CN103581167B

CN103581167B - Safety certifying method based on safe transmission layer protocol, equipment and system

Info

Publication number: CN103581167B
Application number: CN201310323932.5A
Authority: CN
Inventors: 栾世鹏; 朱贤
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2013-07-29
Filing date: 2013-07-29
Publication date: 2016-12-28
Anticipated expiration: 2033-07-29
Also published as: CN103581167A

Abstract

The embodiment of the invention discloses safety certifying method based on TLS and relevant device and communication system.A kind of method of safety certification based on tls protocol, including: user end to server sends client initialization handshake information, carrying N number of algorithm set mark in client initialization handshake information, the algorithm set corresponding to each algorithm set mark in M algorithm set mark among N number of algorithm set mark includes SM2 algorithm；Receiving the server initiation handshake information that server sends, carry the first algorithm set mark in server initiation handshake information, the first algorithm set is designated among M algorithm set mark；Safety certification is carried out with server based on the first algorithm set corresponding to the first algorithm set mark.The scheme of the embodiment of the present invention provides the mechanism that SM2 algorithm can be utilized to carry out data transmission, and is conducive to playing SM2 algorithm advantage in terms of safety, improves safety certification and the safety of data transmission and performance.

Description

Safety certifying method based on safe transmission layer protocol, equipment and system

Technical field

The present invention relates to communication technical field, be specifically related to safety certifying method based on safe transmission layer protocol, equipment And system.

Background technology

Currently, secure transport layers (TLS, Transport Layer Security) agreement is most widely used in being network transmission General security protocol.Tls protocol belongs to international standard, and tls protocol employs the most international related algorithm.

SM2 algorithm is the rivest, shamir, adelman that CNS password office issues, and is that Ministry of Industry and Information of country specifies For replacing RSA Algorithm.Wherein, SM2 algorithm uses elliptic curve principle, and its key is relatively much shorter and safety is relative the most more Height, performance is also the highest simultaneously.Wherein, SM2 algorithm includes: SM2 public key encryption algorithm, SM2 signature algorithm (SM2ECDSA) With SM2 Diffie-Hellman (SM2ECDH) etc..Can be with anticipation, SM2 algorithm is at China and Science in Future in China and international Security algorithm use significant, government and enterprises and institutions etc. may be spread to.But, SM2 algorithm is the most just It is in the popularization stage, not yet proposes effective application SM2 algorithm and carry out the mechanism of safety data transmission.

Summary of the invention

The embodiment of the present invention provides safety certifying method based on safe transmission layer protocol and relevant device and communication system, To providing the mechanism that SM2 algorithm can be utilized to carry out data transmission, and then play SM2 algorithm advantage in terms of safety, Improve safety certification and the safety of data transmission and performance.

First aspect present invention provides a kind of method of safety certification based on secure transport layers tls protocol, it may include: visitor Family end sends client initialization handshake information to server, wherein, carries N number of calculation in described client initialization handshake information Method set mark, the algorithm set corresponding to each algorithm set mark in M algorithm set mark among described N number of algorithm set mark Including SM2 algorithm, wherein, described N is positive integer more than or equal to described M, described N and M；

Described client receives the service for responding described client initialization handshake information that described server sends Device initialization handshake message, wherein, carries the first algorithm set mark in described server initiation handshake information, described first calculates Method set is designated among described M algorithm set mark；

Described client is pacified with described server based on the first algorithm set corresponding to described first algorithm set mark Full certification.

In conjunction with first aspect, in the embodiment that the first is possible, described first algorithm set for certification class algorithm set or Person's anonymous class algorithm set；

Wherein, described anonymous class algorithm set includes that SM2 unsymmetrical key interactive algorithm, symmetric encipherment algorithm and summary are calculated Method；Described certification class algorithm set includes: symmetric encipherment algorithm, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and pluck Want algorithm.

In conjunction with the first possible embodiment of first aspect, in the embodiment that the second is possible, if described One algorithm set for certification class algorithm set, the most described client based on the first algorithm set corresponding to described first algorithm set mark with Described server carries out safety certification, including:

Described client receives the first message that described server sends, and wherein, described first message carries server User certificate based on SM2 signature algorithm；

Described client receives the server key interaction message that described server sends, wherein, described server key Interaction message carry SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and First signing messages, wherein, described first signing messages is private key based on server user's certificate, bent to described SM2 ellipse Line parameter, described server identity information, described key exchange elliptic curve point and described server public key carry out computing of signing And obtain；

The first signing messages that described client is carried based on the described server key interaction message received, to reception To the SM2 elliptic curve parameter carried of described server key interaction message, server identity information, key exchange oval bent The correctness of line point and server public key is verified, if correctness is verified, then hands over based on described server key Message is carried mutually SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate The pre-master key of client；

Described client receives the First Certificate request message that described server sends；

Described client sends the second message for responding described First Certificate request message to described server, its In, described second message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Described client sends client key interaction message to described server, and wherein, described client key is mutual Message carries the random point on client public key, elliptic curve and client identity information, in order to described server is based on institute State the random point on client public key that client key interaction message carries, elliptic curve and client identity information calculates clothes The business pre-master key of device；

Described client to described server send client user's certification authentication message, in order to described server based on Described client user's certification authentication message, verifies the legitimacy of the user certificate that described second message carries.

In conjunction with the first possible embodiment of first aspect, in the embodiment that the third is possible, if described One algorithm set for certification class algorithm set, the most described client based on the first algorithm set corresponding to described first algorithm set mark with Described server carries out safety certification, including:

Described client sends client key interaction message to described server, and wherein, described client key is mutual Message carries the random point on client public key, elliptic curve and client identity information, in order to described server is based on institute State the random point on client public key that client key interaction message carries, elliptic curve and client identity information calculates clothes The business pre-master key of device.

In conjunction with the first possible embodiment of first aspect, in the 4th kind of possible embodiment, if first calculates Method set is anonymous class algorithm set, and the most described client is overlapped with described based on the first algorithm corresponding to described first algorithm set mark Server carries out safety certification, including:

Described client receives the server key interaction message that described server sends, wherein, described server key Interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key； Wherein, described client is carried based on described server key interaction message SM2 elliptic curve parameter, server identity are believed Breath, key exchange elliptic curve point and server public key calculate the pre-master key of client；

The third possible embodiment of the embodiment possible in conjunction with the second of first aspect or first aspect or 4th kind of possible embodiment of first aspect, in the 5th kind of possible embodiment, described client is to described service After device sends client key interaction message, also include:

Described client sends client key validation-cross message, wherein, described client key to described server Validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm, in order to visitor described in described server authentication Family end verification digest value；Receive described server server of transmission after described client verification digest value is verified close Key validation-cross message, wherein, described server key validation-cross message carries the server verification of SM2 cipher key interaction algorithm Digest value, described server verification digest value is verified by described client.

Second aspect present invention provides the method for the safety certification of a kind of tls protocol, it may include: server receives client The client initialization handshake information sent, wherein, carries N number of algorithm set mark in described client initialization handshake information, The algorithm set corresponding to each algorithm set mark in M algorithm set mark among described N number of algorithm set mark includes SM2 Algorithm；

Described server sends at the beginning of the server for responding described client initialization handshake information to described client Beginningization handshake information, wherein, carries described server from described M algorithm set mark in described server initiation handshake information The the first algorithm set mark selected, described first algorithm set is designated among described M algorithm set mark；

Described server is pacified with described client based on the first algorithm set corresponding to described first algorithm set mark Full certification.

In conjunction with second aspect, in the embodiment that the first is possible,

Described first algorithm set is certification class algorithm set or anonymous class algorithm set,

In conjunction with the first possible embodiment of second aspect, in the embodiment that the second is possible, if first calculates Method set is certification class algorithm set, and the most described server overlaps with described based on the first algorithm corresponding to described first algorithm set mark Client carries out safety certification, including:

Described server sends the first message to described client, wherein, described first message carry server based on The user certificate of SM2 signature algorithm；

Described server sends server key interaction message to described client, and wherein, described server key is mutual Message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and first Signing messages, wherein, described first signing messages is private key based on server user's certificate, joins described SM2 elliptic curve Server identity information several, described, described key exchange elliptic curve point and described server public key carry out signature computing and obtain Arrive, in order to the first signing messages that described client is carried based on the described server key interaction message received, right The exchange of SM2 elliptic curve parameter that the described server key interaction message received carries, server identity information, key is ellipse The correctness of circular curve point and server public key is verified, if correctness is verified, then close based on described server SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server public key that key interaction message carries Calculate the pre-master key of client；

Described server sends First Certificate request message to described client；

Described server receives the second message for responding described First Certificate request message that described client sends, Wherein, described second message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Described server receives the client key interaction message that described client sends, wherein, described client key Interaction message carries the random point on client public key, elliptic curve and client identity information, wherein, described server based on Random point and client identity information on client public key that described client key interaction message carries, elliptic curve calculate The pre-master key of server；

Described server receives client user's certification authentication message that described client sends, and uses based on described client Family certification authentication message, verifies the legitimacy of the user certificate that described second message carries.

In conjunction with the first possible embodiment of second aspect, in the embodiment that the third is possible, if first calculates Method set is certification class algorithm set, and the most described server overlaps with described based on the first algorithm corresponding to described first algorithm set mark Client carries out safety certification, including:

Described server receives the client key interaction message that described client sends, wherein, described client key Interaction message carries the random point on client public key, elliptic curve and client identity information, wherein, described server based on Random point and client identity information on client public key that described client key interaction message carries, elliptic curve calculate The pre-master key of server.

In conjunction with the first possible embodiment of second aspect, in the 4th kind of possible embodiment, if first calculates Method set is anonymous class algorithm set, and the most described server and described client are based on first corresponding to described first algorithm set mark Algorithm set carries out safety certification, including:

Described server sends server key interaction message to described client, and wherein, described server key is mutual Message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key, in order to The SM2 elliptic curve parameter carried based on described server key interaction message in described client, server identity information, close Key exchange elliptic curve point and server public key calculate the pre-master key of client；

The third possible embodiment of the embodiment possible in conjunction with the second of second aspect or second aspect or 4th kind of possible embodiment of second aspect, in the 5th kind of possible embodiment, described server receives described visitor After the client key interaction message that family end sends, also include:

Described server receives the client key validation-cross message that described client sends, wherein, described client Cipher key interaction checking message carries the client verification digest value of SM2 cipher key interaction algorithm；To described client verification summary After value is verified, sending server key validation-cross message to described client, wherein, described server key is tested alternately Card message carries the server verification digest value of SM2 cipher key interaction algorithm, in order to described server is verified by described client Digest value is verified.

Third aspect present invention provides a kind of client, it may include:

Transmitting element, for sending client initialization handshake information to server, wherein, described client initialization is held Hands message is carried N number of algorithm set mark, each algorithm set in M algorithm set mark among described N number of algorithm set mark Algorithm set corresponding to mark includes SM2 algorithm, and wherein, described N is positive integer more than or equal to described M, described N and M；

Receive unit, for receiving the clothes for responding described client initialization handshake information that described server sends Business device initialization handshake message, carries the first algorithm set mark, described first algorithm in described server initiation handshake information Set is designated among described M algorithm set mark；

Certification interactive unit, for based on the first algorithm set corresponding to described first algorithm set mark and described server Carry out safety certification.

In conjunction with the third aspect, in the embodiment that the first is possible, described first algorithm set for certification class algorithm set or Person's anonymous class algorithm set；

In conjunction with the first possible embodiment of the third aspect, in the embodiment that the second is possible,

If the first algorithm set is for certification class algorithm set, then certification interactive unit specifically for, receive described server and send The first message, wherein, described first message carries server user certificate based on SM2 signature algorithm；

Receiving the server key interaction message that described server sends, wherein, described server key interaction message is taken With SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first A.L.S. Breath, wherein, described first signing messages is private key based on server user's certificate, to described SM2 elliptic curve parameter, described Server identity information, described key exchange elliptic curve point and described server public key carry out signature computing and obtain；Base In the first signing messages that the described server key interaction message received carries, the described server key received is handed over Message is carried mutually SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key are just Really property is verified, if correctness is verified, then the SM2 ellipse carried based on described server key interaction message is bent Line parameter, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；

Receive the First Certificate request message that described server sends；

The second message for responding described First Certificate request message, wherein, described second is sent to described server Message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Sending client key interaction message to described server, wherein, described client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, in order to described server is close based on described client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key；

Client user's certification authentication message is sent, in order to described server is based on described client to described server User certificate checking message, verifies the legitimacy of the user certificate that described second message carries.

In conjunction with the first possible embodiment of the third aspect, in the embodiment that the third is possible,

If the first algorithm set is for certification class algorithm set, then certification interactive unit specifically for,

Receiving the first message that described server sends, wherein, described first message carries server and signs based on SM2 The user certificate of algorithm；

In conjunction with the first possible embodiment of the third aspect, in the 4th kind of possible embodiment,

If the first algorithm set is for anonymous class algorithm set, then certification interactive unit specifically for,

Receiving the server key interaction message that described server sends, wherein, described server key interaction message is taken With SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key；Based on described clothes SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the service that business device cipher key interaction message is carried Device PKI calculates the pre-master key of client；

Sending client key interaction message to described server, wherein, described client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, in order to described server is close based on described client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key.

The third possible embodiment of the embodiment possible in conjunction with the second of the third aspect or the third aspect or 4th kind of possible embodiment of the third aspect, in the 5th kind of possible embodiment, described certification interactive unit is also used In, after described server sends client key interaction message, send client key validation-cross to described server Message, wherein, described client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm, with It is easy to client verification digest value described in described server authentication；Receive described server and described client is being verified digest value The server key validation-cross message sent after being verified, wherein, described server key validation-cross message carries SM2 The server verification digest value of cipher key interaction algorithm, verifies described server verification digest value.

Fourth aspect present invention provides a kind of server, it may include:

Receiving unit, for receiving the client initialization handshake information that client sends, wherein, described client is initial Change and handshake information is carried N number of algorithm set mark, each calculation in M algorithm set mark among described N number of algorithm set mark Algorithm set corresponding to method set mark includes SM2 algorithm；

Transmitting element, the server sent for responding described client initialization handshake information to described client is initial Change handshake information, wherein, described server initiation handshake information is carried described server from described M algorithm set mark choosing The the first algorithm set mark gone out, described first algorithm set is designated among described M algorithm set mark；

Certification interactive unit, for based on the first algorithm set corresponding to described first algorithm set mark and described client Carry out safety certification.

In conjunction with fourth aspect, in the embodiment that the first is possible,

In conjunction with the first possible embodiment of fourth aspect, in the embodiment that the second is possible,

Sending the first message to described client, wherein, described first message carries server based on SM2 signature algorithm User certificate；

Sending server key interaction message to described client, wherein, described server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, described first signing messages is private key based on server user's certificate, to described SM2 elliptic curve parameter, described service Device identity information, described key exchange elliptic curve point and described server public key carry out signature computing and obtain, in order to The first signing messages that described client is carried based on the described server key interaction message received, described in receiving SM2 elliptic curve parameter that server key interaction message carries, server identity information, key exchange elliptic curve point kimonos The correctness of business device PKI is verified, if correctness is verified, then takes based on described server key interaction message It is pre-that the SM2 elliptic curve parameter of band, server identity information, key exchange elliptic curve point and server public key calculate client Master key；

First Certificate request message is sent to described client；

Receive the second message for responding described First Certificate request message that described client sends, wherein, described Second message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Receiving the client key interaction message that described client sends, wherein, described client key interaction message is taken With the random point on client public key, elliptic curve and client identity information, take based on described client key interaction message Random point on the client public key of band, elliptic curve and the pre-master key of client identity information calculation server；

Receive client user's certification authentication message that described client sends, based on described client user's certification authentication Message, verifies the legitimacy of the user certificate that described second message carries.

In conjunction with the first possible embodiment of fourth aspect, in the embodiment that the third is possible, if first calculates Method set for certification class algorithm set, then certification interactive unit specifically for,

Sending the first message to described client, wherein, described first message carries server and carries server base User certificate in SM2 signature algorithm；

Receiving the client key interaction message that described client sends, wherein, described client key interaction message is taken With the random point on client public key, elliptic curve and client identity information, wherein, described server is based on described client Random point on client public key that cipher key interaction message is carried, elliptic curve and client identity information calculation server pre-master Key.

In conjunction with the first possible embodiment of fourth aspect, in the 4th kind of possible embodiment, if first calculates Method set for anonymous class algorithm set, then certification interactive unit specifically for,

Sending server key interaction message to described client, wherein, described server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key, in order to described client SM2 elliptic curve parameter that end group carries in described server key interaction message, server identity information, key exchange ellipse Curve point and server public key calculate the pre-master key of client；

The third possible embodiment of the embodiment possible in conjunction with the second of fourth aspect or fourth aspect or 4th kind of possible embodiment of fourth aspect, in the 5th kind of possible embodiment, described certification interactive unit is also used In, after receiving the client key interaction message that described client sends, receive the client key that described client sends Validation-cross message, wherein, described client key validation-cross message is carried the client verification of SM2 cipher key interaction algorithm and is plucked It is worth；After described client verification digest value is verified, sends server key validation-cross to described client and disappear Breath, wherein, described server key validation-cross message carries the server verification digest value of SM2 cipher key interaction algorithm, in order to In described client, described server verification digest value is verified.

Fifth aspect present invention provides a kind of communication system, including:

Client and server,

Wherein, described client, for sending at the beginning of client initialization handshake information, described client to described server Beginningization handshake information is carried N number of algorithm set mark, M algorithm set among described N number of algorithm set mark identify in each Algorithm set corresponding to algorithm set mark includes SM2 algorithm, and wherein, described N is just more than or equal to described M, described N and M Integer；

Described server, for sending the service for responding described client initialization handshake information to described client Device initialization handshake message, wherein, carries the first algorithm set mark in described server initiation handshake information, described first calculates Method set is designated among described M algorithm set mark；Based on the first algorithm corresponding to described first algorithm set mark Set and described client carry out safety certification.

In conjunction with the 5th aspect, in the embodiment that the first is possible,

If the first algorithm set is for certification class algorithm set, the most described server specifically for, send to described client and be used for Responding the server initiation handshake information of described client initialization handshake information, wherein, described server initiation is shaken hands Carrying the first algorithm set mark in message, described first algorithm set is designated among described M algorithm set mark,

First Certificate request message is sent to described client；

In conjunction with the 5th aspect, in the embodiment that the second is possible, if the first algorithm set is certification class algorithm set, then institute State server specifically for, send for responding the server of described client initialization handshake information initial to described client Change handshake information, wherein, described server initiation handshake information is carried the first algorithm set mark, described first algorithm set mark Know among for described M algorithm set mark；

In conjunction with the 5th aspect, in the embodiment that the third is possible, if the first algorithm set is anonymous class algorithm set, then institute State server specifically for, send for responding the server of described client initialization handshake information initial to described client Change handshake information, wherein, described server initiation handshake information is carried the first algorithm set mark, described first algorithm set mark Know among for described M algorithm set mark；Server key interaction message is sent to described client, wherein, described Server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point kimonos Business device PKI, in order to SM2 elliptic curve parameter that described client is carried based on described server key interaction message, service Device identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；Receive described client to send out The client key interaction message sent, wherein, described client key interaction message carries on client public key, elliptic curve Random point and client identity information, wherein, the client that described server carries based on described client key interaction message Random point on PKI, elliptic curve and the pre-master key of client identity information calculation server.

It can be seen that in the security authentication mechanism based on tls protocol of embodiment of the present invention proposition, user end to server Send client initialization handshake information, wherein, above-mentioned client initialization handshake information is carried N number of algorithm set mark, on The algorithm set corresponding to each algorithm set mark stated in M algorithm set mark among N number of algorithm set mark includes that SM2 calculates Method, above-mentioned N is positive integer more than or equal to above-mentioned M, above-mentioned N and M；Above-mentioned client receives the server that above-mentioned server sends Initialization handshake message, carries the first algorithm set mark, wherein, the first algorithm set mark in above-mentioned server initiation handshake information Know among for above-mentioned M algorithm set mark；Above-mentioned client and above-mentioned server are right based on the first algorithm set mark The the first algorithm set answered carries out safety certification.Wherein, by by the introducing of SM2 algorithm and safety certification machine based on tls protocol System organically combines so that SM2 algorithm becomes possible and feasible for safety certification, and then makes to utilize SM2 algorithm to enter Row data transmission become may and feasible, and due to SM2 algorithm is dissolved into security authentication mechanism based on tls protocol it In, therefore can implement without equipment is changed on a large scale, the cost that scheme is implemented is relatively low.Generally speaking, the present invention implements Example provides the reasonable mechanism that SM2 algorithm can be utilized to carry out data transmission, and is conducive to accelerating the application step of SM2 algorithm Cut down, and then play SM2 algorithm advantage in terms of safety, and then be conducive to lifting to carry out safety certification and data based on TLS The safety of transmission and performance.

Accompanying drawing explanation

In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to Other accompanying drawing is obtained according to these accompanying drawings.

Fig. 1 is the schematic flow sheet of a kind of based on tls protocol the safety certifying method that the embodiment of the present invention provides；

Fig. 2 is the schematic flow sheet of the another kind safety certifying method based on tls protocol that the embodiment of the present invention provides；

Fig. 3 is the schematic flow sheet of the another kind safety certifying method based on tls protocol that the embodiment of the present invention provides；

Fig. 4 is the schematic flow sheet of the another kind safety certifying method based on tls protocol that the embodiment of the present invention provides；

Fig. 5 is the schematic flow sheet of the another kind safety certifying method based on tls protocol that the embodiment of the present invention provides；

Fig. 6 is the schematic diagram of a kind of client that the embodiment of the present invention provides；

Fig. 7 is the schematic diagram of the another kind of client that the embodiment of the present invention provides；

Fig. 8 is the schematic diagram of the another kind of client that the embodiment of the present invention provides；

Fig. 9 is the schematic diagram of a kind of server that the embodiment of the present invention provides；

Figure 10 is the schematic diagram of the another kind of server that the embodiment of the present invention provides；

Figure 11 is the schematic diagram of the another kind of server that the embodiment of the present invention provides；

Figure 12 is the schematic diagram of a kind of communication system that the embodiment of the present invention provides；

Figure 13 is the schematic diagram of a kind of mobile terminal that the embodiment of the present invention provides.

Detailed description of the invention

The embodiment of the present invention provides safety certifying method based on safe transmission layer protocol and relevant device and communication system, To providing the mechanism that SM2 algorithm can be utilized to carry out data transmission, to accelerate the application paces of SM2 algorithm.

In order to make those skilled in the art be more fully understood that the present invention program, below in conjunction with in the embodiment of the present invention Accompanying drawing, is clearly and completely described the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only The embodiment of a present invention part rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under not making creative work premise, all should belong to the model of present invention protection Enclose.

It is described in detail individually below.

Term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second ", " the 3rd " " Four " etc. (if present) is for distinguishing similar object, without being used for describing specific order or precedence.Should manage Solve the data so used can exchange in the appropriate case, in order to embodiments of the invention described herein such as can be to remove Order beyond those that here illustrate or describe is implemented.Additionally, term " includes " and " having " and theirs is any Deformation, it is intended that cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product Product or equipment are not necessarily limited to those steps or the unit clearly listed, but can include the most clearly listing or for this Other step that a little processes, method, product or equipment are intrinsic or unit.

One embodiment of the method for present invention safety certification based on tls protocol, a kind of safety based on tls protocol is recognized The method of card comprises the steps that user end to server sends client initialization handshake information, and wherein, above-mentioned client initialization is held Hands message is carried N number of algorithm set mark, each algorithm set in M algorithm set mark among above-mentioned N number of algorithm set mark Algorithm set corresponding to mark includes SM2 algorithm, and above-mentioned N is positive integer more than or equal to above-mentioned M, above-mentioned N and M；Above-mentioned Client receives the server initiation being used for responding above-mentioned client initialization handshake information of above-mentioned server transmission and shakes hands Message, carries the first algorithm set mark in above-mentioned server initiation handshake information, the first algorithm set is designated above-mentioned M algorithm Among set mark one；Above-mentioned client is entered with above-mentioned server based on the first algorithm set corresponding to the first algorithm set mark Row safety certification.

It is that one embodiment of the present of invention provides a kind of safety certification based on tls protocol referring firstly to Fig. 1, Fig. 1 The schematic flow sheet of method, one embodiment of the present of invention provides a kind of method of safety certification based on tls protocol to include Herein below:

101, user end to server sends client initialization handshake information；

Wherein, above-mentioned client initialization handshake information is carried N number of algorithm set mark, above-mentioned N number of algorithm set mark In M algorithm set mark in the algorithm set corresponding to each algorithm set mark include SM2 algorithm, above-mentioned N more than or etc. It is positive integer in above-mentioned M, above-mentioned N and M.

Wherein, different algorithm sets can have different algorithm set marks.Each algorithm set can include several for recognizing Card and data transmission algorithm, such as, each algorithm set can include symmetric encipherment algorithm, cipher key interaction algorithm, signature algorithm and Digest algorithms etc., some algorithm set (such as anonymous class algorithm set) is likely to not include signature algorithm.

102, client receives the service for responding above-mentioned client initialization handshake information that above-mentioned server sends Device initialization handshake message, wherein, carries the first algorithm set mark, the first algorithm set in above-mentioned server initiation handshake information It is designated among above-mentioned M algorithm set mark.

In some embodiments of the invention, server can according to self-ability, transmission environment, security requirement etc. because of Element, selects algorithm set mark (certainly a, service from N number of algorithm set mark that client initialization handshake information is carried First device can support the various algorithms in its algorithm selected set, and is loaded with relevant parameter), in order to follow-up use is selected Algorithm set mark corresponding to algorithm set continue and client carry out safety certification.Wherein, client initialization handshake information Possible identical or different with the form of the algorithm set mark carried in server initialization handshake message.

103, client carries out recognizing safely with above-mentioned server based on the first algorithm set corresponding to the first algorithm set mark Card.

In some embodiments of the invention, the first algorithm set can be such as certification class algorithm set or anonymous class algorithm Set；Wherein, if the first algorithm set is anonymous class algorithm set, the first algorithm set includes SM2 unsymmetrical key interactive algorithm, symmetry AES and digest algorithm；Wherein, if the first algorithm set is certification class algorithm set, the first algorithm set includes: symmetric cryptography Algorithm, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and digest algorithm.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then client is calculated based on first The first algorithm set corresponding to method set mark carries out safety certification with server, may include that above-mentioned client receives above-mentioned clothes The first message that business device sends, wherein, the first message carries server user certificate based on SM2 signature algorithm；Above-mentioned visitor Family end receives the server key interaction message that above-mentioned server sends, and wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, wherein, and above-mentioned visitor The first signing messages that family end group carries in the above-mentioned server key interaction message received, to the above-mentioned server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server that cipher key interaction message is carried are public The correctness of key is verified, if correctness is verified, then and the SM2 carried based on above-mentioned server key interaction message Elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client； Above-mentioned client receives the First Certificate request message that above-mentioned server sends；Above-mentioned client receives what above-mentioned server sent Server response terminates statement message；Above-mentioned client to above-mentioned server send for respond First Certificate request message the Two message, wherein, the second message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；Above-mentioned Client sends client key interaction message, wherein, this client key interaction message portability client to above-mentioned server Random point on end PKI, elliptic curve and client identity information, in order to above-mentioned server is based on above-mentioned client key Random point and client identity information calculation server pre-master on client public key that interaction message carries, elliptic curve are close Key；Client sends client user's certification authentication message to above-mentioned server, in order to above-mentioned client is based on above-mentioned client End subscriber certification authentication message, verifies the legitimacy of the user certificate that the second message carries；Client also can receive server and send out The first key sent changes statement message；Above-mentioned client sends the second key to above-mentioned server and changes statement message.Enter one Step, the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code institute of whole process message Comprising content can be the most identical with the definition of TLS standard with form.Wherein, the example above scene is client and server Section carries out the flow process of safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then client is calculated based on first The first algorithm set corresponding to method set mark carries out safety certification with server, may include that above-mentioned client receives above-mentioned clothes The first message that business device sends, wherein, the first message carries server user certificate based on SM2 signature algorithm；Above-mentioned visitor Family end receives the server key interaction message that above-mentioned server sends, and wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, wherein, and above-mentioned visitor The first signing messages that family end group carries in the above-mentioned server key interaction message received, to the above-mentioned server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server that cipher key interaction message is carried are public The correctness of key is verified, if correctness is verified, then and the SM2 carried based on above-mentioned server key interaction message Elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client； Above-mentioned client receives the First Certificate request message that above-mentioned server sends；Above-mentioned client sends to above-mentioned server and is used for Second message of response First Certificate request message, wherein, the second message carries client based on SM2 signature algorithm or non- The user certificate of SM2 signature algorithm；Above-mentioned client sends client key interaction message, wherein, this visitor to above-mentioned server Random point on family end cipher key interaction message portability client public key, elliptic curve and client identity information, in order on State the random point on client public key that server carries, elliptic curve and client based on above-mentioned client key interaction message The pre-master key of identity information calculation server；Client sends client user's certification authentication message to above-mentioned server, in order to In above-mentioned client based on above-mentioned client user's certification authentication message, verify the legal of the user certificate that the second message carries Property.Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, whole process message The comprised content of authentication code can be the most identical with the definition of TLS standard with form.Wherein, the example above scene is client With the flow process that server section carries out safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is for certification class algorithm set, client and server based on The first algorithm set corresponding to first algorithm set mark carries out safety certification, specifically comprises the steps that above-mentioned client receives above-mentioned clothes The first message that business device sends, wherein, the first message carries server user certificate based on SM2 signature algorithm；Above-mentioned visitor Family end receives the server key interaction message that above-mentioned server sends, and wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, wherein, and above-mentioned visitor The first signing messages that family end group carries in the above-mentioned server key interaction message received, to the above-mentioned server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server that cipher key interaction message is carried are public The correctness of key is verified, if correctness is verified, then and the SM2 carried based on above-mentioned server key interaction message Elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client； Above-mentioned client receives the server response end statement message that above-mentioned server sends；Above-mentioned client is sent out to above-mentioned server Send client cipher key interaction message, wherein, on this client key interaction message portability client public key, elliptic curve with Machine point and client identity information, in order to the client that above-mentioned server carries based on above-mentioned client key interaction message is public Random point on key, elliptic curve and the pre-master key of client identity information calculation server；Client is sent out to above-mentioned server Send client user certification authentication message, in order to above-mentioned client is based on above-mentioned client user's certification authentication message, checking The legitimacy of the user certificate that the second message is carried；Client also can receive the first key replacing statement of server transmission and disappear Breath；Above-mentioned client sends the second key to above-mentioned server and changes statement message.Further, server and client side also may be used The authentication code of the whole process message sent mutually, wherein, the comprised content of authentication code of whole process message and form can be marked with TLS Certainly justice is the most identical.Wherein, the example above scene is that client and server section is carried out based on bidirectional authentication mechanism The flow process of safety certification.

In some embodiments of the invention, if the first algorithm set is for certification class algorithm set, client and server based on The first algorithm set corresponding to first algorithm set mark carries out safety certification, specifically comprises the steps that above-mentioned client receives above-mentioned clothes The first message that business device sends, wherein, the first message carries server user certificate based on SM2 signature algorithm；Above-mentioned visitor Family end receives the server key interaction message that above-mentioned server sends, and wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, wherein, and above-mentioned visitor The first signing messages that family end group carries in the above-mentioned server key interaction message received, to the above-mentioned server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server that cipher key interaction message is carried are public The correctness of key is verified, if correctness is verified, then and the SM2 carried based on above-mentioned server key interaction message Elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client； Above-mentioned client sends client key interaction message, wherein, this client key interaction message portability to above-mentioned server Random point on client public key, elliptic curve and client identity information, in order to above-mentioned server is based on above-mentioned client Random point on client public key that cipher key interaction message is carried, elliptic curve and client identity information calculation server pre-master Key；Client sends client user's certification authentication message to above-mentioned server, in order to above-mentioned client is based on above-mentioned visitor Family end subscriber certification authentication message, verifies the legitimacy of the user certificate that the second message carries.Further, server and client The authentication code of the whole process message that end also can send mutually, wherein, the comprised content of authentication code of whole process message and form can The most identical with the definition of TLS standard.Wherein, the example above scene is that client and server section is based on two-way authentication machine System carries out the flow process of safety certification.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then client and server base Carry out safety certification in the first algorithm set corresponding to the first algorithm set mark, may include that above-mentioned client receives above-mentioned clothes The first message that business device sends, wherein, the first message carries server user certificate based on SM2 signature algorithm；Above-mentioned visitor Family end receives the server key interaction message that above-mentioned server sends, and wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, wherein, above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Above-mentioned client receives the server response knot that above-mentioned server sends Shu Shengming message；Above-mentioned client sends client key interaction message to above-mentioned server, and wherein, this client key is mutual Random point on message portability client public key, elliptic curve and client identity information, in order to above-mentioned server based on Random point and client identity information on client public key that above-mentioned client key interaction message carries, elliptic curve calculate The pre-master key of server；Client also can receive the first key replacing statement message that server sends；Above-mentioned client is upwards State server and send the second key replacing statement message.Further, the whole process that server and client side also can send mutually The authentication code of message, wherein, the comprised content of authentication code of whole process message and form can define wholly or substantially with TLS standard Identical.Wherein, the example above scene is that client and server section carries out the flow process of safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then client and server base Carry out safety certification in the first algorithm set corresponding to the first algorithm set mark, may include that above-mentioned client receives above-mentioned clothes The first message that business device sends, wherein, the first message carries server user certificate based on SM2 signature algorithm；Above-mentioned visitor Family end receives the server key interaction message that above-mentioned server sends, and wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, wherein, above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Above-mentioned client sends client key to above-mentioned server and disappears alternately Breath, wherein, the random point on this client key interaction message portability client public key, elliptic curve and client identity letter Breath, in order on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve with Machine point and the pre-master key of client identity information calculation server.Further, server and client side also can send mutually The authentication code of whole process message, wherein, the comprised content of authentication code of whole process message and form can with the definition of TLS standard completely Or it is essentially identical.Wherein, the example above scene is that client and server section carries out safety certification based on bidirectional authentication mechanism Flow process.

In some embodiments of the invention, the first key sent at above-mentioned client reception server is changed statement and is disappeared Before breath, or, in above-mentioned client before above-mentioned server sends the second key replacing statement message, or, above-mentioned Client, after above-mentioned server sends client key interaction message, may also include that above-mentioned client is to above-mentioned server Sending client key validation-cross message, wherein, above-mentioned client key validation-cross message carries SM2 cipher key interaction algorithm Client verification digest value, in order to above-mentioned server authentication above-mentioned client verification digest value；Receive above-mentioned service The server key validation-cross message that device sends after being verified above-mentioned client verification digest value, wherein, above-mentioned clothes Business device cipher key interaction checking message carries the server verification digest value of SM2 cipher key interaction algorithm, and above-mentioned client can be further Above-mentioned server verification digest value is verified.

In other embodiments of the present invention, receive, in above-mentioned client, the first key replacing statement that server sends Before message, or, in above-mentioned client before above-mentioned server sends the second key replacing statement message, or, upper State client after above-mentioned server sends client key interaction message, it is also possible to including: above-mentioned client receives above-mentioned The server key validation-cross message that server sends, above-mentioned server key validation-cross message carries SM2 cipher key interaction The server verification digest value of algorithm；Above-mentioned server verification digest value is verified by above-mentioned client, and above-mentioned client exists After above-mentioned server verification digest value is verified, to above-mentioned server transmission client key validation-cross message, wherein, Above-mentioned client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm, in order to above-mentioned clothes Above-mentioned client verification digest value verified by business device, and above-mentioned client verification digest value can be tested by above-mentioned server further Card.

It can be seen that in the security authentication mechanism based on tls protocol of the present embodiment proposition, user end to server sends Client initialization handshake information, wherein, carries N number of algorithm set mark in above-mentioned client initialization handshake information, above-mentioned N number of The algorithm set corresponding to each algorithm set mark in M algorithm set mark among algorithm set mark includes SM2 algorithm, on Stating N more than or equal to above-mentioned M, above-mentioned N and M is positive integer；The server that above-mentioned client receives the transmission of above-mentioned server is initial Changing handshake information, carry the first algorithm set mark in above-mentioned server initiation handshake information, the first algorithm set is designated above-mentioned M Among individual algorithm set mark one；Above-mentioned client and above-mentioned server are based on the first calculation corresponding to the first algorithm set mark Method set carries out safety certification.Wherein, by the introducing of SM2 algorithm and security authentication mechanism based on tls protocol are carried out organic Combination so that SM2 algorithm for safety certification become may and feasible, and then make to utilize SM2 algorithm to carry out data transmission Become possible and feasible, and owing to SM2 algorithm is dissolved among security authentication mechanism based on tls protocol, therefore without right Equipment is changed on a large scale and can be implemented, and the cost that scheme is implemented is relatively low.Generally speaking, embodiments providing can Utilize the reasonable mechanism that SM2 algorithm carries out data transmission, be conducive to accelerating the application paces of SM2 algorithm, and then play SM2 Algorithm advantage in terms of safety, is conducive to improving the safety of TLS and performance.

Another embodiment of the method for present invention safety certification based on tls protocol, another kind of safety based on tls protocol The method of certification includes: server receives the client initialization handshake information that client sends, and above-mentioned client initialization is held Hands message is carried N number of algorithm set mark, each algorithm set in M algorithm set mark among above-mentioned N number of algorithm set mark Algorithm set corresponding to mark includes SM2 algorithm；Above-mentioned server sends to above-mentioned client and is used for responding above-mentioned client The server initiation handshake information of initialization handshake message, wherein, carries above-mentioned in above-mentioned server initiation handshake information The first algorithm set mark that server is selected from above-mentioned M algorithm set mark, the first algorithm set is designated above-mentioned M algorithm set mark Among knowledge one；Above-mentioned server is pacified based on the first algorithm set corresponding to the first algorithm set mark with above-mentioned client Full certification.

It is the another kind safety based on tls protocol that an alternative embodiment of the invention provides referring firstly to Fig. 2, Fig. 2 The schematic flow sheet of the method for certification, the another kind safety certification based on tls protocol that an alternative embodiment of the invention provides Method can include herein below:

201, server receives the client initialization handshake information that client sends；Wherein, above-mentioned client initialization Handshake information is carried N number of algorithm set mark, each algorithm in M algorithm set mark among above-mentioned N number of algorithm set mark Algorithm set corresponding to set mark includes SM2 algorithm.

202, server is at the beginning of the server that above-mentioned client sends for responding above-mentioned client initialization handshake information Beginningization handshake information, wherein, carries above-mentioned server from above-mentioned M algorithm set mark in above-mentioned server initiation handshake information The the first algorithm set mark selected, the first algorithm set is designated among above-mentioned M algorithm set mark.

203, server carries out recognizing safely with above-mentioned client based on the first algorithm set corresponding to the first algorithm set mark Card.

In some embodiments of the invention, the first algorithm set can be such as certification class algorithm set or anonymous class algorithm Set；Wherein, if the first algorithm set is anonymous class algorithm set, the first algorithm set includes SM2 unsymmetrical key interactive algorithm, symmetry AES and digest algorithm；Wherein, if the first algorithm set is certification class algorithm set, the first algorithm set includes that symmetric cryptography is calculated Method, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and digest algorithm.

In some embodiments of the invention, if the first algorithm set is for certification class algorithm set, the most above-mentioned server is based on the One algorithm set mark corresponding to first algorithm set with above-mentioned client carry out safety certification, may include that above-mentioned server to Above-mentioned client sends the first message, and wherein, the first message carries server user certificate based on SM2 signature algorithm；On Stating server and send server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Above-mentioned server sends First Certificate request message to above-mentioned client；Above-mentioned server sends service to above-mentioned client Device response terminates statement message；Above-mentioned server receive that above-mentioned client sends for responding the of First Certificate request message Two message, wherein, the second message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；Above-mentioned Server receives the client key interaction message that above-mentioned client sends, and wherein, above-mentioned client key interaction message carries Random point on client public key, elliptic curve and client identity information, wherein, above-mentioned server is close based on above-mentioned client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key；Above-mentioned server receives client user's certification authentication message that above-mentioned client sends, and demonstrate,proves based on above-mentioned client user Book checking message, verifies the legitimacy of the user certificate that the second message carries；Above-mentioned server sends first to above-mentioned client Key changes statement message；Above-mentioned server receives the second key replacing statement message that above-mentioned client sends.Further, The authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code of whole process message is comprised Content can be the most identical with the definition of TLS standard with form.Wherein, the example above scene is client and server Duan Ji The flow process of safety certification is carried out in bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is for certification class algorithm set, the most above-mentioned server is based on the One algorithm set mark corresponding to first algorithm set with above-mentioned client carry out safety certification, may include that above-mentioned server to Above-mentioned client sends the first message, and wherein, the first message carries server user certificate based on SM2 signature algorithm；On Stating server and send server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Above-mentioned server sends First Certificate request message to above-mentioned client；Above-mentioned server receives what above-mentioned client sent For responding the second message of First Certificate request message, wherein, the second message carry client based on SM2 signature algorithm or The user certificate of non-SM2 signature algorithm；Above-mentioned server receives the client key interaction message that above-mentioned client sends, its In, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity information, its In, random point on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve and The pre-master key of client identity information calculation server；Above-mentioned server receives client user's certificate that above-mentioned client sends Checking message, based on above-mentioned client user's certification authentication message, verifies the legitimacy of the user certificate that the second message carries.Enter One step, the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code of whole process message Comprised content can be the most identical with the definition of TLS standard with form.Wherein, the example above scene is client and service Device section carries out the flow process of safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, the most above-mentioned server is with above-mentioned Client based on first algorithm set mark corresponding to the first algorithm set carry out safety certification, may include that above-mentioned server to Above-mentioned client sends the first message, and wherein, the first message carries server user certificate based on SM2 signature algorithm；On Stating server and send server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Above-mentioned server sends server response to above-mentioned client and terminates statement message；Above-mentioned server receives above-mentioned client The client key interaction message sent, wherein, above-mentioned client key interaction message carries on client public key, elliptic curve Random point and client identity information, wherein, the client that above-mentioned server carries based on above-mentioned client key interaction message Random point on end PKI, elliptic curve and the pre-master key of client identity information calculation server；Above-mentioned server is to above-mentioned Client sends the first key and changes statement message；Above-mentioned server receives the second key replacing statement that above-mentioned client sends Message.Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, whole process message The comprised content of authentication code and form can be the most identical with the definition of TLS standard.Wherein, the example above scene is client End and server section carry out the flow process of safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, the most above-mentioned server is with above-mentioned Client based on first algorithm set mark corresponding to the first algorithm set carry out safety certification, may include that above-mentioned server to Above-mentioned client sends the first message, and wherein, the first message carries server user certificate based on SM2 signature algorithm；On Stating server and send server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Above-mentioned server receives the client key interaction message that above-mentioned client sends, and wherein, above-mentioned client key disappears alternately Breath carries the random point on client public key, elliptic curve and client identity information, and wherein, above-mentioned server is based on above-mentioned visitor Random point on client public key that family end cipher key interaction message is carried, elliptic curve and client identity information calculation server Pre-master key.Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, whole process The comprised content of authentication code of message can be the most identical with the definition of TLS standard with form.Wherein, the example above scene is Client and server section carries out the flow process of safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, the most above-mentioned server is with above-mentioned Client based on first algorithm set mark corresponding to the first algorithm set carry out safety certification, may include that above-mentioned server to Above-mentioned client sends the first message, and wherein, the first message carries server user certificate based on SM2 signature algorithm；On Stating server and send server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, in order to above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Above-mentioned server sends server response end sound to above-mentioned client Bright message；Above-mentioned server receives the client key interaction message that above-mentioned client sends, and wherein, above-mentioned client key is handed over Message carries the random point on client public key, elliptic curve and client identity information mutually, and wherein, above-mentioned server is based on upper State the random point on client public key that client key interaction message carries, elliptic curve and client identity information calculates clothes The business pre-master key of device；Above-mentioned server sends the first key to above-mentioned client and changes statement message；On above-mentioned server receives State the second key replacing statement message that client sends.Further, the full stream that server and client side also can send mutually The authentication code of journey message, wherein, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.Wherein, the example above scene is that client and server section carries out the flow process of safety certification based on bidirectional authentication mechanism.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, the most above-mentioned server is with above-mentioned Client based on first algorithm set mark corresponding to the first algorithm set carry out safety certification, may include that above-mentioned server to Above-mentioned client sends the first message, and wherein, the first message carries server user certificate based on SM2 signature algorithm；On Stating server and send server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, in order to above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Above-mentioned server receives the client key friendship that above-mentioned client sends Message mutually, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client body Part information, wherein, on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve Random point and the pre-master key of client identity information calculation server.Further, server and client side also can send mutually The authentication code of whole process message, wherein, the comprised content of authentication code of whole process message and form can define with TLS standard Complete or essentially identical.Wherein, the example above scene is that client and server section carries out safety certification based on bidirectional authentication mechanism Flow process.

In some embodiments of the invention, send the first key replacing statement at above-mentioned server to above-mentioned client to disappear Before breath, or, before above-mentioned server receives the second key replacing statement message that above-mentioned client sends, or, above-mentioned clothes Business device may also include that above-mentioned server receives above-mentioned client after receiving the client key interaction message that above-mentioned client sends The client key validation-cross message that end sends, wherein, above-mentioned client key validation-cross message carries SM2 cipher key interaction The client verification digest value of algorithm；After above-mentioned client verification digest value is verified, send clothes to above-mentioned client Business device cipher key interaction checking message, wherein, above-mentioned server key validation-cross message carries the service of SM2 cipher key interaction algorithm Device verification digest value, in order to above-mentioned server verification digest value is verified by above-mentioned client.Above-mentioned client can enter one Walk and above-mentioned server verification digest value is verified.

In other embodiments of the present invention, send the first key at above-mentioned server to above-mentioned client and change statement Before message, or, before above-mentioned server receives the second key replacing statement message that above-mentioned client sends, or, Above-mentioned server receive above-mentioned client send client key interaction message after, it is also possible to including: above-mentioned server to Above-mentioned client sends server key validation-cross message, and wherein, it is close that above-mentioned server key validation-cross message carries SM2 The server verification digest value of key interactive algorithm；Above-mentioned server receives above-mentioned client to server verification digest value checking By the client key validation-cross message of rear transmission, wherein, above-mentioned client key validation-cross message carries SM2 key The client verification digest value of interactive algorithm, above-mentioned server can be further to the verification digest value checking of above-mentioned client.

It can be seen that in the security authentication mechanism based on tls protocol of the present embodiment scheme proposition, server receives client The client initialization handshake information that end sends, carries N number of algorithm set mark in above-mentioned client initialization handshake information, above-mentioned The algorithm set corresponding to each algorithm set mark in M algorithm set mark among N number of algorithm set mark includes that SM2 calculates Method；Server sends server initiation handshake information to above-mentioned client, in the most above-mentioned server initiation handshake information Carrying the first algorithm set mark that above-mentioned server is selected from above-mentioned M algorithm set mark, the first algorithm set is designated above-mentioned M Among algorithm set mark one；Above-mentioned server and above-mentioned client are based on the first algorithm corresponding to the first algorithm set mark Set carries out safety certification.Wherein by the introducing of SM2 algorithm and security authentication mechanism based on tls protocol are organically tied Close so that SM2 algorithm becomes possible and feasible for safety certification, and then makes to utilize SM2 algorithm to carry out data transmission becoming Possible and feasible, and, owing to SM2 algorithm is dissolved among security authentication mechanism based on tls protocol, therefore without to equipment Changing on a large scale and can implement, the cost that scheme is implemented is relatively low.Generally speaking, embodiments provide and can utilize The mechanism of the reasonable that SM2 algorithm carries out data transmission, is conducive to accelerating the application paces of SM2 algorithm, and then plays SM2 calculation Method advantage in terms of safety, is conducive to improving the safety of TLS and performance.

For ease of being better understood from and implement the such scheme of the embodiment of the present invention, several application scenarios of illustrating below enters Row illustrates.

See the schematic flow sheet that Fig. 3, Fig. 3 are a kind of safety certifying methods that another embodiment of the present invention provides, Fig. 3 Shown method relates to the mechanism of a kind of two-way authentication (ClientAuthentication) based on tls protocol, as it is shown on figure 3, A kind of safety certifying method that another embodiment of the present invention provides can include herein below:

301, user end to server sends client initialization handshake information (ClientHello)；

302, server responds the above-mentioned client initialization handshake information received, and sends server to client initial Change handshake information (ServerHello)；

Wherein, server initiation handshake information carries the first algorithm set mark that server is chosen, the first algorithm set mark Know among for above-mentioned M algorithm set mark.

Wherein, the first algorithm set identifies corresponding first algorithm set, and the first algorithm set includes:

Symmetric encipherment algorithm, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and digest algorithm.

In some embodiments of the invention, server select to comprise the algorithm set of SM2 algorithm can be former in accordance with following three Then:

A, server are loaded with user certificate and the private key of SM2ECDSA Digital Signature Algorithm；

B, server are loaded with the elliptic curve parameter required by SM2ECDHE；

C, server can support other the symmetric encipherment algorithm in selected algorithm set and digest algorithm.

303, server sends the first message to client, and wherein, the first message carries server and calculates based on SM2 signature The user certificate (Server Certificate) of method.

In some embodiments of the invention, server can send to client carry the first message of list of cert, wherein, List of cert includes server user certificate based on SM2 signature algorithm, and the create-rule of list of cert refers to x509 mark Quasi-PKI process.The user certificate based on SM2 signature algorithm that server can be sent by client further carries out corresponding certification.

304, server sends server key interaction message (ServerKeyExchange) to client.

In some embodiments of the invention, server key interaction message portability SM2 elliptic curve canonical parameter a, b, p The elliptic curve parameter generated with n(or server), server public key (server-P) needed for SM2 Diffie-Hellman, close Key exchange elliptic curve point R_A, server identity information Z_AWith the first signing messages, wherein, the first signing messages is based on service The private key of device user certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, the oval song of above-mentioned key exchange Line point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned client is based on the above-mentioned service received The first signing messages that device cipher key interaction message is carried, the SM2 carrying the above-mentioned server key interaction message received is ellipse The correctness of curve parameters, server identity information, key exchange elliptic curve point and server public key is verified, if just Really property is verified, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity Information, key exchange elliptic curve point and server public key calculate the pre-master key of client.Server also retains what oneself generated Private key, in order to carry out the calculating of pre-master key.

305, server sends certificate request message (CertificateRequest) to client.

Such as, server can send the certificate request etc. of RSA, DSA, ECDSA and/or SM2ECDSA to client.

306, the server response that server sends for indicating second step to shake hands to client terminates statement message (ServerHelloDone)；

In some embodiments of the invention, the response of above-mentioned server terminates to state that the purposes of message and definition can be with TLS Standard definition is identical.

307, user end to server sends the second message for responding First Certificate request message, wherein the second message Carry client user certificate based on SM2 signature algorithm or non-SM2 signature algorithm (Client Certificate)；

Wherein, the related credentials that client sends can be RSA, DSA, ECDSA and/or SM2ECDSA etc. certificate.

The certificate that client can be sent by server further is authenticated.

308, the SM2 elliptic curve parameter that client is carried according to the server key interaction message that server sends calculates The public and private key of client and elliptic curve point,

Client sends client public key by client key interaction message (ClientKeyExchange) to server (client-P), the random point R on elliptic curve_B, and client identity mark Z_B.And client preserves the private key of oneself, So that the pre-master key of subsequent calculations.Wherein, on above-mentioned client key interaction message portability client public key, elliptic curve Random point and client identity information etc., wherein, in order to server carries based on above-mentioned client key interaction message Random point on client public key, elliptic curve and the pre-master key of client identity information calculation server.

309, user end to server sends client key validation-cross message.

Wherein, above-mentioned client key validation-cross message (ClientKeyExchangeVerify) carries the friendship of SM2 key The client verification digest value of algorithm mutually.

310, user end to server sends client user's certification authentication message (CertificateVerify).

Wherein, client user's certification authentication message portability the second signing messages, wherein, the second signing messages be based on The part or all of message that user end to server in step 301～309 is sent by the private key of server user's certificate, and/or The part or all of message that the server that in step 301～309, client receives sends carries out signature computing and obtains.

Certainly, the second signing messages can be verified by server further.

Server is also based on above-mentioned client user's certification authentication message, verifies the user certificate that the second message carries Legitimacy.

311, client verification digest value is verified by server, and be verified is rear close to client transmission server Key validation-cross message (ServerKeyExchangeVerify), above-mentioned server key validation-cross message carries SM2 key The server verification digest value of interactive algorithm.Wherein, above-mentioned server verification digest value can be verified by client further.

Wherein, step 309 and step 311 are optional step.

312, server sends the first key to client and changes statement message (ChangeCipherSpec)；

313, user end to server sends the second key and changes statement message (ChangeCipherSpec)；

Wherein, client and server is sent out key mutually and is changed statement message, for confirming that both sides' negotiating algorithm terminates, and Stating that the algorithm that follow-up use consults interacts, key changes the form of statement message can be identical with standard TLS.Wherein, Client and server is before sending key replacing statement message, and client and server all can be according to the key of local terminal generation The cipher key interaction information that interactive information and opposite end send over carries out the calculating of pre-master key, after being gone out by pre-master cipher key derivative The key of continuous symmetry algorithm and the key of Message Authentication Code.Wherein, the computational methods of pre-master key are calculated in accordance with SM2 cipher key interaction The standard definition of method and tls protocol standard are carried out.

314, the end of shaking hands (Finished) that server and client side also can send mutually.

Wherein, server carries whole process that is that server sends and that receive to the end of shaking hands that client sends The authentication code of message；The end of shaking hands that user end to server sends carries whole process that is that client sends and that receive The authentication code of message.Wherein, whole process message is carried out digest calculations and can get the authentication code of whole process message.

Wherein, the comprised content of the authentication code of whole process message can be the most identical with the definition of TLS standard with form.

The authentication code verifying of the whole process message received is passed through afterwards by server and client side respectively, security authentication process Terminate.Follow-up, server and client side can interactive application data (ApplicationData): the application of server and client side Data interaction, concrete requirement is with reference to tls protocol requirement.Interactive application data uses key and the Message Authentication Code of symmetry algorithm Key.

Wherein, as a example by above-mentioned flow process is primarily directed to various checking all successfully scene, the most in actual applications Also there may be the possibility of authentication failed, for example, if the Information Authentication failure from server that client is to receiving (authentication code such as checking whole process message have failed, and authentication server certificate have failed), then client can be sent out to server Send failed message of shaking hands, and security authentication process can be stopped, similar, if the information from client that server is to receiving Authentication failed, then server can send, to client, failed message of shaking hands, and can stop security authentication process.

It can be seen that in the bidirectional authentication mechanism based on tls protocol of the present embodiment proposition, server receives client and sends out The client initialization handshake information sent, carries N number of algorithm set mark in above-mentioned client initialization handshake information, above-mentioned N number of The algorithm set corresponding to each algorithm set mark in M algorithm set mark among algorithm set mark includes SM2 algorithm；Clothes Business device sends server initiation handshake information to above-mentioned client, carries in the most above-mentioned server initiation handshake information Stating the first algorithm set mark that server is selected from above-mentioned M algorithm set mark, the first algorithm set is designated above-mentioned M algorithm set Among mark one；Above-mentioned server is carried out based on the first algorithm set corresponding to the first algorithm set mark with above-mentioned client Safety certification.Wherein by the introducing of SM2 algorithm and security authentication mechanism based on tls protocol are organically combined, make SM2 algorithm for safety certification become may and feasible, and then make to utilize SM2 algorithm carry out data transmission becoming may and Feasible, and, owing to SM2 algorithm is dissolved among security authentication mechanism based on tls protocol, therefore without equipment is carried out greatly Scope is changed and can be implemented, and the cost that scheme is implemented is relatively low.Generally speaking, embodiments provide SM2 can be utilized to calculate The mechanism of the reasonable that method carries out data transmission, is conducive to accelerating the application paces of SM2 algorithm, and then performance SM2 algorithm exists Advantage in terms of safety.

See the schematic flow sheet that Fig. 4, Fig. 4 are a kind of safety certifying methods that another embodiment of the present invention provides, Fig. 4 Shown in method relate to the mechanism of a kind of unilateral authentication (ServerAuthentication) based on tls protocol, as shown in Figure 4, A kind of safety certifying method that another embodiment of the present invention provides can include herein below:

401, user end to server sends client initialization handshake information (ClientHello)；

402, server responds the above-mentioned client initialization handshake information received, and sends server to client initial Change handshake information (ServerHello)；

B, server are loaded with the elliptic curve parameter required by SM2ECDHE；

403, server sends the first message to client, and wherein, the first message carries server and calculates based on SM2 signature The user certificate (Server Certificate) of method.

In some embodiments of the invention, server can send the message carrying list of cert, wherein, certificate to client List includes server user certificate based on SM2 signature algorithm, and the create-rule of list of cert refers to x509 standard PKI Process.The user certificate based on SM2 signature algorithm that server can be sent by client further carries out corresponding certification.

404, server sends server key interaction message (ServerKeyExchange) to client.

405, the server response that server sends for indicating second step to shake hands to client terminates statement message (ServerHelloDone)；

406, the SM2 elliptic curve parameter that client is carried according to the server key interaction message that server sends calculates The public and private key of client and elliptic curve point, client sends client public key by client key interaction message to server (client-P), the random point R on elliptic curve_B, and client identity mark Z_B.Further, client preserves the private of oneself Key, in order to the pre-master key of subsequent calculations.Wherein, on client key interaction message portability client public key, elliptic curve Random point and client identity information etc., wherein, in order to server carries based on above-mentioned client key interaction message Random point on client public key, elliptic curve and the pre-master key of client identity information calculation server.

407, user end to server sends client key validation-cross message.

408, client verification digest value is verified by server, and be verified is rear close to client transmission server Key validation-cross message (ServerKeyExchangeVerify), above-mentioned server key validation-cross message carries SM2 key The server verification digest value of interactive algorithm.Wherein, above-mentioned server verification digest value can be verified by client further.

409, server sends the first key to client and changes statement message (ChangeCipherSpec)；

410, user end to server sends the second key and changes statement message (ChangeCipherSpec)；

411, the end of shaking hands (Finished) that server and client side also can send mutually.

Wherein, as a example by above-mentioned flow process is primarily directed to various checking all successfully scene, the most in actual applications Also there may be the possibility of authentication failed, for example, if the Information Authentication failure from server that client is to receiving, Then client can send, to server, failed message of shaking hands, and can stop security authentication process, similar, if server is to reception The Information Authentication failure from client arrived, then server can send, to client, failed message of shaking hands, and can stop safety Identifying procedure.

It can be seen that in the unilateral authentication mechanism based on tls protocol of the present embodiment proposition, server receives client and sends out The client initialization handshake information sent, carries N number of algorithm set mark in above-mentioned client initialization handshake information, above-mentioned N number of The algorithm set corresponding to each algorithm set mark in M algorithm set mark among algorithm set mark includes SM2 algorithm；Clothes Business device sends server initiation handshake information to above-mentioned client, carries in the most above-mentioned server initiation handshake information Stating the first algorithm set mark that server is selected from above-mentioned M algorithm set mark, the first algorithm set is designated above-mentioned M algorithm set Among mark one；Above-mentioned server is carried out based on the first algorithm set corresponding to the first algorithm set mark with above-mentioned client Safety certification.Wherein by the introducing of SM2 algorithm and security authentication mechanism based on tls protocol are organically combined, make SM2 algorithm for safety certification become may and feasible, and then make to utilize SM2 algorithm carry out data transmission becoming may and Feasible, and, owing to SM2 algorithm is dissolved among security authentication mechanism based on tls protocol, therefore without equipment is carried out greatly Scope is changed and can be implemented, and the cost that scheme is implemented is relatively low.Generally speaking, embodiments provide SM2 can be utilized to calculate The mechanism of the reasonable that method carries out data transmission, is conducive to accelerating the application paces of SM2 algorithm, and then performance SM2 algorithm exists Advantage in terms of safety.

See the schematic flow sheet that Fig. 5, Fig. 5 are a kind of safety certifying methods that another embodiment of the present invention provides, Fig. 5 Shown safety certifying method relates to the mechanism of a kind of anonymous authentication based on tls protocol, as it is shown in figure 5, another of the present invention is real A kind of safety certifying method that executing example provides can include herein below:

501, user end to server sends client initialization handshake information (ClientHello)；

502, server responds the above-mentioned client initialization handshake information received, and sends server to client initial Change handshake information (ServerHello)；

Symmetric encipherment algorithm, SM2 unsymmetrical key interactive algorithm and digest algorithm.

B, server are loaded with the elliptic curve parameter required by SM2ECDHE；

503, server sends server key interaction message (ServerKeyExchange) to client.

In some embodiments of the invention, server key interaction message portability SM2 elliptic curve canonical parameter a, b, p The elliptic curve parameter generated with n(or server), server public key (server-P) needed for SM2 Diffie-Hellman, close Key exchange elliptic curve point R_AWith server identity information, in order to client is carried based on above-mentioned server key interaction message SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key.Server also retains the private key that oneself generates, in order to carry out the calculating of pre-master key.

504, the server response that server sends for indicating second step to shake hands to client terminates statement message (ServerHelloDone)；

505, the SM2 elliptic curve parameter that client is carried according to the server key interaction message that server sends calculates The public and private key of client and elliptic curve point, client sends client public key by client key interaction message to server (client-P), the random point R on elliptic curve_B, and client identity mark Z_B.Further, client preserves the private of oneself Key, in order to the pre-master key of subsequent calculations.Wherein, on client key interaction message portability client public key, elliptic curve Random point and client identity information etc., wherein, in order to server carries based on above-mentioned client key interaction message Random point on client public key, elliptic curve and the pre-master key of client identity information calculation server.

506, user end to server sends client key validation-cross message.

507, client verification digest value is verified by server, and be verified is rear close to client transmission server Key validation-cross message (ServerKeyExchangeVerify), above-mentioned server key validation-cross message carries SM2 key The server verification digest value of interactive algorithm.Wherein, above-mentioned server verification digest value can be verified by client further.

508, server sends the first key to client and changes statement message (ChangeCipherSpec)；

509, user end to server sends the second key and changes statement message (ChangeCipherSpec)；

510, the end of shaking hands (Finished) that server and client side also can send mutually.

It can be seen that in the anonymous authentication mechanism based on tls protocol of the present embodiment proposition, server receives client and sends out The client initialization handshake information sent, carries N number of algorithm set mark in above-mentioned client initialization handshake information, above-mentioned N number of The algorithm set corresponding to each algorithm set mark in M algorithm set mark among algorithm set mark includes SM2 algorithm；Clothes Business device sends server initiation handshake information to above-mentioned client, carries in the most above-mentioned server initiation handshake information Stating the first algorithm set mark that server is selected from above-mentioned M algorithm set mark, the first algorithm set is designated above-mentioned M algorithm set Among mark one；Above-mentioned server is carried out based on the first algorithm set corresponding to the first algorithm set mark with above-mentioned client Safety certification.Wherein by the introducing of SM2 algorithm and security authentication mechanism based on tls protocol are organically combined, make SM2 algorithm for safety certification become may and feasible, and then make to utilize SM2 algorithm carry out data transmission becoming may and Feasible, and, owing to SM2 algorithm is dissolved among security authentication mechanism based on tls protocol, therefore without equipment is carried out greatly Scope is changed and can be implemented, and the cost that scheme is implemented is relatively low.Generally speaking, embodiments provide SM2 can be utilized to calculate The mechanism of the reasonable that method carries out data transmission, is conducive to accelerating the application paces of SM2 algorithm, and then performance SM2 algorithm exists Advantage in terms of safety.

For ease of being better understood from implementing such scheme, below to some message related in safety certifying method of the present invention Or the form definition of parameter is illustrated.

The form definition of citing describes and describes in accordance with the format standard of TLS standard and RFC4492, uses RFC1832XDR format description method.The message format definition not carrying out specified otherwise refer to the relevant RFC of RFC4492 with TLS Standard defines.

In some embodiments of the invention, client initialization handshake information (ClientHello) and server are initial The definition changing handshake information (ServerHello) can be identical with TLS standard RFC, but can designate that new definition comprise SM2 algorithm Algorithm set.

The form of server user certificate based on SM2 signature algorithm (Server Certificate) can define with RFC, Use SM2 related credentials the standard (" certificate authentication system based on SM2 algorithm that State Administration for Quality Supervision and Inspection and Quarantine promulgates Certificate format standard ").

The form of server key interaction message (ServerKeyExchange) refers to the message format of RFC4492 and retouches Stating, message format can be as follows:

Wherein, Digitally-signed represents the meaning of data signature, i.e. to the hash value number defined in message According to signature, according to the feature of SM2 signature algorithm, the data structure of SM2 signature algorithm following (using ASN1 expression form):

Wherein, the form definition that server sends certificate request message (CertificateRequest) to client is basic Follow the standard formulation of tls protocol.The definition of increase Sm2 certificate in the certificate type item of CertificateRequest:

In some embodiments of the invention, server sends the service for indicating second step to shake hands to client Device response terminates the form of statement message (ServerHelloDone) can be identical with the definition of the standard of TLS.

In some embodiments of the invention, the client that user end to server sends is based on SM2 signature algorithm or non- The basic format of the user certificate (Client Certificate) of SM2 signature algorithm can be identical with TLS standard definition.This certificate The SM2 reference format certificate that State Standard Bureau specifies can be used, it would however also be possible to employ other certificate (such as RSA ECDSA DSA etc.).

Wherein, the client key interaction message (ClientKeyExchange) that user end to server sends can wrap Exchange key K that the elliptic curve parameter provided based on Server containing client generates, client public key (client-P) and Client identity mark Z_BDeng, form can be as follows:

Wherein, the data type of without proper notice definition, the RFC standard of RFC4492 and TLS can be used to define.

It is permissible that user end to server sends client key validation-cross message (ClientKeyExchangeVerify) Using any one hash algorithm, specifically can confirm to use what hash value by the ID of comparison hash algorithm, its form is fixed Justice can be as follows:

Server send server key validation-cross message (ServerKeyExchangeVerify) can use and The hash algorithm that ClientKeyExchangeVerify is identical.Message format definition can be as follows:

User end to server sends the required signature of client user's certification authentication message (CertificateVerify) Message can be identical with the RFC standard definition of TLS, including the mutual summation of the most all handshake information (if there being optional message, The most optional message also can be included).If the certificate that Client sends is RSA DSA DSS certificate, form definition is same TLS defines, if using ECDSA certificate, form definition is with reference to RFC4992.If using SM2 ellipse curve signature algorithm Certificate, then use ASN1 standard code ellipse curve signature value.

Message format can be as follows:

struct{

SM2-Sig-Value;

}CertificateVerify;

Wherein, the data structure of signature information can be as follows (as a example by using ASN1 expression way)

The mutual key of server and client side changes the form definition of statement message (ChangeCipherSpec) can be with The RFC standard definition of TLS is identical.

Server and client side mutual the form of end of shaking hands (Finished) and need the content that comprises can Identical with TLS standard RFC definition.Wherein, if shaking hands in interaction, containing optional message, end of shaking hands calculates Also optional message is comprised during cryptographic Hash.

It should be noted that the message of the example above or parameter format are only for example, optional satisfied in actual applications The various forms of standard-required.

In embodiments of the present invention, by the combination of SM2 algorithm Yu other identifying algorithm, new algorithm set (first is defined Algorithm set can be one of them), wherein the algorithm set imparting ID of new definition is as follows:

The ID defining new certification class algorithm set can be as follows:

The ID defining new anonymous class algorithm set can be as follows:

It is appreciated that the new algorithm set that may be not limited to the example above in actual applications, algorithm set ID are also not necessarily limited to State citing, as long as algorithm set ID can be distinguish between.

One possible actual application scenarios of citing below.

Scene: certain E-business service center B(plays the part of the role of server) and user terminal A (play the part of the angle of client Color) interact operation, owing to relating to security information, so both sides use safe encrypted tunnel.Owing to being both in mutually In networking, and there is no IPSec node support, so TLS can be used.

In general, the business between service centre B and user terminal A needs the pattern by authentication alternately, and Use the SM2 algorithm of State Commercial Cryptography Administration's version as asymmetric arithmetic.In view of, in the Internet, most TLS link uses list To certification (ServerAuthentication), and client can verify oneself by inputting username and password after logging in Identity, so this link uses ServerAuthentication pattern.Interaction flow is with reference in the authentication method shown in Fig. 4 Unilateral authentication flow process.

First user terminal A initiates connection of shaking hands.ClientHello is to service centre B in transmission, after service centre B receives, Resolve the algorithm list that the ClientHello of user terminal A transmission carries, it is assumed that user terminal A requires to use SM2 certification class to calculate Method.Service centre B checks the user certificate that self is equipped with, and can support SM2 Digital Signature Algorithm etc., and server B also has simultaneously There is the ability using SM2 algorithm parameter to carry out cipher key interaction calculating, so service centre B chooses in user terminal A transmission list Certification class SM2 algorithm, such as TLS_SM2ECDHE_SM2ECDSA_WITH_AES256_CBC_SHA.Service centre B is to user Terminal A sends server certificate, the parameter of Sm2 cipher key interaction algorithm and the server public key of generation, random point etc. information.With After family terminal A receives the information of service centre B, the certificate of service centre B is verified, find service centre B certificate by After credible CA issues, continue the cipher key interaction information of analysis service center B, and according to the cipher key interaction information meter of service centre B Calculate the cipher key interaction information of oneself；Meanwhile, the digital signature in the cipher key interaction information send service centre B verifies, The true of the certificate really of confirmed service center B is used for person.User terminal A is sent to clothes the cipher key interaction information of oneself subsequently Business center B, service centre B calculate the key of follow-up mutual needs accordingly, meanwhile, after user terminal A also can calculate Continuous mutual key.Service centre B and user terminal A are after by agreement last confirmation statement encryption enabled pattern, just Business can be set up on encrypted tunnel.

The embodiment of the present invention is that TLS devises one group of introducing SM2 association key exchange algorithm and the calculation of SM2 signature algorithm Method set, improves safety and the performance of TLS.Define multiple message format for supporting SM2 algorithm, the most suitable increase The type of message of TLS, can meet the requirement promoting the application of SM2 algorithm.

Further, with reference to thinking and the method for the embodiment of the present invention, can expand to safety such as IKEv2EAP authentication framework The application of agreement, makes these standard agreements also be able to compatible SM2 algorithm, promotes the use of for SM2 algorithm and have the highest valency Value.

Seeing Fig. 6, the embodiment of the present invention also provides for a kind of client 600, it may include:

Transmitting element 610, reception unit 620 and certification interactive unit 630.

Transmitting element 610, for sending client initialization handshake information to server, wherein, above-mentioned client is initial Change and handshake information is carried N number of algorithm set mark, each calculation in M algorithm set mark among above-mentioned N number of algorithm set mark Algorithm set corresponding to method set mark includes SM2 algorithm, and wherein, above-mentioned N is the most whole more than or equal to above-mentioned M, above-mentioned N and M Number；

Receive unit 620, for receive above-mentioned server send for responding above-mentioned client initialization handshake information Server initiation handshake information, above-mentioned server initiation handshake information is carried first algorithm set mark, the first algorithm Set is designated among above-mentioned M algorithm set mark；

Certification interactive unit 630, for based on the first algorithm set corresponding to the first algorithm set mark and above-mentioned server Carry out safety certification.

In some embodiments of the invention, the first algorithm set is certification class algorithm set or anonymous class algorithm set；

Wherein, if the first algorithm set is anonymous class algorithm set, then the first algorithm set includes that SM2 unsymmetrical key is calculated alternately Method, symmetric encipherment algorithm and digest algorithm；Wherein, if the first algorithm set is certification class algorithm set, in the first algorithm set: including: Symmetric encipherment algorithm, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and digest algorithm.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 630 can Specifically for, receive the first message that above-mentioned server sends, wherein, the first message carries server and calculates based on SM2 signature The user certificate of method；

Receiving the server key interaction message that above-mentioned server sends, wherein, above-mentioned server key interaction message is taken With SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first A.L.S. Breath, wherein, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned service Device identity information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain；Based on connecing The first signing messages that the above-mentioned server key interaction message received carries, disappears alternately to the above-mentioned server key received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the correctness of server public key that breath carries Verify, if correctness is verified, then the SM2 elliptic curve ginseng carried based on above-mentioned server key interaction message Number, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；

Receive the First Certificate request message that above-mentioned server sends；

Receive the server response end statement message that above-mentioned server sends；

Sending the second message for responding First Certificate request message to above-mentioned server, wherein, the second message is carried There is client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Sending client key interaction message to above-mentioned server, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, in order to above-mentioned server is close based on above-mentioned client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key；

Client user's certification authentication message is sent, in order to above-mentioned client is based on above-mentioned client to above-mentioned server User certificate checking message, verifies the legitimacy of the user certificate that the second message carries；

Receive the first key replacing statement message that server sends；

Send the second key to above-mentioned server and change statement message.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 630 Can be specifically for, receive the first message that above-mentioned server sends, wherein, the first message carries server and signs based on SM2 The user certificate of algorithm；

Client user's certification authentication message is sent, in order to above-mentioned client is based on above-mentioned client to above-mentioned server User certificate checking message, verifies the legitimacy of the user certificate that the second message carries.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 630 Can be specifically for, receive that above-mentioned server sends carries server user certificate based on SM2 signature algorithm；

Receive the first key replacing statement message that server sends；

Send the second key to above-mentioned server and change statement message.

Sending client key interaction message to above-mentioned server, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, in order to above-mentioned server is close based on above-mentioned client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then certification interactive unit 630 Can be specifically for, receive the server key interaction message that above-mentioned server sends, wherein, above-mentioned server key interaction message Carry SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key；Based on above-mentioned SM2 elliptic curve parameter that server key interaction message carries, server identity information, key exchange elliptic curve point kimonos Business device PKI calculates the pre-master key of client；

Receive the first key replacing statement message that server sends；

Send the second key to above-mentioned server and change statement message.

In some embodiments of the invention, above-mentioned certification interactive unit 630 is additionally operable to, receive that server sends the Before one key changes statement message, or before sending the second key replacing statement message to above-mentioned server, or to above-mentioned After server sends client key interaction message, to above-mentioned server transmission client key validation-cross message, wherein, Above-mentioned client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm；Receive above-mentioned The server key validation-cross message that server sends after being verified above-mentioned client verification digest value, wherein, on State server key validation-cross message and carry the server verification digest value of SM2 cipher key interaction algorithm, to above-mentioned server school Test digest value to verify.

It is understood that the function of each functional module of the client 600 of the present embodiment can be implemented according to said method Method in example implements, and it implements process and is referred to the associated description of said method embodiment, the most superfluous State.

The structural representation of a kind of client 700 that Fig. 7 provides for the present invention, as it is shown in fig. 7, the client of the present embodiment At least one processor 702 of 700 include at least one bus 701, being connected with bus 701 and be connected with bus 701 to A few memorizer 703.

Wherein, processor 702, by bus 701, calls the code of storage in memorizer 703 and sends for server Client initialization handshake information, wherein, carries N number of algorithm set mark in above-mentioned client initialization handshake information, above-mentioned N number of The algorithm set corresponding to each algorithm set mark in M algorithm set mark among algorithm set mark includes SM2 algorithm, on Stating N more than or equal to above-mentioned M, above-mentioned N and M is positive integer；Receive above-mentioned server send for responding at the beginning of above-mentioned client The server initiation handshake information of beginningization handshake information, carries the first algorithm set mark in above-mentioned server initiation handshake information Knowing, the first algorithm set is designated among above-mentioned M algorithm set mark；Based on first corresponding to the first algorithm set mark Algorithm set carries out safety certification with above-mentioned server.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then processor 702 and server Safety certification is carried out based on the first algorithm set corresponding to the first algorithm set mark, it may include: receive what above-mentioned server sent First message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send out The server key interaction message sent, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, service Device identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages is base In the private key of server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, the exchange of above-mentioned key Elliptic curve point and above-mentioned server public key carry out signature computing and obtain；Mutual based on the above-mentioned server key received The first signing messages that message is carried, the SM2 elliptic curve parameter that the above-mentioned server key interaction message received is carried, The correctness of server identity information, key exchange elliptic curve point and server public key is verified, if correctness is tested Card passes through, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key Exchange elliptic curve point and server public key calculate the pre-master key of client；Receive the First Certificate request that above-mentioned server sends Message；Receive the server response end statement message that above-mentioned server sends；Send for response first to above-mentioned server Second message of certificate request message, wherein, the second message carries client and calculates based on SM2 signature algorithm or non-SM2 signature The user certificate of method；Sending client key interaction message to above-mentioned server, wherein, above-mentioned client key interaction message is taken With the random point on client public key, elliptic curve and client identity information, in order to above-mentioned server is based on above-mentioned client The client public key that end cipher key interaction message is carried, the random point on elliptic curve and client identity information calculation server are pre- Master key；Client user's certification authentication message is sent, in order to above-mentioned client is based on above-mentioned client to above-mentioned server User certificate checking message, verifies the legitimacy of the user certificate that the second message carries；Receive the first key that server sends Change statement message；Send the second key to above-mentioned server and change statement message.Further, server and client side also may be used The authentication code of the whole process message sent mutually, the comprised content of authentication code of whole process message and form can be fixed with TLS standard Justice is the most identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 702 and service Device carries out safety certification based on the first algorithm set corresponding to the first algorithm set mark, it may include: receive above-mentioned server and send The first message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server The server key interaction message sent, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, clothes Business device identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages is Private key based on server user's certificate, hands over above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, above-mentioned key Change elliptic curve point and above-mentioned server public key carries out signature computing and obtains；Hand over based on the above-mentioned server key received The first signing messages that message is carried mutually, the SM2 elliptic curve carrying the above-mentioned server key interaction message received is joined The correctness of number, server identity information, key exchange elliptic curve point and server public key is verified, if correctness is carried out Be verified, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, close Key exchange elliptic curve point and server public key calculate the pre-master key of client；The First Certificate receiving the transmission of above-mentioned server please Seek message；Sending the second message for responding First Certificate request message to above-mentioned server, wherein, the second message carries Client is based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；Client key is sent mutual to above-mentioned server Message, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity Information, in order on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve Random point and the pre-master key of client identity information calculation server；Send client user's certification authentication to above-mentioned server to disappear Breath, in order to above-mentioned client, based on above-mentioned client user's certification authentication message, verifies the user certificate that the second message is carried Legitimacy.Further, the authentication code of the whole process message that server and client side also can send mutually, whole process message The comprised content of authentication code can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, processor 702 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages be based on The private key of server user's certificate, exchanges ellipse to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, above-mentioned key Circular curve point and above-mentioned server public key carry out signature computing and obtain；Disappear alternately based on the above-mentioned server key received The first signing messages that breath carries, the SM2 elliptic curve parameter that the above-mentioned server key interaction message received is carried, clothes The correctness of business device identity information, key exchange elliptic curve point and server public key is verified, if correctness is verified Pass through, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key are handed over Change elliptic curve point and server public key calculates the pre-master key of client；The server response receiving the transmission of above-mentioned server terminates Statement message；Sending client key interaction message to above-mentioned server, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, in order to above-mentioned server is close based on above-mentioned client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key；Receive the first key replacing statement message that server sends；Send the second key to above-mentioned server and change statement message. Further, the authentication code of the whole process message that server and client side also can send mutually, the authentication code institute of whole process message Comprising content can be the most identical with the definition of TLS standard with form.Further, server and client side also can send out mutually The authentication code of the whole process message sent, wherein, the comprised content of authentication code of whole process message and form can define with TLS standard The most identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, processor 702 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages be based on The private key of server user's certificate, exchanges ellipse to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, above-mentioned key Circular curve point and above-mentioned server public key carry out signature computing and obtain；Disappear alternately based on the above-mentioned server key received The first signing messages that breath carries, the SM2 elliptic curve parameter that the above-mentioned server key interaction message received is carried, clothes The correctness of business device identity information, key exchange elliptic curve point and server public key is verified, if correctness is verified Pass through, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key are handed over Change elliptic curve point and server public key calculates the pre-master key of client；Send client key to above-mentioned server to disappear alternately Breath, the most above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity letter Breath, in order on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve with Machine point and the pre-master key of client identity information calculation server.Further, server and client side also can send mutually The authentication code of whole process message, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, whole process disappears The comprised content of authentication code of breath can be the most identical with the definition of TLS standard with form.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then processor 702 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key；The SM2 carried based on above-mentioned server key interaction message is ellipse Curve parameters, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；Connect Receive the server response end statement message that above-mentioned server sends；Client key interaction message is sent to above-mentioned server, Wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity information, So that above-mentioned server carry based on above-mentioned client key interaction message client public key, random point on elliptic curve With the client identity pre-master key of information calculation server；Receive the first key replacing statement message that server sends；Upwards State server and send the second key replacing statement message.Further, the whole process that server and client side also can send mutually The authentication code of message, the comprised content of authentication code of whole process message and form can be the most identical with the definition of TLS standard. Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, the certification of whole process message The comprised content of code can be the most identical with the definition of TLS standard with form.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then processor 702 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key；The SM2 carried based on above-mentioned server key interaction message is ellipse Curve parameters, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；To Above-mentioned server sends client key interaction message, and wherein, above-mentioned client key interaction message carries client public key, ellipse Random point on circular curve and client identity information, in order to above-mentioned server is taken based on above-mentioned client key interaction message Random point on the client public key of band, elliptic curve and the pre-master key of client identity information calculation server.Further, The authentication code of the whole process message that server and client side also can send mutually, the comprised content of authentication code of whole process message and Form can be the most identical with the definition of TLS standard.Further, the whole process that server and client side also can send mutually The authentication code of message, wherein, the comprised content of authentication code of whole process message and form can define wholly or substantially with TLS standard Identical.

In some embodiments of the invention, processor 702 disappears in the first key replacing statement receiving server transmission Before breath, or, processor 702 is sending before the second key changes statement message to above-mentioned server, or to above-mentioned service After device sends client key interaction message, processor 702 also can send client key validation-cross to above-mentioned server Message, wherein, above-mentioned client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm；Connect Receive above-mentioned server server key validation-cross of transmission after above-mentioned client verification digest value is verified to disappear Breath, wherein, above-mentioned server key validation-cross message carries the server verification digest value of SM2 cipher key interaction algorithm, processes Above-mentioned server verification digest value can be verified by device 702 further.

In other embodiments of the present invention, processor 702 is receiving the first key replacing statement that server sends Before message, or, processor 702 is sending before the second key changes statement message to above-mentioned server, or to above-mentioned clothes After business device sends client key interaction message, it is also possible to including: processor 702 receives the server that above-mentioned server sends Cipher key interaction checking message, wherein, above-mentioned server key validation-cross message carries the server school of SM2 cipher key interaction algorithm Test digest value；Above-mentioned server verification digest value is verified, after above-mentioned server verification digest value is verified, to Above-mentioned server sends client key validation-cross message, and wherein, it is close that above-mentioned client key validation-cross message carries SM2 The client verification digest value of key interactive algorithm, above-mentioned client verification digest value can be tested by above-mentioned server further Card.

The client 700 that the present embodiment provides, may be used for performing the technology of the arbitrary shown embodiment of the method for Fig. 1～Fig. 5 The part that in scheme, client correspondence performs, it is similar with technique effect that it realizes principle, and here is omitted.Fig. 7 is only this A kind of schematic diagram of the structure of the client 700 of bright offer, concrete structure can be adjusted according to actual.

Fig. 8 describes the structure of a kind of client 800 that the embodiment of the present invention provides, and this client 800 includes: at least one Individual processor 801, such as CPU, at least one network interface 804 or other user interfaces 803, memorizer 805, at least one Communication bus 802.Communication bus 802 is for realizing the connection communication between these assemblies.This client 800 optionally comprises use Family interface 803, including display, keyboard or pointing device (such as, mouse, trace ball (trackball), touch-sensitive plate or Touch sensitive display screen).Memorizer 805 may comprise high-speed RAM memorizer, it is also possible to also includes non-labile memorizer (non- Volatile memory), for example, at least one disk memory.Memorizer 805 optionally can comprise at least one and be positioned at far Storage device from aforementioned processor 801.

In some embodiments, memorizer 805 stores following element, executable module or data structure, or Their subset of person, or their superset:

Operating system 8051, comprises various system program, is used for realizing various basic business and processing hardware based Task；

Application program module 8052, comprises various application program, is used for realizing various applied business.

Application program module 8052 includes but not limited to transmitting element 610, receives unit 620 and certification interactive unit 630。

In application program module 8052 each module implement the corresponding module that can be found in embodiment illustrated in fig. 6, This does not repeats.

In embodiments of the present invention, by calling program or the instruction of memorizer 805 storage, processor 801 can be used for: uses In sending client initialization handshake information to server, wherein, above-mentioned client initialization handshake information carries N number of algorithm Set mark, in the algorithm set corresponding to each algorithm set mark in M algorithm set mark among above-mentioned N number of algorithm set mark Including SM2 algorithm, above-mentioned N is positive integer more than or equal to above-mentioned M, above-mentioned N and M；Receive above-mentioned server send for ringing Answer the server initiation handshake information of above-mentioned client initialization handshake information, above-mentioned server initiation handshake information is taken Carrying the first algorithm set mark, the first algorithm set is designated among above-mentioned M algorithm set mark；Based on the first algorithm set mark The first algorithm set corresponding to knowledge carries out safety certification with above-mentioned server.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then processor 801 and server Safety certification is carried out based on the first algorithm set corresponding to the first algorithm set mark, it may include: receive what above-mentioned server sent First message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send out The server key interaction message sent, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, service Device identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages is base In the private key of server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, the exchange of above-mentioned key Elliptic curve point and above-mentioned server public key carry out signature computing and obtain；Mutual based on the above-mentioned server key received The first signing messages that message is carried, the SM2 elliptic curve parameter that the above-mentioned server key interaction message received is carried, The correctness of server identity information, key exchange elliptic curve point and server public key is verified, if correctness is tested Card passes through, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key Exchange elliptic curve point and server public key calculate the pre-master key of client；Receive the First Certificate request that above-mentioned server sends Message；Receive the server response end statement message that above-mentioned server sends；Send for response first to above-mentioned server Second message of certificate request message, wherein, the second message carries client and calculates based on SM2 signature algorithm or non-SM2 signature The user certificate of method；Sending client key interaction message to above-mentioned server, wherein, above-mentioned client key interaction message is taken With the random point on client public key, elliptic curve and client identity information, in order to above-mentioned server is based on above-mentioned client The client public key that end cipher key interaction message is carried, the random point on elliptic curve and client identity information calculation server are pre- Master key；Client user's certification authentication message is sent, in order to above-mentioned client is based on above-mentioned client to above-mentioned server User certificate checking message, verifies the legitimacy of the user certificate that the second message carries；Receive the first key that server sends Change statement message；Send the second key to above-mentioned server and change statement message.Further, server and client side also may be used The authentication code of the whole process message sent mutually, the comprised content of authentication code of whole process message and form can be fixed with TLS standard Justice is the most identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 801 and service Device carries out safety certification based on the first algorithm set corresponding to the first algorithm set mark, it may include: receive above-mentioned server and send The first message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server The server key interaction message sent, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, clothes Business device identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages is Private key based on server user's certificate, hands over above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, above-mentioned key Change elliptic curve point and above-mentioned server public key carries out signature computing and obtains；Hand over based on the above-mentioned server key received The first signing messages that message is carried mutually, the SM2 elliptic curve carrying the above-mentioned server key interaction message received is joined The correctness of number, server identity information, key exchange elliptic curve point and server public key is verified, if correctness is carried out Be verified, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, close Key exchange elliptic curve point and server public key calculate the pre-master key of client；The First Certificate receiving the transmission of above-mentioned server please Seek message；Sending the second message for responding First Certificate request message to above-mentioned server, wherein, the second message carries Client is based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；Client key is sent mutual to above-mentioned server Message, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity Information, in order on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve Random point and the pre-master key of client identity information calculation server；Send client user's certification authentication to above-mentioned server to disappear Breath, in order to above-mentioned client, based on above-mentioned client user's certification authentication message, verifies the user certificate that the second message is carried Legitimacy.Further, the authentication code of the whole process message that server and client side also can send mutually, whole process message The comprised content of authentication code can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, processor 801 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages be based on The private key of server user's certificate, exchanges ellipse to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, above-mentioned key Circular curve point and above-mentioned server public key carry out signature computing and obtain；Disappear alternately based on the above-mentioned server key received The first signing messages that breath carries, the SM2 elliptic curve parameter that the above-mentioned server key interaction message received is carried, clothes The correctness of business device identity information, key exchange elliptic curve point and server public key is verified, if correctness is verified Pass through, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key are handed over Change elliptic curve point and server public key calculates the pre-master key of client；The server response receiving the transmission of above-mentioned server terminates Statement message；Sending client key interaction message to above-mentioned server, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, in order to above-mentioned server is close based on above-mentioned client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key；Receive the first key replacing statement message that server sends；Send the second key to above-mentioned server and change statement message. Further, the authentication code of the whole process message that server and client side also can send mutually, the authentication code institute of whole process message Comprising content can be the most identical with the definition of TLS standard with form.Further, server and client side also can send out mutually The authentication code of the whole process message sent, wherein, the comprised content of authentication code of whole process message and form can define with TLS standard The most identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, processor 801 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the first signing messages be based on The private key of server user's certificate, exchanges ellipse to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity information, above-mentioned key Circular curve point and above-mentioned server public key carry out signature computing and obtain；Disappear alternately based on the above-mentioned server key received The first signing messages that breath carries, the SM2 elliptic curve parameter that the above-mentioned server key interaction message received is carried, clothes The correctness of business device identity information, key exchange elliptic curve point and server public key is verified, if correctness is verified Pass through, then the SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key are handed over Change elliptic curve point and server public key calculates the pre-master key of client；Send client key to above-mentioned server to disappear alternately Breath, the most above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity letter Breath, in order on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve with Machine point and the pre-master key of client identity information calculation server.Further, server and client side also can send mutually The authentication code of whole process message, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, whole process disappears The comprised content of authentication code of breath can be the most identical with the definition of TLS standard with form.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then processor 801 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key；The SM2 carried based on above-mentioned server key interaction message is ellipse Curve parameters, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；Connect Receive the server response end statement message that above-mentioned server sends；Client key interaction message is sent to above-mentioned server, Wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity information, So that above-mentioned server carry based on above-mentioned client key interaction message client public key, random point on elliptic curve With the client identity pre-master key of information calculation server；Receive the first key replacing statement message that server sends；Upwards State server and send the second key replacing statement message.Further, the whole process that server and client side also can send mutually The authentication code of message, the comprised content of authentication code of whole process message and form can be the most identical with the definition of TLS standard. Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, the certification of whole process message The comprised content of code can be the most identical with the definition of TLS standard with form.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then processor 801 and server Carry out safety certification based on the first algorithm set corresponding to the first algorithm set mark and comprise the steps that receive that above-mentioned server sends the One message, wherein, the first message carries server user certificate based on SM2 signature algorithm；Receive above-mentioned server to send Server key interaction message, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server Identity information, key exchange elliptic curve point, server public key；The SM2 carried based on above-mentioned server key interaction message is ellipse Curve parameters, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；To Above-mentioned server sends client key interaction message, and wherein, above-mentioned client key interaction message carries client public key, ellipse Random point on circular curve and client identity information, in order to above-mentioned server is taken based on above-mentioned client key interaction message Random point on the client public key of band, elliptic curve and the pre-master key of client identity information calculation server.Further, The authentication code of the whole process message that server and client side also can send mutually, the comprised content of authentication code of whole process message and Form can be the most identical with the definition of TLS standard.Further, the whole process that server and client side also can send mutually The authentication code of message, wherein, the comprised content of authentication code of whole process message and form can define wholly or substantially with TLS standard Identical.

In some embodiments of the invention, processor 801 disappears in the first key replacing statement receiving server transmission Before breath, or, processor 801 is sending before the second key changes statement message to above-mentioned server, or to above-mentioned service After device sends client key interaction message, processor 801 also can send client key validation-cross to above-mentioned server Message, wherein, above-mentioned client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm；Connect Receive above-mentioned server server key validation-cross of transmission after above-mentioned client verification digest value is verified to disappear Breath, wherein, above-mentioned server key validation-cross message carries the server verification digest value of SM2 cipher key interaction algorithm, processes Above-mentioned server verification digest value can be verified by device 801 further.

In other embodiments of the present invention, processor 801 is receiving the first key replacing statement that server sends Before message, or, processor 801 is sending before the second key changes statement message to above-mentioned server, or to above-mentioned clothes After business device sends client key interaction message, it is also possible to including: processor 801 receives the server that above-mentioned server sends Cipher key interaction checking message, wherein, above-mentioned server key validation-cross message carries the server school of SM2 cipher key interaction algorithm Test digest value；Above-mentioned server verification digest value is verified, after above-mentioned server verification digest value is verified, to Above-mentioned server sends client key validation-cross message, and wherein, it is close that above-mentioned client key validation-cross message carries SM2 The client verification digest value of key interactive algorithm, above-mentioned client verification digest value can be tested by above-mentioned server further Card.

Visible, after using such scheme, introducing and the security authentication mechanism based on tls protocol of SM2 algorithm are had Machine combines so that SM2 algorithm becomes possible and feasible for safety certification, and then makes to utilize SM2 algorithm to carry out data transmission Become possible and feasible, and owing to SM2 algorithm is dissolved in security authentication mechanism based on tls protocol, therefore without to setting For changing and can implement on a large scale, the cost that scheme is implemented is relatively low.Generally speaking, embodiments providing can profit The reasonable mechanism carried out data transmission with SM2 algorithm, is conducive to accelerating the application paces of SM2 algorithm, and then plays SM2 calculation Method advantage in terms of safety, is conducive to improving the safety of TLS and performance.

Seeing Fig. 9, the embodiment of the present invention also provides for a kind of server 900, it may include:

Receive unit 910, transmitting element 920 and certification interactive unit 930.

Receive unit 910, for receiving the client initialization handshake information that client sends, wherein, above-mentioned client Initialization handshake message is carried N number of algorithm set mark, M algorithm set among above-mentioned N number of algorithm set mark identify in every Algorithm set corresponding to individual algorithm set mark includes SM2 algorithm；

Transmitting element 920, for sending the clothes for responding above-mentioned client initialization handshake information to above-mentioned client Business device initialization handshake message, wherein, carries above-mentioned server from above-mentioned M algorithm in above-mentioned server initiation handshake information The first algorithm set mark that set mark is selected, the first algorithm set is designated among above-mentioned M algorithm set mark；

Certification interactive unit 930, for based on the first algorithm set corresponding to the first algorithm set mark and above-mentioned client Carry out safety certification.

In some embodiments of the invention, the first algorithm set is certification class algorithm set or anonymous class algorithm set,

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 930 can Specifically for, send the first message to above-mentioned client, wherein, it is based on SM2 signature algorithm that the first message carries server User certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；First Certificate request message is sent to above-mentioned client；Send server response to above-mentioned client and terminate statement message；Connect Receiving the second message for responding First Certificate request message that above-mentioned client sends, wherein, the second message carries client End group is in SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；The client key receiving the transmission of above-mentioned client is mutual Message, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity Information, wherein, on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve with Machine point and the pre-master key of client identity information calculation server；Receive client user's certification authentication that above-mentioned client sends Message, based on above-mentioned client user's certification authentication message, verifies the legitimacy of the user certificate that the second message carries；To above-mentioned Client sends the first key and changes statement message；Receive the second key replacing statement message that above-mentioned client sends.Enter one Step, the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code institute of whole process message Comprising content can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 930 Can be specifically for, send the first message to above-mentioned client, wherein, the first message carries server based on SM2 signature algorithm User certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries There are SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, Wherein, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server Identity information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order on State the first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned clothes received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the service that business device cipher key interaction message is carried The correctness of device PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；First Certificate request message is sent to above-mentioned client；Receive above-mentioned client send for respond First Certificate please Seeking the second message of message, wherein, the second message carries client based on SM2 signature algorithm or the use of non-SM2 signature algorithm Family certificate；Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries Random point on client public key, elliptic curve and client identity information, wherein, above-mentioned server is close based on above-mentioned client Random point and client identity information calculation server pre-master on client public key that key interaction message carries, elliptic curve are close Key；Receive client user's certification authentication message that above-mentioned client sends, based on above-mentioned client user's certification authentication message, Verify the legitimacy of the user certificate that the second message carries.Further, the full stream that server and client side also can send mutually The authentication code of journey message, wherein, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 930 Can be specifically for, send the first message to above-mentioned client, wherein, the first message carries server based on SM2 signature algorithm User certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries There are SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, Wherein, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server Identity information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order on State the first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned clothes received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the service that business device cipher key interaction message is carried The correctness of device PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Send server response to above-mentioned client and terminate statement message；Receive the client key friendship that above-mentioned client sends Message mutually, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client body Part information, wherein, on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve Random point and the pre-master key of client identity information calculation server；Send the first key replacing statement to above-mentioned client to disappear Breath；Receive the second key replacing statement message that above-mentioned client sends.Further, server and client side also can send out mutually The authentication code of the whole process message sent, wherein, the comprised content of authentication code of whole process message and form can define with TLS standard The most identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then certification interactive unit 930 Can be specifically for, send the first message to above-mentioned client, wherein, the first message carries server based on SM2 signature algorithm User certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries There are SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, Wherein, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server Identity information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order on State the first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned clothes received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the service that business device cipher key interaction message is carried The correctness of device PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, wherein, above-mentioned server is based on above-mentioned client key Random point and client identity information calculation server pre-master on client public key that interaction message carries, elliptic curve are close Key.Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, whole process message The comprised content of authentication code can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then certification interactive unit 930 Can be specifically for, send the first message to above-mentioned client, wherein, the first message carries server based on SM2 signature algorithm User certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key is had to exchange elliptic curve point, server public key, in order to above-mentioned client SM2 elliptic curve parameter that end group carries in above-mentioned server key interaction message, server identity information, key exchange ellipse Curve point and server public key calculate the pre-master key of client；Send server response to above-mentioned client and terminate statement message； Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries client Random point on PKI, elliptic curve and client identity information, wherein, above-mentioned server is mutual based on above-mentioned client key Random point on client public key that message is carried, elliptic curve and the pre-master key of client identity information calculation server；To Above-mentioned client sends the first key and changes statement message；Receive the second key replacing statement message that above-mentioned client sends. Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, the certification of whole process message The comprised content of code can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then certification interactive unit 930 Can be specifically for, send the first message to above-mentioned client, wherein, the first message carries server based on SM2 signature algorithm User certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key is had to exchange elliptic curve point, server public key, in order to above-mentioned client SM2 elliptic curve parameter that end group carries in above-mentioned server key interaction message, server identity information, key exchange ellipse Curve point and server public key calculate the pre-master key of client；Receive the client key interaction message that above-mentioned client sends, Wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity information, Wherein, the random point on above-mentioned server carries based on above-mentioned client key interaction message client public key, elliptic curve With the client identity pre-master key of information calculation server.Further, the full stream that server and client side also can send mutually The authentication code of journey message, wherein, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.

In some embodiments of the invention, certification interactive unit 930 is additionally operable to, close sending first to above-mentioned client Before statement message changed by key, or before receiving the second key replacing statement message that above-mentioned client sends, or receive After stating the client key interaction message that client sends, the client key validation-cross receiving the transmission of above-mentioned client disappears Breath, wherein, above-mentioned client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm；Right After above-mentioned client verification digest value is verified, to above-mentioned client transmission server key validation-cross message, wherein, on State server key validation-cross message and carry the server verification digest value of SM2 cipher key interaction algorithm, in order to above-mentioned client Hold and above-mentioned server verification digest value is verified.

In other embodiments of the present invention, certification interactive unit 930 is additionally operable to, close sending first to above-mentioned client Before statement message changed by key, or, before receiving the second key replacing statement message that above-mentioned client sends, or receive After the client key interaction message that above-mentioned client sends, send server key validation-cross to above-mentioned client and disappear Breath, wherein, above-mentioned server key validation-cross message carries the server verification digest value of SM2 cipher key interaction algorithm；Receive The client key validation-cross message that above-mentioned client sends after being verified server verification digest value, wherein, on State client key validation-cross message and carry the client verification digest value of SM2 cipher key interaction algorithm, certification interactive unit 930 Also can be further to the verification digest value checking of above-mentioned client.

It is understood that the function of each functional module of the server 900 of the present embodiment can be implemented according to said method Method in example implements, and it implements process and is referred to the associated description of said method embodiment, the most superfluous State.

The structural representation of a kind of server 1000 that Figure 10 provides for the present invention, as shown in Figure 10, the visitor of the present embodiment Family end 1000 includes at least one bus 1001, be connected with bus 1001 at least one processor 1002 and with bus 1001 At least one memorizer 1003 being connected.

Wherein, processor 1002, by bus 1001, calls the code stored in memorizer 1003 for receiving client The client initialization handshake information that end sends, wherein, carries N number of algorithm set mark in above-mentioned client initialization handshake information Knowing, the algorithm set corresponding to each algorithm set mark in M algorithm set mark among above-mentioned N number of algorithm set mark includes SM2 algorithm；Send to shake hands for the server initiation responding above-mentioned client initialization handshake information to above-mentioned client and disappear Breath, wherein, carries above-mentioned server and identifies, from above-mentioned M algorithm set, first selected in above-mentioned server initiation handshake information Algorithm set mark, the first algorithm set is designated among above-mentioned M algorithm set mark；Right based on the first algorithm set mark The the first algorithm set answered carries out safety certification with above-mentioned client.

In some embodiments of the invention, processor 1002 can be according to server 1000 ability, transmission environment, safety The factors such as requirement, the N number of algorithm carried from client initialization handshake information set mark is selected an algorithm set mark (when So, first server can support the various algorithms in its algorithm selected set, and is loaded with relevant parameter), in order to follow-up Use the algorithm set corresponding to the algorithm selected set mark to continue and client carries out safety certification.Wherein, client initialization The form of the algorithm set mark carried in handshake information and server initialization handshake message may be identical or different.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then processor 1002 can be concrete For, send the first message to above-mentioned client, wherein, the first message carries server user based on SM2 signature algorithm Certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 Elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, First signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity letter Breath, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned client The first signing messages that end group carries in the above-mentioned server key interaction message received, close to the above-mentioned server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server public key that key interaction message carries Correctness verify, if correctness is verified, then the SM2 carried based on above-mentioned server key interaction message is ellipse Curve parameters, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；To Above-mentioned client sends First Certificate request message；Send server response to above-mentioned client and terminate statement message；In reception Stating the second message for responding First Certificate request message that client sends, wherein, the second message carries client's end group In SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；The client key receiving the transmission of above-mentioned client disappears alternately Breath, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity letter Breath, wherein, random on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve Point and the client identity pre-master key of information calculation server；The client user's certification authentication receiving the transmission of above-mentioned client disappears Breath, based on above-mentioned client user's certification authentication message, verifies the legitimacy of the user certificate that the second message carries；To above-mentioned visitor Family end sends the first key and changes statement message；Receive the second key replacing statement message that above-mentioned client sends.Further , the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code of whole process message is wrapped Can be the most identical with the definition of TLS standard with form containing content.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 1002 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；First Certificate request message is sent to above-mentioned client；Receive above-mentioned client send for respond First Certificate request Second message of message, wherein, the second message carries client based on SM2 signature algorithm or the user of non-SM2 signature algorithm Certificate；Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, wherein, above-mentioned server is based on above-mentioned client key Random point and client identity information calculation server pre-master on client public key that interaction message carries, elliptic curve are close Key；Receive client user's certification authentication message that above-mentioned client sends, based on above-mentioned client user's certification authentication message, Verify the legitimacy of the user certificate that the second message carries.Further, the full stream that server and client side also can send mutually The authentication code of journey message, wherein, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 1002 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Send server response to above-mentioned client and terminate statement message；The client key receiving the transmission of above-mentioned client is mutual Message, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity Information, wherein, on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve with Machine point and the pre-master key of client identity information calculation server；Send the first key to above-mentioned client and change statement message； Receive the second key replacing statement message that above-mentioned client sends.Further, server and client side also can send mutually The authentication code of whole process message, wherein, the comprised content of authentication code of whole process message and form can define with TLS standard Complete or essentially identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 1002 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries client Random point on end PKI, elliptic curve and client identity information, wherein, above-mentioned server is handed over based on above-mentioned client key Random point on client public key that mutually message is carried, elliptic curve and the pre-master key of client identity information calculation server. Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, the certification of whole process message The comprised content of code can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then processor 1002 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, in order to above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Send server response to above-mentioned client and terminate statement message；Connect Receiving the client key interaction message that above-mentioned client sends, wherein, it is public that above-mentioned client key interaction message carries client Random point on key, elliptic curve and client identity information, wherein, above-mentioned server disappears alternately based on above-mentioned client key The client public key that breath carries, the random point on elliptic curve and the pre-master key of client identity information calculation server；Upwards State client and send the first key replacing statement message；Receive the second key replacing statement message that above-mentioned client sends.Enter One step, the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code of whole process message Comprised content can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then processor 1002 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, in order to above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Receive the client key interaction message that above-mentioned client sends, its In, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity information, its In, random point on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve and The pre-master key of client identity information calculation server.Further, the whole process that server and client side also can send mutually The authentication code of message, wherein, the comprised content of authentication code of whole process message and form can define wholly or substantially with TLS standard Identical.

In other embodiments of the present invention, processor 1002 can be additionally used in, and is sending the first key to above-mentioned client Before changing statement message, or, before receiving the second key replacing statement message that above-mentioned client sends, or receive visitor After the client key interaction message that family end sends, to above-mentioned client transmission server key validation-cross message, wherein, Above-mentioned server key validation-cross message carries the server verification digest value of SM2 cipher key interaction algorithm；Receive above-mentioned client Hold the client key validation-cross message sent after server verification digest value is verified, wherein, above-mentioned client Cipher key interaction checking message carries the client verification digest value of SM2 cipher key interaction algorithm, and processor 1002 also can be the most right The verification digest value checking of above-mentioned client.

The server 1000 that the present embodiment provides, may be used for performing the technology of the arbitrary shown embodiment of the method for Fig. 1～Fig. 5 The part that in scheme, server correspondence performs, it is similar with technique effect that it realizes principle, and here is omitted.Wherein, Figure 10 is only For a kind of schematic diagram of structure of the server 1000 that the present invention provides, concrete structure can be adjusted according to actual.

Figure 11 describes the structure of a kind of server 1100 that the embodiment of the present invention provides, and this server 1100 includes: extremely Few 1 processor 1101, such as CPU, at least 1 network interface 1104 or other user interfaces 1103, memorizer 1105, extremely A few communication bus 1102.Communication bus 1102 is for realizing the connection communication between these assemblies.This server 1100 can Choosing comprise user interface 1103, including display, keyboard or pointing device (such as, mouse, trace ball (trackball), Touch-sensitive plate or touch sensitive display screen).Memorizer 1105 may comprise high-speed RAM memorizer, it is also possible to also includes non-labile Memorizer (non-volatile memory), for example, at least one disk memory.Memorizer 1105 optionally can comprise to A few storage device being located remotely from aforementioned processor 1101.

In some embodiments, memorizer 1105 stores following element, executable module or data structure, or Their subset of person, or their superset:

Operating system 11051, comprises various system program, is used for realizing various basic business and processing hardware based Task；

Application program module 11052, comprises various application program, is used for realizing various applied business.

Application program module 11052 includes but not limited to receive unit 910, transmitting element 920 and certification interactive unit 930。

In application program module 11052 each module implement the corresponding module that can be found in embodiment illustrated in fig. 9, This does not repeats.

In embodiments of the present invention, by calling program or the instruction of memorizer 1105 storage, processor 1101 can be used for: Receive the client initialization handshake information that client sends, wherein, above-mentioned client initialization handshake information carries N number of calculation Method set mark, the algorithm set corresponding to each algorithm set mark in M algorithm set mark among above-mentioned N number of algorithm set mark Include SM2 algorithm；The server initiation for responding above-mentioned client initialization handshake information is sent to above-mentioned client Handshake information, wherein, carries above-mentioned server and selects from above-mentioned M algorithm set mark in above-mentioned server initiation handshake information The first algorithm set mark, the first algorithm set be designated above-mentioned M algorithm set identify among one；Based on the first algorithm set mark The first algorithm set corresponding to knowledge carries out safety certification with above-mentioned client.

In some embodiments of the invention, processor 1101 can be according to server 1000 ability, transmission environment, safety The factors such as requirement, the N number of algorithm carried from client initialization handshake information set mark is selected an algorithm set mark (when So, first server can support the various algorithms in its algorithm selected set, and is loaded with relevant parameter), in order to follow-up Use the algorithm set corresponding to the algorithm selected set mark to continue and client carries out safety certification.Wherein, client initialization The form of the algorithm set mark carried in handshake information and server initialization handshake message may be identical or different.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then processor 1101 can be concrete For, send the first message to above-mentioned client, wherein, the first message carries server user based on SM2 signature algorithm Certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 Elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, First signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server identity letter Breath, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned client The first signing messages that end group carries in the above-mentioned server key interaction message received, close to the above-mentioned server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server public key that key interaction message carries Correctness verify, if correctness is verified, then the SM2 carried based on above-mentioned server key interaction message is ellipse Curve parameters, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；To Above-mentioned client sends First Certificate request message；Send server response to above-mentioned client and terminate statement message；In reception Stating the second message for responding First Certificate request message that client sends, wherein, the second message carries client's end group In SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；The client key receiving the transmission of above-mentioned client disappears alternately Breath, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity letter Breath, wherein, random on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve Point and the client identity pre-master key of information calculation server；The client user's certification authentication receiving the transmission of above-mentioned client disappears Breath, based on above-mentioned client user's certification authentication message, verifies the legitimacy of the user certificate that the second message carries；To above-mentioned visitor Family end sends the first key and changes statement message；Receive the second key replacing statement message that above-mentioned client sends.Further , the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code of whole process message is wrapped Can be the most identical with the definition of TLS standard with form containing content.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 1101 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；First Certificate request message is sent to above-mentioned client；Receive above-mentioned client send for respond First Certificate request Second message of message, wherein, the second message carries client based on SM2 signature algorithm or the user of non-SM2 signature algorithm Certificate；Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, wherein, above-mentioned server is based on above-mentioned client key Random point and client identity information calculation server pre-master on client public key that interaction message carries, elliptic curve are close Key；Receive client user's certification authentication message that above-mentioned client sends, based on above-mentioned client user's certification authentication message, Verify the legitimacy of the user certificate that the second message carries.Further, the full stream that server and client side also can send mutually The authentication code of journey message, wherein, the comprised content of authentication code of whole process message and form can or bases complete with the definition of TLS standard This is identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 1101 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Send server response to above-mentioned client and terminate statement message；The client key receiving the transmission of above-mentioned client is mutual Message, wherein, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity Information, wherein, on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve with Machine point and the pre-master key of client identity information calculation server；Send the first key to above-mentioned client and change statement message； Receive the second key replacing statement message that above-mentioned client sends.Further, server and client side also can send mutually The authentication code of whole process message, wherein, the comprised content of authentication code of whole process message and form can define with TLS standard Complete or essentially identical.

In other embodiments of the present invention, if the first algorithm set is certification class algorithm set, then processor 1101 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, the first signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, above-mentioned server body Part information, above-mentioned key exchange elliptic curve point and above-mentioned server public key carry out signature computing and obtain, in order to above-mentioned The first signing messages that client is carried based on the above-mentioned server key interaction message received, to the above-mentioned service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on above-mentioned server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；Receiving the client key interaction message that above-mentioned client sends, wherein, above-mentioned client key interaction message carries client Random point on end PKI, elliptic curve and client identity information, wherein, above-mentioned server is handed over based on above-mentioned client key Random point on client public key that mutually message is carried, elliptic curve and the pre-master key of client identity information calculation server. Further, the authentication code of the whole process message that server and client side also can send mutually, wherein, the certification of whole process message The comprised content of code can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then processor 1101 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, in order to above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Send server response to above-mentioned client and terminate statement message；Connect Receiving the client key interaction message that above-mentioned client sends, wherein, it is public that above-mentioned client key interaction message carries client Random point on key, elliptic curve and client identity information, wherein, above-mentioned server disappears alternately based on above-mentioned client key The client public key that breath carries, the random point on elliptic curve and the pre-master key of client identity information calculation server；Upwards State client and send the first key replacing statement message；Receive the second key replacing statement message that above-mentioned client sends.Enter One step, the authentication code of the whole process message that server and client side also can send mutually, wherein, the authentication code of whole process message Comprised content can be the most identical with the definition of TLS standard with form.

In other embodiments of the present invention, if the first algorithm set is anonymous class algorithm set, then processor 1101 can have Body is used for, and sends the first message to above-mentioned client, and wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to above-mentioned client, wherein, above-mentioned server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key, in order to above-mentioned client The SM2 elliptic curve parameter carried based on above-mentioned server key interaction message, server identity information, key exchange are oval bent Line point and server public key calculate the pre-master key of client；Receive the client key interaction message that above-mentioned client sends, its In, above-mentioned client key interaction message carries the random point on client public key, elliptic curve and client identity information, its In, random point on client public key that above-mentioned server carries based on above-mentioned client key interaction message, elliptic curve and The pre-master key of client identity information calculation server.Further, the whole process that server and client side also can send mutually The authentication code of message, wherein, the comprised content of authentication code of whole process message and form can define wholly or substantially with TLS standard Identical.

In other embodiments of the present invention, processor 1101 can be additionally used in, and is sending the first key to above-mentioned client Before changing statement message, or, before receiving the second key replacing statement message that above-mentioned client sends, or receive visitor After the client key interaction message that family end sends, to above-mentioned client transmission server key validation-cross message, wherein, Above-mentioned server key validation-cross message carries the server verification digest value of SM2 cipher key interaction algorithm；Receive above-mentioned client Hold the client key validation-cross message sent after server verification digest value is verified, wherein, above-mentioned client Cipher key interaction checking message carries the client verification digest value of SM2 cipher key interaction algorithm, and processor 1101 also can be the most right The verification digest value checking of above-mentioned client.

The server 1100 that the present embodiment provides, may be used for performing the technology of the arbitrary shown embodiment of the method for Fig. 1～Fig. 5 The part that in scheme, server correspondence performs, it is similar with technique effect that it realizes principle, and here is omitted.

Seeing Figure 12, the embodiment of the present invention also provides for a kind of communication system, it may include:

Client 1210 and server 1220,

Wherein, client 1210, for sending at the beginning of client initialization handshake information, above-mentioned client to server 1220 Beginningization handshake information is carried N number of algorithm set mark, M algorithm set among above-mentioned N number of algorithm set mark identify in each Algorithm set corresponding to algorithm set mark includes SM2 algorithm, and wherein, above-mentioned N is just more than or equal to above-mentioned M, above-mentioned N and M Integer；

Server 1220, for sending the service for responding above-mentioned client initialization handshake information to above-mentioned client Device initialization handshake message, wherein, carries the first algorithm set mark, the first algorithm set in above-mentioned server initiation handshake information It is designated among above-mentioned M algorithm set mark；Overlap with above-mentioned based on the first algorithm corresponding to the first algorithm set mark Client carries out safety certification.

In some embodiments of the invention, if the first algorithm set is for certification class algorithm set, server 1220 specifically for, The server initiation handshake information for customer in response end initialization handshake message, wherein, service is sent to client 1210 Carrying the first algorithm set mark in device initialization handshake message, the first algorithm set is designated among above-mentioned M algorithm set mark One, sending the first message to client 1210, wherein, the first message carries server user based on SM2 signature algorithm Certificate；Sending server key interaction message to client 1210, wherein, it is oval that server key interaction message carries SM2 Parameter of curve, server identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, first Signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, server identity information, above-mentioned Key exchange elliptic curve point and server public key carry out signature computing and obtain, in order to client 1210 is based on receiving The first signing messages of carrying of server key interaction message, the SM2 that the server key interaction message received is carried The correctness of elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key is verified, if Correctness is verified, then the SM2 elliptic curve parameter carried based on server key interaction message, server identity letter Breath, key exchange elliptic curve point and server public key calculate the pre-master key of client；First Certificate is sent to client 1210 Request message；Receive the second message for responding First Certificate request message that client 1210 sends, wherein, the second message Carry client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；Receive the client that client 1210 sends End cipher key interaction message, wherein, client key interaction message carries the random point on client public key, elliptic curve and client End identity information, the random point on the client public key carried based on client key interaction message, elliptic curve and client The pre-master key of identity information calculation server；Receive client user's certification authentication message that client 1210 sends, based on visitor Family end subscriber certification authentication message, verifies the legitimacy of the user certificate that the second message carries.

In some embodiments of the invention, if the first algorithm set is certification class algorithm set, then server 1220 is specifically used In, send the server initiation handshake information for customer in response end initialization handshake message, wherein, clothes to client 1210 Carrying the first algorithm set mark in business device initialization handshake message, the first algorithm set is designated among above-mentioned M algorithm set mark One；Sending the first message to client 1210, wherein, the first message carries server use based on SM2 signature algorithm Family certificate；Sending server key interaction message to client 1210, wherein, it is ellipse that server key interaction message carries SM2 Curve parameters, server identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, the One signing messages is private key based on server user's certificate, to above-mentioned SM2 elliptic curve parameter, server identity information, on State key exchange elliptic curve point and server public key carries out signature computing and obtains, in order to client 1210 is based on reception To the first signing messages of carrying of server key interaction message, the server key interaction message received is carried The correctness of SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key is tested Card, if correctness is verified, then the SM2 elliptic curve parameter carried based on server key interaction message, server Identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；Receive client 1210 to send Client key interaction message, wherein, client key interaction message carries the random point on client public key, elliptic curve With client identity information, wherein, the client public key that server 1220 carries based on client key interaction message, oval song Random point on line and the pre-master key of client identity information calculation server.

In some embodiments of the invention, if the first algorithm set is anonymous class algorithm set, then server 1220 is specifically used In, send the server initiation handshake information for customer in response end initialization handshake message, wherein, clothes to client 1210 Carrying the first algorithm set mark in business device initialization handshake message, the first algorithm set is designated among above-mentioned M algorithm set mark One；Sending server key interaction message to client 1210, wherein, it is ellipse that server key interaction message carries SM2 Curve parameters, server identity information, key exchange elliptic curve point and server public key, in order to client 1210 based on SM2 elliptic curve parameter that server key interaction message carries, server identity information, key exchange elliptic curve point kimonos Business device PKI calculates the pre-master key of client；Receive the client key interaction message that client 1210 sends, wherein, client Cipher key interaction message carries the random point on client public key, elliptic curve and client identity information, wherein, server 1220 Random point and client identity information on the client public key carried based on client key interaction message, elliptic curve calculate The pre-master key of server.

In some embodiments of the invention, send the first key replacing statement at server 1220 to client 1210 to disappear Before breath, or, before server 1220 receives the second key replacing statement message that client 1210 sends, or, clothes After business device 1220 receives the client key interaction message that client 1210 sends, it is also possible to including: server 1220 is to visitor Family end 1210 sends server key validation-cross message, and wherein, server key validation-cross message carries SM2 cipher key interaction The server verification digest value of algorithm；Server 1220 receives client 1210 after being verified server verification digest value The client key validation-cross message sent, wherein, above-mentioned client key validation-cross message is carried SM2 cipher key interaction and is calculated The client verification digest value of method, server 1220 can be further to the verification digest value checking of above-mentioned client.

In other embodiments of the present invention, send the first key at server 1220 to client 1210 and change statement Before message, or, before server 1220 receives the second key replacing statement message that client 1210 sends, or, service Device 1220 may also include that server 1220 receives client after receiving the client key interaction message that client 1210 sends The 1210 client key validation-cross message sent, wherein, above-mentioned client key validation-cross message is carried SM2 key and is handed over The client verification digest value of algorithm mutually；After above-mentioned client verification digest value is verified, send to client 1210 Server key validation-cross message, wherein, above-mentioned server key validation-cross message carries the clothes of SM2 cipher key interaction algorithm Business device verification digest value, in order to above-mentioned server verification digest value is verified by client 1210.Client 1210 can be entered Above-mentioned server verification digest value is verified by one step.

Wherein, client 1210 such as can be such as the client 600 described in above-described embodiment, client 700 or client 900, server 1220 such as can be such as the server 900 described in above-described embodiment, server 1000 or server 1100.

The embodiment of the present invention also provides for the schematic diagram of a kind of mobile terminal 1300, and wherein, mobile terminal 1300 can be used for reality Client or the part or all of function of server in existing above-described embodiment.

As shown in figure 13, for convenience of description, illustrate only some parts that may be relevant to the embodiment of the present invention, specifically Ins and outs do not disclose, and refer to embodiment of the present invention method part.

Wherein, Figure 13 is illustrated that the part-structure of mobile terminal that the terminal provided to the embodiment of the present invention may be relevant Block diagram.With reference to Figure 13, mobile terminal includes radio frequency (Radio Frequency, RF) circuit 1310, memorizer 1320, input Unit 1330, Wireless Fidelity (wireless fidelity, WiFi) module 1370, display unit 1340, sensor 1350, sound The parts such as frequency circuit 1360, processor 1380 and power supply 1390.

Wherein, it will be understood by those skilled in the art that the mobile terminal structure shown in Figure 13 is not intended that mobile whole The restriction of end, can include that ratio illustrates more or less of parts, or combine some parts, or different parts are arranged.

RF circuit 1310 can be used for receiving and sending messages or in communication process, and the reception of signal and transmission, especially, by base station Downlink information receive after, process to processor 1380；It addition, be sent to base station by designing up data.Generally, RF circuit Include but not limited to antenna, at least one amplifier, transceiver, bonder, low-noise amplifier (Low Noise Amplifier, LNA), duplexer etc..Additionally, RF circuit 1310 can also be led to network and other equipment by radio communication Letter.Above-mentioned radio communication can use arbitrary communication standard or agreement, includes but not limited to global system for mobile communications (Global System of Mobile communication, GSM), general packet radio service (General Packet Radio Service, GPRS), CDMA (Code Division Multiple Access, CDMA), WCDMA (Wideband Code Division Multiple Access, WCDMA), Long Term Evolution (Long Term Evolution, LTE)), Email, Short Message Service (Short Messaging Service, SMS) etc..

Wherein, memorizer 1320 can be used for storing software program and module, and processor 1380 is stored in by operation The software program of reservoir 1320 and module, thus perform the application of various functions and the data process of mobile terminal.Memorizer 1320 can mainly include storing program area and storage data field, and wherein, storage program area can store operating system, at least one merit Application program (such as sound-playing function, image player function etc.) etc. needed for energy；Storage data field can store according to mobile whole The data (such as voice data, phone directory etc.) etc. that the use of end is created.Additionally, memorizer 1320 can include depositing at random at a high speed Access to memory, it is also possible to include nonvolatile memory, for example, at least one disk memory, flush memory device or other are easy The property lost solid-state memory.

Input block 1330 can be used for receiving numeral or the character information of input, and produces the use with mobile terminal 1300 Family is arranged and function controls relevant key signals input.Specifically, input block 1330 can include contact panel 1331 and Other input equipments 1332.Contact panel 1331, also referred to as touch screen, can collect user thereon or neighbouring touch operation (such as user uses any applicable object such as finger, stylus or adnexa on contact panel 1331 or at contact panel 1331 Neighbouring operation), and drive corresponding attachment means according to formula set in advance.Optionally, contact panel 1331 can include Touch detecting apparatus and two parts of touch controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect tactile Touch the signal that operation brings, transmit a signal to touch controller；Touch controller receives touch letter from touch detecting apparatus Breath, and is converted into contact coordinate, then gives processor 1380, and can receive order that processor 1380 sends and be held OK.Furthermore, it is possible to use the polytypes such as resistance-type, condenser type, infrared ray and surface acoustic wave to realize contact panel 1331.Remove Contact panel 1331, input block 1330 can also include other input equipments 1332.Specifically, other input equipments 1332 Physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operation can be included but not limited to One or more in bar etc..

Wherein, display unit 1340 can be used for showing the information inputted by user or the information being supplied to user and movement The various menus of terminal.Display unit 1340 can include display floater 1341, optionally, can use liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting Diode, Etc. OLED) form configures display floater 1341.Further, contact panel 1331 can cover display floater 1341, works as touch-control Panel 1331 detects thereon or after neighbouring touch operation, sends processor 1380 to determine the type of touch event, On display floater 1341, corresponding visual output is provided according to the type of touch event with preprocessor 1380.Although at Figure 13 In, contact panel 1331 and display floater 1341 are to realize input and the input work of mobile terminal as two independent parts Can, but in some embodiments it is possible to by integrated with display floater 1341 for contact panel 1331 and realize the defeated of mobile terminal Enter and output function.

Wherein, mobile terminal 1300 may also include at least one sensor 1350, such as optical sensor, motion sensor with And other sensors.Specifically, optical sensor can include ambient light sensor and proximity transducer, wherein, ambient light sensor Can regulate the brightness of display floater 1341 according to the light and shade of ambient light, proximity transducer can move in one's ear at mobile terminal Time, close display floater 1341 and/or backlight.As the one of motion sensor, accelerometer sensor can detect all directions The size of upper (generally three axles) acceleration, can detect that size and the direction of gravity time static, can be used for identifying mobile terminal The application (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating) of attitude, Vibration identification correlation function (such as count step Device, percussion) etc.;Gyroscope, barometer, drimeter, thermometer and the infrared ray sensor etc. that can also configure as mobile terminal Other sensors, do not repeat them here.

Voicefrequency circuit 1360, speaker 1361, microphone 1362 can provide the audio interface between user and mobile terminal. The signal of telecommunication after the voice data conversion that voicefrequency circuit 1360 can will receive, is transferred to speaker 1361, by speaker 1361 Be converted to acoustical signal output；On the other hand, the acoustical signal of collection is converted to the signal of telecommunication by microphone 1362, by voicefrequency circuit 1360 receive after be converted to voice data, then after being processed by voice data output processor 1380, through RF circuit 1310 to send Give such as another mobile terminal, or voice data is exported to memorizer 1320 to process further.

WiFi belongs to short range wireless transmission technology, and mobile terminal can help user to receive and dispatch electricity by WiFi module 1370 Sub-mail, browsing webpage and access streaming video etc., it has provided the user wireless broadband internet and has accessed.Although Figure 13 shows Go out WiFi module 1370, but it is understood that, it is also not belonging to must be configured into of mobile terminal 1300, completely can root Omit in not changing the scope of essence of invention according to needs.

Processor 1380 is the control centre of mobile terminal, utilizes each of various interface and the whole mobile terminal of connection Individual part, is stored in the software program in memorizer 1320 and/or module by running or performing, and calls and be stored in storage Data in device 1320, perform the various functions of mobile terminal and process data, thus mobile terminal is carried out integral monitoring.Can Choosing, processor 1380 can include one or more processing unit；Preferably, processor 1380 can integrated application processor and tune Demodulation processor processed, wherein, application processor mainly processes operating system, user interface and application program etc., and modulatedemodulate is mediated Reason device mainly processes radio communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1380 In.

Mobile terminal 1300 also includes the power supply 1390(such as battery powered to all parts), it is preferred that power supply is permissible Logically contiguous with processor 1380 by power-supply management system, thus by power-supply management system realize management charging, electric discharge, with And the function such as power managed.Although not shown, mobile terminal 1300 can also include photographic head, bluetooth module etc., at this no longer Repeat.

The embodiment of the present invention also provides for a kind of computer-readable storage medium, and wherein, this computer-readable storage medium can store journey Sequence, this program includes the part or all of step of the safety certifying method described in said method embodiment when performing.

It should be noted that for aforesaid each method embodiment, in order to be briefly described, therefore it is all expressed as a series of Combination of actions, but those skilled in the art should know, the present invention is not limited by described sequence of movement because According to the present invention, some step can use other orders or carry out simultaneously.Secondly, those skilled in the art also should know Knowing, embodiment described in this description belongs to preferred embodiment, involved action and the module not necessarily present invention Necessary.

In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not has the portion described in detail in certain embodiment Point, may refer to the associated description of other embodiments.

In several embodiments provided herein, it should be understood that disclosed device, can be by another way Realize.Such as, device embodiment described above is only schematically, and the division of such as said units is only one Logic function divides, actual can have when realizing other dividing mode, the most multiple unit or assembly can in conjunction with or can To be integrated into another system, or some features can be ignored, or does not performs.Another point, shown or discussed each other Coupling direct-coupling or communication connection can be the INDIRECT COUPLING by some interfaces, device or unit or communication connection, Can be being electrical or other form.

The above-mentioned unit illustrated as separating component can be or may not be physically separate, shows as unit The parts shown can be or may not be physical location, i.e. may be located at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected according to the actual needs to realize the mesh of the present embodiment scheme 's.

It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to It is that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated list Unit both can realize to use the form of hardware, it would however also be possible to employ the form of SFU software functional unit realizes.

If above-mentioned integrated unit realizes and as independent production marketing or use using the form of SFU software functional unit Time, can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part that in other words prior art contributed or this technical scheme completely or partially can be with the form of software product Embodying, this computer software product is stored in a storage medium, including some instructions with so that a computer Equipment (can be personal computer, server or the network equipment etc.) perform each embodiment said method of the present invention whole or Part steps.And aforesaid storage medium includes: USB flash disk, read only memory (ROM, Read-Only Memory), random access memory are deposited Reservoir (RAM, Random Access Memory), portable hard drive, magnetic disc or CD etc. are various can store program code Medium.

The most above-mentioned, above example only in order to technical scheme to be described, is not intended to limit；Although with reference to front State embodiment the present invention has been described in detail, it will be understood by those within the art that: it still can be to front State the technical scheme described in each embodiment to modify, or wherein portion of techniques feature is carried out equivalent；And these Amendment or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims

1. the method for a safety certification based on secure transport layers tls protocol, it is characterised in that including:

User end to server sends client initialization handshake information, wherein, takes in described client initialization handshake information Carrying N number of algorithm set mark, each algorithm set mark in M algorithm set mark among described N number of algorithm set mark is corresponding Algorithm set include SM2 algorithm, wherein, described N is positive integer more than or equal to described M, described N and M；

Described client receives at the beginning of the server being used for responding described client initialization handshake information that described server sends Beginningization handshake information, wherein, carries the first algorithm set mark, described first algorithm set in described server initiation handshake information It is designated among described M algorithm set mark；

Described client carries out safety based on the first algorithm set corresponding to described first algorithm set mark with described server and recognizes Card；

Described first algorithm set is certification class algorithm set or anonymous class algorithm set；

Wherein, described anonymous class algorithm set includes SM2 unsymmetrical key interactive algorithm, symmetric encipherment algorithm and digest algorithm； Described certification class algorithm set includes: symmetric encipherment algorithm, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and summary are calculated Method；

If described first algorithm set is certification class algorithm set, the most described client is based on corresponding to described first algorithm set mark First algorithm set carries out safety certification with described server, including:

Described client receive described server send the first message, wherein, described first message carry server based on The user certificate of SM2 signature algorithm；

Described client receives the server key interaction message that described server sends, and wherein, described server key is mutual Message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and first Signing messages, wherein, described first signing messages is private key based on server user's certificate, joins described SM2 elliptic curve Server identity information several, described, described key exchange elliptic curve point and described server public key carry out signature computing and obtain Arrive；

The first signing messages that described client is carried based on the described server key interaction message received, to receive SM2 elliptic curve parameter that described server key interaction message carries, server identity information, key exchange elliptic curve point Verify with the correctness of server public key, if correctness is verified, then disappear alternately based on described server key SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key that breath carries calculate client Hold pre-master key；

Described client sends the second message for responding described First Certificate request message, wherein, institute to described server State the second message and carry client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Described client sends client key interaction message, wherein, described client key interaction message to described server Carry the random point on client public key, elliptic curve and client identity information, in order to described server is based on described visitor Random point on client public key that family end cipher key interaction message is carried, elliptic curve and client identity information calculation server Pre-master key；

Described client sends client user's certification authentication message to described server, in order to described server is based on described Client user's certification authentication message, verifies the legitimacy of the user certificate that described second message carries；

If the first algorithm set is for anonymous class algorithm set, the most described client is based on the corresponding to described first algorithm set mark One algorithm set carries out safety certification with described server, including:

Described client receives the server key interaction message that described server sends, and wherein, described server key is mutual Message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key；Wherein, SM2 elliptic curve parameter that described client is carried based on described server key interaction message, server identity information, key Exchange elliptic curve point and server public key calculate the pre-master key of client；

Described client sends client key interaction message, wherein, described client key interaction message to described server Carry the random point on client public key, elliptic curve and client identity information, in order to described server is based on described visitor Random point on client public key that family end cipher key interaction message is carried, elliptic curve and client identity information calculation server Pre-master key.

Method the most according to claim 1, it is characterised in that described client sends client key to described server After interaction message, also include:

Described client sends client key validation-cross message to described server, and wherein, described client key is mutual Checking message carries the client verification digest value of SM2 cipher key interaction algorithm, in order to client described in described server authentication Verification digest value；Receive the server key friendship that described server sends after being verified described client verification digest value Verifying message mutually, wherein, described server key validation-cross message carries the server verification summary of SM2 cipher key interaction algorithm Value, described server verification digest value is verified by described client.

3. the method for a safety certification based on secure transport layers tls protocol, it is characterised in that including:

Server receives the client initialization handshake information that client sends, wherein, described client initialization handshake information In carry N number of algorithm set mark, each algorithm set in M algorithm set mark among described N number of algorithm set mark identifies institute Corresponding algorithm set includes SM2 algorithm；

Described server sends the server initiation for responding described client initialization handshake information to described client Handshake information, wherein, carries described server and selects from described M algorithm set mark in described server initiation handshake information The first algorithm set mark, described first algorithm set be designated described M algorithm set identify among one；

Described server carries out safety based on the first algorithm set corresponding to described first algorithm set mark with described client to be recognized Card；

If the first algorithm set is certification class algorithm set, the most described server is based on first corresponding to described first algorithm set mark Algorithm set carries out safety certification with described client, including:

Described server sends the first message to described client, and wherein, described first message carries server and signs based on SM2 The user certificate of name algorithm；

Described server sends server key interaction message, wherein, described server key interaction message to described client Carry SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signature Information, wherein, described first signing messages is private key based on server user's certificate, to described SM2 elliptic curve parameter, institute State server identity information, described key exchange elliptic curve point and described server public key to carry out signature computing and obtain, So that the first signing messages that described client is carried based on the described server key interaction message received, to receiving Described server key interaction message carry SM2 elliptic curve parameter, server identity information, key exchange elliptic curve The correctness of point and server public key is verified, if correctness is verified, then mutual based on described server key SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key that message is carried calculate visitor The pre-master key of family end；

Described server sends First Certificate request message to described client；

Described server receives the second message for responding described First Certificate request message that described client sends, its In, described second message carries client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Described server receives the client key interaction message that described client sends, and wherein, described client key is mutual Message carries the random point on client public key, elliptic curve and client identity information, and wherein, described server is based on described Random point and client identity information on client public key that client key interaction message carries, elliptic curve calculate service The pre-master key of device；

Described server receives client user's certification authentication message that described client sends, and demonstrate,proves based on described client user Book checking message, verifies the legitimacy of the user certificate that described second message carries；

If the first algorithm set is anonymous class algorithm set, the most described server and described client are based on described first algorithm set mark The first corresponding algorithm set carries out safety certification, including:

Described server sends server key interaction message, wherein, described server key interaction message to described client Carry SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key, in order to institute State SM2 elliptic curve parameter that client carries based on described server key interaction message, server identity information, key are handed over Change elliptic curve point and server public key calculates the pre-master key of client；

Described server receives the client key interaction message that described client sends, and wherein, described client key is mutual Message carries the random point on client public key, elliptic curve and client identity information, and wherein, described server is based on described Random point and client identity information on client public key that client key interaction message carries, elliptic curve calculate service The pre-master key of device.

Method the most according to claim 3, it is characterised in that described server receives the client that described client sends After cipher key interaction message, also include:

Described server receives the client key validation-cross message that described client sends, wherein, described client key Validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm；Described client verification digest value is being tested Card, by rear, sends server key validation-cross message to described client, and wherein, described server key validation-cross disappears Breath carries the server verification digest value of SM2 cipher key interaction algorithm, in order to described client is to described server verification summary Value is verified.

5. a client, it is characterised in that including:

Transmitting element, for sending client initialization handshake information to server, wherein, described client initialization is shaken hands and is disappeared Breath carries N number of algorithm set mark, each algorithm set mark in M algorithm set mark among described N number of algorithm set mark Corresponding algorithm set includes SM2 algorithm, and wherein, described N is positive integer more than or equal to described M, described N and M；

Receive unit, for receiving the server for responding described client initialization handshake information that described server sends Initialization handshake message, carries the first algorithm set mark, described first algorithm set mark in described server initiation handshake information Know among for described M algorithm set mark；

Certification interactive unit, for carrying out with described server based on the first algorithm set corresponding to described first algorithm set mark Safety certification；

If the first algorithm set is for certification class algorithm set, then certification interactive unit is specifically for, receive that described server sends the One message, wherein, described first message carries server user certificate based on SM2 signature algorithm；

Receiving the server key interaction message that described server sends, wherein, described server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point, server public key and the first signing messages, its In, described first signing messages is private key based on server user's certificate, to described SM2 elliptic curve parameter, described service Device identity information, described key exchange elliptic curve point and described server public key carry out signature computing and obtain；Based on connecing The first signing messages that the described server key interaction message received carries, disappears alternately to the described server key received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the correctness of server public key that breath carries Verify, if correctness is verified, then the SM2 elliptic curve ginseng carried based on described server key interaction message Number, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；

Receive the First Certificate request message that described server sends；

The second message for responding described First Certificate request message, wherein, described second message is sent to described server Carry client based on SM2 signature algorithm or the user certificate of non-SM2 signature algorithm；

Sending client key interaction message to described server, wherein, described client key interaction message carries client Random point on PKI, elliptic curve and client identity information, in order to described server is handed over based on described client key Random point on client public key that mutually message is carried, elliptic curve and the pre-master key of client identity information calculation server；

Client user's certification authentication message is sent, in order to described server is based on described client user to described server Certification authentication message, verifies the legitimacy of the user certificate that described second message carries；

Receiving the first message that described server sends, wherein, described first message carries server based on SM2 signature algorithm User certificate；

Receiving the server key interaction message that described server sends, wherein, described server key interaction message carries SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key；Based on described server SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server that cipher key interaction message is carried are public Key calculates the pre-master key of client；

Sending client key interaction message to described server, wherein, described client key interaction message carries client Random point on PKI, elliptic curve and client identity information, in order to described server is handed over based on described client key Random point on client public key that mutually message is carried, elliptic curve and the pre-master key of client identity information calculation server.

Client the most according to claim 5, it is characterised in that described certification interactive unit is additionally operable to, to described service After device sends client key interaction message, send client key validation-cross message to described server, wherein, described Client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm, in order to described server Verify that described client verifies digest value；Receive described server to send after described client verification digest value is verified Server key validation-cross message, wherein, described server key validation-cross message carries SM2 cipher key interaction algorithm Server verification digest value, verifies described server verification digest value.

7. a server, it is characterised in that including:

Receiving unit, for receiving the client initialization handshake information that client sends, wherein, described client initialization is held Hands message is carried N number of algorithm set mark, each algorithm set in M algorithm set mark among described N number of algorithm set mark Algorithm set corresponding to mark includes SM2 algorithm；

Transmitting element, sends to described client and holds for the server initiation responding described client initialization handshake information Hands message, wherein, carries what described server was selected from described M algorithm set mark in described server initiation handshake information First algorithm set mark, described first algorithm set is designated among described M algorithm set mark；

Certification interactive unit, for carrying out with described client based on the first algorithm set corresponding to described first algorithm set mark Safety certification；

Wherein, described anonymous class algorithm set includes SM2 unsymmetrical key interactive algorithm, symmetric encipherment algorithm and digest algorithm； Described certification class algorithm set includes: symmetric encipherment algorithm, SM2 unsymmetrical key interactive algorithm, SM2 signature algorithm and summary Algorithm；

Sending the first message to described client, wherein, described first message carries server use based on SM2 signature algorithm Family certificate；

Sending server key interaction message to described client, wherein, it is ellipse that described server key interaction message carries SM2 Curve parameters, server identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, institute Stating the first signing messages is private key based on server user's certificate, to described SM2 elliptic curve parameter, described server identity Information, described key exchange elliptic curve point and described server public key carry out signature computing and obtain, in order to described visitor The first signing messages that family end group carries in the described server key interaction message received, to the described server received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server that cipher key interaction message is carried are public The correctness of key is verified, if correctness is verified, then and the SM2 carried based on described server key interaction message Elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate the pre-master key of client；

First Certificate request message is sent to described client；

Receiving the client key interaction message that described client sends, wherein, described client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, carry based on described client key interaction message Random point on client public key, elliptic curve and the pre-master key of client identity information calculation server；

Receive client user's certification authentication message that described client sends, disappear based on described client user's certification authentication Breath, verifies the legitimacy of the user certificate that described second message carries；

Sending the first message to described client, wherein, described first message carries server and carries server based on SM2 The user certificate of signature algorithm；

Sending server key interaction message to described client, wherein, it is ellipse that described server key interaction message carries SM2 Curve parameters, server identity information, key exchange elliptic curve point, server public key and the first signing messages, wherein, Described first signing messages is private key based on server user's certificate, to described SM2 elliptic curve parameter, described server body Part information, described key exchange elliptic curve point and described server public key carry out signature computing and obtain, in order to described The first signing messages that client is carried based on the described server key interaction message received, to the described service received SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried The correctness of PKI is verified, if correctness is verified, then carries based on described server key interaction message It is close that SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and server public key calculate client pre-master Key；

Receiving the client key interaction message that described client sends, wherein, described client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, wherein, described server is based on described client key Random point and client identity information calculation server pre-master on client public key that interaction message carries, elliptic curve are close Key；

Sending server key interaction message to described client, wherein, it is ellipse that described server key interaction message carries SM2 Curve parameters, server identity information, key exchange elliptic curve point and server public key, in order to described client based on SM2 elliptic curve parameter that described server key interaction message carries, server identity information, key exchange elliptic curve point The pre-master key of client is calculated with server public key；

Receiving the client key interaction message that described client sends, wherein, described client key interaction message carries visitor Random point on family end PKI, elliptic curve and client identity information, wherein, described server is based on described client key Random point and client identity information calculation server pre-master on client public key that interaction message carries, elliptic curve are close Key.

Server the most according to claim 7, it is characterised in that described certification interactive unit is additionally operable to, and receives described visitor After the client key interaction message that family end sends, receive the client key validation-cross message that described client sends, Wherein, described client key validation-cross message carries the client verification digest value of SM2 cipher key interaction algorithm；To described After client verification digest value is verified, send server key validation-cross message, wherein, described clothes to described client Business device cipher key interaction checking message carries the server verification digest value of SM2 cipher key interaction algorithm, in order to described client pair Described server verification digest value is verified.

9. a communication system, it is characterised in that including:

Client and server,

Wherein, described client, for sending client initialization handshake information, described client initialization to described server Handshake information is carried N number of algorithm set mark, each algorithm in M algorithm set mark among described N number of algorithm set mark Algorithm set corresponding to set mark includes SM2 algorithm, and wherein, described N is positive integer more than or equal to described M, described N and M；

Described server, for sending at the beginning of the server for responding described client initialization handshake information to described client Beginningization handshake information, wherein, carries the first algorithm set mark, described first algorithm set in described server initiation handshake information It is designated among described M algorithm set mark；Based on described first algorithm set mark corresponding to first algorithm set with Described client carries out safety certification；

If the first algorithm set is for certification class algorithm set, the most described server specifically for, send to described client and be used for responding The server initiation handshake information of described client initialization handshake information, wherein, described server initiation handshake information In carry the first algorithm set mark, described first algorithm set be designated described M algorithm set identify among one；

First Certificate request message is sent to described client；

If the first algorithm set is for anonymous class algorithm set, the most described server specifically for, send to described client and be used for responding The server initiation handshake information of described client initialization handshake information, wherein, described server initiation handshake information In carry the first algorithm set mark, described first algorithm set be designated described M algorithm set identify among one；To described Client sends server key interaction message, and wherein, described server key interaction message carries SM2 elliptic curve ginseng Number, server identity information, key exchange elliptic curve point and server public key, in order to described client is based on described service SM2 elliptic curve parameter, server identity information, key exchange elliptic curve point and the server that device cipher key interaction message is carried PKI calculates the pre-master key of client；Receive the client key interaction message that described client sends, wherein, described client Cipher key interaction message carries the random point on client public key, elliptic curve and client identity information, wherein, described server Random point on the client public key carried based on described client key interaction message, elliptic curve and client identity information The pre-master key of calculation server.