CN116318748A - Trusted time authentication method based on verification loop - Google Patents
Trusted time authentication method based on verification loop Download PDFInfo
- Publication number
- CN116318748A CN116318748A CN202211089791.0A CN202211089791A CN116318748A CN 116318748 A CN116318748 A CN 116318748A CN 202211089791 A CN202211089791 A CN 202211089791A CN 116318748 A CN116318748 A CN 116318748A
- Authority
- CN
- China
- Prior art keywords
- time
- node
- authentication
- reference node
- time reference
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 40
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000012546 transfer Methods 0.000 claims abstract description 97
- 238000004891 communication Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 8
- 231100000279 safety data Toxicity 0.000 claims description 6
- 230000008520 organization Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention discloses a trusted time authentication method based on a verification loop, which comprises the following steps: time transfer, time authentication, time transfer further comprising the steps of: the method comprises the steps that a time transfer node establishes TCP connection with a time reference node, digital certificate transfer is carried out for identity authentication, key negotiation and algorithm negotiation are carried out after authentication is completed, security time service is completed, the time transfer node establishes TCP connection with the time reference node, and before the time transfer node sources self time to standard time, the time transfer node initiatively initiates a request and establishes TCP connection with the time reference node. The time transfer node is connected with the time reference node, so that the time transfer node can have the trusted time capability in a certain period of time based on the verification loop trusted time authentication method.
Description
Technical Field
The invention relates to the field of time frequency, in particular to a trusted time authentication method based on a verification loop.
Background
Along with the deep development of informatization, more and more information equipment needs to obtain accurate and reliable time information, the defect that the time accuracy cannot be determined is gradually revealed by the original technical means, the reliable time (CT) is based on the Beijing time of the national standard, the information management requirements on the propagation grant, the time keeping precision and the application authentication of the CT are met, and meanwhile, the information equipment has the authoritative, accurate, common-trusted and authenticated time information with legal effectiveness, and the reliable time has five characteristics of authority, accuracy, reliability, supervision and traceability.
Trusted time authentication (CTA) is a collection of technologies and management systems for proving that a certain time transfer node has trusted time capability, and CTA is a specific implementation of CT in an informatization system.
At present, the time transfer node does not have the trusted time capability, and how to enable the time transfer node to have the trusted time capability is an urgent problem to be solved.
For the problems in the related art, no effective solution has been proposed at present.
Disclosure of Invention
Aiming at the problems in the related art, the invention provides a trusted time authentication method based on a verification loop, so as to overcome the technical problems existing in the prior related art.
For this purpose, the invention adopts the following specific technical scheme:
a trusted time authentication method based on a verification loop, the authentication method comprising the steps of:
s1, time transmission;
s2, time authentication.
Further, the time transfer further comprises the steps of:
s11, establishing TCP connection between a time transfer node and a time reference node;
s12, transmitting the digital certificate to perform identity authentication;
and S13, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security time service is completed.
Further, the time transfer node establishes a TCP connection with the time reference node further comprises the steps of:
s111, before the time transfer node traces the own time to the standard time, the node actively initiates a request during time transfer, and establishes TCP connection with the time reference node;
and S112, after the time transfer node and the time reference node successfully establish TCP connection, the time reference node sends the digital certificate of the time reference node to the time transfer node.
Further, the step of transmitting the digital certificate to perform identity authentication further comprises the following steps:
s121, the time transfer node verifies the digital certificate sent by the time reference node to finish identity authentication;
s122, after the authentication of the time transfer node to the time reference node is successful, the self digital certificate is sent to the time reference node;
s123, the time reference node verifies the digital certificate of the time transfer node to finish identity authentication.
Further, after authentication is completed, key negotiation and algorithm negotiation are performed, and the completion of security time service further comprises the following steps:
s131, after the time reference node successfully authenticates the identity of the time transfer node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
and S132, the two parties carry out secure communication according to the negotiated secret key and algorithm, and the secure time service is completed.
Further, after the time transfer node successfully authenticates the identity of the time reference node, the two parties perform key negotiation and algorithm negotiation, so that the later-stage secure data communication is facilitated, and the method further comprises the following steps:
the client is connected with the server;
the server sends the CA certificate to the client;
the client verifies the reliability of the certificate;
the client side takes out the public key from the CA certificate;
the client generates a random key k and encrypts the random key k by using the public key to obtain k';
the client sends k to the server;
after receiving k', the server decrypts the k by using the private key of the server to obtain k, and at the moment, both sides obtain the key k, so that the negotiation is completed.
Further, the time authentication further comprises the following steps:
s21, establishing TCP connection between the time transfer node and the time reference node;
s22, transmitting the digital certificate to perform identity authentication;
and S23, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security verification is completed.
Further, the time transfer node establishes a TCP connection with the time reference node further comprises the steps of:
s211, before the time reference node verifies the time transfer node, the time reference node actively initiates a request to establish TCP connection with the time transfer node;
and S212, after the time reference node and the time transfer node successfully establish TCP connection, the time transfer node sends the digital certificate of the time transfer node to the time reference node.
Further, the digital certificate transfer for identity authentication comprises the following steps:
s221, the time reference node verifies the digital certificate sent by the time transfer node to finish identity authentication;
s222, after the authentication of the time reference node to the time transfer node is successful, the time reference node sends the digital certificate to the time transfer node;
s223, the time transfer node verifies the digital certificate of the time reference node to finish identity authentication.
Further, after authentication is completed, key negotiation and algorithm negotiation are performed, and security verification is completed by the following steps:
s231, after the time transfer node successfully authenticates the identity of the time reference node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
s232, the two parties carry out safety communication according to the negotiated secret key and algorithm, and safety verification is completed.
The beneficial effects of the invention are as follows:
1. according to the time transfer node and the time transfer node, the time transfer node is connected with the time transfer node, and the time transfer node can have the trusted time capability in a certain period of time based on the verification loop trusted time authentication method, so that the use efficiency of the time node can be greatly improved.
2. According to the invention, the digital certificate is transmitted between the time standard node and the time transmission node for identity authentication, and the secret key and the algorithm are used for carrying out safety communication, so that the safety verification and the safety time service are completed, the standard time transmission node has the credible time capability, and meanwhile, the digital certificate is more stable and accurate in use, and the range of credible time information in use is greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a trusted time authentication method based on a verification loop in accordance with an embodiment of the present invention;
FIG. 2 is a time transfer flow diagram of a trusted time authentication method based on a verification loop in accordance with an embodiment of the present invention;
FIG. 3 is a key agreement flow chart of a trusted time authentication method based on a verification loop according to an embodiment of the present invention;
fig. 4 is a time authentication flow chart of a trusted time authentication method based on a verification loop according to an embodiment of the present invention.
Detailed Description
For the purpose of further illustrating the various embodiments, the present invention provides the accompanying drawings, which are a part of the disclosure of the present invention, and which are mainly used to illustrate the embodiments and, together with the description, serve to explain the principles of the embodiments, and with reference to these descriptions, one skilled in the art will recognize other possible implementations and advantages of the present invention, wherein elements are not drawn to scale, and like reference numerals are generally used to designate like elements.
According to an embodiment of the invention, a trusted time authentication method based on a verification loop is provided.
The invention will be further described with reference to the accompanying drawings and detailed description, as shown in fig. 1, a trusted time authentication method based on a verification loop according to an embodiment of the invention, the authentication method comprising the following steps:
s1, time transmission;
s2, time authentication.
As shown in fig. 2, a trusted time authentication method based on a verification loop according to an embodiment of the present invention includes the steps of:
s11, establishing TCP connection between a time transfer node and a time reference node;
s12, transmitting the digital certificate to perform identity authentication;
and S13, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security time service is completed.
Wherein, the time transfer node establishes TCP connection with the time reference node, and the method further comprises the following steps:
s111, before the time transfer node traces the own time to the standard time, the node actively initiates a request during time transfer, and establishes TCP connection with the time reference node;
and S112, after the time transfer node and the time reference node successfully establish TCP connection, the time reference node sends the digital certificate of the time reference node to the time transfer node.
The digital certificate transfer for identity authentication further comprises the following steps:
s121, the time transfer node verifies the digital certificate sent by the time reference node to finish identity authentication;
s122, after the authentication of the time transfer node to the time reference node is successful, the self digital certificate is sent to the time reference node;
s123, the time reference node verifies the digital certificate of the time transfer node to finish identity authentication.
After the authentication is completed, key negotiation and algorithm negotiation are performed, and the completion of the security time service further comprises the following steps:
s131, after the time reference node successfully authenticates the identity of the time transfer node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
and S132, the two parties carry out secure communication according to the negotiated secret key and algorithm, and the secure time service is completed.
As shown in fig. 3, according to the trusted time authentication method based on the verification loop in the embodiment of the present invention, after the time transfer node succeeds in the authentication of the time reference node, the two parties perform key negotiation and algorithm negotiation, so that the later secure data communication is facilitated, and the method further includes the following steps:
the client is connected with the server;
the server sends the CA certificate to the client;
the client verifies the reliability of the certificate;
the client side takes out the public key from the CA certificate;
the client generates a random key k and encrypts the random key k by using the public key to obtain k';
the client sends k to the server;
after receiving k', the server decrypts the k by using the private key of the server to obtain k, and at the moment, both sides obtain the key k, so that the negotiation is completed.
As shown in fig. 4, a trusted time authentication method based on a verification loop according to an embodiment of the present invention includes the steps of: s21, establishing TCP connection between the time transfer node and the time reference node;
s22, transmitting the digital certificate to perform identity authentication;
and S23, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security verification is completed.
Wherein, the time transfer node establishes TCP connection with the time reference node, and the method further comprises the following steps:
s211, before the time reference node verifies the time transfer node, the time reference node actively initiates a request to establish TCP connection with the time transfer node;
and S212, after the time reference node and the time transfer node successfully establish TCP connection, the time transfer node sends the digital certificate of the time transfer node to the time reference node.
The digital certificate transfer identity authentication comprises the following steps:
s221, the time reference node verifies the digital certificate sent by the time transfer node to finish identity authentication;
s222, after the authentication of the time reference node to the time transfer node is successful, the time reference node sends the digital certificate to the time transfer node;
s223, the time transfer node verifies the digital certificate of the time reference node to finish identity authentication.
After the authentication is completed, key negotiation and algorithm negotiation are carried out, and the security verification is completed by the following steps:
s231, after the time transfer node successfully authenticates the identity of the time reference node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
s232, the two parties carry out safety communication according to the negotiated secret key and algorithm, and safety verification is completed.
Specifically, the time transfer node: the digital certificate is provided, and the certificate comprises: public keys, identity information (such as network hostname, organization name or individual name, etc.), and signature information (which may be the signature of the certificate issuing authority CA or may be a self-signature);
time consumption node: the digital certificate is provided, and the certificate comprises: public keys, identity information (such as network hostname, organization name or individual name, etc.), and signature information (which may be the signature of the certificate issuing authority CA or may be a self-signature);
the identity authentication method comprises the following steps: the verifier verifies publicKey (sign) =hash on the signature of the verified party by using the public key of the verified party, if the signature is equal to the hash, the verification is successful, and if the signature is unequal, the verification is failed;
the time verification method comprises the following steps: comparing the time of the time transfer node with the time reference node to meet a certain precision range, so that verification is successful; not satisfied, the verification fails.
In order to facilitate understanding of the above technical solutions of the present invention, the following describes in detail the working principle or operation manner of the present invention in the actual process.
In summary, by means of the technical scheme, the time transfer node is connected with the time reference node, so that the time transfer node can have the trusted time capability in a certain period of time based on the verification loop trusted time authentication method, and the use efficiency of the time node can be greatly improved.
In addition, the invention carries out identity authentication through the transmission of the digital certificate between the time standard node and the time transmission node, and completes the safety verification and the safety time service through the secret key and the algorithm, so that the standard time transmission node has the credible time capability, and is more stable and accurate in use, and the range of credible time information in use is greatly improved.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements that fall within the spirit and scope of the invention.
Claims (10)
1. The trusted time authentication method based on the verification loop is characterized by comprising the following steps of:
s1, time transmission;
s2, time authentication.
2. A trusted time authentication method based on a verification loop as claimed in claim 1, wherein said time transfer further comprises the steps of:
s11, establishing TCP connection between a time transfer node and a time reference node;
s12, transmitting the digital certificate to perform identity authentication;
and S13, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security time service is completed.
3. A trusted time authentication method based on a verification loop as claimed in claim 2, wherein said time transfer node establishes a TCP connection with a time reference node further comprising the steps of:
s111, before the time transfer node traces the own time to the standard time, the node actively initiates a request during time transfer, and establishes TCP connection with the time reference node;
and S112, after the time transfer node and the time reference node successfully establish TCP connection, the time reference node sends the digital certificate of the time reference node to the time transfer node.
4. A trusted time authentication method based on a verification loop as claimed in claim 3, wherein said digital certificate transfer for identity authentication further comprises the steps of:
s121, the time transfer node verifies the digital certificate sent by the time reference node to finish identity authentication;
s122, after the authentication of the time transfer node to the time reference node is successful, the self digital certificate is sent to the time reference node;
s123, the time reference node verifies the digital certificate of the time transfer node to finish identity authentication.
5. The method for authenticating trusted time based on authentication loop of claim 4, wherein after authentication is completed, performing key negotiation and algorithm negotiation, and completing security time service further comprises the following steps:
s131, after the time reference node successfully authenticates the identity of the time transfer node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
and S132, the two parties carry out secure communication according to the negotiated secret key and algorithm, and the secure time service is completed.
6. The method for authenticating trusted time based on authentication loop of claim 5, wherein after the authentication of the time transfer node to the time reference node is successful, the two parties perform key negotiation and algorithm negotiation, so as to facilitate the later secure data communication, further comprising the following steps:
the client is connected with the server;
the server sends the CA certificate to the client;
the client verifies the reliability of the certificate;
the client side takes out the public key from the CA certificate;
the client generates a random key k and encrypts the random key k by using the public key to obtain k';
the client sends k to the server;
after receiving k', the server decrypts the k by using the private key of the server to obtain k, and at the moment, both sides obtain the key k, so that the negotiation is completed.
7. The method of trusted time authentication based on a verification loop of claim 6, wherein said time authentication further comprises the steps of:
s21, establishing TCP connection between the time transfer node and the time reference node;
s22, transmitting the digital certificate to perform identity authentication;
and S23, after authentication is completed, key negotiation and algorithm negotiation are carried out, and security verification is completed.
8. The method for trusted time authentication based on a verification loop of claim 7, wherein said time transfer node establishes a TCP connection with a time reference node further comprising the steps of:
s211, before the time reference node verifies the time transfer node, the time reference node actively initiates a request to establish TCP connection with the time transfer node;
and S212, after the time reference node and the time transfer node successfully establish TCP connection, the time transfer node sends the digital certificate of the time transfer node to the time reference node.
9. The method for authenticating a trusted time based on a verification loop of claim 8, wherein said digital certificate passing for authentication comprises the steps of:
s221, the time reference node verifies the digital certificate sent by the time transfer node to finish identity authentication;
s222, after the authentication of the time reference node to the time transfer node is successful, the time reference node sends the digital certificate to the time transfer node;
s223, the time transfer node verifies the digital certificate of the time reference node to finish identity authentication.
10. The method for authenticating trusted time based on authentication loop of claim 9, wherein after authentication is completed, key negotiation and algorithm negotiation are performed, and security authentication is completed, comprising the steps of:
s231, after the time transfer node successfully authenticates the identity of the time reference node, the two parties carry out key negotiation and algorithm negotiation, so that later-stage safety data communication is facilitated;
s232, the two parties carry out safety communication according to the negotiated secret key and algorithm, and safety verification is completed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211089791.0A CN116318748A (en) | 2022-09-07 | 2022-09-07 | Trusted time authentication method based on verification loop |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211089791.0A CN116318748A (en) | 2022-09-07 | 2022-09-07 | Trusted time authentication method based on verification loop |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116318748A true CN116318748A (en) | 2023-06-23 |
Family
ID=86783824
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211089791.0A Pending CN116318748A (en) | 2022-09-07 | 2022-09-07 | Trusted time authentication method based on verification loop |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116318748A (en) |
-
2022
- 2022-09-07 CN CN202211089791.0A patent/CN116318748A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11128477B2 (en) | Electronic certification system | |
CN107196966B (en) | Identity authentication method and system based on block chain multi-party trust | |
US7689828B2 (en) | System and method for implementing digital signature using one time private keys | |
US8438385B2 (en) | Method and apparatus for identity verification | |
CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
CN103312691A (en) | Method and system for authenticating and accessing cloud platform | |
WO2014069985A1 (en) | System and method for identity-based entity authentication for client-server communications | |
Xue et al. | A distributed authentication scheme based on smart contract for roaming service in mobile vehicular networks | |
US11477184B2 (en) | Conducting secure interactions utilizing reliability information | |
JP2023544529A (en) | Authentication methods and systems | |
CN111435913A (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
CN110020869B (en) | Method, device and system for generating block chain authorization information | |
CN113472790A (en) | Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server | |
CN112703702A (en) | Distributed authentication | |
CN111989892B (en) | Authentication system and computer-readable recording medium | |
CN115021958B (en) | Mist calculation and blockchain fusion intelligent home identity authentication method and system | |
CN114553480B (en) | Cross-domain single sign-on method and device, electronic equipment and readable storage medium | |
CN116015807A (en) | Lightweight terminal security access authentication method based on edge calculation | |
CN114938280A (en) | Authentication method and system based on non-interactive zero-knowledge proof and intelligent contract | |
KR101256114B1 (en) | Message authentication code test method and system of many mac testserver | |
KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
US9882891B2 (en) | Identity verification | |
CN114978622A (en) | Anonymous credential verification method and system based on block chain and zero-knowledge proof | |
CN116318748A (en) | Trusted time authentication method based on verification loop | |
CN113159872B (en) | Privacy protection online billing service authentication method, system, storage medium and application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |