Strong identity authentication system and strong identity authentication method based on PAM architecture

A technology of identity authentication and authentication module, which is applied in the field of linux identity authentication and information transmission security, can solve problems such as easy guessing and low security, and achieve the effects of reducing development workload, high security, and preventing user information leakage

Inactive Publication Date: 2018-11-23
郑州信大壹密科技有限公司
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Aiming at the current situation that most Linux applications use user passwords as the identity authentication method, which is not safe and is easy to be guessed, the present invention proposes a system login identity authentication mechanism based on the PAM framework to realize different methods. To improve the security of identity authentication and information transmission

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Strong identity authentication system and strong identity authentication method based on PAM architecture
  • Strong identity authentication system and strong identity authentication method based on PAM architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0024] Embodiment 1: The strong identity authentication method based on the PAM framework uses the Linux-PAM framework, the USBKey authentication method based on digital certificates, and the remote login uses the SSH (Secure Shell) security protocol. In order to enable the system to use USB Key for identity authentication, it is necessary to write a PAM authentication module to complete identity authentication based on USB Key.

[0025] There is a certain safe data storage space in the USB Key, which is used to store secret data such as digital certificates and user secret keys. The read and write operations of this storage space must be realized through specific programs, and users cannot directly read them. The built-in CPU of the USB Key can realize various algorithm operations of data summary, data encryption and decryption and signature used in the PKI system, and the encryption and decryption operations are carried out in the USB Key.

[0026] The PAM authentication mod...

Embodiment 2

[0040] Embodiment 2: A strong identity authentication system based on the PAM architecture, including a PAM authentication module and a USB Key authentication method. The USB Key authentication is to store the required digital certificate for login and its corresponding private key in the USB Key. You must have a USB Key and PIN code to log in. At the same time, the digital certificate and private key in the USB Key are issued by the CA Certificate Authority (Certificate Authority), which achieves the purpose of unified management. Specifically, it includes an authentication module, an account management module, a session management module, and a password management module. The authentication module is used to authenticate users or set / destroy credentials. The account management module will perform operations related to access, account and credential expiration, password restrictions / rules, etc. The session management module is used to initialize and terminate sessions. The...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a strong identity authentication system and a strong identity authentication method based on PAM architecture. The method comprises: remotely logging in to use the SSH securityprotocol based on the USB Key authentication mode of a digital certificate by using a Linux-PAM frame; requesting to the user to input the user name and PIN code by the PAM authentication module, than reading the PIN code in the USB Key for comparison; after the comparison is successful, reading the digital certificate in the USB Key to obtain a public key of the user; sending a dynamically generated random number to the USB Key and requesting a signature; after the signature is obtained, using the public key of the user obtained from the digital certificate for verification, and representinga successful identity authentication if the signature is consistent with the generated random number. The invention is high in security, reduces software complexity, effectively prevents the user information from being leaked, eliminates the possibility that a password is cracked, and reduces the development workload of applications.

Description

technical field [0001] The invention belongs to the technical field of Linux identity authentication and information transmission security, and in particular relates to a strong identity authentication system and method based on a PAM architecture. Background technique [0002] Linux system is used more and more widely in the scientific computing environment. Especially for the convenience of computing, remote login to the Linux system has become the main means. At present, most Linux applications use user passwords as identity authentication methods, which are not highly secure and are easily guessed. However, due to the openness of the network, using traditional user names and passwords and telnet and ftp protocols to remotely log in to Linux is easy to steal information, and the real identity of the visitor cannot be confirmed when accessing resources, and effective responsibility determination cannot be achieved. Therefore, the security of linux identity authentication...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3226H04L9/3234H04L9/3247H04L9/3263H04L9/3271H04L63/0823H04L69/162
Inventor 常永辉郭瑞东陈光孙先友
Owner 郑州信大壹密科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap