CN104753879B - Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider - Google Patents
Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider Download PDFInfo
- Publication number
- CN104753879B CN104753879B CN201310746278.9A CN201310746278A CN104753879B CN 104753879 B CN104753879 B CN 104753879B CN 201310746278 A CN201310746278 A CN 201310746278A CN 104753879 B CN104753879 B CN 104753879B
- Authority
- CN
- China
- Prior art keywords
- cloud service
- service provider
- terminal
- data
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of method of terminal authentication cloud service provider, comprising: generates predicate evaluation token STK related with terminal according to predicate evaluation functionf;Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes the identity data for indicating the cloud service provider identity;Device related with the cloud service provider is sent by the data packet;At the related device of the cloud service provider, received data packet is parsed according to predicate evaluation anonymity discriminant function, authenticates the cloud service provider according to parsing result.The system of end certification cloud service provider, the method and system and two-way cloud authentication method and system of cloud service certification terminal are also provided.
Description
Technical field
The present invention relates to secure authentication technologies, in particular to cloud identity identifying technology.
Background technique
Existing cloud identity identifying technology mainly uses combined identity certification mechanism, be related to identity provider (IDP) with
Service provider (SP).In this case, multiple SP share an IDP, and in the case where IDP failure, multiple SP be will be unable to
Realize authentication.In addition, if this IDP is under attack, it will result in leaking data even systemic breakdown, lead to huge damage
It loses.
During combined identity certification, usually only focus on how convenient certification of the realization to user identity, this is just used
Family faces the danger such as phishing.
Summary of the invention
In view of this, the present invention provides a kind of method of terminal authentication cloud service provider, comprising: according to predicate evaluation letter
Number generates predicate evaluation token STK related with terminalf;Generating includes the predicate evaluation token STKfWith public key SKpuNumber
According to packet, the data packet further includes the identity data for indicating the cloud service provider identity;By the data packet be sent to
The related device of the cloud service provider;At the related device of the cloud service provider, sentence according to predicate evaluation anonymity
Disconnected function parses received data packet, authenticates the cloud service provider according to parsing result.
The method of terminal authentication cloud service provider according to the present invention, it is preferable that described raw according to predicate evaluation function
At predicate evaluation token STK related with terminalfIt include: to generate a pair of secret keys SPK and SMSK;By the pair of key SPK with
SMSK generates predicate evaluation token STK related with terminal according to predicate evaluation functionf。
According to another aspect of the invention, a kind of method of cloud service provider certification terminal is also provided, comprising: receive
After carrying out the request of self terminal, certification intermediate data is handled with predicate Encryption Algorithm, ciphertext UCT is thus generated and predicate evaluation enables
Board UTKf;By ciphertext UCT and predicate evaluation token UTKf, data SeP and public key AK related with security mechanismpuOne reinstates
The public key SK that cloud service provider providespuGenerate safe active constraint packet SAB;The safe active constraint packet SAB is supplied to
Device related with cloud service provider;The safe active constraint packet is decrypted by the private key that the cloud service provider provides
SAB;Safe active constraint packet SAB after decryption according to including data SeP related with security mechanism carry out safe inspection
It looks into;In the case where safety inspection passes through, ciphertext UCT and predicate evaluation are obtained from the safe active constraint packet SAB of decryption
Token UTKfAnd decrypt UTKf, in decrypted result situation identical with the certification intermediate data, certification passes through.
According to the method for cloud service provider provided by the invention certification terminal, optionally, intermediate data is used in the certification
For the identity data of cloud service provider.
According to the method for cloud service provider provided by the invention certification terminal, optionally, described receive carrys out self terminal
Request after, with predicate Encryption Algorithm handle certification intermediate data, thus generate ciphertext UCT and predicate evaluation token UTKfPacket
It includes: receiving after carrying out the request of self terminal, judge whether the cloud service provider is to authenticate the terminal for the first time;If it is,
The terminal virtual identity is provided, and digital signature is generated based on the virtual identity, meanwhile, by the identity number of the cloud service provider
According to as certification intermediate data, which is handled with predicate Encryption Algorithm, is generated based on the identity data
Ciphertext UCT and predicate evaluation token UTKf;And if it is not, then the identity data according to the cloud service provider is obtained and is somebody's turn to do
The digital signature of terminal handles the digital signature with predicate Encryption Algorithm, thus generates the ciphertext based on the digital signature
UCT and predicate evaluation token UTKf。
Another example according to the present invention also provides a kind of two-way cloud authentication method, is used for terminal and cloud service provider
Mutual authentication, this method comprises:
Terminal authentication cloud service provider, comprising: generate predicate evaluation related with terminal according to predicate evaluation function and enable
Board STKf;Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate it is described
The identity data of cloud service provider identity;Device related with the cloud service provider is sent by the data packet;?
At the related device of the cloud service provider, received data packet is solved according to predicate evaluation anonymity discriminant function
Analysis authenticates the cloud service provider according to parsing result;And
Cloud service provider authenticates terminal, comprising: receives after carrying out the request of self terminal, is handled and recognized with predicate Encryption Algorithm
Card intermediate data, thus generates ciphertext UCT and predicate evaluation token UTKf;By ciphertext UCT and predicate evaluation token UTKf, with
And data SeP related with security mechanism and public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates
Safe active constraint packet SAB;Device related with cloud service provider is sent by the safe active constraint packet SAB;Pass through
The private key that the cloud service provider provides decrypts the safe active constraint packet SAB;Safe active constraint packet SAB after decryption
According to including data SeP related with security mechanism carry out safety inspection;In the case where safety inspection passes through, from solution
The close safe active constraint packet SAB obtains ciphertext UCT and predicate evaluation token UTKfAnd decrypt UTKf, decrypted result with
In the certification identical situation of intermediate data, certification passes through.
Two-way cloud authentication method according to the present invention, it is preferable that described related with terminal according to the generation of predicate evaluation function
Predicate evaluation token STKfIt include: to generate a pair of secret keys SPK and SMSK;By the pair of key SPK and SMSK according to predicate
Valuation functions generate predicate evaluation token STK related with terminalf。
Two-way cloud authentication method according to the present invention, optionally, the certification is cloud service provider with intermediate data
Identity data.
Two-way cloud authentication method according to the present invention, optionally, it is described receive carry out the request of self terminal after, with predicate plus
Close algorithm process certification intermediate data, thus generates ciphertext UCT and predicate evaluation token UTKfIt include: to receive to carry out self terminal
Request after, judge whether the cloud service provider is to authenticate the terminal for the first time;If it is, providing the terminal virtual body
Part, and digital signature is generated based on the virtual identity, meanwhile, it is used using the identity data of the cloud service provider as certification intermediate
Data handle the certification intermediate data with predicate Encryption Algorithm, generate ciphertext UCT and predicate evaluation based on the identity data
Token UTKf;And if it is not, then the identity data according to the cloud service provider obtains the digital signature of the terminal, with
The predicate Encryption Algorithm processing digital signature thus generates ciphertext UCT and predicate evaluation token based on the digital signature
UTKf。
Another example according to the present invention also provides a kind of system of terminal authentication cloud service provider, comprising: number of terminals
According to packet generation module, it is configured to generate predicate evaluation token STK related with terminal according to predicate evaluation functionf, and generate
Including the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes indicating that the cloud service provides
The identity data of person's identity;Sending module is configured to send the data packet;First authentication module is configured to receive institute
The data packet of sending module transmission is stated, and received data packet is parsed according to predicate evaluation anonymity discriminant function, according to
The cloud service provider is authenticated according to parsing result.
The system of terminal authentication cloud service provider according to the present invention, it is preferable that the terminal data packet generation module
Include: key pair generation unit, is used for a pair of secret keys SPK and SMSK;Token generation unit, for by the pair of key SPK
Predicate evaluation token STK related with terminal is generated according to predicate evaluation function with SMSKf;Data package generating unit generates packet
Include predicate evaluation token STKfWith public key SKpuData packet, which further includes indicating the identity of cloud service provider identity
Data.
Another example according to the present invention also provides a kind of system of cloud service provider certification terminal, comprising: at first
Module is managed, after the request that reception carrys out self terminal, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext
UCT and predicate evaluation token UTKf;SAB generation module is used for ciphertext UCT and predicate evaluation token UTKfAnd with safety
Mechanism related data SeP and public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safety actively
Constraint packet SAB, and device related with cloud service provider is sent by the safe active constraint packet SAB;Deciphering module is used
In decrypting the safe active constraint packet SAB by private key, wherein safe active constraint packet SAB after decryption is according to wherein wrapping
The data SeP related with security mechanism included carries out safety inspection;Second processing module, the case where safety inspection passes through
Under, ciphertext UCT and predicate evaluation token UTK is obtained from the safe active constraint packet SAB of decryptionfAnd decrypt UTKf, and will solution
Close result is compared with the certification with intermediate data, if comparison result is identical, certification passes through.
The system of exemplary cloud service provider certification terminal according to the present invention, optionally, intermediate data is used in the certification
For the identity data of cloud service provider.
The system of exemplary cloud service provider certification terminal according to the present invention, optionally, the first processing module packet
Include: judging unit is used for after receiving and carrying out the request of self terminal, judges whether the cloud service provider is to authenticate for the first time
The terminal;First processing units, are used in the case where the result of judging unit, which is, is, provide virtual identity to the terminal,
And digital signature is generated based on the virtual identity, meanwhile, it is handled with predicate Encryption Algorithm and is taken for the first time to the cloud in the terminal
Identity data when business supplier makes requests as the ISP of certification intermediate data, thus generates based on institute
State the ciphertext UCT and predicate evaluation token UTK of identity dataf;And the second processing unit, be used for be in the result of judging unit
In the case of no, the identity data according to the cloud service provider obtains the digital signature of the terminal, is encrypted and is calculated with predicate
The method processing digital signature thus generates ciphertext UCT and predicate evaluation token UTK based on the digital signaturef。
Another example according to the present invention also provides a kind of two-way cloud Verification System, is used for terminal and cloud service provider
Mutual authentication, the two-way cloud Verification System includes:
The system of terminal authentication cloud service provider comprising: terminal data packet generation module is configured to according to predicate
Valuation functions generate predicate evaluation token STK related with terminalf, and generating includes the predicate evaluation token STKfWith public key
SKpuData packet, the data packet further includes the identity data for indicating the cloud service provider identity;Sending module is matched
It is set to and sends the data packet;First authentication module, is configured to receive the data packet that the sending module is sent, and to being connect
The data packet of receipts is parsed, and authenticates the cloud service provider according to parsing result;And
The system of cloud service provider certification terminal comprising: first processing module carrys out asking for self terminal receiving
After asking, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKf;SAB is raw
At module, it is used for ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism and public key
AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safe active constraint packet SAB, and about by the safety active
Beam packet SAB is sent to device related with cloud service provider;Deciphering module is used to decrypt the safety by private key actively
Constraint packet SAB, wherein safe active constraint packet SAB after decryption according to including data SeP related with security mechanism
Carry out safety inspection;Second processing module, in the case where safety inspection passes through, from the safe active constraint packet of decryption
SAB obtains ciphertext UCT and predicate evaluation token UTKfAnd decrypt UTKf, and by decrypted result and the certification intermediate data into
Row compares, if comparison result is identical, certification passes through.
The two-way cloud Verification System, it is preferable that the terminal data packet generation module includes: key pair generation unit, is used
In a pair of secret keys SPK and SMSK;Token generation unit, for by the pair of key SPK and SMSK foundation predicate evaluation function
Generate predicate evaluation token STK related with terminalf;Data package generating unit, generating includes predicate evaluation token STKfWith public key
SKpuData packet, which further includes the identity data for indicating cloud service provider identity.
The two-way cloud Verification System, optionally, the certification are the identity data of cloud service provider with intermediate data.
The two-way cloud Verification System, optionally, the first processing module includes: judging unit, is used to receive
After carrying out the request of self terminal, judge whether the cloud service provider is to authenticate the terminal for the first time;First processing units are used for
In the case where the result of judging unit, which is, is, virtual identity is provided to the terminal, and number label are generated based on the virtual identity
Name, meanwhile, using the identity data of the cloud service provider as certification intermediate data, which is handled with predicate Encryption Algorithm
With intermediate data, ciphertext UCT and predicate evaluation token UTK based on the identity data are generatedf;And the second processing unit, it uses
The result in judging unit is that no, the identity data according to the cloud service provider obtains the number of the terminal
Word signature handles the digital signature with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate based on the digital signature
Assess token UTKf。
Detailed description of the invention
Fig. 1 is the flow chart of the method for exemplary terminal authentication cloud service provider according to the present invention.
Fig. 2 is the flow chart of the method for an exemplary cloud service provider certification terminal according to the present invention.
Fig. 3 is the flow chart of the method for another exemplary cloud service provider certification terminal according to the present invention.
Fig. 4 is the structural block diagram of the system of exemplary terminal authentication cloud service provider according to the present invention.
Fig. 5 is the structural block diagram of the system of an exemplary cloud service provider certification terminal according to the present invention.
Fig. 6 is the structural block diagram of the system of another exemplary cloud service provider certification terminal according to the present invention.
Fig. 7 is the structural schematic diagram of exemplary two-way cloud Verification System according to the present invention.
Specific embodiment
Schematic example of the invention is described referring now to attached drawing, identical drawing reference numeral indicates identical element.Hereafter
Each embodiment of description facilitates those skilled in the art and understands thoroughly the present invention, and is intended to example rather than limits.Unless otherwise
It limits, term (including science, technology and industry slang) used herein has general with those skilled in the art in the invention
All over the identical meaning of meaning understood.
Fig. 1 is the flow chart of the method for exemplary terminal authentication cloud service provider according to the present invention.Of the invention
In all examples, the equipment that terminal can be any accessible cloud service network, such as desktop computer, notebook and hand-held electricity
Sub- equipment (such as smart phone, tablet computer etc.), server can be in the case where server includes multiple independent mainboards
Any independent mainboard etc..Cloud service provider can be the cloud service application operated in cloud device, is also possible to cloud and sets
It is standby.
In step 100, predicate evaluation token STK related with terminal is generated according to predicate evaluation functionf.As an example,
Generate a pair of secret keys SPK and SMSK;Predicate evaluation token is generated according to predicate evaluation function to key SPK and SMSK by this
STKf, it is used for anonymous authentication.Predicate encryption (Predicate Encryption) technology is the more mature routine of a development
Technology, predicate evaluation function employed in the present invention can be known to the skilled in the art any for generating assessment
The predicate evaluation function of token, here, it is noted that selected predicate evaluation function has a predicate corresponding thereto
Assess anonymous discriminant function.
In step 102, it includes predicate evaluation token STK that terminal, which generates,fWith public key SKpuData packet, which also wraps
Include the identity data for indicating cloud service provider identity.Then, it in step 104, sends the packet to and is provided with cloud service
The related device of person.Device related with cloud service provider can be the equipment where cloud service provider, be also possible to solely
The equipment stood on where cloud service person but the equipment that can be communicated with the equipment where the cloud service provider.
In step 106, at the related device of the cloud service provider, according to predicate evaluation anonymity discriminant function to being connect
The data packet of receipts is parsed, and authenticates the cloud service provider according to parsing result.The predicate evaluation anonymity discriminant function with
Aforementioned predicate evaluation function is mutual corresponding function;Also, if the parsing result of predicate evaluation anonymity discriminant function be it is true,
Then cloud service provider by certification, it is on the contrary then not over certification.
Example according to the present invention, step 100,102 and 104 can be executed by terminal respectively, or alternatively, can also be by
It is executed independently of the equipment of terminal, only the equipment should be able to be communicated with terminal, that is, the equipment can receive recognizing for terminal transmission
The request of cloud service provider is demonstrate,proved, and feeds back authentication result to terminal.Device related with cloud service provider is that cloud service mentions
When equipment where donor, step 106 is executed in the equipment where cloud service provider, device related with cloud service provider
When the equipment being independently of where cloud service person but the equipment that can be communicated with, step 106 at this independently of cloud service person where
Equipment execute.
The method of terminal authentication cloud service provider shown in FIG. 1 can realize the knot for software, hardware or software and hardware
It closes.No matter the combination of software, hardware or software and hardware is implemented as, as described above, part steps (such as step in method
100, it 102 and 104) executes in terminal or by independently of terminal but the equipment that can communicate with terminal executes, and partially (such as step
106) it executes in the equipment where cloud service provider or is executed in the equipment that can be communicated with the equipment where cloud service provider.
Fig. 2 is the flow chart of the method for an exemplary cloud service provider certification terminal according to the present invention.In step
200, it receives after carrying out the certification request of self terminal, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext
UCT and predicate evaluation token UTKf.In this example, certification can be the identity data of cloud service provider with intermediate data.
Will be in another example described in conjunction with Figure 3, the certification number that intermediate data is for user terminal virtual identity
Signature.Step 200 can execute in the equipment where cloud service provider;It can also be set where independently of cloud service provider
It is executed in the standby but equipment that can communicate with.
In the illustrated example shown in fig. 2, ciphertext UCT and predicate evaluation token UTK is generatedfAfterwards, in step 202, by ciphertext UCT
With predicate evaluation token UTKf, data SeP and public key AK related with security mechanismpuOne reinstates cloud service provider offer
Public key SKpuEncryption generates safe active constraint packet SAB.Data SeP related with security mechanism indicates that SAB will be in decrypting process
The safety inspection of middle progress, for example, self integrity checking and self integrity checking not in the case where whether want
Execute self destruction mechanism of self destruction.In addition, generally all being wrapped in SAB data packet to execute subsequent security inspection
It includes at least executable SAB security inspection and the virtual machine of self destruction can be performed in the case where checking unacceptable situation, in this example
SAB be include such virtual machine.Step 202 can execute in the equipment where cloud service provider;It can also be in independence
It executes, is carried out with equipment where cloud service provider logical in equipment but the equipment that can be communicated with where cloud service provider
Letter is intended to that cloud service provider is made to know authentication result.Step 202 can be executed by same equipment with step 200 and also be set by difference
It is standby to execute.
In step 204, the safe active constraint packet SAB is supplied to device related with cloud service provider.Herein
Device related with cloud service provider refers to the device of subsequent execution decrypting process, and the device of subsequent execution decrypting process can
To be arranged in the equipment where cloud service provider, may also be arranged in other equipment.
In step 206, at device related with cloud service provider, decrypted by the private key that cloud service provider provides
The safe active constraint packet SAB.Then the safe active constraint packet SAB after step 208, decryption according to including with
The related data SeP of security mechanism, the virtual machine as included by SAB carry out safety inspection.Here, the safety inspection is that self is complete
Whole property inspection, i.e. SAB check whether the data packet after its decryption is complete.In the case where safety inspection passes through, step is executed
210, ciphertext UCT and predicate evaluation token UTK is obtained from the safe active constraint packet SAB of decryptionf, and decrypt UTKfTo obtain
Decrypted result is obtained, by decrypted result compared with the identity data of cloud service provider, if identical, by certification, otherwise, not
By certification, the communication between terminal is terminated.Here, self integrity checking of SAB not in the case where, this example
Middle virtual machine self can destroy SAB.Step 208,210 can be executed with step 206 in same device, and but not limited to this,
With step 206 in the case where same device executes, which can be supplied to last authentication result cloud clothes for step 208,210
Be engaged in supplier.
In addition, in this example and the example provided below in conjunction with Fig. 3, optionally, the safety authenticated in order to further increase
Property, it may also include when generating SAB data packet and be related to the attribute information of terminal sensitive information, specifically need which kind of attribute information
Including that can be determined according to the requirement of cloud service provider into the SAB data packet, and the requirement for example can be by cloud service provider
Device, equipment or the module for generating SAB are informed before the generation of SAB data packet, are collected by it and are handled.Category is contained in SAB
Property information in the case where, SAB decryption after, obtain the attribute public key AK of terminalPU, and attribute information is unlocked using the public key, by
This, then further can verify that attribute information.In this case, only attribute information be proved to be successful and as Fig. 2 step 210
And in the case that the certification in the step 312 of Fig. 3 passes through, cloud service provider passes through the certification of terminal.
The method of cloud service provider certification terminal shown in Fig. 2 can realize the knot for software, hardware or software and hardware
It closes.
Fig. 3 is the flow chart of the method for another exemplary cloud service provider certification terminal according to the present invention, is shown at this
Example in, certification with intermediate data the cloud service provider for the first time certification terminal when be cloud service provider identity data,
And in any other certification, then it is the digital signature for user terminal virtual identity.In step 300, receives and
After the certification request of self terminal, judge the cloud service provider whether be for the first time the terminal is authenticated, if it is, into
To step 302a.In step 302a, virtual identity VID is provided to the terminal, and digital signature Sg is generated based on the virtual identity
(VID), meanwhile, using the identity data of the cloud service provider as the certification intermediate data of first time certification, with predicate
Encryption Algorithm handles the certification intermediate data, thus generates ciphertext UCT and predicate evaluation token based on the identity data
UTKf;In addition, in this step, VID and Sg(VID) it will all be stored, it is as follows to make referrals to, in the cloud service provider
When authenticating the terminal later, all it regard the digital signature Sg(VID) as certification intermediate data.Step 302a can be mentioned in cloud service
It is executed in equipment where donor;It can also be held in equipment but the equipment that can be communicated with where independently of cloud service provider
Row.
If in step 300, received after carrying out the certification request of self terminal, judging the cloud service provider not is for the first time
The terminal is authenticated, then proceeds to step 302b.Due to the cloud service provider for the first time authenticate the terminal when, stored VID and
Sg(VID), therefore in step 302b, using the identity data of cloud service provider as index, the VID of the terminal is found, into
And find the Sg(VID), using the processing of predicate Encryption Algorithm as the Sg(VID of certification intermediate data), and then generates and be based on institute
State the ciphertext UCT and predicate evaluation token UTK of digital signaturef.As strength, executing step 302a and step 302b can be same
Equipment executes.
In step 304, by ciphertext UCT and predicate evaluation token UTKf, related with security mechanism data SeP, Yi Jigong
Key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption, generates safe active constraint packet SAB.It is formed with safe machine
The data SeP of pass indicates the type for the safety inspection that SAB is carried out in decrypting process, for example, self integrity checking and from
Whether my integrity checking will carry out self destruction mechanism of self destruction in the case where.In addition, subsequent to execute
Security inspection, include at least executable SAB security inspection and in the case where checking unacceptable situation in general SAB data packet
The virtual machine of self destruction can be performed, SAB includes such virtual machine in this example.
In step 306, the safe active constraint packet SAB is supplied to device related with cloud service provider.Herein
Device related with cloud service provider refers to the device of subsequent execution decrypting process, and the device of subsequent execution decrypting process can
To be arranged in the equipment where cloud service provider, may also be arranged in other equipment.
In step 308, at device related with cloud service provider, decrypted by the private key that cloud service provider provides
The safe active constraint packet SAB.Then the safe active constraint packet SAB after step 310, decryption according to including with
The related data SeP of security mechanism, the virtual machine as included by SAB carry out safety inspection.Here, the safety inspection is that self is complete
Whole property inspection, i.e. SAB check whether the data packet after its decryption is complete.In the case where safety inspection passes through, step is executed
312, ciphertext UCT and predicate evaluation token UTK is obtained from the safe active constraint packet SAB of decryptionf, and decrypt UTKfTo obtain
Decrypted result is obtained, here, if ciphertext UCT and predicate evaluation token UTKfIt is to be generated in step 302a, then by decrypted result
Compared with the identity data of cloud service provider, if identical, by certification, it is otherwise, unauthenticated, terminate with terminal it
Between communication;If ciphertext UCT and predicate evaluation token UTKfIt is to be generated in step 302b, then signs decrypted result and number
Name Sg (VID) compares, otherwise, unauthenticated by certification if identical, terminates the communication between terminal.
It is similar with the example of Fig. 2, in this example, self integrity checking of SAB not in the case where, virtual machine meeting
SAB self is destroyed.
According to the present invention, a kind of two-way cloud authentication method is also provided, this method is used between terminal and ISP
Mutual authentication.In the certification, the process of terminal authentication cloud service provider is identical as method exemplified by Fig. 1, shown in Fig. 1
Terminal the certification of cloud service provider is passed through after, then carry out certification of the cloud service provider to terminal, and cloud service mentions
Donor the verification process of terminal can be used method as shown in Figure 2, and method as shown in Figure 3 can also be used.Either which
Kind, in the case where final cloud service provider passes through terminal authentication, that is, complete the mutual of cloud service provider and terminal
Certification.Alternatively, certification of the cloud service provider to terminal can also be carried out first, then is passed through and then carried out terminal to cloud
The certification of ISP.In view of above have been combined Fig. 1, Fig. 2 and Fig. 3 describe terminal authentication cloud service provider with
And the process of cloud service provider, the two-way cloud authentication method based on them is just not described in detail herein.
Fig. 4 is the structural block diagram of the system of exemplary terminal authentication cloud service provider according to the present invention.As shown, should
The system of terminal authentication cloud service provider includes terminal data packet generation module 40, sending module 42 and the first certification mould
Block 44.Terminal data packet generation module 40 is configured to generate predicate evaluation token related with terminal according to predicate evaluation function
STKf, and generating includes predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate cloud service provide
The identity data of person's identity.As a specific example, terminal data packet generation module 40 includes key pair generation unit 400, is set
It is set to and generates a pair of secret keys SPK and SMSK;Token generation unit 402 is used for by the pair of key SPK and SMSK according to meaning
Word valuation functions generate predicate evaluation token STK related with terminalf;And data package generating unit 404, it is arranged to give birth to
At including predicate evaluation token STKfWith public key SKpuData packet, which further includes indicating cloud service provider identity
Identity data.The data packet of generation is sent to the first authentication module 44 by sending module 42.As an example, terminal data packet generates
Module 40 and sending module all may be provided at terminal, may also be arranged on independently of terminal but in the related equipment of the terminal,
The equipment independently of terminal can at least be communicated with the terminal, that is, receive the request of terminal authentication cloud service provider, and be fed back
Authentication result is to terminal.First authentication module 44 solves received data packet according to predicate evaluation anonymity discriminant function
Whether legal analysis authenticates the cloud service provider according to parsing result.Wherein, predicate evaluation anonymity discriminant function and predicate evaluation
Function is mutual corresponding function.If the solution that the first authentication module 44 is carried out based on predicate evaluation anonymity discriminant function
Analysis, as a result very, then cloud service provider is by certification, conversely, cloud service provider is not over certification.First certification mould
Block 44 can be set to may also be arranged in the equipment where cloud service provider to be joined with the device-dependent where cloud service provider
Equipment, which can be sent to authentication result the cloud service provider.
The system of terminal authentication cloud service provider shown in Fig. 4 can realize the knot for software, hardware or software and hardware
It closes.No matter the combination of software, hardware or software and hardware is implemented as, and the system is as described above, can be by a part of (such as terminal
Data packet generation module 40 and sending module 42) terminal is set or the equipment independently of terminal is set, another part (such as the
One authentication module 44) equipment where cloud service provider is set or can be set with what the equipment where cloud service provider communicated
It is standby.
Fig. 5 is the structural block diagram of the system of another exemplary cloud service provider certification terminal according to the present invention.Such as figure
Shown, the system of cloud service provider certification terminal includes first processing module 50, SAB generation module 52, deciphering module 54,
Second processing module 56.First processing module 50 is handled with predicate Encryption Algorithm and is authenticated after receiving and carrying out the request of self terminal
With intermediate data, ciphertext UCT and predicate evaluation token UTK are thus generatedf.In this example, certification is cloud service with intermediate data
The identity data of supplier.First processing module 50 may be provided at the equipment where cloud service provider, can also be arranged in only
In equipment where standing on cloud service provider but the equipment that can be communicated with.SAB generation module 52 is by ciphertext UCT and predicate evaluation
Token UTKf, data SeP related with security mechanism and public key AKpuOne reinstates the public key SK of cloud service provider offerpu
Encryption generates safe active constraint packet SAB, and the SAB is sent to device related with cloud service provider.With security mechanism
Related data SeP indicates the type for the safety inspection that SAB is carried out in decrypting process, for example, self integrity checking and
Self the destruction mechanism whether self integrity checking wants self to destroy in the case where.In addition, subsequent to execute
Security inspection generally includes at least executable SAB security inspection all in SAB data packet and is checking unacceptable situation
The virtual machine of self destruction can be performed down, the SAB in this example includes such virtual machine.SAB generation module 52 can with first at
Module 50 is managed to be arranged in same equipment.Deciphering module 54 decrypts the safety actively by the private key that cloud service provider provides
Constraint packet SAB, and make decryption after safe active constraint packet SAB according to including data related with security mechanism carry out
Safety inspection;Specifically, decryption after safe active constraint packet SAB according to including data related with security mechanism
SeP, the virtual machine as included by SAB carry out safety inspection.Here, the safety inspection is self integrity checking, i.e. SAB is checked
Whether the data packet after it is decrypted is complete.Second processing module 56 obtains ciphertext UCT from the safe active constraint packet SAB of decryption
With predicate evaluation token UTKf, and decrypt UTKfTo obtain decrypted result, by decrypted result and the identity data of cloud service ratio
Compared with, it is otherwise, unauthenticated by certification if identical, terminate the communication between terminal.Here, SAB self
Integrity checking is in the case where, and virtual machine self can destroy SAB in this example.
Fig. 6 is the structural block diagram of the system of another exemplary cloud service provider certification terminal according to the present invention.According to
The example, the system which authenticates terminal includes first processing module 60, SAB generation module 62, deciphering module
64, Second processing module 66.First processing module 60 includes judging unit 600, first processing units 602 and the second processing unit
604.Judging unit 600 is used for after receiving and carrying out the request of self terminal, judges whether cloud service provider is to authenticate for the first time
The terminal, first processing units 602 provide virtual identity in the case where the result of judging unit 600, which is, is, to the terminal, and
Digital signature Sg(VID is generated based on the virtual identity), meanwhile, for the first time using the identity data of the cloud service provider as this
The certification intermediate data of certification handles the certification intermediate data with predicate Encryption Algorithm, thus generates based on the identity
The ciphertext UCT and predicate evaluation token UTK of dataf;In addition, VID and Sg(VID) it will all be stored, it is as follows to make referrals to,
When authenticating the terminal after the cloud service provider, all it regard the digital signature Sg(VID) as certification intermediate data.Second
Processing unit 604 be used in the case that judging unit result be no, using the identity data of the cloud service provider as
Index, finds the VID of the terminal, and then find the Sg(VID), thus using the processing of predicate Encryption Algorithm as certification mediant
According to Sg(VID), generate ciphertext UCT based on the digital signature and predicate evaluation token UTKf。
SAB generation module 62 by ciphertext UCT and predicate evaluation token UTKf, data SeP related with security mechanism and
Public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safe active constraint packet SAB, and the SAB is sent out
Give cloud service provider.Data SeP related with security mechanism indicates the kind for the safety inspection that SAB is carried out in decrypting process
Class, for example, self integrity checking and self integrity checking not in the case where whether want self destroy self
Destruction mechanism.In addition, generally again including at least executable SAB peace all in SAB data packet to execute subsequent security inspection
Full property inspection and the virtual machine that self destruction can be performed in the case where checking unacceptable situation, the SAB in this example includes such void
Quasi- machine.SAB generation module 62 can be arranged in same equipment with first processing module 60.Deciphering module 64 is provided by cloud service
The private key that person provides decrypts the safe active constraint packet SAB, and makes the safe active constraint packet SAB after decryption according to wherein
Including data related with security mechanism carry out safety inspection;Specifically, decryption after safe active constraint packet SAB according to
Including data SeP related with security mechanism, the virtual machine as included by SAB carry out safety inspection.Here, the safety
Inspection is self integrity checking, i.e. SAB checks whether the data packet after its decryption is complete.Second processing module 66 is from decryption
Ciphertext UCT and predicate evaluation token UTK is obtained in safe active constraint packet SABf, and decrypt UTKfTo obtain decrypted result.?
Ciphertext UCT and predicate evaluation token UTKfIn the case where being generated by first processing units 602, Second processing module 66 ties decryption
Fruit is compared with the identity data of cloud service provider, otherwise, unauthenticated by certification if identical, termination and terminal
Between communication;In ciphertext UCT and predicate evaluation token UTKfIn the case where being generated by the second processing unit 604, second processing
Decrypted result compared with digital signature, if identical, is passed through certification, otherwise, unauthenticated, termination and terminal by module 66
Between communication.Here, self integrity checking of SAB not in the case where, in this example virtual machine can by SAB self
It destroys.
The present invention also provides a kind of two-way cloud Verification Systems, for the mutual authentication between terminal and cloud service provider.
Fig. 7 is the schematic block diagram of two-way cloud Verification System according to the present invention.The two-way cloud Verification System includes terminal authentication cloud service
The system 7b of system 7a and cloud service provider the certification terminal of supplier.The system 7a of terminal authentication cloud service provider with
The system of terminal authentication cloud service provider shown in Fig. 4 is identical, repeats no more.An example according to the invention, cloud service
The system that cloud service provider certification terminal shown in fig. 5 can be used in the system 7b that supplier authenticates terminal, is not described in detail.
Another example according to the invention, the system 7b of cloud service provider certification terminal also can be used cloud service shown in fig. 6 and mention
The system of donor certification terminal.In general it is provided in the authentication result cloud service of the system 7a of terminal authentication cloud service provider
In the case that person is by certification, then cloud service provider is carried out by the system 7b of cloud service provider certification terminal, terminal is recognized
Card.But it can also be after the system 7b of cloud service provider certification terminal has carried out cloud service provider to the certification of terminal,
Certification of the terminal to cloud service person is carried out by the system 7a of terminal authentication cloud service provider.
Using system as described in the present invention or method as described in the present invention is executed, there was only cloud not as routine techniques
Certification of the ISP to terminal, and make cloud service provider and terminal that can realize two-way authentication, thus avoid network fishing
The generation of fish such case.In verification process, the use of predicate evaluation, SAB technology and self destruction mechanism is effectively prevented
Data theft.Public key encryption is used in verification process, so that Small Integer Attack can not prove effective.In addition, predicate encryption, virtual account number
Using also ensuring anonymity, it is therefore prevented that the tracking that service provider or attacker access user also prevents multiple services and provides
Quotient steals the generation of information of terminal user such case by combining decryption.In the technical solution provided by the present invention, Yong Huyu
Cloud provider is directly authenticated, without third party, this avoids cloud service provider to a certain identity provider with
Come, the extension and resource for being conducive to cloud service provider are mutually enjoyed.
Claims (18)
1. a kind of method of terminal authentication cloud service provider, which is characterized in that the described method includes:
Predicate evaluation token STK related with terminal is generated according to predicate evaluation functionf;
Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes indicating the cloud
The identity data of ISP's identity;
Device related with the cloud service provider is sent by the data packet;
At the related device of the cloud service provider, according to predicate evaluation anonymity discriminant function to received data packet into
Row parsing authenticates the cloud service provider according to parsing result.
2. the method for terminal authentication cloud service provider as described in claim 1, which is characterized in that described according to predicate evaluation
Function generates predicate evaluation token STK related with terminalfInclude:
Generate a pair of secret keys SPK and SMSK;
Predicate evaluation token STK related with terminal is generated according to predicate evaluation function with SMSK by the pair of key SPKf。
3. a kind of method of cloud service provider certification terminal, which is characterized in that the described method includes:
Receive after carrying out the request of self terminal, with predicate Encryption Algorithm handle certification intermediate data, thus generate ciphertext UCT with
Predicate evaluation token UTKf;
By ciphertext UCT and predicate evaluation token UTKf, data SeP and public key AK related with security mechanismpuOne reinstates cloud clothes
The public key SK that business supplier providespuGenerate safe active constraint packet SAB;
The safe active constraint packet SAB is supplied to device related with cloud service provider;
The safe active constraint packet SAB is decrypted by the private key that the cloud service provider provides;
Safe active constraint packet SAB after decryption according to including data SeP related with security mechanism carry out safe inspection
It looks into;
In the case where safety inspection passes through, ciphertext UCT and predicate evaluation are obtained from the safe active constraint packet SAB of decryption
Token UTKfAnd decrypt UTKf, in decrypted result situation identical with the certification data, certification passes through.
4. the method for cloud service provider certification terminal as claimed in claim 3, which is characterized in that mediant is used in the certification
According to the identity data for cloud service provider.
5. the method for cloud service provider certification terminal as claimed in claim 3, which is characterized in that described to receive from eventually
After the request at end, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKf
Include:
It receives after carrying out the request of self terminal, judges whether the terminal is to make requests for the first time to the cloud service provider;
If it is, providing the terminal virtual identity, and digital signature is generated based on the virtual identity, meanwhile, it is encrypted with predicate
The clothes of the algorithm process when the terminal makes requests to the cloud service provider for the first time as certification intermediate data
Business device identity data thus generates ciphertext UCT and predicate evaluation token UTK based on the identity dataf;Wherein, the terminal
When making requests from for the second time to the cloud service provider, which will be used as certification intermediate data;And
If it is not, then the identity data according to the cloud service provider is obtained in the terminal for the first time to the cloud service
The digital signature generated when supplier makes requests handles the digital signature with predicate Encryption Algorithm, thus generates based on institute
State the ciphertext UCT and predicate evaluation token UTK of digital signaturef。
6. a kind of two-way cloud authentication method, the mutual authentication for terminal and cloud service provider, which comprises
Terminal authentication cloud service provider, comprising:
Predicate evaluation token STK related with terminal is generated according to predicate evaluation functionf;
Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes indicating the cloud
The identity data of ISP's identity;
Device related with the cloud service provider is sent by the data packet;
At the related device of the cloud service provider, according to predicate evaluation anonymity discriminant function to received data packet into
Row parsing authenticates the cloud service provider according to parsing result;And
Cloud service provider authenticates terminal, comprising:
Receive after carrying out the request of self terminal, with predicate Encryption Algorithm handle certification intermediate data, thus generate ciphertext UCT with
Predicate evaluation token UTKf;
By ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism and public key AKpuOne reinstates
The public key SK that cloud service provider providespuGenerate safe active constraint packet SAB;
Device related with cloud service provider is sent by the safe active constraint packet SAB;
The safe active constraint packet SAB is decrypted by the private key that the cloud service provider provides;
Safe active constraint packet SAB after decryption according to including data SeP related with security mechanism carry out safe inspection
It looks into;
In the case where safety inspection passes through, ciphertext UCT and predicate evaluation are obtained from the safe active constraint packet SAB of decryption
Token UTKfAnd decrypt UTKf, in decrypted result situation identical with the certification data, certification passes through.
7. two-way cloud authentication method as claimed in claim 6, which is characterized in that described according to the generation of predicate evaluation function and whole
Hold related predicate evaluation token STKfInclude:
Generate a pair of secret keys SPK and SMSK;
Predicate evaluation token STK related with terminal is generated according to predicate evaluation function with SMSK by the pair of key SPKf。
8. two-way cloud authentication method as claimed in claim 6, which is characterized in that the certification is that cloud service mentions with intermediate data
The identity data of donor.
9. two-way cloud authentication method as claimed in claim 6, which is characterized in that it is described receive carry out the request of self terminal after,
Certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKfInclude:
It receives after carrying out the request of self terminal, judges whether the terminal is to make requests for the first time to the cloud service provider;
If it is, providing the terminal virtual identity, and digital signature is generated based on the virtual identity, meanwhile, it is encrypted with predicate
The clothes of the algorithm process when the terminal makes requests to the cloud service provider for the first time as certification intermediate data
Business device identity data thus generates ciphertext UCT and predicate evaluation token UTK based on the identity dataf;Wherein, the terminal
When making requests from for the second time to the cloud service provider, which will be used as certification intermediate data;And
If it is not, then the identity data according to the cloud service provider is obtained in the terminal for the first time to the cloud service
The digital signature generated when supplier makes requests handles the digital signature with predicate Encryption Algorithm, thus generates based on institute
State the ciphertext UCT and predicate evaluation token UTK of digital signaturef。
10. a kind of system of terminal authentication cloud service provider, which is characterized in that the system comprises:
Terminal data packet generation module is configured to generate predicate evaluation token related with terminal according to predicate evaluation function
STKf, and generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate it is described
The identity data of cloud service provider identity;
Sending module is configured to send the data packet;
First authentication module is configured to receive the data packet that the sending module is sent, and judges according to predicate evaluation anonymity
Function parses received data packet, authenticates the cloud service provider according to parsing result.
11. the system of terminal authentication cloud service provider as claimed in claim 10, which is characterized in that the terminal data packet
Generation module includes:
Key pair generation unit is used for a pair of secret keys SPK and SMSK;
Token generation unit, it is related with terminal for being generated with SMSK according to predicate evaluation function by the pair of key SPK
Predicate evaluation token STKf;
Data package generating unit, generating includes predicate evaluation token STKfWith public key SKpuData packet, the data packet further include refer to
The identity data of bright cloud service provider identity.
12. a kind of system of cloud service provider certification terminal, which is characterized in that the system comprises:
First processing module handles certification intermediate data after the request that reception carrys out self terminal with predicate Encryption Algorithm, by
This generates ciphertext UCT and predicate evaluation token UTKf;
SAB generation module is used for ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism,
And public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safe active constraint packet SAB, and by the peace
Full active constraint packet SAB is sent to device related with cloud service provider;
Deciphering module is used to decrypt the safe active constraint packet SAB by private key, wherein the safety active after decryption is about
Beam packet SAB according to including data SeP related with security mechanism carry out safety inspection;
Second processing module obtains close in the case where safety inspection passes through from the safe active constraint packet SAB of decryption
Literary UCT and predicate evaluation token UTKfAnd decrypt UTKf, and decrypted result is compared with the certification with data, if than
Identical compared with result, then certification passes through.
13. the system of cloud service provider certification terminal as claimed in claim 12, which is characterized in that certification centre
Data are the identity data of cloud service provider.
14. the system of cloud service provider certification terminal as claimed in claim 12, which is characterized in that the first processing mould
Block includes:
Judging unit is used for after receiving and carrying out the request of self terminal, judges whether the terminal is to take for the first time to the cloud
Business supplier makes requests;
First processing units are used in the case where the result of judging unit, which is, is, provide virtual identity, and base to the terminal
Digital signature is generated in the virtual identity, meanwhile, it is handled with predicate Encryption Algorithm and is mentioned for the first time to the cloud service in the terminal
As the server identity data of certification intermediate data when donor makes requests, thus generate based on the identity data
Ciphertext UCT and predicate evaluation token UTKf;Wherein, when which makes requests from for the second time to the cloud service provider,
The digital signature will be used as certification intermediate data;And
The second processing unit is used for when the result of judging unit is that no, according to the cloud service provider
Identity data, which is obtained, is generated as digital signature when the terminal makes requests to the cloud service provider for the first time, with
The predicate Encryption Algorithm processing digital signature thus generates ciphertext UCT and predicate evaluation token based on the digital signature
UTKf。
15. a kind of two-way cloud Verification System, for the mutual authentication of terminal and cloud service provider, the two-way cloud Verification System
Include:
The system of terminal authentication cloud service provider comprising:
Terminal data packet generation module is configured to generate predicate evaluation token related with terminal according to predicate evaluation function
STKf, and generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate it is described
The identity data of cloud service provider identity;
Sending module is configured to send the data packet;
First authentication module is configured to receive the data packet that the sending module is sent, and carries out to received data packet
Parsing authenticates the cloud service provider according to parsing result;And
The system of cloud service provider certification terminal comprising:
First processing module handles certification intermediate data after the request that reception carrys out self terminal with predicate Encryption Algorithm, by
This generates ciphertext UCT and predicate evaluation token UTKf;
SAB generation module is used for ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism,
And public key AKpuOne reinstates the public key SK of cloud service provider offerpuSafe active constraint packet SAB is generated, and this is main safely
Moving constraint packet SAB is sent to device related with cloud service provider;
Deciphering module is used to decrypt the safe active constraint packet SAB by private key, wherein the safety active after decryption is about
Beam packet SAB according to including data SeP related with security mechanism carry out safety inspection;
Second processing module obtains close in the case where safety inspection passes through from the safe active constraint packet SAB of decryption
Literary UCT and predicate evaluation token UTKfAnd decrypt UTKf, and decrypted result is compared with the certification with data, if than
Identical compared with result, then certification passes through.
16. two-way cloud Verification System as claimed in claim 15, which is characterized in that the terminal data packet generation module packet
It includes:
Key pair generation unit is used for a pair of secret keys SPK and SMSK;
Token generation unit, it is related with terminal for being generated with SMSK according to predicate evaluation function by the pair of key SPK
Predicate evaluation token STKf;
Data package generating unit, generating includes predicate evaluation token STKfWith public key SKpuData packet, the data packet further include refer to
The identity data of bright cloud service provider identity.
17. two-way cloud Verification System as claimed in claim 15, which is characterized in that the certification is cloud service with intermediate data
The identity data of supplier.
18. two-way cloud Verification System as claimed in claim 15, which is characterized in that the first processing module includes:
Judging unit is used for after receiving and carrying out the request of self terminal, judges whether the terminal is to take for the first time to the cloud
Business supplier makes requests;
First processing units are used in the case where the result of judging unit, which is, is, provide virtual identity, and base to the terminal
Digital signature is generated in the virtual identity, meanwhile, it is handled with predicate Encryption Algorithm and is mentioned for the first time to the cloud service in the terminal
As the server identity data of certification intermediate data when donor makes requests, thus generate based on the identity data
Ciphertext UCT and predicate evaluation token UTKf;Wherein, when which makes requests from for the second time to the cloud service provider,
The digital signature will be used as certification intermediate data;And
The second processing unit is used for when the result of judging unit is that no, according to the cloud service provider
Identity data, which is obtained, is generated as digital signature when the terminal makes requests to the cloud service provider for the first time, with
The predicate Encryption Algorithm processing digital signature thus generates ciphertext UCT and predicate evaluation token based on the digital signature
UTKf。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310746278.9A CN104753879B (en) | 2013-12-30 | 2013-12-30 | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310746278.9A CN104753879B (en) | 2013-12-30 | 2013-12-30 | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104753879A CN104753879A (en) | 2015-07-01 |
CN104753879B true CN104753879B (en) | 2019-03-15 |
Family
ID=53592997
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310746278.9A Active CN104753879B (en) | 2013-12-30 | 2013-12-30 | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104753879B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104935606A (en) * | 2015-07-07 | 2015-09-23 | 成都睿峰科技有限公司 | Terminal login method in cloud computing network |
CN104935607A (en) * | 2015-07-07 | 2015-09-23 | 成都睿峰科技有限公司 | Login certification method in cloud computing network |
CN104935608A (en) * | 2015-07-07 | 2015-09-23 | 成都睿峰科技有限公司 | Identity authentication method in cloud computing network |
CN105657702A (en) * | 2016-04-07 | 2016-06-08 | 中国联合网络通信集团有限公司 | Authentication method, authentication system, authentication method of mobile terminal and mobile terminal |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143230A (en) * | 2011-04-01 | 2011-08-03 | 广州杰赛科技股份有限公司 | Method for mini-station to authenticate and log in virtual machine in cloud system and login system |
CN102158432A (en) * | 2011-03-07 | 2011-08-17 | 候万春 | Telecom operator network middleware device prior to being embedded to terminal operating system |
CN102571359A (en) * | 2012-04-06 | 2012-07-11 | 上海凯卓信息科技有限公司 | Method for certificating cloud desktop based on smart card |
CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
EP2624501A1 (en) * | 2010-10-26 | 2013-08-07 | ZTE Corporation | Authentication routing system, method and authentication router of cloud computing service |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103096036A (en) * | 2013-01-13 | 2013-05-08 | 潘铁军 | Security and protection device and cloud service system and safety method of wide band video |
-
2013
- 2013-12-30 CN CN201310746278.9A patent/CN104753879B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2624501A1 (en) * | 2010-10-26 | 2013-08-07 | ZTE Corporation | Authentication routing system, method and authentication router of cloud computing service |
CN102158432A (en) * | 2011-03-07 | 2011-08-17 | 候万春 | Telecom operator network middleware device prior to being embedded to terminal operating system |
CN102143230A (en) * | 2011-04-01 | 2011-08-03 | 广州杰赛科技股份有限公司 | Method for mini-station to authenticate and log in virtual machine in cloud system and login system |
CN102571359A (en) * | 2012-04-06 | 2012-07-11 | 上海凯卓信息科技有限公司 | Method for certificating cloud desktop based on smart card |
CN102710605A (en) * | 2012-05-08 | 2012-10-03 | 重庆大学 | Information security management and control method under cloud manufacturing environment |
Non-Patent Citations (1)
Title |
---|
《云计算环境下的身份认证研究》;徐雯丽;《中国优秀硕士学位论文全文库》;20130715(第7期);正文2.3-5.3节 |
Also Published As
Publication number | Publication date |
---|---|
CN104753879A (en) | 2015-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11165757B2 (en) | Method and apparatus for securing communications using multiple encryption keys | |
CN105007279B (en) | Authentication method and Verification System | |
CN106326763B (en) | Method and device for acquiring electronic file | |
CN108965230A (en) | A kind of safety communicating method, system and terminal device | |
CN109067801A (en) | A kind of identity identifying method, identification authentication system and computer-readable medium | |
CN110990827A (en) | Identity information verification method, server and storage medium | |
CN103634114B (en) | The verification method and system of intelligent code key | |
CN105072125B (en) | A kind of http communication system and method | |
CN103701919A (en) | Remote login method and system | |
CN101815091A (en) | Cipher providing equipment, cipher authentication system and cipher authentication method | |
CN107113613B (en) | Server, mobile terminal, network real-name authentication system and method | |
CN108809633B (en) | Identity authentication method, device and system | |
KR20120007509A (en) | Method for authenticating identity and generating share key | |
CN108769029B (en) | Authentication device, method and system for application system | |
CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
CN103888429B (en) | Virtual machine starts method, relevant device and system | |
CN110505055A (en) | Based on unsymmetrical key pond to and key card outer net access identity authentication method and system | |
CN104753879B (en) | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider | |
CN104243452B (en) | A kind of cloud computing access control method and system | |
CN110380859A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system | |
CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
Alzomai et al. | The mobile phone as a multi OTP device using trusted computing | |
Rana et al. | Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system | |
CN115276978A (en) | Data processing method and related device | |
CN110176989A (en) | Quantum communications service station identity identifying method and system based on unsymmetrical key pond |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |