CN110247762A - A kind of reliable website building method based on SM9 algorithm - Google Patents

A kind of reliable website building method based on SM9 algorithm Download PDF

Info

Publication number
CN110247762A
CN110247762A CN201910534049.8A CN201910534049A CN110247762A CN 110247762 A CN110247762 A CN 110247762A CN 201910534049 A CN201910534049 A CN 201910534049A CN 110247762 A CN110247762 A CN 110247762A
Authority
CN
China
Prior art keywords
data
browser
server
website
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910534049.8A
Other languages
Chinese (zh)
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangxi Jinge Polytron Technologies Inc
Original Assignee
Jiangxi Jinge Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangxi Jinge Polytron Technologies Inc filed Critical Jiangxi Jinge Polytron Technologies Inc
Priority to CN201910534049.8A priority Critical patent/CN110247762A/en
Publication of CN110247762A publication Critical patent/CN110247762A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of reliable website building methods based on SM9 algorithm, website domain name is used as the identity of SM9 algorithm to generate key pair, the data that browser is sent to server with public key encryption at the data public key decryptions for retransmiting after ciphertext, and receiving at dissection process again after plaintext;Dissection process again after the data that server is sent to browser are decrypted into plaintext with private key at the data for retransmiting after ciphertext, and receiving with private key encryption;The website that access is authenticated using the identity characteristic of SM9 itself simplifies web portal security verification process;Web portal security communication data also carrys out encryption and decryption using SM9 algorithm, can improve the autonomous controllability of web portal security.

Description

A kind of reliable website building method based on SM9 algorithm
Technical field
The present invention relates to network technique field, in particular to a kind of reliable website building method based on SM9 algorithm.
Background technique
As various countries increasingly pay attention to network security, China is also reply domestic market demand, is developed a series of State's private counsel algorithm, wherein just including SM9 algorithm.
The id password system of Bilinear map of the SM9 id password algorithm based on elliptic curve, be mainly used for digital signature, Data encryption, key exchange and authentication.It can generate key pair with User Identity, and thus key inherently may be used To include authentication information.
Current web portal security building plan is real based on schemes such as SSL, TSL, IPSec in WEB3.0 security solution Existing, OpenSSL and is needed in web portal security verification process by digital certificate using most common among these.
Digital certificate is one section and includes subscriber identity information, client public key information and authentication mechanism data signature Data can identify the identity of other side with it.Digital certificate is exactly only in the specific period there are one important feature It is interior effective.
Current this scheme can accomplish web portal security certification and data secure communication really, but need in deployment net Apply for digital certificate during standing, and this is comparatively laborious process;Meanwhile if user accesses the digital certificate mistake of website Phase will have trustless state;And the enciphering and deciphering algorithm of current web uses International Algorithmic, nothing substantially Method accomplishes the autonomous controllable purpose of technology.
Summary of the invention
The present invention provides a kind of reliable website building methods for not depending on digital certificate, are substituted using SM9 algorithm existing Technical solution come realize web portal security certification and secure data communication process;Thus solve application digital certificate process it is cumbersome and The problems such as digital certificate validity period expires improves the autonomous controllability of web portal security.
The purpose of the present invention is realized by using following technical scheme.A kind of reliable website based on SM9 algorithm is built Method, including two operation layers of browser and server, use website domain name as the identity of SM9 algorithm to generate key Right, browser transmits identification information to key generation centre to obtain public key;Server transmits body to key generation centre Part identification information obtains public key and private key;The data that browser is sent to server with public key encryption at being retransmited after ciphertext, And the data public key decryptions received are at dissection process again after plaintext;The data private key encryption that server is sent to browser Dissection process again after being decrypted into plaintext with private key at the data for retransmiting after ciphertext, and receiving;Its process is as follows:
1) request access to website: user's clickable hyperlinks or input URI mode, browser request access to server by URI, Browser constructs the data requested to server;
2) public key encryption data: after browser gets URI, extracting network address domain name, requests public key, browsing to key generation centre The data that device issues use public key encryption;
3) public key decryptions public key decryptions data: are used to the data that browser receives;
4) it private key encryption data: during server disposition, by website domain name to key generation centre application key pair, takes The data that device is sent of being engaged in use private key encryption;
5) private key ciphertext data: the data that server receives are decrypted using private key;
6) data verification: after all ciphertext data decipherings verify data whether successful decryption and data format it is whether correct, with And whether verify data is safe and reliable;
7) access for the first time: server sends data, the response of browser first treated server to browser for the first time;
8) analysis request data: the data of server parsing browse request;
9) response data: the request type that server is issued according to browser is generated, specific response countermeasure is made, if it is head Secondary response then will include secure authenticated information in response data;
10) add secure authenticated information: providing information safely for browser authentication website, in Alternative digital certificate include with The associated information of website domain name;
11) resolution response data: browser parses after the data deciphering received data, then makes specific performance again;
12) information security certification: if it is the data of response server for the first time, then the information for including in auth response data is wanted to pacify Full authentication data, it is ensured that access is safe and reliable website;
13) access website mistake: if secure authenticated information does not pass through, browser shows that website visiting is dangerous or miscue Information;
14) access website is correct: if secure authenticated information passes through, browser shows the safe and reliable prompt information of website visiting.
The present invention uses commercial SM9 algorithm, does not use digital certificate in web portal security verification process, but makes The website that access is authenticated with the identity characteristic of SM9 itself simplifies web portal security verification process;Web portal security communicates number According to also encryption and decryption is carried out using SM9 algorithm, the autonomous controllability of web portal security can be improved.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Specific embodiment
Below in conjunction with drawings and examples, the invention will be further described.Referring to Fig. 1, it is a kind of based on SM9 algorithm can Believe that website building method, including two operation layers of browser and server, browser make correspondence by the data that server transmits Response events.
Website domain name is used as the identity of SM9 algorithm to generate key pair, and browser is passed to key generation centre Identification information is passed to obtain public key;Server transmits identification information to key generation centre to obtain public key and private Key;The data that browser is sent to server are with public key encryption at the data public key decryptions for retransmiting after ciphertext, and receiving At dissection process again after plaintext;The data that server is sent to browser at retransmiting after ciphertext, and are received with private key encryption Data be decrypted into plaintext with private key after dissection process again.
Its process is as follows:
1) server is the identity of SM9 algorithm with website domain name, obtains key pair to key generation centre;
2) browser sends the request of website visiting by URI to server;
3) browser obtains public key to key generation centre with the identity that the website domain name in URI is SM9 algorithm;
4) browser passes through the public key encryption and decryption request data got;
5) server passes through the private key encryption and decryption request data got;
6) it when the request data of server first treated browser, needs to add secure authenticated information;
7) it when the response data of browser first treated server, needs to carry out security information certification;
8) after the completion of security authentication process execution, behind need to only accomplish secure data communication in communication link.
Detailed process of the present invention explains following (as shown in Figure 1):
Request access to website: user's clickable hyperlinks or input URI etc. mode, browser can be requested access to by URI Server, browser construct the data requested to server.
Public key encryption data: after browser gets URI, extracting network address domain name, requests public key to key generation centre, clear The data that device of looking at issues use public key encryption.
Public key decryptions data: the data that browser receives use public key decryptions.
Private key encryption data: it is just needed during server disposition close to key generation centre application by website domain name Key pair, the secure data that server is sent use private key encryption.
Private key ciphertext data: the data that server receives are decrypted using key.
Data verification: require after all data decipherings verify data whether successful decryption and data format etc. whether Correctly, whether safe and reliable with verify data.
Access for the first time: server sends data, the response of browser first treated server to browser for the first time.
Analysis request data: the data of server parsing browse request.
Response data: the request type that server is issued according to browser is generated, specific response countermeasure is made, if it is It responds for the first time, then needs secure authenticated information to include into response data.
Addition secure authenticated information: provide information safely for browser authentication website, come include in Alternative digital certificate Information, this information will be associated with website domain name.
Resolution response data: browser parses after the data deciphering received data, then remakes out specific table It is existing.
Information security certification: if it is the data of response server for the first time, then the information for including in auth response data is wanted Safety certification data, it is ensured that access is safe and reliable website.
Access website mistake: if secure authenticated information does not pass through, browser performance website visiting is dangerous or wrong mentions Show information.
It is correct to access website: if secure authenticated information passes through, browser shows the safe and reliable prompt information of website visiting.
Browser performance: browser makes corresponding response events by the data that server transmits.

Claims (1)

1. a kind of reliable website building method based on SM9 algorithm, including two operation layers of browser and server, use website Domain name generates key pair as the identity of SM9 algorithm, and browser comes to key generation centre transmitting identification information Obtain public key;Server transmits identification information to key generation centre to obtain public key and private key;Browser is to server The data of transmission with public key encryption at the data for retransmiting after ciphertext, and receiving with public key decryptions at place is parsed after plaintext again Reason;The data that server is sent to browser after ciphertext with private key encryption at retransmiting, and the data received are decrypted with private key At dissection process again after plaintext;Its process is as follows:
1) request access to website: user's clickable hyperlinks or input URI mode, browser request access to server by URI, Browser constructs the data requested to server;
2) public key encryption data: after browser gets URI, extracting network address domain name, requests public key, browsing to key generation centre The data that device issues use public key encryption;
3) public key decryptions public key decryptions data: are used to the data that browser receives;
4) it private key encryption data: during server disposition, by website domain name to key generation centre application key pair, takes The data that device is sent of being engaged in use private key encryption;
5) private key ciphertext data: the data that server receives are decrypted using private key;
6) data verification: after all ciphertext data decipherings verify data whether successful decryption and data format it is whether correct, with And whether verify data is safe and reliable;
7) access for the first time: server sends data, the response of browser first treated server to browser for the first time;
8) analysis request data: the data of server parsing browse request;
9) response data: the request type that server is issued according to browser is generated, specific response countermeasure is made, if it is head Secondary response then will include secure authenticated information in response data;
10) add secure authenticated information: providing information safely for browser authentication website, in Alternative digital certificate include with The associated information of website domain name;
11) resolution response data: browser parses after the data deciphering received data, then makes specific performance again;
12) information security certification: if it is the data of response server for the first time, then the information for including in auth response data is wanted to pacify Full authentication data, it is ensured that access is safe and reliable website;
13) access website mistake: if secure authenticated information does not pass through, browser shows that website visiting is dangerous or miscue Information;
14) access website is correct: if secure authenticated information passes through, browser shows the safe and reliable prompt information of website visiting.
CN201910534049.8A 2019-06-20 2019-06-20 A kind of reliable website building method based on SM9 algorithm Withdrawn CN110247762A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910534049.8A CN110247762A (en) 2019-06-20 2019-06-20 A kind of reliable website building method based on SM9 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910534049.8A CN110247762A (en) 2019-06-20 2019-06-20 A kind of reliable website building method based on SM9 algorithm

Publications (1)

Publication Number Publication Date
CN110247762A true CN110247762A (en) 2019-09-17

Family

ID=67888247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910534049.8A Withdrawn CN110247762A (en) 2019-06-20 2019-06-20 A kind of reliable website building method based on SM9 algorithm

Country Status (1)

Country Link
CN (1) CN110247762A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112332986A (en) * 2020-12-06 2021-02-05 武汉卓尔信息科技有限公司 Private encryption communication method and system based on authority control
CN112583588A (en) * 2020-12-08 2021-03-30 四川虹微技术有限公司 Communication method and device and readable storage medium
CN113127912A (en) * 2021-05-07 2021-07-16 杭州天谷信息科技有限公司 Method and system for data confidentiality and publication

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1832394A (en) * 2005-03-07 2006-09-13 微软公司 Method and system for personal identity verification with secrecy
CN103634307A (en) * 2013-11-19 2014-03-12 北京奇虎科技有限公司 Method for certificating webpage content and browser
CN107786507A (en) * 2016-08-26 2018-03-09 成都阜特科技股份有限公司 A kind of method for ensuring http data transmission securities

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1832394A (en) * 2005-03-07 2006-09-13 微软公司 Method and system for personal identity verification with secrecy
CN103634307A (en) * 2013-11-19 2014-03-12 北京奇虎科技有限公司 Method for certificating webpage content and browser
CN107786507A (en) * 2016-08-26 2018-03-09 成都阜特科技股份有限公司 A kind of method for ensuring http data transmission securities

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112332986A (en) * 2020-12-06 2021-02-05 武汉卓尔信息科技有限公司 Private encryption communication method and system based on authority control
CN112332986B (en) * 2020-12-06 2023-03-28 武汉卓尔信息科技有限公司 Private encryption communication method and system based on authority control
CN112583588A (en) * 2020-12-08 2021-03-30 四川虹微技术有限公司 Communication method and device and readable storage medium
CN112583588B (en) * 2020-12-08 2022-06-21 四川虹微技术有限公司 Communication method and device and readable storage medium
CN113127912A (en) * 2021-05-07 2021-07-16 杭州天谷信息科技有限公司 Method and system for data confidentiality and publication

Similar Documents

Publication Publication Date Title
US8776176B2 (en) Multi-factor password-authenticated key exchange
CN105850073B (en) Information system access authentication method and device
EP1595190B1 (en) Service provider anonymization in a single sign-on system
CN103685282B (en) A kind of identity identifying method based on single-sign-on
CN105187431B (en) Login method, server, client and the communication system of third-party application
EP1551149B1 (en) Universal secure messaging for remote security tokens
CN102026195B (en) One-time password (OTP) based mobile terminal identity authentication method and system
CN104038486B (en) System and method for realizing user login identification based on identification type codes
CN104283886B (en) A kind of implementation method of the web secure access based on intelligent terminal local authentication
CN111783068B (en) Device authentication method, system, electronic device and storage medium
CN111901346B (en) Identity authentication system
CN105024819A (en) Multifactor authentication method and system based on mobile terminal
US20110213959A1 (en) Methods, apparatuses, system and related computer program product for privacy-enhanced identity management
CN111770088A (en) Data authentication method, device, electronic equipment and computer readable storage medium
CN110247762A (en) A kind of reliable website building method based on SM9 algorithm
CN105721412A (en) Method and device for authenticating identity between multiple systems
US11070537B2 (en) Stateless method for securing and authenticating a telecommunication
CN109672675A (en) A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0
CN101305542A (en) Method for downloading digital certificate and cryptographic key
CN111464532A (en) Information encryption method and system
CN105656854B (en) A kind of method, equipment and system for verifying Wireless LAN user sources
TW201723948A (en) Offline payment method, terminal equipment, backstage payment device and offline payment system
EP3820186A1 (en) Method and apparatus for transmitting router security information
CN112995090B (en) Authentication method, device and system for terminal application and computer readable storage medium
CN113545004A (en) Authentication system with reduced attack surface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190917