[go: up one dir, main page]

WO2018145605A1 - Procédé et serveur d'authentification, et dispositif de contrôle d'accès - Google Patents

Procédé et serveur d'authentification, et dispositif de contrôle d'accès Download PDF

Info

Publication number
WO2018145605A1
WO2018145605A1 PCT/CN2018/075201 CN2018075201W WO2018145605A1 WO 2018145605 A1 WO2018145605 A1 WO 2018145605A1 CN 2018075201 W CN2018075201 W CN 2018075201W WO 2018145605 A1 WO2018145605 A1 WO 2018145605A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
server
control device
access control
access request
Prior art date
Application number
PCT/CN2018/075201
Other languages
English (en)
Chinese (zh)
Inventor
袁哲
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2018145605A1 publication Critical patent/WO2018145605A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present application relates to the field of information security technologies, and in particular, to an authentication method, a server, and an access control device.
  • Cloud service providers can provide users with a large number of cloud services or cloud products.
  • the cloud resources on which the cloud services are based can be managed through a management platform.
  • users can access cloud resources through the cloud service management platform.
  • the cloud service management platform not all users have the right to access cloud resources. Therefore, the access user needs to be authenticated to determine whether the user has access. Permissions.
  • the embodiment of the present invention provides an authentication method, a server, and an access control device.
  • a temporary key to generate a signature for authentication, the risk of the inherent private key being compromised can be avoided, and the security of the inherent private key is ensured.
  • An embodiment of the present application provides an authentication method, including:
  • the server authenticates the resource access request
  • the server processes the resource access request.
  • An embodiment of the present application provides an authentication method, including:
  • the access control device receives the resource access request initiated by the user
  • the access control device encrypts the resource access request by using a stored temporary key to generate a first signature, where the temporary key is previously allocated by the server for the access control device;
  • the access control device sends the resource access request and the first signature to the server to enable the server to authenticate the resource access request.
  • An embodiment of the present application provides a server, including: a processor and a memory, where the computer stores readable instructions, where the computer readable instructions are executed by the processor to complete the following operations:
  • the resource access request is authenticated
  • the resource access request is processed.
  • An embodiment of the present application provides an access control apparatus, including: a processor and a memory, where the computer stores computer readable instructions that are executed by the processor to perform the following operations:
  • the embodiment of the present application provides an authentication method for a server, where the server includes a processor and a memory, and the method includes the following steps:
  • the server authenticates the resource access request
  • the server processes the resource access request.
  • the embodiment of the present application provides an authentication method for accessing a control device, where the access control device includes a processor and a memory, and the method includes:
  • the access control device receives the resource access request initiated by the user
  • the access control device encrypts the resource access request by using a stored temporary key to generate a first signature, where the temporary key is previously allocated by the server for the access control device;
  • the access control device sends the resource access request and the first signature to the server to enable the server to authenticate the resource access request.
  • Embodiments of the present application provide a non-volatile storage medium in which computer readable instructions are stored, which may be executed by a processor to perform the following operations:
  • the resource access request is authenticated
  • the resource access request is processed.
  • Embodiments of the present application provide a non-volatile storage medium in which computer readable instructions are stored, which may be executed by a processor to perform the following operations:
  • FIG. 1 is a schematic diagram of an application environment of an authentication method provided by an embodiment of the present application.
  • FIG. 2a is a schematic flowchart of an authentication method provided by an embodiment of the present application.
  • 2b is a schematic flowchart of another authentication method provided by an embodiment of the present application.
  • FIG. 3 is a schematic flowchart of another authentication method provided by an embodiment of the present application.
  • FIG. 4 is a diagram showing an example of an authentication method provided by an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a server according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of an access control apparatus according to an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of another server according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of another access control apparatus according to an embodiment of the present application.
  • the cloud service management platform needs to generate a signature for the access request of the user to access the cloud resource, and send the signature and the access request to the server corresponding to the cloud service management platform, so that the server verifies the signature, if the verification passes
  • the access request is authenticated to determine the authentication result, and the signature in the cloud service management platform is generated by encrypting the access request according to the user's inherent private key, because the user's inherent private key is saved by the server, and the cloud service is
  • the management platform needs to generate a signature, it will directly obtain the user's inherent private key from the server, so that in the process of transmitting the inherent private key, the inherent private key is easily exposed, and the security of the user's inherent private key transmission is reduced.
  • the embodiment of the present application provides an authentication method, a server, and an access control device, which can reduce the risk of user key leakage and improve the overall security of the authentication system.
  • FIG. 1 is a schematic diagram of an application environment of an authentication method according to an embodiment of the present application. These include the client 101 and the server 102. Among them, the client 101. Client 101 and server 102 can communicate over a network.
  • the access control device may be any device having communication and storage functions, such as a computer, a mobile phone computer, etc.; or the function of the access control device may be in any device having communication and storage functions.
  • Implementation such as client 101 of FIG. 1 or server 102.
  • the client 101 can be any device capable of implementing intelligent input and output, such as a computer, or other devices having the above structure.
  • the access control device receives the user-initiated resource access request; the access control device encrypts the resource access request by using the stored temporary key to generate a first signature, where the temporary key is previously controlled by the server for the access control Assigned by the device; the access control device sends the resource access request and the first signature to the server to enable the server to authenticate the resource access request.
  • the server 102 involved in FIG. 1 may be a background device that allocates a key and can authenticate a resource access request, etc., which is not limited in this embodiment of the present application.
  • the server can provide services such as computing, storage, database, video, security, network, content distribution network (CDN) and acceleration, big data, artificial intelligence (AI), etc., along with other devices of the cloud service provider.
  • services such as computing, storage, database, video, security, network, content distribution network (CDN) and acceleration, big data, artificial intelligence (AI), etc., along with other devices of the cloud service provider.
  • CDN content distribution network
  • AI artificial intelligence
  • the server Receiving, by the server, a resource access request and a first signature sent by the access control device, where the first signature is generated by the access control device by using the stored temporary key to encrypt the resource access request; a temporary key allocated by the access control device, and encrypting the resource access request by using the temporary key to generate first verification data; if the first signature matches the first verification data, the The server authenticates the resource access request; if the authentication result of the resource access request is authentication, the server processes the resource access request.
  • FIG. 2 is a schematic flowchart of an authentication method according to an embodiment of the present application. As shown in FIG. 2a, the method in the embodiment of the present application is performed by a server, and may include the following steps 101-104.
  • the server receives a resource access request and a first signature sent by the access control device, where the first signature is generated by the access control device by using the stored temporary key to encrypt the resource access request.
  • the application programming interface (API) in the server authenticates each resource access request, that is, each resource access request needs to include signature information (Signature) in the public request parameter to verify the identity of the requester.
  • the server receives the resource access request and the first signature sent by the access control device.
  • the first signature is generated by the access control device, and is specifically generated by encrypting the resource access request by using a stored temporary key.
  • the temporary key may be allocated by the server for the access control device.
  • the temporary key has a certain timeliness, that is, the temporary key is valid within a certain time range and fails in other time ranges.
  • the temporary key is, for example, a key Key.
  • the server may simultaneously allocate a key ID for identifying the identity of the access control device, and the server may configure a certain key ID to invoke the API.
  • the key ID can be transmitted over the clear text network.
  • the access control device can simultaneously transmit the key ID when transmitting the resource access request and the first signature to the server.
  • the temporary key can also include a session token (Token).
  • Token session token
  • the server and the access control device stipulate a preset encryption algorithm, and the access control device encrypts the resource access request by using a temporary key according to a preset encryption algorithm to generate a first signature.
  • the preset encryption algorithm may be, for example, a Data Encryption Standard (DES), an International Data Encryption Algorithm (IDEA), or the like.
  • the resource access request is a request by a user to request a server to access a target access resource.
  • the resource access request includes, for example, a user identification, information of a target access resource, and a target operation mode of accessing the resource to the target.
  • the user identifier is used to mark a user who performs a target operation mode on the target access resource, for example, a user account. In the case where the user has multiple accounts, the user's root account and sub-account may be included.
  • the target access resource may be, for example, a file, data, or the like in the server, and the target operation mode may be a read instruction, a delete instruction, a write instruction, or the like.
  • the manner in which the target operation mode is included in the embodiment of the present application is not limited.
  • the target access resources may also be cloud server resources, databases, virtual private clouds (VPCs), and the like.
  • Users can use the API provided by the cloud server to perform related operations on the cloud server: such as creating, changing bandwidth, restarting, and so on.
  • the creation operation is, for example, to create a volume-based cloud server.
  • the restart operation is, for example, restarting one or more cloud servers.
  • Changing the bandwidth operation is, for example, changing the bandwidth of the cloud server.
  • the server acquires the stored temporary key allocated to the access control device, and encrypts the resource access request by using the temporary key to generate first verification data.
  • the server acquires the stored temporary key allocated to the access control device, where the temporary key stored by the server corresponds to the access control device, and at the same time, There is only one temporary key corresponding to the access control device.
  • the server may save the temporary key and the device identifier of the access control device, and further, the access control device may carry the access control device together with the resource access request and the first signature.
  • Device identifier for example, a key ID, such that after the server receives the resource access request, the first signature, and the device identifier, the server searches for a temporary key corresponding to the device identification key ID, ie, the key Key .
  • the server encrypts the resource access request by using a stored temporary key to generate first verification data. The first verification data is used to compare with the received first signature to determine whether the access control device is legitimate.
  • the server authenticates the resource access request.
  • the server matches the received first signature with the generated first verification data, and if the first signature matches the first verification data, the server determines that the access control device is legal. And authenticating the resource access request.
  • the server determines that the access control device is invalid, and does not authenticate the resource access request.
  • the server may transmit a notification message to the access control device indicating that the access control device fails to pass the verification.
  • the specific process of the server for authenticating the resource access request may obtain, by the server, an accessible resource corresponding to the user identifier and an operable manner for the accessible resource. Determining, by the server, whether the target access resource exists in the accessible resource; if the target access resource exists, the server determining whether the target operation mode exists in an operable manner of the target access resource; If the target operation mode exists, the server determines that the authentication result of the resource access request is an authentication pass. If the target access method does not exist in the accessible resource, or the target operation method does not exist in the operable mode, the server determines that the authentication result of the resource access request is that the authentication fails. In this case, the server may send a notification message to the access control device that the resource access request cannot be performed.
  • the server processes the resource access request.
  • the server processes the resource access request.
  • the server processes the target access resource according to the target operation mode in the resource access request, and after the process is completed, the server may feed back the processing result to the access control device, so that the user knows that the The result of processing the resource access request.
  • the server receives the resource access request and the first signature sent by the access control device, where the first signature is generated by the access control device using the stored temporary key to encrypt the resource access request; and the server adopts the stored access control.
  • the temporary key allocated by the device encrypts the resource access request to generate the first verification data. If the first signature matches the first verification data, the server authenticates the resource access request; if the authentication is passed, the server pairs Resource access requests are processed.
  • the signature to be verified is generated by using a temporary key, so that the server does not need to transmit the inherent key, thereby avoiding the risk of the inherent private key being leaked, thereby ensuring the security of the inherent private key.
  • FIG. 2b a schematic flowchart of another authentication method is provided in the embodiment of the present application.
  • the method in the embodiment of the present application is performed by the access control device, and may include the following steps 201-203.
  • the access control device can be on the client side or on the server side.
  • the access control device receives a resource access request initiated by the user.
  • the access control device receives a resource access request initiated by the user to access the target access resource, and the user may initiate a resource access request by using an access control platform or page provided by the access control device. Further, the user can initiate a resource access request after successfully logging in through the user name and login password in the access control platform or page.
  • the resource access request is a request by a user to request a server to access a target access resource.
  • the resource access request includes, for example, a user identification, information of a target access resource, and a target operation mode of accessing the resource to the target.
  • the user identifier is used to mark a user who performs a target operation mode on the target access resource, for example, a user account. In the case where the user has multiple accounts, the user's root account and sub-account may be included.
  • the target access resource may be, for example, a file, data, or the like in the server, and the target operation mode may be a read instruction, a delete instruction, a write instruction, or the like.
  • the manner in which the target operation mode is included in the embodiment of the present application is not limited.
  • the target access resources may also be cloud server resources, databases, virtual private clouds (VPCs), and the like.
  • Users can use the API provided by the cloud server to perform related operations on the cloud server: such as creating, changing bandwidth, restarting, and so on.
  • the creation operation is, for example, to create a volume-based cloud server.
  • the restart operation is, for example, restarting one or more cloud servers.
  • Changing the bandwidth operation is, for example, changing the bandwidth of the cloud server.
  • the access control device encrypts the resource access request by using a stored temporary key to generate a first signature, where the temporary key is previously allocated by the server for the access control device.
  • the access control device encrypts the resource access request by using a stored temporary key to generate a first signature.
  • the temporary key is allocated by the server to the access control device. It can be understood that the temporary key has a certain time validity, that is, the temporary key is valid within a certain time range. Invalid in other time frames.
  • the temporary key is, for example, a key Key.
  • the server allocates a temporary key to the access control device, the server may simultaneously allocate a key ID for identifying the identity of the access control device, and the server may configure a certain key ID to invoke the API.
  • the key ID can be transmitted over the clear text network.
  • the access control device can simultaneously transmit the key ID when transmitting the resource access request and the first signature to the server.
  • the temporary key can also include a session token (Token).
  • Token session token
  • the server and the access control device stipulate a preset encryption algorithm, and the access control device encrypts the resource access request by using a temporary key according to a preset encryption algorithm to generate a first signature.
  • the preset encryption algorithm may be, for example, DES, IDEA, or the like.
  • the access control apparatus sends the resource access request and the first signature to the server, so that the server authenticates the resource access request.
  • the access control device sends the resource access request and the first signature to the server, so that the server authenticates the resource access request.
  • the access control device may further carry the device identifier of the access control device, that is, the key ID, so that the resource access request, the first signature, and the server are received at the server.
  • the server After the device is identified, the server searches for a temporary key corresponding to the device identification key ID, that is, a key Key, and after the server finds the temporary key corresponding to the device identifier, generates the first verification data to complete the authentication. .
  • the access control device encrypts the received resource access request by using a temporary key to generate a first signature, and the temporary key is previously allocated by the server for the access control device, and the resource access request and the first
  • the signature is sent to the server, so that the server authenticates the resource access request, so that the inherent private key of the user is not needed, and the risk of the inherent private key being compromised is avoided, thereby ensuring the security of the inherent private key.
  • FIG. 3 is a schematic flowchart diagram of another authentication method according to an embodiment of the present application. As shown in FIG. 3, the method in the embodiment of the present application is performed by a server and an access control device, and may include the following steps 301-314.
  • the access control device receives a resource access request initiated by a user.
  • the access control device receives a resource access request initiated by the user to request access to the target access resource.
  • the user may initiate a resource access request by using an access control platform or a page provided by the access control device.
  • the user can initiate a resource access request after successfully logging in through the user name and login password in the access control platform or page.
  • the resource access request includes, for example, a user identifier, a target access resource, and a target operation mode for accessing the resource to the target.
  • the user identifier is used to mark the user who performs the target operation mode on the target access resource.
  • the target access resource may be, for example, a file, data, or the like in the server, and the target operation mode may be a read instruction, a delete instruction, a write instruction, or the like.
  • the embodiment of the present application does not limit the manner in which the target operation mode is included.
  • the access control device encrypts the resource access request by using a fixed key to generate a second signature, where the fixed key is allocated by the server for the access control device.
  • the access control device encrypts the resource access request by using a fixed key to generate a second signature.
  • the fixed key is allocated by the server for the access control device, and the fixed key is in one-to-one correspondence with the access control device.
  • the fixed key is sent to the access control device, and after receiving the fixed key, the access control device will The fixed key is saved, and when the access control device needs to send a temporary key acquisition request to the server, acquiring the stored fixed key, and encrypting the resource access request by using a fixed key to generate Second signature.
  • the access control device sends a temporary key acquisition request to the server.
  • the access control device sends a temporary key acquisition request to the server, where the temporary key acquisition request carries the resource access request and the second signature, so that the server pairs the second signature
  • the temporary key is assigned to the access control device after the verification is passed.
  • the server and the access control device may jointly agree on an encryption algorithm used for the second signature in the temporary key acquisition request, so that the server can determine the second signature after receiving the temporary key acquisition request.
  • the encryption algorithm used may be any encryption algorithm used for the second signature in the temporary key acquisition request.
  • the server receives a temporary key acquisition request sent by the access control device.
  • the server receives a temporary key acquisition request sent by the access control device, where the temporary key acquisition request carries a resource access request and a second signature.
  • the temporary key acquisition request may further carry the device identifier of the access control device, so that the server determines, after receiving the temporary key acquisition request, a fixed density corresponding to the device identifier. key.
  • the server acquires a fixed key allocated to the access control apparatus, and encrypts the resource access request by using the fixed key to generate second verification data.
  • the server acquires a fixed key allocated for the access control device. For example, the server may search for a fixed key corresponding to the device identifier according to the device identifier carried in the temporary key acquisition request, and encrypt the resource access request by using the fixed key to generate a second verification. data.
  • the encryption algorithm used by the server to generate the second verification data is the same as the encryption algorithm used by the access control device to generate the second signature.
  • the server allocates a temporary key to the access control device.
  • the server allocates a temporary key to the access control device.
  • the temporary key may have a certain timeliness, that is, the temporary key is valid within a certain time range and fails in other time ranges.
  • the server does not allocate a temporary key, and may also send a notification message to the access control device that the temporary key cannot be allocated due to the verification failure.
  • the server stores and sends the temporary key to the access control device.
  • the server stores the allocated temporary key to determine a temporary key of the access control device.
  • the server may store the temporary key in association with the device identifier of the access control device, and record the effective duration of the temporary key. After the valid duration of the record is exceeded, the temporary key may be deleted.
  • the access control device receives the temporary key allocated by the server, and stores the temporary key.
  • the access control device encrypts the resource access request by using a stored temporary key to generate a first signature.
  • the access control device sends the resource access request and the first signature to the server.
  • the access control device sends the resource access request and the first signature to the server, so that the server authenticates the resource access request.
  • the access control device may further carry the device identifier of the access control device, in addition to the resource access request and the first signature, after the server receives the resource access request, the first signature, and the device identifier, The server searches for a temporary key corresponding to the device identifier, and after the server finds the temporary key corresponding to the device identifier, generates the first verification data to complete the authentication.
  • the server receives the resource access request and the first signature sent by the access control device.
  • the server receives the resource access request and the first signature sent by the access control device.
  • the first signature is generated by the access control device, and is specifically generated by encrypting the resource access request by using a stored temporary key.
  • the server acquires the stored temporary key allocated to the access control device, and encrypts the resource access request by using the temporary key to generate first verification data.
  • the server acquires the stored temporary key allocated to the access control device, where the temporary key stored by the server corresponds to the access control device, and at the same time, There is only one temporary key corresponding to the access control device.
  • the server After the server receives the resource access request, the first signature, and the device identifier, the server searches for a temporary key corresponding to the device identifier.
  • the server encrypts the resource access request by using a stored temporary key to generate first verification data.
  • the first verification data is used to compare with the received first signature to determine whether the access control device is legitimate.
  • the encryption algorithm used by the server to generate the first verification data is the same as the encryption algorithm used by the access control device to generate the first signature.
  • the server deletes the temporary key due to timeliness, even if the temporary key acquisition request sent by the access control device is received, the first signature of the access control device cannot be verified, so that the verification cannot be performed.
  • the access control device transmits a notification message that the temporary key has expired.
  • the server authenticates the resource access request.
  • the server matches the received first signature with the generated first verification data, and if the first signature matches the first verification data, the server determines that the access control device is legal. And authenticating the resource access request.
  • the server determines that the access control device is invalid, and does not authenticate the resource access request.
  • the server may transmit a notification message to the access control device indicating that the access control device fails to pass the verification.
  • the specific process of the server for authenticating the resource access request may obtain, by the server, an accessible resource corresponding to the user identifier and an operable manner for the accessible resource; the server determines that the Whether the target access resource exists in the access resource; if the target access resource exists, the server determines whether the target operation mode exists in an operable manner of the target access resource; if the target operation mode exists And determining, by the server, that the authentication result of the resource access request is an authentication pass. If the target access method does not exist in the accessible resource, or the target operation method does not exist in the operable mode, the server determines that the authentication result of the resource access request is that the authentication fails. In this case, the server may send a notification message to the access control device that the resource access request cannot be performed.
  • the server processes the resource access request.
  • the server processes the resource access request.
  • the server processes the target access resource according to the target operation mode in the resource access request, and after the process is completed, the server may feed back the processing result to the access control device, so that the user knows that the The result of processing the resource access request.
  • the server receives the resource access request and the first signature sent by the access control device, where the first signature is generated by the access control device using the stored temporary key to encrypt the resource access request; and the server adopts the stored access control.
  • the temporary key allocated by the device encrypts the resource access request to generate the first verification data. If the first signature matches the first verification data, the server authenticates the resource access request; if the authentication is passed, the server pairs Resource access requests are processed.
  • the signature to be verified is generated by using a temporary key, so that the server does not need to transmit the inherent key, thereby avoiding the risk of the inherent private key being leaked, thereby ensuring the security of the inherent private key.
  • the server first verifies the access control device.
  • the server allocates a temporary key, and sends the temporary key to the access control device, and the access control device uses the temporary key to access the resource.
  • the request for encryption generates a first signature, and the server performs verification and authentication again after receiving the first signature sent by the access control device.
  • the first signature to be verified is generated by using a temporary key, so that the server does not need to transmit the inherent key, thereby avoiding the risk of the inherent private key being leaked, and ensuring the security of the inherent private key.
  • the accuracy of authentication is also ensured by means of verification of the access control device and verification of the identity of the user.
  • FIG. 4 is a schematic diagram of an authentication method provided by an embodiment of the present application, so as to further understand the technical solutions described in the present application.
  • the authentication method is jointly performed by the client 1 and the server 2, wherein the client 1 has an access control platform, and the server 2 includes an authentication service module, a key service module, and a resource access request processing module. . These can correspond to the various functions that the server has.
  • the access control platform may receive a resource access request initiated by the user, and encrypt the resource access request by using the stored temporary key to generate a first signature, where the temporary key is previously allocated by the server for the access control platform.
  • the access control platform sends the resource access request and the first signature to the server after generating the first signature.
  • the authentication service module in the server receives the resource access request and the first signature sent by the access control platform, and the authentication service module obtains the stored temporary key allocated for the access control platform from the key service module, and the authentication service module adopts The temporary key encrypts the resource access request to generate first verification data; the authentication service module matches the first signature with the first verification data, if the first signature matches the first verification data If the authentication service module authenticates the resource access request, the resource access request processing module is triggered to process the resource access request.
  • the access control platform encrypts the resource access request by using the stored temporary key.
  • the resource access request may be encrypted by using a fixed key to generate a second signature.
  • the key is allocated by the server for the access control platform; the access control platform sends a temporary key acquisition request to the server, where the temporary key acquisition request carries the resource access request and the second signature, And causing the server to allocate a temporary key to the access control platform after the second signature verification is passed; the authentication service module in the server receives the temporary key acquisition request sent by the access control platform; the authentication service module slave key
  • the service module acquires a fixed key allocated to the access control platform, and the authentication service module encrypts the resource access request by using the fixed key to generate second verification data; if the second signature and the first If the verification data matches consistently, the authentication service module allocates a temporary key to the access control platform, and the The time key is stored in the key service module and the temporary key is sent to the access control platform.
  • the access control platform receives the temporary key allocated by the server and stores
  • the key service module may include a temporary key storage module and a fixed key storage module to store the temporary key and the fixed key, respectively.
  • the authentication service module can include a rights library that maintains the accessible resources of various users and the manner in which the resources are accessible.
  • the authentication service module, the key service module, and the resource access request processing module shown in FIG. 4 are logical functional descriptions.
  • the servers involved in the embodiment shown in Figures 2a, 2b and 3 can perform the corresponding method steps by means of the various modules shown in Figure 4.
  • the access control device of the embodiment shown in Figures 2a, 2b and 3 can perform the corresponding method steps through the access control platform shown in Figure 4.
  • the authentication service module, the key service module, and the resource access request processing module in the server 2 may be respectively deployed on the same physical machine, or deployed in different virtual machines of the same physical machine, or deployed in different physical machines. This example does not limit this.
  • FIG. 5 is a schematic structural diagram of a server according to an embodiment of the present application.
  • the server 10 of the embodiment of the present application may include: a data receiving unit 11, a first generating unit 12, a request authentication unit 13, and a request processing unit 14.
  • the server 10 may further include a request receiving unit 15, a second generating unit 16, and a key assigning unit 17.
  • the data receiving unit 11 is configured to receive a resource access request and a first signature sent by the access control device, where the first signature is generated by the access control device by using the stored temporary key to encrypt the resource access request.
  • the data receiving unit 11 receives the resource access request and the first signature sent by the access control device.
  • the first signature is generated by the access control device, and is specifically generated by encrypting the resource access request by using a stored temporary key.
  • the temporary key is allocated by the server 10 for the access control device. It can be understood that the temporary key has a certain time limit, that is, the temporary key is valid within a certain time range. And expires in other time frames.
  • the server 10 and the access control device stipulate a preset encryption algorithm, and the access control device encrypts the resource access request by using a temporary key according to a preset encryption algorithm to generate a first A signature.
  • the preset encryption algorithm may be, for example, DES, IDEA, or the like.
  • the resource access request may include a user identifier, a target access resource, and a target operation mode for accessing the resource to the target.
  • the user identifier is used to mark the user who performs the target operation mode on the target access resource.
  • the target access resource may be a file, data, or the like in the server 10.
  • the target operation mode may be a read instruction, a delete instruction, a write instruction, or the like. The embodiment of the present application does not limit the manner in which the target operation mode is included.
  • the first generating unit 12 is configured to obtain the stored temporary key allocated to the access control device, and encrypt the resource access request by using the temporary key to generate first verification data.
  • the first generating unit 12 acquires the stored temporary key allocated to the access control device, where the temporary key stored by the server 10 corresponds to the access control device, and is in the same At the moment, there is only one temporary key corresponding to the access control device.
  • the server 10 may save the temporary key and the device identifier of the access control device, and further, the access control device may carry the access control together with the resource access request and the first signature.
  • the device identifier of the device such that after the data receiving unit 11 receives the resource access request, the first signature, and the device identifier, the first generating unit 12 searches for a temporary key corresponding to the device identifier.
  • the server 10 encrypts the resource access request by using the stored temporary key to generate first verification data.
  • the first verification data is used to compare with the received first signature to determine whether the access control device is legitimate.
  • the request authentication unit 13 is configured to authenticate the resource access request if the first signature matches the first verification data.
  • the request authentication unit 13 matches the received first signature with the generated first verification data, and if the first signature matches the first verification data, the server 10 determines the location.
  • the access control device is legal and authenticates the resource access request.
  • the server 10 determines that the access control device is invalid and does not authenticate the resource access request.
  • the server 10 may transmit a notification message to the access control device indicating that the access control device fails to pass the verification.
  • the request authentication unit 13 includes an information acquisition subunit, a first judgment subunit, and a second judgment subunit, and a result determination subunit.
  • an information obtaining subunit configured to acquire an accessible resource corresponding to the user identifier and an operable manner of the accessible resource.
  • the first determining subunit is configured to determine whether the target access resource exists in the accessible resource.
  • a second determining subunit configured to determine whether the target operating mode exists in an operable mode of the target access resource if the first determining subunit determines that the target access resource exists in the accessible resource .
  • a result determining sub-unit configured to determine that the authentication result of the resource access request is an authentication pass if the second determining sub-unit determines that the target operating mode exists in an operable manner for accessing the target resource.
  • the request processing unit 14 is configured to process the resource access request if the authentication result of the resource access request is the authentication pass.
  • the request processing unit 14 processes the resource access request.
  • the server 10 processes the target access resource according to the target operation mode in the resource access request, and after the process is completed, the server 10 may feed back the processing result to the access control device, so that the user knows The processing result of the resource access request.
  • the server 10 may further execute the request receiving unit 15, the second generating unit 16, and the key assigning unit 17 before executing the data receiving unit 11.
  • the request receiving unit 15 is configured to receive a temporary key acquisition request sent by the access control device, where the temporary key acquisition request carries a resource access request and a second signature.
  • the second generating unit 16 is configured to acquire a fixed key allocated to the access control device, and encrypt the resource access request by using the fixed key to generate second verification data.
  • the key distribution unit 17 is configured to: if the second signature matches the second verification data, the server 10 allocates a temporary key to the access control device, and stores and sends the temporary key to The access control device.
  • the server receives the resource access request and the first signature sent by the access control device, where the first signature is generated by the access control device using the stored temporary key to encrypt the resource access request; and the server adopts the stored access control.
  • the temporary key allocated by the device encrypts the resource access request to generate the first verification data. If the first signature matches the first verification data, the server authenticates the resource access request; if the authentication is passed, the server pairs Resource access requests are processed.
  • the signature to be verified is generated by using a temporary key, so that the server does not need to transmit the inherent key, thereby avoiding the risk of the inherent private key being leaked, thereby ensuring the security of the inherent private key.
  • the access control apparatus 20 of the embodiment of the present application may include a request receiving unit 21, a first generating unit 22, and a data transmitting unit 23.
  • the access control device 20 may further include a second generating unit 24, a request transmitting unit 25, and a key receiving unit 26.
  • the request receiving unit 21 is configured to receive a resource access request initiated by the user.
  • the request receiving unit 21 receives a resource access request initiated by the user.
  • the user may initiate a resource access request by using an access control platform or a page provided by the access control device 20. Further, the user can initiate a resource access request after successfully logging in through the user name and login password in the access control platform or page.
  • the resource access request includes, for example, a user identifier, a target access resource, and a target operation mode for accessing the resource to the target.
  • the user identifier is used to mark the user who performs the target operation mode on the target access resource.
  • the target access resource may be a file, data, or the like in the server, and the target operation mode may be a read instruction, a delete instruction, a write instruction, or the like.
  • the embodiment of the present application does not limit the manner in which the target operation mode is included.
  • the first generating unit 22 is configured to encrypt the resource access request by using the stored temporary key to generate a first signature, where the temporary key is previously allocated by the server for the access control device 20.
  • the first generating unit 22 encrypts the resource access request by using the stored temporary key to generate a first signature.
  • the temporary key is allocated by the server to the access control device 20. It can be understood that the temporary key has a certain timeliness, that is, the temporary key is valid within a certain time range. And expires in other time frames.
  • the server and the access control device 20 agree on a preset encryption algorithm, and the access control device 20 encrypts the resource access request by using a temporary key according to a preset encryption algorithm.
  • the preset encryption algorithm may be, for example, DES, IDEA, or the like.
  • the data sending unit 23 is configured to send the resource access request and the first signature to the server, so that the server authenticates the resource access request.
  • the data sending unit 23 sends the resource access request and the first signature to the server, so that the server authenticates the resource access request.
  • the data sending unit 23 carries the device identifier of the access control device 20 in addition to the resource access request and the first signature, so that after the server receives the resource access request, the first signature, and the device identifier, The server searches for a temporary key corresponding to the device identifier, and after the server finds the temporary key corresponding to the device identifier, generates the first verification data to complete the authentication.
  • the access control device 20 may further execute the second generation unit 24, the request transmission unit 25, and the key reception unit 26 after executing the request reception unit 21 and before executing the first generation unit 22.
  • the second generating unit 24 is configured to encrypt the resource access request by using a fixed key to generate a second signature, where the fixed key is allocated by the server for the access control device 20.
  • a request sending unit 25 configured to send a temporary key acquisition request to the server, where the temporary key acquisition request carries the resource access request and the second signature, so that the server verifies the second signature
  • the temporary key is then assigned to the access control device 20.
  • the key receiving unit 26 is configured to receive the temporary key allocated by the server, and store the temporary key.
  • the key receiving unit 26 is further configured to receive an inherent key allocated by the server for the access control device 20, and store the unique key.
  • the access control device encrypts the received resource access request by using a temporary key to generate a first signature, and the temporary key is previously allocated by the server for the access control device, and the resource access request and the first
  • the signature is sent to the server, so that the server authenticates the resource access request, so that the inherent private key of the user is not needed, and the risk of the inherent private key being compromised is avoided, thereby ensuring the security of the inherent private key.
  • FIG. 7 is a schematic structural diagram of another server according to an embodiment of the present application.
  • the server 1000 may include at least one processor 1001, such as a CPU, at least one network interface 1004, a memory 1005, and at least one communication bus 1002.
  • Network interface 1004 can include, for example, a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 1005 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 1005 may also be, for example, at least one storage device located remotely from the aforementioned processor 1001.
  • the communication bus 1002 is used to implement connection communication between these components.
  • the server 1000 can include a user interface 1003, wherein the user interface 1003 can include a display, a keyboard. As shown in FIG. 7, an operating system, a network communication module, a user interface module, and an authentication application may be included in the memory 1005 as a computer storage medium.
  • the network interface 1004 is mainly used to exchange data with the access control device, for example, a resource access request, a first signature, a temporary key acquisition request, and the like; and the processor 1001 can be used to call the memory.
  • the resource access request is authenticated
  • the resource access request is processed.
  • the processor 1001 before the processor 1001 performs the resource access request and the first signature sent by the access control device, the processor 1001 further performs:
  • the server allocates a temporary key to the access control device, and stores and sends the temporary key to the access control device.
  • the resource access request includes a user identifier, a target access resource, and a target operation mode for accessing the resource to the target.
  • the processor 1001 performs an authentication on the resource access request, and specifically executes:
  • the target access resource exists, determining whether the target operation mode exists in an operable manner of accessing the resource to the target;
  • the server receives the resource access request and the first signature sent by the access control device, where the first signature is generated by the access control device using the stored temporary key to encrypt the resource access request; and the server adopts the stored access control.
  • the temporary key allocated by the device encrypts the resource access request to generate the first verification data. If the first signature matches the first verification data, the server authenticates the resource access request; if the authentication is passed, the server pairs Resource access requests are processed.
  • the signature to be verified is generated by using a temporary key, so that the server does not need to transmit the inherent key, thereby avoiding the risk of the inherent private key being leaked, thereby ensuring the security of the inherent private key.
  • FIG. 8 is a schematic structural diagram of another access control apparatus according to an embodiment of the present application.
  • the access control device 2000 may include at least one processor 2001, such as a CPU, at least one network interface 2004, a user interface 2003, a memory 2005, and at least one communication bus 2002.
  • the communication bus 2002 is used to implement connection communication between these components.
  • the user interface 2003 may include a display and a keyboard.
  • Network interface 2004 may include a standard wired interface, a wireless interface (such as a WI-FI interface).
  • the memory 2005 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 2005 can also be at least one storage device located remotely from the aforementioned processor 2001.
  • an operating system, a network communication module, a user interface module, and an authentication application may be included in the memory 2005 as a computer storage medium.
  • the user interface 2003 is mainly used to provide an input interface for the user, and obtains a resource operation request sent by the user.
  • the network interface 2004 is mainly used to exchange data with the access control device, for example, resource access.
  • the request, the first signature, the temporary key acquisition request, and the like; and the processor 2001 can be used to invoke the authentication application stored in the memory 2005, and specifically perform the following operations:
  • the processor 2001 performs encryption on the resource access request by using the stored temporary key, and before executing the first signature, performing:
  • the device Sending a temporary key acquisition request to the server, the temporary key acquisition request carrying the resource access request and the second signature, so that the server passes the second signature after verifying the access control
  • the device allocates a temporary key
  • the processor 2001 performs an access control device to encrypt the resource access request by using a fixed key.
  • the method further includes:
  • the resource access request includes a user identifier, a target access resource, and a target operation mode for accessing the resource to the target.
  • the access control device encrypts the received resource access request by using a temporary key to generate a first signature, and the temporary key is previously allocated by the server for the access control device, and the resource access request and the first
  • the signature is sent to the server, so that the server authenticates the resource access request, so that the inherent private key of the user is not needed, and the risk of the inherent private key being compromised is avoided, thereby ensuring the security of the inherent private key.
  • the module or unit in the embodiment of the present application may be implemented by a general-purpose integrated circuit, such as a CPU (Central Processing Unit), or an ASIC (Application Specific Integrated Circuit).
  • a general-purpose integrated circuit such as a CPU (Central Processing Unit), or an ASIC (Application Specific Integrated Circuit).
  • the modules or units in the terminal in this embodiment of the present application may be combined, divided, and deleted according to actual needs.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)

Abstract

Les modes de réalisation de la présente invention concernent un procédé et un serveur d'authentification, et un dispositif de contrôle d'accès. Le procédé comprend les étapes suivantes : un serveur reçoit une demande d'accès aux ressources et une première signature envoyée par un dispositif de contrôle d'accès, ladite première signature étant générée par le dispositif de contrôle d'accès à l'aide d'une clé temporaire stockée pour chiffrer une demande d'accès aux ressources ; le serveur obtient la clé temporaire stockée attribuée au dispositif de contrôle d'accès, et utilise la clé temporaire pour chiffrer la demande d'accès aux ressources et générer des premières données de vérification ; si la première signature est cohérente avec les premières données de vérification, le serveur authentifie la demande d'accès aux ressources ; si le résultat de l'authentification de la demande d'accès aux ressources indique une authentification réussie, le serveur traite la demande d'accès aux ressources.
PCT/CN2018/075201 2017-02-07 2018-02-05 Procédé et serveur d'authentification, et dispositif de contrôle d'accès WO2018145605A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710067062.8A CN106657152B (zh) 2017-02-07 2017-02-07 一种鉴权方法及服务器、访问控制装置
CN201710067062.8 2017-02-07

Publications (1)

Publication Number Publication Date
WO2018145605A1 true WO2018145605A1 (fr) 2018-08-16

Family

ID=58844634

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/075201 WO2018145605A1 (fr) 2017-02-07 2018-02-05 Procédé et serveur d'authentification, et dispositif de contrôle d'accès

Country Status (2)

Country Link
CN (1) CN106657152B (fr)
WO (1) WO2018145605A1 (fr)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106657152B (zh) * 2017-02-07 2021-05-28 腾讯科技(深圳)有限公司 一种鉴权方法及服务器、访问控制装置
CN107241357A (zh) * 2017-07-27 2017-10-10 郑州云海信息技术有限公司 云计算系统中用户访问控制方法和装置
CN109600337B (zh) * 2017-09-30 2020-12-15 腾讯科技(深圳)有限公司 资源处理方法、装置、系统及计算机可读介质
CN108322462A (zh) * 2018-01-31 2018-07-24 北京车和家信息技术有限公司 一种安全验证的方法、请求安全验证的方法及相关设备
CN108965284A (zh) * 2018-07-06 2018-12-07 佛山市灏金赢科技有限公司 一种通过密码访问的信息处理方法和装置
CN109327456A (zh) * 2018-11-06 2019-02-12 北京知道创宇信息技术有限公司 一种去中心化的集群鉴权方法、集群节点及电子设备
CN110263574B (zh) * 2019-06-06 2024-08-27 深圳前海微众银行股份有限公司 数据管理方法、装置、系统及可读存储介质
CN111159097A (zh) * 2019-12-09 2020-05-15 中山大学 一种片上访存保护系统及方法
CN111935094B (zh) * 2020-07-14 2022-06-03 北京金山云网络技术有限公司 数据库访问方法、装置、系统及计算机可读存储介质
CN112039674B (zh) * 2020-08-06 2021-07-20 珠海格力电器股份有限公司 中控系统访问和签名标识生成方法、装置及存储介质
CN114254332B (zh) * 2020-09-21 2024-10-29 中移物联网有限公司 一种资源授权方法、装置、电子设备和可读存储介质
CN112434315B (zh) * 2020-11-20 2022-09-20 湖南快乐阳光互动娱乐传媒有限公司 一种附件访问方法、服务器和访问端
CN113194090B (zh) * 2021-04-28 2023-04-18 招商证券股份有限公司 鉴权方法、鉴权装置、终端设备及计算机可读存储介质
CN113536365B (zh) * 2021-06-07 2022-10-28 北京字跳网络技术有限公司 一种文件访问方法、装置、设备及介质
CN113438242B (zh) * 2021-06-25 2023-08-29 广西三方大供应链技术服务有限公司 服务鉴权方法、装置与存储介质
CN114006762B (zh) * 2021-11-01 2024-03-12 明珠数字科技股份有限公司 一种多服务器间安全验证方法、系统及存储介质
CN114595437B (zh) * 2022-05-09 2022-09-30 荣耀终端有限公司 访问控制方法、电子设备及计算机可读存储介质
CN118797667A (zh) * 2023-08-28 2024-10-18 中国移动通信集团浙江有限公司 数据访问控制方法、装置及电子设备

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790678A (zh) * 2012-07-11 2012-11-21 飞天诚信科技股份有限公司 一种认证方法及系统
CN103166757A (zh) * 2011-12-19 2013-06-19 卓望数码技术(深圳)有限公司 一种动态保护用户隐私数据的方法及系统
CN103701611A (zh) * 2013-12-30 2014-04-02 天地融科技股份有限公司 数据存储系统中访问、上传数据的方法
CN105681030A (zh) * 2015-12-31 2016-06-15 腾讯科技(深圳)有限公司 密钥管理系统、方法及装置
CN106657152A (zh) * 2017-02-07 2017-05-10 腾讯科技(深圳)有限公司 一种鉴权方法及服务器、访问控制装置

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102299791B (zh) * 2008-08-28 2014-12-24 华为技术有限公司 自治公钥证书管理方法、系统及设备
CN102196423B (zh) * 2010-03-04 2016-07-06 腾讯科技(深圳)有限公司 一种安全数据中转方法及系统
CN102510333B (zh) * 2011-09-30 2014-07-30 飞天诚信科技股份有限公司 一种授权认证方法及系统
CN102984252B (zh) * 2012-11-26 2015-04-08 中国科学院信息工程研究所 一种基于动态跨域安全令牌的云资源访问控制方法
CN104168267B (zh) * 2014-07-23 2018-02-02 中国科学院信息工程研究所 一种接入sip安防视频监控系统的身份认证方法
CN104753953A (zh) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 访问控制系统
CN105007279B (zh) * 2015-08-04 2018-11-27 北京百度网讯科技有限公司 认证方法和认证系统
CN106230813B (zh) * 2016-07-29 2019-08-02 宇龙计算机通信科技(深圳)有限公司 鉴权方法、鉴权装置和终端

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166757A (zh) * 2011-12-19 2013-06-19 卓望数码技术(深圳)有限公司 一种动态保护用户隐私数据的方法及系统
CN102790678A (zh) * 2012-07-11 2012-11-21 飞天诚信科技股份有限公司 一种认证方法及系统
CN103701611A (zh) * 2013-12-30 2014-04-02 天地融科技股份有限公司 数据存储系统中访问、上传数据的方法
CN105681030A (zh) * 2015-12-31 2016-06-15 腾讯科技(深圳)有限公司 密钥管理系统、方法及装置
CN106657152A (zh) * 2017-02-07 2017-05-10 腾讯科技(深圳)有限公司 一种鉴权方法及服务器、访问控制装置

Also Published As

Publication number Publication date
CN106657152B (zh) 2021-05-28
CN106657152A (zh) 2017-05-10

Similar Documents

Publication Publication Date Title
WO2018145605A1 (fr) Procédé et serveur d'authentification, et dispositif de contrôle d'accès
CN112671720B (zh) 一种云平台资源访问控制的令牌构造方法、装置及设备
CN110582768B (zh) 用于提供安全数据库访问的装置和方法
WO2022262078A1 (fr) Procédé de commande d'accès sur la base de la sécurité à vérification systématique, dispositif, et support de stockage
CN105187362B (zh) 一种桌面云客户端和服务端之间连接认证的方法及装置
US9401909B2 (en) System for and method of providing single sign-on (SSO) capability in an application publishing environment
US20180324170A1 (en) Method and apparatus for allocating device identifiers
CN112559993B (zh) 身份认证方法、装置、系统及电子设备
KR101265873B1 (ko) 분산된 단일 서명 서비스 방법
EP3750095A1 (fr) Connexion de carte à puce rapide
US9654462B2 (en) Late binding authentication
CN105991614B (zh) 一种开放授权、资源访问的方法及装置、服务器
CN108880822B (zh) 一种身份认证方法、装置、系统及一种智能无线设备
US20180205745A1 (en) System, method and computer program product for access authentication
JP2017535877A (ja) 条件付きログインプロモーション
CN111447220B (zh) 认证信息管理方法、应用系统的服务端及计算机存储介质
EP3697053B1 (fr) Accès aux données chiffrées des utilisateurs dans un service en nuage hébergé à plusieurs locataires
CN110069909B (zh) 一种免密登录第三方系统的方法及装置
WO2017016252A1 (fr) Procédé de génération et d'authentification de jeton ainsi que serveur d'authentification
JP2024501752A (ja) 鍵付きハッシュメッセージ認証コードの鍵マテリアルとしての属性ベースの暗号化鍵ユーザ認証および認可
WO2019140790A1 (fr) Procédé et appareil de suivi de service, dispositif terminal et support de stockage
TW201638822A (zh) 進程的身份認證方法和裝置
WO2022246997A1 (fr) Procédé et appareil de traitement de service, serveur, et support de stockage
CN111460410A (zh) 服务器登录方法、装置、系统与计算机可读存储介质
US11128638B2 (en) Location assurance using location indicators modified by shared secrets

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18751007

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18751007

Country of ref document: EP

Kind code of ref document: A1