CN108494811B - Data transmission security authentication method and device - Google Patents
Data transmission security authentication method and device Download PDFInfo
- Publication number
- CN108494811B CN108494811B CN201810676723.1A CN201810676723A CN108494811B CN 108494811 B CN108494811 B CN 108494811B CN 201810676723 A CN201810676723 A CN 201810676723A CN 108494811 B CN108494811 B CN 108494811B
- Authority
- CN
- China
- Prior art keywords
- server
- client
- random number
- certificate
- aeskey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Abstract
The invention provides a data transmission security authentication method and a device, wherein the method comprises the following steps of performing digital certificate bidirectional authentication between a client and a server, wherein the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number; the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the legality of the client random number and the server random number; the client encrypts the interactive data using AESKey. In the technical scheme, the client and the server authenticate the user of the client through the digital certificate, and the authentication process adopts the asymmetric encryption technology for encryption, so that the data security is enhanced; the data is encrypted by the client random number generated by the client and the server random number generation key generated by the server, so that the data processing efficiency of the server can be improved, and a larger client user concurrency amount can be supported.
Description
Technical Field
The present invention relates to a security authentication method and device, and more particularly, to a data transmission security authentication method and device.
Background
At present, an https protocol is generally adopted in data transmission security, https is an information security channel, a certificate bidirectional authentication mechanism is adopted to guarantee the security of data transmission, a signature technology is adopted to maintain the integrity of data, and the data is guaranteed not to be tampered in the transmission process. Because https is based on web application services, https-related mechanisms cannot be used for non-web applications, and https can only guarantee that data is prevented from being tampered during transmission and cannot achieve anti-replay.
Therefore, there is a need for further improvements in secure authentication of non-web application domain data transmission channels.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a data transmission security authentication method and device are provided.
In order to solve the technical problems, the invention adopts the technical scheme that: a data transmission security authentication method includes the steps of,
s20, performing digital certificate bidirectional authentication between the client and the server, wherein the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
s30, the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the validity of the client random number and the server random number;
and S40, encrypting the interactive data by the client by using the AESKey.
Preferably, the step S20 specifically includes,
s21, the client encrypts the client certificate and the client random number by the server public key and sends the client certificate and the client random number to the server;
s22, the server uses the server private key to decrypt the client certificate and the client random number, and judges whether the client certificate is issued by the server, if so, the client public key is obtained, otherwise, the connection is disconnected;
s23, the server generates a server random number, and the server encrypts the server certificate and the server random number by using the client public key and then sends the server certificate and the server random number to the client;
s24, the client decrypts the server certificate and the server random number by the private key, judges whether the server certificate is legal, acquires the server random number if the server certificate is legal, and disconnects if the server certificate is illegal.
Preferably, the step S30 specifically includes,
s31, the client generates an AESKey by the client random number and the server random number according to an agreed algorithm, and the server random number is encrypted by using the AES algorithm and the AESKey and then sent to the server;
s32, the server decrypts the encrypted server random number by using an AES algorithm and an AESKey, judges whether the server random number is the random number generated by the server or not, and disconnects the server if the server random number is not the random number generated by the server;
s33, the server encrypts the random number of the client by using an AES algorithm and an AESKey and sends the encrypted random number to the client;
s34, the client decrypts the encrypted client random number by using the AES algorithm and the AESKey, judges whether the client random number is the random number generated by the client or not, and disconnects the connection if the client random number is not the random number generated by the client.
Preferably, the data transmission security authentication method further comprises the steps of,
s10, the server generates a CA certificate and issues the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
A data transmission security authentication device comprises a data transmission unit,
the digital certificate authentication module is used for performing digital certificate bidirectional authentication between the client and the server, the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
the key generation module is used for generating an AESKey by the server according to the client random number and the server random number by an agreed algorithm and verifying the legality of the client random number and the server random number;
and the interactive data encryption module is used for encrypting the interactive data by using the AESKey by the client.
Preferably, the digital certificate authentication module specifically includes,
the client certificate encryption sending unit is used for encrypting and sending the client certificate and the client random number to the server by using a server public key by the client;
the client certificate verification unit is used for decrypting the client certificate and the client random number by the server through a server private key, judging whether the client certificate is issued by the server or not, if so, acquiring a client public key, and otherwise, disconnecting the connection;
the server random number generation encryption unit is used for generating a server random number by the server, and the server encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client;
and the server certificate verification unit is used for decrypting the server certificate and the server random number by using the private key by the client, judging whether the server certificate is legal or not, acquiring the server random number if the server certificate is legal, and disconnecting if the server certificate is illegal.
Preferably, the key generation module specifically comprises,
the key generation unit is used for generating an AESKey by the client side according to an agreed algorithm by the client side random number and the server random number, encrypting the server random number by using an AES algorithm and the AESKey, and then sending the server random number to the server;
the server random number verification unit is used for decrypting the encrypted server random number by using an AES algorithm and an AESKey and judging whether the server random number is the random number generated by the server or not, and if not, the server random number is disconnected;
the client random number encryption sending unit is used for encrypting the client random number by using an AES algorithm and an AESKey and then sending the encrypted client random number to the client;
and the client random number verification unit is used for decrypting the encrypted client random number by using an AES algorithm and an AESKey by the client, judging whether the client random number is the random number generated by the client or not, and disconnecting the client random number if the client random number is not the random number generated by the client.
Preferably, the data transmission security authentication device further comprises,
and the digital certificate issuing module is used for generating a CA certificate by the server and issuing the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
In the technical scheme of the invention, the client and the server authenticate the user of the client through the digital certificate, and the authentication process adopts the asymmetric encryption technology for encryption, so that the data security is enhanced; the data is encrypted by the client random number generated by the client and the server random number generation key generated by the server, so that the data processing efficiency of the server can be improved, and a larger client user concurrency amount can be supported.
Drawings
The following detailed description of the invention refers to the accompanying drawings.
FIG. 1 is a flow chart of a data transmission security authentication method according to an embodiment of the present invention;
FIG. 2 is a flow chart of digital certificate validation according to an embodiment of the present invention;
FIG. 3 is a flowchart of key generation verification according to an embodiment of the present invention;
FIG. 4 is a block diagram of a data transmission security authentication device according to an embodiment of the present invention;
FIG. 5 is a block diagram of a digital certificate authentication module according to an embodiment of the present invention;
fig. 6 is a block diagram of a key generation module according to an embodiment of the invention.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
Referring to fig. 1, a data transmission security authentication method includes the steps of,
s20, performing digital certificate bidirectional authentication between the client and the server, wherein the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
s30, the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the validity of the client random number and the server random number;
and S40, encrypting the interactive data by the client by using the AESKey.
The technical scheme is based on the bidirectional authentication of the CA certificate, adopts the RSA + AES mixed encryption technology, can enhance the data security by using the RSA encryption, but has low encryption efficiency, and can greatly reduce the processing efficiency of the server and cannot support larger user concurrency if the RSA encryption is completely adopted to ensure the data security as an access server for connecting a large number of internet users. In order to improve the processing efficiency of the server and ensure the safety of data communication, the technical scheme adopts an RSA + AES mixed encryption technology, and the identity of a user and an AES handshake key are authenticated through RSA. Aiming at the security of a data encryption key, a single-point partial uploading mode is used, a complete AES data encryption key is not transmitted on the network, the complete AES data encryption key AESKey is generated by performing relevant calculation on a client random number, a server random number and a character identifier, and a CA certificate is generated by a server and issues a client certificate to a user; the AESKey is used for encrypting the data, and the encrypted data packet is provided with the identifier, so that the data can be effectively prevented from being replayed.
Example one
Referring to fig. 2, in one embodiment, the step S20 includes,
s21, the client encrypts the client certificate and the client random number by the server public key and sends the client certificate and the client random number to the server;
s22, the server uses the server private key to decrypt the client certificate and the client random number, and judges whether the client certificate is issued by the server, if so, the client public key is obtained, otherwise, the connection is disconnected;
s23, the server generates a server random number, and the server encrypts the server certificate and the server random number by using the client public key and then sends the server certificate and the server random number to the client;
s24, the client decrypts the server certificate and the server random number by the private key, judges whether the server certificate is legal, acquires the server random number if the server certificate is legal, and disconnects if the server certificate is illegal.
In this embodiment, the client certificate is generated by the server and directly sent to the client, the file packaged at the client includes the client certificate, the server certificate, and the random number generated by the client for the file by the client key, and the packaged file is encrypted by the server public key (obtained from the server certificate) and sent to the server. The server obtains the client certificate and the client random number, verifies whether the client certificate is issued by the server (verifies the serial number and the MD5 value of the client certificate, and the relevant information of the client certificate is configured in the server in advance), if so, obtains the public key of the client certificate, otherwise, disconnects the connection. And the server side uses a convention algorithm to generate the AESKey by the client random number and the server random number. The client uses the private key to decrypt the data sent by the server, verifies whether the server certificate sent by the server is consistent with the certificate locally packaged by the client, if so, the server random number is obtained, otherwise, the connection is disconnected.
Example two
Referring to fig. 3, in one embodiment, the step S30 includes,
s31, the client generates an AESKey by the client random number and the server random number according to an agreed algorithm, and the server random number is encrypted by using the AES algorithm and the AESKey and then sent to the server;
s32, the server decrypts the encrypted server random number by using an AES algorithm and an AESKey, judges whether the server random number is the random number generated by the server or not, and disconnects the server if the server random number is not the random number generated by the server;
s33, the server encrypts the random number of the client by using an AES algorithm and an AESKey and sends the encrypted random number to the client;
s34, the client decrypts the encrypted client random number by using the AES algorithm and the AESKey, judges whether the client random number is the random number generated by the client or not, and disconnects the connection if the client random number is not the random number generated by the client.
In this embodiment, the key used for generating the data encryption is verified for multiple times by the random number for generating the key, so that the security of the key is ensured, and meanwhile, the security of the encrypted data can be ensured.
EXAMPLE III
In a specific embodiment, the data transmission security authentication method further comprises the steps of,
s10, the server generates a CA certificate and issues the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
In this embodiment, the server generates a CA certificate, and the certificate is directly packaged to the client after being generated, where the packaged file includes a server certificate, a client certificate, and a client key pair file.
Referring to fig. 4, a data transmission security authentication device includes,
the digital certificate authentication module is used for performing digital certificate bidirectional authentication between the client and the server, the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number;
the key generation module is used for generating an AESKey by the server according to the client random number and the server random number by an agreed algorithm and verifying the legality of the client random number and the server random number;
and the interactive data encryption module is used for encrypting the interactive data by using the AESKey by the client.
The technical scheme is based on the bidirectional authentication of the CA certificate, adopts the RSA + AES mixed encryption technology, and the digital certificate authentication module uses the RSA encryption to enhance the data security, but has low encryption efficiency, and can be used as an access server to be connected with a large number of internet users, if the RSA encryption is completely adopted to ensure the data security, the processing efficiency of the server is greatly reduced, and larger user concurrency can not be supported. In order to improve the processing efficiency of the server and ensure the safety of data communication, the technical scheme adopts an RSA + AES mixed encryption technology, and the identity of a user and an AES handshake key are authenticated through RSA. Aiming at the security of a data encryption key, a single-point partial uploading mode is used, a complete AES data encryption key is not transmitted on the network, the complete AES data encryption key AESKey is generated by performing relevant calculation on a client random number, a server random number and a character identifier, and a CA certificate is generated by a server and issues a client certificate to a user; the interactive data encryption module encrypts data by using the AESKey generated by the key generation module, and the encrypted data packet is provided with an identifier, so that data playback can be effectively prevented.
Example four
Referring to fig. 5, in one embodiment, the digital certificate authentication module includes,
the client certificate encryption sending unit is used for encrypting and sending the client certificate and the client random number to the server by using a server public key by the client;
the client certificate verification unit is used for decrypting the client certificate and the client random number by the server through a server private key, judging whether the client certificate is issued by the server or not, if so, acquiring a client public key, and otherwise, disconnecting the connection;
the server random number generation encryption unit is used for generating a server random number by the server, and the server encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client;
and the server certificate verification unit is used for decrypting the server certificate and the server random number by using the private key by the client, judging whether the server certificate is legal or not, acquiring the server random number if the server certificate is legal, and disconnecting if the server certificate is illegal.
In this embodiment, the client certificate is generated by the server and directly sent to the client, the file packaged at the client includes the client certificate, the server certificate, and the random number generated by the client for the file by the client key, and the client certificate encryption sending unit encrypts the file by using the server public key (obtained from the server certificate) and sends the encrypted file to the server. The client certificate verification unit obtains a client certificate and a client random number, verifies whether the client certificate is issued by the server (verifies the serial number and the MD5 value of the client certificate, and the relevant information of the client certificate is configured in the server in advance), if so, obtains a public key of the client certificate, otherwise, disconnects the connection. The server random number generation encryption unit generates a client random number, and generates an AESKey by using a convention algorithm for the client random number and the server random number. And the server certificate verification unit decrypts the data sent by the server by using the client private key, verifies whether the server certificate sent by the server is consistent with the certificate locally packaged by the client, acquires the server random number if the server certificate sent by the server is consistent with the certificate locally packaged by the client, and otherwise, disconnects the connection.
EXAMPLE five
Referring to fig. 6, in one embodiment, the key generation module includes,
the key generation unit is used for generating an AESKey by the client side according to an agreed algorithm by the client side random number and the server random number, encrypting the server random number by using an AES algorithm and the AESKey, and then sending the server random number to the server;
the server random number verification unit is used for decrypting the encrypted server random number by using an AES algorithm and an AESKey and judging whether the server random number is the random number generated by the server or not, and if not, the server random number is disconnected;
the client random number encryption sending unit is used for encrypting the client random number by using an AES algorithm and an AESKey and then sending the encrypted client random number to the client;
and the client random number verification unit is used for decrypting the encrypted client random number by using an AES algorithm and an AESKey by the client, judging whether the client random number is the random number generated by the client or not, and disconnecting the client random number if the client random number is not the random number generated by the client.
In this embodiment, the key used for generating the data encryption is verified for multiple times by the random number for generating the key, so that the security of the key is ensured, and meanwhile, the security of the encrypted data can be ensured.
EXAMPLE six
In one embodiment, the data transmission security authentication device further comprises,
and the digital certificate issuing module is used for generating a CA certificate by the server and issuing the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
In this embodiment, the digital certificate issuing module of the server generates a CA certificate, and the certificate is directly packaged to the client after being generated, where the packaged file includes a server certificate, a client certificate, and a client key pair file.
In summary, in the embodiment of the present invention, the client and the server authenticate the user of the client through the digital certificate, and the authentication process adopts the asymmetric encryption technology for encryption, so that the security of data is enhanced; the data is encrypted by the client random number generated by the client and the server random number generated by the server to generate the key, so that the data processing efficiency of the server can be improved, a larger client user concurrency amount can be supported, and the problems of client user identity authentication, data stealing and tampering prevention, data replay attack and the like are solved.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (4)
1. A data transmission security authentication method is characterized in that: comprises the steps of (a) carrying out,
s20, performing digital certificate mutual authentication between the client and the server, wherein the digital certificate mutual authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, and the server generates a server random number; the server decrypts the client certificate and the client random number by using a server private key, judges whether the client certificate is issued by the server, acquires the client random number if the client certificate is issued by the server, and disconnects the client random number if the client certificate is not issued by the server; the server generates a server random number, encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client; the client decrypts the server certificate and the server random number by using the client private key, judges whether the server certificate is legal or not, acquires the server random number if the server certificate is legal, and disconnects the server if the server certificate is illegal;
s30, the server generates an AESKey by the client random number and the server random number according to an agreed algorithm, and verifies the validity of the client random number and the server random number, which specifically comprises the following steps: s31, the client generates an AESKey by the client random number and the server random number according to an agreed algorithm, and the server random number is encrypted by using the AES algorithm and the AESKey and then sent to the server; s32, the server decrypts the encrypted server random number by using an AES algorithm and an AESKey, judges whether the server random number is the random number generated by the server or not, and disconnects the server if the server random number is not the random number generated by the server; s33, the server encrypts the random number of the client by using an AES algorithm and an AESKey and sends the encrypted random number to the client; s34, the client decrypts the encrypted client random number by using an AES algorithm and an AESKey, judges whether the client random number is the random number generated by the client or not, and disconnects the client random number if the client random number is not the random number generated by the client;
and S40, encrypting the interactive data by the client by using the AESKey.
2. The data transmission security authentication method of claim 1, wherein: the method also comprises the step of carrying out the following steps,
s10, the server generates a CA certificate and issues the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
3. A data transmission security authentication device, characterized by: comprises the steps of (a) preparing a mixture of a plurality of raw materials,
the digital certificate authentication module is used for performing digital certificate bidirectional authentication between a client and a server, the digital certificate bidirectional authentication is encrypted by adopting an asymmetric algorithm, the client generates a client random number, the server generates a server random number, and the digital certificate authentication module specifically comprises a client certificate encryption sending unit used for encrypting and sending the client certificate and the client random number to the server by using a server public key by the client; the client certificate verification unit is used for decrypting the client certificate and the client random number by the server through a server private key, judging whether the client certificate is issued by the server or not, if so, acquiring the client random number, and otherwise, disconnecting the connection; the server random number generation encryption unit is used for generating a server random number by the server, and the server encrypts a server certificate and the server random number by using a client public key and then sends the server certificate and the server random number to the client; the server certificate verification unit is used for decrypting the server certificate and the server random number by using a client private key at the client, judging whether the server certificate is legal or not, acquiring the server random number if the server certificate is legal, and disconnecting the server random number if the server certificate is legal;
the key generation module is used for the server to generate an AESKey by the client random number and the server random number according to an agreed algorithm, and to verify the validity of the client random number and the server random number, and specifically comprises: the key generation unit is used for generating an AESKey by the client side according to an agreed algorithm by the client side random number and the server random number, encrypting the server random number by using an AES algorithm and the AESKey, and then sending the server random number to the server; the server random number verification unit is used for decrypting the encrypted server random number by using an AES algorithm and an AESKey and judging whether the server random number is the random number generated by the server or not, and if not, the server random number is disconnected; the client random number encryption sending unit is used for encrypting the client random number by using an AES algorithm and an AESKey and then sending the encrypted client random number to the client; the client random number verification unit is used for decrypting the encrypted client random number by using an AES algorithm and an AESKey by the client, judging whether the client random number is the random number generated by the client or not, and disconnecting the client random number if the client random number is not the random number generated by the client;
and the interactive data encryption module is used for encrypting the interactive data by using the AESKey by the client.
4. The data transmission security authentication device of claim 3, wherein: also comprises the following steps of (1) preparing,
and the digital certificate issuing module is used for generating a CA certificate by the server and issuing the CA certificate to the client, wherein the CA certificate comprises a client certificate and a server certificate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810676723.1A CN108494811B (en) | 2018-06-27 | 2018-06-27 | Data transmission security authentication method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810676723.1A CN108494811B (en) | 2018-06-27 | 2018-06-27 | Data transmission security authentication method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108494811A CN108494811A (en) | 2018-09-04 |
CN108494811B true CN108494811B (en) | 2021-06-18 |
Family
ID=63343297
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810676723.1A Active CN108494811B (en) | 2018-06-27 | 2018-06-27 | Data transmission security authentication method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108494811B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109756500B (en) * | 2019-01-11 | 2021-02-02 | 如般量子科技有限公司 | Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools |
CN109861813B (en) * | 2019-01-11 | 2021-08-10 | 如般量子科技有限公司 | Anti-quantum computing HTTPS communication method and system based on asymmetric key pool |
CN110035071A (en) * | 2019-03-26 | 2019-07-19 | 南瑞集团有限公司 | A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system |
CN110113339A (en) * | 2019-05-08 | 2019-08-09 | 北京百度网讯科技有限公司 | Elevator information display terminal letter of identity acquisition methods and device |
CN111526007B (en) * | 2020-03-26 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | Random number generation method and system |
CN112333152A (en) * | 2020-10-13 | 2021-02-05 | 西安电子科技大学 | Bidirectional authentication method, system, medium, computer device, terminal and application |
CN112559555B (en) * | 2020-12-31 | 2022-04-08 | 郑州信大捷安信息技术股份有限公司 | Safe and reliable data acquisition aggregation query method and system |
CN114095202B (en) * | 2021-10-09 | 2024-04-12 | 浪潮软件股份有限公司 | Method for rapidly authenticating client-server architecture |
CN114070568A (en) * | 2021-11-04 | 2022-02-18 | 北京百度网讯科技有限公司 | Data processing method and device, electronic equipment and storage medium |
CN113905094B (en) * | 2021-12-07 | 2022-09-20 | 航天云网数据研究院(广东)有限公司 | Industrial Internet integration method, device and system |
CN115499250B (en) * | 2022-11-17 | 2023-03-31 | 北京搜狐新动力信息技术有限公司 | Data encryption method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1787525A (en) * | 2005-11-15 | 2006-06-14 | 上海格尔软件股份有限公司 | Method for application of double certificate in SSL protocol |
CN101523800A (en) * | 2006-10-10 | 2009-09-02 | 高通股份有限公司 | Method and apparatus for mutual authentication |
CN103491094A (en) * | 2013-09-26 | 2014-01-01 | 成都三零瑞通移动通信有限公司 | Rapid identity authentication method based on C/S mode |
CN106790173A (en) * | 2016-12-29 | 2017-05-31 | 浙江中控技术股份有限公司 | A kind of method and system of SCADA system and its RTU controller bidirectional identity authentications |
CN107302541A (en) * | 2017-07-31 | 2017-10-27 | 成都蓝码科技发展有限公司 | A kind of data encryption and transmission method based on http protocol |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3337119B1 (en) * | 2016-12-13 | 2019-09-11 | Nxp B.V. | Updating and distributing secret keys in a distributed network |
-
2018
- 2018-06-27 CN CN201810676723.1A patent/CN108494811B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1787525A (en) * | 2005-11-15 | 2006-06-14 | 上海格尔软件股份有限公司 | Method for application of double certificate in SSL protocol |
CN101523800A (en) * | 2006-10-10 | 2009-09-02 | 高通股份有限公司 | Method and apparatus for mutual authentication |
CN103491094A (en) * | 2013-09-26 | 2014-01-01 | 成都三零瑞通移动通信有限公司 | Rapid identity authentication method based on C/S mode |
CN106790173A (en) * | 2016-12-29 | 2017-05-31 | 浙江中控技术股份有限公司 | A kind of method and system of SCADA system and its RTU controller bidirectional identity authentications |
CN107302541A (en) * | 2017-07-31 | 2017-10-27 | 成都蓝码科技发展有限公司 | A kind of data encryption and transmission method based on http protocol |
Also Published As
Publication number | Publication date |
---|---|
CN108494811A (en) | 2018-09-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108494811B (en) | Data transmission security authentication method and device | |
US11757662B2 (en) | Confidential authentication and provisioning | |
CN109309565B (en) | Security authentication method and device | |
US10050955B2 (en) | Efficient start-up for secured connections and related services | |
WO2018077086A1 (en) | Data transmission method, apparatus and system | |
CN103763356B (en) | A kind of SSL establishment of connection method, apparatus and system | |
KR101434569B1 (en) | Apparatus and method for providing security service in home network | |
CN101212293B (en) | Identity authentication method and system | |
JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
CN108809633B (en) | Identity authentication method, device and system | |
CN104219041A (en) | Data transmission encryption method applicable for mobile internet | |
KR20080050936A (en) | Method for transmitting data through authenticating and apparatus therefor | |
CN102833246A (en) | Social video information security method and system | |
WO2014187206A1 (en) | Method and system for backing up private key in electronic signature token | |
CN102811224A (en) | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection | |
CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
CN108551391B (en) | Authentication method based on USB-key | |
KR20090024482A (en) | Key management system for using content and method thereof | |
CN114826659A (en) | Encryption communication method and system | |
CN114650173A (en) | Encryption communication method and system | |
CN114282189A (en) | Data security storage method, system, client and server | |
CN111447060A (en) | Electronic document distribution method based on proxy re-encryption | |
CN106303575B (en) | Video encryption system based on domestic commercial cipher module and implementation method | |
CN215010302U (en) | Safety certification equipment of power distribution internet of things based on block chain | |
CN107454063B (en) | User interaction authentication method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |