CN116260625B - Unified authentication method for users under multi-node conditions in self-organizing network environment - Google Patents
Unified authentication method for users under multi-node conditions in self-organizing network environment Download PDFInfo
- Publication number
- CN116260625B CN116260625B CN202211727978.9A CN202211727978A CN116260625B CN 116260625 B CN116260625 B CN 116260625B CN 202211727978 A CN202211727978 A CN 202211727978A CN 116260625 B CN116260625 B CN 116260625B
- Authority
- CN
- China
- Prior art keywords
- node
- authentication
- user
- content
- authentication node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 15
- 230000007246 mechanism Effects 0.000 claims description 14
- 230000005540 biological transmission Effects 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 13
- 230000001360 synchronised effect Effects 0.000 claims description 6
- 238000012360 testing method Methods 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 2
- 210000001503 joint Anatomy 0.000 claims description 2
- 238000013475 authorization Methods 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 230000008520 organization Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000005484 gravity Effects 0.000 description 1
- 238000011900 installation process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开一种自组织网络环境多结点条件下用户的统一认证方法,基于内容链中的许可认证结点在用户注册、阅读设备加入以及注册结点加入内容链中时进行三重认证;包括:用户在内容链中注册时的用户认证:阅读设备加入内容链中时的设备认证:结点加入内容链中时的结点身份认证。本发明实现了当获取内容本身的时候需要通过认证许可结点进行结点认证、设备认证、用户认证三重认证,保证了内容链的安全性以及内容链数据的安全性,而且让内容链中其他结点将重心放在具体业务上,从而减轻内容链中其他结点的安全验证压力。
The present invention discloses a unified authentication method for users under multi-node conditions in a self-organizing network environment, which performs triple authentication based on the permission authentication node in the content chain when the user registers, the reading device joins, and the registration node joins the content chain; including: user authentication when the user registers in the content chain: device authentication when the reading device joins the content chain: node identity authentication when the node joins the content chain. The present invention realizes that when obtaining the content itself, the triple authentication of node authentication, device authentication, and user authentication needs to be performed through the authentication permission node, which ensures the security of the content chain and the security of the content chain data, and allows other nodes in the content chain to focus on specific services, thereby reducing the security verification pressure of other nodes in the content chain.
Description
Technical Field
The invention relates to the technical field of distributed self-organizing networks, in particular to a unified authentication method for users under the environment of the self-organizing network under the multi-node condition.
Background
An ad hoc network is a network combining mobile communication and computer networks, and is a type of mobile computer network. All nodes in an ad hoc network are equally located and are a peer-to-peer network. The nodes can be added and separated from the network at any time, and the faults of any node can not influence the operation of the whole network, so that the node has strong destructiveness.
The node authentication in the self-organizing network is mainly characterized in that three authentication handshake processes are needed for the authentication of the new node and the adjacent node, namely, the new node acquires authentication from an authentication server, the new node authenticates the adjacent node, and the adjacent node authenticates the new node. The authentication method in the prior art needs each node to have an authentication function.
The main mode of user authentication today is 2FA (Two Factor Authentication), which is called double factor authentication in Chinese, namely authentication needs to use two factors (information you know: password and information you own: verification code) together to be used as user identity authentication, and information you own is a credential type used for verifying whether someone or something is the identity or identity they claim. The dual authentication reduces the likelihood of an intruder masquerading as an authorized user.
The very widely used user authorization mechanism is oauth2.0, which is used to authorize a third party application to obtain user data, and oauth2.0 defines four authorization modes, namely an authorization code mode, a simplified mode, a password mode and a client mode. The authorization code mode is the authorization mode with the most complete function and the most strict flow. The method is characterized in that the background server of the client interacts with the authentication server of the service provider, so that information leakage caused by interaction between the user browser and the authentication server is avoided, the authentication authorization process is that the resource owner directly performs identity authentication through the authentication server, and the possibility of sharing the identity certificate of the resource owner with the client is avoided. The other modes are all simplified modes of this mode.
In order to start from the technical point of view of the bottom layer, the applicant independently develops a blockchain open source architecture which accords with the application scene of content publishing and develops a content chain. The content chain is an ad hoc network oriented to content distribution that takes advantage of the distributed autonomous network. It is therefore necessary to design a secure, uniform authentication mechanism in a distributed network environment, taking advantage of the present authentication mechanism and based on the characteristics of the content chain itself.
Disclosure of Invention
The invention aims at providing a unified authentication method for users under the environment of a self-organizing network under the condition of multiple nodes aiming at the technical defects in the prior art.
The technical scheme adopted for realizing the purpose of the invention is as follows:
A unified authentication method for users under multi-node condition in self-organizing network environment based on triple authentication of license authentication nodes in content chain when users register, reading equipment join and registration nodes join the content chain, so that users need to pass node authentication, equipment authentication and user authentication when obtaining content data in the content chain, realizing the safety of content chain operation and data transmission, comprising:
User authentication when a user registers in a content chain, namely, after the authentication node is permitted to pass the verification of identity information submitted by a registered user, returning a unique user id, and simultaneously generating a user identity public-private key for the registered user for automatic authentication in a mode of encrypting and decrypting the user identity public-private key in the processes of identity authentication, uploading and obtaining a content object;
The reading equipment in the content chain is to be added, an app program is submitted to a permission authentication node, then a test is carried out, the permission authentication node trusts the reading equipment after checking and passing, the permission authentication node distributes a public and private key of the equipment to be added to the reading equipment, the public and private key of the equipment is used for authenticating the equipment, the transmission data is encrypted by the public key of the equipment, and the private key is decrypted after the reading equipment obtains the transmission data;
The method comprises the steps of receiving registration information of a node from a root node, randomly generating a symmetric key as a password after the registration information of the node is filled in and submitted to the root node, returning the symmetric key to the registration node in a mail form, transmitting all information and the randomly generated password to a permission authentication node after the root node passes verification, generating a public and private key for the registration node after the permission authentication node receives the information, registering the type of the node to an information list of the permission authentication node, encrypting the public and private key of the node and the registration information of the node into an encryption packet by using the password transmitted by the root node, and transmitting the encryption packet to the registration node in a mail form, wherein the registration information of the node is used for confirming the current node information, and the public and private keys of the node are used for signature and signature verification when the content link is commonly known.
The license authentication node acts as a trusted CA organization, issues the CA certificate required in HTTPS transmission for the node requiring the CA certificate in the content chain, and the node requiring the CA certificate adds the CA certificate of the license authentication node into the trusted CA certificate of the node itself to trust all the CA certificates issued by the license authentication node.
The license authentication node comprises a main license authentication node and an auxiliary license authentication node, wherein the auxiliary license authentication node performs full backup on the content of the main license authentication node, and when the main license authentication node fails, the auxiliary license authentication node is switched to a working state.
The method comprises the steps of detecting heartbeats among a root node, a main license authentication node and an auxiliary license authentication node, switching the auxiliary license authentication node to a working state when the heartbeats of the main license authentication node are not detected, carrying out full-scale backup from the auxiliary license authentication node and operating with the identity of the auxiliary license authentication node after the main license authentication node is restored, repairing the auxiliary license authentication node when the heartbeats of the auxiliary license authentication node are not detected, and carrying out full-scale backup from the main license authentication node after the auxiliary license authentication node is restored to be normal.
When the auxiliary license authentication node is started, synchronizing data from the main license authentication node in a full-scale backup mode, and carrying out real-time incremental backup on the auxiliary license authentication node in order to enable the auxiliary license authentication node to be consistent with the data in the main license authentication node in the operation process; and when the primary license authentication node has data update, sending a synchronous message to the secondary license authentication node.
When the authenticated reading device is used for reading, the content chain sends an encrypted content object and a content license, wherein the content license is used for decrypting the content object, the content license is encrypted by the device public key and the user public key, and the authenticated reading device can use the device private key and the user private key to decrypt and read.
And when the user is authenticated and registered, the content chain is in butt joint with the release system, and the automatic association of the user account number of the user in the release system and the user account number in the content chain is realized through a user association mechanism.
The method comprises the following steps of automatically associating a user account in a release system with a user account in a content chain through a user association mechanism:
The method comprises the steps of storing login and registration information in two parts, storing one part in a release system, storing one part in a content chain and using a mailbox as a unique mark, firstly checking whether the user information exists in the release system when a new user is registered, if the user information does not exist in the release system, sending a request to a permission authentication node, checking the user information, if the permission authentication node does not exist, registering the user information at the permission authentication node and a local release end at the same time, if the user information exists in the permission authentication node, registering and associating the user on the content chain in the release system, inquiring the release system and the content chain when the user does not exist in the release system and sometimes, directly registering and associating the user in the release system in an implicit mode.
The invention reduces the safety requirement of other nodes in the content chain by the permission authentication node, and other nodes in the network do not store the content data and only store encrypted copies, thereby ensuring that the stored content is not lost after the nodes are attacked. When the content chain is accessed externally, other nodes are connected first, and then the other nodes access the license authentication node, so that the possibility of the license authentication node being attacked is further reduced.
Drawings
Fig. 1 is a schematic diagram of unified authentication of a user under a multi-node condition in an ad hoc network environment according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a user account association procedure at the time of user registration according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of a node authentication process according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the specific examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In the embodiment of the invention, the self-organizing network is a content chain taking a blockchain as an open source architecture, is a self-organizing network which absorbs the advantages of a distributed autonomous network and faces to content distribution, is a network combining mobile communication and a computer network, is a mobile computer network, and in the self-organizing network of the content chain, comprises a plurality of nodes, and the positions of all the nodes are equal, thus being a peer-to-peer network. Each node can join and leave the self-organizing network at any time, and the faults of any node can not influence the operation of the whole network, so that the self-organizing network has strong survivability. The content chain includes a license authentication node and other nodes, such as a content node for storing content object data, to which the transaction records are synchronized, the license authentication node verifying whether the user has content license rights based on the transaction records.
In the embodiment of the invention, the nodes represent a plurality of unit structures which are mutually communicated and connected to form a digital content chain network, and the unit structures which form the content chain are mutually communicated to form a network structure, and are different from the meanings of the nodes which are sequentially arranged in the traditional blockchain.
In the embodiment of the invention, the unified authentication of the user under the multi-node condition of the self-organizing network environment is shown in fig. 1, the authentication process is realized through the approval authentication node in the content chain self-organizing network, and triple authentication is performed through the approval authentication node when the user is registered, reading equipment is added and the registration node is added into the content chain, so that the operation safety of the content chain and the safety of data transmission are realized. The permission authentication node provides authentication function for the self-organizing network and ensures the security of the content data. The existence of the permission authentication node reduces the security requirement of other nodes, other nodes in the network do not store content data per se, only store encrypted copies, ensure that the stored content cannot be lost after the node is attacked, and when the content per se is acquired, the node authentication, the equipment authentication and the user authentication are required to be passed, and the design mode enables the other nodes to place the center of gravity on specific services, so that the pressure of the other nodes is reduced. When the content chain is accessed externally, other nodes are connected first, and then the other nodes access the license authentication node, so that the possibility of the license authentication node being attacked is further reduced.
In the embodiment of the invention, the license authentication node distributes keys of the following types:
The public key of the user identity is an asymmetric key, the public key in the public key of the user identity is called as the public key of the user, and the private key in the public key of the user identity is called as the private key of the user. The method is used for authenticating the identity of the reader when the user reads, authorizing the reader, using the public key of the user to encrypt the content encryption key, and if the reader has the right to use certain content object data, decrypting the content encryption key by using the private key of the user, and decrypting and reading the content object data.
The public key of the node is an asymmetric key, which consists of public key pairs of other nodes in the content chain, wherein the public key in the public key of the node is called the public key of the node, and the private key in the public key of the node is called the private key of the node. The public and private keys of the nodes are used for identity authentication of the content link nodes in the consensus process, and the public and private keys comprise the steps that the nodes sign and verify transactions, so that the nodes added into the content link are ensured to be safe and reliable.
The public keys of the equipment are asymmetric keys, the public keys in the public keys of the equipment are called as the public keys of the equipment, and the private keys in the public keys of the equipment are called as the private keys of the equipment. The public and private keys of the equipment are used for authenticating and authorizing the equipment used for reading the copyrighted content by the user, the authorized equipment can read the copyrighted content, unauthorized equipment is prevented from maliciously acquiring the copyrighted content, and the security of the copyrighted content is protected. When a reader reads by using the reading device, the device passing through the authentication is authenticated by the licensed authentication node, and the content encryption key can be decrypted by using the device private key.
The embodiment of the invention provides a user authentication mode, a license authentication node distributes a user identity public and private key for a content chain registered user, is used for solving the user identity authentication problem among all functional modules of a content chain, realizes user identity authentication in a decryption or signature verification mode, and provides a user association mechanism of the content chain user and other release system users.
When a user registers in a content chain, necessary information capable of proving identity is required to be provided according to prompt, the information is sent to a permission authentication node, after the permission authentication node checks and passes the identity information submitted by the registered user, the unique user id is returned, and meanwhile, the permission authentication node generates a user identity public and private key for the registered user and is used for carrying out identity authentication on each functional module of the content chain, and the user identity public and private key encryption and decryption modes are automatically authenticated in the processes of uploading and obtaining a content object.
In addition, the content chain may interface with the distribution system. At this time, the automatic association between the user account number of a certain user in the release system and the user account number in the content chain can be realized through a user association mechanism. The specific flow is shown in figure 2. The method comprises the steps of firstly checking whether the user information exists in a release system when a new user is registered, sending a request to a permission authentication node to check the user information if the user information does not exist, registering the user information at the permission authentication node and a local release end simultaneously if the permission authentication node does not exist, registering and associating the user information on a content chain in the release system if the user information exists in the permission authentication node, and inquiring the release system and the content chain in the same way when the user is not present in the release system and the content chain is sometimes registered and associated in the release system.
The embodiment of the invention provides a device authentication mode, which distributes a device public and private key for a device trusted by a content chain, all transmission data are encrypted by the device public key, the private key is decrypted after the device is acquired, illegal devices are prevented from maliciously acquiring the content, and in the content chain, different types of reading devices are allowed to join and read. In order to prevent illegal devices from maliciously acquiring content, for a new type of device to join a device in a content chain, an app program needs to be submitted to a license authentication node, then a test is performed, the device is trusted after passing manual verification, and the license authentication node distributes a device public and private key to the device to be joined.
The device public and private keys are used for authenticating the device, when a reader reads the device, the content chain sends an encrypted content object and a content license, the content license is used for decrypting the content object, the content license is also encrypted through the device public key and the user public key, and only the reading device authenticated by the license authentication node can use the device private key and the user private key to decrypt and read.
The user private key is not directly usable by the reading device, and the use flow is as follows:
Step 11, after the user logs in the device, the user basic information can be checked, and when the user obtains the content object, the (reading) device firstly checks whether the user key is encrypted or not. If not, the user private key is acquired to the CA mechanism (approved authentication node), the CA mechanism returns the encrypted user private key (the encrypted password is the user content chain password), and if yes, the user private key is not acquired any more.
And step 12, after the user requests the content object, the user agrees to the device to decrypt and read by using the private key for the first time, the user needs to input a content chain password of the user, the identity of the user is verified, the password is input on a page provided by the CA mechanism, the private key of the user is decrypted after the password is successful, and the content license is decrypted by using the private key of the user.
Step 13, the user selects whether to trust the equipment, if the equipment is trusted, the equipment does not need to input a password later, otherwise, the password is needed to be input every time.
The embodiment of the invention provides a node authentication method, which ensures the credibility of the node added into the content chain, namely, when a new node wants to be added into the content chain, the identity authentication of the node is needed, the node added into the content chain is ensured not to be a malicious node, and the safe and stable operation of the content chain is ensured. The flow of (registration) nodes joining the content chain is shown in fig. 3:
And 21, downloading a content chain installation program by a user, namely when a new node is to be added into the content chain, firstly downloading codes, and then installing the content chain.
Step 22, installing a content chain, namely automatically generating a configurable script in the process of installing codes, wherein the configurable script comprises basic configuration information:
license agreement-the user can continue to install after accepting or agreeing to the license agreement.
And setting the installation path, namely setting the catalog of the installation codes by the user.
User password, setting password of login manager configuration interface by user.
Ccnoder is used as a user name, a password input by a user is used as a user password to be written into a configuration file, so that the subsequent user can carry out identity authentication when logging in an administrator configuration interface, and the user password is encrypted and stored through the sha 256.
Step 23, starting the program
After the code is installed successfully, the user starts, at this time, an administrator configuration interface is started, and the user can apply for registration of the node on the interface.
Step 24, login
The user logs in by using the user name and the password generated in the installation process, and enters an administrator configuration interface after the identity authentication is passed.
Step 25, node registration
After entering the administrator configuration interface, corresponding information is filled in according to the prompt, and if related information is originally available, the corresponding information is directly filled in. If not, apply for. The application flow is as follows:
Step 251, filling basic information according to the requirement, including organization name, organization abbreviation, organization code, address, contact person telephone, mail, etc., after filling, submitting the information.
Step 252, the information is submitted to the root node, the root node receives the registration application, then randomly generates a symmetric key as a password, and returns the symmetric key to the registration node in the form of a mail, wherein the mail comprises the following contents that the information is submitted to the root node for verification, the information is waited for, the notification is carried out in the form of a mail after the verification is passed, and the encrypted package (the public and private keys of the node and the encrypted form of the registration information related to the node) can be checked by using the password contained in the mail after the notification is received.
Step 252, the root node performs manual verification, and after the verification is passed, all information and the password randomly generated in the previous step are sent to the permission authentication node together.
Step 253, after receiving the information, the license authentication node generates a public and private key for the node, registers the type of the node to an information list of the license authentication node, encrypts the public and private key of the node and the registration information related to the node into an encrypted packet by using a password transmitted by a root node, and transmits the encrypted packet to the registration node in a mail form, wherein the registration information related to the node is used for confirming the current node information, and the public and private key of the node is used for signing and checking signature when the content links are identified.
Furthermore, the embodiment of the invention provides a certificate issuing mechanism of HTTPS, which ensures the safety of data in the transmission process, and the HTTPS is required to be used for safety transmission in a content chain system. In conventional solutions, a self-visa needs to be generated, which is then used in HTTP SERVER. Since the browser does not trust the self-visa, in order to solve the problem of browser trust, the CA certificate used by the self-visa needs to be added to the trusted CA certificate of the system or browser, thereby avoiding the problem. Thus, in the content chain, the license authentication node acts as a trusted CA authority to issue the CA certificates required in HTTPS transmissions to other nodes that require the CA certificates. Other nodes requiring a CA certificate add the CA certificate of the license authentication node to their own trusted CA certificate, thereby trusting all CA certificates issued by the license authentication node.
In order to ensure that the normal operation of a content chain is not influenced when the license authentication node fails, a backup mechanism of a main license authentication node and a secondary license authentication node is provided, so that network paralysis caused by node failure can be prevented, and the survivability of the license authentication node is ensured. The auxiliary license authentication node performs full backup on the content of the main license authentication node, and the functions of the auxiliary license authentication node are the same except that the working states of the auxiliary license authentication node and the main license authentication node are different in the content chain network.
The backup mode comprises full backup and incremental backup, wherein the full backup refers to the backup of all data in the main permission authentication node, and the incremental backup refers to the backup of modified data on the basis of the last data backup.
Specifically, the backup flow of the primary license authentication node and the secondary license authentication node is as follows:
When the auxiliary node is started, the data is synchronized from the main node in a full-volume backup mode, and then, in order to ensure that the auxiliary node is consistent with the data in the main node to the greatest extent, the auxiliary node needs to perform real-time incremental backup. In the operation process, when the main node has data update, the synchronous message is sent to the auxiliary node.
Specifically, the switching process of the primary permission authentication node and the secondary permission authentication node is as follows:
When the primary permission authentication node fails, the secondary permission authentication node is switched to a working state in time, so that whether the primary permission authentication node and the secondary permission authentication node are in a normal state is monitored at any time. And ensuring that the primary license authentication node and the secondary license authentication node are in a normal state through heartbeat detection between a root node in the content chain and the primary license authentication node and the secondary license authentication node. When the heartbeat of the master license authentication node is not detected, the slave license authentication node is switched to a working state, and after the master license authentication node is recovered, full-scale backup is performed from the slave license authentication node, and then the slave license authentication node operates according to the identity of the slave license authentication node. When the heartbeat of the auxiliary license authentication node is not detected, the auxiliary license authentication node is repaired in time, and after the auxiliary license authentication node is recovered to be normal, the full-quantity backup is carried out from the main license authentication node.
In the embodiment of the application, the root node is the node with the highest management authority in the content chain, and can realize the control of backup switching of the primary and secondary permission authentication nodes, the verification of the joining node in the content chain, the generation of related keys and the like.
While the fundamental and principal features of the invention and advantages of the invention have been shown and described, it will be apparent to those skilled in the art that the invention is not limited to the details of the foregoing exemplary embodiments, but may be embodied in other specific forms without departing from the spirit or essential characteristics thereof;
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Furthermore, it should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is provided for clarity only, and that the disclosure is not limited to the embodiments described in detail below, and that the embodiments described in the examples may be combined as appropriate to form other embodiments that will be apparent to those skilled in the art.
Claims (8)
1. The unified authentication method for the user under the multi-node condition of the self-organizing network environment is characterized in that the triple authentication is carried out based on the permission authentication node in the content chain when the user registers, the reading equipment joins and the registration node joins the content chain, so that the user needs to pass the node authentication, the equipment authentication and the user authentication when obtaining the content data in the content chain, the safety of the operation of the content chain and the safety of the data transmission are realized, and the unified authentication method comprises the following steps:
User authentication when a user registers in a content chain, namely, after the authentication node is permitted to pass the verification of identity information submitted by a registered user, returning a unique user id, and simultaneously generating a user identity public-private key for the registered user for automatic authentication in a mode of encrypting and decrypting the user identity public-private key in the processes of identity authentication, uploading and obtaining a content object;
The reading equipment in the content chain is to be added, an app program is submitted to a permission authentication node, then a test is carried out, the permission authentication node trusts the reading equipment after checking and passing, the permission authentication node distributes a public and private key of the equipment to be added to the reading equipment, the public and private key of the equipment is used for authenticating the equipment, the transmission data is encrypted by the public key of the equipment, and the private key is decrypted after the reading equipment obtains the transmission data;
The method comprises the steps of receiving registration information of a node from a root node, randomly generating a symmetric key as a password after the registration information of the node is filled in and submitted to the root node, returning the symmetric key to the registration node in a mail form, transmitting all information and the randomly generated password to a permission authentication node after the root node passes verification, generating a public and private key for the registration node after the permission authentication node receives the information, registering the type of the node to an information list of the permission authentication node, encrypting the public and private key of the node and the registration information of the node into an encryption packet by using the password transmitted by the root node, and transmitting the encryption packet to the registration node in a mail form, wherein the registration information of the node is used for confirming the current node information, and the public and private keys of the node are used for signature and signature verification when the content link is commonly known.
2. The unified authentication method of users under multi-node conditions in an ad hoc network environment according to claim 1, wherein the license authentication node acts as a trusted CA authority, issues CA certificates required in HTTPS transmission to nodes requiring CA certificates in the content chain, and the nodes requiring CA certificates add the CA certificates of the license authentication node to their own trusted CA certificates, trusting all CA certificates issued by the license authentication node.
3. The unified authentication method of users under multi-node condition of self-organizing network environment according to claim 1, wherein the license authentication nodes comprise a master license authentication node and a slave license authentication node, the slave license authentication node performs full backup on the content of the master license authentication node, and when the master license authentication node fails, the slave license authentication node is switched to a working state.
4. The unified authentication method of users under the multi-node condition of the self-organizing network environment according to claim 1, wherein the master license authentication node and the auxiliary license authentication node are in a normal state through heartbeat detection among a root node, the master license authentication node and the auxiliary license authentication node, the auxiliary license authentication node is switched to a working state when the heartbeat of the master license authentication node is not detected, full-quantity backup is carried out from the auxiliary license authentication node and the auxiliary license authentication node operates according to the identity of the auxiliary license authentication node after the master license authentication node is recovered, the auxiliary license authentication node is repaired when the heartbeat of the auxiliary license authentication node is not detected, and full-quantity backup is carried out from the master license authentication node after the auxiliary license authentication node is recovered to be normal.
5. The unified authentication method of users under multi-node condition of self-organizing network environment according to claim 4, wherein when the auxiliary license authentication node is started, the data is synchronized from the main license authentication node in a full backup mode, in the operation process, in order to make the auxiliary license authentication node consistent with the data in the main license authentication node, the auxiliary license authentication node performs real-time incremental backup, and when the main license authentication node has data update, the synchronous message is sent to the auxiliary license authentication node.
6. The unified authentication method of a user under a multi-node condition in an ad hoc network environment according to claim 1, wherein the content chain transmits an encrypted content object and a content license when reading by using an authenticated reading device, wherein the content license is used for decrypting the content object, the content license is doubly encrypted by a device public key and a user public key, and the reading device authenticated by the licensed authentication node can decrypt the reading by using a device private key and a user private key.
7. The unified authentication method of users under the environment of multiple nodes of the self-organizing network according to claim 1, wherein the content chain is in butt joint with the issuing system when the users are authenticated and registered, and the automatic association of the user account in the issuing system and the user account in the content chain is realized through a user association mechanism.
8. The unified authentication method of users under the environment of multi-nodes of self-organizing network according to claim 7, wherein the step of realizing the automatic association of user account numbers in the distribution system and user account numbers in the content chain by a user association mechanism is as follows:
The method comprises the steps of storing login and registration information in two parts, storing one part in a release system, storing one part in a content chain and using a mailbox as a unique mark, firstly checking whether the user information exists in the release system when a new user is registered, if the user information does not exist in the release system, sending a request to a permission authentication node, checking the user information, if the permission authentication node does not exist, registering the user information at the permission authentication node and a local release end at the same time, if the user information exists in the permission authentication node, registering and associating the user on the content chain in the release system, inquiring the release system and the content chain when the user does not exist in the release system and sometimes, directly registering and associating the user in the release system in an implicit mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211727978.9A CN116260625B (en) | 2022-12-29 | 2022-12-29 | Unified authentication method for users under multi-node conditions in self-organizing network environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211727978.9A CN116260625B (en) | 2022-12-29 | 2022-12-29 | Unified authentication method for users under multi-node conditions in self-organizing network environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116260625A CN116260625A (en) | 2023-06-13 |
| CN116260625B true CN116260625B (en) | 2025-04-22 |
Family
ID=86687152
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211727978.9A Active CN116260625B (en) | 2022-12-29 | 2022-12-29 | Unified authentication method for users under multi-node conditions in self-organizing network environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116260625B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114238867A (en) * | 2022-02-28 | 2022-03-25 | 南开大学 | A kind of automatic switching access method of distributed multi-backup copyright content |
| CN114880629A (en) * | 2022-03-07 | 2022-08-09 | 南开大学 | Content copyright protection method for distributed open environment |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11394559B2 (en) * | 2017-06-02 | 2022-07-19 | Visa International Service Association | Methods and systems for ownership verification using blockchain |
| CN109729093A (en) * | 2019-01-17 | 2019-05-07 | 重庆邮电大学 | A blockchain-based digital copyright registration technology |
| CN114996664B (en) * | 2022-06-13 | 2024-04-23 | 中国科学院沈阳自动化研究所 | Digital copyright protection method based on block chain |
-
2022
- 2022-12-29 CN CN202211727978.9A patent/CN116260625B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114238867A (en) * | 2022-02-28 | 2022-03-25 | 南开大学 | A kind of automatic switching access method of distributed multi-backup copyright content |
| CN114880629A (en) * | 2022-03-07 | 2022-08-09 | 南开大学 | Content copyright protection method for distributed open environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116260625A (en) | 2023-06-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8024488B2 (en) | Methods and apparatus to validate configuration of computerized devices | |
| RU2297037C2 (en) | Method for controlling protected communication line in dynamic networks | |
| JP5860815B2 (en) | System and method for enforcing computer policy | |
| CN101605137B (en) | Safe distribution file system | |
| CA2357792C (en) | Method and device for performing secure transactions | |
| US20050055552A1 (en) | Assurance system and assurance method | |
| US20090158394A1 (en) | Super peer based peer-to-peer network system and peer authentication method thereof | |
| US20060143442A1 (en) | Automated issuance of SSL certificates | |
| JP5602165B2 (en) | Method and apparatus for protecting network communications | |
| KR102756028B1 (en) | Improved transmission of in-vehicle data or messages using SOME/IP communication protocol | |
| US20140317400A1 (en) | System and method for validation and enforcement of application security | |
| US11218317B1 (en) | Secure enclave implementation of proxied cryptographic keys | |
| US11502827B1 (en) | Exporting remote cryptographic keys | |
| JP2001186122A (en) | Authentication system and authentication method | |
| JP4783340B2 (en) | Protecting data traffic in a mobile network environment | |
| CN113239376A (en) | Data sharing method, request method and device based on block chain | |
| KR20170111809A (en) | Bidirectional authentication method using security token based on symmetric key | |
| CN118590884A (en) | A secure wireless connection method and system for controlling a ball | |
| CN116260625B (en) | Unified authentication method for users under multi-node conditions in self-organizing network environment | |
| JP4336874B2 (en) | Configuration information providing system, configuration information management server, access authentication server, client, and program | |
| CN115152179A (en) | Secure communication between device and remote server | |
| JP2005165671A (en) | Authentication server multiplexing system and multiplexing method thereof | |
| CN118174902B (en) | Distributed device authentication method and system based on pre-embedded secure asymmetric key | |
| JP4219076B2 (en) | Electronic document management method, electronic document management system, and recording medium | |
| CN119382888B (en) | User authentication method, intelligent service system, device, medium, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |