Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket

A session key and domain identity technology, applied in user identity/authority verification, electrical components, transmission systems, etc., can solve the problems of Kerberos domain user difficulty, large communication volume, low efficiency, etc., to reduce computational complexity, guarantee safety effect

Active Publication Date: 2014-05-07
四川华创智能科技有限公司
View PDF2 Cites 51 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in this scheme, on the one hand, identity authentication and key negotiation need to be implemented step by step, identity authentication is implemented in steps 1-7, session key negotiation is implemented in steps 8-12, and the communication volume is relatively large; on the other hand, the Each communication entity in the protocol needs to perform multiple public key encryption and decryption operations, and the visitor, the interviewee, the authentication server of the visited domain, and the authentication server of the visited domain need to perform 6, 5, 5, and 8 public key encryption and decryption operations respectively , the amount of calculation and communication is large, the efficiency is low, and it is difficult to implement for Kerberos domain users using symmetric encryption algorithms

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
  • Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
  • Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0123] A cross-heterogeneous domain identity authentication and session key negotiation method based on access authorization tickets, the steps of which include: first, the certification center CA in the PKI (public key infrastructure) domain and the Kerberos (private key authentication system) domain The authentication server AS performs interactive authentication through public key certificates; then, users in the Kerberos domain and resources in the PKI domain perform interactive authentication and session key negotiation through access authorization tickets.

[0124] In this example, users in the Kerberos domain and resources in the PKI domain perform mutual authentication and session key negotiation through access authorization tickets as follows:

[0125] A1. Access Authorization Ticket Request

[0126] The user in the Kerberos domain submits an authentication request for cross-domain resource access to the authentication server AS, and the authentication server AS authe...

Embodiment 2

[0171] A cross-heterogeneous domain identity authentication and session key negotiation method based on access authorization tickets, the steps of which include: first, the certification center CA in the PKI (public key infrastructure) domain and the Kerberos (private key authentication system) domain The authentication server AS performs interactive authentication through the public key certificate; then, users in the PKI domain and resources in the Kerberos domain perform interactive authentication and session key negotiation through access authorization tickets; it is characterized in that:

[0172] In this example, users in the PKI domain and resources in the Kerberos domain perform interactive authentication through access authorization tickets:

[0173] B1. Note granting note request

[0174] Users in the PKI domain submit a request for cross-domain access to resources to the certification center CA. After authenticating the identity of the user in the PKI domain, the ce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for cross-isomerism domain identity authentication and session key negotiation based on an access authorization ticket. The method mainly comprises the steps that firstly, a first-level trust relationship is established between a CA of a PKI domain and an AS of a Kerberos domain through a distributed trust model based on a public key authentication mechanism; on the basis, the authorization ticket allowing an outer-domain user to have access to resources of the domain is generated and distributed by the CA or the AS united with a TGS, and through design of a two-way cross-domain authentication and key negotiation protocol based on a symmetric key cryptosystem, a second-level trust relationship allowing the outer-domain user to have access to the resources of the domain is established. On the premise that the requirements for safety of the levels are satisfied, the calculated amount and the communication traffic of a terminal are effectively reduced, public key encryption and decryption operations of a Kerberos domain terminal can be completely avoided, and the implementation is good in the cross-isomerism domain identity authentication process of a dynamic distributed type system, session key negotiation is completed when identity authentication is conducted, and the protocol efficiency is high.

Description

technical field [0001] The invention relates to a cross-heterogeneous domain authentication and key agreement protocol in the field of information security technology, which can be used for cloud computing and cloud storage networks, agile manufacturing, virtual organizations and other distributed systems when users access resources across heterogeneous domains Authentication and session key negotiation. Background technique [0002] In distributed systems such as cloud computing and cloud storage networks, agile manufacturing, and virtual organizations, resources and users are often in different trust domains, and different trust domains may adopt different authentication mechanisms, such as PKI (public authentication) based on asymmetric cryptography. Key infrastructure) authentication mechanism, Kerberos (private key authentication system) authentication mechanism based on symmetric cryptography, and authentication mechanism based on identity or certificateless public key...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
Inventor 张文芳饶宇王小敏
Owner 四川华创智能科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap