CN106453431A - Method for realizing Internet intersystem authentication based on PKI - Google Patents

Method for realizing Internet intersystem authentication based on PKI Download PDF

Info

Publication number
CN106453431A
CN106453431A CN201611175822.9A CN201611175822A CN106453431A CN 106453431 A CN106453431 A CN 106453431A CN 201611175822 A CN201611175822 A CN 201611175822A CN 106453431 A CN106453431 A CN 106453431A
Authority
CN
China
Prior art keywords
server
terminal
key
public key
termination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611175822.9A
Other languages
Chinese (zh)
Other versions
CN106453431B (en
Inventor
肖建
常清雪
刘剑飞
付强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201611175822.9A priority Critical patent/CN106453431B/en
Publication of CN106453431A publication Critical patent/CN106453431A/en
Application granted granted Critical
Publication of CN106453431B publication Critical patent/CN106453431B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the authentication technology. The invention is to solve the problem that the existing traditional authentication process is low in efficiency, and provides a method for realizing Internet intersystem authentication based on PKI. The technical scheme of the invention can be generalized as follows: first, a server and a terminal respectively initiate the activation to an authenticator platform, the server and the terminal respectively verify respective identity when establishing the first session connection, the server needs to configure a corresponding security strategy in the verification, and the server and the terminal determine whether need to use an encryption algorithm according to the security strategy after the verification is successful, and normally process the subsequent session if the encryption algorithm is unnecessary, or the server and the terminal negotiate a secret key if the encryption algorithm is unnecessary, and respectively store the secret key; and finally, the server and the terminal perform the data interaction through the secret key. The method disclosed by the invention as the advantages that the data security in the whole session connection is guaranteed, and the method is suitable for the Internet intersystem authentication.

Description

Based on the method that PKI realizes certification between internet system
Technical field
The present invention relates to authentication techniques, are specifically designed the technology of certification between internet system.
Background technology
With the Internet popularization and development rapidly, various network applications have obtained quick development, such as ecommerce, electricity Sub- government affairs, Internet securities and Web bank etc., traditional commercial activity and office mode are transferred to mobile networkization, information-based Environment, but the opening due to the Internet and lack unified standard, promote the Internet band give people convenient after, Also the problem of information security is brought, the most significant problemLegitimacy including the authentication of network entity, data are passed Defeated integrity and the non repudiation of both parties.The precautionary measures best at present be exactly set up a set of with digital certificate as recognizing The security mechanism on card basis.
A set of system that tradition CA (certificate management authority) is set up based on RSA public-key cryptosystem at present, is mainly used at present In bank, financial system, it to be mainly characterized by safety higher, but process CIMS is loaded down with trivial details, inefficient, be not suitable for The business scenario of high concurrent, High Availabitity, high-performance and high capacity that the Internet is respectively applied is used.
Content of the invention
The invention aims to solving the problems, such as that current conventional authentication flow path efficiency is not high, there is provided a kind of based on PKI The method for realizing certification between internet system.
The present invention solves its technical problem, and the technical scheme of employing is to realize the side of certification between internet system based on PKI Method, it is characterised in that comprise the following steps:
Step 1, server and terminal initiate activation, server storage server ID, server public affairs to authentication platform respectively Key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key;
When step 2, server and terminal first time session connection, respective identity is separately verified, during checking, server need to be joined Corresponding security strategy is put, after being proved to be successful, enters step 3;
Step 3, server and terminal are confirmed whether to need to use AES according to security strategy, if desired then enter step Rapid 4, otherwise normal process subsequent session;
Step 4, server and terminal arranging key, are preserved to key respectively;
Between step 5, server and terminal, data interaction is carried out by key.
Specifically, in step 1, the server and terminal initiate activation, server storage service to authentication platform respectively Device ID, server public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key And in server public key, the method that server initiates activation to authentication platform is:
The integrated server S DK bag of step 101, server, is integrated with ECC algorithm in the server S DK bag and certification is flat Platform certificate;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server for uploading, and examination & verification generates service by rear Device ID, and signed using the private key pair server ID of authentication platform, the first signature value is obtained, by the first signature value and examination & verification As a result server is sent to;
Step 104, server receive the first signature value, according to authentication platform certificate, which are verified, are proved to be successful Server ID is then obtained, step 105 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm, generate server public key and the privacy key of ECC algorithm, by clothes Business device private key pair server ID is signed, and obtains the second signature value, and itself and server public key are sent jointly to certification putting down Platform;
Step 106, authentication platform are carried out verifying to the second signature value for receiving according to the server public key for receiving To server ID, and storage server public key.
Further, in step 101, the relevant information of the server include server application ID, server domain name and MAC address of server.
Specifically, in step 1, the server and terminal initiate activation, server storage service to authentication platform respectively Device ID, server public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key And in server public key, the method that terminal initiates activation to authentication platform is:
Step 107, terminal integrated terminal SDK bag, are integrated with ECC algorithm and authentication platform certificate in the terminal SDK bag;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal for uploading, and are audited by rear generation terminal ID, and signed using the private key pair Termination ID of authentication platform, the 3rd signature value is obtained, by the 3rd signature value and auditing result It is sent to terminal;
Step 110, terminal receive the 3rd signature value, according to authentication platform certificate, which are verified, are proved to be successful then Termination ID is obtained, step 111 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate terminal public key and the terminal secret key of ECC algorithm, by terminal secret key Termination ID is signed, the 4th signature value is obtained, and which is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform carry out checking according to the terminal public key for receiving to the 4th signature value for receiving and obtain Termination ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server stored, and server is public Key returns to terminal and is stored.
Further, in step 107, the relevant information of the terminal includes terminal sn (serial number), terminal MAC address And terminal versions number.
Specifically, in step 2, the server separately verifies respective identity with during terminal first time session connection, checking When server need to configure corresponding security strategy, after being proved to be successful enter step 3 in, the method for server authentication terminal identity For:
Step 201, terminal produce a random value, and which is constituted a termination character string with Termination ID;
Step 202, terminal are signed to termination character string by the ECC algorithm in terminal secret key and terminal SDK bag, are obtained To the 5th signature value, which is sent jointly to server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, find the corresponding end of storage according to Termination ID End public key, carries out checking parsing using the ECC algorithm in server S DK bag and terminal public key to the 5th signature value, if checking solution Analyse successfully and then obtain Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns authentication failed information, return To step 201.
Further, in step 2, the server separately verifies respective identity with during terminal first time session connection, During checking, server need to configure corresponding security strategy, enter in step 3, the side of terminal authentication server identity after being proved to be successful Method is:
Step 204, after server authentication terminal success, the security strategy of the server configures session;
Step 205, server generate the server word that a terminal can parse this security strategy according to security strategy Symbol string;
Step 206, server are entered to server character string by the ECC algorithm in privacy key and server S DK bag Row signature, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, in the server public key for being stored using itself and terminal SDK bag ECC algorithm carries out checking parsing to which, obtains the security strategy of the session, and test to server feedback if successfully resolved is verified Card success and Termination ID, otherwise to server feedback authentication failed and Termination ID, return to step 205.
Specifically, in step 204, whether whether the security strategy include to be encrypted data in conversation procedure or need Data in conversation procedure are carried out needing encryption when being encrypted data to calculate in completeness check, and conversation procedure Method.
Further, step 4 is comprised the following steps:
Step 401, server generate key according to the AES in security strategy, and which is constituted key word with Termination ID Symbol string;
Step 402, server obtain corresponding terminal public key by Termination ID inquiry, using the ECC in server S DK bag Algorithm and terminal public key are encrypted to key string, are sent to terminal;
Step 403, terminal are decrypted to the key string after the encryption that receives using the terminal secret key of itself, if Successful decryption then obtains key string, and obtains success message to server feedback key, and server receives key acquisition The key is preserved after success message, is otherwise obtained failed message to server feedback, is returned to step 401.
The invention has the beneficial effects as follows, in the present invention program, by above-mentioned, certification between internet system is realized based on PKI Method, the certification between server and terminal and the process of arranging key, complete by only needing to 4 times shake hands if all successes Data safety when becoming, and can ensure whole session connection, including the privacy of authentication, the completeness check of data and data Property, according to the scene of different business, can flexibly carry out the configuration of security strategy.This mode, has adapted to the Internet The authentication system of lightweight, it is ensured that property loss of energy be reduced to minimum, while ensure that the communication security in high in the clouds.
Specific embodiment
With reference to embodiment, technical scheme is described in detail.
Of the present invention realize certification between internet system based on PKI method be:First server and terminal respectively to Authentication platform initiates to activate, server storage server ID, server public key, privacy key, Termination ID and terminal public key, eventually End storage Termination ID, terminal public key, terminal secret key and server public key, server is distinguished with during terminal first time session connection Respective identity being verified, during checking, server need to configure corresponding security strategy, rear server is proved to be successful with terminal according to safety Strategy is confirmed whether to need to use AES, if need not if normal process subsequent session, if desired then server and terminal Arranging key, is preserved to key respectively, carries out data interaction by key between last server and terminal.
Embodiment
The method for certification between internet system being realized based on PKI of the embodiment of the present invention, which comprises the following steps:
Step 1, server and terminal initiate activation, server storage server ID, server public affairs to authentication platform respectively Key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key.
In this step, server and terminal initiate activation, server storage server ID, server to authentication platform respectively Public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key In, the method that server initiates activation to authentication platform can be:
The integrated server S DK bag of step 101, server, is integrated with ECC algorithm in the server S DK bag and certification is flat Platform certificate;Here, the relevant information of server includes server application ID, server domain name and MAC address of server etc.;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server for uploading, and examination & verification generates service by rear Device ID, and signed using the private key pair server ID of authentication platform, the first signature value is obtained, by the first signature value and examination & verification As a result server is sent to;
Step 104, server receive the first signature value, according to authentication platform certificate, which are verified, are proved to be successful Server ID is then obtained, step 105 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm, generate server public key and the privacy key of ECC algorithm, by clothes Business device private key pair server ID is signed, and obtains the second signature value, and itself and server public key are sent jointly to certification putting down Platform;
Step 106, authentication platform are carried out verifying to the second signature value for receiving according to the server public key for receiving To server ID, and storage server public key.
Server and terminal initiate activation, server storage server ID, server public key, service to authentication platform respectively Device private key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, terminal to Authentication platform initiates the method for activation:
Step 107, terminal integrated terminal SDK bag, are integrated with ECC algorithm and authentication platform certificate in the terminal SDK bag; Here, the relevant information of terminal includes terminal sn (serial number), terminal MAC address and terminal versions number etc.;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal for uploading, and are audited by rear generation terminal ID, and signed using the private key pair Termination ID of authentication platform, the 3rd signature value is obtained, by the 3rd signature value and auditing result It is sent to terminal;
Step 110, terminal receive the 3rd signature value, according to authentication platform certificate, which are verified, are proved to be successful then Termination ID is obtained, step 111 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate terminal public key and the terminal secret key of ECC algorithm, by terminal secret key Termination ID is signed, the 4th signature value is obtained, and which is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform carry out checking according to the terminal public key for receiving to the 4th signature value for receiving and obtain Termination ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server stored, and server is public Key returns to terminal and is stored.
When step 2, server and terminal first time session connection, respective identity is separately verified, during checking, server need to be joined Corresponding security strategy is put, after being proved to be successful, enters step 3.
In this step, server separately verifies respective identity with during terminal first time session connection, and during checking, server is needed Corresponding security strategy is configured, is entered in step 3 after being proved to be successful, the method for server authentication terminal identity is preferably:
Step 201, terminal produce a random value, and which is constituted a termination character string with Termination ID;
Step 202, terminal are signed to termination character string by the ECC algorithm in terminal secret key and terminal SDK bag, are obtained To the 5th signature value, which is sent jointly to server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, find the corresponding end of storage according to Termination ID End public key, carries out checking parsing using the ECC algorithm in server S DK bag and terminal public key to the 5th signature value, if checking solution Analyse successfully and then obtain Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns authentication failed information, return To step 201.
Server separately verifies respective identity with during terminal first time session connection, and during checking, server need to configure correspondence Security strategy, after being proved to be successful enter step 3 in, the method for terminal authentication server identity is preferably:
Step 204, after server authentication terminal success, the security strategy of the server configures session;Here, safe plan Slightly including whether to be encrypted data in conversation procedure or whether needs completeness check to be carried out to the data in conversation procedure, And AES when being encrypted etc. in conversation procedure, is needed to data;
Step 205, server generate the server word that a terminal can parse this security strategy according to security strategy Symbol string;
Step 206, server are entered to server character string by the ECC algorithm in privacy key and server S DK bag Row signature, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, in the server public key for being stored using itself and terminal SDK bag ECC algorithm carries out checking parsing to which, obtains the security strategy of the session, and test to server feedback if successfully resolved is verified Card success and Termination ID, otherwise to server feedback authentication failed and Termination ID, return to step 205.
Step 3, server and terminal are confirmed whether to need to use AES according to security strategy, if desired then enter step Rapid 4, otherwise normal process subsequent session.
Step 4, server and terminal arranging key, are preserved to key respectively.
This step can include step in detail below:
Step 401, server generate key according to the AES in security strategy, and which is constituted key word with Termination ID Symbol string;
Step 402, server obtain corresponding terminal public key by Termination ID inquiry, using the ECC in server S DK bag Algorithm and terminal public key are encrypted to key string, are sent to terminal;
Step 403, terminal are decrypted to the key string after the encryption that receives using the terminal secret key of itself, if Successful decryption then obtains key string, and obtains success message to server feedback key, and server receives key acquisition The key is preserved after success message, is otherwise obtained failed message to server feedback, is returned to step 401.
Between step 5, server and terminal, data interaction is carried out by key.

Claims (9)

1. the method for certification between internet system being realized based on PKI, it is characterised in that comprise the following steps:
Step 1, server and terminal initiate activation, server storage server ID, server public key, clothes to authentication platform respectively Business device private key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key;
When step 2, server and terminal first time session connection, respective identity is separately verified, during checking, server need to configure right The security strategy that answers, enters step 3 after being proved to be successful;
Step 3, server and terminal are confirmed whether to need to use AES according to security strategy, if desired then enter step 4, Otherwise normal process subsequent session;
Step 4, server and terminal arranging key, are preserved to key respectively;
Between step 5, server and terminal, data interaction is carried out by key.
2. the method for as claimed in claim 1 certification between internet system being realized based on PKI, it is characterised in that in step 1, The server and terminal initiate activation, server storage server ID, server public key, server private to authentication platform respectively Key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, server is to recognizing The method of activation initiated by card platform:
The integrated server S DK bag of step 101, server, is integrated with ECC algorithm and authentication platform card in the server S DK bag Book;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server for uploading, and are audited by rear generation server ID, and signed using the private key pair server ID of authentication platform, the first signature value is obtained, by the first signature value and examination & verification knot Fruit is sent to server;
Step 104, server receive the first signature value, according to authentication platform certificate, which are verified, are proved to be successful and then obtain To server ID, step 105 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm, generate server public key and the privacy key of ECC algorithm, by server Private key pair server ID is signed, and obtains the second signature value, and which is sent jointly to authentication platform with server public key;
Step 106, authentication platform carry out checking according to the server public key for receiving to the second signature value for receiving and are taken Business device ID, and storage server public key.
3. the method for as claimed in claim 2 certification between internet system being realized based on PKI, it is characterised in that step 101 In, the relevant information of the server includes server application ID, server domain name and MAC address of server.
4. the method for as claimed in claim 2 certification between internet system being realized based on PKI, it is characterised in that in step 1, The server and terminal initiate activation, server storage server ID, server public key, server private to authentication platform respectively Key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, terminal is to certification The method of activation initiated by platform:
Step 107, terminal integrated terminal SDK bag, are integrated with ECC algorithm and authentication platform certificate in the terminal SDK bag;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal for uploading, and are audited by rear generation Termination ID, and Signed using the private key pair Termination ID of authentication platform, the 3rd signature value is obtained, the 3rd signature value and auditing result are sent To terminal;
Step 110, terminal receive the 3rd signature value, according to authentication platform certificate, which are verified, are proved to be successful, obtain Termination ID, enters step 111, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate terminal public key and the terminal secret key of ECC algorithm, by terminal secret key to end End ID is signed, and obtains the 4th signature value, and which is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform carry out checking according to the terminal public key for receiving to the 4th signature value for receiving and obtain terminal ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server being stored, and server public key is returned Stored back to terminal.
5. the method for as claimed in claim 4 certification between internet system being realized based on PKI, it is characterised in that step 107 In, the relevant information of the terminal includes terminal sn, terminal MAC address and terminal versions number.
6. the method for realizing certification between internet system based on PKI as described in claim 1 or 2 or 3 or 4 or 5, its feature exists In, in step 2, the server separately verifies respective identity with during terminal first time session connection, and during checking, server need to be joined Corresponding security strategy is put, is entered in step 3 after being proved to be successful, the method for server authentication terminal identity is:
Step 201, terminal produce a random value, and which is constituted a termination character string with Termination ID;
Step 202, terminal are signed to termination character string by the ECC algorithm in terminal secret key and terminal SDK bag, obtain Five signature values, which is sent jointly to server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, find the corresponding terminal public affairs of storage according to Termination ID Key, carries out checking parsing using the ECC algorithm in server S DK bag and terminal public key to the 5th signature value, if checking is parsed into Work(then obtains Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns authentication failed information, return to step Rapid 201.
7. the method for as claimed in claim 6 certification between internet system being realized based on PKI, it is characterised in that in step 2, The server separately verifies respective identity with during terminal first time session connection, and during checking, server need to configure corresponding peace Full strategy, enters in step 3 after being proved to be successful, and the method for terminal authentication server identity is:
Step 204, after server authentication terminal success, the security strategy of the server configures session;
Step 205, server generate the server character string that a terminal can parse this security strategy according to security strategy;
Step 206, server are signed to server character string by the ECC algorithm in privacy key and server S DK bag Name, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, and the ECC in the server public key for being stored using itself and terminal SDK bag is calculated Method carries out checking parsing to which, obtains the security strategy of the session, and verify into server feedback if successfully resolved is verified Work(and Termination ID, otherwise to server feedback authentication failed and Termination ID, return to step 205.
8. the method for as claimed in claim 7 certification between internet system being realized based on PKI, it is characterised in that step 204 In, the security strategy includes whether data are encrypted in conversation procedure or whether need to enter the data in conversation procedure Row completeness check, and AES when being encrypted in conversation procedure, is needed to data.
9. the method for as claimed in claim 8 certification between internet system being realized based on PKI, it is characterised in that step 4 includes Following steps:
Step 401, server generate key according to the AES in security strategy, and which is constituted key character with Termination ID String;
Step 402, server obtain corresponding terminal public key by Termination ID inquiry, using the ECC algorithm in server S DK bag And terminal public key is encrypted to key string, terminal is sent to;
Step 403, terminal are decrypted to the key string after the encryption that receives using the terminal secret key of itself, if deciphering Successful then obtain key string, and success message is obtained to server feedback key, server receives key and obtains successfully The key is preserved after message, is otherwise obtained failed message to server feedback, is returned to step 401.
CN201611175822.9A 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI Active CN106453431B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611175822.9A CN106453431B (en) 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611175822.9A CN106453431B (en) 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI

Publications (2)

Publication Number Publication Date
CN106453431A true CN106453431A (en) 2017-02-22
CN106453431B CN106453431B (en) 2019-08-06

Family

ID=58217525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611175822.9A Active CN106453431B (en) 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI

Country Status (1)

Country Link
CN (1) CN106453431B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107135219A (en) * 2017-05-05 2017-09-05 四川长虹电器股份有限公司 A kind of Internet of Things information secure transmission method
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN108959908A (en) * 2018-08-03 2018-12-07 深圳市思迪信息技术股份有限公司 A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated
CN110535641A (en) * 2019-08-27 2019-12-03 中国神华能源股份有限公司神朔铁路分公司 Key management method and device, computer equipment and storage medium
CN110955542A (en) * 2019-12-11 2020-04-03 深圳盈佳信联科技有限公司 Data integration service platform
CN111212066A (en) * 2019-12-31 2020-05-29 浙江工业大学 Dynamic allocation request verification method
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN101488847A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Method, apparatus and system for data ciphering
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN103634266A (en) * 2012-08-21 2014-03-12 上海凌攀信息科技有限公司 A bidirectional authentication method for a server and a terminal
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488847A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Method, apparatus and system for data ciphering
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN103634266A (en) * 2012-08-21 2014-03-12 上海凌攀信息科技有限公司 A bidirectional authentication method for a server and a terminal
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107135219A (en) * 2017-05-05 2017-09-05 四川长虹电器股份有限公司 A kind of Internet of Things information secure transmission method
CN107135219B (en) * 2017-05-05 2020-04-28 四川长虹电器股份有限公司 Internet of things information secure transmission method
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN107919956B (en) * 2018-01-04 2020-09-22 重庆邮电大学 End-to-end safety guarantee method in cloud environment facing to Internet of things
CN108959908A (en) * 2018-08-03 2018-12-07 深圳市思迪信息技术股份有限公司 A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated
CN110535641A (en) * 2019-08-27 2019-12-03 中国神华能源股份有限公司神朔铁路分公司 Key management method and device, computer equipment and storage medium
CN110535641B (en) * 2019-08-27 2022-06-10 中国神华能源股份有限公司神朔铁路分公司 Key management method and apparatus, computer device, and storage medium
CN110955542A (en) * 2019-12-11 2020-04-03 深圳盈佳信联科技有限公司 Data integration service platform
CN110955542B (en) * 2019-12-11 2023-03-24 深圳盈佳信联科技有限公司 Data integration service platform
CN111212066A (en) * 2019-12-31 2020-05-29 浙江工业大学 Dynamic allocation request verification method
CN111212066B (en) * 2019-12-31 2022-04-01 浙江工业大学 Dynamic allocation request verification method
CN112039918A (en) * 2020-09-10 2020-12-04 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm

Also Published As

Publication number Publication date
CN106453431B (en) 2019-08-06

Similar Documents

Publication Publication Date Title
CN106453431B (en) The method authenticated between internet system is realized based on PKI
CN103763356B (en) A kind of SSL establishment of connection method, apparatus and system
CN104506534B (en) Secure communication key agreement interaction schemes
CN104618120B (en) A kind of mobile terminal key escrow digital signature method
CN106101068B (en) Terminal communicating method and system
CN104580189B (en) A kind of safe communication system
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
CN107277061A (en) End cloud security communication means based on IOT equipment
CN108111301A (en) The method and its system for realizing SSH agreements are exchanged based on rear quantum key
US8533482B2 (en) Method for generating a key pair and transmitting a public key or request file of a certificate in security
CN107040513B (en) Trusted access authentication processing method, user terminal and server
CN109962784A (en) A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope
CN110493237A (en) Identity management method, device, computer equipment and storage medium
CN109741068A (en) Internetbank inter-bank contracting method, apparatus and system
CN102685749A (en) Wireless safety authentication method orienting to mobile terminal
CN109302412A (en) VoIP communication processing method, terminal, server and storage medium based on CPK
CN108111497A (en) Video camera and server inter-authentication method and device
US9398024B2 (en) System and method for reliably authenticating an appliance
CN103023911A (en) Authentication method for access of trusted network devices to trusted network
CN106685983A (en) Data recovery method and device based on SSL protocol
CN105577612A (en) Identity authentication method, third party server, merchant server, and user terminal
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN110690969B (en) Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant