CN106453431B - The method authenticated between internet system is realized based on PKI - Google Patents

The method authenticated between internet system is realized based on PKI Download PDF

Info

Publication number
CN106453431B
CN106453431B CN201611175822.9A CN201611175822A CN106453431B CN 106453431 B CN106453431 B CN 106453431B CN 201611175822 A CN201611175822 A CN 201611175822A CN 106453431 B CN106453431 B CN 106453431B
Authority
CN
China
Prior art keywords
server
terminal
key
public key
termination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611175822.9A
Other languages
Chinese (zh)
Other versions
CN106453431A (en
Inventor
肖建
常清雪
刘剑飞
付强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201611175822.9A priority Critical patent/CN106453431B/en
Publication of CN106453431A publication Critical patent/CN106453431A/en
Application granted granted Critical
Publication of CN106453431B publication Critical patent/CN106453431B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to authentication techniques.The present invention is to solve the not high problems of existing conventional authentication flow path efficiency, provide a kind of method realized based on PKI and authenticated between internet system, its technical solution can be summarized as: server and terminal initiate to activate to authentication platform respectively first, when server and the session connection of terminal first time, separately verify respective identity, server need to configure corresponding security strategy when verifying, rear server and terminal is proved to be successful to be confirmed whether to need using Encryption Algorithm according to security strategy, subsequent session is normally handled if not needing, if desired then server and terminal arranging key, key is saved respectively, data interaction is carried out by key between last server and terminal.The invention has the advantages that data safety when guaranteeing entire session connection, suitable for being authenticated between internet system.

