Summary of the invention
The embodiment of the invention provides a kind of authentication method, system, client device and server, to increase the fail safe of communication.
Described technical scheme is as follows:
The embodiment of the invention provides a kind of authentication method, and described method comprises:
Second communication side receives first communication party's connection request, and self PKI is sent to described first communication party;
Receive the user profile that described first communication party sends, described user profile comprises first authentication information that described first communication party generates according to shared secret and described PKI with described second communication side;
Obtain the shared secret with described first communication party in this locality, according to generating second authentication information with described first communication party's shared secret and the PKI of self;
Judge whether described second authentication information is consistent with described first authentication information, if confirm that described first communication party is legal.
A kind of Verification System, described system comprises first communication party and the second communication side; Wherein,
Described first communication party, be used for initiating connection request to second communication side, receive the PKI of described second communication side, generate first authentication information, send the user profile of carrying described first authentication information to described second communication side according to shared secret and PKI with described second communication side;
Described second communication side is used to receive described first communication party's connection request, and self PKI is sent to described first communication party; And the user profile that receives described first communication party, obtain shared secret with described first communication party in this locality, generate second authentication information according to the shared secret that is obtained and self PKI, judge whether second authentication information is consistent with described first authentication information, if confirm that described first communication party is legal.
A kind of client device, described equipment comprises:
Connect initiation module, be used for sending connection request to server;
Receiver module is used to receive the PKI that described server returns;
The authentication information generation module is used for generating authentication information according to the PKI of receiving with the shared secret and the described receiver module of described server;
Sending module is used for sending user profile to described server, and described user profile comprises the authentication information that described authentication information generation module generates.
A kind of server, described server comprises:
Receive and sending module, be used to receive the connection request of client, self PKI is sent to described client; And receiving the user profile that described client sends, described user profile comprises first authentication information that described client generates according to shared secret and described PKI with described server;
The second authentication information generation module after being used for described reception and sending module and receiving the user profile of described client, obtains the shared secret with described client in this locality, generate second authentication information according to the shared secret that is obtained and self PKI;
Authentication module is used to judge whether second authentication information of described second authentication information generation module generation is consistent with first authentication information that sending module receives with described reception, if confirm that described client is legal.
First communication party in the embodiment of the invention and second communication square tube are crossed the PKI and the shared secret of the two that use second communication side and are generated authentication information, make second communication enough confirm according to authentication information whether the identity of client is legal, defend man-in-the-middle attack effectively, strengthened the fail safe of system.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Whether the embodiment of the invention is consistent with first communication party's of reception first authentication information by second authentication information of judging the generation of second communication side, confirms first communication party's legitimacy, thereby defends man-in-the-middle attack effectively.
Embodiment 1
Referring to Fig. 1, present embodiment provides a kind of authentication method, and as first communication party, as second communication side, carry out content auditing with content auditing equipment is that example describes to this method with service end with client, and this method comprises:
201: service end receives the connection request of client, and self PKI is sent to this client;
202: receive the user profile that this client sends, this user profile comprises first authentication information that this client generates according to shared secret and this PKI with service end;
203: obtain the shared secret with this client in this locality, generate second authentication information according to this shared secret and the PKI of self;
204: judge whether this second authentication information is consistent with this first authentication information, if confirm that this client is legal.
Wherein, the log-in password that shared secret uses in the time of can being client enrollment also can be the secret information in the physical entities such as the service end password card that is handed down to this client, smart card.
Wherein, the PKI in 201 can send to client by following manner:
Service end generates digital certificate according to the PKI of self, and this digital certificate is sent to this client.
Generation first authentication information in the said method adopts during with second authentication information identical algorithm to generate, and this algorithm can be consulted to determine in advance, also can use fixing a certain algorithm, for example hash algorithm.
This user profile can also comprise the user ID (for example user name) of this client, in order to this user profile correspondence of notification service end be which concrete client, make service end obtain corresponding shared secret in this locality according to this user ID.
After confirming that client is validated user, the key information that uses in the time of can transmitting with this user's negotiation data communicates according to consulting determined key information and client.
Above-mentioned authentication method can also be applied in the SSL/TLS security protocol, can defend man-in-the-middle attack effectively.Referring to Fig. 2, concrete steps are as follows:
301: client sends ClientHello message, and the notification service end requires to set up SSL and connects, SSL version of its support of notification service end simultaneously and encryption suite and the compression algorithm that it can use;
302: after service end is received ClientHello message, return ServerHello message, which kind of has respectively been selected its encryption suite supported from client of notice client and the compression algorithm to client;
303: service end sends the digital certificate of oneself to client, this certificate has three effects, one is exactly to allow client that the identity of service end is authenticated, it two is exactly to include the service end PKI in the certificate, allow client that the information of data encryption key after being used for producing is encrypted, it three is exactly to make client can use this PKI and do cryptographic Hash with the shared secret of service end, realizes the authentication to client;
304: service end sends ServerHelloDone message to client, the end of expression service end response message;
At this moment, service end has proved oneself identity to client, and both sides have decided through consultation data encryption external member and data compression algorithm, and client has also obtained the information of data encryption key after being used for producing is carried out encrypted secret key;
305: client receives the digital certificate that service end is returned, and the PKI in the digital certificate is set up the global variable storage, and client sends ClientKeyExchange message, the information of data encryption key after this message is carried and is used for producing to service end simultaneously;
306: client sends ChangeCipherSpec message to service end, and this message is carried the DEA and the hash message authentication code algorithm of affirmation, and the notification service end is just encrypted data with the key of new generation and the various algorithms that consult later on;
307: client sends Finished message to service end, the end that expression client one side shakes hands;
308: after service end was received Finished message, the ChangeCipherSpec message of response was confirmed the various algorithms of consulting;
309: service end sends Finished message, and the end that expression service end one side shakes hands is confirmed;
310: client is to the above-mentioned service end PKI of setting up global variable storage and carry out Hash operation with the shared secret of service end and generate first authentication information, and the user profile that will contain this first authentication information and self user ID sends to service end;
This service end receives the user profile that this client sends, utilize user ID in this user profile to obtain shared secret with client in this locality, PKI and this shared secret according to self carries out Hash operation and generates second authentication information again, judge whether first authentication information in this user profile of this second authentication information and reception is consistent, if, confirm that then client is legal, carry out transfer of data again;
When shared secret was log-in password when registering of the user of client, the password that uses when service end can be registered each user was kept in the database in advance, found corresponding log-in password, i.e. Dui Ying shared secret according to user's sign;
When shared secret is secret information in the physical entities such as the service end password card that is handed down to this client, smart card, service end will be when issuing physical entities such as password card, smart card, the corresponding relation of secret information on it and client is kept in the database, so that when needing, from database, obtain corresponding shared secret.
311: service end sends confirmation to authentication result;
312: after both sides finished and shake hands, client and service end sent application data, and promptly client and service end send application data mutually;
313: after data transmitted and finish, both sides sent CloseNotify message mutually, close connection, played the effect that prevents that terminal from attacking simultaneously.
Whether present embodiment is consistent with client first authentication information of reception by second authentication information of judging the service end generation, confirms the legitimacy of client, can defend man-in-the-middle attack effectively.Because even the go-between is inserted in the communication process of client and service end, because will containing the pseudo-digital certificate of self PKI, the go-between issued client, client is carried out Hash operation to the PKI in the pseudo-digital certificate with the shared secret of service end, first authentication information that generates is sent to service end, because the go-between does not know this shared secret, therefore can't forge this first authentication information, service end according to self PKI and local that obtain carry out Hash operation with shared secret client, generate second authentication information, if this second authentication information is inconsistent with first authentication information that receives, the digital certificate that then sends to this client was modified, also promptly this communication process has met with man-in-the-middle attack, and this server will interrupt subsequent data transmission.Such improvement is simple, and client and service end have only been done Hash operation one time more, under the very little situation of expense, has just reached and authenticates effect preferably, has defendd man-in-the-middle attack effectively.
Embodiment 2
Referring to Fig. 3, the embodiment of the invention also provides a kind of Verification System, and this system comprises first communication party 401 and second communication side 402; Wherein,
First communication party 401, be used for initiating connection request to second communication side 402, receive the PKI of this second communication side 402, generate first authentication information, send the user profile of carrying first authentication information to second communication side 402 according to shared secret and PKI with second communication side 402;
Second communication side 402 is used to receive first communication party, 401 connection requests, and self PKI is sent to first communication party 401; And the user profile that receives first communication party 401, obtain shared secret with first communication party 401 in this locality, generate second authentication information according to the shared secret that is obtained and self PKI, judge whether second authentication information is consistent with first authentication information, if confirm that first communication party is legal.
Further, first communication party 401 comprises:
The negotiating algorithm module is used for also determining hash algorithm through consultation with second communication side 402;
Connect initiation module, be used for sending connection request, receive the PKI of second communication side 402 to second communication side 402;
Information generating module is used to use hash algorithm that the negotiating algorithm module determines to carry out computing to the PKI of second communication side 402 with the shared secret of second communication side 402, generates first authentication information;
Sending module is used for the user profile of carrying first authentication information of information generating module generation to 402 transmissions of second communication side;
Second communication side 402 also is used to use definite hash algorithm that shared secret and self PKI are carried out computing, generates second authentication information.
Second communication side 402 also comprises:
The information reconciliation module is used for consulting and definite protocol version, encryption suite, compression algorithm and DEA with first communication party 401;
Communication module is used to use protocol version, encryption suite, compression algorithm and DEA and first communication party 401 after the information reconciliation module is determined to communicate.
Wherein, first communication party in the present embodiment can be client, and second communication can be thought service end.
Whether the system that present embodiment provides is consistent with first authentication information that first communication party 401 generates by second authentication information of judging 402 generations of second communication side, just can confirm whether the PKI that sends to first communication party 401 is modified, if it is consistent, then this PKI is not modified, first communication party 401 is legal, and then prevent man-in-the-middle attack, strengthened the fail safe of system.
Embodiment 3
Referring to Fig. 4, the embodiment of the invention also provides a kind of client device, and this equipment comprises:
Connect initiation module 501, be used for sending connection request to server;
Receiver module 502 is used for the PKI that reception server returns;
Authentication information generation module 503 is used for the PKI received according to receiver module 502 and generates authentication information with the shared secret of above-mentioned server;
Sending module 504 is used for sending user profile to server, and user profile comprises the authentication information that authentication information generation module 503 generates.
Further, this client device also comprises:
The negotiating algorithm module is used for and server negotiate and definite hash algorithm;
Correspondingly, authentication information generation module 503 PKI that specifically is used to use hash algorithm that the negotiating algorithm module determines pair and the shared secret and the receiver module of server to receive carries out computing, the generation authentication information.
In order to strengthen the fail safe of communication, this client device also comprises:
Communication information determination module is used for and server negotiate and definite protocol version, encryption suite, compression algorithm and DEA;
Communication module is used to use protocol version, encryption suite, compression algorithm and DEA and server after communication information determination module is determined to communicate.
The client device that present embodiment provides is by the PKI of reception server, and send to server according to this PKI with authentication information that the shared secret of server generates, make server generate new authentication information according to its PKI and local shared secret that obtain and this client device, whether contrast two authentication informations consistent, realization is to the authentication of this client, prevent internuncial attack, strengthened the fail safe of system.
Embodiment 4
Referring to Fig. 5, the embodiment of the invention also provides a kind of server, comprising:
Receive and sending module 601, be used to receive the connection request of client, self PKI is sent to client; And receiving the user profile that client sends, user profile comprises first authentication information that client generates according to shared secret and PKI with this server;
The second authentication information generation module 602, be used to receive receive the user profile of client with sending module 601 after, obtain the shared secret with this client in this locality, generate second authentication information according to the shared secret that obtains and self PKI;
Authentication module 603 is used to judge whether second authentication information of the second authentication information generation module, 602 generations is consistent with first authentication information that sending module receives with reception, if confirm that client is legal.
Further, this server also comprises:
The negotiating algorithm module is used for consulting with client and determining hash algorithm;
Correspondingly, the second authentication information generation module 602 specifically comprises:
Acquiring unit, be used to receive receive the user profile of client with sending module 601 after, obtain shared secret with this client in this locality;
The second authentication information generation unit, the hash algorithm that is used to use the negotiating algorithm module to determine carries out computing to shared secret and self PKI that acquiring unit obtains, and generates second authentication information.
In order to strengthen the fail safe of communication, this server also comprises:
Communication information determination module is used for consulting with client and determining protocol version, encryption suite, compression algorithm and DEA;
Communication module is used to use protocol version, encryption suite, compression algorithm and DEA and client after communication information determination module is determined to communicate.
After the server that this enforcement provides receives the user profile (comprising first authentication information) of client device, obtain shared secret with this client in this locality, generate second authentication information according to this shared secret and self PKI, judge whether second authentication information is consistent with first authentication information, if, confirm that client is legal, and then prevented internuncial attack, strengthened the fail safe of system.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.