0,1}*,计算qA=H1(IDA)∈G1并返回用户的部分私钥DA=(s+qA)-1p∈G1,然后将DA通过安全信道传送给用户;S2: Receive the EAP request from the authenticator PAE and respond. After confirming the identity of the user, the KGC enters the system parameters params, the master key master-key and a user's identity identifier ID A , ID A ∈ {0,1 } * , calculate q A =H 1 (ID A )∈G 1 and return the user's partial private key D A =(s+q A ) -1 p∈G 1 , and then transmit D A to the user through a secure channel; S3:输入用户的秘密值xA、公钥RA和部分私钥DA,计算和SA=(xA+yA)-1DA∈G1,并返回用户的私钥SKA=SAS3: Input the user's secret value x A , public key R A and part of the private key D A , and calculate Sum S A =(x A +y A ) -1 D A ∈ G 1 , and return the user's private key SK A = S A ; S4:输入消息明文m∈M、签名者身份IDA、私钥SA及系统参数params,对系统进行无证书签名;S4: Input message plaintext m∈M, signer ID A , private key S A and system parameters params, and sign the system without a certificate; S5:对输入的信息进行验证,若通过,则完成认证协议,若不通过,则返回步骤S2进行重新验证。S5: Verify the input information, if it passes, then complete the authentication protocol, if not, return to step S2 for re-verification. 6.根据权利要求5所述的一种基于公钥密码系统的认证协议设计的实现方法,其特征在于:所述步骤S1中,KGC算法为:输出&lt;G1,G2,e&gt;,其中G1和G2是两个q阶循环群,e:G1×G2→G2是一个双线性映射,选择一个随机数和G1的一个生成元P∈G1,计算Ppub=sP和g=e(p,p),选择三个密码学哈希函数并公开系统参数params=&lt;G1,G2,e,q,g,P,Ppub,H1,H2,H3&gt;,消息空间为M={0,1}*,系统主密钥master-key为 6. A method for realizing the design of an authentication protocol based on a public key cryptosystem according to claim 5, characterized in that: in the step S1, the KGC algorithm is: output &lt;G 1 , G 2 , e&gt;, where G 1 and G 2 are two cyclic groups of order q, e: G 1 ×G 2 →G 2 is a bilinear map, choose a random number and a generator P∈G 1 of G 1 , calculate P pub =sP and g=e(p,p), choose three cryptographic hash functions and And disclose the system parameters params=&lt;G 1 , G 2 , e, q, g, P, P pub , H 1 , H 2 , H 3 &gt;, the message space is M={0, 1} * , the system master The key master-key is 7.根据权利要求5所述的一种基于公钥密码系统的认证协议设计的实现方法,其特征在于:所述步骤S4中,在进行无证书签名时的算法运行为选择一个随机数计算U=gr=e(P,P)r,设计算V=(r+h)SA,返回σ=(U,V)作为签名者A对m的签名。7. A method for realizing the design of an authentication protocol based on a public key cryptosystem according to claim 5, characterized in that: in the step S4, the algorithm operation when performing certificateless signature is to select a random number Calculate U=g r =e(P,P) r , let Compute V=(r+h) SA and return σ=(U,V) as signer A's signature on m. 8.根据权利要求5所述的一种基于公钥密码系统的认证协议设计的实现方法,其特征在于:所述步骤S5中,在进行验证时,计算QA=(s+qA)P=Ppub+H1(IDA)P,yA=H2(RA)及h=H3(m,U),检查e(V,RA+yAQA)=Ugh是否成立,若等式成立,验证者输出1,否则输出0。8. A kind of realization method based on the authentication protocol design of public key cryptosystem according to claim 5, it is characterized in that: in described step S5, when verifying, calculate Q A =(s+q A )P =P pub +H 1 (ID A )P, y A =H 2 ( RA ) and h=H 3 (m, U), check whether e(V, RA +y A Q A )=Ug h holds true , if the equality holds, the verifier outputs 1, otherwise it outputs 0.
CN201810858536.5A 2018-07-31 2018-07-31 A kind of Authentication protocol design and its implementation based on common key cryptosystem Pending CN109104288A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810858536.5A CN109104288A (en) 2018-07-31 2018-07-31 A kind of Authentication protocol design and its implementation based on common key cryptosystem

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810858536.5A CN109104288A (en) 2018-07-31 2018-07-31 A kind of Authentication protocol design and its implementation based on common key cryptosystem

Publications (1)

Publication Number Publication Date
CN109104288A true CN109104288A (en) 2018-12-28

Family

ID=64847968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810858536.5A Pending CN109104288A (en) 2018-07-31 2018-07-31 A kind of Authentication protocol design and its implementation based on common key cryptosystem

Country Status (1)

Country Link
CN (1) CN109104288A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111601072A (en) * 2020-04-07 2020-08-28 青岛奥利普自动化控制系统有限公司 SCADA-based data processing method and device
CN113162949A (en) * 2021-05-13 2021-07-23 北京工业大学 Cross-domain identity authentication scheme of industrial Internet of things equipment based on block chain
CN114205171A (en) * 2021-12-21 2022-03-18 安徽安联云服务有限公司 Internet of things paas platform system
CN114650165A (en) * 2022-01-28 2022-06-21 国网江苏省电力有限公司南京供电分公司 System security control method based on network slice and certificateless public key cryptosystem

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060168648A1 (en) * 2005-01-26 2006-07-27 Lockdown Networks, Inc. Enabling dynamic authentication with different protocols on the same port for a switch
CN101272379A (en) * 2008-05-13 2008-09-24 武汉理工大学 An Improved Method Based on IEEE802.1x Security Authentication Protocol
CN106936584A (en) * 2017-03-08 2017-07-07 平顶山学院 A kind of building method without CertPubKey cryptographic system
CN107819780A (en) * 2017-11-22 2018-03-20 国网山东省电力公司 A kind of method for network authorization based on 802.1x
US20180176775A1 (en) * 2016-12-21 2018-06-21 T-Mobile Usa, Inc. Network operation and trusted execution environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060168648A1 (en) * 2005-01-26 2006-07-27 Lockdown Networks, Inc. Enabling dynamic authentication with different protocols on the same port for a switch
CN101272379A (en) * 2008-05-13 2008-09-24 武汉理工大学 An Improved Method Based on IEEE802.1x Security Authentication Protocol
US20180176775A1 (en) * 2016-12-21 2018-06-21 T-Mobile Usa, Inc. Network operation and trusted execution environment
CN106936584A (en) * 2017-03-08 2017-07-07 平顶山学院 A kind of building method without CertPubKey cryptographic system
CN107819780A (en) * 2017-11-22 2018-03-20 国网山东省电力公司 A kind of method for network authorization based on 802.1x

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
曹璞: "基于公钥密码的Kerberos认证协议研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
杨慧谊: "基于802.1X协议网络认证技术研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111601072A (en) * 2020-04-07 2020-08-28 青岛奥利普自动化控制系统有限公司 SCADA-based data processing method and device
CN111601072B (en) * 2020-04-07 2023-03-24 青岛奥利普奇智智能工业技术有限公司 SCADA-based data processing method and device
CN113162949A (en) * 2021-05-13 2021-07-23 北京工业大学 Cross-domain identity authentication scheme of industrial Internet of things equipment based on block chain
CN114205171A (en) * 2021-12-21 2022-03-18 安徽安联云服务有限公司 Internet of things paas platform system
CN114650165A (en) * 2022-01-28 2022-06-21 国网江苏省电力有限公司南京供电分公司 System security control method based on network slice and certificateless public key cryptosystem
CN114650165B (en) * 2022-01-28 2023-09-15 国网江苏省电力有限公司南京供电分公司 System security control method based on network slice and certificate-free public key cryptosystem

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
CN104219056B (en) Privacy protection type real-time electric charge collecting method for intelligent power grid
Horn et al. Authentication protocols for mobile network environment value-added services
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN103354498A (en) Identity-based file encryption transmission method
CN112202544B (en) A Smart Grid Data Security Aggregation Method Based on Paillier Homomorphic Encryption Algorithm
CN109104288A (en) A kind of Authentication protocol design and its implementation based on common key cryptosystem
CN109711184A (en) Block chain data access control method and device based on attribute encryption
CN114254284B (en) Digital certificate generation and identity authentication method, quantum CA authentication center and system
CN109243020A (en) A kind of smart lock identity identifying method based on no certificate
CN106411999A (en) Cloud storage key generation method, cloud data storage method and auditing methods
CN106487786A (en) A kind of cloud data integrity verification method based on biological characteristic and system
Li et al. Practical deniable authentication for pervasive computing environments
Chang et al. An anonymous voting mechanism based on the key exchange protocol
JP4973193B2 (en) Restricted blind signature system
Mateu et al. Constructing credential-based E-voting systems from offline E-coin protocols
Pavithran et al. Towards creating public key authentication for IoT blockchain
CN107231353A (en) Batch authentication method based on binary tree in a kind of intelligent grid
Kumar et al. An anonymous and authenticated V2I communication with a simplified user revocation and re-registration strategy
Zwierko et al. A light-weight e-voting system with distributed trust
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN117544393A (en) Cloud-edge cooperative data secure storage system and method based on blockchain technology
Quercia et al. Tata: Towards anonymous trusted authentication
CN108923923A (en) A kind of design and its implementation of the code key agreement protocol based on trusted third party

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181228