CN110247762A - A kind of reliable website building method based on SM9 algorithm - Google Patents
A kind of reliable website building method based on SM9 algorithm Download PDFInfo
- Publication number
- CN110247762A CN110247762A CN201910534049.8A CN201910534049A CN110247762A CN 110247762 A CN110247762 A CN 110247762A CN 201910534049 A CN201910534049 A CN 201910534049A CN 110247762 A CN110247762 A CN 110247762A
- Authority
- CN
- China
- Prior art keywords
- data
- browser
- server
- website
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of reliable website building methods based on SM9 algorithm, website domain name is used as the identity of SM9 algorithm to generate key pair, the data that browser is sent to server with public key encryption at the data public key decryptions for retransmiting after ciphertext, and receiving at dissection process again after plaintext;Dissection process again after the data that server is sent to browser are decrypted into plaintext with private key at the data for retransmiting after ciphertext, and receiving with private key encryption;The website that access is authenticated using the identity characteristic of SM9 itself simplifies web portal security verification process;Web portal security communication data also carrys out encryption and decryption using SM9 algorithm, can improve the autonomous controllability of web portal security.
Description
Technical field
The present invention relates to network technique field, in particular to a kind of reliable website building method based on SM9 algorithm.
Background technique
As various countries increasingly pay attention to network security, China is also reply domestic market demand, is developed a series of
State's private counsel algorithm, wherein just including SM9 algorithm.
The id password system of Bilinear map of the SM9 id password algorithm based on elliptic curve, be mainly used for digital signature,
Data encryption, key exchange and authentication.It can generate key pair with User Identity, and thus key inherently may be used
To include authentication information.
Current web portal security building plan is real based on schemes such as SSL, TSL, IPSec in WEB3.0 security solution
Existing, OpenSSL and is needed in web portal security verification process by digital certificate using most common among these.
Digital certificate is one section and includes subscriber identity information, client public key information and authentication mechanism data signature
Data can identify the identity of other side with it.Digital certificate is exactly only in the specific period there are one important feature
It is interior effective.
Current this scheme can accomplish web portal security certification and data secure communication really, but need in deployment net
Apply for digital certificate during standing, and this is comparatively laborious process;Meanwhile if user accesses the digital certificate mistake of website
Phase will have trustless state;And the enciphering and deciphering algorithm of current web uses International Algorithmic, nothing substantially
Method accomplishes the autonomous controllable purpose of technology.
Summary of the invention
The present invention provides a kind of reliable website building methods for not depending on digital certificate, are substituted using SM9 algorithm existing
Technical solution come realize web portal security certification and secure data communication process;Thus solve application digital certificate process it is cumbersome and
The problems such as digital certificate validity period expires improves the autonomous controllability of web portal security.
The purpose of the present invention is realized by using following technical scheme.A kind of reliable website based on SM9 algorithm is built
Method, including two operation layers of browser and server, use website domain name as the identity of SM9 algorithm to generate key
Right, browser transmits identification information to key generation centre to obtain public key;Server transmits body to key generation centre
Part identification information obtains public key and private key;The data that browser is sent to server with public key encryption at being retransmited after ciphertext,
And the data public key decryptions received are at dissection process again after plaintext;The data private key encryption that server is sent to browser
Dissection process again after being decrypted into plaintext with private key at the data for retransmiting after ciphertext, and receiving;Its process is as follows:
1) request access to website: user's clickable hyperlinks or input URI mode, browser request access to server by URI,
Browser constructs the data requested to server;
2) public key encryption data: after browser gets URI, extracting network address domain name, requests public key, browsing to key generation centre
The data that device issues use public key encryption;
3) public key decryptions public key decryptions data: are used to the data that browser receives;
4) it private key encryption data: during server disposition, by website domain name to key generation centre application key pair, takes
The data that device is sent of being engaged in use private key encryption;
5) private key ciphertext data: the data that server receives are decrypted using private key;
6) data verification: after all ciphertext data decipherings verify data whether successful decryption and data format it is whether correct, with
And whether verify data is safe and reliable;
7) access for the first time: server sends data, the response of browser first treated server to browser for the first time;
8) analysis request data: the data of server parsing browse request;
9) response data: the request type that server is issued according to browser is generated, specific response countermeasure is made, if it is head
Secondary response then will include secure authenticated information in response data;
10) add secure authenticated information: providing information safely for browser authentication website, in Alternative digital certificate include with
The associated information of website domain name;
11) resolution response data: browser parses after the data deciphering received data, then makes specific performance again;
12) information security certification: if it is the data of response server for the first time, then the information for including in auth response data is wanted to pacify
Full authentication data, it is ensured that access is safe and reliable website;
13) access website mistake: if secure authenticated information does not pass through, browser shows that website visiting is dangerous or miscue
Information;
14) access website is correct: if secure authenticated information passes through, browser shows the safe and reliable prompt information of website visiting.
The present invention uses commercial SM9 algorithm, does not use digital certificate in web portal security verification process, but makes
The website that access is authenticated with the identity characteristic of SM9 itself simplifies web portal security verification process;Web portal security communicates number
According to also encryption and decryption is carried out using SM9 algorithm, the autonomous controllability of web portal security can be improved.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Below in conjunction with drawings and examples, the invention will be further described.Referring to Fig. 1, it is a kind of based on SM9 algorithm can
Believe that website building method, including two operation layers of browser and server, browser make correspondence by the data that server transmits
Response events.
Website domain name is used as the identity of SM9 algorithm to generate key pair, and browser is passed to key generation centre
Identification information is passed to obtain public key;Server transmits identification information to key generation centre to obtain public key and private
Key;The data that browser is sent to server are with public key encryption at the data public key decryptions for retransmiting after ciphertext, and receiving
At dissection process again after plaintext;The data that server is sent to browser at retransmiting after ciphertext, and are received with private key encryption
Data be decrypted into plaintext with private key after dissection process again.
Its process is as follows:
1) server is the identity of SM9 algorithm with website domain name, obtains key pair to key generation centre;
2) browser sends the request of website visiting by URI to server;
3) browser obtains public key to key generation centre with the identity that the website domain name in URI is SM9 algorithm;
4) browser passes through the public key encryption and decryption request data got;
5) server passes through the private key encryption and decryption request data got;
6) it when the request data of server first treated browser, needs to add secure authenticated information;
7) it when the response data of browser first treated server, needs to carry out security information certification;
8) after the completion of security authentication process execution, behind need to only accomplish secure data communication in communication link.
Detailed process of the present invention explains following (as shown in Figure 1):
Request access to website: user's clickable hyperlinks or input URI etc. mode, browser can be requested access to by URI
Server, browser construct the data requested to server.
Public key encryption data: after browser gets URI, extracting network address domain name, requests public key to key generation centre, clear
The data that device of looking at issues use public key encryption.
Public key decryptions data: the data that browser receives use public key decryptions.
Private key encryption data: it is just needed during server disposition close to key generation centre application by website domain name
Key pair, the secure data that server is sent use private key encryption.
Private key ciphertext data: the data that server receives are decrypted using key.
Data verification: require after all data decipherings verify data whether successful decryption and data format etc. whether
Correctly, whether safe and reliable with verify data.
Access for the first time: server sends data, the response of browser first treated server to browser for the first time.
Analysis request data: the data of server parsing browse request.
Response data: the request type that server is issued according to browser is generated, specific response countermeasure is made, if it is
It responds for the first time, then needs secure authenticated information to include into response data.
Addition secure authenticated information: provide information safely for browser authentication website, come include in Alternative digital certificate
Information, this information will be associated with website domain name.
Resolution response data: browser parses after the data deciphering received data, then remakes out specific table
It is existing.
Information security certification: if it is the data of response server for the first time, then the information for including in auth response data is wanted
Safety certification data, it is ensured that access is safe and reliable website.
Access website mistake: if secure authenticated information does not pass through, browser performance website visiting is dangerous or wrong mentions
Show information.
It is correct to access website: if secure authenticated information passes through, browser shows the safe and reliable prompt information of website visiting.
Browser performance: browser makes corresponding response events by the data that server transmits.
Claims (1)
1. a kind of reliable website building method based on SM9 algorithm, including two operation layers of browser and server, use website
Domain name generates key pair as the identity of SM9 algorithm, and browser comes to key generation centre transmitting identification information
Obtain public key;Server transmits identification information to key generation centre to obtain public key and private key;Browser is to server
The data of transmission with public key encryption at the data for retransmiting after ciphertext, and receiving with public key decryptions at place is parsed after plaintext again
Reason;The data that server is sent to browser after ciphertext with private key encryption at retransmiting, and the data received are decrypted with private key
At dissection process again after plaintext;Its process is as follows:
1) request access to website: user's clickable hyperlinks or input URI mode, browser request access to server by URI,
Browser constructs the data requested to server;
2) public key encryption data: after browser gets URI, extracting network address domain name, requests public key, browsing to key generation centre
The data that device issues use public key encryption;
3) public key decryptions public key decryptions data: are used to the data that browser receives;
4) it private key encryption data: during server disposition, by website domain name to key generation centre application key pair, takes
The data that device is sent of being engaged in use private key encryption;
5) private key ciphertext data: the data that server receives are decrypted using private key;
6) data verification: after all ciphertext data decipherings verify data whether successful decryption and data format it is whether correct, with
And whether verify data is safe and reliable;
7) access for the first time: server sends data, the response of browser first treated server to browser for the first time;
8) analysis request data: the data of server parsing browse request;
9) response data: the request type that server is issued according to browser is generated, specific response countermeasure is made, if it is head
Secondary response then will include secure authenticated information in response data;
10) add secure authenticated information: providing information safely for browser authentication website, in Alternative digital certificate include with
The associated information of website domain name;
11) resolution response data: browser parses after the data deciphering received data, then makes specific performance again;
12) information security certification: if it is the data of response server for the first time, then the information for including in auth response data is wanted to pacify
Full authentication data, it is ensured that access is safe and reliable website;
13) access website mistake: if secure authenticated information does not pass through, browser shows that website visiting is dangerous or miscue
Information;
14) access website is correct: if secure authenticated information passes through, browser shows the safe and reliable prompt information of website visiting.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910534049.8A CN110247762A (en) | 2019-06-20 | 2019-06-20 | A kind of reliable website building method based on SM9 algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910534049.8A CN110247762A (en) | 2019-06-20 | 2019-06-20 | A kind of reliable website building method based on SM9 algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110247762A true CN110247762A (en) | 2019-09-17 |
Family
ID=67888247
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910534049.8A Withdrawn CN110247762A (en) | 2019-06-20 | 2019-06-20 | A kind of reliable website building method based on SM9 algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110247762A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112332986A (en) * | 2020-12-06 | 2021-02-05 | 武汉卓尔信息科技有限公司 | Private encryption communication method and system based on authority control |
CN112583588A (en) * | 2020-12-08 | 2021-03-30 | 四川虹微技术有限公司 | Communication method and device and readable storage medium |
CN113127912A (en) * | 2021-05-07 | 2021-07-16 | 杭州天谷信息科技有限公司 | Method and system for data confidentiality and publication |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832394A (en) * | 2005-03-07 | 2006-09-13 | 微软公司 | Method and system for personal identity verification with secrecy |
CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
CN107786507A (en) * | 2016-08-26 | 2018-03-09 | 成都阜特科技股份有限公司 | A kind of method for ensuring http data transmission securities |
-
2019
- 2019-06-20 CN CN201910534049.8A patent/CN110247762A/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1832394A (en) * | 2005-03-07 | 2006-09-13 | 微软公司 | Method and system for personal identity verification with secrecy |
CN103634307A (en) * | 2013-11-19 | 2014-03-12 | 北京奇虎科技有限公司 | Method for certificating webpage content and browser |
CN107786507A (en) * | 2016-08-26 | 2018-03-09 | 成都阜特科技股份有限公司 | A kind of method for ensuring http data transmission securities |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112332986A (en) * | 2020-12-06 | 2021-02-05 | 武汉卓尔信息科技有限公司 | Private encryption communication method and system based on authority control |
CN112332986B (en) * | 2020-12-06 | 2023-03-28 | 武汉卓尔信息科技有限公司 | Private encryption communication method and system based on authority control |
CN112583588A (en) * | 2020-12-08 | 2021-03-30 | 四川虹微技术有限公司 | Communication method and device and readable storage medium |
CN112583588B (en) * | 2020-12-08 | 2022-06-21 | 四川虹微技术有限公司 | Communication method and device and readable storage medium |
CN113127912A (en) * | 2021-05-07 | 2021-07-16 | 杭州天谷信息科技有限公司 | Method and system for data confidentiality and publication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8776176B2 (en) | Multi-factor password-authenticated key exchange | |
CN105850073B (en) | Information system access authentication method and device | |
EP1595190B1 (en) | Service provider anonymization in a single sign-on system | |
CN103685282B (en) | A kind of identity identifying method based on single-sign-on | |
CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
EP1551149B1 (en) | Universal secure messaging for remote security tokens | |
CN102026195B (en) | One-time password (OTP) based mobile terminal identity authentication method and system | |
CN104038486B (en) | System and method for realizing user login identification based on identification type codes | |
CN104283886B (en) | A kind of implementation method of the web secure access based on intelligent terminal local authentication | |
CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
CN111901346B (en) | Identity authentication system | |
CN105024819A (en) | Multifactor authentication method and system based on mobile terminal | |
US20110213959A1 (en) | Methods, apparatuses, system and related computer program product for privacy-enhanced identity management | |
CN111770088A (en) | Data authentication method, device, electronic equipment and computer readable storage medium | |
CN110247762A (en) | A kind of reliable website building method based on SM9 algorithm | |
CN105721412A (en) | Method and device for authenticating identity between multiple systems | |
US11070537B2 (en) | Stateless method for securing and authenticating a telecommunication | |
CN109672675A (en) | A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0 | |
CN101305542A (en) | Method for downloading digital certificate and cryptographic key | |
CN111464532A (en) | Information encryption method and system | |
CN105656854B (en) | A kind of method, equipment and system for verifying Wireless LAN user sources | |
TW201723948A (en) | Offline payment method, terminal equipment, backstage payment device and offline payment system | |
EP3820186A1 (en) | Method and apparatus for transmitting router security information | |
CN112995090B (en) | Authentication method, device and system for terminal application and computer readable storage medium | |
CN113545004A (en) | Authentication system with reduced attack surface |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20190917 |