[go: up one dir, main page]

WO2018108022A1 - Procédé et système d'authentification et de sécurité d'intégration multi-réseau - Google Patents

Procédé et système d'authentification et de sécurité d'intégration multi-réseau Download PDF

Info

Publication number
WO2018108022A1
WO2018108022A1 PCT/CN2017/115055 CN2017115055W WO2018108022A1 WO 2018108022 A1 WO2018108022 A1 WO 2018108022A1 CN 2017115055 W CN2017115055 W CN 2017115055W WO 2018108022 A1 WO2018108022 A1 WO 2018108022A1
Authority
WO
WIPO (PCT)
Prior art keywords
network
password
network convergence
data
convergence module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/115055
Other languages
English (en)
Chinese (zh)
Inventor
翁印嵩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2018108022A1 publication Critical patent/WO2018108022A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of network and telephone communication, and in particular, to a method and system for security and authentication of multi-network convergence.
  • the secure transmission of any information needs to be encrypted, and it is better to use dynamic encryption, but the transmission of the dynamic password itself is a difficult point; in addition, the device connected to the Internet also needs to rely on the routing of the IP address. Communication, but the IP address is often dynamic, so how to inform the other party's own IP address and related identity authentication has become a key point.
  • Figure 1 shows a common method of implementing related functional applications through a third-party cloud or server.
  • the gateway (GateWay) A the user terminal B can also access the Internet; the related application software is developed by the cloud C, and both ends A and B of the communication are registered to the cloud C, and then the A or B is registered.
  • the communication is initiated to the cloud; the whole process is completed by the cloud C to complete the security authentication of A and B, and finally the communication link of A to C to B or A to B is constructed, and then B is controlled by 200.
  • various Internet-based security authentication algorithms are difficult to guarantee security. For example, the transmission of the dynamic password itself is a difficult point, and it is easy to recruit hackers to eavesdrop, intercept or tamper. Therefore, the security method shown in Fig. 2 has been developed.
  • the cloud or server C sends a short message verification code through a short message service (SMS) of the telecommunication network, and then enters the short message verification code when the user B logs in to the cloud C, thereby completing the identity authentication process.
  • SMS short message service
  • the SMS verification code must be sent in clear code, so it is not absolutely safe.
  • the above methods must be mediated and managed by Cloud C. When faced with attacks from insiders in the cloud, it is completely ineffective.
  • the technical problem to be solved by the present invention is to provide a secure and reliable multi-network convergence-based security and authentication method and system that does not require third-party cloud participation.
  • the technical solution adopted by the present invention to solve the technical problem is to construct a security and authentication method for multi-network convergence, including the following steps:
  • S1 setting a multi-network convergence module and connecting to the Internet and the telecommunication network
  • the multi-network convergence module performs security information interaction with the user end on the basis of the identity of the telecommunication network through the channel of the telecommunication network.
  • the method includes:
  • the multi-network convergence module generates a dynamic password (Kd), and then encrypts the dynamic password (Kd) with a registration password (Kr) to generate first data (D1), and passes the first data (D1) Transmitting a channel of the telecommunication network to the user terminal;
  • S2-2 the UE receives the first data (D1) transmitted from the telecommunication network, identifies a CID signal, and decrypts the first data (D1) with the registration password (Kr) to obtain the dynamic password. (Kd);
  • S2-3 The UE generates the second data (D2) by using the dynamic password (Kd) encrypted user password (Ku), and sends the second data (D2) to the channel through the telecommunication network.
  • Multi-network fusion module Multi-network fusion module
  • the multi-network convergence module receives the second data (D2) transmitted from the telecommunication network, identifies a CID signal, and decrypts the second data (D2) by using the dynamic password (Kd) to obtain a
  • the user password (Ku) is compared with the user password (Ku) retained in the multi-network convergence module, and if the same, the IP address of the multi-network convergence module is sent to the user terminal; or the user terminal Exchanging its IP address with the multi-network convergence module;
  • the UE and the multi-network convergence module communicate with the dynamic password (Kd) via the Internet according to the obtained IP address.
  • the method includes:
  • S2-1 The multi-network convergence module sends information to the user end
  • S2-2 the user end receives the information, identifies a CID signal, and calls back the multi-network convergence module;
  • the multi-network convergence module receives the callback, identifies a CID signal, and picks up the phone, and establishes channel communication with the user end of the telecommunication network;
  • the multi-network convergence module randomly generates a dynamic password (Kd), encrypts the dynamic password (Kd) with a registration password (Kr), generates first data (D1), and then the first data (D1) Transmitting to the user terminal through a channel of the telecommunication network;
  • S2-5 the client decrypts the first data (D1) with the registration password (Kr) to obtain the dynamic password (Kd);
  • S2-6 The UE generates the second data (D2) by using the dynamic password (Kd) encrypted user password (Ku), and sends the second data (D2) to the channel through the telecommunication network.
  • Multi-network fusion module Multi-network fusion module
  • the multi-network convergence module decrypts the second data (D2) by using the dynamic password (Kd) to obtain the user password (Ku), and the user password stored in the multi-network convergence module (Ku) Comparing, if the same, sending the IP address of the multi-network convergence module to the user end; or, the user terminal and the multi-network convergence module exchange their IP addresses;
  • S2-8 The UE and the multi-network convergence module communicate with the dynamic password (Kd) via the Internet according to the obtained IP address.
  • the method includes:
  • S2-1 The multi-network convergence module calls the user end
  • S2-2 the user end receives the call signal, identifies a CID signal, and picks up the phone, and establishes channel communication of the telecommunication network with the multi-network convergence module;
  • the multi-network convergence module randomly generates a dynamic password (Kd), encrypts the dynamic password (Kd) with a registration password (Kr), generates first data (D1), and then the first data (D1) Transmitting to the user terminal through a channel of the telecommunication network;
  • S2-4 The client decrypts the first data (D1) with the registration password (Kr) to obtain the dynamic password (Kd);
  • S2-5 the UE generates the second data (D2) by using the dynamic password (Kd) encrypted user password (Ku), and sends the second data (D2) to the channel through the telecommunication network.
  • Multi-network fusion module Multi-network fusion module
  • the multi-network convergence module decrypts the second data (D2) by using the dynamic password (Kd) to obtain the user password (Ku), and the user password stored in the multi-network fusion module (Ku) Comparing, if the same, sending the IP address of the multi-network convergence module to the user end; or, the user terminal and the multi-network convergence module exchange their IP addresses;
  • S2-7 The UE and the multi-network convergence module communicate with the dynamic password (Kd) via the Internet according to the obtained IP address.
  • the method includes:
  • S2-1 The UE sends information to the multi-network convergence module.
  • S2-2 the multi-network convergence module receives the information, identifies a CID signal, and calls back the user terminal;
  • S2-3 The user end receives the callback, identifies a CID signal, and picks up the phone, and establishes channel communication of the telecommunication network with the multi-network convergence module;
  • the multi-network convergence module randomly generates a dynamic password (Kd), encrypts the dynamic password (Kd) with a registration password (Kr), generates first data (D1), and then the first data (D1) Transmitting to the user terminal through a channel of the telecommunication network;
  • S2-5 the client decrypts the first data (D1) with the registration password (Kr) to obtain the dynamic password (Kd);
  • S2-6 The UE generates the second data (D2) by using the dynamic password (Kd) encrypted user password (Ku), and sends the second data (D2) to the channel through the telecommunication network.
  • Multi-network fusion module Multi-network fusion module
  • the multi-network convergence module decrypts the second data (D2) by using the dynamic password (Kd) to obtain the user password (Ku), and the user password stored in the multi-network convergence module (Ku) Comparing, if the same, sending the IP address of the multi-network convergence module to the user end; or, the user terminal and the multi-network convergence module exchange their IP addresses;
  • S2-8 The UE and the multi-network convergence module communicate with the dynamic password (Kd) via the Internet according to the obtained IP address.
  • the method includes:
  • S2-1 The UE calls the multi-network convergence module
  • the multi-network convergence module receives the call, identifies a CID signal, and picks up the phone, and establishes channel communication with the user end of the telecommunication network;
  • the multi-network convergence module randomly generates a dynamic password (Kd), encrypts the dynamic password (Kd) with a registration password (Kr), generates first data (D1), and then the first data (D1) Transmitting to the user terminal through a channel of the telecommunication network;
  • S2-4 The client decrypts the first data (D1) with the registration password (Kr) to obtain the dynamic password (Kd);
  • S2-5 the UE generates the second data (D2) by using the dynamic password (Kd) encrypted user password (Ku), and sends the second data (D2) to the channel through the telecommunication network.
  • Multi-network fusion module Multi-network fusion module
  • the multi-network convergence module decrypts the second data (D2) by using the dynamic password (Kd) to obtain the user password (Ku), and the user password stored in the multi-network fusion module (Ku) Comparing, if the same, sending the IP address of the multi-network convergence module to the user end; or, the user terminal and the multi-network convergence module exchange their IP addresses;
  • S2-7 The UE and the multi-network convergence module communicate with the dynamic password (Kd) via the Internet according to the obtained IP address.
  • the method includes:
  • S2-1 The multi-network convergence module sends information to the user end
  • S2-2 the UE receives information transmitted through the telecommunication network, identifies the CID signal, and calls back the multi-network convergence module;
  • the multi-network convergence module identifies the CID signal and off-hook, and establishes channel communication with the user end of the telecommunication network;
  • the multi-network convergence module randomly generates a dynamic password (Kd), and then sends the dynamic password (Kd) to the user end through a channel of the telecommunication network;
  • the UE sends its IP address to the multi-network convergence module; or the multi-network convergence module exchanges its IP address with the user terminal;
  • S2-6 The UE and the multi-network convergence module communicate with the dynamic password (Kd) via the Internet according to the obtained IP address.
  • the registration password (Kr) is generated when the client is registered with the multi-network convergence module, the password (Kr) is a key pair, and the key pair includes a first key (K1) And a second key (K2);
  • the dynamic password (Kd) and the user password (Ku) are first calculated to obtain an intermediate code (Kdu). Reusing the second key (K2) to encrypt the intermediate code (Kdu) to generate second data (D2);
  • the present invention also provides a multi-network convergence security and authentication system, comprising a multi-network convergence module that simultaneously connects an Internet and a telecommunication network, and a user terminal; the multi-network convergence module passes the channel of the telecommunication network, and is in the identity of the telecommunication
  • the authentication is based on the security information exchange with the client.
  • the multi-network fusion module includes an algorithm module and a control logic module; the algorithm module communicates with the outside world through a channel of the telecommunication network, and instructs an action of the control logic module; the control logic module is used to be
  • the control object is logically connected to the Internet or logically connected to the telecommunications network.
  • the multi-network convergence module is disposed in a personal computer, a tablet computer and/or a home gateway; the user terminal is a smart phone, a tablet computer and/or a personal computer.
  • the invention carries out security information interaction with the user end through the channel of the telecommunication network and the identity authentication of the telecommunication.
  • the whole process does not require the participation of the third party cloud, avoids the defects of the prior art, and has the advantages of being safe and reliable and difficult to be attacked by humans. .
  • FIG. 1 is a schematic diagram of a prior art communication implemented by a third party cloud or server
  • FIG. 2 is a schematic diagram of a prior art technology for implementing communication through a short message service
  • FIG. 3 is a schematic diagram of an embodiment of a multi-network convergence security and authentication system of the present invention.
  • FIG. 4 is a schematic diagram of a first embodiment of a method for security and authentication of multi-network convergence according to the present invention
  • FIG. 5 is a schematic diagram of a second embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 6 is a schematic diagram of a third embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 7 is a schematic diagram of a fourth embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 8 is a schematic diagram of a fifth embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 9 is a schematic diagram of a sixth embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 10 is a schematic diagram of a seventh embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 11 is a schematic diagram of an eighth embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 12 is a schematic diagram of a ninth embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 13 is a schematic diagram of a tenth embodiment of a method for security and authentication of multi-network convergence according to the present invention.
  • FIG. 14 is a schematic diagram of an embodiment of an encryption method of a multi-network convergence security and authentication method of the present invention.
  • FIG. 3 it is an embodiment of the multi-network convergence security and authentication system of the present invention, including a multi-network convergence module 100 for simultaneously connecting an Internet and a telecommunication network, and a user terminal UU.
  • the multi-network convergence module 100 performs security information interaction with the user terminal UU based on the identity of the telecommunication network through the channel of the telecommunication network, for example, identification by the calling number of the telecommunication or identity authentication issued by the telecommunication operator. Based on the certificate, such as SIM card, eSIM or U-key.
  • the multi-network convergence module 100 includes an algorithm module 110 and a control logic module 120.
  • the algorithm module 110 communicates with the outside world through the channel of the telecommunication network, and instructs the action of the control logic module 120.
  • the control logic module 120 is configured to logically connect the controlled object, such as the device to be controlled or the information 200, to the Internet or logic. Connected to the telecommunications network so that these devices or information can be logically controlled or interacted via the Internet or telecommunications network.
  • the multi-network convergence module 100 can be disposed in a personal computer, a tablet computer, and/or a home gateway; the user terminal UU can be a smart phone, a tablet computer, and/or a personal computer.
  • the multi-network convergence security and authentication method of the present invention can be used in the above system.
  • a multi-network convergence module is set, and the Internet and the telecommunication network are connected at the same time; the multi-network convergence module passes the channel of the telecommunication network to the telecommunication
  • the identity authentication is based on the security information exchange with the client.
  • the security information may be an encrypted password, an IP address of the Internet, or the like.
  • the multi-network convergence module 100 is installed, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module can be placed in any Internet device, such as, but not limited to, the following devices: PC, tablet, home gateway, and the like.
  • the client UU can be a smartphone, a tablet, a PC, or the like.
  • the channel of the telecommunications network can be a wired or wireless channel.
  • the multi-network convergence module When the multi-network convergence module needs to contact the user end, the multi-network convergence module generates a dynamic password Kd, then encrypts the dynamic password Kd with the registration code Kr to generate the first data D1, and sends the first data D1 to the client through the channel of the telecommunication network. ;
  • the client receives the first data D1 transmitted from the telecommunication network, identifies the CID signal, and decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd;
  • the user end generates the second data D2 by using the dynamic password Kd to encrypt the user password Ku, and sends the second data D2 to the multi-network fusion module through the channel of the telecommunication network;
  • the multi-network convergence module receives the second data D2 transmitted from the telecommunication network, identifies the CID signal, and decrypts the second data D2 with the dynamic password Kd to obtain the user password Ku, and compares it with the user password Ku retained in the multi-network fusion module, if the same Sending the IP address to the client; or, the client exchanges its IP address with the multi-network convergence module;
  • the client and the multi-network convergence module communicate with the dynamic password Kd via the Internet (such as IP routing and information interaction) according to the obtained IP address.
  • the switch of the telecommunication network when the first data D1 and the second data D2 are transmitted through the telecommunication network, the switch of the telecommunication network generates a CID signal, and the CID signal is obtained by turning on the caller ID service at the user end and the multi-network convergence module.
  • the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module can be placed in any Internet device, such as, but not limited to, the following devices: PC, tablet, home gateway, and the like.
  • the client can be a smartphone, a tablet, a PC, or the like.
  • the channel of the telecommunications network can be a wired or wireless channel.
  • the multi-network convergence module When the multi-network convergence module needs to contact the user end, the multi-network convergence module sends information to the user end;
  • the UE receives the information transmitted through the telecommunication network, identifies the CID signal, and calls back the multi-network convergence module;
  • the multi-network convergence module identifies the CID signal and picks up the phone through the callback transmitted by the telecommunication network, and establishes channel communication with the user end of the telecommunication network;
  • the multi-network convergence module randomly generates the dynamic password Kd, encrypts the dynamic password Kd with the registration code Kr, generates the first data D1, and then sends the first data D1 to the user end through the channel of the telecommunication network;
  • the user decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd;
  • the user end generates the second data D2 by using the dynamic password Kd to encrypt the user password Ku, and sends the second data D2 to the multi-network fusion module through the channel of the telecommunication network;
  • the multi-network convergence module decrypts the second data D2 with the dynamic password Kd to obtain the user password Ku, and compares it with the user password Ku stored by the multi-network fusion module, and if the same, sends the IP address to the user; or, the client and the multi-network
  • the fusion module exchanges its IP address;
  • the client and the multi-network convergence module communicate with the dynamic password Kd via the Internet (such as IP routing and information interaction) according to the obtained IP address.
  • the switch of the telecommunication network when transmitting information and calling back through the telecommunication network, the switch of the telecommunication network generates a CID signal, and the CID signal is obtained by opening the caller ID service at the user end and the multi-network convergence module.
  • FIG. 6 it is a third embodiment of the multi-network convergence security and authentication method of the present invention.
  • the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module can be placed in any Internet device, such as, but not limited to, the following devices: PC, tablet, home gateway, and the like.
  • the client can be a smartphone, a tablet, a PC, or the like.
  • the channel of the telecommunications network can be a wired or wireless channel.
  • the multi-network convergence module calls the user end
  • the UE receives the call signal, identifies the CID signal, and picks up the phone, and establishes channel communication of the telecommunication network with the multi-network convergence module;
  • the multi-network convergence module randomly generates the dynamic password Kd, encrypts the dynamic password Kd with the registration code Kr, generates the first data D1, and then sends the first data D1 to the user end through the channel of the telecommunication network;
  • the user decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd;
  • the user end generates the second data D2 by using the dynamic password Kd to encrypt the user password Ku, and sends the second data D2 to the multi-network fusion module through the channel of the telecommunication network;
  • the multi-network convergence module decrypts the second data D2 with the dynamic password Kd to obtain the user password Ku, and compares it with the user password Ku stored by the multi-network fusion module, and if the same, sends the IP address to the user; or, the client and the multi-network
  • the fusion module exchanges its IP address;
  • the client and the multi-network convergence module communicate with the dynamic password Kd via the Internet (such as IP routing and information interaction) according to the obtained IP address.
  • the switch of the telecommunication network when the call signal is transmitted through the telecommunication network, the switch of the telecommunication network generates a CID signal, and the CID signal is obtained by turning on the caller ID service at the user end and the multi-network convergence module.
  • the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module can be placed in any Internet device, such as, but not limited to, the following devices: PC, tablet, home gateway, and the like.
  • the client can be a smartphone, a tablet, a PC, or the like.
  • the channel of the telecommunications network can be a wired or wireless channel.
  • the user When the user needs to contact the multi-network convergence module, the user sends the information to the multi-network convergence module.
  • the multi-network convergence module receives the information transmitted through the telecommunication network, identifies the CID signal, and calls back to the user terminal;
  • the UE receives the callback transmitted through the telecommunication network, identifies the CID signal, and picks up the phone, and establishes channel communication of the telecommunication network with the multi-network convergence module;
  • the multi-network convergence module randomly generates the dynamic password Kd, encrypts the dynamic password Kd with the registration code Kr, generates the first data D1, and then sends the first data D1 to the user end through the channel of the telecommunication network;
  • the user decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd;
  • the user end generates the second data D2 by using the dynamic password Kd to encrypt the user password Ku, and sends the second data D2 to the multi-network fusion module through the channel of the telecommunication network;
  • the multi-network convergence module decrypts the second data D2 with the dynamic password Kd to obtain the user password Ku, and compares it with the user password Ku stored by the multi-network fusion module, and if the same, sends the IP address to the user; or, the client and the multi-network
  • the fusion module exchanges its IP address;
  • the client and the multi-network convergence module communicate with the dynamic password Kd via the Internet (such as IP routing and information interaction) according to the obtained IP address.
  • the switch of the telecommunication network when transmitting information and calling back through the telecommunication network, the switch of the telecommunication network generates a CID signal, and the CID signal is obtained by opening the caller ID service at the user end and the multi-network convergence module.
  • the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module can be placed in any Internet device, such as, but not limited to, the following devices: PC, tablet, home gateway, and the like.
  • the client can be a smartphone, a tablet, a PC, or the like.
  • the channel of the telecommunications network can be a wired or wireless channel.
  • the UE calls the multi-network convergence module.
  • the multi-network convergence module receives the call transmitted through the telecommunication network, identifies the CID signal, and picks up the phone, and establishes channel communication with the user end of the telecommunication network;
  • the multi-network convergence module randomly generates the dynamic password Kd, encrypts the dynamic password Kd with the registration code Kr, generates the first data D1, and then sends the first data D1 to the user end through the channel of the telecommunication network;
  • the user decrypts the first data D1 with the registration code Kr to obtain the dynamic password Kd;
  • the user end generates the second data D2 by using the dynamic password Kd to encrypt the user password Ku, and sends the second data D2 to the multi-network fusion module through the channel of the telecommunication network;
  • the multi-network convergence module decrypts the second data D2 with the dynamic password Kd to obtain the user password Ku, and compares it with the user password Ku stored by the multi-network fusion module, and if the same, sends the IP address to the user; or, the client and the multi-network
  • the fusion module exchanges its IP address;
  • the client and the multi-network convergence module communicate with the dynamic password Kd via the Internet (such as IP routing and information interaction) according to the obtained IP address.
  • FIG. 9 it is a sixth embodiment of the multi-network convergence security and authentication method of the present invention.
  • the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module is disposed in a home gateway and connected to the telecommunication network through the PSTN.
  • the client is a smartphone using a 4G network.
  • the smartphone UU registers with the multi-network convergence module 100 of the home gateway, the key pair K1 and K2 are generated, and the user sets his own user password Ku; Ku is stored in the home gateway, and K1 and K2 are stored at both ends. In the machine.
  • the multi-network convergence module 100 When the home gateway detects that there is a situation that needs to contact the user, the multi-network convergence module 100 will send information to the mobile phone UU through the PSTN;
  • the mobile phone UU receives the information transmitted through the telecommunication network, recognizes the CID signal and confirms that it is the information sent by the home gateway, and then calls back to the multi-network convergence module 100 through the 4G and PSTN networks;
  • the multi-network convergence module 100 After the multi-network convergence module 100 recognizes the CID signal and confirms that it is an incoming call of the user's mobile phone UU, it picks up the phone and establishes channel communication with the user end to establish a telecommunication network;
  • the multi-network convergence module randomly generates a dynamic password Kd, encrypts Kd with one of the key pairs K1, generates D1, and sends D1 to the mobile phone UU;
  • the UU After receiving the D1, the UU decrypts with K1 to obtain Kd;
  • Kd will calculate the password to generate the intermediate code Kdu, UU then K2 encrypts Kdu to generate D2, and then sends D2 to the multi-network fusion module 100;
  • the multi-network convergence module 100 decrypts K2 to obtain Kdu, and then calculates K with Kd, and compares this Ku with the password Ku set by the user in the memory. If they are the same, it indicates that the security authentication is passed. Can exchange IP addresses;
  • the UU When the UU obtains the IP address of the home gateway, it can initiate an Internet connection based on this address. Once the connection is established, both parties can communicate, and all communications will be encrypted by the dynamic password Kd. When a connection is made again, different dynamic passwords are generated, so security is guaranteed.
  • FIG. 10 it is a seventh embodiment of the multi-network convergence security and authentication method of the present invention.
  • the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are connected at the same time.
  • the multi-network convergence module 100 is placed in a tablet computer, which is connected to the Internet through WiFi, and simultaneously connects to the wireless network of the telecommunications through 4G; the user terminal UU is a 4G tablet computer.
  • the user terminal UU When registering with the multi-network convergence module 100, the user terminal UU generates the registration password Kr, and the user sets its own user password Ku; the Ku is stored in the tablet where the multi-network convergence module 100 is located, and the Kr is stored at both ends of the machine. in.
  • the multi-network convergence module 100 When the multi-network convergence module 100 detects that there is a situation that needs to contact the user, the multi-network convergence module 100 will send information to the UU through 4G;
  • the UU receives the information transmitted through the 4G network, identifies the CID signal, and confirms the information sent by the multi-network convergence module 100, and then calls back to the multi-network convergence module 100 through the 4G network;
  • the multi-network convergence module 100 receives the callback transmitted through the 4G network, identifies the CID signal, and confirms that it is the incoming call of the user terminal UU, picks up the phone, and establishes channel communication with the user end to establish a telecommunication network.
  • the user terminal UU randomly generates a dynamic password Kd, encrypts Kd with Kr, generates D1, and sends D1 to the multi-network fusion module 100;
  • the multi-network convergence module 100 After receiving the D1, the multi-network convergence module 100 decrypts with Kr to obtain Kd;
  • the user inputs his own user password Ku, UU encrypts Ku with Kd to generate D2, and then sends D2 to the multi-network fusion module 100.
  • the multi-network convergence module 100 After receiving the D2, the multi-network convergence module 100 decrypts and obtains Ku by Kd, and compares the Ku with the password Ku set by the user in the memory. If they are the same, it indicates that the security authentication is passed, and the two parties can exchange IP addresses;
  • the Internet connection can be initiated according to the address. Once the connection is established, the two parties can communicate, and all communication will be encrypted by the dynamic password Kd.
  • FIG. 11 it is an eighth embodiment of the multi-network convergence security and authentication method of the present invention, wherein the multi-network convergence module 100 is placed in a PC, and the PC is connected to the Internet through an optical fiber, and at the same time
  • the PSTN is connected to the telecommunications network;
  • the client UU is also a PC and is connected to the respective networks via optical fibers and PSTNs.
  • the registration password Kr is generated, and the user sets its own user password Ku; the Ku is stored in the PC where the multi-network convergence module 100 is located, and the Kr is stored in the machines at both ends. .
  • the user terminal UU When the user terminal UU needs to contact the PC where the multi-network convergence module 100 is located, the user terminal UU will call the multi-network convergence module 100 through the PSTN;
  • the multi-network convergence module 100 receives the call transmitted through the PSTN network, recognizes the CID signal, and confirms that it is an incoming call of the user terminal UU, and picks up the phone.
  • the multi-network convergence module 100 generates a password Kd, encrypts Kd with Kr, generates D1, and sends D1 to the UU;
  • the UU After receiving the D1, the UU decrypts with Kr to obtain Kd;
  • the user inputs his own user password Ku, and the UU encrypts Ku with Kd to generate D2, and then transmits D2 to the multi-network fusion module 100.
  • the multi-network convergence module 100 After receiving the D2, the multi-network convergence module 100 decrypts and obtains Ku by Kd, and compares the Ku with the password Ku set by the user in the memory. If they are the same, it indicates that the security authentication is passed, and the two parties can exchange IP addresses;
  • the Internet connection can be initiated according to the address. Once the connection is established, the two parties can communicate, and all communications will be encrypted by the password Kd.
  • FIG. 12 it is a ninth embodiment of the multi-network convergence security and authentication method of the present invention, wherein the multi-network convergence module 100 is placed in a PC, and the PC is respectively connected to the Internet and the PSTN network; the user terminal UU It is a smartphone using a 4G network.
  • the PC is connected to the Internet through a NAT (Network Address Translation) device.
  • IP1 is an intranet address
  • IP3:xx the required public network address and port number
  • the first solution is that in the seventh step, the UU sends its public network address IP2 to the multi-network convergence module 100, and the multi-network convergence module 100 initiates the first data packet connection to the IP2.
  • the IP3:xx automatically configured by the NAT is advertised to the UU, and the UU initiates communication to the multi-network convergence module 100 according to the address; the second solution is to develop a new protocol for the NAT, which allows multi-network convergence.
  • the device where the module 100 is located applies for a public network address and port number to the NAT in advance.
  • the NAT reserves the IP3:xx for the multi-network convergence module 100, and the multi-network convergence module 100 can send the IP3:xx in the seventh step. Give UU.
  • FIG. 13 it is a tenth embodiment of the multi-network convergence security and authentication method of the present invention, wherein the multi-network convergence module 100 is provided, and the Internet and the telecommunication network are simultaneously connected.
  • the multi-network convergence module can be placed in any Internet device, such as, but not limited to, the following devices: PC, tablet, home gateway, and the like.
  • the client can be a smartphone, a tablet, a PC, or the like.
  • the channel of the telecommunications network can be a wired or wireless channel.
  • the multi-network convergence module When the multi-network convergence module needs to contact the user end, the multi-network convergence module sends information to the user end;
  • the UE receives the information transmitted through the telecommunication network, identifies the CID signal, and calls back the multi-network convergence module;
  • the multi-network convergence module identifies the CID signal and picks up the phone through the callback transmitted by the telecommunication network, and establishes channel communication with the user end of the telecommunication network;
  • the multi-network convergence module randomly generates a dynamic password Kd, and sends the dynamic password Kd to the user end through the channel of the telecommunication network;
  • the client sends its IP address to the multi-network convergence module; or, the multi-network convergence module exchanges its IP address with the client; the client and the multi-network convergence module communicate with the dynamic password Kd via the Internet according to the obtained IP address.
  • the switch of the telecommunication network when transmitting information and calling back through the telecommunication network, the switch of the telecommunication network generates a CID signal, and the CID signal is obtained by opening the caller ID service at the user end and the multi-network convergence module.
  • FIG. 14 it is an embodiment of a key pair encryption method, which can be used in all the foregoing embodiments to generate a key pair when the UE is registered with the multi-network convergence module, and the key pair includes the first key K1. And a second key K2;
  • the first key K1 is used to encrypt the dynamic password Kd to generate the first data D1;
  • the user decrypts the first data D1 with the first key K1 to obtain the dynamic password Kd;
  • the user In the step of the user terminal generating the second data D2 by using the dynamic password Kd to encrypt the user password Ku, the user first calculates the dynamic code Kd and the user password Ku to obtain the intermediate code Kdu, and encrypts and generates the second data D2 using the second key K2. ;
  • the multi-network fusion module In the step of the multi-network convergence module decrypting the second data D2 with the dynamic password Kd to obtain the user password Ku, the multi-network fusion module first decrypts the second data D2 with the second key K2 to obtain Kdu, and then uses the dynamic password Kd to Kdu. Perform an operation to obtain the user password Ku.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Telephonic Communication Services (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne un procédé d'authentification et de sécurité d'intégration multi-réseau, comportant les étapes suivantes: S1. mettre en place un module d'intégration multi-réseau, celui-ci étant simultanément connecté à l'Internet et à un réseau de télécommunications; et S2. faire réaliser par le module d'intégration multi-réseau, sur la base de l'authentification d'identité de télécommunication et au moyen d'un canal d'un réseau de télécommunications, un échange sécurisé d'informations avec un terminal d'utilisateur. Dans la présente invention, au moyen d'un canal d'un réseau de télécommunications, un échange sécurisé d'informations est réalisé, sur la base de l'authentification d'identité de télécommunication, avec un terminal d'utilisateur, l'ensemble du processus ne nécessitant pas la participation d'une extrémité tierce en nuage. La présente invention évite les défauts rencontrés dans la technologie existante, et présente les avantages d'être sûre, fiable et difficile à attaquer artificiellement.
PCT/CN2017/115055 2016-12-13 2017-12-07 Procédé et système d'authentification et de sécurité d'intégration multi-réseau Ceased WO2018108022A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2016111437092 2016-12-13
CN201611143709.2A CN106657045B (zh) 2016-12-13 2016-12-13 多网融合的安全与认证方法及系统

Publications (1)

Publication Number Publication Date
WO2018108022A1 true WO2018108022A1 (fr) 2018-06-21

Family

ID=58825814

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/115055 Ceased WO2018108022A1 (fr) 2016-12-13 2017-12-07 Procédé et système d'authentification et de sécurité d'intégration multi-réseau

Country Status (2)

Country Link
CN (1) CN106657045B (fr)
WO (1) WO2018108022A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106657045B (zh) * 2016-12-13 2020-10-13 翁印嵩 多网融合的安全与认证方法及系统
CN110121202B (zh) * 2018-02-07 2021-06-15 成都鼎桥通信技术有限公司 接入方法及终端设备
CN109299942A (zh) * 2018-09-28 2019-02-01 新明华区块链技术(深圳)有限公司 一种应用于区块链及互联网的密钥管理方法、装置及系统
CN110708225A (zh) * 2019-11-25 2020-01-17 南京菲尔德物联网有限公司 一种无线智能家居系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1372201A (zh) * 2002-04-03 2002-10-02 张平 一种网络安全新方法
US20020169966A1 (en) * 2001-05-14 2002-11-14 Kai Nyman Authentication in data communication
CN101835130A (zh) * 2010-04-28 2010-09-15 候万春 通过移动通信网络认证与授权互联网通信的系统和方法
CN102437914A (zh) * 2010-12-08 2012-05-02 袁永亮 一种由电信网为互联网业务提供用户身份标识和用户身份认证的方法
CN104735027A (zh) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 一种安全认证方法及鉴权认证服务器
CN106657045A (zh) * 2016-12-13 2017-05-10 翁印嵩 多网融合的安全与认证方法及系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795724B (zh) * 2014-02-07 2017-01-25 陈珂 一种基于异步动态口令技术的保护账户安全的方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020169966A1 (en) * 2001-05-14 2002-11-14 Kai Nyman Authentication in data communication
CN1372201A (zh) * 2002-04-03 2002-10-02 张平 一种网络安全新方法
CN101835130A (zh) * 2010-04-28 2010-09-15 候万春 通过移动通信网络认证与授权互联网通信的系统和方法
CN102437914A (zh) * 2010-12-08 2012-05-02 袁永亮 一种由电信网为互联网业务提供用户身份标识和用户身份认证的方法
CN104735027A (zh) * 2013-12-20 2015-06-24 中兴通讯股份有限公司 一种安全认证方法及鉴权认证服务器
CN106657045A (zh) * 2016-12-13 2017-05-10 翁印嵩 多网融合的安全与认证方法及系统

Also Published As

Publication number Publication date
CN106657045B (zh) 2020-10-13
CN106657045A (zh) 2017-05-10

Similar Documents

Publication Publication Date Title
CN101371550B (zh) 自动安全地向移动通信终端的用户供给在线服务的服务访问凭证的方法和系统
JP5651313B2 (ja) 連続する再認証を必要としないsipシグナリング
RU2406251C2 (ru) Способ и устройство для установления безопасной ассоциации
CN111050322B (zh) 基于gba的客户端注册和密钥共享方法、装置及系统
US20150089220A1 (en) Technique For Bypassing an IP PBX
US20070283430A1 (en) Negotiating vpn tunnel establishment parameters on user's interaction
JP5192077B2 (ja) Vpnによる秘匿通信方法、そのシステム、そのプログラム、並びに、そのプログラムの記録媒体
CN105307108A (zh) 一种物联网信息交互通信方法及系统
CN101277297B (zh) 会话控制系统和方法
WO2011041962A1 (fr) Procédé et système de négociation de clé de session de bout en bout prenant en charge les interceptions légales
US8923279B2 (en) Prevention of voice over IP spam
JP7389754B2 (ja) メッセージ・レベル・セキュリティを使用するメッセージングのための装置、方法及び製造品
JP2016526844A (ja) 制約リソースデバイスのための鍵確立
CN109905374A (zh) 一种面向智能家庭的具有隐私保护特性的身份认证方法
WO2014176997A1 (fr) Procédé et système de transmission et de réception de données, procédé et dispositif de traitement de message
CN104683343B (zh) 一种终端快速登录WiFi热点的方法
WO2018108022A1 (fr) Procédé et système d'authentification et de sécurité d'intégration multi-réseau
CN112565302A (zh) 基于安全网关的通信方法、系统及设备
CN105577365A (zh) 一种用户接入wlan的密钥协商方法及装置
WO2008074233A1 (fr) Procédé de contrôle d'accès p2p faisant intervenir une structure à trois éléments
WO2009082950A1 (fr) Procédé, dispositif et système de distribution de clés
WO2013053305A1 (fr) Procédé d'établissement de sécurité de bout en bout de réseau d'identification, dispositif côté réseau et système
CN102594822B (zh) 一种基于安全套接层的安全的网络电话的实现方法
CN111586017A (zh) 通信用户认证的方法和装置
WO2005079013A1 (fr) Procede de transmission de messages dans le systeme h323

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17881892

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17881892

Country of ref document: EP

Kind code of ref document: A1