CN116318748A - Trusted time authentication method based on verification loop - Google Patents

Trusted time authentication method based on verification loop Download PDF

Info

Publication number
CN116318748A
CN116318748A CN202211089791.0A CN202211089791A CN116318748A CN 116318748 A CN116318748 A CN 116318748A CN 202211089791 A CN202211089791 A CN 202211089791A CN 116318748 A CN116318748 A CN 116318748A
Authority
CN
China
Prior art keywords
time
node
authentication
reference node
time reference
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211089791.0A
Other languages
Chinese (zh)
Inventor
李文博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Trusted Time Authentication Service Co ltd
Original Assignee
Xi'an Trusted Time Authentication Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Trusted Time Authentication Service Co ltd filed Critical Xi'an Trusted Time Authentication Service Co ltd
Priority to CN202211089791.0A priority Critical patent/CN116318748A/en
Publication of CN116318748A publication Critical patent/CN116318748A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention discloses a trusted time authentication method based on a verification loop, which comprises the following steps: time transfer, time authentication, time transfer further comprising the steps of: the method comprises the steps that a time transfer node establishes TCP connection with a time reference node, digital certificate transfer is carried out for identity authentication, key negotiation and algorithm negotiation are carried out after authentication is completed, security time service is completed, the time transfer node establishes TCP connection with the time reference node, and before the time transfer node sources self time to standard time, the time transfer node initiatively initiates a request and establishes TCP connection with the time reference node. The time transfer node is connected with the time reference node, so that the time transfer node can have the trusted time capability in a certain period of time based on the verification loop trusted time authentication method.

Description

Trusted time authentication method based on verification loop
Technical Field
The invention relates to the field of time frequency, in particular to a trusted time authentication method based on a verification loop.
Background
Along with the deep development of informatization, more and more information equipment needs to obtain accurate and reliable time information, the defect that the time accuracy cannot be determined is gradually revealed by the original technical means, the reliable time (CT) is based on the Beijing time of the national standard, the information management requirements on the propagation grant, the time keeping precision and the application authentication of the CT are met, and meanwhile, the information equipment has the authoritative, accurate, common-trusted and authenticated time information with legal effectiveness, and the reliable time has five characteristics of authority, accuracy, reliability, supervision and traceability.
Trusted time authentication (CTA) is a collection of technologies and management systems for proving that a certain time transfer node has trusted time capability, and CTA is a specific implementation of CT in an informatization system.
At present, the time transfer node does not have the trusted time capability, and how to enable the time transfer node to have the trusted time capability is an urgent problem to be solved.
For the problems in the related art, no effective solution has been proposed at present.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a trusted time authentication method based on a verification loop, so as to overcome the technical problems existing in the prior related art.
For this purpose, the invention adopts the following specific technical scheme:
a trusted time authentication method based on a verification loop, the authentication method comprising the steps of:
s1, time transmission;
s2, time authentication.
Further, the time transfer further comprises the steps of:
s11, establishing TCP connection between a time transfer node and a time reference node;
s12, transmitting the digital certificate to perform identity authentication;
and S13, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security time service is completed.
Further, the time transfer node establishes a TCP connection with the time reference node further comprises the steps of:
s111, before the time transfer node traces the own time to the standard time, the node actively initiates a request during time transfer, and establishes TCP connection with the time reference node;
and S112, after the time transfer node and the time reference node successfully establish TCP connection, the time reference node sends the digital certificate of the time reference node to the time transfer node.
Further, the step of transmitting the digital certificate to perform identity authentication further comprises the following steps:
s121, the time transfer node verifies the digital certificate sent by the time reference node to finish identity authentication;
s122, after the authentication of the time transfer node to the time reference node is successful, the self digital certificate is sent to the time reference node;
s123, the time reference node verifies the digital certificate of the time transfer node to finish identity authentication.
Further, after authentication is completed, key negotiation and algorithm negotiation are performed, and the completion of security time service further comprises the following steps:
s131, after the time reference node successfully authenticates the identity of the time transfer node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
and S132, the two parties carry out secure communication according to the negotiated secret key and algorithm, and the secure time service is completed.
Further, after the time transfer node successfully authenticates the identity of the time reference node, the two parties perform key negotiation and algorithm negotiation, so that the later-stage secure data communication is facilitated, and the method further comprises the following steps:
the client is connected with the server;
the server sends the CA certificate to the client;
the client verifies the reliability of the certificate;
the client side takes out the public key from the CA certificate;
the client generates a random key k and encrypts the random key k by using the public key to obtain k';
the client sends k to the server;
after receiving k', the server decrypts the k by using the private key of the server to obtain k, and at the moment, both sides obtain the key k, so that the negotiation is completed.
Further, the time authentication further comprises the following steps:
s21, establishing TCP connection between the time transfer node and the time reference node;
s22, transmitting the digital certificate to perform identity authentication;
and S23, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security verification is completed.
Further, the time transfer node establishes a TCP connection with the time reference node further comprises the steps of:
s211, before the time reference node verifies the time transfer node, the time reference node actively initiates a request to establish TCP connection with the time transfer node;
and S212, after the time reference node and the time transfer node successfully establish TCP connection, the time transfer node sends the digital certificate of the time transfer node to the time reference node.
Further, the digital certificate transfer for identity authentication comprises the following steps:
s221, the time reference node verifies the digital certificate sent by the time transfer node to finish identity authentication;
s222, after the authentication of the time reference node to the time transfer node is successful, the time reference node sends the digital certificate to the time transfer node;
s223, the time transfer node verifies the digital certificate of the time reference node to finish identity authentication.
Further, after authentication is completed, key negotiation and algorithm negotiation are performed, and security verification is completed by the following steps:
s231, after the time transfer node successfully authenticates the identity of the time reference node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
s232, the two parties carry out safety communication according to the negotiated secret key and algorithm, and safety verification is completed.
The beneficial effects of the invention are as follows:
1. according to the time transfer node and the time transfer node, the time transfer node is connected with the time transfer node, and the time transfer node can have the trusted time capability in a certain period of time based on the verification loop trusted time authentication method, so that the use efficiency of the time node can be greatly improved.
2. According to the invention, the digital certificate is transmitted between the time standard node and the time transmission node for identity authentication, and the secret key and the algorithm are used for carrying out safety communication, so that the safety verification and the safety time service are completed, the standard time transmission node has the credible time capability, and meanwhile, the digital certificate is more stable and accurate in use, and the range of credible time information in use is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a trusted time authentication method based on a verification loop in accordance with an embodiment of the present invention;
FIG. 2 is a time transfer flow diagram of a trusted time authentication method based on a verification loop in accordance with an embodiment of the present invention;
FIG. 3 is a key agreement flow chart of a trusted time authentication method based on a verification loop according to an embodiment of the present invention;
fig. 4 is a time authentication flow chart of a trusted time authentication method based on a verification loop according to an embodiment of the present invention.
Detailed Description
For the purpose of further illustrating the various embodiments, the present invention provides the accompanying drawings, which are a part of the disclosure of the present invention, and which are mainly used to illustrate the embodiments and, together with the description, serve to explain the principles of the embodiments, and with reference to these descriptions, one skilled in the art will recognize other possible implementations and advantages of the present invention, wherein elements are not drawn to scale, and like reference numerals are generally used to designate like elements.
According to an embodiment of the invention, a trusted time authentication method based on a verification loop is provided.
The invention will be further described with reference to the accompanying drawings and detailed description, as shown in fig. 1, a trusted time authentication method based on a verification loop according to an embodiment of the invention, the authentication method comprising the following steps:
s1, time transmission;
s2, time authentication.
As shown in fig. 2, a trusted time authentication method based on a verification loop according to an embodiment of the present invention includes the steps of:
s11, establishing TCP connection between a time transfer node and a time reference node;
s12, transmitting the digital certificate to perform identity authentication;
and S13, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security time service is completed.
Wherein, the time transfer node establishes TCP connection with the time reference node, and the method further comprises the following steps:
s111, before the time transfer node traces the own time to the standard time, the node actively initiates a request during time transfer, and establishes TCP connection with the time reference node;
and S112, after the time transfer node and the time reference node successfully establish TCP connection, the time reference node sends the digital certificate of the time reference node to the time transfer node.
The digital certificate transfer for identity authentication further comprises the following steps:
s121, the time transfer node verifies the digital certificate sent by the time reference node to finish identity authentication;
s122, after the authentication of the time transfer node to the time reference node is successful, the self digital certificate is sent to the time reference node;
s123, the time reference node verifies the digital certificate of the time transfer node to finish identity authentication.
After the authentication is completed, key negotiation and algorithm negotiation are performed, and the completion of the security time service further comprises the following steps:
s131, after the time reference node successfully authenticates the identity of the time transfer node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
and S132, the two parties carry out secure communication according to the negotiated secret key and algorithm, and the secure time service is completed.
As shown in fig. 3, according to the trusted time authentication method based on the verification loop in the embodiment of the present invention, after the time transfer node succeeds in the authentication of the time reference node, the two parties perform key negotiation and algorithm negotiation, so that the later secure data communication is facilitated, and the method further includes the following steps:
the client is connected with the server;
the server sends the CA certificate to the client;
the client verifies the reliability of the certificate;
the client side takes out the public key from the CA certificate;
the client generates a random key k and encrypts the random key k by using the public key to obtain k';
the client sends k to the server;
after receiving k', the server decrypts the k by using the private key of the server to obtain k, and at the moment, both sides obtain the key k, so that the negotiation is completed.
As shown in fig. 4, a trusted time authentication method based on a verification loop according to an embodiment of the present invention includes the steps of: s21, establishing TCP connection between the time transfer node and the time reference node;
s22, transmitting the digital certificate to perform identity authentication;
and S23, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security verification is completed.
Wherein, the time transfer node establishes TCP connection with the time reference node, and the method further comprises the following steps:
s211, before the time reference node verifies the time transfer node, the time reference node actively initiates a request to establish TCP connection with the time transfer node;
and S212, after the time reference node and the time transfer node successfully establish TCP connection, the time transfer node sends the digital certificate of the time transfer node to the time reference node.
The digital certificate transfer identity authentication comprises the following steps:
s221, the time reference node verifies the digital certificate sent by the time transfer node to finish identity authentication;
s222, after the authentication of the time reference node to the time transfer node is successful, the time reference node sends the digital certificate to the time transfer node;
s223, the time transfer node verifies the digital certificate of the time reference node to finish identity authentication.
After the authentication is completed, key negotiation and algorithm negotiation are carried out, and the security verification is completed by the following steps:
s231, after the time transfer node successfully authenticates the identity of the time reference node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
s232, the two parties carry out safety communication according to the negotiated secret key and algorithm, and safety verification is completed.
Specifically, the time transfer node: the digital certificate is provided, and the certificate comprises: public keys, identity information (such as network hostname, organization name or individual name, etc.), and signature information (which may be the signature of the certificate issuing authority CA or may be a self-signature);
time consumption node: the digital certificate is provided, and the certificate comprises: public keys, identity information (such as network hostname, organization name or individual name, etc.), and signature information (which may be the signature of the certificate issuing authority CA or may be a self-signature);
the identity authentication method comprises the following steps: the verifier verifies publicKey (sign) =hash on the signature of the verified party by using the public key of the verified party, if the signature is equal to the hash, the verification is successful, and if the signature is unequal, the verification is failed;
the time verification method comprises the following steps: comparing the time of the time transfer node with the time reference node to meet a certain precision range, so that verification is successful; not satisfied, the verification fails.
In order to facilitate understanding of the above technical solutions of the present invention, the following describes in detail the working principle or operation manner of the present invention in the actual process.
In summary, by means of the technical scheme, the time transfer node is connected with the time reference node, so that the time transfer node can have the trusted time capability in a certain period of time based on the verification loop trusted time authentication method, and the use efficiency of the time node can be greatly improved.
In addition, the invention carries out identity authentication through the transmission of the digital certificate between the time standard node and the time transmission node, and completes the safety verification and the safety time service through the secret key and the algorithm, so that the standard time transmission node has the credible time capability, and is more stable and accurate in use, and the range of credible time information in use is greatly improved.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.

Claims (10)

1. The trusted time authentication method based on the verification loop is characterized by comprising the following steps of:
s1, time transmission;
s2, time authentication.
2. A trusted time authentication method based on a verification loop as claimed in claim 1, wherein said time transfer further comprises the steps of:
s11, establishing TCP connection between a time transfer node and a time reference node;
s12, transmitting the digital certificate to perform identity authentication;
and S13, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security time service is completed.
3. A trusted time authentication method based on a verification loop as claimed in claim 2, wherein said time transfer node establishes a TCP connection with a time reference node further comprising the steps of:
s111, before the time transfer node traces the own time to the standard time, the node actively initiates a request during time transfer, and establishes TCP connection with the time reference node;
and S112, after the time transfer node and the time reference node successfully establish TCP connection, the time reference node sends the digital certificate of the time reference node to the time transfer node.
4. A trusted time authentication method based on a verification loop as claimed in claim 3, wherein said digital certificate transfer for identity authentication further comprises the steps of:
s121, the time transfer node verifies the digital certificate sent by the time reference node to finish identity authentication;
s122, after the authentication of the time transfer node to the time reference node is successful, the self digital certificate is sent to the time reference node;
s123, the time reference node verifies the digital certificate of the time transfer node to finish identity authentication.
5. The method for authenticating trusted time based on authentication loop of claim 4, wherein after authentication is completed, performing key negotiation and algorithm negotiation, and completing security time service further comprises the following steps:
s131, after the time reference node successfully authenticates the identity of the time transfer node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
and S132, the two parties carry out secure communication according to the negotiated secret key and algorithm, and the secure time service is completed.
6. The method for authenticating trusted time based on authentication loop of claim 5, wherein after the authentication of the time transfer node to the time reference node is successful, the two parties perform key negotiation and algorithm negotiation, so as to facilitate the later secure data communication, further comprising the following steps:
the client is connected with the server;
the server sends the CA certificate to the client;
the client verifies the reliability of the certificate;
the client side takes out the public key from the CA certificate;
the client generates a random key k and encrypts the random key k by using the public key to obtain k';
the client sends k to the server;
after receiving k', the server decrypts the k by using the private key of the server to obtain k, and at the moment, both sides obtain the key k, so that the negotiation is completed.
7. The method of trusted time authentication based on a verification loop of claim 6, wherein said time authentication further comprises the steps of:
s21, establishing TCP connection between the time transfer node and the time reference node;
s22, transmitting the digital certificate to perform identity authentication;
and S23, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security verification is completed.
8. The method for trusted time authentication based on a verification loop of claim 7, wherein said time transfer node establishes a TCP connection with a time reference node further comprising the steps of:
s211, before the time reference node verifies the time transfer node, the time reference node actively initiates a request to establish TCP connection with the time transfer node;
and S212, after the time reference node and the time transfer node successfully establish TCP connection, the time transfer node sends the digital certificate of the time transfer node to the time reference node.
9. The method for authenticating a trusted time based on a verification loop of claim 8, wherein said digital certificate passing for authentication comprises the steps of:
s221, the time reference node verifies the digital certificate sent by the time transfer node to finish identity authentication;
s222, after the authentication of the time reference node to the time transfer node is successful, the time reference node sends the digital certificate to the time transfer node;
s223, the time transfer node verifies the digital certificate of the time reference node to finish identity authentication.
10. The method for authenticating trusted time based on authentication loop of claim 9, wherein after authentication is completed, key negotiation and algorithm negotiation are performed, and security authentication is completed, comprising the steps of:
s231, after the time transfer node successfully authenticates the identity of the time reference node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
s232, the two parties carry out safety communication according to the negotiated secret key and algorithm, and safety verification is completed.
CN202211089791.0A 2022-09-07 2022-09-07 Trusted time authentication method based on verification loop Pending CN116318748A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211089791.0A CN116318748A (en) 2022-09-07 2022-09-07 Trusted time authentication method based on verification loop

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211089791.0A CN116318748A (en) 2022-09-07 2022-09-07 Trusted time authentication method based on verification loop

Publications (1)

Publication Number Publication Date
CN116318748A true CN116318748A (en) 2023-06-23

Family

ID=86783824

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211089791.0A Pending CN116318748A (en) 2022-09-07 2022-09-07 Trusted time authentication method based on verification loop

Country Status (1)

Country Link
CN (1) CN116318748A (en)

Similar Documents

Publication Publication Date Title
US11128477B2 (en) Electronic certification system
CN107196966B (en) Identity authentication method and system based on block chain multi-party trust
US7689828B2 (en) System and method for implementing digital signature using one time private keys
US8438385B2 (en) Method and apparatus for identity verification
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN103312691A (en) Method and system for authenticating and accessing cloud platform
WO2014069985A1 (en) System and method for identity-based entity authentication for client-server communications
Xue et al. A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks
US11477184B2 (en) Conducting secure interactions utilizing reliability information
JP2023544529A (en) Authentication methods and systems
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN110020869B (en) Method, device and system for generating block chain authorization information
CN113472790A (en) Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server
CN112703702A (en) Distributed authentication
CN111989892B (en) Authentication system and computer-readable recording medium
CN115021958B (en) Mist calculation and blockchain fusion intelligent home identity authentication method and system
CN114553480B (en) Cross-domain single sign-on method and device, electronic equipment and readable storage medium
CN116015807A (en) Lightweight terminal security access authentication method based on edge calculation
CN114938280A (en) Authentication method and system based on non-interactive zero-knowledge proof and intelligent contract
KR101256114B1 (en) Message authentication code test method and system of many mac testserver
KR101868564B1 (en) Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same
US9882891B2 (en) Identity verification
CN114978622A (en) Anonymous credential verification method and system based on block chain and zero-knowledge proof
CN116318748A (en) Trusted time authentication method based on verification loop
CN113159872B (en) Privacy protection online billing service authentication method, system, storage medium and application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination