195 results about "Authentication header" patented technology

A method of authentication and authorization over a communications system is provided. Disclosed herein are systems and methods for creating a cryptographic evidence, called authentication/authorization evidence, AE, when a successful authentication/authorization between a client and an authentication server is complete. There are a variety of methods for generating AE. For instance, the AE can be data that is exchanged during the authentication signaling or data that results from it. A distinctive point being that AE results from the authentication process and is used as prior state for the following TLS exchange. An example for creation of AE, is as follows: EAP authentications typically result in an Extended Master Session Key (EMSK). The EMSK can be used to create an Evidence Master Key (EMK) that can then be used to create AE for a variety of servers.

The present invention relates to security techniques, and discloses a login token generation and authentication method, an electronic device thereof and a storage medium. That method comprises the steps of receiving account information and related information sent by a client, verifying the account information, and when the verification is passed, determining the access time of the client according to the mapping relationship between the related information and the preset related information and the access time. Then, according to the related information and the access time, the related information and the access time are encrypted by using a public key and a preset asymmetric encryption algorithm to generate a login token, and the login token is transmitted to the client. Finally, an access request of a client carrying a login token is received, whether the login token carried by the client is the generated login token is verified by using a preset authentication rule according to a private key corresponding to the public key, and permits the client to access if the authentication is passed. By using the method, the device thereof and the storage medium, the safety of informationexchange in the interaction process between the client and the server can be improved, and the hidden danger of safety can be reduced.

The invention discloses an authentication method of mobile terminal uniqueness based on a software digital certificate, and belongs to the technical field of computers and information safety. The method specifically comprises the following steps: (1), a safe client side is installed on a mobile terminal, a certificate request relevant to equipment information is generated so as to be registered by a server side; a digital certificate is issued to the mobile terminal by the server side, and relevance between the digital certificate and the equipment is achieved. (2), when the method is used, random information is sent to the mobile terminal by the server side, the information is received by the safe client side, the random information is signed by using a private key of the digital certificate of the equipment, and the signing data are sent to the server side. The signature is verified by a public key of the digital certificate by an application server, and a communication opposite terminal identity is confirmed. The method is capable of verifying the mobile terminal commendably and enhancing intensity of authentication on the basis that hardware authentication equipment is not added.

A zero-configuration secure mobility networking technique for WLANs is provided, utilizing split link-layer and a Web-based authentication. The link-layer authentication process facilitates network-to-user authentication and generation of session-specific encryption keys for air traffic using digital certificates to prevent man-in-the-middle attacks without requiring users to have pre-configured accounts. Although any WLAN host can pass the link-layer authentication and obtain link connectivity, the WLAN only allows the host to obtain IP networking configuration parameters and to communicate with a Web-based authentication server prior to initiating the Web-based authentication process that is responsible for user-to-network authentication. The Web-based authentication server employs a Web page for initial authentication and a Java applet for consequent authentications. In the Web page, registered users can manually, or configure their Web browsers to automatically, submit their authentication credentials; new users can open accounts, make one-time payments, or refer the Web-based authentication server to other authentication servers where they have accounts. Once a user is authenticated to the WLAN, the user's mobile host obtains full IP connectivity and receives secure mobility support from the WLAN. The mobile host always owns a fixed IP address as it moves from one access point to another in the WLAN. All wireless traffic between the mobile host and the WLAN is encrypted. Whenever the mobile host moves to a new access point, a Java applet (or an equivalent client-side program delivered over Web) enables automatic authentication of the mobile host to the WLAN. In addition, the ZCMN method supports dynamic load balancing between home agents. Thus, a mobile host can change home agents during active sessions.

The invention discloses a fusion and authentication method and system of identity and authority in an industrial control system. The method comprises the following steps of: storing role information of a user into an identity certificate through fusing an attribute certificate and the identity certificate; setting an authority database; saving authority information corresponding to different roles of the user; first, authenticating the identity of the user while the user logs into the system; extracting the authority information of the user according to the user name information and a role information association authority database in the identity certificate after passing the authentication; and providing resources corresponding to the authority to the user by the system. Therefore, the industrial control system can finish the user identity authentication and complicated authority authentication in the industrial field only by supporting one reliable third party and using one certificate under the situation of support system security grade. The two certificates are combined into one so that the management is more convenient. The specific authorities of the user in different roles are saved in the authority database; and larger information storage space and more complete preservation of the information are obtained.

A digital rights management system (DRM) for restricting and permitting content access in a digital content distribution network such as a network used to deliver television programming. The DRM uses distributed authentication and provisioning so that the potentially many different entities involved in the content distribution network can have localized management and control. Distributed authentication can use single or multiple instances of authentication services. A ticket granting service (TGS) is used to allow clients to request services. In one approach, multiple authentication services use a common key that is known to the TGS. In another approach, unique keys are provided to each authentication service and these keys are communicated to the TGS. Distributed provisioning allows different entities to grant access rights or other resources. Provisioning service (PS) processes can execute at multiple different physical locations. Synchronization among the different PSs is provided by a managing entity or in a peer-to-peer transfer to help ensure the uniqueness of user IDs. New clients can make an initialization request from a key management system via an appropriate protocol. The requests can be made from a single, dedicated authentication service, from an authentication service associated with a specific provisioning service, or from multiple authentication services in the network.

The present invention incorporates methodologies developed in the Internet Engineering Task Force (IETF) Internet Protocol Security (IPSEC) Working Group into asynchronous transfer mode (ATM) and frame relay (FR) signaling to provide message integrity and origin authentication. In one implementation the invention provides a virtual private network (VPN) infrastructure with call control message integrity, origin verification, and transit network filtering. The invention utilizes a set of control plane messages based on the IPSEC authentication header (AH) methodology to provide these security mechanisms for ATM and FR network switching equipment and signaling protocols. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

The embodiment of the invention provides an authentication method, a device and a system based on a two-dimensional code. The method comprises the steps that first two-dimensional code information sent by wireless access equipment is received by a Portal authentication server, wherein the first two-dimensional code information is information acquired by user equipment by scanning the two-dimensional code, and comprises a first authorization guarantee user marker and a first two-dimensional code marker; request information for acquiring an account number allowing the user equipment to perform network access authentication is sent to a two-dimensional code authorization component, wherein the request information comprises the first authorization guarantee user marker and the first two-dimensional code marker; the two-dimensional code authorization component obtains a relation between the user equipment and a first authorization guarantee user; response information is sent to the Portal authentication server according to the first authorization guarantee user marker and the first two-dimensional code marker; and the Portal authentication server performs network access authentication management on the user equipment according to the response information sent by the two-dimensional code authorization component. The method, the device and the system improve the efficiency of use authority authentication of a wireless network.

The invention relates to the technical field of permission use of mobile communication equipment, in particular to a temporary authentication method of mobile communication equipment. The method comprises the following steps that the authenticating party generates temporary authentication information and performs information confirmation between the authenticating party and the authenticated party by adopting an encryption communication way; the authenticating party automatically transmits authentication information to the manager after the authenticating party and the authenticated party confirm the information; and the manager records and confers the temporary permission of the authenticated party. Due to the adoption of the authentication method, the authentication safety can be ensured, the manager is not required to perform each operation, convenience is brought to the operation, the temporary authentication time is shortened effectively, and the authentication contents can be adjusted flexibly. According to the method, a functional module framework is established, and a computer system is controlled to complete operation via computer program instructions. Moreover, the invention further provides specific methods based on the authenticating party, the authenticated party and the manager respectively for the method.

The invention discloses an authentication method, an authentication device, an authentication system and treatment equipment. The authentication method comprises the steps of reading server information which is preset by a local machine, automatically establishing communication connection according to the server information in a wireless communication manner; and initiating self authentication by the treatment equipment, wherein self authentication comprises reading a global unique identification code and a product serial number which are pre-stored by the local machine; encrypting the global unique identification code and the product serial number which are stored in the treatment equipment, and transmitting the encrypted global unique identification code and the product serial number to a server for requesting self authentication; confirming a self authentication result according to information which returns from the server; if self authentication passes, starting data transmission with the server; and if self authentication fails, disconnecting communication connection with the server. The authentication method, the authentication device, the authentication system and the treatment equipment reduce operation difficulty and complexity in identity authentication.

The invention discloses an access control method and apparatus, a terminal and an Internet of Things home system. The access control apparatus is in communication connection with a home device, and the access of the terminal to the home device needs to be authenticated by the access control apparatus based on an authentication key and an authentication code; the authentication key is associated with apparatus identification information and terminal identification information on the terminal side and the access control apparatus side respectively, therefore, the uniqueness of the keys of the both authentication parties is ensured, and then it can be ensured that the authenticated terminal is a legitimate terminal. In addition, since the final authentication result is performed according toa comparison result between the authentication code and the authentication plaintext, the terminal is required to have the correct authentication key and a preset rule at the same time, and the doubleverification mode ensures the security of the authentication. An authentication random number is randomly generated in each authentication process, so that the replay attack on the Internet of Thingshome system can be prevented, the authentication effectiveness is further improved, and the security of the Internet of Things home system is ensured.

The invention provides a mass data storage system and a processing method. The system comprises a storage server, an authentication server and a client, wherein the storage server is used for storing content data and safety data files; the authentication server serves as the root trusted by the whole system and is used for authenticating the identities of users, processing a file access request of the users and distributing relevant keys to legal users, and only an authentication server encryption key and an authentication server signing key are stored in the authentication server; the client is used for processing the request of the users, executing file operation and meanwhile completing file data encryption and decryption and integrity check, and the client is in communication with the authentication server so as to acquire the keys. The mass data storage system guarantees data privacy, integrity and access control safety in a common network and a cloud storage environment, reduces safety dependency on the storage server, and is simple in logic structure and high in expandability.

The invention relates to a method and a system of network real name authentication. The method comprises the following steps that: a user is connected to a wireless network; a network access permission before authentication is distributed for the user; the user visits a Portal server; the Portal server transmits the authentication information to a third-party authentication system to authenticate; the third-party authentication system returns an authentication result; the Portal server determines user grouping information according to the authentication result; and an RADIUS (Remote Authentication Dial In User Service) authentication server is transferred to open an account to the user. Through the method and the system which are provided by the invention, the unified real name authentication can be implemented to be greatly beneficial for improving accuracy and safety of real name authentication; meanwhile, the existing resources are fully utilized to avoid wasting of resources.

An authentication method is provided which is capable of performing message authentication within an allowable time regardless of the magnitude of the number of messages and performing message authentication high in accuracy within a range for which the allowable time allows. Upon transmission by wireless communications with another mobile or a fixed station, a message authentication code of communication data and a digital signature are generated (S200 and S300). The generated message authentication cod and digital signature are transmitted with being added to the communication data. Upon reception, whether authentication should be done using either one of the message authentication code and the digital signature included in received information is determined according to its own state for the authentication (S400 and S500). This state includes, for example, a load state of a central processing unit or the like that performs an authentication process.

The invention provides an electronic medical record safety system, comprising an identity authentication module, an authority control module, an operational log module and a key data encryption, transmission and storage module. The identity authentication module comprises a CA authentication centre and a user name and password authentication centre; the CA authentication centre and the user name and password authentication centre are combined to identify identities of users logged in the electronic medical record safety system. The authority control module is used for controlling authorities of users subjected to the authentication of the identity authentication module and based on the relation among users, roles and authorities. The operational log module is used for tracing and recording login and amendment records of users subjected to the authentication of the identity authentication module. The key data encryption, transmission and storage module is used for encrypting, transmitting and storing key data in the electronic medical record system.

An apparatus, method and system for context-aware security control in a cloud environment are provided. The apparatus includes an authentication header inspection unit and a packet data processing unit. The authentication header inspection unit generates an authentication header based on the received context information and key of a user, compares the generated authentication header with the authentication header of packet data received from a remote user terminal, and outputs the results of the comparison. The packet data processing unit performs one of the transmission, modulation and discarding of packet data from the cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit.

The invention provides an NFC (near field communication)-based point-to-point trusted authentication method. The method includes that a client NFC device generates an own key pair and sends an own public key, device information and personal identity information to a CA (certificate authority); after verifies the identity, the CA issues a certificate to the device, to be specific, the certificate is used for achieving identity authentication with an NFC server and accompanied with digital signing message of a publisher in a CA center; an access is provided for the digital certificate into the client NFC device, thus the device can perform the relative access through the certificate of its own; in case that the access to the NFC server for the identity authentication is required, the client NFC device transmits the own certificate to the NFC server through an established secret passage. According to the arrangement, the safe, reliable, flexible, convenient, resource-saving and multi-functional authentication is achieved during the NPC point-to-point transmission.

The invention discloses a user anonymous identity authentication protocol based on a k-pseudonym set in a wireless network. In the protocol, a user sends the information includes the k-pseudonym set of the true identity label of the user and the information encrypted through the true user shared key to an authentication server, the authentication server completes user authentication within the range of the traversal and the calculation of k pieces of user information; the average number of users needing traversal is half the sum of k and 1, and two types of methods for constructing the k-pseudonym set are provided at the same time. According to the protocol, anonymous authentication is achieved on the basis of a shared key by introducing the k-pseudonym set, and the resource loss, generated during anonymous authentication, of the user and the authentication server is lowered.

The invention discloses a digital certificate-based unified authentication login method for integrating multiple application systems. A legal digital certificate signed and issued for a user, an authentication method of the digital certificate replaces an original authentication method of a user name and a password; a unified authentication platform is established, and unified certification service is provided for all the information application systems; the information application systems have access to the platform, login authentication and authorization are performed, and unified authentication login is completed. When the method is used, safety of the information application systems is improved, losses caused by early leak of the user name and the password are reduced, and signature of the digital certificate guarantees traceability of operation in the information application systems; due to the fact that the unified authentication platform is established, user information resources can be shared in a concentrated mode and are convenient to manage and maintain; on the basis of the OAuth2.0 protocol, an open interface is provided, and therefore new application information systems can have access to the platform more easily; the unified authentication login and single-point login function is provided, operation of the user is facilitated, and working efficiency is improved.

The invention provides a real-time video monitoring encryption and authentication method. The real-time video monitoring encryption and authentication method comprises the following steps: coding an original video to form video frame data; performing hash value computation on the video frame data to obtain a video hash value; encrypting the video frame data to form an encrypted file including key stream; storing and transmitting the encrypted file and the video hash value. The real-time video monitoring encryption and authentication method can be used for completing high-speed encryption protection on the original video data, completing integrity authentication to prevent distorting and forging video by hash value comparing, and realizing remotely checking wireless transmission of a data spanning platform.