Method, equipment and system for authenticating identities

Abstract

An embodiment of the invention provides a method, equipment and a system for authenticating identities. The method includes enabling a cloud terminal to transmit first secret key K1 to a host; enabling the host to acquire second secret keys K2 corresponding to virtual machines, acquiring first combined secret keys according to the secret keys K2 and the secret keys K1, generating first random numbers N1, encrypting the first random numbers N1 by the aid of the first combined secret keys and then transmitting the encrypted first random numbers N1 to the cloud terminal; enabling the cloud terminal to acquire second combined secret keys according to the secret keys K2 transmitted by the host and the secret keys K1 stored in the cloud terminal, decrypting the first random numbers N1 by the aid of the second combined secret keys, then encrypting the first random numbers N1 again, generating second random numbers N2, encrypting the second random numbers N2 by the aid of the second combined secret keys and transmitting the second random numbers N2 and the first random numbers N1 to the host; enabling the host to decrypt the first random numbers N1 by the aid of the first combined secret keys, and determining whether the cloud terminal is successfully authenticated or not according to the correctness of the first random numbers N1; enabling the host to decrypt the second random numbers N2 by the aid of the first combined secret keys again, decrypting the second random numbers N2 again and then transmitting the second random numbers N2 to the cloud terminal; enabling the cloud terminal to decrypt the second random numbers N2 by the aid of the second combined secret keys and determining whether the virtual machines are successfully authenticated or not according to the correctness of the second random numbers N2.

Description

technical field [0001] The embodiments of the present invention relate to Internet technologies, and in particular to an identity authentication method, device and system. Background technique [0002] In communication networks, identity authentication is the basis of network information security. Especially in the cloud computing environment, shared hardware and software resources and information are provided to users on demand, and users log in to remote virtual machines through cloud terminals. Therefore, a reliable and robust identity authentication system is particularly important for cloud computing environments. [0003] At present, the cloud computing environment usually adopts the smart card (USB Key) authentication technology for identity authentication. The USB Key is a hardware device with a USB interface and a built-in smart chip. The authentication process is as follows: After the user inserts the USB key into the cloud terminal, the cloud terminal recognizes ...

AI Technical Summary

Problems solved by technology

[0004] It can be seen that the above method mainly authenticates the legality and authority of the user's identity. However, due to the virtualization and sharing of the cloud computing environment, the user loses complete control over the VM he uses. For example, the administrator cannot be prevented from Log in and use the VM without authorization

However, the identity authentication method in the prior art lacks the authentication of the user to the VM, so the security is not high enough.

Images