Description

The method authenticated between internet system is realized based on PKI
Technical field
The present invention relates to authentication techniques, are specifically designed the technology authenticated between internet system.
Background technique
With internet rapid proliferation and development, various network applications have obtained quick development, such as e-commerce, electricity Traditional commercial activity and office mode are transferred to mobile networkization, informationization by sub- government affairs, Internet securities and Web bank etc. Environment, but due to the opening of internet and lack unified standard, promote internet bring people it is convenient after, Also the problem of bringing information security, problem the most significantLegitimacy, the data of authentication including network entity pass The non repudiation of defeated integrality and both parties.The best precautionary measures are exactly that establish a set of with digital certificate be to recognize at present Demonstrate,prove the security mechanism on basis.
A set of system that current tradition CA (certificate management authority) is established based on RSA public-key cryptosystem, it is main at present to use In bank, financial system, it to be mainly characterized by safety relatively high, but process CIMS is cumbersome, inefficient, is not suitable for The business scenario of high concurrent, High Availabitity, high-performance and high load that internet is respectively applied carry out using.
Summary of the invention
The invention aims to solve the problems, such as that current conventional authentication flow path efficiency is not high, provide a kind of based on PKI Realize the method authenticated between internet system.
The present invention solves its technical problem, the technical solution adopted is that, the side authenticated between internet system is realized based on PKI Method, which comprises the following steps:
Step 1, server and terminal are initiated to activate to authentication platform respectively, and server storage server ID, server are public Key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key;
When step 2, server and terminal first time session connection, respective identity is separately verified, server need to match when verifying Corresponding security strategy is set, enters step 3 after being proved to be successful;
Step 3, server and terminal are confirmed whether to need according to security strategy using Encryption Algorithm, if desired then enter step Rapid 4, otherwise normally handle subsequent session;
Step 4, server and terminal arranging key, respectively save key;
Data interaction is carried out by key between step 5, server and terminal.
Specifically, the server and terminal are initiated to activate to authentication platform respectively, server storage service in step 1 Device ID, server public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key And in server public key, server initiates the method activated to authentication platform are as follows:
Step 101, server set are integrated with ECC algorithm and certification are flat at server S DK packet in the server S DK packet Platform certificate;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server of upload, generate service after the approval Device ID, and signed using the private key of authentication platform to server ID, the first signature value is obtained, by the first signature value and audit As a result it is sent to server;
Step 104, server receive the first signature value, are verified, are proved to be successful to it according to authentication platform certificate Server ID is then obtained, enters step 105, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm generate the server public key and privacy key of ECC algorithm, pass through clothes Business device private key signs to server ID, obtains the second signature value, and it is sent jointly to certification with server public key and is put down Platform;
Step 106, authentication platform verify to the second signature value received according to the server public key received To server ID, and storage server public key.
Further, in step 101, the relevant information of the server include server application ID, server domain name and MAC address of server.
Specifically, the server and terminal are initiated to activate to authentication platform respectively, server storage service in step 1 Device ID, server public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key And in server public key, terminal initiates the method activated to authentication platform are as follows:
Step 107, terminal integrated terminal SDK packet are integrated with ECC algorithm and authentication platform certificate in the terminal SDK packet;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal of upload, generate terminal after the approval ID, and signed using the private key of authentication platform to Termination ID, third signature value is obtained, by third signature value and auditing result It is sent to terminal;
Step 110, terminal receive third signature value, are verified, are proved to be successful then to it according to authentication platform certificate Termination ID is obtained, enters step 111, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate the terminal public key and terminal secret key of ECC algorithm, pass through terminal secret key It signs to Termination ID, obtains the 4th signature value, and it is sent jointly into authentication platform with terminal public key;
Step 112, authentication platform are verified to obtain according to the terminal public key received to the 4th signature value received Termination ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server and stored, and server is public Key returns to terminal and is stored.
Further, in step 107, the relevant information of the terminal includes terminal sn (sequence number), terminal MAC address And terminal versions number.
Specifically, when the server is with the session connection of terminal first time, separately verifying respective identity in step 2, verify When server need to configure corresponding security strategy, entered step in 3 after being proved to be successful, the method for server authentication terminal identity Are as follows:
Step 201, terminal generate a random value, it is formed a termination character string with Termination ID;
Step 202, terminal sign to termination character string by the ECC algorithm in terminal secret key and terminal SDK packet, obtain To the 5th signature value, it is sent jointly into server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, and the corresponding end of storage is found according to Termination ID Hold public key, using in server S DK packet ECC algorithm and terminal public key verifying parsing is carried out to the 5th signature value, if verifying solve It analyses and successfully then obtains Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns to authentication failed information, return To step 201.
Further, in step 2, when the server is with the session connection of terminal first time, respective identity is separately verified, Server need to configure corresponding security strategy when verifying, enter step in 3 after being proved to be successful, the side of terminal authentication server identity Method are as follows:
Step 204, when server authentication terminal success after, server configures the security strategy of the session;
Step 205, server can parse the server word of this security strategy according to one terminal of security strategy generation Symbol string;
Step 206, server by the ECC algorithm in privacy key and server S DK packet to server character string into Row signature, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, in the server public key and terminal SDK packet using itself storage ECC algorithm carries out verifying parsing to it, obtains the security strategy of the session if verifying successfully resolved, and test to server feedback It demonstrate,proves successfully and Termination ID otherwise to server feedback authentication failed and Termination ID returns to step 205.
Specifically, whether the security strategy includes whether data encrypt or being needed in conversation procedure in step 204 The encryption carried out when needing to encrypt data in completeness check and conversation procedure to the data in conversation procedure is calculated Method.
Further, step 4 the following steps are included:
Step 401, server generate key according to the Encryption Algorithm in security strategy, it is formed key word with Termination ID Symbol string;
Step 402, server are inquired to obtain corresponding terminal public key by Termination ID, use the ECC in server S DK packet Algorithm and terminal public key encrypt key string, are sent to terminal;
Step 403, terminal are decrypted the encrypted key string received using the terminal secret key of itself, if Successful decryption then obtains key string, and obtains success message to server feedback key, and server receives key acquisition The key is saved after success message, is otherwise obtained failed message to server feedback, is returned to step 401.
The invention has the advantages that in the present invention program, by being authenticated between the above-mentioned realization internet system based on PKI Method, the process of certification and arranging key between server and terminal, only needing to shake hands for 4 times if all successes can be complete At, and can guarantee data safety when entire session connection, the privacy including authentication, the completeness check of data and data Property, according to the scene of different business, it can flexibly carry out the configuration of security strategy.This mode, has adapted to internet The authentication system of lightweight ensure that the loss of performance is reduced at least, while ensure that the communication security in cloud.
Specific embodiment
Below with reference to embodiment, the technical schemes of the invention are described in detail.
It is of the present invention that the method that authenticates between internet system is realized based on PKI are as follows: first server and terminal respectively to Authentication platform initiates activation, and server storage server ID, server public key, privacy key, Termination ID and terminal public key are whole When end storage Termination ID, terminal public key, terminal secret key and server public key, server and the session connection of terminal first time, respectively Verify respective identity, server need to configure corresponding security strategy when verifying, be proved to be successful rear server and terminal according to safety Strategy is confirmed whether to need normally to handle subsequent session if not needing using Encryption Algorithm, if desired server and terminal Arranging key respectively saves key, carries out data interaction by key between last server and terminal.
Embodiment
The embodiment of the present invention realizes the method authenticated between internet system based on PKI comprising following steps:
Step 1, server and terminal are initiated to activate to authentication platform respectively, and server storage server ID, server are public Key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key.
In this step, server and terminal are initiated to activate to authentication platform respectively, server storage server ID, server Public key, privacy key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key In, server can be with to the method that authentication platform initiates activation are as follows:
Step 101, server set are integrated with ECC algorithm and certification are flat at server S DK packet in the server S DK packet Platform certificate;Here, the relevant information of server includes server application ID, server domain name and MAC address of server etc.;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server of upload, generate service after the approval Device ID, and signed using the private key of authentication platform to server ID, the first signature value is obtained, by the first signature value and audit As a result it is sent to server;
Step 104, server receive the first signature value, are verified, are proved to be successful to it according to authentication platform certificate Server ID is then obtained, enters step 105, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm generate the server public key and privacy key of ECC algorithm, pass through clothes Business device private key signs to server ID, obtains the second signature value, and it is sent jointly to certification with server public key and is put down Platform;
Step 106, authentication platform verify to the second signature value received according to the server public key received To server ID, and storage server public key.
Server and terminal are initiated to activate to authentication platform respectively, server storage server ID, server public key, service Device private key, Termination ID and terminal public key, in terminal stores end ID, terminal public key, terminal secret key and server public key, terminal to The method that authentication platform initiates activation can be with are as follows:
Step 107, terminal integrated terminal SDK packet are integrated with ECC algorithm and authentication platform certificate in the terminal SDK packet; Here, the relevant information of terminal includes terminal sn (sequence number), terminal MAC address and terminal versions number etc.;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal of upload, generate terminal after the approval ID, and signed using the private key of authentication platform to Termination ID, third signature value is obtained, by third signature value and auditing result It is sent to terminal;
Step 110, terminal receive third signature value, are verified, are proved to be successful then to it according to authentication platform certificate Termination ID is obtained, enters step 111, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, generate the terminal public key and terminal secret key of ECC algorithm, pass through terminal secret key It signs to Termination ID, obtains the 4th signature value, and it is sent jointly into authentication platform with terminal public key;
Step 112, authentication platform are verified to obtain according to the terminal public key received to the 4th signature value received Termination ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server and stored, and server is public Key returns to terminal and is stored.
When step 2, server and terminal first time session connection, respective identity is separately verified, server need to match when verifying Corresponding security strategy is set, enters step 3 after being proved to be successful.
In this step, server and when the session connection of terminal first time separately verifies respective identity, and server needs when verifying Corresponding security strategy is configured, is entered step in 3 after being proved to be successful, the method for server authentication terminal identity is preferred are as follows:
Step 201, terminal generate a random value, it is formed a termination character string with Termination ID;
Step 202, terminal sign to termination character string by the ECC algorithm in terminal secret key and terminal SDK packet, obtain To the 5th signature value, it is sent jointly into server with Termination ID;
Step 203, server receive the 5th signature value and Termination ID, and the corresponding end of storage is found according to Termination ID Hold public key, using in server S DK packet ECC algorithm and terminal public key verifying parsing is carried out to the 5th signature value, if verifying solve It analyses and successfully then obtains Termination ID and random value, it is believed that be proved to be successful, otherwise it is assumed that authentication failed, returns to authentication failed information, return To step 201.
Server and when the session connection of terminal first time, separately verifies respective identity, and server need to configure correspondence when verifying Security strategy, entered step in 3 after being proved to be successful, the method for terminal authentication server identity is preferred are as follows:
Step 204, when server authentication terminal success after, server configures the security strategy of the session;Here, safe plan It slightly include whether encrypt to data or whether needing to carry out completeness check to the data in conversation procedure in conversation procedure, And Encryption Algorithm when needing to encrypt data in conversation procedure etc.;
Step 205, server can parse the server word of this security strategy according to one terminal of security strategy generation Symbol string;
Step 206, server by the ECC algorithm in privacy key and server S DK packet to server character string into Row signature, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, in the server public key and terminal SDK packet using itself storage ECC algorithm carries out verifying parsing to it, obtains the security strategy of the session if verifying successfully resolved, and test to server feedback It demonstrate,proves successfully and Termination ID otherwise to server feedback authentication failed and Termination ID returns to step 205.
Step 3, server and terminal are confirmed whether to need according to security strategy using Encryption Algorithm, if desired then enter step Rapid 4, otherwise normally handle subsequent session.
Step 4, server and terminal arranging key, respectively save key.
This step may include step in detail below:
Step 401, server generate key according to the Encryption Algorithm in security strategy, it is formed key word with Termination ID Symbol string;
Step 402, server are inquired to obtain corresponding terminal public key by Termination ID, use the ECC in server S DK packet Algorithm and terminal public key encrypt key string, are sent to terminal;
Step 403, terminal are decrypted the encrypted key string received using the terminal secret key of itself, if Successful decryption then obtains key string, and obtains success message to server feedback key, and server receives key acquisition The key is saved after success message, is otherwise obtained failed message to server feedback, is returned to step 401.
Data interaction is carried out by key between step 5, server and terminal.

Claims (7)

1. realizing the method authenticated between internet system based on PKI, which comprises the following steps:
Step 1, server and terminal are initiated to activate to authentication platform respectively, server storage server ID, server public key, clothes Business device private key, Termination ID and terminal public key, terminal stores end ID, terminal public key, terminal secret key and server public key, wherein
The method that server initiates activation to authentication platform are as follows:
Step 101, server set are integrated with ECC algorithm and authentication platform card at server S DK packet in the server S DK packet Book;
Step 102, server initiate activation request to authentication platform, to the relevant information of authentication platform upload server;
Step 103, authentication platform are audited according to the relevant information of the server of upload, generate server after the approval ID, and signed using the private key of authentication platform to server ID, the first signature value is obtained, the first signature value and audit are tied Fruit is sent to server;
Step 104, server receive the first signature value, are verified according to authentication platform certificate to it, are proved to be successful and then obtain To server ID, 105 are entered step, otherwise it is assumed that authentication platform is illegal, returns to step 102;
Step 105, server calls ECC algorithm generate the server public key and privacy key of ECC algorithm, pass through server Private key signs to server ID, obtains the second signature value, and it is sent jointly to authentication platform with server public key;
Step 106, authentication platform are verified the second signature value received according to the server public key received and are taken Be engaged in device ID, and storage server public key;
The method that terminal initiates activation to authentication platform are as follows:
Step 107, terminal integrated terminal SDK packet are integrated with ECC algorithm and authentication platform certificate in the terminal SDK packet;
Step 108, terminal initiate activation request, the relevant information of transmission terminal on authentication platform to authentication platform;
Step 109, authentication platform are audited according to the relevant information of the terminal of upload, generate Termination ID after the approval, and It is signed using the private key of authentication platform to Termination ID, obtains third signature value, third signature value and auditing result are sent To terminal;
Step 110, terminal receive third signature value, are verified, are proved to be successful to it according to authentication platform certificate, obtained Termination ID enters step 111, otherwise it is assumed that authentication platform is illegal, returns to step 108;
Step 111, terminal call ECC algorithm, the terminal public key and terminal secret key of ECC algorithm are generated, by terminal secret key to end End ID signs, and obtains the 4th signature value, and it is sent jointly to authentication platform with terminal public key;
Step 112, authentication platform are verified to obtain terminal according to the terminal public key received to the 4th signature value received ID, and terminal public key is stored, while terminal public key and Termination ID are sent to server and stored, and server public key is returned It is stored back to terminal:
When step 2, server and terminal first time session connection, respective identity is separately verified, server need to configure pair when verifying The security strategy answered enters step 3 after being proved to be successful;
Step 3, server and terminal are confirmed whether to need if desired then to enter step 4 using Encryption Algorithm according to security strategy, Otherwise subsequent session is normally handled;
Step 4, server and terminal arranging key, respectively save key;
Data interaction is carried out by key between step 5, server and terminal.
2. the method authenticated between internet system is realized based on PKI as described in claim 1, which is characterized in that step 101 In, the relevant information of the server includes server application ID, server domain name and MAC address of server.
3. the method authenticated between internet system is realized based on PKI as described in claim 1, which is characterized in that step 107 In, the relevant information of the terminal includes terminal sn, terminal MAC address and terminal versions number.
4. realizing the method authenticated between internet system based on PKI as described in claims 1 or 2 or 3, which is characterized in that step In rapid 2, the server and when the session connection of terminal first time separately verifies respective identity, and server need to configure pair when verifying The security strategy answered enters step in 3 after being proved to be successful, the method for server authentication terminal identity are as follows:
Step 201, terminal generate a random value, it is formed a termination character string with Termination ID;
Step 202, terminal sign to termination character string by the ECC algorithm in terminal secret key and terminal SDK packet, obtain It is sent jointly to server with Termination ID by five signature values;
Step 203, server receive the 5th signature value and Termination ID, and the corresponding terminal for finding storage according to Termination ID is public Key, using in server S DK packet ECC algorithm and terminal public key verifying parsing is carried out to the 5th signature value, if verifying be parsed into Function then obtains Termination ID and random value, it is believed that is proved to be successful, otherwise it is assumed that authentication failed, returns to authentication failed information, return to step Rapid 201.
5. the method authenticated between internet system is realized based on PKI as claimed in claim 4, which is characterized in that in step 2, The server and when the session connection of terminal first time, separately verifies respective identity, and server need to configure corresponding peace when verifying Full strategy, enters step in 3, the method for terminal authentication server identity after being proved to be successful are as follows:
Step 204, when server authentication terminal success after, server configures the security strategy of the session;
Step 205, server can parse the server character string of this security strategy according to one terminal of security strategy generation;
Step 206, server sign server character string by the ECC algorithm in privacy key and server S DK packet Name, obtains the 6th signature value, returns to terminal;
Step 207, terminal receive the 6th signature value, are calculated using the ECC in the server public key and terminal SDK packet of itself storage Method carries out verifying parsing to it, obtains the security strategy of the session if verifying successfully resolved, and to server feedback verifying at Function and Termination ID return to step 205 otherwise to server feedback authentication failed and Termination ID.
6. the method authenticated between internet system is realized based on PKI as claimed in claim 5, which is characterized in that step 204 In, the security strategy include in conversation procedure whether to data carry out encrypt or whether need to the data in conversation procedure into Encryption Algorithm when needing to encrypt data in row completeness check and conversation procedure.
7. realizing the method that authenticates between internet system based on PKI as claimed in claim 6, which is characterized in that step 4 includes Following steps:
Step 401, server generate key according to the Encryption Algorithm in security strategy, it is formed key character with Termination ID String;
Step 402, server are inquired to obtain corresponding terminal public key by Termination ID, use the ECC algorithm in server S DK packet And terminal public key encrypts key string, is sent to terminal;
Step 403, terminal are decrypted the encrypted key string received using the terminal secret key of itself, if decryption It is successful then obtain key string, and success message is obtained to server feedback key, server receives key and obtains successfully The key is saved after message, is otherwise obtained failed message to server feedback, is returned to step 401.
CN201611175822.9A 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI Active CN106453431B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611175822.9A CN106453431B (en) 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611175822.9A CN106453431B (en) 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI

Publications (2)

Publication Number Publication Date
CN106453431A CN106453431A (en) 2017-02-22
CN106453431B true CN106453431B (en) 2019-08-06

Family

ID=58217525

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611175822.9A Active CN106453431B (en) 2016-12-19 2016-12-19 The method authenticated between internet system is realized based on PKI

Country Status (1)

Country Link
CN (1) CN106453431B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107135219B (en) * 2017-05-05 2020-04-28 四川长虹电器股份有限公司 Internet of things information secure transmission method
CN107919956B (en) * 2018-01-04 2020-09-22 重庆邮电大学 End-to-end safety guarantee method in cloud environment facing to Internet of things
CN108959908B (en) * 2018-08-03 2021-02-02 深圳市思迪信息技术股份有限公司 Method, computer equipment and storage medium for authenticating mobile platform accessing SDK
CN110535641B (en) * 2019-08-27 2022-06-10 中国神华能源股份有限公司神朔铁路分公司 Key management method and apparatus, computer device, and storage medium
CN110955542B (en) * 2019-12-11 2023-03-24 深圳盈佳信联科技有限公司 Data integration service platform
CN111212066B (en) * 2019-12-31 2022-04-01 浙江工业大学 Dynamic allocation request verification method
CN112039918B (en) * 2020-09-10 2021-08-06 四川长虹电器股份有限公司 Internet of things credible authentication method based on identification cryptographic algorithm

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN101488847A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Method, apparatus and system for data ciphering
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN103634266A (en) * 2012-08-21 2014-03-12 上海凌攀信息科技有限公司 A bidirectional authentication method for a server and a terminal
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101488847A (en) * 2008-01-18 2009-07-22 华为技术有限公司 Method, apparatus and system for data ciphering
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN101720071A (en) * 2009-12-01 2010-06-02 郑州信大捷安信息技术有限公司 Short message two-stage encryption transmission and secure storage method based on safety SIM card
CN103634266A (en) * 2012-08-21 2014-03-12 上海凌攀信息科技有限公司 A bidirectional authentication method for a server and a terminal
CN103812871A (en) * 2014-02-24 2014-05-21 北京明朝万达科技有限公司 Development method and system based on mobile terminal application program security application

Also Published As

Publication number Publication date
CN106453431A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN106453431B (en) The method authenticated between internet system is realized based on PKI
CN104618120B (en) A kind of mobile terminal key escrow digital signature method
CN104506534B (en) Secure communication key agreement interaction schemes
CA2812847C (en) Mobile handset identification and communication authentication
CN107040513B (en) Trusted access authentication processing method, user terminal and server
CN107277061A (en) End cloud security communication means based on IOT equipment
Jiang et al. Cryptanalysis of smart‐card‐based password authenticated key agreement protocol for session initiation protocol of Zhang et al.
US10742426B2 (en) Public key infrastructure and method of distribution
US20100185860A1 (en) Method for authenticating a communication channel between a client and a server
CN102404347A (en) Mobile internet access authentication method based on public key infrastructure
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN108111497A (en) Video camera and server inter-authentication method and device
CN109525565B (en) Defense method and system for short message interception attack
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN109639426A (en) Bidirectional self-authentication method based on identification password
CN106685983A (en) Data recovery method and device based on SSL protocol
CN110690969B (en) Method and system for achieving bidirectional SSL/TLS authentication through multiparty cooperation
CN113726524A (en) Secure communication method and communication system
CN108769029A (en) It is a kind of to application system authentication device, method and system
CN109272314A (en) A kind of safety communicating method and system cooperateing with signature calculation based on two sides
CN110519304A (en) HTTPS mutual authentication method based on TEE
Cui et al. Security analysis of openstack keystone
CN114650173A (en) Encryption communication method and system
Dorey et al. Indiscreet Logs: Diffie-Hellman Backdoors in TLS.
CN102664735A (en) Implementation method for secure session of mobile phone lottery system based on public key

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant