CN108494811B - Data transmission security authentication method and device - Google Patents

Data transmission security authentication method and device Download PDF

Info

Publication number
CN108494811B
CN108494811B CN201810676723.1A CN201810676723A CN108494811B CN 108494811 B CN108494811 B CN 108494811B CN 201810676723 A CN201810676723 A CN 201810676723A CN 108494811 B CN108494811 B CN 108494811B
Authority
CN
China
Prior art keywords
server
client
random number
certificate
aeskey
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810676723.1A
Other languages
Chinese (zh)
Other versions
CN108494811A (en
Inventor
杨鑫文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Thinkive Information Technology Co ltd
Original Assignee
Shenzhen Thinkive Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Thinkive Information Technology Co ltd filed Critical Shenzhen Thinkive Information Technology Co ltd
Priority to CN201810676723.1A priority Critical patent/CN108494811B/en
Publication of CN108494811A publication Critical patent/CN108494811A/en
Application granted granted Critical
Publication of CN108494811B publication Critical patent/CN108494811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The invention provides a data transmission security authentication method and a device, wherein the method comprises the following steps of performing digital certificate bidirectional authentication between a client and a server, wherein the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number; the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the legality of the client random number and the server random number; the client encrypts the interactive data using AESKey. In the technical scheme, the client and the server authenticate the user of the client through the digital certificate, and the authentication process adopts the asymmetric encryption technology for encryption, so that the data security is enhanced; the data is encrypted by the client random number generated by the client and the server random number generation key generated by the server, so that the data processing efficiency of the server can be improved, and a larger client user concurrency amount can be supported.

Description

Data transmission security authentication method and device
Technical Field
The present invention relates to a security authentication method and device, and more particularly, to a data transmission security authentication method and device.
Background
At present, an https protocol is generally adopted in data transmission security, https is an information security channel, a certificate bidirectional authentication mechanism is adopted to guarantee the security of data transmission, a signature technology is adopted to maintain the integrity of data, and the data is guaranteed not to be tampered in the transmission process. Because https is based on web application services, https-related mechanisms cannot be used for non-web applications, and https can only guarantee that data is prevented from being tampered during transmission and cannot achieve anti-replay.
Therefore, there is a need for further improvements in secure authentication of non-web application domain data transmission channels.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a data transmission security authentication method and device are provided.
In order to solve the technical problems, the invention adopts the technical scheme that: a data transmission security authentication method includes the steps of,
s20, performing digital certificate bidirectional authentication between the client and the server, wherein the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
s30, the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the validity of the client random number and the server random number;
and S40, encrypting the interactive data by the client by using the AESKey.
Preferably, the step S20 specifically includes,
s21, the client encrypts the client certificate and the client random number by the server public key and sends the client certificate and the client random number to the server;
s22, the server uses the server private key to decrypt the client certificate and the client random number, and judges whether the client certificate is issued by the server, if so, the client public key is obtained, otherwise, the connection is disconnected;
s23, the server generates a server random number, and the server encrypts the server certificate and the server random number by using the client public key and then sends the server certificate and the server random number to the client;
s24, the client decrypts the server certificate and the server random number by the private key, judges whether the server certificate is legal, acquires the server random number if the server certificate is legal, and disconnects if the server certificate is illegal.
Preferably, the step S30 specifically includes,
s31, the client generates an AESKey by the client random number and the server random number according to an agreed algorithm, and the server random number is encrypted by using the AES algorithm and the AESKey and then sent to the server;
s32, the server decrypts the encrypted server random number by using an AES algorithm and an AESKey, judges whether the server random number is the random number generated by the server or not, and disconnects the server if the server random number is not the random number generated by the server;
s33, the server encrypts the random number of the client by using an AES algorithm and an AESKey and sends the encrypted random number to the client;
s34, the client decrypts the encrypted client random number by using the AES algorithm and the AESKey, judges whether the client random number is the random number generated by the client or not, and disconnects the connection if the client random number is not the random number generated by the client.
Preferably, the data transmission security authentication method further comprises the steps of,
s10, the server generates a CA certificate and issues the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
A data transmission security authentication device comprises a data transmission unit,
the digital certificate authentication module is used for performing digital certificate bidirectional authentication between the client and the server, the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
the key generation module is used for generating an AESKey by the server according to the client random number and the server random number by an agreed algorithm and verifying the legality of the client random number and the server random number;
and the interactive data encryption module is used for encrypting the interactive data by using the AESKey by the client.
Preferably, the digital certificate authentication module specifically includes,
the client certificate encryption sending unit is used for encrypting and sending the client certificate and the client random number to the server by using a server public key by the client;
the client certificate verification unit is used for decrypting the client certificate and the client random number by the server through a server private key, judging whether the client certificate is issued by the server or not, if so, acquiring a client public key, and otherwise, disconnecting the connection;
the server random number generation encryption unit is used for generating a server random number by the server, and the server encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client;
and the server certificate verification unit is used for decrypting the server certificate and the server random number by using the private key by the client, judging whether the server certificate is legal or not, acquiring the server random number if the server certificate is legal, and disconnecting if the server certificate is illegal.
Preferably, the key generation module specifically comprises,
the key generation unit is used for generating an AESKey by the client side according to an agreed algorithm by the client side random number and the server random number, encrypting the server random number by using an AES algorithm and the AESKey, and then sending the server random number to the server;
the server random number verification unit is used for decrypting the encrypted server random number by using an AES algorithm and an AESKey and judging whether the server random number is the random number generated by the server or not, and if not, the server random number is disconnected;
the client random number encryption sending unit is used for encrypting the client random number by using an AES algorithm and an AESKey and then sending the encrypted client random number to the client;
and the client random number verification unit is used for decrypting the encrypted client random number by using an AES algorithm and an AESKey by the client, judging whether the client random number is the random number generated by the client or not, and disconnecting the client random number if the client random number is not the random number generated by the client.
Preferably, the data transmission security authentication device further comprises,
and the digital certificate issuing module is used for generating a CA certificate by the server and issuing the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
In the technical scheme of the invention, the client and the server authenticate the user of the client through the digital certificate, and the authentication process adopts the asymmetric encryption technology for encryption, so that the data security is enhanced; the data is encrypted by the client random number generated by the client and the server random number generation key generated by the server, so that the data processing efficiency of the server can be improved, and a larger client user concurrency amount can be supported.
Drawings
The following detailed description of the invention refers to the accompanying drawings.
FIG. 1 is a flow chart of a data transmission security authentication method according to an embodiment of the present invention;
FIG. 2 is a flow chart of digital certificate validation according to an embodiment of the present invention;
FIG. 3 is a flowchart of key generation verification according to an embodiment of the present invention;
FIG. 4 is a block diagram of a data transmission security authentication device according to an embodiment of the present invention;
FIG. 5 is a block diagram of a digital certificate authentication module according to an embodiment of the present invention;
fig. 6 is a block diagram of a key generation module according to an embodiment of the invention.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Referring to fig. 1, a data transmission security authentication method includes the steps of,
s20, performing digital certificate bidirectional authentication between the client and the server, wherein the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
s30, the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the validity of the client random number and the server random number;
and S40, encrypting the interactive data by the client by using the AESKey.
The technical scheme is based on the bidirectional authentication of the CA certificate, adopts the RSA + AES mixed encryption technology, can enhance the data security by using the RSA encryption, but has low encryption efficiency, and can greatly reduce the processing efficiency of the server and cannot support larger user concurrency if the RSA encryption is completely adopted to ensure the data security as an access server for connecting a large number of internet users. In order to improve the processing efficiency of the server and ensure the safety of data communication, the technical scheme adopts an RSA + AES mixed encryption technology, and the identity of a user and an AES handshake key are authenticated through RSA. Aiming at the security of a data encryption key, a single-point partial uploading mode is used, a complete AES data encryption key is not transmitted on the network, the complete AES data encryption key AESKey is generated by performing relevant calculation on a client random number, a server random number and a character identifier, and a CA certificate is generated by a server and issues a client certificate to a user; the AESKey is used for encrypting the data, and the encrypted data packet is provided with the identifier, so that the data can be effectively prevented from being replayed.
Example one
Referring to fig. 2, in one embodiment, the step S20 includes,
s21, the client encrypts the client certificate and the client random number by the server public key and sends the client certificate and the client random number to the server;
s22, the server uses the server private key to decrypt the client certificate and the client random number, and judges whether the client certificate is issued by the server, if so, the client public key is obtained, otherwise, the connection is disconnected;
s23, the server generates a server random number, and the server encrypts the server certificate and the server random number by using the client public key and then sends the server certificate and the server random number to the client;
s24, the client decrypts the server certificate and the server random number by the private key, judges whether the server certificate is legal, acquires the server random number if the server certificate is legal, and disconnects if the server certificate is illegal.
In this embodiment, the client certificate is generated by the server and directly sent to the client, the file packaged at the client includes the client certificate, the server certificate, and the random number generated by the client for the file by the client key, and the packaged file is encrypted by the server public key (obtained from the server certificate) and sent to the server. The server obtains the client certificate and the client random number, verifies whether the client certificate is issued by the server (verifies the serial number and the MD5 value of the client certificate, and the relevant information of the client certificate is configured in the server in advance), if so, obtains the public key of the client certificate, otherwise, disconnects the connection. And the server side uses a convention algorithm to generate the AESKey by the client random number and the server random number. The client uses the private key to decrypt the data sent by the server, verifies whether the server certificate sent by the server is consistent with the certificate locally packaged by the client, if so, the server random number is obtained, otherwise, the connection is disconnected.
Example two
Referring to fig. 3, in one embodiment, the step S30 includes,
s31, the client generates an AESKey by the client random number and the server random number according to an agreed algorithm, and the server random number is encrypted by using the AES algorithm and the AESKey and then sent to the server;
s32, the server decrypts the encrypted server random number by using an AES algorithm and an AESKey, judges whether the server random number is the random number generated by the server or not, and disconnects the server if the server random number is not the random number generated by the server;
s33, the server encrypts the random number of the client by using an AES algorithm and an AESKey and sends the encrypted random number to the client;
s34, the client decrypts the encrypted client random number by using the AES algorithm and the AESKey, judges whether the client random number is the random number generated by the client or not, and disconnects the connection if the client random number is not the random number generated by the client.
In this embodiment, the key used for generating the data encryption is verified for multiple times by the random number for generating the key, so that the security of the key is ensured, and meanwhile, the security of the encrypted data can be ensured.
EXAMPLE III
In a specific embodiment, the data transmission security authentication method further comprises the steps of,
s10, the server generates a CA certificate and issues the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
In this embodiment, the server generates a CA certificate, and the certificate is directly packaged to the client after being generated, where the packaged file includes a server certificate, a client certificate, and a client key pair file.
Referring to fig. 4, a data transmission security authentication device includes,
the digital certificate authentication module is used for performing digital certificate bidirectional authentication between the client and the server, the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
the key generation module is used for generating an AESKey by the server according to the client random number and the server random number by an agreed algorithm and verifying the legality of the client random number and the server random number;
and the interactive data encryption module is used for encrypting the interactive data by using the AESKey by the client.
The technical scheme is based on the bidirectional authentication of the CA certificate, adopts the RSA + AES mixed encryption technology, and the digital certificate authentication module uses the RSA encryption to enhance the data security, but has low encryption efficiency, and can be used as an access server to be connected with a large number of internet users, if the RSA encryption is completely adopted to ensure the data security, the processing efficiency of the server is greatly reduced, and larger user concurrency can not be supported. In order to improve the processing efficiency of the server and ensure the safety of data communication, the technical scheme adopts an RSA + AES mixed encryption technology, and the identity of a user and an AES handshake key are authenticated through RSA. Aiming at the security of a data encryption key, a single-point partial uploading mode is used, a complete AES data encryption key is not transmitted on the network, the complete AES data encryption key AESKey is generated by performing relevant calculation on a client random number, a server random number and a character identifier, and a CA certificate is generated by a server and issues a client certificate to a user; the interactive data encryption module encrypts data by using the AESKey generated by the key generation module, and the encrypted data packet is provided with an identifier, so that data playback can be effectively prevented.
Example four
Referring to fig. 5, in one embodiment, the digital certificate authentication module includes,
the client certificate encryption sending unit is used for encrypting and sending the client certificate and the client random number to the server by using a server public key by the client;
the client certificate verification unit is used for decrypting the client certificate and the client random number by the server through a server private key, judging whether the client certificate is issued by the server or not, if so, acquiring a client public key, and otherwise, disconnecting the connection;
the server random number generation encryption unit is used for generating a server random number by the server, and the server encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client;
and the server certificate verification unit is used for decrypting the server certificate and the server random number by using the private key by the client, judging whether the server certificate is legal or not, acquiring the server random number if the server certificate is legal, and disconnecting if the server certificate is illegal.
In this embodiment, the client certificate is generated by the server and directly sent to the client, the file packaged at the client includes the client certificate, the server certificate, and the random number generated by the client for the file by the client key, and the client certificate encryption sending unit encrypts the file by using the server public key (obtained from the server certificate) and sends the encrypted file to the server. The client certificate verification unit obtains a client certificate and a client random number, verifies whether the client certificate is issued by the server (verifies the serial number and the MD5 value of the client certificate, and the relevant information of the client certificate is configured in the server in advance), if so, obtains a public key of the client certificate, otherwise, disconnects the connection. The server random number generation encryption unit generates a client random number, and generates an AESKey by using a convention algorithm for the client random number and the server random number. And the server certificate verification unit decrypts the data sent by the server by using the client private key, verifies whether the server certificate sent by the server is consistent with the certificate locally packaged by the client, acquires the server random number if the server certificate sent by the server is consistent with the certificate locally packaged by the client, and otherwise, disconnects the connection.
EXAMPLE five
Referring to fig. 6, in one embodiment, the key generation module includes,
the key generation unit is used for generating an AESKey by the client side according to an agreed algorithm by the client side random number and the server random number, encrypting the server random number by using an AES algorithm and the AESKey, and then sending the server random number to the server;
the server random number verification unit is used for decrypting the encrypted server random number by using an AES algorithm and an AESKey and judging whether the server random number is the random number generated by the server or not, and if not, the server random number is disconnected;
the client random number encryption sending unit is used for encrypting the client random number by using an AES algorithm and an AESKey and then sending the encrypted client random number to the client;
and the client random number verification unit is used for decrypting the encrypted client random number by using an AES algorithm and an AESKey by the client, judging whether the client random number is the random number generated by the client or not, and disconnecting the client random number if the client random number is not the random number generated by the client.
In this embodiment, the key used for generating the data encryption is verified for multiple times by the random number for generating the key, so that the security of the key is ensured, and meanwhile, the security of the encrypted data can be ensured.
EXAMPLE six
In one embodiment, the data transmission security authentication device further comprises,
and the digital certificate issuing module is used for generating a CA certificate by the server and issuing the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
In this embodiment, the digital certificate issuing module of the server generates a CA certificate, and the certificate is directly packaged to the client after being generated, where the packaged file includes a server certificate, a client certificate, and a client key pair file.
In summary, in the embodiment of the present invention, the client and the server authenticate the user of the client through the digital certificate, and the authentication process adopts the asymmetric encryption technology for encryption, so that the security of data is enhanced; the data is encrypted by the client random number generated by the client and the server random number generated by the server to generate the key, so that the data processing efficiency of the server can be improved, a larger client user concurrency amount can be supported, and the problems of client user identity authentication, data stealing and tampering prevention, data replay attack and the like are solved.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (4)

1. A data transmission security authentication method is characterized in that: comprises the steps of (a) carrying out,
s20, performing digital certificate mutual authentication between the client and the server, wherein the digital certificate mutual authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number; the server decrypts the client certificate and the client random number by using a server private key, judges whether the client certificate is issued by the server, acquires the client random number if the client certificate is issued by the server, and disconnects the client random number if the client certificate is not issued by the server; the server generates a server random number, encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client; the client decrypts the server certificate and the server random number by using the client private key, judges whether the server certificate is legal or not, acquires the server random number if the server certificate is legal, and disconnects the server if the server certificate is illegal;
s30, the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the validity of the client random number and the server random number, which specifically comprises the following steps: s31, the client generates an AESKey by the client random number and the server random number according to an agreed algorithm, and the server random number is encrypted by using the AES algorithm and the AESKey and then sent to the server; s32, the server decrypts the encrypted server random number by using an AES algorithm and an AESKey, judges whether the server random number is the random number generated by the server or not, and disconnects the server if the server random number is not the random number generated by the server; s33, the server encrypts the random number of the client by using an AES algorithm and an AESKey and sends the encrypted random number to the client; s34, the client decrypts the encrypted client random number by using an AES algorithm and an AESKey, judges whether the client random number is the random number generated by the client or not, and disconnects the client random number if the client random number is not the random number generated by the client;
and S40, encrypting the interactive data by the client by using the AESKey.
2. The data transmission security authentication method of claim 1, wherein: the method also comprises the step of carrying out the following steps,
s10, the server generates a CA certificate and issues the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
3. A data transmission security authentication device, characterized by: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
the digital certificate authentication module is used for performing digital certificate bidirectional authentication between a client and a server, the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, the server generates a server random number, and the digital certificate authentication module specifically comprises a client certificate encryption sending unit used for encrypting and sending the client certificate and the client random number to the server by using a server public key by the client; the client certificate verification unit is used for decrypting the client certificate and the client random number by the server through a server private key, judging whether the client certificate is issued by the server or not, if so, acquiring the client random number, and otherwise, disconnecting the connection; the server random number generation encryption unit is used for generating a server random number by the server, and the server encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client; the server certificate verification unit is used for decrypting the server certificate and the server random number by using a client private key at the client, judging whether the server certificate is legal or not, acquiring the server random number if the server certificate is legal, and disconnecting the server random number if the server certificate is legal;
the key generation module is used for the server to generate an AESKey by the client random number and the server random number according to an agreed algorithm, and to verify the validity of the client random number and the server random number, and specifically comprises: the key generation unit is used for generating an AESKey by the client side according to an agreed algorithm by the client side random number and the server random number, encrypting the server random number by using an AES algorithm and the AESKey, and then sending the server random number to the server; the server random number verification unit is used for decrypting the encrypted server random number by using an AES algorithm and an AESKey and judging whether the server random number is the random number generated by the server or not, and if not, the server random number is disconnected; the client random number encryption sending unit is used for encrypting the client random number by using an AES algorithm and an AESKey and then sending the encrypted client random number to the client; the client random number verification unit is used for decrypting the encrypted client random number by using an AES algorithm and an AESKey by the client, judging whether the client random number is the random number generated by the client or not, and disconnecting the client random number if the client random number is not the random number generated by the client;
and the interactive data encryption module is used for encrypting the interactive data by using the AESKey by the client.
4. The data transmission security authentication device of claim 3, wherein: also comprises the following steps of (1) preparing,
and the digital certificate issuing module is used for generating a CA certificate by the server and issuing the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
CN201810676723.1A 2018-06-27 2018-06-27 Data transmission security authentication method and device Active CN108494811B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810676723.1A CN108494811B (en) 2018-06-27 2018-06-27 Data transmission security authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810676723.1A CN108494811B (en) 2018-06-27 2018-06-27 Data transmission security authentication method and device

Publications (2)

Publication Number Publication Date
CN108494811A CN108494811A (en) 2018-09-04
CN108494811B true CN108494811B (en) 2021-06-18

Family

ID=63343297

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810676723.1A Active CN108494811B (en) 2018-06-27 2018-06-27 Data transmission security authentication method and device

Country Status (1)

Country Link
CN (1) CN108494811B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756500B (en) * 2019-01-11 2021-02-02 如般量子科技有限公司 Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools
CN109861813B (en) * 2019-01-11 2021-08-10 如般量子科技有限公司 Anti-quantum computing HTTPS communication method and system based on asymmetric key pool
CN110035071A (en) * 2019-03-26 2019-07-19 南瑞集团有限公司 A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system
CN110113339A (en) * 2019-05-08 2019-08-09 北京百度网讯科技有限公司 Elevator information display terminal letter of identity acquisition methods and device
CN111526007B (en) * 2020-03-26 2022-02-11 郑州信大捷安信息技术股份有限公司 Random number generation method and system
CN112333152A (en) * 2020-10-13 2021-02-05 西安电子科技大学 Bidirectional authentication method, system, medium, computer device, terminal and application
CN112559555B (en) * 2020-12-31 2022-04-08 郑州信大捷安信息技术股份有限公司 Safe and reliable data acquisition aggregation query method and system
CN114095202B (en) * 2021-10-09 2024-04-12 浪潮软件股份有限公司 Method for rapidly authenticating client-server architecture
CN114070568A (en) * 2021-11-04 2022-02-18 北京百度网讯科技有限公司 Data processing method and device, electronic equipment and storage medium
CN113905094B (en) * 2021-12-07 2022-09-20 航天云网数据研究院(广东)有限公司 Industrial Internet integration method, device and system
CN115499250B (en) * 2022-11-17 2023-03-31 北京搜狐新动力信息技术有限公司 Data encryption method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1787525A (en) * 2005-11-15 2006-06-14 上海格尔软件股份有限公司 Method for application of double certificate in SSL protocol
CN101523800A (en) * 2006-10-10 2009-09-02 高通股份有限公司 Method and apparatus for mutual authentication
CN103491094A (en) * 2013-09-26 2014-01-01 成都三零瑞通移动通信有限公司 Rapid identity authentication method based on C/S mode
CN106790173A (en) * 2016-12-29 2017-05-31 浙江中控技术股份有限公司 A kind of method and system of SCADA system and its RTU controller bidirectional identity authentications
CN107302541A (en) * 2017-07-31 2017-10-27 成都蓝码科技发展有限公司 A kind of data encryption and transmission method based on http protocol

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3337119B1 (en) * 2016-12-13 2019-09-11 Nxp B.V. Updating and distributing secret keys in a distributed network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1787525A (en) * 2005-11-15 2006-06-14 上海格尔软件股份有限公司 Method for application of double certificate in SSL protocol
CN101523800A (en) * 2006-10-10 2009-09-02 高通股份有限公司 Method and apparatus for mutual authentication
CN103491094A (en) * 2013-09-26 2014-01-01 成都三零瑞通移动通信有限公司 Rapid identity authentication method based on C/S mode
CN106790173A (en) * 2016-12-29 2017-05-31 浙江中控技术股份有限公司 A kind of method and system of SCADA system and its RTU controller bidirectional identity authentications
CN107302541A (en) * 2017-07-31 2017-10-27 成都蓝码科技发展有限公司 A kind of data encryption and transmission method based on http protocol

Also Published As

Publication number Publication date
CN108494811A (en) 2018-09-04

Similar Documents

Publication Publication Date Title
CN108494811B (en) Data transmission security authentication method and device
US11757662B2 (en) Confidential authentication and provisioning
CN109309565B (en) Security authentication method and device
US10050955B2 (en) Efficient start-up for secured connections and related services
WO2018077086A1 (en) Data transmission method, apparatus and system
CN103763356B (en) A kind of SSL establishment of connection method, apparatus and system
KR101434569B1 (en) Apparatus and method for providing security service in home network
CN101212293B (en) Identity authentication method and system
JP5845393B2 (en) Cryptographic communication apparatus and cryptographic communication system
CN108809633B (en) Identity authentication method, device and system
CN104219041A (en) Data transmission encryption method applicable for mobile internet
KR20080050936A (en) Method for transmitting data through authenticating and apparatus therefor
CN102833246A (en) Social video information security method and system
WO2014187206A1 (en) Method and system for backing up private key in electronic signature token
CN102811224A (en) Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection
CN108809936B (en) Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof
CN108551391B (en) Authentication method based on USB-key
KR20090024482A (en) Key management system for using content and method thereof
CN114826659A (en) Encryption communication method and system
CN114650173A (en) Encryption communication method and system
CN114282189A (en) Data security storage method, system, client and server
CN111447060A (en) Electronic document distribution method based on proxy re-encryption
CN106303575B (en) Video encryption system based on domestic commercial cipher module and implementation method
CN215010302U (en) Safety certification equipment of power distribution internet of things based on block chain
CN107454063B (en) User interaction authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant