CN109670289B - Method and system for identifying legality of background server - Google Patents

Method and system for identifying legality of background server Download PDF

Info

Publication number
CN109670289B
CN109670289B CN201811382367.9A CN201811382367A CN109670289B CN 109670289 B CN109670289 B CN 109670289B CN 201811382367 A CN201811382367 A CN 201811382367A CN 109670289 B CN109670289 B CN 109670289B
Authority
CN
China
Prior art keywords
background server
certificate
identification code
server
signature information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811382367.9A
Other languages
Chinese (zh)
Other versions
CN109670289A (en
Inventor
万文超
洪逸轩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to CN201811382367.9A priority Critical patent/CN109670289B/en
Publication of CN109670289A publication Critical patent/CN109670289A/en
Application granted granted Critical
Publication of CN109670289B publication Critical patent/CN109670289B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a method and a system for identifying the legality of a background server, wherein the method comprises the following steps: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information; receiving signature information and a certificate sent by a background server; and verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate. By the method, the symmetric key corresponding to the background server does not need to be pre-stored on the terminal, the problems that a plurality of symmetric keys are pre-installed in the terminal and the difficulty in managing the symmetric keys is high are solved, and the problem that the background server cannot be directionally identified is solved.

Description

Method and system for identifying legality of background server
Technical Field
The invention relates to the technical field of signature authentication, in particular to a method and a system for identifying the legality of a background server.
Background
In the electronic payment industry, a terminal and a background server are two important roles, basically all financial transactions are completed based on communication between the terminal and the background server, and data sent to the background server by the terminal is often confidential data, so that the terminal is required to verify the validity of the identity of the background server before data interaction with the background server is carried out, namely the terminal only needs to send data to the legal background server, but not to send data to the illegal background server. How a terminal identifies a legal background server generally has the following modes at present:
the first method is as follows: the terminal and the background server share a symmetric key by adopting a symmetric technology, the terminal sends a challenge value to the background server, the background server encrypts the challenge value by using the symmetric key and then sends the challenge value to the terminal, and the terminal verifies whether the response value of the background is correct or not to judge the legality of the background server;
the second method comprises the following steps: the terminal presets a superior certificate UpCert, the background server presets a subordinate certificate of the UpCert and a corresponding private key, the terminal firstly uses the superior certificate to verify the legality of the background server certificate, then sends a challenge value to the background server, the background server uses the private key to sign the challenge value and then sends the challenge value to the terminal, and the terminal verifies whether the signature information of the background server is correct or not to judge the legality of the background server.
However, the above method has the following disadvantages:
disadvantage 1:
if N background servers are assumed, if the terminal and each background share the unique symmetric key, the terminal needs to be preloaded with the N symmetric keys, and if the N value is larger, the difficulty of managing the symmetric keys by the terminal is increased.
And (2) disadvantage:
and the second mode uses an asymmetric technology, and the terminal only needs to preset a superior certificate, such as the first mode is simple, but the problem that the terminal directionally identifies the background server cannot be solved. Since the backend servers 1, 2, and 3 … all use subordinate certificates of the same superior certificate, these certificates can be verified and cannot be used to identify which is the legal backend.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the invention provides a method and a system for identifying the legality of a background server, which solve the problems that a plurality of symmetric keys are difficult to manage in a first mode and the background server cannot be identified directionally in a second mode.
In order to solve the technical problem, the invention provides a method for identifying the legality of a background server, which comprises the following steps:
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
s2: receiving signature information and a certificate sent by a background server;
s3: and verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate.
The invention also provides a system for identifying the legality of the background server, which comprises a terminal and the background server, wherein the terminal comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and the processor executes the computer program to realize the following steps:
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
s2: receiving signature information and a certificate sent by a background server;
s3: and verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate.
The invention has the beneficial effects that:
the invention provides a method and a system for identifying the legality of a background server.A challenge value is sent to the background server, and signature information obtained after the background server signs the challenge value and a certificate of the background server are received; and judging the legality of the background server according to the signature information and the public key and the identification code in the certificate. According to the method, a symmetric key corresponding to the background server does not need to be pre-stored on the terminal, the problem that a plurality of symmetric keys are pre-installed in the terminal in the first mode, and the difficulty in managing the symmetric keys is high is solved, the legality of the signature information can be verified according to the public key in the certificate, meanwhile, the legality of the certificate can be verified in an auxiliary mode through the identification code in the certificate, the background server can be identified in a directional mode, and the problem that the background server cannot be identified in the second mode is solved.
Drawings
Fig. 1 is a schematic diagram illustrating main steps of a method for identifying the validity of a background server according to an embodiment of the present invention;
FIG. 2 is a block diagram of a system for identifying the validity of a backend server according to an embodiment of the present invention;
fig. 3 is a data flow diagram of a method for identifying the validity of a background server according to a third embodiment of the present invention;
fig. 4 is a data flow diagram of a method for identifying the validity of a background server according to a fourth embodiment of the present invention;
description of reference numerals:
1. a memory; 2. a processor.
Detailed Description
In order to explain technical contents, objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
The most key concept of the invention is as follows: sending a challenge value to a background server, and receiving signature information obtained after the background server signs the challenge value and a certificate of the background server; and judging the legality of the background server according to the signature information and the public key and the identification code in the certificate.
Referring to fig. 1, the present invention provides a method for identifying the validity of a background server, which includes the following steps:
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
s2: receiving signature information and a certificate sent by a background server;
s3: and verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate.
From the above description, the method for identifying the validity of the background server provided by the present invention receives the signing information obtained by signing the challenge value by the background server and the certificate of the background server by sending the challenge value to the background server; and judging the legality of the background server according to the signature information and the public key and the identification code in the certificate. According to the method, a symmetric key corresponding to the background server does not need to be pre-stored on the terminal, the problem that a plurality of symmetric keys are pre-installed in the terminal in the first mode, and the difficulty in managing the symmetric keys is high is solved, the legality of the signature information can be verified according to the public key in the certificate, meanwhile, the legality of the certificate can be verified in an auxiliary mode through the identification code in the certificate, the background server can be identified in a directional mode, and the problem that the background server cannot be identified in the second mode is solved.
Further, the S1 is preceded by:
s01: generating a public and private key pair through a background server, and controlling the background server to send a public key and a certificate signing and issuing request to a CA (certificate Authority) center, so that the CA center generates a corresponding certificate according to the public key after responding to the certificate signing and issuing request;
s02: and installing the certificate to a background server.
As can be seen from the above description, by the above method, a legal certificate corresponding to the background server can be generated and installed in the background server.
Further, between S01 and S02, there are:
distributing a unique identification code of the background server through a CA authentication center;
writing the identification code into an extended field of a certificate.
From the above description, the identity of the background server can be effectively identified by the terminal according to the identification code through the method.
Further, the S1 is preceded by:
installing an upper certificate of the certificate.
As can be seen from the above description, the background server installs the certificate and installs the superior certificate of the certificate on the terminal, so that the terminal can verify the validity of the certificate of the background server.
Further, the S1 specifically includes:
generating a random number to obtain the challenge value;
and sending the challenge value to a background server so that the background server receives the challenge value to obtain a first challenge value, and signing the first challenge value through a private key to obtain signature information.
As can be seen from the above description, the transmitted challenge value can be made random by the above method, and the rule is not easy to find.
Further, the S2 specifically includes:
and receiving the first challenge value, the signature information and the certificate sent by the background server.
Further, after generating a random number, storing the random number.
As can be seen from the above description, the random number is stored in the terminal, so that the challenge value sent back by the background server can be verified in the following process, the challenge value is prevented from being tampered, and the security of the system is improved.
Further, the S3 specifically includes:
s31: verifying whether the first challenge value is the same as the random number or not, and if not, outputting the background server as an illegal server; if yes, go to S32;
s32: judging whether the certificate is legal or not through a superior certificate; if not, outputting the background server as an illegal server; if yes, go to S33;
s33: parsing the certificate; if the analysis fails, outputting the background server as an illegal server; otherwise, extracting the identification code in the certificate extended domain to obtain a first identification code; extracting the public key in the certificate to obtain a first public key, and executing S34;
s34: judging whether the first identification code is legal or not, and if not, outputting the background server as an illegal server; if yes, go to S35;
s35: judging whether the signature information is legal or not, if not, outputting the background server as an illegal server; and if so, outputting the background server as a legal server.
According to the description, the accuracy of the legal verification of the background server is improved by the multiple verification of the first challenge value, the certificate, whether the certificate can be analyzed, the identification code in the certificate and the signature information, the validity of the background server can be effectively verified before the terminal transmits important data to the background server, and the safety of the terminal and the data on the terminal is guaranteed.
Further, the first challenge value is signed by a private key to obtain signature information, which specifically includes:
performing hash operation on the first challenge value to obtain a first hash value;
and encrypting the first hash value through a private key to obtain the signature information.
Further, judging whether the signature information is legal, specifically:
performing hash operation on the random number to obtain a second hash value,
decrypting the signature information through a public key to obtain a third hash value;
and judging whether the second hash value is the same as the third hash value.
From the above description, it can be known that, by the above method, whether the signature information is legal or not can be effectively verified, and the verification accuracy is improved.
Further, judging whether the first identification code is legal, the method further comprises the following steps:
writing the identification code of the legal background server into the bottom layer of the application program;
and installing the application program.
Further, whether the first identification code is legal is judged, specifically:
calling a bottom API (application programming interface), and acquiring an identification code in the bottom layer of the installed application program to obtain a second identification code;
and judging whether the first identification code is legal or not according to the second identification code.
According to the above description, whether the first identification code is legal or not can be effectively and quickly judged by the method, and data is acquired from the bottom layer of the application program in the terminal, so that the data acquisition speed is high, and the data processing and judging efficiency is improved.
Further, the S02 specifically includes:
sending the certificate to a background server through a CA (certificate authority) so that the background server analyzes the certificate to obtain a second public key and generate a first random number; encrypting the first random number through the second public key to obtain an encryption result; and decrypting the encrypted result through the private key to obtain a decrypted result, and if the decrypted result is equal to the first random number, installing the certificate.
From the above description, it can be known that, by the above method, the background server can effectively verify the validity of the certificate, and the certificate installed on the background server is ensured to be safe and effective.
Referring to fig. 2, the present invention provides a system for identifying the validity of a backend server, including a terminal and the backend server, where the terminal includes a memory 1, a processor 2, and a computer program stored in the memory 1 and capable of running on the processor 2, and the processor 2 implements the following steps when executing the computer program:
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
s2: receiving signature information and a certificate sent by a background server;
s3: and verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate.
Further, in the system for identifying the validity of the background server, before the S1, the method further includes:
s01: generating a public and private key pair through a background server, and controlling the background server to send a public key and a certificate signing and issuing request to a CA (certificate Authority) center, so that the CA center generates a corresponding certificate according to the public key after responding to the certificate signing and issuing request;
s02: and installing the certificate to a background server.
Further, the system for identifying the validity of the background server further includes, between S01 and S02:
distributing a unique identification code of the background server through a CA authentication center;
writing the identification code into an extended field of a certificate.
Further, in the system for identifying the validity of the background server, before the S1, the method further includes:
installing an upper certificate of the certificate.
Further, in the system for identifying the validity of the background server, the S1 specifically includes:
generating a random number to obtain the challenge value;
and sending the challenge value to a background server so that the background server receives the challenge value to obtain a first challenge value, and signing the first challenge value through a private key to obtain signature information.
Further, in the system for identifying the validity of the background server, the S2 specifically includes:
and receiving the first challenge value, the signature information and the certificate sent by the background server.
Further, the system for identifying the validity of the background server further comprises a step of storing the random number after the random number is generated.
Further, in the system for identifying the validity of the background server, the S3 specifically includes:
s31: verifying whether the first challenge value is the same as the random number or not, and if not, outputting the background server as an illegal server; if yes, go to S32;
s32: judging whether the certificate is legal or not through a superior certificate; if not, outputting the background server as an illegal server; if yes, go to S33;
s33: parsing the certificate; if the analysis fails, outputting the background server as an illegal server; otherwise, extracting the identification code in the certificate extended domain to obtain a first identification code; extracting the public key in the certificate to obtain a first public key, and executing S34;
s34: judging whether the first identification code is legal or not, and if not, outputting the background server as an illegal server; if yes, go to S35;
s35: judging whether the signature information is legal or not, if not, outputting the background server as an illegal server; and if so, outputting the background server as a legal server.
Further, in the system for identifying the legitimacy of the background server, the first challenge value is signed by a private key to obtain signature information, and the method specifically comprises the following steps:
performing hash operation on the first challenge value to obtain a first hash value;
and encrypting the first hash value through a private key to obtain the signature information.
Further, the system for identifying the validity of the background server judges whether the signature information is valid, and specifically includes:
performing hash operation on the random number to obtain a second hash value,
decrypting the signature information through a public key to obtain a third hash value;
and judging whether the second hash value is the same as the third hash value.
Further, the system for identifying the validity of the background server judges whether the first identification code is valid, and before the judging, the method further includes:
writing the identification code of the legal background server into the bottom layer of the application program;
and installing the application program.
Further, the system for identifying the validity of the background server judges whether the first identification code is valid, specifically:
calling a bottom API (application programming interface), and acquiring an identification code in the bottom layer of the installed application program to obtain a second identification code;
and judging whether the first identification code is legal or not according to the second identification code.
Further, in the system for identifying the validity of the background server, the S02 specifically includes:
sending the certificate to a background server through a CA (certificate authority) so that the background server analyzes the certificate to obtain a second public key and generate a first random number; encrypting the first random number through the second public key to obtain an encryption result; and decrypting the encrypted result through the private key to obtain a decrypted result, and if the decrypted result is equal to the first random number, installing the certificate.
The first embodiment of the invention is as follows:
the invention provides a method for identifying the legality of a background server, which comprises the following steps:
s01: generating a public and private key pair through a background server, and controlling the background server to send a public key and a certificate signing and issuing request to a CA (certificate Authority) center, so that the CA center generates a corresponding certificate according to the public key after responding to the certificate signing and issuing request;
s015: distributing a unique identification code of the background server through a CA authentication center; writing the identification code into an extended field of a certificate;
s02: installing the certificate to a background server;
wherein, the S02 specifically is:
sending the certificate to a background server through a CA (certificate authority) so that the background server analyzes the certificate to obtain a second public key and generate a first random number; encrypting the first random number through the second public key to obtain an encryption result; and decrypting the encrypted result through the private key to obtain a decrypted result, and if the decrypted result is equal to the first random number, installing the certificate.
S03: installing an upper certificate of the certificate;
s04: writing the identification code of the legal background server into the bottom layer of the application program; installing the application program;
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
wherein, the S1 specifically is:
generating a random number to obtain the challenge value;
storing the random number;
sending a challenge value to a background server so that the background server receives the challenge value to obtain a first challenge value, and performing hash operation on the first challenge value to obtain a first hash value; and encrypting the first hash value through a private key to obtain signature information.
S2: receiving signature information and a certificate sent by a background server;
wherein, the S2 specifically is:
and receiving the first challenge value, the signature information and the certificate sent by the background server.
S3: verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate;
wherein, the S3 specifically is:
verifying whether the first challenge value is the same as the random number or not, and if not, outputting the background server as an illegal server;
if yes, judging whether the certificate is legal or not through a superior certificate; if not, outputting the background server as an illegal server;
if yes, the certificate is analyzed; if the analysis fails, outputting the background server as an illegal server;
otherwise, extracting the identification code in the certificate extended domain to obtain a first identification code; extracting a public key in the certificate to obtain a first public key;
judging whether the first identification code is legal or not, and if not, outputting the background server as an illegal server;
if yes, judging whether the signature information is legal, and if not, outputting the background server as an illegal server; and if so, outputting the background server as a legal server.
Wherein, judge whether the first identification code is legal, specifically:
calling a bottom API (application programming interface), and acquiring an identification code in the bottom layer of the installed application program to obtain a second identification code;
and judging whether the first identification code is legal or not according to the second identification code.
Judging whether the signature information is legal or not, specifically:
performing hash operation on the random number to obtain a second hash value,
decrypting the signature information through a public key to obtain a third hash value;
and judging whether the second hash value is the same as the third hash value.
The second embodiment of the invention is as follows:
the invention provides a system for identifying the legality of a background server, which comprises a terminal and the background server, wherein the terminal comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and the processor executes the computer program to realize the following steps:
s01: generating a public and private key pair through a background server, and controlling the background server to send a public key and a certificate signing and issuing request to a CA (certificate Authority) center, so that the CA center generates a corresponding certificate according to the public key after responding to the certificate signing and issuing request;
s015: distributing a unique identification code of the background server through a CA authentication center; writing the identification code into an extended field of a certificate;
s02: installing the certificate to a background server;
wherein, the S02 specifically is:
sending the certificate to a background server through a CA (certificate authority) so that the background server analyzes the certificate to obtain a second public key and generate a first random number; encrypting the first random number through the second public key to obtain an encryption result; and decrypting the encrypted result through the private key to obtain a decrypted result, and if the decrypted result is equal to the first random number, installing the certificate.
S03: installing an upper certificate of the certificate;
s04: writing the identification code of the legal background server into the bottom layer of the application program; installing the application program;
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
wherein, the S1 specifically is:
generating a random number to obtain the challenge value;
storing the random number;
sending a challenge value to a background server so that the background server receives the challenge value to obtain a first challenge value, and performing hash operation on the first challenge value to obtain a first hash value; and encrypting the first hash value through a private key to obtain signature information.
S2: receiving signature information and a certificate sent by a background server;
wherein, the S2 specifically is:
and receiving the first challenge value, the signature information and the certificate sent by the background server.
S3: verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate;
wherein, the S3 specifically is:
verifying whether the first challenge value is the same as the random number or not, and if not, outputting the background server as an illegal server;
if yes, judging whether the certificate is legal or not through a superior certificate; if not, outputting the background server as an illegal server;
if yes, the certificate is analyzed; if the analysis fails, outputting the background server as an illegal server;
otherwise, extracting the identification code in the certificate extended domain to obtain a first identification code; extracting a public key in the certificate to obtain a first public key;
judging whether the first identification code is legal or not, and if not, outputting the background server as an illegal server;
if yes, judging whether the signature information is legal, and if not, outputting the background server as an illegal server; and if so, outputting the background server as a legal server.
Wherein, judge whether the first identification code is legal, specifically:
calling a bottom API (application programming interface), and acquiring an identification code in the bottom layer of the installed application program to obtain a second identification code;
and judging whether the first identification code is legal or not according to the second identification code.
Judging whether the signature information is legal or not, specifically:
performing hash operation on the random number to obtain a second hash value,
decrypting the signature information through a public key to obtain a third hash value;
and judging whether the second hash value is the same as the third hash value.
Referring to fig. 3, a third embodiment of the present invention is:
in order to solve the problems that the terminal management secret key is difficult or the background server cannot be identified in a directional mode, the invention provides a method for identifying the identity validity of the background server. The basic principle is as follows: the CA center manages the server identification code and is used for uniquely distinguishing the background servers. The background Server needs to preassemble a pair of private keys and corresponding certificates, wherein the certificates are issued by a CA center, and when the CA center issues a certificate (Server _ WCRT) to a legal background Server, the CA center needs to allocate a unique Server identification code to the background Server, and write the Server identification code into an extended domain of the certificate. Meanwhile, the terminal leaves the factory and is pre-installed with the superior certificate of the Server _ WCRT. Before a channel is established between a terminal and a background Server, the terminal sends a challenge value to the background Server, the background Server signs the challenge value by using a private key and then sends the challenge value to the terminal, and a legal application program of the terminal verifies whether a Server identification code of an extended domain of a Server _ WCRT is correct or not and whether signature information is correct or not so as to verify the validity of the identity of the background Server.
The method comprises the following steps:
s1: the background Server pre-installs a pair of private keys and a corresponding certificate (Server _ WCRT), wherein the certificate is issued by a Certificate Authority (CA). When a CA (certificate Authority) signs a certificate for a legal background server, a unique server identification code is distributed to the background server, and the server identification code is written into an extended domain of the certificate;
s2: the terminal leaves the factory and is pre-installed with a superior certificate of the Server _ WCRT (for simplicity, a two-stage certificate structure is adopted, and then the superior certificate of the Server _ WCRT is a CA root certificate);
s3: maintaining, by the terminal application, a legitimate "server's identification code" and the application needs to be signed;
s4: when the terminal downloads the application program, the terminal needs to check the application program, and only the legal application program can normally run;
s5: before a channel is established between a terminal and a background Server, a random number R is generated by the terminal and sent to the background Server, after the random number is received by the background, a private key corresponding to a Server _ WCRT is used for signing R to obtain signature data S, and R, Server _ WCRT and S are sent to the terminal;
s6: the terminal verifies the validity of the Server _ WCRT according to the pre-installed CA root certificate from the factory, and extracts the Server _ WCRT's identification code' and compares the Server _ WCRT's identification code with the Server's identification code maintained by the legal application program. And if the comparison is consistent, verifying the validity of the S by using the Server _ WCRT. And after the verification is passed, the identity recognition of the terminal on the background server is completed.
Referring to fig. 4, a fourth embodiment of the present invention is:
the invention provides a method for identifying the legality of a background server, which comprises the following steps:
step S101, a background server generates a pair of public and private keys, wherein the private key is marked as PRK, and the public key is marked as PUK;
step S102, the background server sends the public key PUK generated in the step S101 to a CA center, and requests the CA center to sign and issue a certificate for the PUK;
step S103, when the CA center issues the certificate to the PUK in step S102, the CA center firstly distributes a unique Server identification code (Server _ ID) to the order receiving Server, and writes the Server _ ID into the certificate extended domain to obtain a background Server certificate, Server _ WCRT. The format of Server _ WCRT recommends the use of the standard x509 format.
And step S104, importing the Server _ WCRT generated in the step S103 into a background Server, wherein the background Server needs to verify whether the Server _ WCRT is correct or not. The verification method comprises the following steps:
1) analyzing the Server _ WCRT according to a certificate format to obtain a public key value PUK 1;
2) performing public key operation on a section of random value Rnd by using the public key value PUK1 extracted in 1) to obtain a public key operation result DATA, performing private key operation on the DATA by using the PRK generated in the step S101, judging whether the result is equal to the Rnd, and if so, indicating that the public key corresponding to the Server _ WCRT is really generated in the step S101 by the background Server and can be imported; if not, the import is refused, and an error is prompted.
At this time, the background Server is preloaded with the asymmetric key, and at this time, the Server has a randomly generated private key PRK and a corresponding Server certificate Server _ WCRT.
In step S2, the terminal leaves the factory and pre-installs the superior certificate of the server certificate (for simplicity, the superior certificate is the CA root certificate if a two-level certificate structure is adopted). The specific implementation is beyond the scope of the present invention. One simple way is to fix the CA root certificate to the terminal code.
Step S3, the terminal application program maintains the legal 'identification code of server' corresponding to the terminal, and the application program needs to be signed;
the software structure of the terminal is divided into a bottom layer program and an application program, and the bottom layer program provides basic functions for the application program to use in the form of API. The purpose of software layering is to develop different application programs according to different user requirements, and the bottom layer programs can be kept uniform. For example, users A, B, C may each develop a set of applications for users A, B, C with different needs, but the three clients' underlying applications may be the same. The method has the advantages that basic and common functions are stripped out to be maintained in a centralized mode, and agile development of the application program is achieved on the basis.
The above step S2, and the following steps S4, S5, and S6 are all implemented by the underlying program, but in order to implement that different users (corresponding to different applications) can directionally identify the corresponding background servers, in step S6 (specifically, step 4), the application of the user needs to transmit the corresponding "server identification code", which requires that the application needs to maintain the legal "server identification code". The specific maintenance steps are as follows:
1) different users correspond to different background servers, and the background servers are distributed with unique Server _ ID by the CA center according to the above;
2) different users generally need to develop different application programs, and the application programs call the underlying API to implement the functions in steps S5 and S6, and in particular, in step S6, the Server _ ID of the legal backend Server corresponding to the user needs to be introduced. Namely, the following correspondence relationship holds:
background Server (unique Server _ ID) < -user- > application program (Server _ ID corresponding to background Server)
3) In the above 2), when the application program calls the bottom API, the Server _ ID of the corresponding valid backend Server needs to be imported as the API entry parameter. The specific method is not limited, and the program can be written dead or set through a menu.
Step S4, when the terminal downloads the application program, the terminal needs to carry out validity verification, namely signature verification, and only the application program passing the signature verification is allowed to be downloaded to the terminal and normally run;
the signature and signature verification techniques described in steps S3 and S4 are general digital signature techniques, and the signature step is to perform digest operation on the original text of the application program, and then obtain signature information by using private key operation. Downloading the application program original text and the signature information to a terminal together, wherein in the signature verification step, public key operation is firstly carried out on the signature information by using a corresponding public key to obtain abstract information, then the application program original text is subjected to abstract operation, and the two abstracts are compared to judge whether the two abstracts are the same or not. If the two are the same, the application program is complete and is not tampered, so that the legality of the application program is proved.
Step S501, before establishing a channel with a background server, a terminal generates a random number R;
step S502, the terminal sends the random number R generated in the step S501 to a background server;
in step S503, the backend server receives the random number in step S502, and signs R using the PRK generated in step S101 to obtain signature data S, where S is Sign (PRK, R). The specific signature steps are as follows;
1) calculating a summary value HASH for R;
2) private key operation is carried out on the HASH by using the PRK, and the operation result is signature data S;
step S504, the background server sends the R, S, Server _ WCRT to the terminal;
and step S6, after the terminal receives the data in the step S504, verifying the validity of the background server. The method comprises the following specific steps:
1) judging whether R in the data sent by the background server is equal to the random number generated in the step S501 or not, if not, determining that the data is an illegal server, and refusing to establish a channel; if the two are equal, continuing;
2) verifying the validity of the Server _ WCRT by using the pre-installed superior certificate in the step S2 (the method is a general method for verifying the inferior certificate by using the superior certificate), and if the verification fails, determining that the Server is an illegal Server and refusing to establish a channel; if the verification is successful, continuing;
3) analyzing the Server _ WCRT according to the certificate format, extracting a Server _ ID value in the certificate extended domain and a public key value PUK2 in the certificate, and if the analysis fails, determining that the Server is an illegal Server and refusing to establish a channel; if the analysis is successful, continuing;
4) judging whether the Server _ ID in the step 3) is equal to the legal Server identification code maintained by the terminal application program in the step S3, if not, determining that the Server _ ID is an illegal Server, and refusing to establish a channel; if the two are equal, continuing;
5) performing public key operation on S by using the public key PUK2 in the step 3) to obtain a HASH1 value;
6) calculating a digest value HASH2 of the random number R generated in the step S501, comparing the digest value HASH2 with the HASH1 value calculated in the step S5), and if the digest value HASH1 value is not consistent with the HASH value HASH1 value, determining that the server is an illegal server and refusing to establish a channel; if the two are consistent, the verification is passed, and the background server is legal.
Through the steps, the legality of the background server is verified.
And (4) safety analysis:
1. authenticity of terminal application
According to the scheme, the terminal application program maintains a legal server identification code, the legality of the terminal application program is ensured by using a digital signature technology, and the terminal application program is ensured to be authentic only if the legal application program is allowed to be downloaded to the terminal.
2. Server key correctness
The asymmetric key pair of the server is randomly generated by an encryption machine of the server, the generated private key is safely stored, the public key is exported to a CA center to sign a certificate, and when the generated server certificate is imported into the server, the private key is used for verifying whether the certificate is a pair or not, so that the correctness of the server certificate is ensured.
3. Server authenticity
The authenticity of the terminal verification background server comprises two aspects: firstly, the legitimacy of a server certificate is verified by using a superior certificate; and secondly, analyzing the server identification code of the server certificate, judging whether the server identification code is consistent with the server identification code maintained by a legal application program, and realizing the directional identification of the background server under the same certificate tree.
In summary, according to the method and system for identifying the validity of the background server provided by the present invention, the challenge value is sent to the background server, and the signature information obtained after the background server signs the challenge value and the certificate of the background server are received; and judging the legality of the background server according to the signature information and the public key and the identification code in the certificate. According to the method, a symmetric key corresponding to the background server does not need to be pre-stored on the terminal, the problem that a plurality of symmetric keys are pre-installed in the terminal in the first mode, and the difficulty in managing the symmetric keys is high is solved, the legality of the signature information can be verified according to the public key in the certificate, meanwhile, the legality of the certificate can be verified in an auxiliary mode through the identification code in the certificate, the background server can be identified in a directional mode, and the problem that the background server cannot be identified in the second mode is solved.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to other related technical fields, are included in the scope of the present invention.

Claims (14)

1. A method for identifying the legality of a background server is characterized by comprising the following steps:
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
s2: receiving signature information and a certificate sent by a background server;
s3: verifying the validity of the background server according to the signature information, the public key in the certificate and the identification code in the certificate;
the S1 may further include:
s01: generating a public and private key pair through a background server, and controlling the background server to send a public key and a certificate signing and issuing request to a CA (certificate Authority) center, so that the CA center generates a corresponding certificate according to the public key after responding to the certificate signing and issuing request;
s02: installing the certificate to a background server;
s03: installing an upper certificate of the certificate;
the S1 specifically includes:
generating a random number, obtaining the challenge value, and storing the random number;
sending a challenge value to a background server so that the background server receives the challenge value to obtain a first challenge value, and signing the first challenge value through a private key to obtain signing information;
the S2 specifically includes:
receiving a first challenge value, signature information and a certificate sent by a background server;
the S3 specifically includes:
s31: verifying whether the first challenge value is the same as the random number or not, and if not, outputting the background server as an illegal server; if yes, go to S32;
s32: judging whether the certificate is legal or not through a superior certificate; if not, outputting the background server as an illegal server; if yes, go to S33;
s33: parsing the certificate; if the analysis fails, outputting the background server as an illegal server; otherwise, extracting the identification code in the certificate extended domain to obtain a first identification code; extracting the public key in the certificate to obtain a first public key, and executing S34;
s34: judging whether the first identification code is legal or not, and if not, outputting the background server as an illegal server; if yes, go to S35;
s35: judging whether the signature information is legal or not, if not, outputting the background server as an illegal server; and if so, outputting the background server as a legal server.
2. The method of claim 1, wherein the steps of S01 and S02 further comprise:
distributing a unique identification code of the background server through a CA authentication center;
writing the identification code into an extended field of a certificate.
3. The method for identifying the validity of the background server according to claim 1, wherein the first challenge value is signed by a private key to obtain signature information, specifically:
performing hash operation on the first challenge value to obtain a first hash value;
and encrypting the first hash value through a private key to obtain the signature information.
4. The method for identifying the validity of the background server as claimed in claim 3, wherein the step of determining whether the signature information is valid specifically comprises:
performing hash operation on the random number to obtain a second hash value,
decrypting the signature information through a public key to obtain a third hash value;
and judging whether the second hash value is the same as the third hash value.
5. The method of claim 1, wherein determining whether the first identification code is legitimate further comprises:
writing the identification code of the legal background server into the bottom layer of the application program;
and installing the application program.
6. The method for identifying the validity of the background server as claimed in claim 5, wherein the step of determining whether the first identification code is valid specifically comprises:
calling a bottom API (application programming interface), and acquiring an identification code in the bottom layer of the installed application program to obtain a second identification code;
and judging whether the first identification code is legal or not according to the second identification code.
7. The method according to claim 1, wherein the S02 specifically is:
sending the certificate to a background server through a CA (certificate authority) so that the background server analyzes the certificate to obtain a second public key and generate a first random number; encrypting the first random number through the second public key to obtain an encryption result; and decrypting the encrypted result through the private key to obtain a decrypted result, and if the decrypted result is equal to the first random number, installing the certificate.
8. A system for identifying the legality of a background server comprises a terminal and the background server, wherein the terminal comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, and the processor executes the computer program to realize the following steps:
s1: sending the challenge value to a background server so that the background server signs the challenge value to obtain signature information;
s2: receiving signature information and a certificate sent by a background server;
s3: verifying the legality of the background server according to the signature information, a public key in the certificate and an identification code in the certificate, wherein the identification code is used for being compared with an identification code of the background server maintained by a legal application program, and if the identification code is consistent with the identification code of the background server maintained by the legal application program, the legality of the signature information is verified, so that the identity recognition of the terminal on the background server is completed;
the S1 may further include:
s01: generating a public and private key pair through a background server, and controlling the background server to send a public key and a certificate signing and issuing request to a CA (certificate Authority) center, so that the CA center generates a corresponding certificate according to the public key after responding to the certificate signing and issuing request;
s02: installing the certificate to a background server;
s03: installing an upper certificate of the certificate;
the S1 specifically includes:
generating a random number, obtaining the challenge value, and storing the random number;
sending a challenge value to a background server so that the background server receives the challenge value to obtain a first challenge value, and signing the first challenge value through a private key to obtain signing information;
the S2 specifically includes:
receiving a first challenge value, signature information and a certificate sent by a background server;
the S3 specifically includes:
s31: verifying whether the first challenge value is the same as the random number or not, and if not, outputting the background server as an illegal server; if yes, go to S32;
s32: judging whether the certificate is legal or not through a superior certificate; if not, outputting the background server as an illegal server; if yes, go to S33;
s33: parsing the certificate; if the analysis fails, outputting the background server as an illegal server; otherwise, extracting the identification code in the certificate extended domain to obtain a first identification code; extracting the public key in the certificate to obtain a first public key, and executing S34;
s34: judging whether the first identification code is legal or not, and if not, outputting the background server as an illegal server; if yes, go to S35;
s35: judging whether the signature information is legal or not, if not, outputting the background server as an illegal server; and if so, outputting the background server as a legal server.
9. The system for identifying the validity of a background server as claimed in claim 8, wherein between S01 and S02 further comprising:
distributing a unique identification code of the background server through a CA authentication center;
writing the identification code into an extended field of a certificate.
10. The system for identifying the validity of the background server as claimed in claim 8, wherein the signing of the first challenge value by the private key is performed to obtain the signature information, and specifically:
performing hash operation on the first challenge value to obtain a first hash value;
and encrypting the first hash value through a private key to obtain the signature information.
11. The system for identifying the validity of the background server as claimed in claim 10, wherein the determining whether the signature information is valid specifically includes:
performing hash operation on the random number to obtain a second hash value,
decrypting the signature information through a public key to obtain a third hash value;
and judging whether the second hash value is the same as the third hash value.
12. The system for identifying the validity of a background server as claimed in claim 8, wherein the determining whether the first identification code is valid further comprises:
writing the identification code of the legal background server into the bottom layer of the application program;
and installing the application program.
13. The system for identifying the validity of the background server as claimed in claim 12, wherein the determining whether the first identification code is valid specifically includes:
calling a bottom API (application programming interface), and acquiring an identification code in the bottom layer of the installed application program to obtain a second identification code;
and judging whether the first identification code is legal or not according to the second identification code.
14. The system for identifying the validity of a background server as claimed in claim 13, wherein the S02 specifically is:
sending the certificate to a background server through a CA (certificate authority) so that the background server analyzes the certificate to obtain a second public key and generate a first random number; encrypting the first random number through the second public key to obtain an encryption result; and decrypting the encrypted result through the private key to obtain a decrypted result, and if the decrypted result is equal to the first random number, installing the certificate.
CN201811382367.9A 2018-11-20 2018-11-20 Method and system for identifying legality of background server Active CN109670289B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811382367.9A CN109670289B (en) 2018-11-20 2018-11-20 Method and system for identifying legality of background server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811382367.9A CN109670289B (en) 2018-11-20 2018-11-20 Method and system for identifying legality of background server

Publications (2)

Publication Number Publication Date
CN109670289A CN109670289A (en) 2019-04-23
CN109670289B true CN109670289B (en) 2020-12-15

Family

ID=66141787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811382367.9A Active CN109670289B (en) 2018-11-20 2018-11-20 Method and system for identifying legality of background server

Country Status (1)

Country Link
CN (1) CN109670289B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112585549B (en) * 2020-02-29 2022-05-31 华为技术有限公司 Fault diagnosis method and device and vehicle
CN112995213B (en) * 2021-04-23 2021-08-03 北京紫光安芯科技有限公司 Security authentication method and application device thereof
CN113726742B (en) * 2021-07-30 2023-07-21 昆山丘钛微电子科技股份有限公司 Test authentication method, device, electronic equipment and medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7203956B2 (en) * 1999-12-22 2007-04-10 Transnexus, Inc. System and method for the secure enrollment of devices with a clearinghouse server for internet telephony and multimedia communications
CN103714640B (en) * 2013-03-15 2016-02-03 福建联迪商用设备有限公司 A kind of sending method of transmission security key and system
CN108337093A (en) * 2017-12-26 2018-07-27 福建联迪商用设备有限公司 POS terminal personal identification method, POS terminal and server

Also Published As

Publication number Publication date
CN109670289A (en) 2019-04-23

Similar Documents

Publication Publication Date Title
CN109359691B (en) Identity verification method and system based on block chain
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
EP2999189B1 (en) Network authentication method for secure electronic transactions
JP6586446B2 (en) Method for confirming identification information of user of communication terminal and related system
CN110138562B (en) Certificate issuing method, device and system of intelligent equipment
CN110677376B (en) Authentication method, related device and system and computer readable storage medium
AU2016287728A1 (en) Confidential authentication and provisioning
CN106452764B (en) Method for automatically updating identification private key and password system
CN111404696B (en) Collaborative signature method, security service middleware, related platform and system
CN109831311B (en) Server verification method, system, user terminal and readable storage medium
CN109670289B (en) Method and system for identifying legality of background server
KR101817152B1 (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN111541542B (en) Request sending and verifying method, device and equipment
CN108496323B (en) Certificate importing method and terminal
CN112232814A (en) Encryption and decryption method of payment key, payment authentication method and terminal equipment
CN111130798A (en) Request authentication method and related equipment
CN115460019B (en) Method, apparatus, device and medium for providing digital identity-based target application
JP2011003100A (en) Authentication request conversion apparatus, authentication request conversion method, and authentication request conversion program
CN114218548B (en) Identity verification certificate generation method, authentication method, device, equipment and medium
Abraham et al. SSI Strong Authentication using a Mobile-phone based Identity Wallet Reaching a High Level of Assurance.
CN117436043A (en) Method and device for verifying source of file to be executed and readable storage medium
CN108234125B (en) System and method for identity authentication
US20090210719A1 (en) Communication control method of determining whether communication is permitted/not permitted, and computer-readable recording medium recording communication control program
KR20130100032A (en) Method for distributting smartphone application by using code-signing scheme

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant