CN102761868B - Security access authentication method under space network condition - Google Patents
Security access authentication method under space network condition Download PDFInfo
- Publication number
- CN102761868B CN102761868B CN201210128113.0A CN201210128113A CN102761868B CN 102761868 B CN102761868 B CN 102761868B CN 201210128113 A CN201210128113 A CN 201210128113A CN 102761868 B CN102761868 B CN 102761868B
- Authority
- CN
- China
- Prior art keywords
- user
- information
- control center
- network
- network control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a security access authentication method under a space network condition. The method is as follows: initializing a space network authentication system to realize the authentication information interaction between mobile users of the space network and a network control center, between users, between a network control center of the space network and access points of the space network, and between the access points of the space network and the users, so as to realize the security access of the user in the space network.
Description
Technical field
The present invention relates to wireless communication technology field, particularly relate to Internet Transmission and access authentication method.
Background technology
Network security technology is a very important key support technology in spatial network research and application.On the one hand, spatial network has open link and the topological structure of dynamic change, is easily subject to attack and interference from different aspect; On the other hand, because spatial network may adopt existing computer network with standard network protocol or improved protocol, still face existing even larger network security threats.Therefore, the design of the access authentication method of spatial network become in the research and development process of spatial network in the urgent need to, only have further investigation correlation technique design safety solution and secure communication protocols, the fail safe of the whole Information Network system of guarantee, improves the ability that reply diverse network is attacked.
Spatial network access authentication technique is the active attack of system being carried out for preventing, as pretended, harass etc., this fail safe for various information systems in open environment is particularly important.The object of access authentication is that the sender of authorization information is legal, rather than pretend to be, entity authentication, comprises authentication and the identification of information source, the stay of two nights.Along with the development of wireless technology, network security access standard is increasing.We are in the urgent need to a kind of unified access authentication platform of compatible multiple network, for mixing the UNE of different access technologies, provide unified ID authentication mechanism, guarantee the intercommunication of heterogeneous network and for subscriber equipment provides continuous service, the access authentication model of existing space network and flow process are respectively as illustrated in fig. 1 and 2.
Therefore for guaranteeing the access security of spatial network, be necessary to design efficient safety access method.
Summary of the invention
Technical problem to be solved by this invention is: solve the safe access problem that cannot effectively realize user in spatial network.
The present invention, for the secure access authentication method providing under a kind of spatial network condition is provided, is characterized in that:
A, spatial network Verification System is carried out to initialization;
Between the mobile subscriber of B, implementation space network and the network control center, the authentication information of authentication information alternately and between user and user is mutual;
The authentication information of authentication information between C, implementation space network of network control centre and spatial network access point alternately and between spatial network access point and user is mutual.
In described steps A, at initial phase, first in spatial network, set up the cryptographic algorithm based on discrete logarithm system.By server, obtain user's log-on message, server for this reason user generates a signature with permanently effective private key, and infers its Public key according to this relevant information.This public key information can only be recovered by signing messages, and the private key information of server can only be recovered by this server.Before user and the network control center carry out exchanges data, user calculates message authentication code, and this authentication code is sent to the network control center at user's registration phase as the response with the network control center together with signing messages.When the network control center receives this message authentication codes, the network control center verifies the message authentication codes of receiving by user's Public key.If this message authentication codes is correct, the network control center infers the session key between the user of use Public key and corresponding temporary identity user, and the network control center is that this user generates a new temporary identity in next authentication phase.The session key that use is pushed off is encrypted this user's new temporary identity, and this encrypted information is sent to user as response, once user confirms this information, is correct, and verification process stops, as shown in Figure 3.
In described steps A, the network control center selects prime number p and has the multiplication group on the q rank based on discrete logarithm system
maker g, the large prime factor that wherein q is p-1, a permanently effective private key x selects in the network control center, 1≤x < q, corresponding Public key is y=g
x.
In described step B, realize between mobile subscriber and the network control center authentication information mutual.At user's registration phase, mobile subscriber sends access request to the network control center, and the network control center sends U to user
iD, T
iDand public key information, for thering is identity information U in spatial network
iDeach mobile subscriber U, the network control center is to initial temporary identity T of this user assignment
iD, when this initial temporary identity is each time after success identity, this initial temporary identity will be updated while once authenticating upper.Then the network control center carries out the registration process of following sub-step completing user: a. and selects random number k, 1≤k < q; B. calculate g
kmod p and s=h (U
iD) x+kr
-1mod q; C. generate user's public-key cryptography h (U
iD, k).The network control center is by U
iD, T
iDbe stored on user's smart card with public key information, and these information are issued to mobile subscriber U, then the network control center is by information { U
iD, T
iD, r, s} is stored in proof list.
In described step B, user and the authentication information between user of implementation space network are mutual.In user authentication phase, must be certified before a user and another user converse.To user's verification process, be: a. user sends information T to spatial network access point
iD, c; B. user side session key h (session key, T
iD); C. user's authentication code MAC (U of user side session key
iD, T
iD, session key), mobile subscriber sends information { T to space access point
iD, c}; D. when the access point of spatial network, receive user's authentication information { T
iD, c, } afterwards, the access point of spatial network is by user's authentication information { T
iD, c, } and self identity information be together transmitted to the network control center.
In described step C, the authentication information of realizing between the network control center and spatial network access point is mutual.The network control center forwards [T to spatial network access point
iD, T
iDnew]
skaccess point identity information with spatial network.Concrete steps are: a. network control center is by searching and T
iDproof list acquired information { the U that information is relevant
iD, r, s}; If equation b.
set up, need not verify user's request, otherwise, need user profile to verify; C. service regeulations s=h (U
iD) x+kr
-1mod q obtains k; D. calculate user's public-key cryptography h (U that may exist
iD, k) with session key h (user's public-key cryptography, T
iD); E. calculate the message authentication code MAC (U of the session key that may exist
iD, T
iD, the user conversation key that may exist), and confirm MAC (U
iD, T
iD, the user conversation key that may exist) whether equal MAC (U
iD, T
iD, session key), if the two is equal, mobile subscriber's request is successfully confirmed, if the two is unequal, user's authentication request is rejected; F. the network control center generates a new temporary identity information T for user
iDnew, and upgrade proof list, and send information { [T to the access point of spatial network
iD, T
iDnew], the identity information of spatial network access point }.
In described step C, the authentication information between implementation space Network Access Point and user is mutual.Spatial network access point sends information [T to user
iD, T
iDnew], when user receives this information, it uses session key to be decrypted this information, and by the T after deciphering
iDthe T of information and user's storage
iDinformation compares.Then in next user's request authentication stage, mobile subscriber uses T
iDnewreplace T
iD.
Beneficial effect of the present invention is: the secure access authentication method under a kind of spatial network condition is provided, the steps such as authentication information between authentication information between the mobile subscriber of initialization, implementation space network and the network control center mutual and user and user is mutual by spatial network Verification System is carried out, the authentication information of the authentication information between implementation space network of network control centre and spatial network access point alternately and between spatial network access point and user is mutual, have realized user's access security in spatial network.
Accompanying drawing explanation
Fig. 1 is the access authentication model of existing space network;
Fig. 2 is the access authentication schematic flow sheet of existing space network;
Fig. 3 is total workflow schematic diagram;
Embodiment
For achieving the above object, technical scheme of the present invention is as follows:
1. pair network authentication system carries out initialization.The cryptographic algorithm of model based on discrete logarithm system.By server, obtain user's log-on message, server for this reason user generates a signature with permanently effective private key, and infers its Public key according to this relevant information.This public key information can only be recovered by signing messages, and the private key information of server can only be recovered by this server.Before user and the network control center carry out exchanges data, user calculates message authentication code, and this authentication code is sent to the network control center at user's registration phase as the response with the network control center together with signing messages.When the network control center receives this message authentication codes, the network control center verifies the message authentication codes of receiving by user's Public key.If this message authentication codes is correct, the network control center infers the secret key of session between the user of use Public key and corresponding temporary identity user, and the network control center is that this user is at the raw new temporary identity of next authentication phase.The session key that use is pushed off is encrypted this user's new temporary identity, and this encrypted information is sent to user as response, once user confirms this information, is correct, and verification process stops.
2. at initial phase, prime number p is selected by the network control center, and has the multiplication group on the q rank based on discrete logarithm system
maker g, the large prime factor that q is p-1, a permanently effective private key x selects in the network control center, 1≤x < q, corresponding Public key is y=g
x.
3. realize between mobile subscriber and the network control center authentication information mutual.At user's registration phase, mobile subscriber sends access request to the network control center, and the network control center sends U to user
iD, T
iDand public-key cryptography, for thering is identity information U in system
iDeach mobile subscriber U, the network control center is to initial temporary identity T of this user assignment
iD, when this initial temporary identity is each time after success identity, this initial temporary identity will be updated while once authenticating upper.Then the network control center carries out the registration process of following sub-step completing user: a. and selects random number k, 1≤k < q; B. calculate g
kmod p and s=h (U
iD) x+kr
-1mod q; C. generate user's public-key cryptography h (U
iD, k).The network control center is by U
iD, T
iDbe stored on user's smart card with public-key cryptography, and these information are issued to mobile subscriber U, and the network control center is by information { U
iD, T
iD, r, s} is stored in proof list.
4. the authentication information of realizing between user and user is mutual.In user authentication phase, must be certified before a user and another user converse.To user's verification process, be: a. user sends information T to spatial network access point
iD, c, b. user side calculates the secret key h of session (the secret key of session, T
iD); C. user's authentication code MAC (U of user side session key
iD, T
iD, session key), mobile subscriber sends information { T to space access point
iD, c}; D. when the access point of spatial network, receive user's authentication information { T
iD, c, } afterwards, the access point of spatial network is by user's authentication information { T
iD, c, } and self identity information be together transmitted to the network control center.
5. the authentication information of realizing between the network control center and spatial network access point is mutual.The network control center forwards [T to spatial network access point
iD, T
iDnew]
skaccess point identity information with spatial network.Concrete steps are: a. network control center is by searching and T
iDproof list acquired information { the U that information is relevant
iD, r, s}; If equation b.
set up, need not verify user's request, otherwise, need user profile to verify; C. service regeulations s=h (U
iD) x+kr
-1mod q obtains k; D. calculate user's public-key cryptography h (U that may exist
iD, k) with session key h (user's public-key cryptography, T
iD); E. calculate the message authentication code MAC (U of the session key that may exist
iD, T
iD, the user conversation key that may exist), and confirm MAC (U
iD, T
iD, the user conversation key that may exist) whether equal MAC (U
iD, T
iD, session key), if the two is equal, mobile subscriber's request is successfully confirmed, if the two is unequal, user's authentication request is rejected; F. the network control center generates a new temporary identity information T for user
iDnew, and upgrade proof list, and send information { [T to the access point of spatial network
iD, T
iDnew], the identity information of spatial network access point }.
6. the authentication information between implementation space Network Access Point and user is mutual.Spatial network access point sends information [T to user
iD, T
iDnew].When user receives this information, it uses session key to be decrypted this information, and by the T after deciphering
iDthe T of information and user's storage
iDinformation compares.Then in next user's request authentication stage, mobile subscriber uses T
iDnewreplace T
iD.
Claims (3)
1. the secure access authentication method under spatial network condition, solves the safe access problem that cannot effectively realize user in spatial network, comprises the steps:
A, spatial network Verification System is carried out to initialization, be specially at initial phase, first in spatial network, set up the cryptographic algorithm based on discrete logarithm system, by server, obtain user's log-on message, server for this reason user generates a signature with permanently effective private key, and infer its Public key according to this relevant information, this public key information can only be recovered by signing messages, and the private key information of server can only be recovered by this server, before user and the network control center carry out exchanges data, user calculates message authentication code, this authentication code is sent to the network control center at user's registration phase as the response with the network control center together with signing messages, when the network control center receives this message authentication codes, the network control center verifies the message authentication codes of receiving by user's Public key, if this message authentication codes is correct, the network control center is to being used the user of Public key and the session key between corresponding temporary identity user to infer, and the network control center is that this user generates a new temporary identity in next authentication phase, the session key that use is pushed off is encrypted this user's new temporary identity, and this encrypted information is sent to user as response, once it is correct that user confirms this information, verification process stops, the network control center selects prime number p and has the multiplication group on the q rank based on discrete logarithm system
maker g, the large prime factor that wherein q is p-1, a permanently effective private key x selects in the network control center, 1≤x < q, corresponding Public key is y=g
x,
Between the mobile subscriber of B, implementation space network and the network control center, the authentication information of authentication information alternately and between user and user is mutual, be specially that to realize between mobile subscriber and the network control center authentication information mutual, at user's registration phase, mobile subscriber sends access request to the network control center, and the network control center sends U to user
iD, T
iDand public key information, for thering is identity information U in spatial network
iDeach mobile subscriber U, the network control center is to initial temporary identity T of this user assignment
iDwhen this initial temporary identity is each time after success identity, this initial temporary identity will be updated while once authenticating upper, and then the network control center carries out the registration process of following sub-step completing user: a. and selects random number k, 1≤k < q; B. calculate g
kmod p and s=h (U
iD) x+kr
-1mod q; C. generate user's public-key cryptography h (U
iD, k), the network control center is by U
iD, T
iDbe stored on user's smart card with public key information, and these information are issued to mobile subscriber U, then the network control center is by information { U
iD, T
iD, r, s} is stored in proof list;
The authentication information of authentication information between C, implementation space network of network control centre and spatial network access point alternately and between spatial network access point and user is mutual, be specially the authentication information of realizing between the network control center and spatial network access point mutual, the network control center forwards [T to spatial network access point
iD, T
iDnew]
skwith the access point identity information of spatial network, concrete steps are: a. network control center is by searching and T
iDproof list acquired information { the U that information is relevant
iD, r, s}; If equation b.
set up, need not verify user's request, otherwise, need user profile to verify; C. service regeulations s=h (U
iD) x+kr
-1mod q obtains k; D. calculate user's public-key cryptography h (U that may exist
iD, k) with session key h (user's public-key cryptography, T
iD); E. calculate the message authentication code MAC (U of the session key that may exist
iD, T
iD, the user conversation key that may exist), and confirm MAC (U
iD, T
iD, the user conversation key that may exist) whether equal MAC (U
iD, T
iD, session key), if the two is equal, mobile subscriber's request is successfully confirmed, if the two is unequal, user's authentication request is rejected; F. the network control center generates a new temporary identity information T for user
iDnew, and upgrade proof list, and send information { [T to the access point of spatial network
iD, T
iDnew], the identity information of spatial network access point }.
2. according to the method for claim 1, for described step B, it is characterized in that: user and the authentication information between user of implementation space network are mutual, in user authentication phase, must be certified before a user and another user converse, to user's verification process, be: a. user sends information T to spatial network access point
iD, c; B. user side session key h (session key, T
iD); C. user's authentication code MAC (U of user side session key
iD, T
iD, session key), mobile subscriber sends information { T to space access point
iD, c}; D. when the access point of spatial network, receive user's authentication information { T
iD, c, } afterwards, the access point of spatial network is by user's authentication information { T
iD, c, } and self identity information be together transmitted to the network control center.
3. according to the method for claim 1, for described step C, it is characterized in that: the authentication information between implementation space Network Access Point and user is mutual, spatial network access point sends information [T to user
iD, T
iDnew], when user receives this information, it uses session key to be decrypted this information, and by the T after deciphering
iDthe T of information and user's storage
iDinformation compares, and then, in next user's request authentication stage, mobile subscriber uses T
iDnewreplace T
iD.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210128113.0A CN102761868B (en) | 2012-04-28 | 2012-04-28 | Security access authentication method under space network condition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210128113.0A CN102761868B (en) | 2012-04-28 | 2012-04-28 | Security access authentication method under space network condition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102761868A CN102761868A (en) | 2012-10-31 |
| CN102761868B true CN102761868B (en) | 2014-09-03 |
Family
ID=47056156
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210128113.0A Expired - Fee Related CN102761868B (en) | 2012-04-28 | 2012-04-28 | Security access authentication method under space network condition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102761868B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812367B (en) * | 2016-03-15 | 2018-08-17 | 浙江神州量子网络科技有限公司 | The Verification System and authentication method of network access equipment in a kind of quantum network |
| CN105827304B (en) * | 2016-03-21 | 2018-11-09 | 南京邮电大学 | Satellite network anonymous authentication method based on gateway station |
| CN117992941A (en) * | 2024-04-02 | 2024-05-07 | 广东创能科技股份有限公司 | Method for monitoring login state of self-service terminal and actively protecting security |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227480A (en) * | 2008-02-01 | 2008-07-23 | 张建中 | System, device and method for safely transmitting multidimensional address protocol data clustering |
| CN101527968A (en) * | 2009-04-09 | 2009-09-09 | 北京航空航天大学 | Interaction method between space network and ground network and communication protocol gateway |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
| US20100098093A1 (en) * | 2008-10-17 | 2010-04-22 | Ejzak Richard P | Method and system for IP Multimedia bearer path optimization through a succession of border gateways |
| US20100142542A1 (en) * | 2008-12-05 | 2010-06-10 | Social Communications Company | Pervasive realtime framework |
-
2012
- 2012-04-28 CN CN201210128113.0A patent/CN102761868B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227480A (en) * | 2008-02-01 | 2008-07-23 | 张建中 | System, device and method for safely transmitting multidimensional address protocol data clustering |
| US20100098093A1 (en) * | 2008-10-17 | 2010-04-22 | Ejzak Richard P | Method and system for IP Multimedia bearer path optimization through a succession of border gateways |
| US20100142542A1 (en) * | 2008-12-05 | 2010-06-10 | Social Communications Company | Pervasive realtime framework |
| CN101527968A (en) * | 2009-04-09 | 2009-09-09 | 北京航空航天大学 | Interaction method between space network and ground network and communication protocol gateway |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102761868A (en) | 2012-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8930704B2 (en) | Digital signature method and system | |
| CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
| CN108270571A (en) | Internet of Things identity authorization system and its method based on block chain | |
| CN111682938A (en) | Three-party authenticatable key agreement method facing centralized mobile positioning system | |
| CN109905877B (en) | Message verification method of communication network system, communication method and communication network system | |
| CN101814991B (en) | Mutual authentication method and system based on identity | |
| CN111416715B (en) | Quantum secret communication identity authentication system and method based on secret sharing | |
| CN105450623B (en) | A kind of access authentication method of electric car | |
| Liu et al. | An efficient certificateless remote anonymous authentication scheme for wireless body area networks | |
| CN109639731A (en) | The certification of multiple-factor Universal-Composability and service authorizing method, communications service system | |
| CN104954390A (en) | Cloud storage integrity detection method for recovering lost secret keys and system applying cloud storage integrity detection method | |
| KR101485747B1 (en) | Method of configuring a node, related node and configuration server | |
| CN106713236A (en) | End-to-end identity authentication and encryption method based on CPK identifier authentication | |
| CN111404664A (en) | Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN101867477B (en) | Sensor network session key establishing method | |
| CN102761868B (en) | Security access authentication method under space network condition | |
| CN106571913A (en) | Two-party authentication key negotiation method for power wireless private network | |
| CN111669275B (en) | Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment | |
| Li et al. | An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks | |
| CN102739660B (en) | Key exchange method for single sign on system | |
| CN109522689B (en) | Multi-factor body-building authentication method in mobile office environment | |
| KR101435399B1 (en) | Secure anonymous authentication scheme of security management system within cloud data center in wireless network environment | |
| CN113014376B (en) | Method for safety authentication between user and server | |
| CN105828330A (en) | Access method and access device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140903 Termination date: 20200428 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |