192results about How to "Implement two-way authentication" patented technology

The invention belongs to the technical field of a device for verifying the identity or credentials of a system user, and discloses an identity-based unmanned aerial vehicle key management and networking authentication system and a method thereof. The ground authentication server is responsible for generating and distributing system parameters, identity information and keys required by the unmannedaerial vehicle for key management and network authentication. UAV authentication client is the main body of the system; Through mutual cooperation, the key pairs of UAV for network authentication canbe generated in a distributed manner, and the identity authentication and key agreement between UAV can be realized by using the key pairs. The invention improves the problem of unequal calculation of nodes in the key management of the UAV network existing in the prior art, enhances the reliability of the system, and realizes the key management of the UAV self-organization. The two-way authentication between UAV nodes ensures the credibility and authenticity of both sides of the communication. Using identity public key and bilinear pairing implementation, the computational overhead is less and the implementation efficiency is improved.

The invention relates to a method and a system for mutual authentication based on a hash function. The method comprises the following steps: 1) transmitting an authentication activation packet to an electronic tag through a reader; 2) performing tag construction and transmitting an authentication request packet to the reader; 3) constructing and transmitting a key request packet to an electronic tag application system database DB; 4) transmitting a certificate authentication request packet to an authentication server AS; 5) transmitting a certificate authentication response packet to the DB; 6) transmitting a key response packet to the reader; 7) transmitting an authentication response packet to the TAG; and 8) transmitting an authentication acknowledgment packet to the reader. The invention provides a method and a system for mutual authentication based on a hash function, which can achieve the purpose of no safety linkage between the database and the reader, perform mutual authentication and reasonably utilize the device performance.

The invention provides a mobile commerce identity authentication method. In the method, key negotiation is realized by the most efficient elliptic curve-based public key cryptosystem in public key cryptosystems. An elliptic curve algorithm has the characteristics of low calculated amount and high safety, so the elliptic curve algorithm is used for generating a public key and a private key, and a public key cryptosystem without a third-party is realized and applied to the two-way authentication service of a client and a server.

The invention relates to a single sign-on method in a point to point mode. Being different from the existing single sign-on method based on a customer server mode, the method manages the single sign-on life cycle of a customer by using valid period of certificate of the customer, and the customer can sign on for a plurality of times with single certification. The method completes the cross-certification of an application system and an identity certification server; the shared encryption key of communication parties is initialized, and a safe channel between the customer and the application system is established. Through the the identity certification server and the cross-certification of the application system, any application system can independently carry out identity certification, thus weakening the status of a central identity certification server, avoiding the defect of single-point failure in traditional customer/ service mode and being characterized by low cost for system operation, high efficiency and good safety performance.

The invention discloses a certificate-free remote anonymous authentication method based on a third party in a cloud application, and the method mainly solves the problem that remote bidirectional authentication in the prior art is poor in safety. The method is achieved through the steps that (1) a network manager M initializes a system; (2) the network manager M conducts identity register on a user U, and issues a system account to the user U; (3) the network manager conducts identity register on a service provider S, and sends part of the identity information of the legitimate user U to the service provider S; (4) the user U sends a service request to the service provider S in an anonymous mode through the system account; (5) the service provider S and the user U conduct bidirectional authentication. According to the method, the requirement for a certificate is omitted, the defects of secret key trusteeship are omitted as well, safety in anonymous bidirectional authentication is improved, and the method can be used for identity authentication when a remote user in a wireless body area network conducts service request.

The invention provides a network camera identity authentication method based on a TPCM. The method is characterized in that a network camera and a reliable gateway adopt a self-signing mode to generate a digital certificate which comprises a value of a platform configuration register and a measurement result of a memory code segment in operation. An authentication center verifies validity of the digital certificate and confirms identity of the verified party. Advantages are that a measurement value in the starting process of equipment is stored in the platform configuration register so that hardware of the network camera and the reliable gateway is ensured to be unchanged. Reliability of equipment identity is ensured from the aspect of software via measurement of the memory code segment. Besides, a signature secret key is generated by a TPCM chip and bound with the hardware platform state of the equipment so that the digital certificate is difficult to forge.

The invention discloses an RFID authentication method and system based on PUFs. The system comprises a backend database, a reader and a tag, wherein communication between the backend database and the reader can be realized by using a conventional network security technology, so that the communication between the backend database and the reader is safe; however, the communication between the reader and the tag is not realized through the conventional network security technology, so that the communication is not safe. The RFID authentication method has the advantages of high safety and authentication efficiency, little in resource consumption and the like, can resist typical attack techniques such as replay attacks, counterfeit attacks, track attacks, physical attacks and the like, has forward safety and backward safety, and realizes bidirectional authentication between the reader and the tag. A public key encryption method is used, so that the RFID authentication method has higher safety.

The invention discloses a method, a device and a system of verification of safety association between terminal equipment and a user card. The method, the device and the system of the verification of the safety association between the terminal equipment and the user card are used for achieving two-way safety verification between the user card and the terminal equipment under the premise that functions of the user card are not expanded, wherein the method of the verification of the safety association between the terminal equipment and the user card comprises receiving a first verification request sent by the terminal equipment when the terminal equipment accesses a core network; searching for a first authentication key which corresponds to a user card identification in a corresponding relationship which is pre-stored between the user card identification and the first authentication key according to the user card identification carried by the verification request; carrying out encryption on a terminal identification and the user card identification carried in the verification request by using the first authentication key which is found, and obtaining a second to-be-verified terminal identification; confirming that the safety association verification between the terminal equipment and the user card passes when a first to-be-verified terminal identification and the second to-be-verified terminal identification are the same; and confirming that the safety association verification between the terminal equipment and the user card does not pass when the first to-be-verified terminal identification and the second to-be-verified terminal identification are not the same.

The invention discloses a data transmission method and system based on a hybrid encryption algorithm, belongs to the field of encryption transmission, and aims to solve the technical problem of how torealize data transmission with high encryption speed and low encryption key management difficulty. The method comprises the following steps that bidirectional authentication is performed on a clientand a server based on a digital certificate of the server, and a communication channel between the client and the server is established after verifying that the server is legal; the client randomly generates an RSA key pair, and encrypts and sends the RSA key pair to the server through the digital certificate; one of the client and the server is used as a sending end, and the other one is used asa receiving end; the sending end randomly generates an AES secret key and a random number plaintext, carries out encryption transmission on plaintext data and the random number plaintext through the AES secret key, carries out encryption transmission on the AES secret key through an RSA secret key, and uses the random number plaintext as a signature to verify whether encryption transmission is successful or not. The system executes the data transmission method.

The invention relates to a two-way authentication method and system. The method comprises the following steps: forming, by an authentication device, a first digital signature of the key attribute information of an authenticated device; transmitting the first digital signature and a temporary public key of the authentication device to the authenticated device to be verified by the authenticated device; after the authenticated device verifies the received first digital signature, sending, by authenticated device, a second digital signature of the key attribute information of the authentication device and the temporary public key of the authenticated device to the authentication device to be verified by the authentication device; receiving and verifying, by the authentication device, the second digital signature; and sending, by the authenticated device, authentication success information, and performing encrypted data transmission by using the temporary public keys of the two parties. The authentication device and the authenticated device correctly the key attribute information of the opposite party and perform signature verification so as to achieve two-way authentication. The encrypted transmission of data interaction is realized, and the security of identity verification is further improved.

This invention relates to one wireless local operation method based on WAPI, which comprises the following steps: 21, interface controller identifies the mobile terminal account information; 22, servo gives out mobile terminal authorization information according to the account information result to exchange mobile terminal and network data.

The invention belongs to the technical field of information safety, and discloses an inter-satellite networking authentication system and method suitable for a double-layer satellite network. The system comprises a ground authentication server, a high-orbit satellite authentication client and a low-orbit satellite authentication client, wherein the ground authentication server is used for completing initialization of a satellite authentication system, namely generating and distributing identity information, a secret key and track parameters which are needed for authentication between the satellites; the high-orbit satellite authentication client and the low-orbit satellite authentication client are main bodies of inter-satellite networking authentication, and the inter-satellite identity authentication and key negotiation are realized through the interaction of authentication parameters. An authentication precomputation mechanism is designed by utilizing the characteristics that a satellite network clock is highly synchronous and a node operation trajectory can be predicted, so that the authentication efficiency between the satellites is effectively improved. According to the system and the method, safe and efficient identity authentication and secret key negotiation of a high-orbit satellite and a low-orbit satellite in a networking stage can be realized, and the system and the method can be applied to networking authentication between the high-orbit satellite and the low-orbit satellite.

The invention provides a network authentication attack prediction method and system. The method comprises the following steps: establishing a security encryption channel between a controller and a switch, adding a trusted authority CA to authenticate and sign the controller and the switch, realizing bidirectional authentication between the controller and the switch, and performing key negotiationbetween the controller and the switch to realize targeted improvement of SDN network vulnerability; meanwhile, collecting data fragment copies; extracting available attack vectors; and analyzing whether the data fragments are abnormal or not and whether the plurality of abnormal data fragments are logically associated or not, thereby determining abnormal points, obtaining potential attack trajectories and security vulnerabilities of the network nodes, predicting whether the abnormal network nodes are improved in the future or not, and predicting whether other nodes similar to the network nodesare attacked or not.

The invention discloses a network accessing method of an automatic meter reading system. The networking accessing method comprises the following steps of electrically starting and creating a network on an OFDM (Orthogonal Frequency Division Multiplexing) module at a concentrator side firstly, and then electrically adding the network on the OFDM module at an electric energy meter side. According to the network accessing method disclosed by the invention, the OFDM module adopts a mechanism of adding bidirectional authentication in the network, so the problem that an S-FSK power line carrier automatic meter reading system is unreliable in accessing the network is solved; a list file is maintained by a main module, so the problem that in the prior art, the list file work needs to be maintained in real time by a concentrator is solved; and meanwhile, the automatic separation can be carried out when an error network is added as the communication overtime time length is set, and thus the problem that in the prior art, the automatic separation cannot be carried out when an electric energy meter is added with the error network. Compared with the prior art, according to the network accessing method disclosed by the invention, several defects existing in the prior art are completely and effectively overcome, and the network accessing method of a power line carrier communication module with higher reliability is provided.

The embodiment of the invention provides an authentication method and system, and the method comprises the steps: enabling a device side to transmit a first authentication request to a server, whereinthe first authentication request comprises a first identification of the device side and a first random number, and the first random number is a character string which is generated by the device siderandomly; receiving a second authentication request sent by the server, wherein the second authentication request is a request sent by the server after the server performs the authentication of the device side based on the first identification and the authentication is passed, and comprises the first random number and a second random number, and the second random number is a character string generated by the server randomly; judging whether the first random number in the second authentication request is the same as a first random number stored locally or not: giving a first authentication reply to the server when the first random number in the second authentication request is the same as the first random number stored locally, so as to notify the server that the authentication is passed.According to the embodiment of the invention, the method reduces the requirements for the storage space of the device side to a certain degree, and reduces the production cost of the device side to acertain degree.

The invention provides mobile secure storage equipment with multiple data protection functions. The mobile secure storage equipment comprises a storage module, a wired communication module, a wireless communication module, a key management module, a power management module and a central control system. Encrypted data are stored in the storage module; the wired communication module comprises an USB (universal serial bus) interface, and data can be exchanged between the wired communication module and host equipment; authentication data and business data can be transmitted between the wireless communication module and a home location register; the key management module is responsible for mutual authentication between the storage equipment and an application platform and encryption and decryption of data exchanged between the host equipment and the storage module; the power management module is responsible for charging internal batteries when the mobile secure storage equipment is externally connected and utilized via a USB, the various modules of the mobile secure storage equipment are powered by external power sources at the moment, and necessary working power is provided for the wireless communication module by the internal batteries when the mobile secure storage equipment is not externally connected and utilized via the USB; an operating system runs in the central control system, and the central control system manages the various modules of the mobile secure storage equipment in an integrated manner, schedules the various modules according to set working processes and manages communication of the various modules according to the set working processes. The mobile secure storage equipment has the advantages that various fused protection means are adopted, and accordingly the security of the mobile secure storage equipment can be improved.

The invention provides a method, a system and a device for mutual authentication. The method comprises: a network entity obtains the new triplet vector of mobile equipment (ME); according to the triplet vector, the network entity generates an output parameter and sends the output parameter to the ME, wherein the output parameter is formed by encrypting random number RAND and authentication execution time CNR; the ME decrypts the output parameter and authenticates the network according to a decrypting result; meanwhile, the a subscriber identity module (SIM) card of the ME generates an RES and sends the generated RES to the network entity; and the network entity authenticates the ME according to the received RES. The invention can realize mutual authentication between ME and the network side and can judge that ME authenticates the network not to pass when suffering replay attack.

The invention discloses a system and realization method for trusted authentication of user login in an operating system, pertaining to the computer security field. The technical problem to be solved is that a host of insecurity factors are caused by the method of utilizing simple passwords to verity users' identities by a traditional mainstream operation system. The adopted technical scheme is characterized in that the system comprises a USBkey and trusted hardware. The USBkey is connected with the trusted hardware through a USBkey interface and used for connecting with a server through the USBkey interface so that mutual authentication between the operation system and a user is achieved. The trusted hardware is used for storing information on users' identities and private information on related keys. The invention further comprises the operation system and the realization method for mutual authentication.

The invention relates to a bidirectional authentication method and a system based on a symmetric encipherment algorithm. The method comprises: 1) a READER, a TAG and an electronic tag application system database (DB) corporately finish the collision process; 2) DB constructs and sends a certificate discrimination request grouping to an authentication server (AS); 3) sending a certificate discrimination response grouping to DB; 4) sending challenge information grouping to READER; 5) sending authentication request grouping to TAG; 8) sending the authentication response grouping to the READER; 7)sending certificate request grouping to DB; and 8) sending certificate response grouping to the READER. The invention can realize the bidirectional authentication method and the system based on the symmetric encipherment algorithm, which can perform bidirectional authentication and can reasonably utilize equipment performance without secure link between the database and the electronic tag.

The invention provides an SIP (System In Package)-based security certificate registering method. The method comprises the steps of transmitting a register data package into an SIP server by an SIP client; starting a register authentication module after the SIP server receives the register data package, transmitting an anauthorized data package, taking an authenticated activating grouped data, and requiring the SIP client to provide authentication information, wherein the authenticated activating grouped data comprises a public key certificate including an SIP server and a secrete key negotiating parameter; transmitting the register data package with register information including access authentication request grouped data by the SIP client according to user information, wherein the access authentication request grouped data comprises the public key certificate of the SIP client and the secrete key negotiating parameter of the SIP client; packaging the SIP server and the public key certificate of the SIP client into a certificate authentication request grouped data package by the SIP server and transmitting the SIP server and the public key certificate of the SIP client to a credible authentication server to verify; verifying whether a result is legal by the SIP server; and verifying the authentication result by the SIP client, and successfully approving by the SIP client if the authentication result is passed.

The invention relates to the personal identity identification and IC card consumption field, which comprises the petty consumption of an offline electric wallet and an electric deposit book and the consumption transaction of an online credit card and a debit card. The invention particularly relates to a technology adopting biological identification technology-finger vein as IC card financial transaction user identity identification. The technical scheme of the invention adopts the IC card consumption system integrating the finger vein identification technology to replace the traditional magnetic stripe card system, which comprises an IC card issuing subsystem and a POS consumption subsystem.

The invention relates to an access authentication method of electric automobiles. The method comprises the following steps that: access authentication systems of the electric automobiles are established; access authentication between the electric automobiles and a charging station is carried out; and the charging station carries out batch signature authentication on the electric automobiles. According to the invention, identity aggregate signatures are introduced into identity validity inspection of the electric automobiles, and bidirectional authentication and session key negotiation are designed between the electric automobiles and the access authentication systems, so that the reasonable usage of the information resources in the station is ensured, and the safety of the whole network system is fundamentally ensured. The batch signature authentication mechanism enables the charging station to verify a plurality of electric automobile terminal signatures in the aggregate manner, the calculation load is lightened, and the performance is improved. The typical identity aggregate signature system is composed of five algorithms: system initialization, private key generation, signing, aggregation and aggregate verification, user identity information can be used to replace a public key thereof, the problem of high certificate cost is solved, and by compressing the plurality signatures into one, the high-efficiency verification is carried out.

The invention discloses a D2D communication mutual authentication method based on physical channel information. Initial authentication based on physical channel information can be conducted as long as one communication secret key is stored, and complex upper-level authentication is no longer needed, so the calculating complexity of initial authentication is greatly reduced. The D2D communication initial authentication step is moved to a terminal, and information is estimated by means of channels during authentication, so the complexity of initial authentication is reduced and the authentication time delay is reduced. After initial authentication, both D2D communication parties carry out information packet authentication based on physical channels on information packets received each time to prevent missing information packet authentication during D2D communication. In this way, the privacy of a user is protected, and an attacker is prevented from maliciously tampering with information packets.