CN103281193A - Identity authentication method and system and data transmission method and device based on identity authentication system - Google Patents
Identity authentication method and system and data transmission method and device based on identity authentication system Download PDFInfo
- Publication number
- CN103281193A CN103281193A CN2013102173886A CN201310217388A CN103281193A CN 103281193 A CN103281193 A CN 103281193A CN 2013102173886 A CN2013102173886 A CN 2013102173886A CN 201310217388 A CN201310217388 A CN 201310217388A CN 103281193 A CN103281193 A CN 103281193A
- Authority
- CN
- China
- Prior art keywords
- session key
- server
- challenge information
- key
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 230000005540 biological transmission Effects 0.000 title claims abstract description 42
- 238000012795 verification Methods 0.000 claims abstract description 7
- 238000013475 authorization Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000012546 transfer Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 30
- 238000012886 linear function Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000003139 buffering effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 239000011248 coating agent Substances 0.000 description 1
- 238000000576 coating method Methods 0.000 description 1
- 238000013478 data encryption standard Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides an identity authentication method and system and a data transmission method and device based on the identity authentication system. The identity authentication method comprises the following steps: sending a request message of identity authentication to a server; receiving a key file returned by the server according to the request message; decrypting the key file; receiving a first session key sent by the server; decrypting the first session key; receiving challenge information which is generated and sent by the server and encrypted by adopting the first session key; decrypting the challenge information using the first session key. Compared with the simpler identity verification method in the prior art, the identity authentication method provided by the embodiment of the invention is safer, and further ensures the security of communication between the client and the server.
Description
Technical field
The invention belongs to the computer network communication technology field, be specifically related to a kind of identity identifying method, system and based on its data transmission method, device.
Background technology
Along with the high speed development of network technology, remote control technology more and more causes people's attention.Telemanagement desktop fastening means commonly used under the linux system has RDP(Remote Desktop Protocol, RDP), VNC(Virtual Network Computing, the virtual network computer), NX, SSH(Secure Shell, safety shell protocol) etc.VNC particularly importantly wherein, this software be based on RFB(Remote Frame Buffer, the remote frame buffering) agreement communicates.The RFB agreement is operated in the frame resilient coating, so professional platform independence is stronger.The RFB agreement is a kind of " thin-client " agreement, and VNC can reduce the requirement to client hardware; The VNC open source code, the user can constantly improve its function according to the demand of oneself; In addition, the bandwidth that VNC needs is lower, so VNC has obtained using widely.
The security mechanism that the RFB agreement provides self only comprises the client identity authentication function that adopts the random challenge response method to realize.Behind the RFB protocol version that the initial phase that client-requested connects, server and client are consulted to use, server is verified the identity of client.This authentication process itself is as follows: server produce one at random 16 byte datas and issue client, client is used user password as key and is used data encryption standard that data are encrypted, and data encrypted turned back to server in response, server is deciphered it with user password then.If the data that server deciphering back obtains and the data consistent of transmission then allow client and server to connect.
Above-mentioned this identification authentication mode is too simple, is unfavorable for the secure communication between client and the server.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of safe identity identifying method, with the fail safe that improves authentication between client and the server and then improve the fail safe of communicating by letter between client and the server.
For achieving the above object, one embodiment of the present of invention provide a kind of identity identifying method, and described method comprises:
Send the request message of authentication to server;
Receive the key file that described server returns according to described request message;
To described key file deciphering;
Receive first session key that described server generates and sends;
To described first session key deciphering;
Receive the challenge information of described first session key of employing that described server generates and sends;
Adopt described first session key that described challenge information is deciphered.
Preferably, before the challenge information of described first session key of employing that the described server of described reception generates and sends, described method also comprises:
Receive second session key that described server generates and sends;
To described second session key deciphering;
After described first session key of described employing was deciphered described challenge information, described method also comprised:
Receive the challenge information of described second session key of employing that described server generates and sends;
Adopt described second session key that described challenge information is deciphered.
Preferably, before the key file that described reception server sends, described method also comprises:
Connect with described server.
In addition, the embodiment of the invention also provides a kind of data transmission method based on above-mentioned identity identifying method, and described data transmission method comprises:
To described data utilize Hash operation message authentication code calculation check and;
With described verification with add described data to;
Adopt Advanced Encryption Standardalgorithm to described data encryption;
With described transfer of data to described server.
Preferably, described to described data utilize Hash operation message authentication code calculation check and before, described method also comprises:
Carry out initialization operation.
Correspondingly, the embodiment of the invention also provides a kind of identity authorization system, and described system comprises:
First transmitting element is used for to the request message of server transmission authentication;
First receiving element is used for receiving the key file that described server returns according to described request message;
First decrypting device is used for described key file deciphering;
Second receiving element is used for receiving first session key that described server generates and sends;
Second decrypting device is used for described first session key deciphering;
The 3rd receiving element be used for to receive the challenge information of described first session key of employing that described server generates and sends;
The 3rd decrypting device is used for adopting described first session key that described challenge information is deciphered.
Preferably, described system also comprises:
The 4th receiving element is used for receiving second session key that described server generates and sends;
The 4th decrypting device is used for described second session key deciphering;
The 5th receiving element be used for to receive the challenge information of described second session key of employing that described server generates and sends;
The 5th decrypting device is used for adopting described second session key that described challenge information is deciphered.
Preferably, described system also comprises:
Set up the unit, be used for connecting with described server.
Correspondingly, the embodiment of the invention also provides a kind of data transmission device based on above-mentioned identity authorization system, and described data transmission device comprises:
Computing unit, be used for to described data utilize Hash operation message authentication code calculation check and;
Adding device is used for described verification and adds described data to;
Ciphering unit is used for adopting Advanced Encryption Standardalgorithm to described data encryption;
Transmission unit is used for described transfer of data to described server.
Preferably, described system also comprises:
Performance element is used for carrying out initialization operation.
The identity identifying method, the system that provide according to the embodiment of the invention reach data transmission method, device based on it, the identity identifying method that the embodiment of the invention provides, the mode that adopts key file and session key to combine is finished the authentication between client and the server; Reception server generates and adopts the challenge information of session key, and the challenge information after this challenge information is deciphered and will be deciphered feeds back to server, and server judges that authentication was passed through when the challenge information that receives was consistent with the challenge information that sends.With respect to auth method fairly simple in the prior art, the identity identifying method of the embodiment of the invention is safer, and then has guaranteed the fail safe of communicating by letter between client and the server.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the identity identifying method that provides of the embodiment of the invention;
Fig. 2 is the schematic flow sheet of the identity identifying method that provides of the embodiment of the invention one;
Fig. 3 is the schematic flow sheet of the identity identifying method that provides of the embodiment of the invention two;
Fig. 4 is the structural representation of the identity authorization system that provides of the embodiment of the invention;
Fig. 5 is the schematic flow sheet of the data transmission method that provides of the embodiment of the invention;
Fig. 6 is the structural representation of the data transmission system that provides of the embodiment of the invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
For a kind of safer identity identifying method is provided, to solve in the prior art identity identifying method problem of safety inadequately, the invention provides following technical scheme.
The embodiment of the invention provides a kind of identity identifying method, and Fig. 1 shows the schematic flow sheet of this identity identifying method, and this identity identifying method may further comprise the steps:
Step S11: the request message that sends authentication to server.
After client and server connected, client at first needed to send to server the request message of authentication.Wherein, to connect only be that client and server can send condition of information mutually for client and server herein, is not that client and server send data mutually, and the state that communicates.
Step S12: the key file that reception server returns according to the request message that receives.
After server receives the request message of authentication, trigger it and produce a key file, this key file can be that the text of a character string or one section unencryption (perhaps encrypting) uses certain algorithm to produce ciphertext (or decrypted text).
In addition, after producing above-mentioned key file, can also further obtain the length x of this key file, and generate the length function L (x) of this key file, wherein L (x) can be linear function, preferably L (x) can be nonlinear function, and wherein the length x of key file has determined the content of given message is encrypted the complexity of (or deciphering).Concrete L (x) can decide according to actual user demand, does not do further restriction at this.
Step S13: to the key file deciphering that receives.
In a concrete example, can be at first key being carried out RSA(Ron Rivest, Adi Shamirh that preliminary treatment adopts the core encryption function that information is encrypted then and the initial of LenAdleman three people's names, a kind of public key encryption algorithm) private key is as the key file deciphering of decoding key to receiving.
Step S14: first session key through encrypting that reception server generates and sends.
Server can produce first session key by a random function, and encrypts this first session key by disclosed key (for example RSA PKI).
In addition, can also further obtain the length y of this first session key, the function that defines the length of first session key can be M (y), wherein function M (y) can be linear function, preferably function M (y) can be nonlinear function, and wherein the length y of first session key has determined the content of given message is encrypted the complexity of (or deciphering).Afterwards, server can together be sent to client with the function M (y) of the length of first session key and first session key.
Step S15: to first session key deciphering that receives.
When first session key adopts public key encryption, can adopt the private key corresponding with this PKI to the function deciphering of the length of first session key and this first session key.For example, when first session key adopts the RSA public key encryption, can adopt the first session key deciphering of RSA private key to receiving.
Step S16: the challenge information of above-mentioned first session key of the employing that reception server generates and sends.
Server generates challenge information, and adopts first session key that this challenge information is encrypted, and the challenge information after will encrypting subsequently is sent to client.
Step S17: adopt the challenge information deciphering of above-mentioned first session key to receiving.
Step S18: the challenge information after will deciphering is sent to server.
Step S19: server judges whether the challenge information that receives is consistent with the challenge information of transmission, if then authentication is passed through.
The identity identifying method that the embodiment of the invention provides, the mode that adopts key file and session key to combine is finished the authentication between client and the server; Reception server generates and adopts the challenge information of session key, and the challenge information after this challenge information is deciphered and will be deciphered feeds back to server, and server judges that authentication was passed through when the challenge information that receives was consistent with the challenge information that sends.With respect to auth method fairly simple in the prior art, the identity identifying method of the embodiment of the invention is safer, and then has guaranteed the fail safe of communicating by letter between client and the server.
Be the technical scheme of the identity identifying method of describing the embodiment of the invention in further detail, below be described in detail with the technical scheme of some concrete examples to the identity identifying method of the embodiment of the invention.
Embodiment one
Fig. 2 shows the schematic flow sheet of the identity identifying method of the embodiment of the invention one, and this method may further comprise the steps:
Step S201: client and server connect.
In the embodiment of the invention, client can be the VNC client, and server can be the VNC server.Particularly, client can be set up HTTP(Hypertext transport protocol with server, HTTP) connect or the Socket(socket) connect, wherein, to connect only be that client and server can send condition of information mutually for client and server herein, is not the state that client and server send data mutually, communicate.
Step S202: user end to server sends the request message of authentication.
Step S203: server generates corresponding key file according to the request message that receives.
After server receives the request message of authentication, trigger it and produce a key file, this key file can be that the text of a character string or one section unencryption (perhaps encrypting) uses certain algorithm to produce ciphertext (or decrypted text).Thereby the information that this key file is server will send to client is carried out the key file that the encryption of key produces, i.e. the form of information after encrypting.
In addition, can also further obtain the length x of this key file, the function L (x) of the length x of key file further encrypts key file, can further improve the fail safe of authentication.Wherein function L (x) can be linear function, and preferably function L (x) can be nonlinear function.
Step S204: server is sent to client with key file.
Step S205: the key file deciphering of client to receiving.
At first key being carried out preliminary treatment adopts the core encryption function that information is encrypted then, this algorithm consumes memory is few, speed very fast and can select different key file length that different level of securitys is set, therefore in a concrete example, can adopt the RSA private key of this algorithm for encryption as the key file deciphering of decoding key to receiving.
Step S206: server generates first session key, to this first session key.
Key file is sent to after the client, and server can produce first session key by a random function, and encrypts this first session key by disclosed key (for example RSA PKI).
In addition, server can also further obtain the length y of this first session key, and the function that defines the first session key length can be M (y), and wherein function M (y) can be linear function, and preferably function M (y) can be nonlinear function.
Step S207: server is sent to client with first session key.
Particularly, server can be sent to client with first session key behind the employing public key encryption.
In addition, when server further obtained the function M (y) of length of this first session key, server can also be when first session key is sent to client be sent to client with the function M (y) of the length of first session key.
Step S208: the first session key deciphering of client to receiving.
Particularly, client can adopt the first session key deciphering of RSA private key to receiving.
Step S209: server generates challenge information, and adopts first session key that this challenge information is encrypted.
Step S210: the challenge information after server will be encrypted is sent to client.
Step S211: the challenge information deciphering of customer end adopted first session key to receiving.
Step S212: the challenge information after client will be deciphered is sent to server.
Step S213: server judges whether the challenge information that receives is consistent with the challenge information of transmission, if then authentication is passed through.
The identity identifying method that the embodiment of the invention one provides, the mode that adopts key file and session key to combine is finished the authentication between client and the server; The client reception server generates and adopts the challenge information of session key, to the deciphering of this challenge information and the challenge information after will decipher feed back to server, authentication was passed through when the challenge information that the server judgement receives was consistent with the challenge information that sends.The identity identifying method of the embodiment of the invention is safer, and then guaranteed the fail safe of communicating by letter between client and the server.
Above-described embodiment one provides key file with the mode that a session key (i.e. first session key) combines client and server to be carried out authentication.In addition, be further to improve the fail safe of authentication, the mode that can also adopt key file to combine with two session keys is carried out authentication to client and server, below is described in detail in embodiment two.
Embodiment two
Fig. 3 shows the schematic flow sheet of method of the authentication of the embodiment of the invention two, and this method may further comprise the steps:
Need to prove that the step S301 among the embodiment two~step S308 is identical with step S201~step S208 among the embodiment one, does not repeat them here, related content sees also the description among the embodiment one.
Step S309: server generates second session key, to this second session key.
First session key is sent to after the client, and server can produce second session key by a random function, and encrypts this second session key by disclosed key (for example RSA PKI).
Further, server can also obtain the length z of this second session key, and the function that defines the second session key length can be N (z), and wherein function N (z) can be linear function, and preferably function N (z) can be nonlinear function.
Step S310: server is sent to client with second session key.
Particularly, server can be sent to client with second session key behind the employing public key encryption.
In addition, server can also together be sent to client with the function N (z) of the length of second session key.
Step S311: the second session key deciphering of client to receiving.
Particularly, client can adopt the second session key deciphering of RSA private key to receiving.
Step S312: server generates first challenge information, and adopts first session key that this first challenge information is encrypted.
Step S313: first challenge information after server will be encrypted is sent to client.
Step S314: the first challenge information deciphering of customer end adopted first session key to receiving.
Step S315: first challenge information after will deciphering is sent to server.
Step S316: after server is determined the challenge information that receives and the challenge information of transmission is consistent, generate second challenge information, and adopt second session key that this second challenge information is encrypted.
Step S317: second challenge information after server will be encrypted is sent to client.
Step S318: the second challenge information deciphering of customer end adopted second session key to receiving.
Step S319: second challenge information after client will be deciphered is sent to server.
Step S320: server judges whether second challenge information that receives is consistent with second challenge information of transmission, if then authentication is passed through.
The embodiment of the invention two provides the method for carrying out authentication between client and the server, the mode that this method adopts key file to combine with two session keys; Reception server generates and adopts the challenge information of session key, and the challenge information after this challenge information is deciphered and will be deciphered feeds back to server, and server judges that authentication was passed through when the challenge information that receives was consistent with the challenge information that sends.With respect to auth method fairly simple in the prior art, the identity identifying method of the embodiment of the invention is safer, and then has guaranteed the fail safe of communicating by letter between client and the server.
Correspondingly, the embodiment of the invention also provides a kind of identity authorization system, and Fig. 4 shows the structural representation of this identity authorization system 400, and this identity authorization system comprises following structure:
First transmitting element 401 is used for to the request message of server transmission authentication;
First receiving element 402 is used for receiving the key file that described server returns according to described request message;
First decrypting device 403 is used for described key file deciphering;
Second receiving element 404 is used for receiving first session key that described server generates and sends;
Second decrypting device 405 is used for described first session key deciphering;
The 3rd receiving element 406 be used for to receive the challenge information of described first session key of employing that described server generates and sends;
The 3rd decrypting device 407 is used for adopting described first session key that described challenge information is deciphered.
In addition, the identity authorization system in the embodiment of the invention can also comprise following structure:
The 4th receiving element is used for receiving second session key that described server generates and sends;
The 4th decrypting device is used for described second session key deciphering;
The 5th receiving element be used for to receive the challenge information of described second session key of employing that described server generates and sends;
The 5th decrypting device is used for adopting described second session key that described challenge information is deciphered.
Set up the unit, be used for connecting with described server.
In the prior art, after authentication was finished between client and the server, the transfer of data between client and the server normally adopted unencrypted expressly to carry out, and this mode causes the leakage of data in the transmission course easily.For this reason, the embodiment of the invention also provides a kind of data transmission method based on above-mentioned identity identifying method, and Fig. 5 shows the schematic flow sheet of this data transmission method, and this data transmission method may further comprise the steps:
Step S51: client to needs be transferred to data in server utilize Hash operation message authentication code calculation check and.
Adopt HMAC(Hash-based Message Authentication Code, the Hash operation message authentication code that key is relevant) to needs be transferred to the data in server calculation check and.
Step S52: with the verification that calculates with add above-mentioned data to.
Step S53: adopt AES(Advanced Encryption Standard, Advanced Encryption Standard) algorithm is encrypted above-mentioned data.
Step S54: data encrypted is transferred to server.
In addition, before execution in step S51, can also at first carry out initialization operation, comprise: client initialization, and announcement server; The server initialization, and with the attribute of server notice client, the attribute of server can comprise width, height and pixel of frame buffering etc.
The data transmission method that the embodiment of the invention provides, adopting Hash operation message authentication code and AES to encrypt the mode that combines before the transmission data encrypts data, guaranteed integrality and the confidentiality of data in the transmission course, avoided VNC software after connecting, the danger that the plaintext transmission of data is brought.
Correspondingly, the embodiment of the invention also provides a kind of data transmission device, and Fig. 6 shows the structural representation of this data transmission device 600, and this data transmission device can be based on the identity authorization system in above-described embodiment, and this data transmission device comprises following structure:
Computing unit 601, be used for to described data utilize Hash operation message authentication code calculation check and;
Adding device 602 is used for described verification and adds described data to;
Ciphering unit 603 is used for adopting aes algorithm to described data encryption;
Transmission unit 604 is used for described transfer of data to described server.
In addition, the data transmission device in the embodiment of the invention can also comprise:
Performance element is used for carrying out initialization operation.
Need to prove that the data transmission method in the embodiment of the invention can be used in combination with the identity identifying method in the above embodiment of the present invention.The such scheme of the embodiment of the invention has been realized the VNC client based on web, only need a browser and JRE(Java Runtime Environment, java running environment be installed in client) just can long-rangely be connected to the VNC server.
The above only is preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. an identity identifying method is characterized in that, described method comprises:
Send the request message of authentication to server;
Receive the key file that described server returns according to described request message;
To described key file deciphering;
Receive first session key that described server generates and sends;
To described first session key deciphering;
Receive the challenge information of described first session key of employing that described server generates and sends;
Adopt described first session key that described challenge information is deciphered.
2. identity identifying method according to claim 1 is characterized in that, before the challenge information of described first session key of employing that the described server of described reception generates and sends, described method also comprises:
Receive second session key that described server generates and sends;
To described second session key deciphering;
After described first session key of described employing was deciphered described challenge information, described method also comprised:
Receive the challenge information of described second session key of employing that described server generates and sends;
Adopt described second session key that described challenge information is deciphered.
3. identity identifying method according to claim 1 and 2 is characterized in that, before the key file that described reception server sends, described method also comprises:
Connect with described server.
4. one kind based on the data transmission method as each described identity identifying method of claim 1-3, it is characterized in that described data transmission method comprises:
To described data utilize Hash operation message authentication code calculation check and;
With described verification with add described data to;
Adopt Advanced Encryption Standardalgorithm to described data encryption;
With described transfer of data to described server.
5. data transmission method according to claim 4 is characterized in that, described to described data utilize Hash operation message authentication code calculation check and before, described method also comprises:
Carry out initialization operation.
6. an identity authorization system is characterized in that, described system comprises:
First transmitting element is used for to the request message of server transmission authentication;
First receiving element is used for receiving the key file that described server returns according to described request message;
First decrypting device is used for described key file deciphering;
Second receiving element is used for receiving first session key that described server generates and sends;
Second decrypting device is used for described first session key deciphering;
The 3rd receiving element be used for to receive the challenge information of described first session key of employing that described server generates and sends;
The 3rd decrypting device is used for adopting described first session key that described challenge information is deciphered.
7. identity authorization system according to claim 6 is characterized in that, described system also comprises:
The 4th receiving element is used for receiving second session key that described server generates and sends;
The 4th decrypting device is used for described second session key deciphering;
The 5th receiving element be used for to receive the challenge information of described second session key of employing that described server generates and sends;
The 5th decrypting device is used for adopting described second session key that described challenge information is deciphered.
8. according to claim 6 or 7 described identity authorization systems, it is characterized in that described system also comprises:
Set up the unit, be used for connecting with described server.
9. one kind based on the data transmission device as each described identity authorization system of claim 6-8, it is characterized in that described data transmission device comprises:
Computing unit, be used for to described data utilize Hash operation message authentication code calculation check and;
Adding device is used for described verification and adds described data to;
Ciphering unit is used for adopting Advanced Encryption Standardalgorithm to described data encryption;
Transmission unit is used for described transfer of data to described server.
10. data transmission system according to claim 9 is characterized in that, described system also comprises:
Performance element is used for carrying out initialization operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310217388.6A CN103281193B (en) | 2013-06-03 | 2013-06-03 | Identity authentication method and system and data transmission method and device based on identity authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310217388.6A CN103281193B (en) | 2013-06-03 | 2013-06-03 | Identity authentication method and system and data transmission method and device based on identity authentication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103281193A true CN103281193A (en) | 2013-09-04 |
| CN103281193B CN103281193B (en) | 2016-08-17 |
Family
ID=49063651
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310217388.6A Active CN103281193B (en) | 2013-06-03 | 2013-06-03 | Identity authentication method and system and data transmission method and device based on identity authentication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103281193B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107005528A (en) * | 2014-11-12 | 2017-08-01 | 瑞典爱立信有限公司 | The wireless device hardware security system used for wireless frequency spectrum |
| CN107493253A (en) * | 2016-06-13 | 2017-12-19 | 上海复旦微电子集团股份有限公司 | Wireless radios, server and twireless radio-frequency communication system |
| CN108604336A (en) * | 2016-02-02 | 2018-09-28 | 科因普拉格株式会社 | The method and server of file are serviced and recorded by notarization service verification for providing the notarization to file |
| CN108604335A (en) * | 2016-02-02 | 2018-09-28 | 科因普拉格株式会社 | The method and server of file are serviced and recorded by notarization service verification for providing the notarization to file |
| CN108809933A (en) * | 2018-04-12 | 2018-11-13 | 北京奇艺世纪科技有限公司 | A kind of auth method, device and electronic equipment |
| CN110808829A (en) * | 2019-09-27 | 2020-02-18 | 国电南瑞科技股份有限公司 | SSH authentication method based on key distribution center |
| CN111245607A (en) * | 2020-01-07 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Networking method and system, network distribution equipment, client and server |
| CN111541660A (en) * | 2020-04-14 | 2020-08-14 | 深圳开源互联网安全技术有限公司 | Identity authentication method for remote vehicle control |
| CN111970227A (en) * | 2019-05-20 | 2020-11-20 | 茨特里克斯系统公司 | System and method for providing connection lease theft prevention function for virtual computing session |
| CN112615840A (en) * | 2020-12-11 | 2021-04-06 | 北京北信源软件股份有限公司 | Embedded equipment access authentication method and system |
| CN113572741A (en) * | 2021-06-30 | 2021-10-29 | 深圳市证通云计算有限公司 | Method for realizing safe data transmission based on SM2-SM3-SM4 algorithm |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5455863A (en) * | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
| CN101094063A (en) * | 2006-07-19 | 2007-12-26 | 中兴通讯股份有限公司 | Security interaction method for the roam terminals to access soft switching network system |
| CN101999221A (en) * | 2008-04-10 | 2011-03-30 | 阿尔卡特朗讯美国公司 | Methods and apparatus for authentication and identity management using a public key infrastructure (PKI) in an IP-based telephony environment |
-
2013
- 2013-06-03 CN CN201310217388.6A patent/CN103281193B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5455863A (en) * | 1993-06-29 | 1995-10-03 | Motorola, Inc. | Method and apparatus for efficient real-time authentication and encryption in a communication system |
| CN101094063A (en) * | 2006-07-19 | 2007-12-26 | 中兴通讯股份有限公司 | Security interaction method for the roam terminals to access soft switching network system |
| CN101999221A (en) * | 2008-04-10 | 2011-03-30 | 阿尔卡特朗讯美国公司 | Methods and apparatus for authentication and identity management using a public key infrastructure (PKI) in an IP-based telephony environment |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107005528A (en) * | 2014-11-12 | 2017-08-01 | 瑞典爱立信有限公司 | The wireless device hardware security system used for wireless frequency spectrum |
| CN108604336B (en) * | 2016-02-02 | 2022-01-28 | 科因普拉格株式会社 | Method and server for providing notarization service to files and verifying recorded files |
| CN108604336A (en) * | 2016-02-02 | 2018-09-28 | 科因普拉格株式会社 | The method and server of file are serviced and recorded by notarization service verification for providing the notarization to file |
| CN108604335A (en) * | 2016-02-02 | 2018-09-28 | 科因普拉格株式会社 | The method and server of file are serviced and recorded by notarization service verification for providing the notarization to file |
| CN108604335B (en) * | 2016-02-02 | 2022-01-28 | 科因普拉格株式会社 | Method and server for providing notarization service to files and verifying recorded files |
| CN107493253B (en) * | 2016-06-13 | 2020-09-22 | 上海复旦微电子集团股份有限公司 | Wireless radio frequency equipment, server and wireless radio frequency communication system |
| CN107493253A (en) * | 2016-06-13 | 2017-12-19 | 上海复旦微电子集团股份有限公司 | Wireless radios, server and twireless radio-frequency communication system |
| CN108809933A (en) * | 2018-04-12 | 2018-11-13 | 北京奇艺世纪科技有限公司 | A kind of auth method, device and electronic equipment |
| CN111970227A (en) * | 2019-05-20 | 2020-11-20 | 茨特里克斯系统公司 | System and method for providing connection lease theft prevention function for virtual computing session |
| CN110808829A (en) * | 2019-09-27 | 2020-02-18 | 国电南瑞科技股份有限公司 | SSH authentication method based on key distribution center |
| CN111245607A (en) * | 2020-01-07 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Networking method and system, network distribution equipment, client and server |
| CN111541660A (en) * | 2020-04-14 | 2020-08-14 | 深圳开源互联网安全技术有限公司 | Identity authentication method for remote vehicle control |
| CN111541660B (en) * | 2020-04-14 | 2022-08-09 | 深圳开源互联网安全技术有限公司 | Identity authentication method for remote vehicle control |
| CN112615840A (en) * | 2020-12-11 | 2021-04-06 | 北京北信源软件股份有限公司 | Embedded equipment access authentication method and system |
| CN112615840B (en) * | 2020-12-11 | 2023-05-26 | 北京北信源软件股份有限公司 | Method and system for authenticating admission of embedded equipment |
| CN113572741A (en) * | 2021-06-30 | 2021-10-29 | 深圳市证通云计算有限公司 | Method for realizing safe data transmission based on SM2-SM3-SM4 algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103281193B (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103281193A (en) | Identity authentication method and system and data transmission method and device based on identity authentication system | |
| KR101725847B1 (en) | Master key encryption functions for transmitter-receiver pairing as a countermeasure to thwart key recovery attacks | |
| US20170180367A1 (en) | System And Method For Encrypted And Authenticated Electronic Messaging Using A Central Address Book | |
| CN102196375A (en) | Securing out-of-band messages | |
| CN102333093A (en) | Data encryption transmission method and system | |
| CN102664898A (en) | Fingerprint identification-based encrypted transmission method, fingerprint identification-based encrypted transmission device and fingerprint identification-based encrypted transmission system | |
| US11057196B2 (en) | Establishing shared key data for wireless pairing | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN103036880A (en) | Network information transmission method, transmission equipment and transmission system | |
| CN109309566B (en) | Authentication method, device, system, equipment and storage medium | |
| US20110202772A1 (en) | Networked computer identity encryption and verification | |
| JP2019514314A (en) | Method, system and medium for using dynamic public key infrastructure to send and receive encrypted messages | |
| CN109362074A (en) | The method of h5 and server-side safety communication in a kind of mixed mode APP | |
| CN102404337A (en) | Data encryption method and device | |
| CN105119894A (en) | Communication system and communication method based on hardware safety module | |
| CN106161472A (en) | A kind of method of data encryption, Apparatus and system | |
| CN112713995A (en) | Dynamic communication key distribution method and device for terminal of Internet of things | |
| KR20180015667A (en) | Method and system for secure SMS communication | |
| CN109510711B (en) | Network communication method, server, client and system | |
| CN105187418B (en) | Weak signature algorithm | |
| CN107409043B (en) | Distributed processing of products based on centrally encrypted stored data | |
| CN104717213A (en) | Encryption and decryption method and system for network data transmission | |
| CN114785527B (en) | Data transmission method, device, equipment and storage medium | |
| CN113158218B (en) | Data encryption method and device and data decryption method and device | |
| WO2015124798A2 (en) | Method & system for enabling authenticated operation of a data processing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190117 Address after: 266101 Songling Road 169, Laoshan District, Qingdao City, Shandong Province Patentee after: Zhongke Xinyun Microelectronics Technology Co.,Ltd. Address before: No. 3, North Tu Cheng West Road, Chaoyang District, Beijing Patentee before: Institute of Microelectronics of the Chinese Academy of Sciences |