Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network authentication and key allocation method across secure domains

A network authentication and key distribution technology, which is applied in the field of network authentication and key distribution across security domains, can solve problems such as high complexity, inconvenient management, and potential safety hazards, and achieve the effect of preventing sneaking into the network

Inactive Publication Date: 2009-09-30
XIDIAN UNIV
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Its limitations are: (1) the complexity is too high, and it is not easy to realize; (2) the way of entering passwords is used to connect online. Although the passwords are hashed to improve security, the threat of password guessing attacks has not been eradicated, especially When the password selected by the user is not strong enough, the password guessing attack is more likely to be successful; (3) The use of time stamp in the SPX model is similar to the Kerberos system, and the system clock must be kept synchronized, so the ability to prevent replay attacks is poor
Because a large number of user names and passwords are not easy for users to remember, users often use simple information as passwords or set the same password, which brings huge hidden dangers to security. For this reason, managers need to create multiple user databases. Naturally cause inconvenience and cumbersome management

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network authentication and key allocation method across secure domains
  • Network authentication and key allocation method across secure domains
  • Network authentication and key allocation method across secure domains

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The present invention will be described in further detail below with reference to the accompanying drawings.

[0046] refer to figure 1 , The cross-security domain network authentication and key distribution system of the present invention includes: a verification server, a client access subsystem, and an application service subsystem. Among them, the client access subsystem is composed of users and proxy servers; the application service subsystem is composed of several application servers. The working process of the system is:

[0047] First, in the client access subsystem, the user accesses the authentication server through a proxy server, and forwards the user's public key certificate and user identity information with digital signature to the authentication server. The proxy server only plays a role in the authentication process. "Transparent transmission" function, the user authentication work is completed by the authentication server.

[0048] Secondly, after r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for network authentication and key distribution across security domains. Single sign-on based on tokens is used to form each security domain with a verification server and several application servers. According to the needs of application servers in the domain, authentication and key distribution are performed. The process is as follows: firstly, the user performs identity authentication in this security domain, and obtains a service token for communicating with an application server in another security domain; Verify the service token in the entered security domain to obtain the service connected to the application server; finally, the user authenticates the application server. The system realizing the method includes a client access subsystem, an application service subsystem and an authentication server, and the authentication server completes two functions of user identity authentication and service authorization. The invention simplifies the network authentication process, has security and high efficiency, and is suitable for authentication and key distribution across security domains in a distributed network environment.

Description

technical field [0001] The invention belongs to the technical field of communication network security, in particular to a token-based single sign-on method applicable to various distributed network environments across security domains, which provides users with access to distributed networks that only need to perform One-time identity authentication can realize the authentication and key distribution services across security domains for accessing multiple systems, ensuring the security and effectiveness of distributed collaborative work. Background technique [0002] With the popularization and application of distributed networks, network access security issues are getting more and more attention. Authentication is a key technology of network access security, and it plays an extremely important role in preventing malicious attacks and protecting the rights and interests of legitimate users. Authentication includes two meanings: one is identity authentication, that is, to co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L9/08
Inventor 李晖申婷
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products