85results about How to "Solve authentication problems" patented technology

The invention relates to the communication field and discloses an authentication method, a network and a system of mobile ad hoc network, which ensures the realization of layer distribution type authentication scheme of cluster mobile ad hoc network; and the requirement on computer processed resources is rational, which can be realized in practical application environment. The invention adopts a group network structure of cluster mobile ad hoc network and advocates layer distribution identity authentication scheme; and the inter-cluster communication used an improved new threshold group signature protocol which improves the original threshold group signature method based on GQ and decreases power index calculation times, improves calculation parallelism and reduces the requirement on processed resources; at the time of initialization, a certificate and a sub key are issued by the system uniformly; cluster heads which have enough numbers of sub keys can jointly recover system keys, thereby carrying out the group signature to issue certificates to new added nodes and using multi-leap serial communication for realizing united group signature.

The invention discloses a virtual environment trust building method, which belongs to the trusted computing field in information security. The invention uses a single TPM to realize the trust of one or a plurality of virtual domains and comprises the following steps: firstly, measuring hardware, a virtual layer, a management virtual domain and one or a plurality of application virtual domains in turn by the TPM, realizing the trust of the application virtual domains, secondly, receiving and processing TPM command requests from each virtual domain, and establishing and maintaining TPM context for each virtual domain. The invention has the advantages that firstly, the platform safety and credibility are intensified through a complete trusted isolating mechanism, the trusted application service is better supported, and secondly, the safe sharing of each virtual domain to a trusted hardware root TPM is realized.

The invention belongs to the technical field of safety communication between motorcades in Internet of Vehicles, and discloses a motorcade establishment and management method and system based on a block chain and a PKI authentication mechanism. The method is mainly divided into two parts of motorcade establishment and group key agreement and update; the motorcade establishment part comprises the following main processes of member registration, member identity authentication and group head aggregate signature; and the group key agreement and update part comprises the following main processes ofgroup key agreement and group key update for dynamic joining and exiting of a vehicle. According to the method and the system, the block chain is combined with the PKI authentication mechanism, a problem of identity authentication of the vehicle, a server and an RSU in the Internet of Vehicles is solved; the motorcade establishment is completed based on an elliptic curve, a bilinear pairing technology and an aggregate signature; and the group key agreement and update can be realized based on a DDH difficulty problem, the forward and backward safety is achieved, and the safety of member communication in the motorcade is ensured.

The present invention provides an identification key and random key complicated two-factor combined public key system and an authentication method. The identification keys are generated by selecting and combining seed key sets by the user identification generated sequence; the random keys are generated on the basis of one-way function principle which is also the basis of general public key ciphers. Multiple complication modes of the random key and the identification key can not only satisfy the requirement of centralized management, but also provide the proprietary right of private keys for users. An authentication system based on the key generating method has the characteristics of the identification authentication which does not need a third part certificate to prove and high randomization and privacy of general public key cipher and random private key. The present invention can be widely applied to authentication of systems with various scales, especially the authentication of public systems with enormous scale, and the applicable fields comprises reliable access, reliable load, electronic bank, reliable transaction, reliable logistics and the like.

The invention discloses a data transaction processing method and a device thereof, including that after a service end receives a transaction request submitted by a client end through the internet, the service end sends data including identification data and transaction feed-back data, which need to be identified and fed back to a movable terminal by the client end; after the movable terminal receives data needing to be identified and fed back, the identification data are verified according to identity key in the movable terminal user identity recognition module card, which is offered in advance, after the verification is passed, the feed-back data is acquired after processing according to transaction feed-back data content; after a user identity recognition module card operating system makes a signature on the feed-back data, the feed-back data is fed back to the service end by the client end; the signature of the feed-back data is verified according to a signature key in the service end, which is offered by the movable terminal user in advance, after the verification is passed, the feed-back data is processed based on the feed-back data content. By utilizing the invention, the identity certification and the transaction certification problems in the network transaction are resolved, and the safety of the client end in the network environment is ensured.

The invention relates to the field of radio frequency secure communication and provides a radio frequency device, a radio frequency card reader corresponding to the radio frequency device, and a communication system and a radio frequency secure communication method which use the radio frequency device and the radio frequency card reader. The radio frequency device comprises a radio frequency receiving and transmitting module, a radio frequency antenna and a magnetic induction and receiving module; and the radio frequency card reader comprises a radio frequency receiving and transmitting module, a radio frequency antenna and a magnetic transmitting module. Two communication channels, namely a first low-speed unidirectional communication channel with a stable and controllable distance and asecond high-speed communication channel, with different characteristics are available between the radio frequency device and the radio frequency card reader, wherein the first communication channel is formed by communicating with a magnetic field and is used for transmitting a small data volume of information for identity authentication so as to prevent malicious interference and attack; the second communication channel is formed by using the radio frequency receiving and transmitting module and is used for finishing the identity authentication and a main transaction process; and through the system and the communication method, near field secure communication with a controllable distance can be realized better.

The invention discloses a data storage and sharing system, comprising a first terminal, a cloud server and a second terminal, wherein the first terminal is used for encrypting main keys and file names to generate a symmetrical sub-key set, then encrypting files to be encrypted by using symmetrical sub-keys to generate an encrypted file set, and uploading the encrypted file set; the second terminal is used for downloading a target encrypted file from the cloud server, and sending a requested mail to a target mail address; the first terminal is further used for, when a user agrees with sharing files, sending the encrypted target symmetrical sub-keys to the second terminal via a mail, and when the user does not agree with sharing, replying a rejection instruction via a mail; and the second terminal is further used for, after receiving the encrypted target symmetrical sub-keys, decrypting the encrypted target symmetrical sub-keys to obtain the target symmetrical sub-keys, and decrypting the target encrypted file by using the target symmetrical sub-keys to obtain a decrypted file, thus completing file sharing. The system can improve the data storage and sharing security.

The invention discloses a scheme for implementing two-way identity authentication between a user and cloud by applying a portable TPM (PTPM) and certificateless public key cryptography to a cloud environment, aiming at solving the security problems and deficiencies existing in identity authentication between the user and the cloud in a current cloud environment in a cloud computing mode. Comparedwith existing schemes, a new scheme has the following advantages: on the basis of realizing the uniqueness of user and cloud identities through the establishment of an identity management mechanism, firstly, the PTPM is adopted to ensure the security and credibility of a terminal platform and ensure the authenticity and correctness of authentication results between the cloud and the user, and moreover, the user is supported to use any terminal equipment to complete an identity authentication process with the cloud; secondly, the new scheme implements a 'password + key' two-factor authentication process based on a certificateless public key signature algorithm; and finally, the proposed scheme can significantly improve the computing efficiency of identity authentication between the user andthe cloud while ensuring the security of EUF-CMA.

The invention provides a comprehensive voice resource platform proxy server and its data processing method, wherein the method includes: the proxy server establishing a first channel to the client; when the client requests voice service, the proxy server interacting with an authentication server to realize authentication to the client; the proxy server establishing a second channel with a first voice service server, based on the preserved load condition of at least two voice service servers; after the first and second channels are established, the proxy server transmitting the interactive information of the client and the first voice service server during processing of the voice service by the first and second channels. The invention combines the widely used network proxy server technology and the TTS/ASR technology, balances loads based on the routing of request types, and realizes quick access of TTS/ASR voice resource platform on the basis of load balancing, to realizes the performance of the comprehensive voice platform.

The invention provides a network access method, a network access system and an authentication server. The network access method comprises the following steps that: when an access user passes the identity authentication, the authentication server transmits a request short message for confirming whether an access channel is opened to a communication terminal of the access user through short-message conversion equipment; when a confirmation message returned by the communication terminal of the access user through the short-message conversion equipment is received, the indication information of opening the access channel is transmitted to the access equipment so that the access user accesses the network. By adoption of the technical scheme, the problem that the illegal user uses stolen user names and passwords for identity authentication can be solved, the probability of network attack by the illegal user is reduced and the safety of the network is improved; in addition, compared with the prior art, the technical scheme has the advantages of simplicity in access process and lower access cost.

The invention belongs to the safety technical field of computer networks and discloses an achieving method of the safe communication of a wireless network. The achievement on the method bases on the identification of identity and the processed innovation of IKEV2 protocol. The invention adds an encrypted gateway between a wireless bridge and a wire local area network. The communicating physical body in the method has two encrypted keys (a common key and a private key). Each physical body has an incommon private key. The senders of the message adopt the private key to sign and the receivers carry out inspection with the identity of the senders (namely the common key). The communicating physical body does not need the signature of the identifying center (CA) to the certificates, and thus saves the computing capacity of the communicating physical bodies. The method included in the invention ensures the transmitting safety of the information for the wireless network communication solves the problems such as data encryption, identity identification, maintenance on the integrity of the data and management on the encryption, with the safe transmission of the business data.

The invention discloses a method and a system for authenticating the identity of a power grid website based on trusted crypto modules. The method comprises the following steps: producing an identity certificate request and sending the identity certificate request to a digital authentication center unit by a website service-side through a PIK function which is provided by a first trusted crypto module; issuing a digital certificate to the website service-side by the digital authentication center unit; sending the self identity certificate to a client-side by the website service-side, and identifying the identity certificate of the website service-side by the client-side; identifying the identity certificate of the website service-side by a second trusted crypto module after the identity certificate which is sent by the website service-side is received by the client-side. The system comprises the digital authentication center unit, the website service-side, the first trusted crypto module, the client-side and the second trusted crypto module. The identity authentication of the website and the protection over user sensitive information are realized through the provision of a reliable user certificate issuing and identity authenticating method under the condition of realizing the bidirectional identity authentication of the power grid website and the client-side user.

The invention discloses a single-card multi-mode multi-operator authentication method and a single-card multi-mode multi-operator authentication device. The method comprises the followings steps of: receiving an authentication request from a user through an MAML in an AP (Access Point), and authenticating a mixing network found by UE (User Equipment); under the condition of confirming the authentication of each network in the mixing network to pass, receiving terminal position information transmitted by the UE, and judging whether the terminal position information is the same as operator area information pre-registrated by the UE or not; and when the terminal position information is the same as operator area information pre-registrated by the UE, acquiring signal strength of each network through the MAML, and judging whether the signal strength of each network is contained in a signal strength range covered by a base station under the network or not, if yes, confirming that all networks in the mixing network are authenticated successfully, otherwise, confirming to be fail. Through the method and the device, the safety in using an SIM (Subscriber Identity Module) card by a valid user and secure network service are ensured, and the effect of favorable network operation of operators is ensured.

The method comprises: user end requests to access the general packet radio service (GPRS) network; the GPRS node determines what authentication treatment will be made for the user end, and sends request message containing the ID of user's access network and the ID of user to authentication, authorization and accounting (AAA) server; said AAA server looks up the account information about relevant UE according to user's ID, and based on the ID of user's access network makes authentication process for the UE, and returns the authentication result to said GPRS node; according to the authentication result, said GPRS node determines whether or not providing the data service for the UE.

The invention provides a method for enhancing MQTT protocol identity authentication by using a symmetric cryptographic technology, which comprises the following steps of: performing first identity authentication from an Internet of Things terminal to an Internet of Things platform: charging a quantum key into a quantum safety chip by a quantum key charging machine, and recording and storing a corresponding relationship between the charging safety chip and the key, the Internet of Things terminal calls a quantum key in a chip to construct an identity authentication request message to the Internet of Things platform, the Internet of Things platform obtains symmetry, carries out decryption and identity comparison, generates a login token after successful authentication, and returns a verification message to the terminal; second identity authentication: the Internet of Things platform applies for a key according to the terminal ID and constructs an identity authentication request message to the terminal; and the terminal decrypts and verifies the platform ID and the login token. The invention further provides a system and equipment corresponding to the method. The invention has the advantages that identity authentication is performed by using a key set symmetric algorithm in the quantum safety chip, one key is pad at a time, a third party does not need to issue and authenticate a digital certificate. Therefore, the safety is improved.

The invention relates to a V2X Internet-of-vehicles safety communication system and method based on 5G. The V2X Internet-of-vehicles safety communication system comprises a cloud terminal, a vehicle terminal, a road side terminal and at least two pedestrian terminals, wherein the sum of the number of the road side terminals and the number of the pedestrian terminals is at least two; the cloud terminal comprises a certificate server, a cloud security module and an Internet-of-vehicle server; the vehicle end comprises a vehicle end short-distance direct communication module, a vehicle end 5G communication module, a vehicle terminal safety module and a vehicle terminal control module; the roadside end comprises a roadside end short-distance direct communication module, a roadside end 5G communication module, a roadside terminal safety module and a roadside terminal control module; the pedestrian terminal comprises a pedestrian end short-distance direct communication module, a pedestrian end 5G communication module, a pedestrian end safety module and a pedestrian end control module; V2X Internet-of-vehicles identity authentication and group security encryption communication are realized according to the characteristics of 5G and V2X Internet-of-vehicles, so that the V2X Internet-of-vehicles identity authentication and group security encryption communication are safe, reliable, simple and efficient.

The invention belongs to the technical field of Internet of Things security, and discloses a massive Internet of Things equipment authentication method, a storage medium and an information data processing terminal. The massive Internet of Things equipment authentication method comprises the steps: IOT equipment interacts with a smart city operation center IOC, and equipment initialization is completed through a secure channel; the equipment initialization stage is completed, and an aggregator AG is selected through the IOC to perform aggregator authentication; after the aggregator authentication is completed, the IOT equipment completes group authentication under the assistance of the AG; and after the group authentication is completed, the intra-group equipment completes session key negotiation under the assistance of the AG. According to the method, the equipment with the high trust value is selected as an aggregator to assist the IOC to carry out group certification on other equipment, so that remote certification of massive IOT equipment is more reliable and efficient. Meanwhile, a reputation mechanism is used for supervising the trust value of the equipment, and the situation that the whole system network is affected due to the fact that the successfully authenticated equipment is dealt with by an attacker is prevented.

The invention discloses a unified identity authentication method for a power dispatching control system, which comprises the following steps of: sending a user identity identifier sent by a remote user in a wide area network to an identity authentication center, and receiving a verification result returned by the identity authentication center; adopting an identity authentication mode combining ascheduling digital certificate and face recognition on the non-mobile man-machine cloud terminal; adopting an identity authentication mode combining a username password and face recognition on the mobile man-machine cloud terminal; An authentication center certificate management module of each identity authentication center generates a secret key pair by adopting a domestic cryptographic algorithm, writes the secret key pair into a p12 file to generate a soft certificate, writes a public key into a pem file to generate a public key certificate, and distributes the public key certificate to other identity authentication centers deployed in a new generation of scheduling control system. According to different types of the man-machine cloud terminal, the identity authentication method combining multiple identification technologies is adopted, and strong identity authentication of personnel local login can be achieved.

The invention discloses an operator identification system capable of automatically updating a model and a method. The system comprises a speech input unit for acquiring speech data of a speaker, a speaker recognition module configured to perform speaker identification by using a pre-established speech recognition model, and a recognition result processing unit used to determine whether the identification of the speaker is passed or not according to the recognition result of the speaker recognition module. The invention can realize an operator identification technology which is safe, reliable,simple and easy to use, can meet the actual application scene requirements and ensures the long-term identification accuracy.

The invention belongs to the technical field of server safety, and specifically relates to a cloud service auditing system and method based on a digital signature and a time stamp. The auditing system comprises a cloud service auditing center, a cloud service auditing terminal, a third party digital certificate authentication center and a credible time stamp system. Based on the system, auditing management can be carried out on a cloud virtual machine to be audited and a cloud application installed in the virtual machine by the auditing method. Compared with the prior art, the auditing validity authentication problem of each virtual machine and the application system in the cloud calculation environment can be solved, the reality and integrality of the auditing information and process is ensured, forged or falsified auditing data is prevented, and the responsibility of each party of the auditing process and result is clearly identified.

The invention provides a method for enhancing MQTT protocol transmission security by using a symmetric cryptographic technology, and the method comprises the steps: carrying out the encryption and decryption of data: carrying out the encryption and decryption from an Internet of Things terminal to an Internet of Things platform, and carrying out the encryption and decryption from the Internet of Things platform to the Internet of Things terminal; in encryption and decryption, employing a quantum key filling machine for filling a symmetric key of a quantum security chip arranged in or outside the Internet of Things terminal and a key stored in a quantum exchange cipher machine, and enabling the quantum exchange cipher machine to record and store a corresponding relation between the filled quantum security chip and the key. The method has the advantages that the quantum key is used for protecting uplink and downlink information of the MQTT, and the problems that the key is reused in the transmission process of uplink and downlink information of the Internet of Things terminal, and the security is reduced along with use are solved by using a quantum security chip and a symmetric cryptographic technology.

The invention discloses a separate management method of authentication charging, comprising the following steps of: sending an authentication request message to an authentication authorization server by an access service gateway to inform the authentication authorization server to process authentication authorization on a user terminal when the user terminal is confirmed to be accessed into a Wimax system; allowing the user terminal to use corresponding data service and informing a charging server to record relevant charging information on the data service after the authentication of the user terminal is confirmed to be passed by the access service gateway according to a response message returned from the authentication authorization server; and sending a user off-line message to the charging server to inform the charging server to stop recording the relevant charging information when the user terminal is confirmed to be off-line by the access service gateway.

The embodiment of the invention discloses an authentication method, electronic equipment and an authentication server, and the authentication method comprises the steps: transmitting an authenticationrequest to the authentication server under the condition that a first message transmitted by an application server is received, so as to enable the authentication server to generate an authenticationparameter according to preset first user biological information; receiving a target parameter in the authentication parameters sent by the authentication server; calculating the target parameter andsecond user biological information acquired in a predetermined time period to obtain RES, and calculating the RES to obtain a first response message; sending the first response message to the authentication server, so that the authentication server verifies the first response message; and if the authentication server verifies the first response message successfully, receiving a second message sentby the authentication server, the second message being used for prompting that the electronic equipment is authenticated successfully. By utilizing the embodiment of the invention, the identity of the user of the electronic equipment can be authenticated, and the safety is ensured.