CA3164765A1 - Secure communication method and device based on identity authentication - Google Patents

Secure communication method and device based on identity authentication

Info

Publication number
CA3164765A1
CA3164765A1 CA3164765A CA3164765A CA3164765A1 CA 3164765 A1 CA3164765 A1 CA 3164765A1 CA 3164765 A CA3164765 A CA 3164765A CA 3164765 A CA3164765 A CA 3164765A CA 3164765 A1 CA3164765 A1 CA 3164765A1
Authority
CA
Canada
Prior art keywords
node
fingerprint information
key
electronic seal
seal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CA3164765A
Other languages
French (fr)
Inventor
Qinglong MA
Jian Sun
Bingkang ZHANG
Fan XIA
Jianwen DING
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
10353744 Canada Ltd
Original Assignee
10353744 Canada Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 10353744 Canada Ltd filed Critical 10353744 Canada Ltd
Publication of CA3164765A1 publication Critical patent/CA3164765A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in the present invention are a method and an apparatus for secure communication based on identity authentication; by means of mandatory authentication of an electronic seal of both parties, the identity information of both communicating parties can be flexibly and efficiently verified without needing to apply for a digital certificate from a CA, ensuring the security of the communication data. The method comprises: a request node and a response node each make a respective electronic seal; the request node and the response node mutually report fingerprint information in the electronic seal of the opposite party; the request node uses a random factor to encrypt plaintext data to generate ciphertext data, uses a public key of the electronic seal of the opposite party to encrypt the random factor to obtain a communication key, and then packages the ciphertext data, the communication key, and the fingerprint information and sends same to the response node; the response node compares the fingerprint information in the file packet with the reported fingerprint information and, once the comparison is successful, decrypts the encrypted private key of the electronic seal belonging to the response node, decrypts the communication key by means of the private key to restore the random factor, and then parses the ciphertext data to obtain the plaintext data.

Description

SECURE COMMUNICATION METHOD AND DEVICE BASED ON IDENTITY
AUTHENTICATION
BACKGROUND OF THE INVENTION
Technical Field [0001] The present invention relates to the field of communication security technology, and more particularly to a secure communication method and a secure communication device based on identity authentication.
Description of Related Art
[0002] To ensure communication security, it is required to make security configuration on the two nodes performing data communication in a business system, so as to recognize and verify the identity of each other. The traditional security schemes mostly employ the mechanism of digital certificate + TLS (Transport Layer Security) to satisfy the requirements on identity recognition and secure communication. With respect to identity recognition, a scheme is employed in the prior-art technology in which identity information (such as identity number) of the initiating party is added in the message, and the receiving party on receiving the identity information verifies the other's identity legitimacy by enquiring a database; with respect to security, a scheme is employed in the prior-art technology in which exchange and storage are carried out through encryption/decryption algorithms, signature algorithms and secret keys previously agreed upon, to support for such signature verification requirements as encryption, decryption and signing during message transmission.
[0003] In addition, when the mechanism of digital certificate + TLS is employed, it is needed to apply for digital certificates from the certificate authority (CA, the certificate issuing authority), but this brings about great inconvenience to secure data communication for Date Recue/Date Received 2022-06-15 constructing a quick application scenario, and there lacks flexibility of application;
moreover, use of the TLS communication protocol requires multistep negotiations before ciphertext transmission is organized, is unduly complicated under general application scenarios, and possesses inferior applicability, while the exchange of such important information as the encryption/decryption algorithms, signature algorithms and secret keys, and the permanent storage of the same in the others' systems cause certain administrative risks.
SUMMARY OF THE INVENTION
[0004] The present invention aims to provide a secure communication method and a secure communication device based on identity authentication, by forcefully authenticating electronic seals of two parties, it is made possible to flexibly and highly effectively verify identity information of the communicating two parties without applying for any digital certificate from the certificate authority, so that security of communication data is ensured.
[0005] In order to achieve the above objective, according to one aspect of the present invention, there is provided a secure communication method based on identity authentication, and the method comprises:
[0006] respectively fabricating respective electronic seals by a request node and a response node, wherein the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key;
[0007] mutually reporting the fingerprint information in the others' electronic seals by the request node and the response node, for mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals;
[0008] using a random factor by the request node to encrypt plaintext data to generate cyphertext data, after the two nodes have passed identity verification, and using the public key of the Date Recue/Date Received 2022-06-15 electronic seal of the response node to encrypt the random factor to obtain a communication secret key, thereafter packaging to send the cyphertext data, the communication secret key and the fingerprint information in the electronic seal of the request node to the response node; and
[0009] comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data.
[0010] Preferably, the step of respectively fabricating respective electronic seals by a request node and a response node includes:
[0011] designing partitions of each electronic seal, wherein the partitions include a header area, a seal information area and a tail area in addition to the verification area;
and
[0012] correspondingly filling, by the request node and the response node on the basis of partitioned structures of the electronic seals, a start marker, an identification code and a version number in the respective header area, correspondingly filling a seal holder number, a seal holder name, an issuing authority number, an issuing authority name and a validation period in the respective seal information area, correspondingly filling description information and an end marker in the respective tail area, and correspondingly filling the signature algorithm, the signature information, the encryption algorithm, the fingerprint information, the digest algorithm, the public key and the encrypted private key in the verification area.
[0013] Preferably, generating the public key and the encrypted private key includes:
[0014] randomly generating a pair of public key and private key according to the signature algorithm in the electronic seal;
[0015] encrypting the pertinent private key on the basis of a seal password PIN preset by the Date Recue/Date Received 2022-06-15 request node to generate the encrypted private key of the electronic seal of the request node; and
[0016] encrypting the pertinent private key on the basis of a seal password PIN preset by the response node to generate the encrypted private key of the electronic seal of the response node.
[0017] Optionally, generating the fingerprint information includes:
[0018] joining character strings of the seal holder number and the seal holder name in the electronic seal, and using the corresponding seal password PIN to encrypt a character string joining result to form a cyphertext;
[0019] employing the digest algorithm to digest the cyphertext, and obtaining a digest character string; and
[0020] signing the digest character string through the private key to which the signature algorithm corresponds, and obtaining the fingerprint information of the electronic seal.
[0021] Optionally, generating the signature information includes:
[0022] defining a key field byte in the electronic seal, wherein the key field byte is a feature byte of the electronic seal;
[0023] digesting the key field byte through the digest algorithm, and obtaining a key field character string; and
[0024] signing the key field character string through the private key to which the signature algorithm corresponds, and forming the signature information of the electronic seal.
[0025] Preferably, the step of mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals includes:
[0026] sending by the request node the pertinent electronic seal to the response node, so as to enable the response node to read the signature algorithm, the public key, the digest algorithm and the signature information of the electronic seal pertaining to the request Date Recue/Date Received 2022-06-15 node;
[0027] reading by the response node the key field byte in the electronic seal pertaining to the request node, digesting on the basis of the digest algorithm to obtain the digest character string, and using the public key of the signature algorithm to execute signature verification on the key field byte;
[0028] comparing, by the response node after signature verification has been passed, the fingerprint information of the electronic seal pertaining to the request node with the fingerprint information reported by the request node, and authorizing access of the request node when a comparison result exhibits consistency;
[0029] sending by the response node the pertinent electronic seal to the request node, so as to enable the request node to read the signature algorithm, the public key, the digest algorithm and the signature information of the electronic seal pertaining to the response node;
[0030] reading by the request node the key field byte in the electronic seal pertaining to the response node, digesting on the basis of the digest algorithm to obtain the digest character string, and using the public key of the signature algorithm to execute signature verification on the key field byte; and
[0031] comparing, by the request node after signature verification has been passed, the fingerprint information of the electronic seal pertaining to the response node with the fingerprint information reported by the response node, and authorizing access of the response node when a comparison result exhibits consistency.
[0032] Preferably, the step of using a random factor by the request node to encrypt plaintext data to generate cyphertext data, and using the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, thereafter packaging to send the cyphertext data, the communication secret key and the fingerprint information in the electronic seal of the request node to the response node includes:
[0033] generating the random factor by the request node, for encrypting the plaintext data to obtain the cyphertext data;
Date Recue/Date Received 2022-06-15
[0034] using, by the request node, the public key of the electronic seal pertaining to the response node to encrypt the random factor, and generating the communication secret key; and
[0035] packaging to send, by the request node, the communication secret key, the cyphertext data and the fingerprint information of the pertinent electronic seal to the response node.
[0036] Further, the step of comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data includes:
[0037] reading by the response node the fingerprint information in the file package, and comparing the same with the fingerprint information reported by the request node;
[0038] reading, by the response node after the comparison has been passed, the encryption algorithm, the signature algorithm, the encrypted private key and the preset seal password PIN of the pertinent electronic seal, and decrypting the private key of the electronic seal pertaining to the response node; and
[0039] parsing the communication secret key via the private key to restore the random factor, and finally using the random factor to parse the cyphertext data to obtain the plaintext data.
[0040] In comparison with prior-art technology, the secure communication method based on identity authentication provided by the present invention achieves the following advantageous effects.
[0041] In the secure communication method based on identity authentication provided by the present invention, electronic seals pertaining to a request node and a response node are fabricated in advance by the request node and the response node, the electronic seals each include a verification area consisting of a signature algorithm, signature information, an Date Recue/Date Received 2022-06-15 encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key, after the electronic seals have been fabricated to completion, the request node and the response node mutually report the fingerprint information in the others' electronic seals for identity verification during the process of exchanging the electronic seals, and secure data communication can be proceeded only when the two nodes have passed identity verification. The specific process is as follows:
the request node uses a random factor to encrypt plaintext data to generate cyphertext data, thereafter uses the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, and till now packages to send the cyphertext data, the communication secret key and the fingerprint information for recognizing the identity of the request node to the response node; after having received the file package, the response node reads the fingerprint information contained therein and compares the same with the fingerprint information reported by the request node, authorizes the request node to access to the response node only after the comparison has been passed, thereafter the response node invokes the pertinent encrypted private key, uses a plaintext private key after the encrypted private key has been decrypted to decrypt the communication secret key to thereby restore the random factor, and finally uses the random factor to parse the cyphertext data to obtain the plaintext data, so as to complete cyphertext transmission from the request node to the response node.
[0042] In summary, as compared with prior-art schemes, in the present invention electronic seals are fabricated by the two parties themselves through negotiations of the two parties, there is no more need to apply for any digital certificate from the certificate authority (CA), flexibility of application is enhanced, through the forced exchange and authentication policy of the electronic seals, it can be guaranteed that the communication cyphertext would not be stolen by any third party, whereby security of communication between the two parties is enhanced; in addition, the process of negotiating secret keys of the two parties before data transmission is dispensed with, thereby increasing convenience of application.

Date Recue/Date Received 2022-06-15
[0043] According to another aspect of the present invention, there is provided a secure communication device based on identity authentication, the device is applied with the secure communication method based on identity authentication mentioned in the foregoing technical solution, and the device comprises:
[0044] a seal fabricating unit, for respectively fabricating respective electronic seals by a request node and a response node, wherein the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key;
[0045] a fingerprint registering unit, for mutually reporting the fingerprint information in the others' electronic seals by the request node and the response node, for mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals;
[0046] a file encrypting unit, for storing the compressed logistics box code message in a storage system, and completing archiving of the original logistics box code message;
and
[0047] a file decrypting unit, for comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data.
[0048] In comparison with prior-art technology, the advantageous effects achieved by the secure communication device based on identity authentication provided by the present invention are identical with the advantageous effects achievable by the secure communication method based on identity authentication as provided by the foregoing technical solution, so no repetition is redundantly made in this context.
[0049] According to the third aspect of the present invention, there is provided a computer-Date Recue/Date Received 2022-06-15 readable storage medium storing thereon a computer program that executes steps of the aforementioned secure communication method based on identity authentication when it is run by a processor.
[0050] In comparison with prior-art technology, the advantageous effects achieved by the computer-readable storage medium provided by the present invention are identical with the advantageous effects achievable by the secure communication method based on identity authentication as provided by the foregoing technical solution, so no repetition is redundantly made in this context.
BRIEF DESCRIPTION OF THE DRAWINGS
[0051] The drawings described here are employed to provide further understanding to the present invention, and constitute a part of the present invention. The schematic embodiments of the present invention and descriptions thereof are meant to explain the present invention, rather than to inadequately restrict the present invention. In the drawings,
[0052] Fig. 1 is a flowchart schematically illustrating the secure communication method based on identity authentication in Embodiment 1;
[0053] Fig. 2 is a flowchart schematically illustrating interaction of the secure communication method based on identity authentication in Embodiment 1; and
[0054] Fig. 3 is a view exemplarily illustrating the structure of an electronic seal in Embodiment 1.
DETAILED DESCRIPTION OF THE INVENTION
[0055] In order to make more lucid and clear the aforementioned objectives, features and advantages of the present invention, the technical solutions in the embodiments of the present invention will be more clearly and comprehensively described below with reference to the accompanying drawings in the embodiments of the present invention.
Apparently, the embodiments as described are merely partial, rather than the entire, Date Recue/Date Received 2022-06-15 embodiments of the present invention. All other embodiments obtainable by persons ordinarily skilled in the art on the basis of the embodiments in the present invention without making creative effort shall all fall within the protection scope of the present invention.
[0056] Embodiment 1
[0057] Please refer to Figs. 1 to 3, this embodiment provides a secure communication method based on identity authentication, and the method comprises:
[0058] respectively fabricating respective electronic seals by a request node and a response node, wherein the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key; mutually reporting the fingerprint information in the others' electronic seals by the request node and the response node, for mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals; using a random factor by the request node to encrypt plaintext data to generate cyphertext data, after the two nodes have passed identity verification, and using the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, thereafter packaging to send the cyphertext data, the communication secret key and the fingerprint information in the electronic seal of the request node to the response node; and comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data.
[0059] In the secure communication method based on identity authentication provided by the Date Recue/Date Received 2022-06-15 present invention, electronic seals pertaining to a request node and a response node are fabricated in advance by the request node and the response node, the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key, after the electronic seals have been fabricated to completion, the request node and the response node mutually report the fingerprint information in the others' electronic seals for identity verification during the process of exchanging the electronic seals, and secure data communication can be proceeded only when the two nodes have passed identity verification. The specific process is as follows:
the request node uses a random factor to encrypt plaintext data to generate cyphertext data, thereafter uses the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, and till now packages to send the cyphertext data, the communication secret key and the fingerprint information for recognizing the identity of the request node to the response node; after having received the file package, the response node reads the fingerprint information contained therein and compares the same with the fingerprint information reported by the request node, authorizes the request node to access to the response node only after the comparison has been passed, thereafter the response node invokes the pertinent encrypted private key, uses a plaintext private key after the encrypted private key has been decrypted to decrypt the communication secret key to thereby restore the random factor, and finally uses the random factor to parse the cyphertext data to obtain the plaintext data, so as to complete cyphertext transmission from the request node to the response node.
[0060] In summary, as compared with prior-art schemes, in the present invention electronic seals are fabricated by the two parties themselves through negotiations of the two parties, there is no more need to apply for any digital certificate from the certificate authority (CA), flexibility of application is enhanced, through the forced exchange and authentication policy of the electronic seals, it can be guaranteed that the communication cyphertext would not be stolen by any third party, whereby security of communication between the Date Recue/Date Received 2022-06-15 two parties is enhanced; in addition, the process of negotiating secret keys of the two parties before data transmission is dispensed with, thereby increasing convenience of application.
[0061] Please refer to Fig. 3, the step of respectively fabricating respective electronic seals by a request node and a response node includes:
[0062] designing partitions of each electronic seal, wherein the partitions include a header area, a seal information area and a tail area in addition to the verification area;
and correspondingly filling, by the request node and the response node on the basis of partitioned structures of the electronic seals, a start marker, an identification code and a version number in the respective header area, correspondingly filling a seal holder number, a seal holder name, an issuing authority number, an issuing authority name and a validation period in the respective seal information area, correspondingly filling description information and an end marker in the respective tail area, and correspondingly filling the signature algorithm, the signature information, the encryption algorithm, the fingerprint information, the digest algorithm, the public key and the encrypted private key in the verification area.
[0063] As shown in Fig. 3, in the header area, the start marker has two bytes, the identification code has three bytes, and the version number has one byte; in the verification area, the signature algorithm has eight bytes, the signature information has thirty-two bytes, the encryption algorithm has eight bytes, the fingerprint information has thirty-two bytes, the digest algorithm has eight bytes, the public key has thirty-two bytes, and the encrypted private key has thirty-two bytes; in the seal information area, the seal holder number has thirty-two bytes, the seal holder name has thirty-two bytes, the issuing authority number has thirty-two bytes, the issuing authority name has thirty-two bytes, and the validation period information has sixteen bytes; in the tail area, the description information has sixty-two bytes, and the end marker has two bytes. Understandably, the signature algorithm is an asymmetric algorithm for signing information or performing signature Date Recue/Date Received 2022-06-15 verification on information, such as RSA, SM1, the encryption algorithm is a symmetric algorithm for encrypting or decrypting information, such as AES, SM2, and the digest algorithm is an algorithm for digesting information, such as MD5, SM3.
[0064] In addition, in this embodiment the encrypted private key is placed in the electronic seal for storage, whereby it is made possible to properly store and administer the private key, and reduce the administrative risk brought about by the permanent disposal of the private key in the other's system for storage.
[0065] The step of generating the public key and the encrypted private key in this embodiment includes: randomly generating a pair of public key and private key according to the signature algorithm in the electronic seal; encrypting the pertinent private key on the basis of a seal password PIN preset by the request node to generate the encrypted private key of the electronic seal of the request node; and encrypting the pertinent private key on the basis of a seal password PIN preset by the response node to generate the encrypted private key of the electronic seal of the response node.
[0066] During specific implementation, suppose the electronic seal of the request node is A, the corresponding signature algorithm of electronic seal A is SA, the electronic seal of the response node is B, the corresponding signature algorithm of electronic seal B
is SB, the request node generates public key SA.PublicKey and private key SA.PrivateKey according to signature algorithm SA, the response node generates public key SB.PublicKey and private key SB.PrivateKey according to signature algorithm SB, thereafter public key SA.PublicKey is correspondingly filled in a public key area of electronic seal A, public key SB.PublicKey is correspondingly filled in a public key area of electronic seal B, private key SA.PrivateKey and private key SB.PrivateKey are then immediately encrypted, specifically, a seal password PIN preset by the request node is used to encrypt private key SA.PrivateKey to obtain the encrypted private key of electronic seal A, a seal password PIN preset by the response node is used to encrypt Date Recue/Date Received 2022-06-15 private key SB.PrivateKey to obtain the encrypted private key of electronic seal B, the process can be expressed by the expression: private key = EA.Encrypt (SA.PrivateKey, PIN), SA.PrivateKey is then filled in a private key area of electronic seal A, and SB.PrivateKey is correspondingly filled in a private key area of electronic seal B, thus completing fillings of the verification areas of electronic seal A and electronic seal B.
[0067] Further, the step of generating the fingerprint information in this embodiment includes:
joining character strings of the seal holder number and the seal holder name in the electronic seal, and using the corresponding seal password PIN to encrypt a character string joining result to form a cyphertext; employing the digest algorithm to digest the cyphertext, and obtaining a digest character string; and signing the digest character string through the private key to which the signature algorithm corresponds, and obtaining the fingerprint information of the electronic seal.
[0068] During specific implementation, taking for example the generation of fingerprint information in electronic seal A, and this can be expressed by an expression as: fingerprint information = SA.Sign (DA (EA(ID+Name, PIN)), SA.PrivateKey), where ID
represents the seal holder number, Name represents the seal holder name, EA represents the encryption algorithm, and DA represents the digest algorithm; the fingerprint information indicates a result expression obtained after the key field information in the electronic seal has been signed, and the above expression can be understood as joining character strings of the seal holder number and the seal holder name in the electronic seal, thereafter using the seal password PIN as a secret key of the encryption algorithm (symmetric algorithm) to encrypt the character string joining result to form a cyphertext, subsequently digesting the cyphertext through the digest algorithm to obtain a digest character string, and finally signing the digest character string through the private key of the signature algorithm (asymmetric algorithm) to form the fingerprint information. By the same token, generation of the fingerprint information in electronic seal B is identical with the case in electronic seal A, and this embodiment makes no redundant description thereto.

Date Recue/Date Received 2022-06-15 Exemplarily, the seal holder number can be an ID card number, a unified identification number of social credit, or an organization number.
[0069] Further, the step of generating the signature information in this embodiment includes:
defining a key field byte in the electronic seal, wherein the key field byte is a feature byte of the electronic seal; digesting the key field byte through the digest algorithm, and obtaining a key field character string; and signing the key field character string through the private key to which the signature algorithm corresponds, and forming the signature information of the electronic seal.
[0070] During specific implementation, taking for example the generation of signature information in electronic seal A, and this is expressed by an expression as:
signature information = SA.Sign (DA (content), SA.PrivateKey), where content represents key field bytes, as shown in Fig. 3, namely the entire fields from the area of "encryption algorithm" to the area of "end marker" in the electronic seal (the content following forty-six bytes in the electronic seal); the key field bytes are digested through the digest algorithm to obtain a key field character string, and the key field character string is subsequently signed through the private key to which the signature algorithm corresponds to form the signature information of electronic seal A. By the same token, generation of the signature information in electronic seal B is identical with the case in electronic seal A, and this embodiment makes no redundant description thereto.
[0071] Till now, the signature and seal constructing phase is complete, electronic seal A and electronic seal B are generated to be usable for identity recognition and secure data communication, and a signature and seal verifying phase subsequently ensues.
[0072] Specifically, the step of mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals in this embodiment includes:
Date Recue/Date Received 2022-06-15
[0073] sending by the request node the pertinent electronic seal to the response node, so as to enable the response node to read the signature algorithm, the public key, the digest algorithm and the signature information of the electronic seal pertaining to the request node; reading by the response node the key field byte in the electronic seal pertaining to the request node, digesting on the basis of the digest algorithm to obtain the digest character string, and using the public key of the signature algorithm to execute signature verification on the key field byte; comparing, by the response node after signature verification has been passed, the fingerprint information of the electronic seal pertaining to the request node with the fingerprint information reported by the request node, and authorizing access of the request node when a comparison result exhibits consistency;
sending by the response node the pertinent electronic seal to the request node, so as to enable the request node to read the signature algorithm, the public key, the digest algorithm and the signature information of the electronic seal pertaining to the response node; reading by the request node the key field byte in the electronic seal pertaining to the response node, digesting on the basis of the digest algorithm to obtain the digest character string, and using the public key of the signature algorithm to execute signature verification on the key field byte; and comparing, by the request node after signature verification has been passed, the fingerprint information of the electronic seal pertaining to the response node with the fingerprint information reported by the response node, and authorizing access of the response node when a comparison result exhibits consistency.
[0074] Please refer to Fig. 3, the foregoing embodiment can be understood as a process in which the two nodes exchange electronic seals and verify identities, in which process the request node firstly sends electronic seal A to the response node, upon reception of electronic seal A, the response node performs a signature verification operation thereon, thereafter reads the fingerprint information in electronic seal A and compares the same with the fingerprint information reported by electronic seal A in the response node, it is considered that electronic seal A is legitimate in identity when the comparison result shows consistency, Date Recue/Date Received 2022-06-15 at this time the request node is authorized to access to the response node;
after the response node has completed verification of the identity of the request node, the request node should continue to verify the identity of the response node, that is to say, the response node sends electronic seal B to the request node, upon reception of electronic seal B, the request node performs a signature verification operation thereon, thereafter reads the fingerprint information in electronic seal B and compares the same with the fingerprint information reported by electronic seal B in the request node, it is considered that electronic seal B is legitimate in identity when the comparison result shows consistency, at this time the response node is authorized to access to the request node.
[0075] Explanation is made with an example in which the response node performs a signature verification operation on electronic seal A, the process can be expressed by an expression as: signature verification = SA.Verify (DA (content), SA.PublicKey, SI), where SI
represents the signature information in electronic seal A; the above expression can be understood as performing a signature verification operation through the public key of the signature algorithm (asymmetric algorithm) and the signature information (SI) of a signature and seal file structure of electronic seal A, if the signature verification succeeds, this indicates that the signature and seal file is not distorted, if the signature verification does not succeed, this indicates that the signature and seal file is distorted.
[0076] Explanation is made with an example in which the response node verifies identity legitimacy of electronic seal A, the process can be expressed by an expression as: identity = If (Equal (A.DS. fingerprint information, register electronic seal A.
fingerprint information)), and this expression can be understood as drawing the fingerprint information out of the signature and seal file of electronic seal A and comparing the same with the fingerprint information reported in the response node, and authorizing access of the request node when the comparison result shows consistency.
[0077] In addition, the signature verification operation and the identity legitimacy verification Date Recue/Date Received 2022-06-15 operation of the request node on electronic seal B are identical with the aforementioned signature verification operation and identity legitimacy verification operation of the response node on electronic seal A, and this embodiment makes no redundant description thereto.
[0078] Till now, the signature and seal verifying phase of the two parties is complete, and the encrypted/decrypted communication phase of the two parties ensues subsequently.
[0079] The step of using a random factor by the request node to encrypt plaintext data to generate cyphertext data, and using the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, thereafter packaging to send the cyphertext data, the communication secret key and the fingerprint information in the electronic seal of the request node to the response node in this embodiment includes:
[0080] generating the random factor by the request node, for encrypting the plaintext data to obtain the cyphertext data; using, by the request node, the public key of the electronic seal pertaining to the response node to encrypt the random factor, and generating the communication secret key; and packaging to send, by the request node, the communication secret key, the cyphertext data and the fingerprint information of the pertinent electronic seal to the response node.
[0081] During specific implementation, the solution for the request node to encrypt the plaintext data to obtain the cyphertext data can be expressed by the expression as:
cyphertext data = B.EA (A.plainText, Key), where plainText is plaintext data, Key is a randomly generated encryption factor, and Key can not only be selected from a fixed character string, but can also be a random number generated during each encryption; the above expression can be understood as using the encryption factor Key as the secret key of the encryption algorithm (symmetric algorithm), and using the encryption algorithm (symmetric algorithm) required by the signature and seal of the other party to encrypt the Date Recue/Date Received 2022-06-15 plaintext data (plainText) to generate the cyphertext data. The solution for the request node to encrypt the random factor to generate the communication secret key can be expressed by the expression as: communication secret key = B.SA.Encrypt (Key, B.SA.PublicKey), and this can be understood as encrypting the encryption factor (Key) generated at the current party through the public key of the signature algorithm (asymmetric algorithm) required by the signature and seal of the other party to form the communication secret key.
[0082] Moreover, the step of comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data in this embodiment includes:
[0083] reading by the response node the fingerprint information in the file package, and comparing the same with the fingerprint information reported by the request node;
reading, by the response node after the comparison has been passed, the encryption algorithm, the signature algorithm, the encrypted private key and the preset seal password PIN of the pertinent electronic seal, and decrypting the private key of the electronic seal pertaining to the response node; and parsing the communication secret key via the private key to restore the random factor, and finally using the random factor to parse the cyphertext data to obtain the plaintext data.
[0084] During specific implementation, after having received the file package, the response node firstly reads the fingerprint information in the file package, compares the same with the fingerprint information reported by the request node, thus achieving verification each time to ensure security of data transmission, after the comparison has been passed, the response node reads the encrypted private key (SB.PrivateKey) in electronic seal B.

Date Recue/Date Received 2022-06-15
[0085] If the plaintext private key is to be used, it is further required to decrypt the encrypted private key, the decryption expression is: B.SA.PrivateKey = B.EA.Decrypt (B.SecureKey, PIN), that is, the encryption algorithm in the signature and seal is firstly read, PIN is used as the secret key of the encryption algorithm (symmetric algorithm) to decrypt the encrypted private key, and the decrypted plaintext is the plaintext private key.
[0086] If the random factor is to be obtained, it is further required to decrypt the communication secret key, the decryption expression is: A. Key = B.SA.Decrypt (communication secret key, B.SA.PrivateKey), that is, the signature algorithm in the signature and seal is firstly read, the plaintext private key of the already decrypted signature algorithm (asymmetric algorithm) is used to decrypt the communication secret key in the file package, and the random factor (Key) of the request node is obtained after the decryption.
[0087] If the plaintext data is to be obtained, it is further required to decrypt the cyphertext data, the decryption expression is: A.plainText = B.EA.Decrypt (cyphertext, A.Key), that is, the encryption algorithm in the signature and seal is firstly read, the already decrypted random factor is used as the secret key of the encryption algorithm (symmetric algorithm) to decrypt the cyphertext data, and the plaintext data is obtained after the decryption.
[0088] Till now, the response node has completed encrypted data communication with the request node. By the same token, the encrypted data communication of the request node with the response node is an inverse process of the process in the foregoing embodiment, please refer to Fig. 2, when the response node sends the cyphertext data to the request node, the corresponding node is responsible for the generation of the encryption factor, and uses electronic seal A of the request node to generate the communication secret key and the cyphertext data; after having received the cyphertext data, the communication secret key and the fingerprint information of electronic seal B, the request node uses its own electronic seal A to decrypt to obtain the plaintext data.
Date Recue/Date Received 2022-06-15
[0089] As should be noted, a verification area of the electronic seal is designed in this embodiment, and the seal holder is enabled to reduce security defects of known algorithms as far as possible and to enhance overall algorithm strength by stipulating symmetric and asymmetric encryption algorithms. At the same time, what this embodiment provides is a secure communication scheme in the level of business data (rather than protocol), to realize autonomous control of data security of the communicating two parties.
[0090] Embodiment 2
[0091] This embodiment provides a secure communication device based on identity authentication, and the device comprises:
[0092] a seal fabricating unit, for respectively fabricating respective electronic seals by a request node and a response node, wherein the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key;
[0093] a fingerprint registering unit, for mutually reporting the fingerprint information in the others' electronic seals by the request node and the response node, for mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals;
[0094] a file encrypting unit, for storing the compressed logistics box code message in a storage system, and completing archiving of the original logistics box code message;
and
[0095] a file decrypting unit, for comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data.

Date Recue/Date Received 2022-06-15
[0096] In comparison with prior-art technology, the advantageous effects achieved by the secure communication device based on identity authentication provided by this embodiment are identical with the advantageous effects achievable by the secure communication method based on identity authentication as provided by the foregoing embodiment, so no repetition is redundantly made in this context.
[0097] Embodiment 3
[0098] This embodiment provides a computer-readable storage medium storing thereon a computer program that executes steps of the aforementioned secure communication method based on identity authentication when it is run by a processor.
[0099] In comparison with prior-art technology, the advantageous effects achieved by the computer-readable storage medium provided by this embodiment are identical with the advantageous effects achievable by the secure communication method based on identity authentication as provided by the foregoing technical solution, so no repetition is redundantly made in this context.
[0100] As understandable by persons ordinarily skilled in the art, the entire or partial steps that realize the method of the present invention can be completed via a program that instructs relevant hardware, the program can be stored in a computer-readable storage medium, and subsumes the various steps of the method in the aforementioned embodiment when it is executed, and the storage medium can be ROM/RAM, a magnetic disk, an optical disk, a memory card, etc.
[0101] The above description is merely directed to specific modes of execution of the present invention, but the protection scope of the present invention is not restricted thereby. Any change or replacement easily conceivable to persons skilled in the art within the technical Date Recue/Date Received 2022-06-15 range disclosed by the present invention shall be covered by the protection scope of the present invention. Accordingly, the protection scope of the present invention shall be based on the protection scope as claimed in the Claims.

Date Recue/Date Received 2022-06-15

Claims (10)

What is claimed is:
1. A secure communication method based on identity authentication, characterized in comprising:
respectively fabricating respective electronic seals by a request node and a response node, wherein the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key;
mutually reporting the fingerprint information in the others' electronic seals by the request node and the response node, for mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals;
using a random factor by the request node to encrypt plaintext data to generate cyphertext data, after the two nodes have passed identity verification, and using the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, thereafter packaging to send the cyphertext data, the communication secret key and the fingerprint information in the electronic seal of the request node to the response node; and comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data.
2. The method according to Claim 1, characterized in that the step of respectively fabricating respective electronic seals by a request node and a response node includes:
designing partitions of each electronic seal, wherein the partitions include a header area, a seal information area and a tail area in addition to the verification area; and correspondingly filling, by the request node and the response node on the basis of partitioned structures of the electronic seals, a start marker, an identification code and a version number in the respective header area, correspondingly filling a seal holder number, a seal holder name, an issuing authority number, an issuing authority name and a validation period in the respective seal information area, correspondingly filling description information and an end marker in the respective tail area, and correspondingly filling the signature algorithm, the signature information, the encryption algorithm, the fingerprint information, the digest algorithm, the public key and the encrypted private key in the verification area.
3. The method according to Claim 2, characterized in that generating the public key and the encrypted private key includes:
randomly generating a pair of public key and private key according to the signature algorithm in the electronic seal;
encrypting the pertinent private key on the basis of a seal password PIN
preset by the request node to generate the encrypted private key of the electronic seal of the request node; and encrypting the pertinent private key on the basis of a seal password PIN
preset by the response node to generate the encrypted private key of the electronic seal of the response node.
4. The method according to Claim 3, characterized in that generating the fingerprint information includes:
joining character strings of the seal holder number and the seal holder name in the electronic seal, and using the corresponding seal password PIN to encrypt a character string joining result to form a cyphertext;
employing the digest algorithm to digest the cyphertext, and obtaining a digest character string;
and signing the digest character string through the private key to which the signature algorithm corresponds, and obtaining the fingerprint information of the electronic seal.
5. The method according to Claim 3, characterized in that generating the signature information includes:

defining a key field byte in the electronic seal, wherein the key field byte is a feature byte of the electronic seal;
digesting the key field byte through the digest algorithm, and obtaining a key field character string; and signing the key field character string through the private key to which the signature algorithm corresponds, and forming the signature information of the electronic seal.
6. The method according to Claim 2, characterized in that the step of mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals includes:
sending by the request node the pertinent electronic seal to the response node, so as to enable the response node to read the signature algorithm, the public key, the digest algorithm and the signature information of the electronic seal pertaining to the request node;
reading by the response node the key field byte in the electronic seal pertaining to the request node, digesting on the basis of the digest algorithm to obtain the digest character string, and using the public key of the signature algorithm to execute signature verification on the key field byte;
comparing, by the response node after signature verification has been passed, the fingerprint information of the electronic seal pertaining to the request node with the fingerprint information reported by the request node, and authorizing access of the request node when a comparison result exhibits consistency;
sending by the response node the pertinent electronic seal to the request node, so as to enable the request node to read the signature algorithm, the public key, the digest algorithm and the signature information of the electronic seal pertaining to the response node;
reading by the request node the key field byte in the electronic seal pertaining to the response node, digesting on the basis of the digest algorithm to obtain the digest character string, and using the public key of the signature algorithm to execute signature verification on the key field byte; and comparing, by the request node after signature verification has been passed, the fingerprint information of the electronic seal pertaining to the response node with the fingerprint information reported by the response node, and authorizing access of the response node when a comparison result exhibits consistency.
7. The method according to Claim 6, characterized in that the step of using a random factor by the request node to encrypt plaintext data to generate cyphertext data, and using the public key of the electronic seal of the response node to encrypt the random factor to obtain a communication secret key, thereafter packaging to send the cyphertext data, the communication secret key and the fingerprint information in the electronic seal of the request node to the response node includes:
generating the random factor by the request node, for encrypting the plaintext data to obtain the cyphertext data;
using, by the request node, the public key of the electronic seal pertaining to the response node to encrypt the random factor, and generating the communication secret key; and packaging to send, by the request node, the communication secret key, the cyphertext data and the fingerprint information of the pertinent electronic seal to the response node.
8. The method according to Claim 7, characterized in that the step of comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data includes:
reading by the response node the fingerprint information in the file package, and comparing the same with the fingerprint information reported by the request node;
reading, by the response node after the comparison has been passed, the encryption algorithm, the signature algorithm, the encrypted private key and the preset seal password PIN of the pertinent electronic seal, and decrypting the private key of the electronic seal pertaining to the response node; and parsing the communication secret key via the private key to restore the random factor, and finally using the random factor to parse the cyphertext data to obtain the plaintext data.
9. A secure communication device based on identity authentication, characterized in comprising:
a seal fabricating unit, for respectively fabricating respective electronic seals by a request node and a response node, wherein the electronic seals each include a verification area consisting of a signature algorithm, signature information, an encryption algorithm, fingerprint information, a digest algorithm, a public key, and an encrypted private key;
a fingerprint registering unit, for mutually reporting the fingerprint information in the others' electronic seals by the request node and the response node, for mutually extracting the others' fingerprint information for comparison with the reported fingerprint information to verify identity after the two parties have exchanged their electronic seals;
a file encrypting unit, for storing the compressed logistics box code message in a storage system, and completing archiving of the original logistics box code message; and a file decrypting unit, for comparing, by the response node, the fingerprint information in a file package with the reported fingerprint information, decrypting the encrypted private key of the electronic seal pertaining to the response node after comparison has succeeded, decrypting the communication secret key in the file package via the private key to restore the random factor, and hence using the random factor to parse the cyphertext data to obtain the plaintext data.
10. A computer-readable storage medium, storing a computer program thereon, characterized in that the computer program executes steps of the method according to any of Claims 1 to 8 when it is run by a processor.
CA3164765A 2019-12-16 2020-08-28 Secure communication method and device based on identity authentication Pending CA3164765A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201911292428.7 2019-12-16
CN201911292428.7A CN110881048B (en) 2019-12-16 2019-12-16 Safety communication method and device based on identity authentication
PCT/CN2020/111938 WO2021120683A1 (en) 2019-12-16 2020-08-28 Method and apparatus for secure communication based on identity authentication

Publications (1)

Publication Number Publication Date
CA3164765A1 true CA3164765A1 (en) 2021-06-24

Family

ID=69730928

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3164765A Pending CA3164765A1 (en) 2019-12-16 2020-08-28 Secure communication method and device based on identity authentication

Country Status (3)

Country Link
CN (1) CN110881048B (en)
CA (1) CA3164765A1 (en)
WO (1) WO2021120683A1 (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110881048B (en) * 2019-12-16 2021-11-09 苏宁云计算有限公司 Safety communication method and device based on identity authentication
CN113452660B (en) * 2020-03-27 2023-07-25 瑞昱半导体股份有限公司 Communication method of mesh network and cloud server, mesh network system and node device thereof
KR20230008167A (en) * 2020-05-15 2023-01-13 후아웨이 테크놀러지 컴퍼니 리미티드 Communication method and communication device
CN111970114B (en) * 2020-08-31 2023-08-18 中移(杭州)信息技术有限公司 File encryption method, system, server and storage medium
CN112751868A (en) * 2020-12-30 2021-05-04 武汉海昌信息技术有限公司 Heterogeneous encryption transmission method, storage medium and system
CN113708927B (en) * 2021-08-25 2023-05-05 福建师范大学 General assignment verifier signature proving system based on SM2 digital signature
CN114726552B (en) * 2022-06-07 2022-10-11 杭州天谷信息科技有限公司 Digital signature right transfer method and system
CN114785529B (en) * 2022-06-20 2022-10-04 广东名阳信息科技有限公司 Method and system for establishing trusted communication link based on block chain
CN115242392B (en) * 2022-08-01 2024-03-26 北京成鑫盈通科技有限公司 Method and system for realizing industrial information safety transmission based on safety transmission protocol
CN115022092B (en) * 2022-08-05 2022-11-11 中汽数据(天津)有限公司 Vehicle software upgrading method, device and storage medium
CN115378736B (en) * 2022-10-20 2023-01-06 汉雅星空文化科技有限公司 Data processing system, method and storage medium of digital platform
CN117134904B (en) * 2023-09-01 2024-06-28 嘉兴嘉赛信息技术有限公司 Method based on identity recognition and dynamic encryption and decryption communication
CN117150532B (en) * 2023-10-30 2024-01-26 北京敏行通达信息技术有限公司 Data security guarantee method, device, equipment and readable storage medium

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7178030B2 (en) * 2000-10-25 2007-02-13 Tecsec, Inc. Electronically signing a document
JP4093723B2 (en) * 2001-01-24 2008-06-04 ケープレックス・インク Electronic signature method and apparatus for structured document
FR2844656B1 (en) * 2002-09-18 2005-01-28 France Telecom ELECTRONIC SIGNATURE METHOD, PROGRAM AND SERVER FOR IMPLEMENTING THE METHOD
WO2004068264A2 (en) * 2003-01-31 2004-08-12 Linuxprobe Co. System and method for creating electronic signatures
CN101311950B (en) * 2007-05-25 2012-01-18 北京书生国际信息技术有限公司 Electronic stamp realization method and device
CN100592684C (en) * 2008-04-25 2010-02-24 武汉理工大学 An efficient authorization electronic signature method without authentication center
CN101420300B (en) * 2008-05-28 2013-05-29 北京易恒信认证科技有限公司 Double factor combined public key generating and authenticating method
US20110083015A1 (en) * 2009-10-05 2011-04-07 Eidgenossiche Technische Hochschule Zurich System and method for an electronic signature for quick and efficient data authentication
CN101894238B (en) * 2010-08-09 2012-07-04 中国人民解放军海军工程大学 Double authentication-based word document electronic seal system and method
CN101931535A (en) * 2010-08-31 2010-12-29 武汉理工大学 Method for adaptively performing data encryption and authentication without authentication center
CN101931536B (en) * 2010-08-31 2012-05-30 武汉理工大学 Method for encrypting and authenticating efficient data without authentication center
CN102332980B (en) * 2011-09-14 2014-09-03 福建伊时代信息科技股份有限公司 Method and system for managing electronic file
CN103269271B (en) * 2013-05-23 2016-12-07 天地融科技股份有限公司 A kind of back up the method and system of private key in electronic signature token
CN104463554A (en) * 2013-09-25 2015-03-25 天津书生投资有限公司 Electronic seal achieving method and device
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server
CN105447407A (en) * 2015-11-11 2016-03-30 中国建设银行股份有限公司 Off-line data encryption method and decryption method and corresponding apparatus and system
CN106789080B (en) * 2016-04-08 2020-05-15 数安时代科技股份有限公司 Digital signature generation method and device
CN107302434B (en) * 2016-04-15 2021-08-24 平安科技(深圳)有限公司 Method and system for checking electronic signature
CN106027482B (en) * 2016-04-18 2019-11-15 李明 A kind of identity card card reading response method and device
CN106022035A (en) * 2016-05-03 2016-10-12 识益生物科技(北京)有限公司 Method and system for electronic signature
CN105933116B (en) * 2016-06-27 2018-01-09 收付宝科技有限公司 The electronic signature generation of SM2 based on segmentation module feature and verification method and device
US10277400B1 (en) * 2016-10-20 2019-04-30 Wells Fargo Bank, N.A. Biometric electronic signature tokens
CN108234125B (en) * 2016-12-21 2020-12-18 金联汇通信息技术有限公司 System and method for identity authentication
CN108229188B (en) * 2017-12-29 2021-06-15 西安慧博习兆信息技术有限公司 Method for signing file and verifying file by using identification key
CN109586917B (en) * 2018-10-31 2021-07-27 如般量子科技有限公司 Anti-quantum-computation signature method and system based on asymmetric key pool
CN109614802B (en) * 2018-10-31 2020-11-27 如般量子科技有限公司 Anti-quantum-computation signature method and signature system
CN109889495B (en) * 2019-01-10 2021-08-10 如般量子科技有限公司 Quantum computation resistant electronic seal method and system based on multiple asymmetric key pools
CN110008679A (en) * 2019-02-21 2019-07-12 云南昆钢电子信息科技有限公司 A kind of electronic seal method and electronic seal system based on digital certificate
CN110309677A (en) * 2019-06-26 2019-10-08 珠海横琴新区润成科技股份有限公司 A kind of secure anti-counterfeiting method and system of electronics license
CN110881048B (en) * 2019-12-16 2021-11-09 苏宁云计算有限公司 Safety communication method and device based on identity authentication

Also Published As

Publication number Publication date
CN110881048B (en) 2021-11-09
WO2021120683A1 (en) 2021-06-24
CN110881048A (en) 2020-03-13

Similar Documents

Publication Publication Date Title
CA3164765A1 (en) Secure communication method and device based on identity authentication
TWI715537B (en) Encryption machine key injection system, method and device based on cloud environment
CN101189827B (en) Method for inclusive authentication and management of service provider, terminal and user identity module, and system and terminal device using the method
EP3318043A1 (en) Mutual authentication of confidential communication
US20100005318A1 (en) Process for securing data in a storage unit
US20100268942A1 (en) Systems and Methods for Using Cryptographic Keys
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
CN106953732B (en) Key management system and method for chip card
CN112351037B (en) Information processing method and device for secure communication
CN108809633B (en) Identity authentication method, device and system
CN110401615A (en) A kind of identity identifying method, device, equipment, system and readable storage medium storing program for executing
US10887110B2 (en) Method for digital signing with multiple devices operating multiparty computation with a split key
CN112528250A (en) System and method for realizing data privacy and digital identity through block chain
WO2012072001A1 (en) Safe method for card issuing, card issuing device and system
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN109150528A (en) A kind of ammeter data access method, device, equipment and readable storage medium storing program for executing
CN101582876A (en) Method, device and system for registering user generated content (UGC)
CN110086818B (en) Cloud file secure storage system and access control method
CN110716724B (en) Method and device for realizing privacy block chain based on FPGA
CN112600667B (en) Key negotiation method, device, equipment and storage medium
CN112448810A (en) Authentication method and device
EP3185504A1 (en) Security management system for securing a communication between a remote server and an electronic device
CN110417722B (en) Business data communication method, communication equipment and storage medium
JP5354656B2 (en) Cryptographic communication system, cryptographic communication method, transmitting apparatus and receiving apparatus
CN117714066B (en) Key processing method, device and readable storage medium

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916