CN104753879B - Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider - Google Patents

Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider Download PDF

Info

Publication number
CN104753879B
CN104753879B CN201310746278.9A CN201310746278A CN104753879B CN 104753879 B CN104753879 B CN 104753879B CN 201310746278 A CN201310746278 A CN 201310746278A CN 104753879 B CN104753879 B CN 104753879B
Authority
CN
China
Prior art keywords
cloud service
service provider
terminal
data
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310746278.9A
Other languages
Chinese (zh)
Other versions
CN104753879A (en
Inventor
柴洪峰
叶家炜
何朔
廖健
杨阳
曾剑平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201310746278.9A priority Critical patent/CN104753879B/en
Publication of CN104753879A publication Critical patent/CN104753879A/en
Application granted granted Critical
Publication of CN104753879B publication Critical patent/CN104753879B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of method of terminal authentication cloud service provider, comprising: generates predicate evaluation token STK related with terminal according to predicate evaluation functionf;Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes the identity data for indicating the cloud service provider identity;Device related with the cloud service provider is sent by the data packet;At the related device of the cloud service provider, received data packet is parsed according to predicate evaluation anonymity discriminant function, authenticates the cloud service provider according to parsing result.The system of end certification cloud service provider, the method and system and two-way cloud authentication method and system of cloud service certification terminal are also provided.

Description

The method and system of terminal authentication cloud service provider, cloud service provider certification are whole The method and system at end
Technical field
The present invention relates to secure authentication technologies, in particular to cloud identity identifying technology.
Background technique
Existing cloud identity identifying technology mainly uses combined identity certification mechanism, be related to identity provider (IDP) with Service provider (SP).In this case, multiple SP share an IDP, and in the case where IDP failure, multiple SP be will be unable to Realize authentication.In addition, if this IDP is under attack, it will result in leaking data even systemic breakdown, lead to huge damage It loses.
During combined identity certification, usually only focus on how convenient certification of the realization to user identity, this is just used Family faces the danger such as phishing.
Summary of the invention
In view of this, the present invention provides a kind of method of terminal authentication cloud service provider, comprising: according to predicate evaluation letter Number generates predicate evaluation token STK related with terminalf;Generating includes the predicate evaluation token STKfWith public key SKpuNumber According to packet, the data packet further includes the identity data for indicating the cloud service provider identity;By the data packet be sent to The related device of the cloud service provider;At the related device of the cloud service provider, sentence according to predicate evaluation anonymity Disconnected function parses received data packet, authenticates the cloud service provider according to parsing result.
The method of terminal authentication cloud service provider according to the present invention, it is preferable that described raw according to predicate evaluation function At predicate evaluation token STK related with terminalfIt include: to generate a pair of secret keys SPK and SMSK;By the pair of key SPK with SMSK generates predicate evaluation token STK related with terminal according to predicate evaluation functionf
According to another aspect of the invention, a kind of method of cloud service provider certification terminal is also provided, comprising: receive After carrying out the request of self terminal, certification intermediate data is handled with predicate Encryption Algorithm, ciphertext UCT is thus generated and predicate evaluation enables Board UTKf;By ciphertext UCT and predicate evaluation token UTKf, data SeP and public key AK related with security mechanismpuOne reinstates The public key SK that cloud service provider providespuGenerate safe active constraint packet SAB;The safe active constraint packet SAB is supplied to Device related with cloud service provider;The safe active constraint packet is decrypted by the private key that the cloud service provider provides SAB;Safe active constraint packet SAB after decryption according to including data SeP related with security mechanism carry out safe inspection It looks into;In the case where safety inspection passes through, ciphertext UCT and predicate evaluation are obtained from the safe active constraint packet SAB of decryption Token UTKfAnd decrypt UTKf, in decrypted result situation identical with the certification intermediate data, certification passes through.
According to the method for cloud service provider provided by the invention certification terminal, optionally, intermediate data is used in the certification For the identity data of cloud service provider.
According to the method for cloud service provider provided by the invention certification terminal, optionally, described receive carrys out self terminal Request after, with predicate Encryption Algorithm handle certification intermediate data, thus generate ciphertext UCT and predicate evaluation token UTKfPacket It includes: receiving after carrying out the request of self terminal, judge whether the cloud service provider is to authenticate the terminal for the first time;If it is, The terminal virtual identity is provided, and digital signature is generated based on the virtual identity, meanwhile, by the identity number of the cloud service provider According to as certification intermediate data, which is handled with predicate Encryption Algorithm, is generated based on the identity data Ciphertext UCT and predicate evaluation token UTKf;And if it is not, then the identity data according to the cloud service provider is obtained and is somebody's turn to do The digital signature of terminal handles the digital signature with predicate Encryption Algorithm, thus generates the ciphertext based on the digital signature UCT and predicate evaluation token UTKf
Another example according to the present invention also provides a kind of two-way cloud authentication method, is used for terminal and cloud service provider Mutual authentication, this method comprises:
Terminal authentication cloud service provider, comprising: generate predicate evaluation related with terminal according to predicate evaluation function and enable Board STKf;Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate it is described The identity data of cloud service provider identity;Device related with the cloud service provider is sent by the data packet;? At the related device of the cloud service provider, received data packet is solved according to predicate evaluation anonymity discriminant function Analysis authenticates the cloud service provider according to parsing result;And
Cloud service provider authenticates terminal, comprising: receives after carrying out the request of self terminal, is handled and recognized with predicate Encryption Algorithm Card intermediate data, thus generates ciphertext UCT and predicate evaluation token UTKf;By ciphertext UCT and predicate evaluation token UTKf, with And data SeP related with security mechanism and public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates Safe active constraint packet SAB;Device related with cloud service provider is sent by the safe active constraint packet SAB;Pass through The private key that the cloud service provider provides decrypts the safe active constraint packet SAB;Safe active constraint packet SAB after decryption According to including data SeP related with security mechanism carry out safety inspection;In the case where safety inspection passes through, from solution The close safe active constraint packet SAB obtains ciphertext UCT and predicate evaluation token UTKfAnd decrypt UTKf, decrypted result with In the certification identical situation of intermediate data, certification passes through.
Two-way cloud authentication method according to the present invention, it is preferable that described related with terminal according to the generation of predicate evaluation function Predicate evaluation token STKfIt include: to generate a pair of secret keys SPK and SMSK;By the pair of key SPK and SMSK according to predicate Valuation functions generate predicate evaluation token STK related with terminalf
Two-way cloud authentication method according to the present invention, optionally, the certification is cloud service provider with intermediate data Identity data.
Two-way cloud authentication method according to the present invention, optionally, it is described receive carry out the request of self terminal after, with predicate plus Close algorithm process certification intermediate data, thus generates ciphertext UCT and predicate evaluation token UTKfIt include: to receive to carry out self terminal Request after, judge whether the cloud service provider is to authenticate the terminal for the first time;If it is, providing the terminal virtual body Part, and digital signature is generated based on the virtual identity, meanwhile, it is used using the identity data of the cloud service provider as certification intermediate Data handle the certification intermediate data with predicate Encryption Algorithm, generate ciphertext UCT and predicate evaluation based on the identity data Token UTKf;And if it is not, then the identity data according to the cloud service provider obtains the digital signature of the terminal, with The predicate Encryption Algorithm processing digital signature thus generates ciphertext UCT and predicate evaluation token based on the digital signature UTKf
Another example according to the present invention also provides a kind of system of terminal authentication cloud service provider, comprising: number of terminals According to packet generation module, it is configured to generate predicate evaluation token STK related with terminal according to predicate evaluation functionf, and generate Including the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes indicating that the cloud service provides The identity data of person's identity;Sending module is configured to send the data packet;First authentication module is configured to receive institute The data packet of sending module transmission is stated, and received data packet is parsed according to predicate evaluation anonymity discriminant function, according to The cloud service provider is authenticated according to parsing result.
The system of terminal authentication cloud service provider according to the present invention, it is preferable that the terminal data packet generation module Include: key pair generation unit, is used for a pair of secret keys SPK and SMSK;Token generation unit, for by the pair of key SPK Predicate evaluation token STK related with terminal is generated according to predicate evaluation function with SMSKf;Data package generating unit generates packet Include predicate evaluation token STKfWith public key SKpuData packet, which further includes indicating the identity of cloud service provider identity Data.
Another example according to the present invention also provides a kind of system of cloud service provider certification terminal, comprising: at first Module is managed, after the request that reception carrys out self terminal, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKf;SAB generation module is used for ciphertext UCT and predicate evaluation token UTKfAnd with safety Mechanism related data SeP and public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safety actively Constraint packet SAB, and device related with cloud service provider is sent by the safe active constraint packet SAB;Deciphering module is used In decrypting the safe active constraint packet SAB by private key, wherein safe active constraint packet SAB after decryption is according to wherein wrapping The data SeP related with security mechanism included carries out safety inspection;Second processing module, the case where safety inspection passes through Under, ciphertext UCT and predicate evaluation token UTK is obtained from the safe active constraint packet SAB of decryptionfAnd decrypt UTKf, and will solution Close result is compared with the certification with intermediate data, if comparison result is identical, certification passes through.
The system of exemplary cloud service provider certification terminal according to the present invention, optionally, intermediate data is used in the certification For the identity data of cloud service provider.
The system of exemplary cloud service provider certification terminal according to the present invention, optionally, the first processing module packet Include: judging unit is used for after receiving and carrying out the request of self terminal, judges whether the cloud service provider is to authenticate for the first time The terminal;First processing units, are used in the case where the result of judging unit, which is, is, provide virtual identity to the terminal, And digital signature is generated based on the virtual identity, meanwhile, it is handled with predicate Encryption Algorithm and is taken for the first time to the cloud in the terminal Identity data when business supplier makes requests as the ISP of certification intermediate data, thus generates based on institute State the ciphertext UCT and predicate evaluation token UTK of identity dataf;And the second processing unit, be used for be in the result of judging unit In the case of no, the identity data according to the cloud service provider obtains the digital signature of the terminal, is encrypted and is calculated with predicate The method processing digital signature thus generates ciphertext UCT and predicate evaluation token UTK based on the digital signaturef
Another example according to the present invention also provides a kind of two-way cloud Verification System, is used for terminal and cloud service provider Mutual authentication, the two-way cloud Verification System includes:
The system of terminal authentication cloud service provider comprising: terminal data packet generation module is configured to according to predicate Valuation functions generate predicate evaluation token STK related with terminalf, and generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes the identity data for indicating the cloud service provider identity;Sending module is matched It is set to and sends the data packet;First authentication module, is configured to receive the data packet that the sending module is sent, and to being connect The data packet of receipts is parsed, and authenticates the cloud service provider according to parsing result;And
The system of cloud service provider certification terminal comprising: first processing module carrys out asking for self terminal receiving After asking, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKf;SAB is raw At module, it is used for ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism and public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safe active constraint packet SAB, and about by the safety active Beam packet SAB is sent to device related with cloud service provider;Deciphering module is used to decrypt the safety by private key actively Constraint packet SAB, wherein safe active constraint packet SAB after decryption according to including data SeP related with security mechanism Carry out safety inspection;Second processing module, in the case where safety inspection passes through, from the safe active constraint packet of decryption SAB obtains ciphertext UCT and predicate evaluation token UTKfAnd decrypt UTKf, and by decrypted result and the certification intermediate data into Row compares, if comparison result is identical, certification passes through.
The two-way cloud Verification System, it is preferable that the terminal data packet generation module includes: key pair generation unit, is used In a pair of secret keys SPK and SMSK;Token generation unit, for by the pair of key SPK and SMSK foundation predicate evaluation function Generate predicate evaluation token STK related with terminalf;Data package generating unit, generating includes predicate evaluation token STKfWith public key SKpuData packet, which further includes the identity data for indicating cloud service provider identity.
The two-way cloud Verification System, optionally, the certification are the identity data of cloud service provider with intermediate data.
The two-way cloud Verification System, optionally, the first processing module includes: judging unit, is used to receive After carrying out the request of self terminal, judge whether the cloud service provider is to authenticate the terminal for the first time;First processing units are used for In the case where the result of judging unit, which is, is, virtual identity is provided to the terminal, and number label are generated based on the virtual identity Name, meanwhile, using the identity data of the cloud service provider as certification intermediate data, which is handled with predicate Encryption Algorithm With intermediate data, ciphertext UCT and predicate evaluation token UTK based on the identity data are generatedf;And the second processing unit, it uses The result in judging unit is that no, the identity data according to the cloud service provider obtains the number of the terminal Word signature handles the digital signature with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate based on the digital signature Assess token UTKf
Detailed description of the invention
Fig. 1 is the flow chart of the method for exemplary terminal authentication cloud service provider according to the present invention.
Fig. 2 is the flow chart of the method for an exemplary cloud service provider certification terminal according to the present invention.
Fig. 3 is the flow chart of the method for another exemplary cloud service provider certification terminal according to the present invention.
Fig. 4 is the structural block diagram of the system of exemplary terminal authentication cloud service provider according to the present invention.
Fig. 5 is the structural block diagram of the system of an exemplary cloud service provider certification terminal according to the present invention.
Fig. 6 is the structural block diagram of the system of another exemplary cloud service provider certification terminal according to the present invention.
Fig. 7 is the structural schematic diagram of exemplary two-way cloud Verification System according to the present invention.
Specific embodiment
Schematic example of the invention is described referring now to attached drawing, identical drawing reference numeral indicates identical element.Hereafter Each embodiment of description facilitates those skilled in the art and understands thoroughly the present invention, and is intended to example rather than limits.Unless otherwise It limits, term (including science, technology and industry slang) used herein has general with those skilled in the art in the invention All over the identical meaning of meaning understood.
Fig. 1 is the flow chart of the method for exemplary terminal authentication cloud service provider according to the present invention.Of the invention In all examples, the equipment that terminal can be any accessible cloud service network, such as desktop computer, notebook and hand-held electricity Sub- equipment (such as smart phone, tablet computer etc.), server can be in the case where server includes multiple independent mainboards Any independent mainboard etc..Cloud service provider can be the cloud service application operated in cloud device, is also possible to cloud and sets It is standby.
In step 100, predicate evaluation token STK related with terminal is generated according to predicate evaluation functionf.As an example, Generate a pair of secret keys SPK and SMSK;Predicate evaluation token is generated according to predicate evaluation function to key SPK and SMSK by this STKf, it is used for anonymous authentication.Predicate encryption (Predicate Encryption) technology is the more mature routine of a development Technology, predicate evaluation function employed in the present invention can be known to the skilled in the art any for generating assessment The predicate evaluation function of token, here, it is noted that selected predicate evaluation function has a predicate corresponding thereto Assess anonymous discriminant function.
In step 102, it includes predicate evaluation token STK that terminal, which generates,fWith public key SKpuData packet, which also wraps Include the identity data for indicating cloud service provider identity.Then, it in step 104, sends the packet to and is provided with cloud service The related device of person.Device related with cloud service provider can be the equipment where cloud service provider, be also possible to solely The equipment stood on where cloud service person but the equipment that can be communicated with the equipment where the cloud service provider.
In step 106, at the related device of the cloud service provider, according to predicate evaluation anonymity discriminant function to being connect The data packet of receipts is parsed, and authenticates the cloud service provider according to parsing result.The predicate evaluation anonymity discriminant function with Aforementioned predicate evaluation function is mutual corresponding function;Also, if the parsing result of predicate evaluation anonymity discriminant function be it is true, Then cloud service provider by certification, it is on the contrary then not over certification.
Example according to the present invention, step 100,102 and 104 can be executed by terminal respectively, or alternatively, can also be by It is executed independently of the equipment of terminal, only the equipment should be able to be communicated with terminal, that is, the equipment can receive recognizing for terminal transmission The request of cloud service provider is demonstrate,proved, and feeds back authentication result to terminal.Device related with cloud service provider is that cloud service mentions When equipment where donor, step 106 is executed in the equipment where cloud service provider, device related with cloud service provider When the equipment being independently of where cloud service person but the equipment that can be communicated with, step 106 at this independently of cloud service person where Equipment execute.
The method of terminal authentication cloud service provider shown in FIG. 1 can realize the knot for software, hardware or software and hardware It closes.No matter the combination of software, hardware or software and hardware is implemented as, as described above, part steps (such as step in method 100, it 102 and 104) executes in terminal or by independently of terminal but the equipment that can communicate with terminal executes, and partially (such as step 106) it executes in the equipment where cloud service provider or is executed in the equipment that can be communicated with the equipment where cloud service provider.
Fig. 2 is the flow chart of the method for an exemplary cloud service provider certification terminal according to the present invention.In step 200, it receives after carrying out the certification request of self terminal, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKf.In this example, certification can be the identity data of cloud service provider with intermediate data. Will be in another example described in conjunction with Figure 3, the certification number that intermediate data is for user terminal virtual identity Signature.Step 200 can execute in the equipment where cloud service provider;It can also be set where independently of cloud service provider It is executed in the standby but equipment that can communicate with.
In the illustrated example shown in fig. 2, ciphertext UCT and predicate evaluation token UTK is generatedfAfterwards, in step 202, by ciphertext UCT With predicate evaluation token UTKf, data SeP and public key AK related with security mechanismpuOne reinstates cloud service provider offer Public key SKpuEncryption generates safe active constraint packet SAB.Data SeP related with security mechanism indicates that SAB will be in decrypting process The safety inspection of middle progress, for example, self integrity checking and self integrity checking not in the case where whether want Execute self destruction mechanism of self destruction.In addition, generally all being wrapped in SAB data packet to execute subsequent security inspection It includes at least executable SAB security inspection and the virtual machine of self destruction can be performed in the case where checking unacceptable situation, in this example SAB be include such virtual machine.Step 202 can execute in the equipment where cloud service provider;It can also be in independence It executes, is carried out with equipment where cloud service provider logical in equipment but the equipment that can be communicated with where cloud service provider Letter is intended to that cloud service provider is made to know authentication result.Step 202 can be executed by same equipment with step 200 and also be set by difference It is standby to execute.
In step 204, the safe active constraint packet SAB is supplied to device related with cloud service provider.Herein Device related with cloud service provider refers to the device of subsequent execution decrypting process, and the device of subsequent execution decrypting process can To be arranged in the equipment where cloud service provider, may also be arranged in other equipment.
In step 206, at device related with cloud service provider, decrypted by the private key that cloud service provider provides The safe active constraint packet SAB.Then the safe active constraint packet SAB after step 208, decryption according to including with The related data SeP of security mechanism, the virtual machine as included by SAB carry out safety inspection.Here, the safety inspection is that self is complete Whole property inspection, i.e. SAB check whether the data packet after its decryption is complete.In the case where safety inspection passes through, step is executed 210, ciphertext UCT and predicate evaluation token UTK is obtained from the safe active constraint packet SAB of decryptionf, and decrypt UTKfTo obtain Decrypted result is obtained, by decrypted result compared with the identity data of cloud service provider, if identical, by certification, otherwise, not By certification, the communication between terminal is terminated.Here, self integrity checking of SAB not in the case where, this example Middle virtual machine self can destroy SAB.Step 208,210 can be executed with step 206 in same device, and but not limited to this, With step 206 in the case where same device executes, which can be supplied to last authentication result cloud clothes for step 208,210 Be engaged in supplier.
In addition, in this example and the example provided below in conjunction with Fig. 3, optionally, the safety authenticated in order to further increase Property, it may also include when generating SAB data packet and be related to the attribute information of terminal sensitive information, specifically need which kind of attribute information Including that can be determined according to the requirement of cloud service provider into the SAB data packet, and the requirement for example can be by cloud service provider Device, equipment or the module for generating SAB are informed before the generation of SAB data packet, are collected by it and are handled.Category is contained in SAB Property information in the case where, SAB decryption after, obtain the attribute public key AK of terminalPU, and attribute information is unlocked using the public key, by This, then further can verify that attribute information.In this case, only attribute information be proved to be successful and as Fig. 2 step 210 And in the case that the certification in the step 312 of Fig. 3 passes through, cloud service provider passes through the certification of terminal.
The method of cloud service provider certification terminal shown in Fig. 2 can realize the knot for software, hardware or software and hardware It closes.
Fig. 3 is the flow chart of the method for another exemplary cloud service provider certification terminal according to the present invention, is shown at this Example in, certification with intermediate data the cloud service provider for the first time certification terminal when be cloud service provider identity data, And in any other certification, then it is the digital signature for user terminal virtual identity.In step 300, receives and After the certification request of self terminal, judge the cloud service provider whether be for the first time the terminal is authenticated, if it is, into To step 302a.In step 302a, virtual identity VID is provided to the terminal, and digital signature Sg is generated based on the virtual identity (VID), meanwhile, using the identity data of the cloud service provider as the certification intermediate data of first time certification, with predicate Encryption Algorithm handles the certification intermediate data, thus generates ciphertext UCT and predicate evaluation token based on the identity data UTKf;In addition, in this step, VID and Sg(VID) it will all be stored, it is as follows to make referrals to, in the cloud service provider When authenticating the terminal later, all it regard the digital signature Sg(VID) as certification intermediate data.Step 302a can be mentioned in cloud service It is executed in equipment where donor;It can also be held in equipment but the equipment that can be communicated with where independently of cloud service provider Row.
If in step 300, received after carrying out the certification request of self terminal, judging the cloud service provider not is for the first time The terminal is authenticated, then proceeds to step 302b.Due to the cloud service provider for the first time authenticate the terminal when, stored VID and Sg(VID), therefore in step 302b, using the identity data of cloud service provider as index, the VID of the terminal is found, into And find the Sg(VID), using the processing of predicate Encryption Algorithm as the Sg(VID of certification intermediate data), and then generates and be based on institute State the ciphertext UCT and predicate evaluation token UTK of digital signaturef.As strength, executing step 302a and step 302b can be same Equipment executes.
In step 304, by ciphertext UCT and predicate evaluation token UTKf, related with security mechanism data SeP, Yi Jigong Key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption, generates safe active constraint packet SAB.It is formed with safe machine The data SeP of pass indicates the type for the safety inspection that SAB is carried out in decrypting process, for example, self integrity checking and from Whether my integrity checking will carry out self destruction mechanism of self destruction in the case where.In addition, subsequent to execute Security inspection, include at least executable SAB security inspection and in the case where checking unacceptable situation in general SAB data packet The virtual machine of self destruction can be performed, SAB includes such virtual machine in this example.
In step 306, the safe active constraint packet SAB is supplied to device related with cloud service provider.Herein Device related with cloud service provider refers to the device of subsequent execution decrypting process, and the device of subsequent execution decrypting process can To be arranged in the equipment where cloud service provider, may also be arranged in other equipment.
In step 308, at device related with cloud service provider, decrypted by the private key that cloud service provider provides The safe active constraint packet SAB.Then the safe active constraint packet SAB after step 310, decryption according to including with The related data SeP of security mechanism, the virtual machine as included by SAB carry out safety inspection.Here, the safety inspection is that self is complete Whole property inspection, i.e. SAB check whether the data packet after its decryption is complete.In the case where safety inspection passes through, step is executed 312, ciphertext UCT and predicate evaluation token UTK is obtained from the safe active constraint packet SAB of decryptionf, and decrypt UTKfTo obtain Decrypted result is obtained, here, if ciphertext UCT and predicate evaluation token UTKfIt is to be generated in step 302a, then by decrypted result Compared with the identity data of cloud service provider, if identical, by certification, it is otherwise, unauthenticated, terminate with terminal it Between communication;If ciphertext UCT and predicate evaluation token UTKfIt is to be generated in step 302b, then signs decrypted result and number Name Sg (VID) compares, otherwise, unauthenticated by certification if identical, terminates the communication between terminal.
It is similar with the example of Fig. 2, in this example, self integrity checking of SAB not in the case where, virtual machine meeting SAB self is destroyed.
According to the present invention, a kind of two-way cloud authentication method is also provided, this method is used between terminal and ISP Mutual authentication.In the certification, the process of terminal authentication cloud service provider is identical as method exemplified by Fig. 1, shown in Fig. 1 Terminal the certification of cloud service provider is passed through after, then carry out certification of the cloud service provider to terminal, and cloud service mentions Donor the verification process of terminal can be used method as shown in Figure 2, and method as shown in Figure 3 can also be used.Either which Kind, in the case where final cloud service provider passes through terminal authentication, that is, complete the mutual of cloud service provider and terminal Certification.Alternatively, certification of the cloud service provider to terminal can also be carried out first, then is passed through and then carried out terminal to cloud The certification of ISP.In view of above have been combined Fig. 1, Fig. 2 and Fig. 3 describe terminal authentication cloud service provider with And the process of cloud service provider, the two-way cloud authentication method based on them is just not described in detail herein.
Fig. 4 is the structural block diagram of the system of exemplary terminal authentication cloud service provider according to the present invention.As shown, should The system of terminal authentication cloud service provider includes terminal data packet generation module 40, sending module 42 and the first certification mould Block 44.Terminal data packet generation module 40 is configured to generate predicate evaluation token related with terminal according to predicate evaluation function STKf, and generating includes predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate cloud service provide The identity data of person's identity.As a specific example, terminal data packet generation module 40 includes key pair generation unit 400, is set It is set to and generates a pair of secret keys SPK and SMSK;Token generation unit 402 is used for by the pair of key SPK and SMSK according to meaning Word valuation functions generate predicate evaluation token STK related with terminalf;And data package generating unit 404, it is arranged to give birth to At including predicate evaluation token STKfWith public key SKpuData packet, which further includes indicating cloud service provider identity Identity data.The data packet of generation is sent to the first authentication module 44 by sending module 42.As an example, terminal data packet generates Module 40 and sending module all may be provided at terminal, may also be arranged on independently of terminal but in the related equipment of the terminal, The equipment independently of terminal can at least be communicated with the terminal, that is, receive the request of terminal authentication cloud service provider, and be fed back Authentication result is to terminal.First authentication module 44 solves received data packet according to predicate evaluation anonymity discriminant function Whether legal analysis authenticates the cloud service provider according to parsing result.Wherein, predicate evaluation anonymity discriminant function and predicate evaluation Function is mutual corresponding function.If the solution that the first authentication module 44 is carried out based on predicate evaluation anonymity discriminant function Analysis, as a result very, then cloud service provider is by certification, conversely, cloud service provider is not over certification.First certification mould Block 44 can be set to may also be arranged in the equipment where cloud service provider to be joined with the device-dependent where cloud service provider Equipment, which can be sent to authentication result the cloud service provider.
The system of terminal authentication cloud service provider shown in Fig. 4 can realize the knot for software, hardware or software and hardware It closes.No matter the combination of software, hardware or software and hardware is implemented as, and the system is as described above, can be by a part of (such as terminal Data packet generation module 40 and sending module 42) terminal is set or the equipment independently of terminal is set, another part (such as the One authentication module 44) equipment where cloud service provider is set or can be set with what the equipment where cloud service provider communicated It is standby.
Fig. 5 is the structural block diagram of the system of another exemplary cloud service provider certification terminal according to the present invention.Such as figure Shown, the system of cloud service provider certification terminal includes first processing module 50, SAB generation module 52, deciphering module 54, Second processing module 56.First processing module 50 is handled with predicate Encryption Algorithm and is authenticated after receiving and carrying out the request of self terminal With intermediate data, ciphertext UCT and predicate evaluation token UTK are thus generatedf.In this example, certification is cloud service with intermediate data The identity data of supplier.First processing module 50 may be provided at the equipment where cloud service provider, can also be arranged in only In equipment where standing on cloud service provider but the equipment that can be communicated with.SAB generation module 52 is by ciphertext UCT and predicate evaluation Token UTKf, data SeP related with security mechanism and public key AKpuOne reinstates the public key SK of cloud service provider offerpu Encryption generates safe active constraint packet SAB, and the SAB is sent to device related with cloud service provider.With security mechanism Related data SeP indicates the type for the safety inspection that SAB is carried out in decrypting process, for example, self integrity checking and Self the destruction mechanism whether self integrity checking wants self to destroy in the case where.In addition, subsequent to execute Security inspection generally includes at least executable SAB security inspection all in SAB data packet and is checking unacceptable situation The virtual machine of self destruction can be performed down, the SAB in this example includes such virtual machine.SAB generation module 52 can with first at Module 50 is managed to be arranged in same equipment.Deciphering module 54 decrypts the safety actively by the private key that cloud service provider provides Constraint packet SAB, and make decryption after safe active constraint packet SAB according to including data related with security mechanism carry out Safety inspection;Specifically, decryption after safe active constraint packet SAB according to including data related with security mechanism SeP, the virtual machine as included by SAB carry out safety inspection.Here, the safety inspection is self integrity checking, i.e. SAB is checked Whether the data packet after it is decrypted is complete.Second processing module 56 obtains ciphertext UCT from the safe active constraint packet SAB of decryption With predicate evaluation token UTKf, and decrypt UTKfTo obtain decrypted result, by decrypted result and the identity data of cloud service ratio Compared with, it is otherwise, unauthenticated by certification if identical, terminate the communication between terminal.Here, SAB self Integrity checking is in the case where, and virtual machine self can destroy SAB in this example.
Fig. 6 is the structural block diagram of the system of another exemplary cloud service provider certification terminal according to the present invention.According to The example, the system which authenticates terminal includes first processing module 60, SAB generation module 62, deciphering module 64, Second processing module 66.First processing module 60 includes judging unit 600, first processing units 602 and the second processing unit 604.Judging unit 600 is used for after receiving and carrying out the request of self terminal, judges whether cloud service provider is to authenticate for the first time The terminal, first processing units 602 provide virtual identity in the case where the result of judging unit 600, which is, is, to the terminal, and Digital signature Sg(VID is generated based on the virtual identity), meanwhile, for the first time using the identity data of the cloud service provider as this The certification intermediate data of certification handles the certification intermediate data with predicate Encryption Algorithm, thus generates based on the identity The ciphertext UCT and predicate evaluation token UTK of dataf;In addition, VID and Sg(VID) it will all be stored, it is as follows to make referrals to, When authenticating the terminal after the cloud service provider, all it regard the digital signature Sg(VID) as certification intermediate data.Second Processing unit 604 be used in the case that judging unit result be no, using the identity data of the cloud service provider as Index, finds the VID of the terminal, and then find the Sg(VID), thus using the processing of predicate Encryption Algorithm as certification mediant According to Sg(VID), generate ciphertext UCT based on the digital signature and predicate evaluation token UTKf
SAB generation module 62 by ciphertext UCT and predicate evaluation token UTKf, data SeP related with security mechanism and Public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safe active constraint packet SAB, and the SAB is sent out Give cloud service provider.Data SeP related with security mechanism indicates the kind for the safety inspection that SAB is carried out in decrypting process Class, for example, self integrity checking and self integrity checking not in the case where whether want self destroy self Destruction mechanism.In addition, generally again including at least executable SAB peace all in SAB data packet to execute subsequent security inspection Full property inspection and the virtual machine that self destruction can be performed in the case where checking unacceptable situation, the SAB in this example includes such void Quasi- machine.SAB generation module 62 can be arranged in same equipment with first processing module 60.Deciphering module 64 is provided by cloud service The private key that person provides decrypts the safe active constraint packet SAB, and makes the safe active constraint packet SAB after decryption according to wherein Including data related with security mechanism carry out safety inspection;Specifically, decryption after safe active constraint packet SAB according to Including data SeP related with security mechanism, the virtual machine as included by SAB carry out safety inspection.Here, the safety Inspection is self integrity checking, i.e. SAB checks whether the data packet after its decryption is complete.Second processing module 66 is from decryption Ciphertext UCT and predicate evaluation token UTK is obtained in safe active constraint packet SABf, and decrypt UTKfTo obtain decrypted result.? Ciphertext UCT and predicate evaluation token UTKfIn the case where being generated by first processing units 602, Second processing module 66 ties decryption Fruit is compared with the identity data of cloud service provider, otherwise, unauthenticated by certification if identical, termination and terminal Between communication;In ciphertext UCT and predicate evaluation token UTKfIn the case where being generated by the second processing unit 604, second processing Decrypted result compared with digital signature, if identical, is passed through certification, otherwise, unauthenticated, termination and terminal by module 66 Between communication.Here, self integrity checking of SAB not in the case where, in this example virtual machine can by SAB self It destroys.
The present invention also provides a kind of two-way cloud Verification Systems, for the mutual authentication between terminal and cloud service provider. Fig. 7 is the schematic block diagram of two-way cloud Verification System according to the present invention.The two-way cloud Verification System includes terminal authentication cloud service The system 7b of system 7a and cloud service provider the certification terminal of supplier.The system 7a of terminal authentication cloud service provider with The system of terminal authentication cloud service provider shown in Fig. 4 is identical, repeats no more.An example according to the invention, cloud service The system that cloud service provider certification terminal shown in fig. 5 can be used in the system 7b that supplier authenticates terminal, is not described in detail. Another example according to the invention, the system 7b of cloud service provider certification terminal also can be used cloud service shown in fig. 6 and mention The system of donor certification terminal.In general it is provided in the authentication result cloud service of the system 7a of terminal authentication cloud service provider In the case that person is by certification, then cloud service provider is carried out by the system 7b of cloud service provider certification terminal, terminal is recognized Card.But it can also be after the system 7b of cloud service provider certification terminal has carried out cloud service provider to the certification of terminal, Certification of the terminal to cloud service person is carried out by the system 7a of terminal authentication cloud service provider.
Using system as described in the present invention or method as described in the present invention is executed, there was only cloud not as routine techniques Certification of the ISP to terminal, and make cloud service provider and terminal that can realize two-way authentication, thus avoid network fishing The generation of fish such case.In verification process, the use of predicate evaluation, SAB technology and self destruction mechanism is effectively prevented Data theft.Public key encryption is used in verification process, so that Small Integer Attack can not prove effective.In addition, predicate encryption, virtual account number Using also ensuring anonymity, it is therefore prevented that the tracking that service provider or attacker access user also prevents multiple services and provides Quotient steals the generation of information of terminal user such case by combining decryption.In the technical solution provided by the present invention, Yong Huyu Cloud provider is directly authenticated, without third party, this avoids cloud service provider to a certain identity provider with Come, the extension and resource for being conducive to cloud service provider are mutually enjoyed.

Claims (18)

1. a kind of method of terminal authentication cloud service provider, which is characterized in that the described method includes:
Predicate evaluation token STK related with terminal is generated according to predicate evaluation functionf
Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes indicating the cloud The identity data of ISP's identity;
Device related with the cloud service provider is sent by the data packet;
At the related device of the cloud service provider, according to predicate evaluation anonymity discriminant function to received data packet into Row parsing authenticates the cloud service provider according to parsing result.
2. the method for terminal authentication cloud service provider as described in claim 1, which is characterized in that described according to predicate evaluation Function generates predicate evaluation token STK related with terminalfInclude:
Generate a pair of secret keys SPK and SMSK;
Predicate evaluation token STK related with terminal is generated according to predicate evaluation function with SMSK by the pair of key SPKf
3. a kind of method of cloud service provider certification terminal, which is characterized in that the described method includes:
Receive after carrying out the request of self terminal, with predicate Encryption Algorithm handle certification intermediate data, thus generate ciphertext UCT with Predicate evaluation token UTKf
By ciphertext UCT and predicate evaluation token UTKf, data SeP and public key AK related with security mechanismpuOne reinstates cloud clothes The public key SK that business supplier providespuGenerate safe active constraint packet SAB;
The safe active constraint packet SAB is supplied to device related with cloud service provider;
The safe active constraint packet SAB is decrypted by the private key that the cloud service provider provides;
Safe active constraint packet SAB after decryption according to including data SeP related with security mechanism carry out safe inspection It looks into;
In the case where safety inspection passes through, ciphertext UCT and predicate evaluation are obtained from the safe active constraint packet SAB of decryption Token UTKfAnd decrypt UTKf, in decrypted result situation identical with the certification data, certification passes through.
4. the method for cloud service provider certification terminal as claimed in claim 3, which is characterized in that mediant is used in the certification According to the identity data for cloud service provider.
5. the method for cloud service provider certification terminal as claimed in claim 3, which is characterized in that described to receive from eventually After the request at end, certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKf Include:
It receives after carrying out the request of self terminal, judges whether the terminal is to make requests for the first time to the cloud service provider;
If it is, providing the terminal virtual identity, and digital signature is generated based on the virtual identity, meanwhile, it is encrypted with predicate The clothes of the algorithm process when the terminal makes requests to the cloud service provider for the first time as certification intermediate data Business device identity data thus generates ciphertext UCT and predicate evaluation token UTK based on the identity dataf;Wherein, the terminal When making requests from for the second time to the cloud service provider, which will be used as certification intermediate data;And
If it is not, then the identity data according to the cloud service provider is obtained in the terminal for the first time to the cloud service The digital signature generated when supplier makes requests handles the digital signature with predicate Encryption Algorithm, thus generates based on institute State the ciphertext UCT and predicate evaluation token UTK of digital signaturef
6. a kind of two-way cloud authentication method, the mutual authentication for terminal and cloud service provider, which comprises
Terminal authentication cloud service provider, comprising:
Predicate evaluation token STK related with terminal is generated according to predicate evaluation functionf
Generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further includes indicating the cloud The identity data of ISP's identity;
Device related with the cloud service provider is sent by the data packet;
At the related device of the cloud service provider, according to predicate evaluation anonymity discriminant function to received data packet into Row parsing authenticates the cloud service provider according to parsing result;And
Cloud service provider authenticates terminal, comprising:
Receive after carrying out the request of self terminal, with predicate Encryption Algorithm handle certification intermediate data, thus generate ciphertext UCT with Predicate evaluation token UTKf
By ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism and public key AKpuOne reinstates The public key SK that cloud service provider providespuGenerate safe active constraint packet SAB;
Device related with cloud service provider is sent by the safe active constraint packet SAB;
The safe active constraint packet SAB is decrypted by the private key that the cloud service provider provides;
Safe active constraint packet SAB after decryption according to including data SeP related with security mechanism carry out safe inspection It looks into;
In the case where safety inspection passes through, ciphertext UCT and predicate evaluation are obtained from the safe active constraint packet SAB of decryption Token UTKfAnd decrypt UTKf, in decrypted result situation identical with the certification data, certification passes through.
7. two-way cloud authentication method as claimed in claim 6, which is characterized in that described according to the generation of predicate evaluation function and whole Hold related predicate evaluation token STKfInclude:
Generate a pair of secret keys SPK and SMSK;
Predicate evaluation token STK related with terminal is generated according to predicate evaluation function with SMSK by the pair of key SPKf
8. two-way cloud authentication method as claimed in claim 6, which is characterized in that the certification is that cloud service mentions with intermediate data The identity data of donor.
9. two-way cloud authentication method as claimed in claim 6, which is characterized in that it is described receive carry out the request of self terminal after, Certification intermediate data is handled with predicate Encryption Algorithm, thus generates ciphertext UCT and predicate evaluation token UTKfInclude:
It receives after carrying out the request of self terminal, judges whether the terminal is to make requests for the first time to the cloud service provider;
If it is, providing the terminal virtual identity, and digital signature is generated based on the virtual identity, meanwhile, it is encrypted with predicate The clothes of the algorithm process when the terminal makes requests to the cloud service provider for the first time as certification intermediate data Business device identity data thus generates ciphertext UCT and predicate evaluation token UTK based on the identity dataf;Wherein, the terminal When making requests from for the second time to the cloud service provider, which will be used as certification intermediate data;And
If it is not, then the identity data according to the cloud service provider is obtained in the terminal for the first time to the cloud service The digital signature generated when supplier makes requests handles the digital signature with predicate Encryption Algorithm, thus generates based on institute State the ciphertext UCT and predicate evaluation token UTK of digital signaturef
10. a kind of system of terminal authentication cloud service provider, which is characterized in that the system comprises:
Terminal data packet generation module is configured to generate predicate evaluation token related with terminal according to predicate evaluation function STKf, and generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate it is described The identity data of cloud service provider identity;
Sending module is configured to send the data packet;
First authentication module is configured to receive the data packet that the sending module is sent, and judges according to predicate evaluation anonymity Function parses received data packet, authenticates the cloud service provider according to parsing result.
11. the system of terminal authentication cloud service provider as claimed in claim 10, which is characterized in that the terminal data packet Generation module includes:
Key pair generation unit is used for a pair of secret keys SPK and SMSK;
Token generation unit, it is related with terminal for being generated with SMSK according to predicate evaluation function by the pair of key SPK Predicate evaluation token STKf
Data package generating unit, generating includes predicate evaluation token STKfWith public key SKpuData packet, the data packet further include refer to The identity data of bright cloud service provider identity.
12. a kind of system of cloud service provider certification terminal, which is characterized in that the system comprises:
First processing module handles certification intermediate data after the request that reception carrys out self terminal with predicate Encryption Algorithm, by This generates ciphertext UCT and predicate evaluation token UTKf
SAB generation module is used for ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism, And public key AKpuOne reinstates the public key SK of cloud service provider offerpuEncryption generates safe active constraint packet SAB, and by the peace Full active constraint packet SAB is sent to device related with cloud service provider;
Deciphering module is used to decrypt the safe active constraint packet SAB by private key, wherein the safety active after decryption is about Beam packet SAB according to including data SeP related with security mechanism carry out safety inspection;
Second processing module obtains close in the case where safety inspection passes through from the safe active constraint packet SAB of decryption Literary UCT and predicate evaluation token UTKfAnd decrypt UTKf, and decrypted result is compared with the certification with data, if than Identical compared with result, then certification passes through.
13. the system of cloud service provider certification terminal as claimed in claim 12, which is characterized in that certification centre Data are the identity data of cloud service provider.
14. the system of cloud service provider certification terminal as claimed in claim 12, which is characterized in that the first processing mould Block includes:
Judging unit is used for after receiving and carrying out the request of self terminal, judges whether the terminal is to take for the first time to the cloud Business supplier makes requests;
First processing units are used in the case where the result of judging unit, which is, is, provide virtual identity, and base to the terminal Digital signature is generated in the virtual identity, meanwhile, it is handled with predicate Encryption Algorithm and is mentioned for the first time to the cloud service in the terminal As the server identity data of certification intermediate data when donor makes requests, thus generate based on the identity data Ciphertext UCT and predicate evaluation token UTKf;Wherein, when which makes requests from for the second time to the cloud service provider, The digital signature will be used as certification intermediate data;And
The second processing unit is used for when the result of judging unit is that no, according to the cloud service provider Identity data, which is obtained, is generated as digital signature when the terminal makes requests to the cloud service provider for the first time, with The predicate Encryption Algorithm processing digital signature thus generates ciphertext UCT and predicate evaluation token based on the digital signature UTKf
15. a kind of two-way cloud Verification System, for the mutual authentication of terminal and cloud service provider, the two-way cloud Verification System Include:
The system of terminal authentication cloud service provider comprising:
Terminal data packet generation module is configured to generate predicate evaluation token related with terminal according to predicate evaluation function STKf, and generating includes the predicate evaluation token STKfWith public key SKpuData packet, the data packet further include indicate it is described The identity data of cloud service provider identity;
Sending module is configured to send the data packet;
First authentication module is configured to receive the data packet that the sending module is sent, and carries out to received data packet Parsing authenticates the cloud service provider according to parsing result;And
The system of cloud service provider certification terminal comprising:
First processing module handles certification intermediate data after the request that reception carrys out self terminal with predicate Encryption Algorithm, by This generates ciphertext UCT and predicate evaluation token UTKf
SAB generation module is used for ciphertext UCT and predicate evaluation token UTKfAnd data SeP related with security mechanism, And public key AKpuOne reinstates the public key SK of cloud service provider offerpuSafe active constraint packet SAB is generated, and this is main safely Moving constraint packet SAB is sent to device related with cloud service provider;
Deciphering module is used to decrypt the safe active constraint packet SAB by private key, wherein the safety active after decryption is about Beam packet SAB according to including data SeP related with security mechanism carry out safety inspection;
Second processing module obtains close in the case where safety inspection passes through from the safe active constraint packet SAB of decryption Literary UCT and predicate evaluation token UTKfAnd decrypt UTKf, and decrypted result is compared with the certification with data, if than Identical compared with result, then certification passes through.
16. two-way cloud Verification System as claimed in claim 15, which is characterized in that the terminal data packet generation module packet It includes:
Key pair generation unit is used for a pair of secret keys SPK and SMSK;
Token generation unit, it is related with terminal for being generated with SMSK according to predicate evaluation function by the pair of key SPK Predicate evaluation token STKf
Data package generating unit, generating includes predicate evaluation token STKfWith public key SKpuData packet, the data packet further include refer to The identity data of bright cloud service provider identity.
17. two-way cloud Verification System as claimed in claim 15, which is characterized in that the certification is cloud service with intermediate data The identity data of supplier.
18. two-way cloud Verification System as claimed in claim 15, which is characterized in that the first processing module includes:
Judging unit is used for after receiving and carrying out the request of self terminal, judges whether the terminal is to take for the first time to the cloud Business supplier makes requests;
First processing units are used in the case where the result of judging unit, which is, is, provide virtual identity, and base to the terminal Digital signature is generated in the virtual identity, meanwhile, it is handled with predicate Encryption Algorithm and is mentioned for the first time to the cloud service in the terminal As the server identity data of certification intermediate data when donor makes requests, thus generate based on the identity data Ciphertext UCT and predicate evaluation token UTKf;Wherein, when which makes requests from for the second time to the cloud service provider, The digital signature will be used as certification intermediate data;And
The second processing unit is used for when the result of judging unit is that no, according to the cloud service provider Identity data, which is obtained, is generated as digital signature when the terminal makes requests to the cloud service provider for the first time, with The predicate Encryption Algorithm processing digital signature thus generates ciphertext UCT and predicate evaluation token based on the digital signature UTKf
CN201310746278.9A 2013-12-30 2013-12-30 Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider Active CN104753879B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310746278.9A CN104753879B (en) 2013-12-30 2013-12-30 Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310746278.9A CN104753879B (en) 2013-12-30 2013-12-30 Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider

Publications (2)

Publication Number Publication Date
CN104753879A CN104753879A (en) 2015-07-01
CN104753879B true CN104753879B (en) 2019-03-15

Family

ID=53592997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310746278.9A Active CN104753879B (en) 2013-12-30 2013-12-30 Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider

Country Status (1)

Country Link
CN (1) CN104753879B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104935606A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Terminal login method in cloud computing network
CN104935607A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Login certification method in cloud computing network
CN104935608A (en) * 2015-07-07 2015-09-23 成都睿峰科技有限公司 Identity authentication method in cloud computing network
CN105657702A (en) * 2016-04-07 2016-06-08 中国联合网络通信集团有限公司 Authentication method, authentication system, authentication method of mobile terminal and mobile terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143230A (en) * 2011-04-01 2011-08-03 广州杰赛科技股份有限公司 Method for mini-station to authenticate and log in virtual machine in cloud system and login system
CN102158432A (en) * 2011-03-07 2011-08-17 候万春 Telecom operator network middleware device prior to being embedded to terminal operating system
CN102571359A (en) * 2012-04-06 2012-07-11 上海凯卓信息科技有限公司 Method for certificating cloud desktop based on smart card
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment
EP2624501A1 (en) * 2010-10-26 2013-08-07 ZTE Corporation Authentication routing system, method and authentication router of cloud computing service

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103096036A (en) * 2013-01-13 2013-05-08 潘铁军 Security and protection device and cloud service system and safety method of wide band video

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2624501A1 (en) * 2010-10-26 2013-08-07 ZTE Corporation Authentication routing system, method and authentication router of cloud computing service
CN102158432A (en) * 2011-03-07 2011-08-17 候万春 Telecom operator network middleware device prior to being embedded to terminal operating system
CN102143230A (en) * 2011-04-01 2011-08-03 广州杰赛科技股份有限公司 Method for mini-station to authenticate and log in virtual machine in cloud system and login system
CN102571359A (en) * 2012-04-06 2012-07-11 上海凯卓信息科技有限公司 Method for certificating cloud desktop based on smart card
CN102710605A (en) * 2012-05-08 2012-10-03 重庆大学 Information security management and control method under cloud manufacturing environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《云计算环境下的身份认证研究》;徐雯丽;《中国优秀硕士学位论文全文库》;20130715(第7期);正文2.3-5.3节

Also Published As

Publication number Publication date
CN104753879A (en) 2015-07-01

Similar Documents

Publication Publication Date Title
US11165757B2 (en) Method and apparatus for securing communications using multiple encryption keys
CN105007279B (en) Authentication method and Verification System
CN106326763B (en) Method and device for acquiring electronic file
CN108965230A (en) A kind of safety communicating method, system and terminal device
CN109067801A (en) A kind of identity identifying method, identification authentication system and computer-readable medium
CN110990827A (en) Identity information verification method, server and storage medium
CN103634114B (en) The verification method and system of intelligent code key
CN105072125B (en) A kind of http communication system and method
CN103701919A (en) Remote login method and system
CN101815091A (en) Cipher providing equipment, cipher authentication system and cipher authentication method
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
CN108809633B (en) Identity authentication method, device and system
KR20120007509A (en) Method for authenticating identity and generating share key
CN108769029B (en) Authentication device, method and system for application system
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN103888429B (en) Virtual machine starts method, relevant device and system
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN104753879B (en) Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider
CN104243452B (en) A kind of cloud computing access control method and system
CN110380859A (en) Based on unsymmetrical key pond to and DH agreement quantum communications service station identity identifying method and system
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
Alzomai et al. The mobile phone as a multi OTP device using trusted computing
Rana et al. Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system
CN115276978A (en) Data processing method and related device
CN110176989A (en) Quantum communications service station identity identifying method and system based on unsymmetrical key pond

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant