CN102761520A - Method and system for processing authentication information - Google Patents
Method and system for processing authentication information Download PDFInfo
- Publication number
- CN102761520A CN102761520A CN2011101048790A CN201110104879A CN102761520A CN 102761520 A CN102761520 A CN 102761520A CN 2011101048790 A CN2011101048790 A CN 2011101048790A CN 201110104879 A CN201110104879 A CN 201110104879A CN 102761520 A CN102761520 A CN 102761520A
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- node
- authentication information
- rotational order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
Abstract
The invention relates to a technology for processing authentication information, and the technology can cycle authentication information between a plurality of authentication nodes, thereby disenabling hackers to acquire the authentication information permanently. Specifically, the invention provides a method for processing the authentication information, wherein the authentication information is stored in the first authentication node. The method comprises the steps as follows: determining the cycling sequence of the authentication information, determining the cycling triggering condition of the authentication information, responding if the cycling triggering condition holds, and sending at least one part of the authentication information to the second authentication node so that the second authentication node processes authentication requests related to the authentication information according to the cycling sequence.
Description
Technical field
Present invention relates in general to method and system that data are handled, the method and system that special the present invention relates to handled authentication information.
Background technology
Authentication techniques are in order to confirm whether some users or other entity are allowed to visit specific system or resource, and authentication techniques have been widely used in various computer applications.Authentication mode based on password is a kind of modal technology.In password authentication; The user will send a logging request that comprises user account and password; Server end is forwarded to authentication node (Authentication Node) with this logging request, according to the authentication information of storing on the node authentication information in the logging request is carried out authentication by authentication node.
Authentication information in the prior art (Authentication Information) often is stored on one or more fixing authentication nodes.The fail safe that the Verification System of an authentication node is only arranged is poor, because this authentication node is than the target that is easier to become assault.Lightweight Directory Access Protocol, promptly Lightweight DirectoryAccess Protocol (LDAP) is the agreement of visit line directory service.Thereby distributed LDAP system has been widely used in field of authentication and has allowed a plurality of authentication nodes to interconnect to form an authentication bunch (cluster).Start from the consideration that performance optimization and calamity are equipped with, authentication information will be distributed on a plurality of authentication nodes.If such as a company 100 employees are arranged, member's job number is from No.1-No.100.The authentication information that the user logins company's internal network is distributed on 5 authentication nodes.In order to make logging request obtain response in time; And be against any misfortune or loss of data that mechanical disorder is brought; Can this 100 employees' the authentication information mode with redundancy be stored on 5 authentication nodes, the authentication information distribution results is referring to following table 1:
table 1
Can know that by table 1 every employee's authentication information is stored on two different authentication nodes.
Summary of the invention
Inventor of the present invention finds; Every part of authentication information is stored on one or more authentication nodes in the prior art; Yet in a single day authentication information is stored on this portion or many parts of authentication nodes and just can be updated again, but is stored on original authentication node always.The mode of therefore this fixing authentication storage information is brought certain potential safety hazard, just can obtain corresponding authentication information in case hacker (hacker) breaks through these one or more authentication nodes.If the authentication information of the website, inside of company by centralized stores on an authentication node, as long as the hacker breaks through the authentication information that this authentication node just can forever obtain all employees so.If the authentication information of the website, inside of company by distributed storage on a plurality of authentication nodes of a plurality of countries, thereby the hacker maybe be through attacking the permanent acquisition senior executive's of company of the on-site authentication node in corporate HQ authentication information so.That is to say that the mode of fixing authentication storage information makes the hacker have offers additional possibilities to obtain and forever uses the authentication information that is obtained.
In order to address the above problem, the present invention proposes a kind of authentication information treatment technology, this technology can be so that authentication information be taken turns commentaries on classics between a plurality of authentication nodes, thereby makes hacker's permanent access authentication information of having no idea.
Particularly; The present invention provides a kind of method that authentication information is handled; Wherein said authentication information is stored on first authentication node, and said method comprises: confirm the rotational order of said authentication information, confirm that the wheel of said authentication information changes trigger condition; And change trigger condition and set up in response to said the wheel, at least a portion of sending said authentication information according to said rotational order is to second authentication node.
The present invention also provides a kind of system that authentication information is handled; Wherein said authentication information is stored on first authentication node; Said system comprises: rotational order is confirmed device; Be configured to confirm the rotational order of said authentication information, wheel changes trigger condition and confirms device, is configured to confirm that the wheel of said authentication information changes trigger condition; And dispensing device, be configured in response to said take turns change trigger condition set up send said authentication information according to said rotational order at least a portion to second authentication node.
According to one aspect of the present invention; Said authentication information comprises accounts information and authentication module information; Wherein said rotational order comprises the rotational order of accounts information and the rotational order of authentication module information; And said at least a portion of sending said authentication information according to said rotational order comprises to second authentication node: the rotational order according to accounts information sends to said second authentication node with said accounts information, and said method comprises that further the rotational order according to authentication module information sends to the 3rd authentication node with said authentication module information.
According to one aspect of the present invention, comprise timestamp information in the said authentication information to show the valid period of said authentication information.
Description of drawings
The accompanying drawing of institute's reference only is used for example exemplary embodiments of the present invention in this explanation, should not be considered as to limit the scope of the present invention.Fig. 1 shows the block diagram that is suitable for being used for realizing the exemplary computer system of one embodiment of the present invention.Fig. 2 shows authentication information process flow figure of the present invention.Fig. 3 shows the flow chart according to the rotational order of definite authentication information of a kind of embodiment of the present invention.Fig. 4 A shows the authentication information sketch map according to one embodiment of the present of invention.Fig. 4 B shows the authentication information sketch map according to an alternative embodiment of the invention.Fig. 5 shows the flow chart of sending authentication request according to one embodiment of the present of invention.Fig. 6 shows the flow chart of sending authentication request according to an alternative embodiment of the invention.Fig. 7 shows the flow chart according to the processing authentication request of one embodiment of the present of invention.The authentication information wheel that Fig. 8 A shows according to one embodiment of the present of invention changes preceding Verification System sketch map.The authentication information wheel that Fig. 8 B shows according to one embodiment of the present of invention changes back Verification System sketch map.The authentication information wheel that Fig. 9 A shows according to an alternative embodiment of the invention changes preceding Verification System sketch map.The authentication information wheel that Fig. 9 B shows according to an alternative embodiment of the invention changes back Verification System sketch map.Figure 10 shows authentication information treatment system flow chart of the present invention.
Embodiment
Used term among this paper only is in order to describe certain embodiments, and is not intended to limit the present invention." one " of used singulative and " being somebody's turn to do " are intended to also comprise plural form among this paper, only if point out separately clearly in the context.Also to know; When " comprising " speech and using in this manual; Explain and have pointed characteristic, integral body, step, operation, unit and/or assembly; Do not exist or increase one or more further features, integral body, step, operation, unit and/or assembly but do not get rid of, and/or their combination.
The device (means) of the counter structure in the claim, material, operation and the qualification of all functions property or step be equal to replacement, be intended to comprise any being used for and structure, material or the operation of carrying out this function in other unit that claim is specifically noted combinedly.Its purpose of the given description of this invention is signal and describes, and is not to be exhaustive, also is not to be to be limited to the form of being explained to the present invention.For the those of ordinary skill of affiliated technical field, under the situation that does not depart from the scope of the invention and spirit, obviously can make many modifications and modification.To selection and the explanation of embodiment, be in order to explain principle of the present invention and practical application best, the those of ordinary skill of affiliated technical field can be understood that the present invention can have the various execution modes with various changes that are fit to desired special-purpose.
The person of ordinary skill in the field knows that many aspects of the present invention can be presented as system, method or computer program.Therefore; Many aspects of the present invention can specifically be embodied as following form; That is, can be completely hardware, software (comprising firmware, resident software, microcode etc.) or this paper are commonly referred to as " circuit ", the software section of " module " or " system " and the combination of hardware components completely.In addition, many aspects of the present invention can also take to be embodied in the form of the computer program in one or more computer-readable mediums, comprise the procedure code that computer can be used in this computer-readable medium.
Can use any combination of one or more computer-readable media.Computer-readable medium can be computer-readable signal media or computer-readable recording medium.Computer-readable recording medium for example can be---but being not limited to---electricity, magnetic, light, electromagnetism, ultrared or semi-conductive system, device, device or any above combination.The example more specifically of computer-readable recording medium (non exhaustive tabulation) comprises following: electrical connection, portable computer diskette, hard disk, random-access memory (ram), read-only memory (ROM), erasable type programmable read only memory (EPROM or flash memory), optical fiber, Portable, compact disk read-only memory (CD-ROM), light storage device, magnetic memory device, the perhaps above-mentioned any suitable combination of one or more leads are arranged.In the linguistic context of presents, computer-readable recording medium can be any comprising or stored program tangible medium, and this program is used or is used in combination with it by instruction execution system, device or device.
That computer-readable signal media can be included in the base band or propagate as a carrier wave part, wherein embody the data-signal of the propagation of computer-readable procedure code.Electromagnetic signal that the signal of this propagation can adopt various ways, comprises---but being not limited to---, light signal or any more than suitable combination.Computer-readable signal media can be not for computer-readable recording medium, but can send, propagate or transmission is used for by perhaps any computer-readable medium of the program that perhaps is used in combination with it of device use of instruction execution system, device.The program code that comprises on the computer-readable medium can be used any suitable medium transmission, comprises that---but being not limited to---is wireless, electric wire, optical cable, RF or the like, perhaps any suitable combinations thereof.
The program code that comprises on the computer-readable medium can be used any suitable medium transmission, comprises that---but being not limited to---is wireless, electric wire, optical cable, RF or the like, perhaps any suitable combinations thereof.
Be used to carry out the computer program code of operation of the present invention; Can write with any combination of one or more programming languages; Said programming language comprises object-oriented programming language-such as Java, Smalltalk, C++, also comprise conventional process type programming language-such as " C " programming language or similar programming language.Procedure code can be fully carry out in user's the calculating, partly carry out on the user's computer, independently software kit is carried out as one, part carrying out on the remote computer, or on remote computer or server, carrying out fully on user's computer top.In a kind of situation in back; Remote computer can be through the network of any kind of---comprise Local Area Network or wide area network (WAN)-be connected to user's computer; Perhaps, can (for example utilize the ISP to come) and be connected to outer computer through the internet.
Following reference is described many aspects of the present invention according to the flow chart and/or the block diagram of method, device (system) and the computer program of the embodiment of the invention.Should be appreciated that the combination of blocks can be realized by computer program instructions in each square frame of flow chart and/or block diagram and flow chart and/or the block diagram.These computer program instructions can offer the processor of all-purpose computer, special-purpose computer or other programmable data processing unit; Thereby produce a kind of machine; Make and these instructions of carrying out through computer or other programmable data processing unit produce the device of the function/operation of stipulating in the square frame in realization flow figure and/or the block diagram.
Also can be stored in these computer program instructions in ability command calculations machine or the computer-readable medium of other programmable data processing unit with ad hoc fashion work; Like this, the instruction that is stored in the computer-readable medium produces a manufacture that comprises the command device (instructionmeans) of the function/operation of stipulating in the square frame in realization flow figure and/or the block diagram.
Also can be loaded into computer program instructions on computer or other programmable data processing unit; Make and on computer or other programmable data processing unit, carry out the sequence of operations step; Producing computer implemented process, thereby the instruction of on computer or other programmable device, carrying out just provides the process of the function/operation of stipulating in the square frame in realization flow figure and/or the block diagram.
Flow chart in the accompanying drawing of the present invention and block diagram illustrate the system according to various embodiments of the invention, architectural framework in the cards, function and the operation of method and computer program product.In this, each square frame in flow chart or the block diagram can be represented the part of module, block or a code, and the part of said module, block or code comprises one or more executable instructions that are used to realize the logic function stipulated.Should be noted that also the order that the function that is marked in the square frame also can be marked to be different from the accompanying drawing takes place in some realization as replacement.For example, in fact the square frame that two adjoining lands are represented can be carried out basically concurrently, and they also can be carried out by opposite order sometimes, and this decides according to related function.Also be noted that; Each square frame in block diagram and/or the flow chart and the combination of the square frame in block diagram and/or the flow chart; Can realize with the hardware based system of the special use of function that puts rules into practice or operation, perhaps can use the combination of specialized hardware and computer instruction to realize.
Fig. 1 shows the block diagram that is suitable for being used for realizing the exemplary computer system of one embodiment of the present invention.As shown in, computer system 100 can comprise: CPU (CPU) 101, RAM (random access memory) 102, ROM (read-only memory) 103, system bus 104, hard disk controller 105, KBC 106, serial interface controller 107, parallel interface controller 108, display controller 109, hard disk 110, keyboard 111, serial external equipment 112, parallel external equipment 113 and display 114.In these equipment, with system bus 104 coupling CPU 101, RAM 102, ROM103, hard disk controller 105, KBC 106, serialization controller 107, parallel controller 108 and display controller 109 arranged.Hard disk 110 and hard disk controller 105 couplings; Keyboard 111 and KBC 106 couplings; Serial external equipment 112 and serial interface controller 107 couplings, parallel external equipment 113 and parallel interface controller 108 couplings, and display 114 and display controller 109 couplings.Should be appreciated that the described structured flowchart of Fig. 1 illustrates just to the purpose of example, rather than limitation of the scope of the invention.In some cases, can increase or reduce some equipment as the case may be.
Fig. 2 shows authentication information process flow figure of the present invention.Authentication information in the authentication information processing method shown in Fig. 2 is stored on first authentication node.According to a kind of embodiment of the present invention; Said authentication information comprises accounts information; Such as account ID, personal identity number PIN etc., said account ID can be any account ID such as user name, email, license plate number, and said identifier can be any identifiers such as password, ID card No..Fig. 4 A shows the authentication information sketch map according to one embodiment of the present of invention, and authentication information comprises accounts information Acc A in this sketch map.If said accounts information is stored with the tabulation mode, can be as shown in table 1 below:
Table1
| ID | PIN |
| James | XXXXXX |
| Thomas | XXXXXX |
| ... | ... |
According to another kind of embodiment of the present invention, said authentication information comprises accounts information (Account Information) and authentication module information (AuthenticationModule Information).Fig. 4 B shows the authentication information sketch map according to an alternative embodiment of the invention, and authentication information comprises accounts information Acc A and authentication module information Mod A in this sketch map.Said accounts information also further comprises authentication module label (Authentication Module Tag) except comprising information such as ID and PIN.Said authentication module information comprises authentication module label and AES.Said authentication module label is as the bridge that connects accounts information and AES.The affiliated technical staff of this area understands, and in general, PIN leaves on the authentication node with encrypted test mode, and ID leaves on the authentication node with encrypted test mode, also can be to leave on the authentication node with clear-text way.Said plaintext is realized by said AES to the conversion of ciphertext.Different accounts informations can be suitable for unified AES, also can be suitable for the different encrypted algorithm.If different accounts informations is suitable for unified AES, then need be on authentication node the authentication storage module tag.If different accounts informations is suitable for the different encrypted algorithm; Then need in authentication information, distinguish the different encrypted algorithm; A kind of fairly simple embodiment is the corresponding authentication module label of storage accounts ID in authentication node, to identify corresponding AES.Suppose to have two kinds of AESs, represent to be suitable for first kind of AES with Tag=0, represent to be suitable for second kind of AES with Tag=1, then accounts information can be as shown in table 2 below in the present embodiment:
Table2
| ID | PIN | Tag |
| James | XXXXXX | 0 |
| Thomas | XXXXXX | 1 |
| ... | ... | ... |
Authentication module information can be as shown in table 3 below in the present embodiment:
Table3
| Tag | AES |
| 0 | First kind of |
| 1 | Second kind of AES |
Just can confirm an AES that account was suitable for through table 2 and table 3.
As a distortion of the foregoing description, can set the quantity of the quantity of Tag greater than AES, can increase the fail safe of system like this, even if make an authentication node attacked by the hacker, which AES what usefulness was sent as an envoy in the also very difficult supposition of this hacker is.Accounts information can be as shown in table 4 below, and authentication module information can be as shown in table 5 below:
Table 4
Table5
| ID | PIN | Tag |
| James | XXXXXX | 0 |
| Thomas | XXXXXX | 1 |
| Anna | XXXXXX | 2 |
| Rose | XXXXXX | 3 |
| Marry | XXXXXX | 4 |
| ... | ... | ... |
| | AES | ||
| 0,2,4 | First kind of | ||
| 1,3 | Second kind of AES |
Can be disperseed to be stored in the machine-processed similar of different nodes with accounts information, authentication module information also can be disperseed to be stored on the different authentication nodes.
The present invention does not limit the storage format of authentication information is special.It can be text-only file (such as the CVS file), database, tabulation or directory tree (like LDAP and NIS (Network Information Service) directory tree etc.).
Get back to Fig. 1, in step 201, confirm the rotational order of said authentication information.Said rotational order has been described an authentication node at least will send to the authentication information of storage on it for which authentication node.According to one embodiment of the present of invention, said rotational order is confirmed (changeing previous hour of the previous day or wheel commentaries on classics etc. such as wheel) temporarily before wheel changes.Interim definite rotational order can increase the fail safe of system, will where be forwarded to by wheel because the hacker can't judge the authentication information on a certain node.
According to an alternative embodiment of the invention, said rotational order is just confirmed well (changeing the rotational order that the last week, month even last time wheel commentaries on classics back, just definite next next round was changeed such as wheel) in the certain hour before wheel changes.In this embodiment and since in advance a period of time just confirmed rotational order, therefore having saved changes the road wheel commentaries on classics of advancing at wheel and confirms the expense brought in proper order.
If said authentication information comprises accounts information and authentication module information, then said rotational order may further include the rotational order of accounts information and the rotational order of authentication module information.The rotational order of the rotational order of said accounts information and authentication module information can be the same or different.Under the rotational order condition of different of the rotational order of accounts information and authentication module information; Said accounts information is taken turns the authentication node that forwards to can be different with the authentication node that said authentication module information wheel forwards to, such as can said accounts information being sent to second authentication node and said authentication module information is sent to the 3rd authentication node.
The wheel of confirming said authentication information in step 203 changes trigger condition.The said wheel changeed trigger condition and described wheel and when change or under what condition, begin to carry out.See (general perspective) from macroscopic view, the said commentaries on classics trigger condition of taking turns can also can be dynamic trigger condition for static trigger condition.Static trigger condition can be to reach preset time (after three months), just every wheel commentaries on classics of carrying out an authentication information at a distance from the preset time cycle.According to a kind of embodiment said preset time cycle of the present invention can be the cycle of fixing (such as be three months always).According to another kind of embodiment of the present invention, the said special time cycle can be constantly by adjustment (change and second next round commentaries on classics three months at interval such as first next round, and second next round being changeed and wheel commentaries on classics for the third time two months at interval).Adopt the management cost of static trigger condition lower, can carry out the wheel commentaries on classics of authentication information according to static trigger condition as long as guarantee accurate just the stablizing of clock on each authentication node.
In another kind of embodiment, saidly take turns that to change trigger condition be dynamic trigger condition.Such as can when a certain authentication node receives assault, changeing by the wheel of triggering authentication information.The system manager's wheel of triggering authentication information commentaries on classics at any time as the case may be for another example.In addition, if a certain authentication node by frequent access, wheel that so also can triggering authentication information when the access times of this authentication node reach some changes.In addition, if repeatedly participating in wheel owing to always be in busy (busy) state, an authentication node changes the also wheel of triggering authentication information commentaries on classics voluntarily of this authentication node so.The present invention can also comprise other dynamic trigger condition.And the dynamic trigger condition among the present invention can be used with static trigger condition simultaneously.Such as static trigger condition was that the every three months wheel changes once, and a certain authentication node has just triggered the wheel commentaries on classics of authentication information owing to receive assault the second month some day.
See that from microcosmic said the wheel changeed trigger condition and be included in node and begin the authentication information wheel when idle and change.Such as, at night, authentication node usually can be by frequent access, and then can be chosen in the wheel that carries out authentication information night changes.Perhaps change in predetermined wheel and constantly still be in busy state, then can skip over this node and do not make it participate in wheel to turn over journey such as a certain authentication node.Also such as, the busy state of each authentication node of inquiry before can arriving in the wheel commentaries on classics time of agreement if there is a node to be in busy state, then postpones the wheel turn-off and begins the time, till all authentication nodes all are in idle condition.
In step 205; Changeing trigger condition in response to wheel sets up; At least a portion of sending said authentication information according to said rotational order is such as by first authentication node authentication information of storage on it being sent to second authentication node to handle the authentication request relevant with said authentication information by second authentication node.
The order of step 201 and step 203 is not fixed among Fig. 2, both can carry out step 201 earlier and carry out step 203 again, can carry out step 203 earlier yet and carry out step 201 again, perhaps parallel step 201 and 203 of carrying out.
Fig. 3 shows the flow chart according to the rotational order of definite authentication information of a kind of embodiment of the present invention.Fig. 3 is further describing step 201 among Fig. 2.In step 301, produce a random number by each authentication node.In step 303, confirm command node (Commander Node) according to the random number that is produced.In step 305, confirm rotational order by command node.
Confirm the process of the rotational order of authentication information below in conjunction with Fig. 8 A, Fig. 8 B explanation.
The authentication information wheel that Fig. 8 A shows according to one embodiment of the present of invention changes preceding Verification System sketch map.In the Verification System shown in Fig. 8 A, have five authentication nodes, be respectively Node 1-Node 5.In this embodiment, suppose that the AES of each authentication information is all identical, so the authentication information of storing on the authentication node only comprises accounts information and does not comprise authentication module information.In this embodiment, suppose to store authentication information Acc A among the current Node 1, store authentication information Acc B among the Node 2, store authentication information Acc C among the Node 4.
Random number in step 301, producing one 0 to 99 by each authentication node, each authentication node produce shown in the result such as following table 6 of random number:
Table6
| | | | | |
| 1 | 50 | 79 | 44 | 32 |
In step 303, confirm command node through the random number that each authentication produced.Such as a node that can the random number that produce is maximum as command node.The random number that Node 3 is produced in the table 6 is maximum, so Node 3 becomes command node.
Next, in step 305, confirm rotational order by command node Node 3.Node 3 can generate an integer sequence of being made up of digital 1-5 temporarily, such as 5->3->4->1->2->5.This integer sequence has been described the next round wheel and has been turned over the rotational order in the journey, if promptly on the Node 5 authentication information is arranged, then sends to Node 3; If on the Node 3 authentication information is arranged, then send to Node 4; If on the Node 4 authentication information is arranged, then send to Node 1; If on the Node 1 authentication information is arranged, then send to Node 2; If on the Node 2 authentication information is arranged, then send to Node 5.Can judge that according to above-mentioned rule the Acc A among Fig. 8 A will send to Node 2; Acc B will send to Node 5; Acc C will send to Node 1.The authentication information wheel that Fig. 8 B shows according to one embodiment of the present of invention changes back Verification System sketch map.After wheel changeed, authentication information was by new authentication node storage, and the authentication request relevant with said authentication information also will be handled by new authentication node.Rotational order among the present invention both can refer to send authentication information on it to the order of another authentication node, like 5-from authentication node>3, also can refer to the rotational order of the authentication information between a plurality of authentication nodes, like 5->3->4->1->2->5.
According to another kind of embodiment of the present invention, command node need be set.Produce a random number by each authentication node earlier, such as reference table 6.According to the size order that produces random number, confirm rotational order, then such as 3->2->4->5->1, if on the Node 3 authentication information is arranged, then send to Node 2; If on the Node 2 authentication information is arranged, then send to Node 4; If on the Node 4 authentication information is arranged, then send to Node 5; If on the Node 5 authentication information is arranged, then send to Node 1; If on the Node 1 authentication information is arranged, then can send to Node 3.
According to another embodiment of the present invention, command node need be set.Produce a random number by each authentication node earlier, then the random number that is produced is carried out modulo operation, confirm rotational order according to the size order of the remainder behind the modulo operation.
According to also a kind of embodiment of the present invention; By initiatively initiating random sequence of authentication node generation that the authentication information wheel changes; Form (such as 31245) like this random sequence by five numerals of 1-5, confirm that according to the random sequence that produces rotational order is 3-then 1-2-4-5-3.Definite and the definite of wheel commentaries on classics trigger condition who this shows the rotational order among the present invention possibly be related, and the wheel commentaries on classics trigger condition for different has different rotational order producing methods.On this section in this example, therefore said the wheel when to change trigger condition be dynamic trigger condition can dynamically confirm rotational order by some authentication nodes.
The present invention is not limited to the producing method of the above-mentioned rotational order of enumerating, but can be expanded into the producing method of more rotational order.In order to make the rotational order that produces further reduced by the possibility that the hacker obtains; Can confirm the said rotational order of authentication information through random number; Said random number can be the random sequence that is produced by an authentication node, also can be the random number that is produced by a plurality of nodes.
The authentication information wheel that Fig. 9 A shows according to an alternative embodiment of the invention changes preceding Verification System sketch map.In the embodiment shown in Fig. 9 A; Accounts information in the authentication information and corresponding authentication module information before wheel changes be stored in the same authentication node (accounts information Acc A and authentication module information Mod A are stored among the authentication node Node1; Accounts information Acc B and authentication module information Mod B are stored among the authentication node Node 2; Accounts information Acc C and authentication module information Mod C are stored among the authentication node Node 4); And after the wheel commentaries on classics, accounts information is stored in the different authentication nodes with corresponding authentication module information.The authentication information wheel that Fig. 9 B shows according to an alternative embodiment of the invention changes back Verification System sketch map.In the embodiment shown in Fig. 9 B; Accounts information Acc C and authentication module information Mod A have been stored among the authentication node Node 1; Stored accounts information Acc A among the authentication node Node 2; Store authentication module information Mod B among the authentication node Node 3, stored authentication module information Mod C among the authentication node Node 4, stored accounts information Acc B among the authentication node Node 5.
Preamble is mentioned; If different accounts informations is suitable for the different encrypted algorithm; Then need in authentication information, distinguish the different encrypted algorithm, a kind of fairly simple embodiment is the corresponding authentication module label of storage accounts in authentication node, to identify corresponding AES.Can be the same or different of the rotational order of wherein said authentication module information and rotational order accounts information.If the rotational order of authentication module information is identical with the rotational order of accounts information, authentication module information will bind together with corresponding accounts information forever.If authentication module information is different with the rotational order of accounts information, the two possibly be stored on the different authentication nodes, and accounts information and authentication module information can be separately proceeded subsequent rounds respectively with mode independently and changeed.
Can only take turns according to a kind of embodiment of the present invention and to transfer accounts family information and do not take turns the authentication module information of changeing.Can only take turns commentaries on classics authentication module information and not take turns the family information of transferring accounts according to another kind of embodiment of the present invention.
Optional, when wheel changeed authentication module information, said authentication module label Tag can be modified, thereby further increases the fail safe of system.Such as can his-and-hers watches 2 with table 3 in Tag make amendment, Tag=0 is become Tag=3, Tag=1 is become Tag=4.Amended accounts information and authentication module information are respectively shown in following table 7 and table 8:
Table 7
Table8
| ID | PIN | Tag |
| James | XXXXXX | 3 |
| Thomas | XXXXXX | 4 |
| ... | ... | ... |
| | AES | |
| 3 | First kind of | |
| 4 | Second kind of AES |
According to one embodiment of the present of invention, can also comprise timestamp (timestamp) information in the authentication information to show the valid period of said authentication information.In an example, said timestamp information is " 20110417,3 ", represent this authentication information be April 17 in 2011 sun forward local authentication node to, its term of validity is three months.Need carry out next next round after that is to say three months changes.In another example, said timestamp information is " 20110717 ", representes that this authentication information all was effective before on July 17th, 2011.In another example, said timestamp information is " 20110417, effectively ", represent this authentication information be April 17 in 2011 sun forward local authentication node to, and " effectively " mode bit of this authentication information is " effectively ".Once you begin the wheel of authentication information changes, and should will be set to engineering noise by " effectively " mode bit.This example adopts dynamic trigger condition to trigger in the scheme of wheel commentaries on classics than being more suitable for.Certainly the present invention not other expression way of restricted application come express time to stab information.The authentication information of employing timestamp can further increase the fail safe of system, in case a certain authentication node of assault, it can't use the authentication information in this node always.
According to one embodiment of the present of invention, can only carry out the wheel commentaries on classics (partial rotation) of part authentication node between the refunding in a next round.Such as the original wheel commentaries on classics time be 2:00am; But before the wheel commentaries on classics time begins; Assess the actual performance (Real Performance) of second authentication node; If find that through assessment second authentication node is in busy state, this next round turns over Cheng Ze possibly ignore (skip) second authentication node, and between other node, carries out the wheel commentaries on classics of authentication information.Further, repeatedly turn in the journey for fear of some authentication nodes and to be left in the basket, can revise to prevent that this authentication node from can't participate in wheel forever and changeing the actual performance of authentication node at wheel.Such as the value of actual performance is one from 0 to 100 mark, and the high more explanation authentication node of mark is busy more, and the low more explanation authentication node of mark is notr busy.Correcting feature after so actual performance being proofreaied and correct is as follows shown in the formula 1: CP=RP-(W*T) formula 1
Performance mark after wherein CP representes to calibrate, RP are represented the actual performance mark of authentication node, and W representes weight, and T representes that this authentication node has neither part nor lot in the number of times that wheel changes.Can find out that from formula 1 the performance mark after the calibration will reduce along with a certain authentication node has neither part nor lot in increasing of number of times that wheel changes, if the performance mark after the calibration is lower than certain threshold value, this authentication node just should be participated in the wheel commentaries on classics of authentication information.The wheel that formula 1 prevents a certain authentication node owing to always be in busy state always can't participate in authentication information changes.
Certainly the present invention does not get rid of the method for using other and avoids a certain authentication node always to turn in the journey at wheel being left in the basket, such as stipulating that any authentication node all can not turn over journey by double wheel of not participating in authentication information.
Fig. 5 shows the flow chart of sending authentication request according to one embodiment of the present of invention.Fig. 5 and Fig. 8 A, 8B are corresponding.In the embodiment shown in fig. 5, suppose that authentication information comprises accounts information, and do not comprise authentication module information, that is to say for all accounts informations all to be suitable for identical AES.In step 501, receive authentication request.Said authentication request can be from client, the logging request of sending in the time of can will logining its company's internal network from an employee such as said authentication request.
In step 503, said authentication request is distributed in the corresponding authentication node.The method that authentication request is distributed in the corresponding authentication node has a lot, according to a kind of embodiment of the present invention, can adopt the mode of multicast (multicast) that authentication request is broadcasted in the authenticating network of being made up of authentication node.The address of the authentication node in the authenticating network constitutes the multicast address set, in case there is new authentication node to add authenticating network, then can the network address of new authentication node also be added this multicast address set.The authentication node that receives authentication request in the authenticating network will check whether the information that satisfies authentication request is arranged on this node.If no, then do not reply.If have, then can continue follow-up step.In a kind of example; Suppose that the user is at client input account ID and password PIN; Said ID and PIN (the perhaps variant of PIN) are sent on a certain authentication node, and this authentication node inspection storage ID above that is to confirm whether have the information that satisfies authentication request on it.This authentication node is verified this user according to the PIN of user's input more afterwards.
In another kind of example; Suppose that the user is at client input account ID and password PIN; Have only said ID to be sent on a certain authentication node; When behind this authentication node storage id information above that, confirming to have the information that satisfies authentication request on it, this authentication node can be further with client contacts obtaining said PIN, thereby carry out follow-up treatment step.In more complicated example; Authentication node not only need with client contacts to obtain PIN; Even also need get in touch carrying out the processing of follow-up authentication request with special authentication node, such as need whether correct with the ID card No. of confirming user's input with the server contact of portions of government.
Preceding text have been described and have been utilized multicast mode that authentication request is distributed to the details of each authentication node, describe below and utilize node router (Node Router) that authentication request is distributed to the process on the corresponding authentication node.Said node router is responsible for being distributed to authentication request on the corresponding authentication node and is handled.Said node router can be taken on by a special node, also can be taken on by in a plurality of authentication nodes.Can store a dispatch table on the node router, this dispatch table is as shown in table 9 below:
Table9
| User name (ID) | Authentication |
| James | Node |
| 1 | |
| ... | ... |
Content representation in the table 9, the authentication information of user James by name is stored on the first node.Therefore the node router can be forwarded to the authentication request relevant with James on the first node.Change if wheel takes place the authentication information on the authentication node, after then wheel changeed, said dispatch table will be updated to reflect up-to-date authentication information store status.Such as, if the authentication information on the Node 1 is forwarded on the Node 2 by wheel, then said dispatch table can carry out the modification like following table 10:
Table10
| User name (ID) | Authentication |
| James | Node |
| 2 | |
| ... | ... |
Get back to Fig. 5 now, in step 505, handle said authentication request.The detailed content of step 505 will explain further details hereinafter.The return authentication result is to show said authentication request and passed through authentication or to fail through authentication in step 507.
Fig. 6 shows the flow chart of sending authentication request according to an alternative embodiment of the invention.Embodiment among Fig. 6 and Fig. 9 A, 9B are corresponding.In the embodiment shown in fig. 6, suppose that authentication information comprises accounts information and authentication module information, that is to say for different accounts informations to be suitable for the different encrypted algorithm.In step 601, receive authentication request.In step 603, obtain and the corresponding accounts information of said authentication request according to said authentication request.In step 605, check the authentication module label in the said authentication request, and confirm the authentication node at authentication module information (such as the AES) place corresponding with said authentication module label.In step 607, said accounts information and said authentication request are distributed to the authentication node that comprises said authentication module information, to handle said authentication request by the said authentication node that comprises authentication module information.In step 609, handle said authentication request.The details of step 609 will be described in more detail below.In step 611, the return authentication result is to confirm whether said authentication request is successful.
Fig. 7 shows the flow chart according to the processing authentication request of one embodiment of the present of invention.Flow chart among Fig. 7 is the further refinement to the step 609 among the step 505 among Fig. 5 and Fig. 6.No matter for the embodiment shown in Fig. 8 A, the 8B still for the embodiment shown in Fig. 9 A, the 9B, during sending authentication information, can suspend or not suspend processing for authentication request.If suspend processing to authentication request; Said authentication request will be forwarded to new authentication node and handle after wheel changes end; That is to say that said authentication information can send to new authentication node from original authentication node with the mode of shearing, original authentication node is no longer preserved the copy of said authentication information.If do not suspend processing to authentication request; During sending authentication information, still can handle said authentication request by original authentication node; After waiting for that all authentication informations all copy new authentication node to by original authentication node; Handle said authentication request by new authentication node again, under this embodiment, said authentication information can send to new authentication node from original authentication node with the mode that copy is pasted again.
Particularly, during step 701 judges whether said authentication node is the transmission at authentication information.If said authentication node just in time be in send authentication information during, then in step 703, further judge whether to need to suspend processing to said authentication request.Suspend processing if desired,, after finishing during the transmission of authentication information, said authentication request is distributed to other authentication node, and handles said authentication request by other authentication node then in step 705 to said authentication request.Wherein be distributed to the action of other authentication node, can accomplish, also can accomplish, can also directly said authentication request to be solved be forwarded on other authentication node by authentication node by the node router assist of as above describing by the multicast mode of as above describing.If in step 703, judge and need not suspend processing, then in step 707, accomplish processing to said authentication request by said authentication node to authentication request.If in step 701, judge that said authentication node not during the transmission of authentication information, then directly forwards step 707 to, handle said authentication request by said authentication node.
Figure 10 shows authentication information treatment system flow chart of the present invention.Authentication information treatment system among Figure 10 comprises that rotational order confirms that device, wheel change trigger condition and confirm device and dispensing device.In the described authentication information treatment system of Figure 10, said authentication information is stored on first authentication node.Rotational order among Figure 10 is confirmed device, is configured to confirm the rotational order of authentication information.Wheel changes trigger condition and confirms device, is configured to confirm that the wheel of authentication information changes trigger condition.Dispensing device, be configured in response to wheel change trigger condition set up send said authentication information according to said rotational order at least a portion to second authentication node to handle the authentication request relevant with said authentication information by second authentication node.
According to a kind of embodiment of the present invention, the authentication information among Figure 10 comprises accounts information.
According to another kind of embodiment of the present invention, the authentication information among Figure 10 also comprises authentication module information except accounts information.
According to a kind of embodiment of the present invention; Said rotational order among Figure 10 comprises the rotational order of accounts information and the rotational order of authentication module information, and said dispensing device further is configured to: said accounts information is sent to second authentication node and said authentication module information is sent to the 3rd authentication node.
According to a kind of embodiment of the present invention, the said wheel changeed trigger condition and is included at interval special time week after date and begins the authentication information wheel and change.
According to another kind of embodiment of the present invention, saidly take turns that to change trigger condition be dynamic trigger condition.
According to another embodiment of the present invention, the said wheel changeed trigger condition and is included in node and begins the authentication information wheel when idle and change.
According to a kind of embodiment of the present invention, comprise timestamp information in the said authentication information to show the valid period of said authentication information.
The function of each module in the authentication information treatment system shown in Figure 10 specifies in the introduction to the authentication information processing method in preamble, repeats no more at this.
Various embodiment of the present invention can provide many advantages, comprise in summary of the invention, enumerated and can itself derive out from technical scheme.But no matter whether an embodiment obtains whole advantages, and also no matter whether such advantage is considered to obtain substantive raising, should not be construed as limiting the invention.Simultaneously, the various execution modes of mentioning in the preceding text only are for purposes of illustration, and those of ordinary skill in the art can make various modifications and change to above-mentioned execution mode, and does not depart from essence of the present invention.Scope of the present invention is limited appended claims fully.
Claims (19)
1. method that authentication information is handled, said authentication information is stored on first authentication node, and said method comprises:
Confirm the rotational order of said authentication information,
The wheel of confirming said authentication information changes trigger condition, and
Change the trigger condition establishment in response to said the wheel, at least a portion of sending said authentication information according to said rotational order is to second authentication node.
2. according to the described method of claim 1, wherein said authentication information comprises accounts information and authentication module information.
3. according to the described method of claim 2, wherein said rotational order comprises the rotational order of accounts information and the rotational order of authentication module information,
And said at least a portion of sending said authentication information according to said rotational order comprises to second authentication node:
Rotational order according to accounts information sends to said second authentication node with said accounts information,
And said method also comprises:
Rotational order according to authentication module information sends to the 3rd authentication node with said authentication module information.
4. according to the described method of claim 1, the wherein said wheel changeed trigger condition and comprised and reach the scheduled time.
5. according to the described method of claim 1, wherein saidly take turns that to change trigger condition be dynamic trigger condition.
6. according to the described method of arbitrary claim in the claim 1 to 5, the wherein said commentaries on classics trigger condition of taking turns is included in said first authentication node begins said authentication information during the free time wheel commentaries on classics.
7. according to the described method of claim 1, confirm that wherein the rotational order of said authentication information further comprises the said rotational order of confirming said authentication information at random.
8. according to the described method of claim 1, wherein said first authentication node is in the processing of the transmission pause pair authentication request relevant with said authentication information of said authentication information.
9. according to the described method of claim 1, wherein said first authentication node does not suspend the processing to the authentication request relevant with said authentication information during the transmission of said authentication information.
10. according to the described method of claim 1, comprise timestamp information in the wherein said authentication information to show the valid period of said authentication information.
11. according to the described method of claim 1, wherein said authentication request is distributed to a plurality of authentication nodes through multicast mode.
12. according to the described method of claim 1, wherein said authentication request is distributed to second authentication node through the node router, wherein said node router stores has the dispatch table of said authentication information.
13. the system that authentication information is handled, wherein said authentication information is stored on first authentication node, and said system comprises:
Rotational order is confirmed device, is configured to confirm the rotational order of said authentication information,
Wheel changes trigger condition and confirms device, is configured to confirm that the wheel of said authentication information changes trigger condition, and
Dispensing device, be configured in response to said take turns change trigger condition set up send said authentication information according to said rotational order at least a portion to second authentication node.
14. according to the described system of claim 13, wherein said authentication information comprises accounts information and authentication module information.
15. according to the described system of claim 14, wherein said rotational order comprises the rotational order of accounts information and the rotational order of authentication module information,
And said dispensing device further is configured to: according to the rotational order of accounts information said accounts information is sent to said second authentication node and according to the rotational order of authentication module information said authentication module information sent to the 3rd authentication node.
16. according to the described system of claim 13, the wherein said wheel changeed trigger condition and comprised and reach the scheduled time.
17., wherein saidly take turns that to change trigger condition be dynamic trigger condition according to the described system of claim 13.
18. according to the described system of the arbitrary claim of claim 13 to 17, the wherein said commentaries on classics trigger condition of taking turns is included in said first authentication node begins said authentication information during the free time wheel commentaries on classics.
19., comprise timestamp information in the wherein said authentication information to show the valid period of said authentication information according to the described system of claim 13.
Priority Applications (6)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110104879.0A CN102761520B (en) | 2011-04-26 | 2011-04-26 | Method and system for processing authentication information |
| GB1313857.3A GB2505563B (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
| PCT/CN2012/072183 WO2012146091A1 (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
| DE112012000780.8T DE112012000780B4 (en) | 2011-04-26 | 2012-03-12 | Processing Authorization Check Data |
| JP2014506730A JP6034368B2 (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
| SG2013074091A SG194072A1 (en) | 2011-04-26 | 2012-03-12 | Authentication information processing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110104879.0A CN102761520B (en) | 2011-04-26 | 2011-04-26 | Method and system for processing authentication information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102761520A true CN102761520A (en) | 2012-10-31 |
| CN102761520B CN102761520B (en) | 2015-04-22 |
Family
ID=47055842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110104879.0A Expired - Fee Related CN102761520B (en) | 2011-04-26 | 2011-04-26 | Method and system for processing authentication information |
Country Status (6)
| Country | Link |
|---|---|
| JP (1) | JP6034368B2 (en) |
| CN (1) | CN102761520B (en) |
| DE (1) | DE112012000780B4 (en) |
| GB (1) | GB2505563B (en) |
| SG (1) | SG194072A1 (en) |
| WO (1) | WO2012146091A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704823A (en) * | 2019-09-10 | 2020-01-17 | 平安科技(深圳)有限公司 | Data request method, device, storage medium and electronic equipment |
| WO2023005804A1 (en) * | 2021-07-29 | 2023-02-02 | 阿里云计算有限公司 | Data rotation method and apparatus, device, and system |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB201811773D0 (en) | 2018-07-19 | 2018-09-05 | Nchain Holdings Ltd | Computer-implemented system and method |
| CN112738045A (en) * | 2020-12-23 | 2021-04-30 | 中科三清科技有限公司 | Multi-source fusion identity authentication system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1767437A (en) * | 2004-10-29 | 2006-05-03 | 国际商业机器公司 | Systems and methods for efficiently authenticating multiple objects based on access patterns |
| US20070162862A1 (en) * | 2005-07-06 | 2007-07-12 | Gemini Mobile Technologies, Inc. | Selective user monitoring in an online environment |
| CN101938461A (en) * | 2009-06-29 | 2011-01-05 | 索尼公司 | Netscape messaging server Netscape, messaging device and information processing method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH0668047A (en) * | 1992-08-13 | 1994-03-11 | Nippon Telegr & Teleph Corp <Ntt> | Shared storage method using network of distributed system |
| JP3559471B2 (en) * | 1999-03-31 | 2004-09-02 | 株式会社東芝 | Setting information server device, user computer and setting information delivery method |
| US7322040B1 (en) * | 2001-03-27 | 2008-01-22 | Microsoft Corporation | Authentication architecture |
| US7617257B2 (en) * | 2004-12-03 | 2009-11-10 | Oracle International Corporation | System for persistent caching of LDAP metadata in a cluster LDAP server topology |
| US9390156B2 (en) * | 2009-06-29 | 2016-07-12 | International Business Machines Corporation | Distributed directory environment using clustered LDAP servers |
-
2011
- 2011-04-26 CN CN201110104879.0A patent/CN102761520B/en not_active Expired - Fee Related
-
2012
- 2012-03-12 SG SG2013074091A patent/SG194072A1/en unknown
- 2012-03-12 JP JP2014506730A patent/JP6034368B2/en not_active Expired - Fee Related
- 2012-03-12 DE DE112012000780.8T patent/DE112012000780B4/en active Active
- 2012-03-12 WO PCT/CN2012/072183 patent/WO2012146091A1/en active Application Filing
- 2012-03-12 GB GB1313857.3A patent/GB2505563B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1767437A (en) * | 2004-10-29 | 2006-05-03 | 国际商业机器公司 | Systems and methods for efficiently authenticating multiple objects based on access patterns |
| US20070162862A1 (en) * | 2005-07-06 | 2007-07-12 | Gemini Mobile Technologies, Inc. | Selective user monitoring in an online environment |
| CN101938461A (en) * | 2009-06-29 | 2011-01-05 | 索尼公司 | Netscape messaging server Netscape, messaging device and information processing method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110704823A (en) * | 2019-09-10 | 2020-01-17 | 平安科技(深圳)有限公司 | Data request method, device, storage medium and electronic equipment |
| WO2023005804A1 (en) * | 2021-07-29 | 2023-02-02 | 阿里云计算有限公司 | Data rotation method and apparatus, device, and system |
Also Published As
| Publication number | Publication date |
|---|---|
| JP6034368B2 (en) | 2016-11-30 |
| JP2014513351A (en) | 2014-05-29 |
| GB201313857D0 (en) | 2013-09-18 |
| DE112012000780B4 (en) | 2014-07-31 |
| SG194072A1 (en) | 2013-11-29 |
| GB2505563A (en) | 2014-03-05 |
| DE112012000780T5 (en) | 2013-11-14 |
| CN102761520B (en) | 2015-04-22 |
| GB2505563B (en) | 2015-07-01 |
| WO2012146091A1 (en) | 2012-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3496332B1 (en) | Method and system for securely sharing validation information using blockchain technology | |
| US11470086B2 (en) | Systems and methods for organizing devices in a policy hierarchy | |
| US20230269100A1 (en) | Systems and methods for notary agent for public key infrastructure names | |
| US10878248B2 (en) | Media authentication using distributed ledger | |
| JP6556706B2 (en) | Systems and methods for encryption key management, collaboration, and distribution | |
| EP3522088A1 (en) | Securing blockchain access through a gateway | |
| ES2732497T3 (en) | Verification of participation in cryptocurrency-based events | |
| CN110213223B (en) | Service management method, device, system, computer equipment and storage medium | |
| US9338165B2 (en) | Common internet file system proxy authentication of multiple servers | |
| US20120210123A1 (en) | One-time password certificate renewal | |
| GB2577751A (en) | A consensus method and framework for a blockchain system | |
| CN103179099B (en) | A kind ofly access the uniform authentication method of open website platform and a kind of website platform | |
| CN106664308B (en) | Device authentication prior to enrollment | |
| US20120240184A1 (en) | System and method for on the fly protocol conversion in obtaining policy enforcement information | |
| CN108011888B (en) | Method, device, storage medium and program product for realizing certificate reconstruction | |
| CN105592011A (en) | Account login method and account login device | |
| US11647008B2 (en) | Generating a negative answer to a domain name system query that indicates resource records as existing for the domain name regardless of whether those resource records actually exist | |
| US9635024B2 (en) | Methods for facilitating improved user authentication using persistent data and devices thereof | |
| CN102761520A (en) | Method and system for processing authentication information | |
| Bhutta et al. | Public‐key infrastructure validation and revocation mechanism suitable for delay/disruption tolerant networks | |
| CN105379176A (en) | System and method for validating SCEP certificate enrollment requests | |
| Geng et al. | Blockchain-inspired Framework for Runtime Verification of IoT Ecosystem Task Fulfillment | |
| CN112653557B (en) | Digital identity processing method, digital identity processing device, electronic equipment and readable storage medium | |
| CN111740833B (en) | Signature method, node, system and storage medium of blockchain network | |
| CN116805904A (en) | Application login method and related device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150422 |