CN106453431A - Method for realizing Internet intersystem authentication based on PKI - Google Patents
Method for realizing Internet intersystem authentication based on PKI Download PDFInfo
- Publication number
- CN106453431A CN106453431A CN201611175822.9A CN201611175822A CN106453431A CN 106453431 A CN106453431 A CN 106453431A CN 201611175822 A CN201611175822 A CN 201611175822A CN 106453431 A CN106453431 A CN 106453431A
- Authority
- CN
- China
- Prior art keywords
- server
- terminal
- key
- public key
- termination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the authentication technology. The invention is to solve the problem that the existing traditional authentication process is low in efficiency, and provides a method for realizing Internet intersystem authentication based on PKI. The technical scheme of the invention can be generalized as follows: first, a server and a terminal respectively initiate the activation to an authenticator platform, the server and the terminal respectively verify respective identity when establishing the first session connection, the server needs to configure a corresponding security strategy in the verification, and the server and the terminal determine whether need to use an encryption algorithm according to the security strategy after the verification is successful, and normally process the subsequent session if the encryption algorithm is unnecessary, or the server and the terminal negotiate a secret key if the encryption algorithm is unnecessary, and respectively store the secret key; and finally, the server and the terminal perform the data interaction through the secret key. The method disclosed by the invention as the advantages that the data security in the whole session connection is guaranteed, and the method is suitable for the Internet intersystem authentication.
Description
Technical field
The present invention relates to authentication techniques, are specifically designed the technology of certification between internet system.
Background technology
With the Internet popularization and development rapidly, various network applications have obtained quick development, such as ecommerce, electricity
Sub- government affairs, Internet securities and Web bank etc., traditional commercial activity and office mode are transferred to mobile networkization, information-based
Environment, but the opening due to the Internet and lack unified standard, promote the Internet band give people convenient after,
Also the problem of information security is brought, the most significant problemLegitimacy including the authentication of network entity, data are passed
Defeated integrity and the non repudiation of both parties.The precautionary measures best at present be exactly set up a set of with digital certificate as recognizing
The security mechanism on card basis.
A set of system that tradition CA (certificate management authority) is set up based on RSA public-key cryptosystem at present, is mainly used at present
In bank, financial system, it to be mainly characterized by safety higher, but process CIMS is loaded down with trivial details, inefficient, be not suitable for
The business scenario of high concurrent, High Availabitity, high-performance and high capacity that the Internet is respectively applied is used.
Content of the invention
The invention aims to solving the problems, such as that current conventional authentication flow path efficiency is not high, there is provided a kind of based on PKI
The method for realizing certification between internet system.
The present invention solves its technical problem, and the technical scheme of employing is to realize the side of certification between internet system based on PKI
Method, it is characterised in that comprise the following steps:
Step 1, server and terminal initiate activation, server storage server ID, server public affairs to authentication platform respectively
Key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key;
When step 2, server and terminal first time session connection, respective identity is separately verified, during checking, server need to be joined
Corresponding security strategy is put, after being proved to be successful, enters step 3;
Step 3, server and terminal are confirmed whether to need to use AES according to security strategy, if desired then enter step
Rapid 4, otherwise normal process subsequent session;
Step 4, server and terminal arranging key, are preserved to key respectively;
Between step 5, server and terminal, data interaction is carried out by key.
Specifically, in step 1, the server and terminal initiate activation, server storage service to authentication platform respectively
Device ID, server public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key
And in server public key, the method that server initiates activation to authentication platform is:
The integrated server S DK bag of step 101, server, is integrated with ECC algorithm in the server S DK bag and certification is flat
Platform certificate;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server for uploading, and examination & verification generates service by rear
Device ID, and signed using the private key pair server ID of authentication platform, the first signature value is obtained, by the first signature value and examination & verification
As a result server is sent to;
Step 104, server receive the first signature value, according to authentication platform certificate, which are verified, are proved to be successful
Server ID is then obtained, step 105 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm, generate server public key and the privacy key of ECC algorithm, by clothes
Business device private key pair server ID is signed, and obtains the second signature value, and itself and server public key are sent jointly to certification putting down
Platform;
Step 106, authentication platform are carried out verifying to the second signature value for receiving according to the server public key for receiving
To server ID, and storage server public key.
Further, in step 101, the relevant information of the server include server application ID, server domain name and
MAC address of server.
Specifically, in step 1, the server and terminal initiate activation, server storage service to authentication platform respectively
Device ID, server public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key
And in server public key, the method that terminal initiates activation to authentication platform is:
Step 107, terminal integrated terminal SDK bag, are integrated with ECC algorithm and authentication platform certificate in the terminal SDK bag;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal for uploading, and are audited by rear generation terminal
ID, and signed using the private key pair Termination ID of authentication platform, the 3rd signature value is obtained, by the 3rd signature value and auditing result
It is sent to terminal;
Step 110, terminal receive the 3rd signature value, according to authentication platform certificate, which are verified, are proved to be successful then
Termination ID is obtained, step 111 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate terminal public key and the terminal secret key of ECC algorithm, by terminal secret key
Termination ID is signed, the 4th signature value is obtained, and which is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform carry out checking according to the terminal public key for receiving to the 4th signature value for receiving and obtain
Termination ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server stored, and server is public
Key returns to terminal and is stored.
Further, in step 107, the relevant information of the terminal includes terminal sn (serial number), terminal MAC address
And terminal versions number.
Specifically, in step 2, the server separately verifies respective identity with during terminal first time session connection, checking
When server need to configure corresponding security strategy, after being proved to be successful enter step 3 in, the method for server authentication terminal identity
For:
Step 201, terminal produce a random value, and which is constituted a termination character string with Termination ID;
Step 202, terminal are signed to termination character string by the ECC algorithm in terminal secret key and terminal SDK bag, are obtained
To the 5th signature value, which is sent jointly to server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, find the corresponding end of storage according to Termination ID
End public key, carries out checking parsing using the ECC algorithm in server S DK bag and terminal public key to the 5th signature value, if checking solution
Analyse successfully and then obtain Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns authentication failed information, return
To step 201.
Further, in step 2, the server separately verifies respective identity with during terminal first time session connection,
During checking, server need to configure corresponding security strategy, enter in step 3, the side of terminal authentication server identity after being proved to be successful
Method is:
Step 204, after server authentication terminal success, the security strategy of the server configures session;
Step 205, server generate the server word that a terminal can parse this security strategy according to security strategy
Symbol string;
Step 206, server are entered to server character string by the ECC algorithm in privacy key and server S DK bag
Row signature, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, in the server public key for being stored using itself and terminal SDK bag
ECC algorithm carries out checking parsing to which, obtains the security strategy of the session, and test to server feedback if successfully resolved is verified
Card success and Termination ID, otherwise to server feedback authentication failed and Termination ID, return to step 205.
Specifically, in step 204, whether whether the security strategy include to be encrypted data in conversation procedure or need
Data in conversation procedure are carried out needing encryption when being encrypted data to calculate in completeness check, and conversation procedure
Method.
Further, step 4 is comprised the following steps:
Step 401, server generate key according to the AES in security strategy, and which is constituted key word with Termination ID
Symbol string;
Step 402, server obtain corresponding terminal public key by Termination ID inquiry, using the ECC in server S DK bag
Algorithm and terminal public key are encrypted to key string, are sent to terminal;
Step 403, terminal are decrypted to the key string after the encryption that receives using the terminal secret key of itself, if
Successful decryption then obtains key string, and obtains success message to server feedback key, and server receives key acquisition
The key is preserved after success message, is otherwise obtained failed message to server feedback, is returned to step 401.
The invention has the beneficial effects as follows, in the present invention program, by above-mentioned, certification between internet system is realized based on PKI
Method, the certification between server and terminal and the process of arranging key, complete by only needing to 4 times shake hands if all successes
Data safety when becoming, and can ensure whole session connection, including the privacy of authentication, the completeness check of data and data
Property, according to the scene of different business, can flexibly carry out the configuration of security strategy.This mode, has adapted to the Internet
The authentication system of lightweight, it is ensured that property loss of energy be reduced to minimum, while ensure that the communication security in high in the clouds.
Specific embodiment
With reference to embodiment, technical scheme is described in detail.
Of the present invention realize certification between internet system based on PKI method be:First server and terminal respectively to
Authentication platform initiates to activate, server storage server ID, server public key, privacy key, Termination ID and terminal public key, eventually
End storage Termination ID, terminal public key, terminal secret key and server public key, server is distinguished with during terminal first time session connection
Respective identity being verified, during checking, server need to configure corresponding security strategy, rear server is proved to be successful with terminal according to safety
Strategy is confirmed whether to need to use AES, if need not if normal process subsequent session, if desired then server and terminal
Arranging key, is preserved to key respectively, carries out data interaction by key between last server and terminal.
Embodiment
The method for certification between internet system being realized based on PKI of the embodiment of the present invention, which comprises the following steps:
Step 1, server and terminal initiate activation, server storage server ID, server public affairs to authentication platform respectively
Key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key.
In this step, server and terminal initiate activation, server storage server ID, server to authentication platform respectively
Public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key
In, the method that server initiates activation to authentication platform can be:
The integrated server S DK bag of step 101, server, is integrated with ECC algorithm in the server S DK bag and certification is flat
Platform certificate;Here, the relevant information of server includes server application ID, server domain name and MAC address of server etc.;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server for uploading, and examination & verification generates service by rear
Device ID, and signed using the private key pair server ID of authentication platform, the first signature value is obtained, by the first signature value and examination & verification
As a result server is sent to;
Step 104, server receive the first signature value, according to authentication platform certificate, which are verified, are proved to be successful
Server ID is then obtained, step 105 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm, generate server public key and the privacy key of ECC algorithm, by clothes
Business device private key pair server ID is signed, and obtains the second signature value, and itself and server public key are sent jointly to certification putting down
Platform;
Step 106, authentication platform are carried out verifying to the second signature value for receiving according to the server public key for receiving
To server ID, and storage server public key.
Server and terminal initiate activation, server storage server ID, server public key, service to authentication platform respectively
Device private key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, terminal to
Authentication platform initiates the method for activation:
Step 107, terminal integrated terminal SDK bag, are integrated with ECC algorithm and authentication platform certificate in the terminal SDK bag;
Here, the relevant information of terminal includes terminal sn (serial number), terminal MAC address and terminal versions number etc.;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal for uploading, and are audited by rear generation terminal
ID, and signed using the private key pair Termination ID of authentication platform, the 3rd signature value is obtained, by the 3rd signature value and auditing result
It is sent to terminal;
Step 110, terminal receive the 3rd signature value, according to authentication platform certificate, which are verified, are proved to be successful then
Termination ID is obtained, step 111 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate terminal public key and the terminal secret key of ECC algorithm, by terminal secret key
Termination ID is signed, the 4th signature value is obtained, and which is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform carry out checking according to the terminal public key for receiving to the 4th signature value for receiving and obtain
Termination ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server stored, and server is public
Key returns to terminal and is stored.
When step 2, server and terminal first time session connection, respective identity is separately verified, during checking, server need to be joined
Corresponding security strategy is put, after being proved to be successful, enters step 3.
In this step, server separately verifies respective identity with during terminal first time session connection, and during checking, server is needed
Corresponding security strategy is configured, is entered in step 3 after being proved to be successful, the method for server authentication terminal identity is preferably:
Step 201, terminal produce a random value, and which is constituted a termination character string with Termination ID;
Step 202, terminal are signed to termination character string by the ECC algorithm in terminal secret key and terminal SDK bag, are obtained
To the 5th signature value, which is sent jointly to server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, find the corresponding end of storage according to Termination ID
End public key, carries out checking parsing using the ECC algorithm in server S DK bag and terminal public key to the 5th signature value, if checking solution
Analyse successfully and then obtain Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns authentication failed information, return
To step 201.
Server separately verifies respective identity with during terminal first time session connection, and during checking, server need to configure correspondence
Security strategy, after being proved to be successful enter step 3 in, the method for terminal authentication server identity is preferably:
Step 204, after server authentication terminal success, the security strategy of the server configures session;Here, safe plan
Slightly including whether to be encrypted data in conversation procedure or whether needs completeness check to be carried out to the data in conversation procedure,
And AES when being encrypted etc. in conversation procedure, is needed to data;
Step 205, server generate the server word that a terminal can parse this security strategy according to security strategy
Symbol string;
Step 206, server are entered to server character string by the ECC algorithm in privacy key and server S DK bag
Row signature, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, in the server public key for being stored using itself and terminal SDK bag
ECC algorithm carries out checking parsing to which, obtains the security strategy of the session, and test to server feedback if successfully resolved is verified
Card success and Termination ID, otherwise to server feedback authentication failed and Termination ID, return to step 205.
Step 3, server and terminal are confirmed whether to need to use AES according to security strategy, if desired then enter step
Rapid 4, otherwise normal process subsequent session.
Step 4, server and terminal arranging key, are preserved to key respectively.
This step can include step in detail below:
Step 401, server generate key according to the AES in security strategy, and which is constituted key word with Termination ID
Symbol string;
Step 402, server obtain corresponding terminal public key by Termination ID inquiry, using the ECC in server S DK bag
Algorithm and terminal public key are encrypted to key string, are sent to terminal;
Step 403, terminal are decrypted to the key string after the encryption that receives using the terminal secret key of itself, if
Successful decryption then obtains key string, and obtains success message to server feedback key, and server receives key acquisition
The key is preserved after success message, is otherwise obtained failed message to server feedback, is returned to step 401.
Between step 5, server and terminal, data interaction is carried out by key.
Claims (9)
1. the method for certification between internet system being realized based on PKI, it is characterised in that comprise the following steps:
Step 1, server and terminal initiate activation, server storage server ID, server public key, clothes to authentication platform respectively
Business device private key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key;
When step 2, server and terminal first time session connection, respective identity is separately verified, during checking, server need to configure right
The security strategy that answers, enters step 3 after being proved to be successful;
Step 3, server and terminal are confirmed whether to need to use AES according to security strategy, if desired then enter step 4,
Otherwise normal process subsequent session;
Step 4, server and terminal arranging key, are preserved to key respectively;
Between step 5, server and terminal, data interaction is carried out by key.
2. the method for as claimed in claim 1 certification between internet system being realized based on PKI, it is characterised in that in step 1,
The server and terminal initiate activation, server storage server ID, server public key, server private to authentication platform respectively
Key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, server is to recognizing
The method of activation initiated by card platform:
The integrated server S DK bag of step 101, server, is integrated with ECC algorithm and authentication platform card in the server S DK bag
Book;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server for uploading, and are audited by rear generation server
ID, and signed using the private key pair server ID of authentication platform, the first signature value is obtained, by the first signature value and examination & verification knot
Fruit is sent to server;
Step 104, server receive the first signature value, according to authentication platform certificate, which are verified, are proved to be successful and then obtain
To server ID, step 105 is entered, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm, generate server public key and the privacy key of ECC algorithm, by server
Private key pair server ID is signed, and obtains the second signature value, and which is sent jointly to authentication platform with server public key;
Step 106, authentication platform carry out checking according to the server public key for receiving to the second signature value for receiving and are taken
Business device ID, and storage server public key.
3. the method for as claimed in claim 2 certification between internet system being realized based on PKI, it is characterised in that step 101
In, the relevant information of the server includes server application ID, server domain name and MAC address of server.
4. the method for as claimed in claim 2 certification between internet system being realized based on PKI, it is characterised in that in step 1,
The server and terminal initiate activation, server storage server ID, server public key, server private to authentication platform respectively
Key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, terminal is to certification
The method of activation initiated by platform:
Step 107, terminal integrated terminal SDK bag, are integrated with ECC algorithm and authentication platform certificate in the terminal SDK bag;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal for uploading, and are audited by rear generation Termination ID, and
Signed using the private key pair Termination ID of authentication platform, the 3rd signature value is obtained, the 3rd signature value and auditing result are sent
To terminal;
Step 110, terminal receive the 3rd signature value, according to authentication platform certificate, which are verified, are proved to be successful, obtain
Termination ID, enters step 111, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate terminal public key and the terminal secret key of ECC algorithm, by terminal secret key to end
End ID is signed, and obtains the 4th signature value, and which is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform carry out checking according to the terminal public key for receiving to the 4th signature value for receiving and obtain terminal
ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server being stored, and server public key is returned
Stored back to terminal.
5. the method for as claimed in claim 4 certification between internet system being realized based on PKI, it is characterised in that step 107
In, the relevant information of the terminal includes terminal sn, terminal MAC address and terminal versions number.
6. the method for realizing certification between internet system based on PKI as described in claim 1 or 2 or 3 or 4 or 5, its feature exists
In, in step 2, the server separately verifies respective identity with during terminal first time session connection, and during checking, server need to be joined
Corresponding security strategy is put, is entered in step 3 after being proved to be successful, the method for server authentication terminal identity is:
Step 201, terminal produce a random value, and which is constituted a termination character string with Termination ID;
Step 202, terminal are signed to termination character string by the ECC algorithm in terminal secret key and terminal SDK bag, obtain
Five signature values, which is sent jointly to server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, find the corresponding terminal public affairs of storage according to Termination ID
Key, carries out checking parsing using the ECC algorithm in server S DK bag and terminal public key to the 5th signature value, if checking is parsed into
Work(then obtains Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns authentication failed information, return to step
Rapid 201.
7. the method for as claimed in claim 6 certification between internet system being realized based on PKI, it is characterised in that in step 2,
The server separately verifies respective identity with during terminal first time session connection, and during checking, server need to configure corresponding peace
Full strategy, enters in step 3 after being proved to be successful, and the method for terminal authentication server identity is:
Step 204, after server authentication terminal success, the security strategy of the server configures session;
Step 205, server generate the server character string that a terminal can parse this security strategy according to security strategy;
Step 206, server are signed to server character string by the ECC algorithm in privacy key and server S DK bag
Name, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, and the ECC in the server public key for being stored using itself and terminal SDK bag is calculated
Method carries out checking parsing to which, obtains the security strategy of the session, and verify into server feedback if successfully resolved is verified
Work(and Termination ID, otherwise to server feedback authentication failed and Termination ID, return to step 205.
8. the method for as claimed in claim 7 certification between internet system being realized based on PKI, it is characterised in that step 204
In, the security strategy includes whether data are encrypted in conversation procedure or whether need to enter the data in conversation procedure
Row completeness check, and AES when being encrypted in conversation procedure, is needed to data.
9. the method for as claimed in claim 8 certification between internet system being realized based on PKI, it is characterised in that step 4 includes
Following steps:
Step 401, server generate key according to the AES in security strategy, and which is constituted key character with Termination ID
String;
Step 402, server obtain corresponding terminal public key by Termination ID inquiry, using the ECC algorithm in server S DK bag
And terminal public key is encrypted to key string, terminal is sent to;
Step 403, terminal are decrypted to the key string after the encryption that receives using the terminal secret key of itself, if deciphering
Successful then obtain key string, and success message is obtained to server feedback key, server receives key and obtains successfully
The key is preserved after message, is otherwise obtained failed message to server feedback, is returned to step 401.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611175822.9A CN106453431B (en) | 2016-12-19 | 2016-12-19 | The method authenticated between internet system is realized based on PKI |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611175822.9A CN106453431B (en) | 2016-12-19 | 2016-12-19 | The method authenticated between internet system is realized based on PKI |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106453431A true CN106453431A (en) | 2017-02-22 |
CN106453431B CN106453431B (en) | 2019-08-06 |
Family
ID=58217525
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611175822.9A Active CN106453431B (en) | 2016-12-19 | 2016-12-19 | The method authenticated between internet system is realized based on PKI |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106453431B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107135219A (en) * | 2017-05-05 | 2017-09-05 | 四川长虹电器股份有限公司 | A kind of Internet of Things information secure transmission method |
CN107919956A (en) * | 2018-01-04 | 2018-04-17 | 重庆邮电大学 | End-to-end method for protecting under a kind of internet of things oriented cloud environment |
CN108959908A (en) * | 2018-08-03 | 2018-12-07 | 深圳市思迪信息技术股份有限公司 | A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated |
CN110535641A (en) * | 2019-08-27 | 2019-12-03 | 中国神华能源股份有限公司神朔铁路分公司 | Key management method and device, computer equipment and storage medium |
CN110955542A (en) * | 2019-12-11 | 2020-04-03 | 深圳盈佳信联科技有限公司 | Data integration service platform |
CN111212066A (en) * | 2019-12-31 | 2020-05-29 | 浙江工业大学 | Dynamic allocation request verification method |
CN112039918A (en) * | 2020-09-10 | 2020-12-04 | 四川长虹电器股份有限公司 | Internet of things credible authentication method based on identification cryptographic algorithm |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101431415A (en) * | 2008-12-12 | 2009-05-13 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method |
CN101488847A (en) * | 2008-01-18 | 2009-07-22 | 华为技术有限公司 | Method, apparatus and system for data ciphering |
CN101720071A (en) * | 2009-12-01 | 2010-06-02 | 郑州信大捷安信息技术有限公司 | Short message two-stage encryption transmission and secure storage method based on safety SIM card |
CN103634266A (en) * | 2012-08-21 | 2014-03-12 | 上海凌攀信息科技有限公司 | A bidirectional authentication method for a server and a terminal |
CN103812871A (en) * | 2014-02-24 | 2014-05-21 | 北京明朝万达科技有限公司 | Development method and system based on mobile terminal application program security application |
-
2016
- 2016-12-19 CN CN201611175822.9A patent/CN106453431B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101488847A (en) * | 2008-01-18 | 2009-07-22 | 华为技术有限公司 | Method, apparatus and system for data ciphering |
CN101431415A (en) * | 2008-12-12 | 2009-05-13 | 天柏宽带网络科技(北京)有限公司 | Bidirectional authentication method |
CN101720071A (en) * | 2009-12-01 | 2010-06-02 | 郑州信大捷安信息技术有限公司 | Short message two-stage encryption transmission and secure storage method based on safety SIM card |
CN103634266A (en) * | 2012-08-21 | 2014-03-12 | 上海凌攀信息科技有限公司 | A bidirectional authentication method for a server and a terminal |
CN103812871A (en) * | 2014-02-24 | 2014-05-21 | 北京明朝万达科技有限公司 | Development method and system based on mobile terminal application program security application |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107135219A (en) * | 2017-05-05 | 2017-09-05 | 四川长虹电器股份有限公司 | A kind of Internet of Things information secure transmission method |
CN107135219B (en) * | 2017-05-05 | 2020-04-28 | 四川长虹电器股份有限公司 | Internet of things information secure transmission method |
CN107919956A (en) * | 2018-01-04 | 2018-04-17 | 重庆邮电大学 | End-to-end method for protecting under a kind of internet of things oriented cloud environment |
CN107919956B (en) * | 2018-01-04 | 2020-09-22 | 重庆邮电大学 | End-to-end safety guarantee method in cloud environment facing to Internet of things |
CN108959908A (en) * | 2018-08-03 | 2018-12-07 | 深圳市思迪信息技术股份有限公司 | A kind of method, computer equipment and storage medium that the mobile platform with access SDK is authenticated |
CN110535641A (en) * | 2019-08-27 | 2019-12-03 | 中国神华能源股份有限公司神朔铁路分公司 | Key management method and device, computer equipment and storage medium |
CN110535641B (en) * | 2019-08-27 | 2022-06-10 | 中国神华能源股份有限公司神朔铁路分公司 | Key management method and apparatus, computer device, and storage medium |
CN110955542A (en) * | 2019-12-11 | 2020-04-03 | 深圳盈佳信联科技有限公司 | Data integration service platform |
CN110955542B (en) * | 2019-12-11 | 2023-03-24 | 深圳盈佳信联科技有限公司 | Data integration service platform |
CN111212066A (en) * | 2019-12-31 | 2020-05-29 | 浙江工业大学 | Dynamic allocation request verification method |
CN111212066B (en) * | 2019-12-31 | 2022-04-01 | 浙江工业大学 | Dynamic allocation request verification method |
CN112039918A (en) * | 2020-09-10 | 2020-12-04 | 四川长虹电器股份有限公司 | Internet of things credible authentication method based on identification cryptographic algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN106453431B (en) | 2019-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106453431B (en) | The method authenticated between internet system is realized based on PKI | |
CN103763356B (en) | A kind of SSL establishment of connection method, apparatus and system | |
CN104506534B (en) | Secure communication key agreement interaction schemes | |
CN104618120B (en) | A kind of mobile terminal key escrow digital signature method | |
CN106101068B (en) | Terminal communicating method and system | |
CN104580189B (en) | A kind of safe communication system | |
CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
CN107277061A (en) | End cloud security communication means based on IOT equipment | |
CN108111301A (en) | The method and its system for realizing SSH agreements are exchanged based on rear quantum key | |
US8533482B2 (en) | Method for generating a key pair and transmitting a public key or request file of a certificate in security | |
CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
CN109962784A (en) | A kind of data encrypting and deciphering and restoration methods based on the more certificates of digital envelope | |
CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
CN109741068A (en) | Internetbank inter-bank contracting method, apparatus and system | |
CN102685749A (en) | Wireless safety authentication method orienting to mobile terminal | |
CN109302412A (en) | VoIP communication processing method, terminal, server and storage medium based on CPK | |
CN108111497A (en) | Video camera and server inter-authentication method and device | |
US9398024B2 (en) | System and method for reliably authenticating an appliance | |
CN103023911A (en) | Authentication method for access of trusted network devices to trusted network | |
CN106685983A (en) | Data recovery method and device based on SSL protocol | |
CN105577612A (en) | Identity authentication method, third party server, merchant server, and user terminal | |
Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
CN108632042A (en) | A kind of class AKA identity authorization systems and method based on pool of symmetric keys | |
CN110690969B (en) | Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |