CN103856463A - Lightweight directory access protocol realizing method and device based on key exchange protocol - Google Patents
Lightweight directory access protocol realizing method and device based on key exchange protocol Download PDFInfo
- Publication number
- CN103856463A CN103856463A CN201210514666.XA CN201210514666A CN103856463A CN 103856463 A CN103856463 A CN 103856463A CN 201210514666 A CN201210514666 A CN 201210514666A CN 103856463 A CN103856463 A CN 103856463A
- Authority
- CN
- China
- Prior art keywords
- certificate
- ldap
- digital certificate
- client
- described ldap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides an information transmission method and system based on a key exchange protocol and a lightweight directory access protocol (LDAP). The method mainly comprises the steps that a secure channel based on the SM2 key exchange protocol is established in a negotiating mode with an SASL between an LDAP server and an LDAP client side; the LDAP client side encrypts information to be transmitted with a shared symmetric key obtained through negotiation and transmits the encrypted information to the LDAP server through the secure channel, and the LDAP server decrypts the encrypted information with the shared symmetric key obtained through negotiation. According to the method and system, by introducing the SM2 key exchange protocol algorithm into the authentication process for the client side to call the LDAP service, expansion of an existing LDAP security mechanism is achieved, the safety performance of the LDAP service is effectively improved, and the operation efficiency of the LDAP service is improved.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of LDAP(Lightweight Directory Access Protocol based on IKE, Light Directory Access Protocol) implementation method and device.
Background technology
LDAP is the current widely used agreement that directory service is provided on network.Ldap directory almost can be stored all types of data: e-mail address, DNS(Domain Name System, domain name system) information, NIS(Network Information Service, the network information service) mapping, security key, associated person information list and computer name etc.At PKI(Public KeyInfrastructure, PKIX) field, be mainly used in storing CA(certificateauthority, authentication center) the PKI digital certificate and the CRL(certificate revocation list that write, Certificate Revocation List) file.
High, the tree-shaped information management mode of search efficiency that has due to LDAP, distributed deployment framework and flexibly and the characteristics such as fine and smooth access control, make LDAP be widely used in management basic, critical information, as management of user profile, network resource information etc.As the supplier of directory service, the confidentiality of protection information and resource, integrality and avoid effective attack just to become the major issue of the secure context that LDAP must consider.
Present stage LDAP v3 is the LDAP version of main flow, and the authentication mechanism of its support has anonymous authentication, simple authentication and SASL(Simple Authentication and Security Layer, simple authentication and safe floor agreement) authentication.SASL is used for setting up a safe floor between the agreement based on link, is a framework that authenticates protection both sides secure communication between ldap server and LDAP client, and the authentication mechanism of consulting to adopt by some way through both sides is set up this authentication.SASL has defined multiple authentication mechanism, and LDAP v3 server and client can be used any one authentication mechanism.
Current ldap protocol does not also have the SASL of standard to realize, and because RSA Algorithm has major safety risks, causes the present great security threat of LDAP service facing.Therefore, on the basis of SASL framework, add safer mechanism, guarantee that fail safe, confidentiality that whole LDAP service is used are problem demanding prompt solutions.
Summary of the invention
Embodiments of the invention provide a kind of LDAP implementation method and device based on IKE, to improve the fail safe of LDAP service.
Based on an information transferring method for IKE and Light Directory Access Protocol, comprising:
Between ldap server and LDAP client, use SASL to consult to set up the escape way based on SM2 IKE;
The information that described LDAP client need to be transmitted with the shared symmetric key encryption negotiating, information exchange after encrypting is crossed to described escape way and be transferred to described ldap server, described ldap server is deciphered the information after described encryption with the shared symmetric key negotiating.
Based on an information transmission system for IKE and Light Directory Access Protocol, comprising:
LDAP client, be used for using SASL to consult to set up the escape way based on SM2 IKE between ldap server, the information that need to transmit with the shared symmetric key encryption negotiating, crosses described escape way by the information exchange after encrypting and is transferred to described ldap server;
Ldap server, for and LDAP client between use simple authentication and safe floor agreement SASL to consult to set up the escape way based on SM2 IKE, decipher the information after described encryption with the shared symmetric key negotiating.
The technical scheme being provided by the embodiment of the invention described above can be found out, the embodiment of the present invention is by being incorporated into SM2 IKE algorithm in the verification process of client call LDAP service, existing LDAP security mechanism is expanded, effectively improve the fail safe of LDAP service, improved the operation efficiency of LDAP service.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
A kind of information transferring method based on IKE and LDAP that Fig. 1 provides for the embodiment of the present invention one realize principle schematic;
The concrete handling process schematic diagram of a kind of information transferring method based on IKE and LDAP that Fig. 2 provides for the embodiment of the present invention one;
The concrete structure schematic diagram of a kind of information transmission system based on IKE and LDAP that Fig. 3 provides for the embodiment of the present invention three.
Embodiment
For ease of the understanding to the embodiment of the present invention, be further explained explanation below in conjunction with accompanying drawing as an example of several specific embodiments example, and each embodiment does not form the restriction to the embodiment of the present invention.
Embodiment mono-
A kind of information transferring method based on IKE and LDAP that this embodiment provides realize principle schematic as shown in Figure 1, concrete handling process schematic diagram as shown in Figure 2, comprises following treatment step:
Step 21, CA generate and issue digital certificate and the certificate chain of ldap server and LDAP client.
CA is according to the SM2 key pair of specifying in corresponding encryption equipment, generate digital certificate and the certificate chain of the SM2 algorithm of described ldap server and LDAP client, the digital certificate of described ldap server and certificate chain are sent to described ldap server, the digital certificate of the SM2 algorithm of described LDAP client and certificate chain are sent to described LDAP client.
Step 22, between ldap server and LDAP client mutually checking the other side's digital certificate, certificate chain and identity information, use SASL to consult to set up the escape way based on SM2 IKE.
SM2 algorithm is the public key algorithm based on elliptic curve, and SM2 algorithm is a kind of more advanced safe algorithm, can be used for replacing RSA Algorithm.The IKE of SM2 ellipse curve public key cipher algorithm, it is disclosed standard key exchange algorithm, can meet communicating pair through twice or optional tertiary information transmittance process, a common shared secret key (session key) using is by both party obtained in calculating, finally guarantees the safe and reliable of whole communication link.
Described LDAP client is by our SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value, and digital certificate, certificate chain and signing messages send to described ldap server;
Described ldap server is verified digital certificate, the certificate chain of described LDAP client, if be proved to be successful, SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value and the local data that described ldap server sends according to described LDAP client calculates SM1 and shares symmetric key, simultaneously by our SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value, and digital certificate, certificate chain and signing messages send to described LDAP client.
Digital certificate, the certificate chain of ldap server described in described LDAP client validation, if the verification passes, SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value and the local data that described LDAP client is sent according to described ldap server equally calculates SM1 and shares symmetric key.
Between described ldap server and described LDAP client, SASL negotiation communication is complete, sets up the escape way based on SM2 IKE.
The information that step 23, described LDAP client need to be transmitted with the shared symmetric key encryption negotiating, crosses described escape way by the information exchange after encrypting and is transferred to described ldap server.
Step 24, described ldap server are deciphered the information after described encryption with the shared symmetric key negotiating.
Further, the described ldap server in above-mentioned step 22 is verified digital certificate, the certificate chain of described LDAP client, comprising:
Described ldap server verifies whether the digital certificate of described LDAP client, certificate chain are the valid certificate that authentication center issues, and, whether the digital certificate of digital certificate, certificate chain and the described ldap server of described LDAP client, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described LDAP client are effective; Otherwise, determine that the digital certificate of described LDAP client, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described LDAP client;
After verifying that the digital certificate of described LDAP client, certificate chain are effectively, described ldap server obtains the authority information of described LDAP client from the digital certificate of described LDAP client, judge according to the authority information of described LDAP client whether described LDAP client has authority writing information to serve to LDAP, if so, described ldap server and described LDAP client are carried out follow-up security path foundation operation; Otherwise, return to authentication failure information to described LDAP client.
Further, digital certificate, the certificate chain of ldap server described in the described LDAP client validation in above-mentioned step 22, comprising:
Described in described LDAP client validation, whether the digital certificate of ldap server, certificate chain are the valid certificate that authentication center issues, and, whether the digital certificate of digital certificate, certificate chain and the described LDAP client of described ldap server, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described ldap server are effective; Otherwise, determine that the digital certificate of described ldap server, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described ldap server.
In embodiments of the present invention, the generation of key, management and computing are all carried out in hardware.
Embodiment bis-
This embodiment is using CA as LDAP client, and CA goes the handling process of calling ldap server issue CRL information to comprise following treatment step:
Steps A, CA, through initialization, according to the SM2 key pair of specifying in corresponding encryption equipment, generate digital certificate and the certificate chain of CA, and the digital certificate of CA and certificate chain are stored in to the encryption equipment file area of CA with the form of cryptographic key containers.
Step B, ldap server, according to the SM2 key pair of specifying in corresponding encryption equipment, generate the request of P10 digital certificate, and this P10 digital certificate request is sent to CA.CA, sends to ldap server by the digital certificate of ldap server and certificate chain, and is stored in the encryption equipment file area of CA with the form of cryptographic key containers generating digital certificate and the certificate chain of ldap server according to above-mentioned SM2 key.
Step C, CA keeper issue CRL list, and CA calls LDAP service, and CA and ldap server both sides utilize SASL negotiation communication information and security mechanism, prepare to set up the escape way based on SM2 IKE.
Between step D, ldap server and CA, use SASL to consult to set up the escape way based on SM2 IKE.
Described CA is by our SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value, and digital certificate, certificate chain and signing messages send to described ldap server;
Described ldap server is verified digital certificate, the certificate chain of described CA, if be proved to be successful, SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value and the local data that described ldap server sends according to described CA calculates SM 1 and shares symmetric key, simultaneously by our SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value, and digital certificate, certificate chain and signing messages send to described CA.
Described CA verifies digital certificate, the certificate chain of described ldap server, if the verification passes, SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value and the local data that described CA sends according to described ldap server equally calculates SM1 and shares symmetric key.
Further, described ldap server is verified the digital certificate of described CA, certificate chain, comprising:
Described ldap server verifies whether the digital certificate of described CA, certificate chain are the valid certificate that authentication center issues, and, whether the digital certificate of digital certificate, certificate chain and the described ldap server of described CA, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described CA are effective; Otherwise, determine that the digital certificate of described CA, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described CA;
After verifying that the digital certificate of described CA, certificate chain are effectively, described ldap server obtains the authority information of described CA from the digital certificate of described CA, judge according to the authority information of described CA whether described CA has authority writing information to serve to LDAP, if so, described ldap server and described CA carry out follow-up security path foundation operation; Otherwise, return to authentication failure information to described CA.
Described CA verifies digital certificate, the certificate chain of described ldap server, comprising:
Digital certificate and certificate chain that LDAP service end can send CA carry out verification, and this verification is for verifying the server certificate valid certificate whether issue at Wei Gai CA center of CA, and whether both sides' server certificate is in same authentication system.Return to failure to CA if certificate is invalid, otherwise enter identification.
Between described ldap server and described CA, SASL negotiation communication is complete, sets up the escape way based on SM2 IKE.
Step e, the SM1 symmetric key encryption CRL information of CA to negotiate send to ldap server on escape way;
The SM1 symmetric key that step F, LDAP calculate with one's own side, to the CRL decrypt ciphertext of obtaining, obtains CRL the source language message, and is published on LIST SERVER, and whole secure communication finishes.
Embodiment tri-
The structure chart of a kind of information transmission system based on IKE and LDAP that this embodiment provides as shown in Figure 3, comprises following module:
LDAP client 31, be used for using simple authentication and safe floor agreement SASL to consult to set up the escape way based on SM2 IKE between ldap server, the information that need to transmit with the shared symmetric key encryption negotiating, crosses described escape way by the information exchange after encrypting and is transferred to described ldap server;
Ldap server 32, for and LDAP client between use simple authentication and safe floor agreement SASL to consult to set up the escape way based on SM2 IKE, decipher the information after described encryption with the shared symmetric key negotiating.
Further, described system can also comprise:
Concrete, described LDAP client 31, also for our SM2 key agreement SM2 cipher key agreement algorithm is identified, elliptic curve point, we's PKI, random value, and digital certificate, certificate chain and signing messages send to described ldap server, verify the digital certificate of described ldap server, whether certificate chain is the valid certificate that authentication center issues, and, the digital certificate of described ldap server, the digital certificate of certificate chain and described LDAP client, whether certificate chain is in same authentication system, if, be verified, the SM2 key agreement SM2 cipher key agreement algorithm mark of sending according to described ldap server, elliptic curve point, we's PKI, random value and local data calculate SM1 and share symmetric key, and between described ldap server, SASL negotiation communication is complete, set up the escape way based on SM2 IKE, otherwise, determine that the digital certificate of described ldap server, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described ldap server.
Concrete, described ldap server 32, also for verifying the digital certificate of described LDAP client, certificate chain, if be proved to be successful, the SM2 cipher key agreement algorithm mark of sending according to described LDAP client, elliptic curve point, we's PKI, random value and local data calculate SM1 and share symmetric key, simultaneously by our SM2 cipher key agreement algorithm mark, elliptic curve point, we's PKI, random value, and digital certificate, certificate chain and signing messages send to described LDAP client, and between described LDAP client, SASL negotiation communication is complete, set up the escape way based on SM2 IKE.
Concrete, described ldap server 32, whether be also the valid certificate that authentication center issues for digital certificate, the certificate chain of verifying described LDAP client, and, whether the digital certificate of digital certificate, certificate chain and the described ldap server of described LDAP client, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described LDAP client are effective; Otherwise, determine that the digital certificate of described LDAP client, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described LDAP client;
After verifying that the digital certificate of described LDAP client, certificate chain are effectively, from the digital certificate of described LDAP client, obtain the authority information of described LDAP client, judge according to the authority information of described LDAP client whether described LDAP client has authority writing information to serve to LDAP, if so, described ldap server and described LDAP client are carried out follow-up security path foundation operation; Otherwise, return to authentication failure information to described LDAP client.
One of ordinary skill in the art will appreciate that: accompanying drawing is the schematic diagram of an embodiment, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
One of ordinary skill in the art will appreciate that: the module in the equipment in embodiment can be described and be distributed in the equipment of embodiment according to embodiment, also can carry out respective change and be arranged in the one or more equipment that are different from the present embodiment.The module of above-described embodiment can be merged into a module, also can further split into multiple submodules.
The detailed process and the preceding method embodiment that carry out the communication based on IKE and LDAP by the system of the embodiment of the present invention are similar, repeat no more herein.
In sum, the embodiment of the present invention is by being incorporated into SM2 IKE algorithm in the verification process of client call LDAP service, existing LDAP security mechanism is expanded, effectively promoted the fail safe of LDAP system, improved the operation efficiency of LDAP system.
In whole authentication and communication process, the embodiment of the present invention is by digital certificate is incorporated in communication process, and what LDAP client and service end were used is all the digital certificate of SM2 algorithm, and in realizing Diffie-Hellman, control is more convenient for conducting interviews.In addition, all need configuration to support encryption equipment or the encrypted card device of SM2 algorithm in service end and client, generation, management and the computing of key are all carried out in hardware, private key does not go out hardware, guarantee the safety of cipher key change, thereby guaranteed the fail safe of the higher level operations such as service is added to LDAP, deletion, modification.
The above; only for preferably embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. the information transferring method based on IKE and Light Directory Access Protocol, is characterized in that, comprising:
Between ldap server and LDAP client, use SASL to consult to set up the escape way based on SM2 IKE;
The information that described LDAP client need to be transmitted with the shared symmetric key encryption negotiating, information exchange after encrypting is crossed to described escape way and be transferred to described ldap server, described ldap server is deciphered the information after described encryption with the shared symmetric key negotiating.
2. the information transferring method based on IKE and Light Directory Access Protocol according to claim 1, it is characterized in that, described use between ldap server and LDAP client before SASL consults to set up the escape way based on SM2 IKE, comprising:
Authentication center is according to the SM2 key pair of specifying in corresponding encryption equipment, generate digital certificate and the certificate chain of the SM2 algorithm of described ldap server and LDAP client, the digital certificate of described ldap server and certificate chain are sent to described ldap server, the digital certificate of the SM2 algorithm of described LDAP client and certificate chain are sent to described LDAP client.
3. the information transferring method based on IKE and Light Directory Access Protocol according to claim 2, it is characterized in that, the described SASL that uses between ldap server and LDAP client consults to set up the escape way based on SM2 IKE, comprising:
Described LDAP client is by our SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value, and digital certificate, certificate chain and signing messages send to described ldap server;
Described ldap server is verified digital certificate, the certificate chain of described LDAP client, if be proved to be successful, SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value and the local data that described ldap server sends according to described LDAP client calculates SM1 and shares symmetric key, simultaneously by our SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value, and digital certificate, certificate chain and signing messages send to described LDAP client;
Digital certificate, the certificate chain of ldap server described in described LDAP client validation, if the verification passes, SM2 cipher key agreement algorithm mark, elliptic curve point, our PKI, random value and the local data that described LDAP client is sent according to described ldap server equally calculates SM1 and shares symmetric key;
Between described ldap server and described LDAP client, SASL negotiation communication is complete, sets up the escape way based on SM2 IKE.
4. the information transferring method based on IKE and Light Directory Access Protocol according to claim 3, is characterized in that, described ldap server is verified digital certificate, the certificate chain of described LDAP client, comprising:
Described ldap server verifies whether the digital certificate of described LDAP client, certificate chain are the valid certificate that authentication center issues, and, whether the digital certificate of digital certificate, certificate chain and the described ldap server of described LDAP client, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described LDAP client are effective; Otherwise, determine that the digital certificate of described LDAP client, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described LDAP client;
After verifying that the digital certificate of described LDAP client, certificate chain are effectively, described ldap server obtains the authority information of described LDAP client from the digital certificate of described LDAP client, judge according to the authority information of described LDAP client whether described LDAP client has authority writing information to serve to LDAP, if so, described ldap server and described LDAP client are carried out follow-up security path foundation operation; Otherwise, return to authentication failure information to described LDAP client.
5. the information transferring method based on IKE and Light Directory Access Protocol according to claim 3, is characterized in that, digital certificate, the certificate chain of ldap server described in described LDAP client validation, comprising:
Described in described LDAP client validation, whether the digital certificate of ldap server, certificate chain are the valid certificate that authentication center issues, and, whether the digital certificate of digital certificate, certificate chain and the described LDAP client of described ldap server, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described ldap server are effective; Otherwise, determine that the digital certificate of described ldap server, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described ldap server.
6. the information transmission system based on IKE and Light Directory Access Protocol, is characterized in that, comprising:
LDAP client, be used for using SASL to consult to set up the escape way based on SM2 IKE between ldap server, the information that need to transmit with the shared symmetric key encryption negotiating, crosses described escape way by the information exchange after encrypting and is transferred to described ldap server;
Ldap server, for and LDAP client between use SASL to consult to set up escape way based on SM2 IKE, decipher the information after described encryption with the shared symmetric key negotiating.
7. the information transmission system based on IKE and Light Directory Access Protocol according to claim 6, is characterized in that, described system also comprises:
Authentication center, for the SM2 key pair of specifying according to corresponding encryption equipment, generate digital certificate and the certificate chain of the SM2 algorithm of described ldap server and LDAP client, the digital certificate of described ldap server and certificate chain are sent to described ldap server, the digital certificate of the SM2 algorithm of described LDAP client and certificate chain are sent to described LDAP client.
8. according to the information transmission system based on IKE and Light Directory Access Protocol described in claim 6 or 7, it is characterized in that:
Described LDAP client, also for our SM2 cipher key agreement algorithm is identified, elliptic curve point, we's PKI, random value, and digital certificate, certificate chain and signing messages send to described ldap server, verify the digital certificate of described ldap server, whether certificate chain is the valid certificate that authentication center issues, and, the digital certificate of described ldap server, the digital certificate of certificate chain and described LDAP client, whether certificate chain is in same authentication system, if, be verified, the SM2 cipher key agreement algorithm mark of sending according to described ldap server, elliptic curve point, we's PKI, random value and local data calculate SM1 and share symmetric key, and between described ldap server, SASL negotiation communication is complete, set up the escape way based on SM2 IKE, otherwise, determine that the digital certificate of described ldap server, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described ldap server.
9. according to the information transmission system based on IKE and Light Directory Access Protocol described in claim 6 or 7, it is characterized in that:
Described ldap server, also for verifying the digital certificate of described LDAP client, certificate chain, if be proved to be successful, the SM2 cipher key agreement algorithm mark of sending according to described LDAP client, elliptic curve point, we's PKI, random value and local data calculate SM1 and share symmetric key, simultaneously by our SM2 cipher key agreement algorithm mark, elliptic curve point, we's PKI, random value, and digital certificate, certificate chain and signing messages send to described LDAP client, and between described LDAP client, SASL negotiation communication is complete, set up the escape way based on SM2 IKE.
10. the information transferring method based on IKE and Light Directory Access Protocol according to claim 9, is characterized in that:
Described ldap server, whether be also the valid certificate that authentication center issues for digital certificate, the certificate chain of verifying described LDAP client, and, whether the digital certificate of digital certificate, certificate chain and the described ldap server of described LDAP client, certificate chain be in same authentication system, if so, digital certificate, the certificate chain of definite described LDAP client are effective; Otherwise, determine that the digital certificate of described LDAP client, certificate chain are invalid, return to digital certificate, certificate chain authentication failed information to described LDAP client;
After verifying that the digital certificate of described LDAP client, certificate chain are effectively, from the digital certificate of described LDAP client, obtain the authority information of described LDAP client, judge according to the authority information of described LDAP client whether described LDAP client has authority writing information to serve to LDAP, if so, described ldap server and described LDAP client are carried out follow-up security path foundation operation; Otherwise, return to authentication failure information to described LDAP client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210514666.XA CN103856463A (en) | 2012-12-04 | 2012-12-04 | Lightweight directory access protocol realizing method and device based on key exchange protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210514666.XA CN103856463A (en) | 2012-12-04 | 2012-12-04 | Lightweight directory access protocol realizing method and device based on key exchange protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103856463A true CN103856463A (en) | 2014-06-11 |
Family
ID=50863683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210514666.XA Pending CN103856463A (en) | 2012-12-04 | 2012-12-04 | Lightweight directory access protocol realizing method and device based on key exchange protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103856463A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105933118A (en) * | 2016-06-13 | 2016-09-07 | 北京三未信安科技发展有限公司 | Communication method and system, PCI password card and remote management medium |
| CN106921481A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of system and method for tenant's division and purview certification based on PKI |
| CN111464557A (en) * | 2020-04-20 | 2020-07-28 | 北京太格时代自动化***设备有限公司 | Data acquisition control device with multi-protocol conversion |
| CN114745123A (en) * | 2022-06-10 | 2022-07-12 | 济南职业学院 | Industrial RFID (radio frequency identification) safety communication method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546650A (en) * | 2012-01-19 | 2012-07-04 | 北京工业大学 | End-to-end safety control method for wireless sensor network and internet intercommunication |
-
2012
- 2012-12-04 CN CN201210514666.XA patent/CN103856463A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546650A (en) * | 2012-01-19 | 2012-07-04 | 北京工业大学 | End-to-end safety control method for wireless sensor network and internet intercommunication |
Non-Patent Citations (2)
| Title |
|---|
| 王嘉佳等: "基于SASL 的LDAP 认证机制研究", 《电子科技》 * |
| 陆洁茹: "基于ECC的CA 认证中心研究与设计", 《苏州大学硕士学位论文》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106921481A (en) * | 2015-12-28 | 2017-07-04 | 航天信息股份有限公司 | A kind of system and method for tenant's division and purview certification based on PKI |
| CN105933118A (en) * | 2016-06-13 | 2016-09-07 | 北京三未信安科技发展有限公司 | Communication method and system, PCI password card and remote management medium |
| CN111464557A (en) * | 2020-04-20 | 2020-07-28 | 北京太格时代自动化***设备有限公司 | Data acquisition control device with multi-protocol conversion |
| CN114745123A (en) * | 2022-06-10 | 2022-07-12 | 济南职业学院 | Industrial RFID (radio frequency identification) safety communication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10243742B2 (en) | Method and system for accessing a device by a user | |
| US20220158832A1 (en) | Systems and Methods for Deployment, Management and Use of Dynamic Cipher Key Systems | |
| CN106161402B (en) | Encryption equipment key injected system, method and device based on cloud environment | |
| CN102970299B (en) | File safe protection system and method thereof | |
| WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| US20190052622A1 (en) | Device and method certificate generation | |
| JP2019533384A (en) | Data transmission method, apparatus and system | |
| CN103237038B (en) | A kind of two-way networking authentication method based on digital certificate | |
| CN101515319B (en) | Cipher key processing method, cipher key cryptography service system and cipher key consultation method | |
| CN103763356A (en) | Establishment method, device and system for connection of secure sockets layers | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN113746632B (en) | Multi-level identity authentication method for Internet of things system | |
| CN113630248B (en) | Session key negotiation method | |
| KR20200044117A (en) | Digital certificate management method and device | |
| CN105577377A (en) | Identity-based authentication method and identity-based authentication system with secret key negotiation | |
| CN104486087A (en) | Digital signature method based on remote hardware security modules | |
| US7971234B1 (en) | Method and apparatus for offline cryptographic key establishment | |
| CN113676448B (en) | Offline equipment bidirectional authentication method and system based on symmetric key | |
| CN103856463A (en) | Lightweight directory access protocol realizing method and device based on key exchange protocol | |
| GB2543359A (en) | Methods and apparatus for secure communication | |
| CN111245611B (en) | Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment | |
| CN102739660B (en) | Key exchange method for single sign on system | |
| CN113676330B (en) | Digital certificate application system and method based on secondary secret key | |
| CN114866244A (en) | Controllable anonymous authentication method, system and device based on ciphertext block chaining encryption | |
| CN116318637A (en) | Method and system for secure network access communication of equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140611 |