CN106790080A - Secure communication of network method and apparatus between operation system and electronic certificate system - Google Patents
Secure communication of network method and apparatus between operation system and electronic certificate system Download PDFInfo
- Publication number
- CN106790080A CN106790080A CN201611196059.8A CN201611196059A CN106790080A CN 106790080 A CN106790080 A CN 106790080A CN 201611196059 A CN201611196059 A CN 201611196059A CN 106790080 A CN106790080 A CN 106790080A
- Authority
- CN
- China
- Prior art keywords
- request
- electronic certificate
- key
- operation system
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention discloses the secure communication of network method and apparatus between operation system and electronic certificate system.Operation system is verified to the data of user's request, is carried out authentication to the legitimacy of user's request after the trust for obtaining electronic certificate system;Electronic certificate system can just perform corresponding service logic and return to the operation system its result after operation system completes checking and certification.Secure communication of network method includes:Operation system asks key;Electronic certificate system makes requests on key mutual trust certification;Electronic certificate system is to request cipher key user request authentication;Electronic certificate system-computed key is simultaneously cached;Operation system receives the key of return and caches;Operation system makes requests on parameter encryption and carries out service request according to key;Electronic certificate system carries out mutual authentication;Electronic certificate system carries out user's request authentication;Electronic certificate system makes requests on business execution;Electronic certificate system returns to implementing result.
Description
Technical field
The present invention relates to a kind of communication means and its communicator, more particularly to a kind of operation system and electronic certificate system
Between secure communication of network method and its communicator.
Background technology
With the development of science and technology, the especially appearance of cloud computing, Internet of Things, concept the regarding also into the public of smart home
Line.With society, the development of economic level, people are to the pursuit of household quality also more and more higher, it is desirable to home comfort, safety
Change, life staying idle at home comfortableization, intellectuality, the demand to intelligent domestic system are also more and more stronger.Wireless intelligent house at this stage
It is showing it is a technical advantage that be equipped with based on BLE technologies smart home, as long as holding mobile phone can just carry out remote control home
Occupy equipment.Satisfactory, it need not push wall aside, arrange the circuit of numerous and complicated, convenient to install;Facilitate networking, if
Standby autgmentability is strong;Low cost, it is low in energy consumption, meet Modern Family's green living theory;It is easy to maintenance, can timely and effectively find
Failure and maintenance.
Current to pursue market operation, many enterprises are the reason for considering each side to safety during researching and developing product
Consideration be not very perfect, so as to can be caused damage to the privacy of user and property.The Internet of Things based on BLE sets at this stage
It is standby to be asked using the common internet based on https agreements in networking process in the terminal that internet is connected by mobile phone etc.
Ask to obtain the data of internet;Carried out data transmission based on BLE technologies, the two ends for being typically due to connection can disconnect net
Network, in the case where not encrypting, data transfer is safe relatively, and transmission every time is all built upon entering on the basis of current connection
Capable.
Existing Internet of Things network service only relies only on https and BLE connections and carries out data transmission, although https is solved
Encryption in transmitting procedure, but the two ends of transmission are still plaintext, and BLE is then plaintext transmission.Request based on https
It is plaintext in two end datas of request, there is the danger for obtaining privacy of user or secure data in terminals such as mobile phones;Based on BLE
Technical data transmission intercept and capture terminal Bluetooth sniffer appearance so that using encryption data is not transmitted when data meeting
It is trapped and is maliciously used, can causes than more serious consequence.
Wherein, abbreviation and Key Term are defined as follows.
BLE:Bluetooth low energy consumption technologies are the robustness wireless technologys of low cost, short distance, interoperable, are operated in and exempt to be permitted
Can 2.4GHz ISM radio frequency bands.BLE technologies use very quick connected mode, therefore usually may be at " disconnected "
State (save energy), now both link ends are each other to know other side, link are only just opened when necessary, then to the greatest extent
Link is closed in time that may be short.
HTTPS:HTTPS (full name:Hyper Text Transfer Protocol over Secure Socket
Layer), it is HTTP passages with safety as target, is briefly the safe version of HTTP.That is SSL layers, HTTPS are added under HTTP
Foundation for security be SSL, therefore encryption detailed content be accomplished by SSL.
Authentication:Authentication is also referred to as " authentication " or " identity discriminating ", refers in computer and computer network
The process of operator's identity is confirmed in network system, so that it is determined that whether the user has access and the right to use to certain resource
Limit, and then the access strategy of cyber-net system is reliably and efficiently performed, prevent attacker from palming off validated user
Obtain the access rights of resource, it is ensured that the safety of system and data, and authorize the legitimate interests of visitor.
The content of the invention
In order to solve the above-mentioned technical problem, the present invention proposes the network between a kind of operation system and electronic certificate system
Safety communicating method and its communicator, the present invention can be between operation system and electronic certificate systems, will be from data storage, number
Data two ends are authenticated and encrypted according to transmission, during data use, so as to solve data being stolen in storage, number
According to potential safety hazards such as usurping in transmission, data distorting in.
Solution of the invention is:A kind of secure communication of network method between operation system and electronic certificate system,
The operation system is verified, please to user after the trust for obtaining the electronic certificate system to the data of user's request
The legitimacy asked carries out authentication;And the electronic certificate system the operation system complete checking and certification after, just meeting
Perform corresponding service logic and return to the operation system its result;The secure communication of network method includes following
Step:
Step one, operation system request key:Operation system is entered according to the encryption key and cipher mode made an appointment
The encryption of row required parameter, the request of https is initiated to electronic certificate system;
Step 2, electronic certificate system make requests on key mutual trust certification:Electronic certificate system receives operation system hair
Mutual trust certification is carried out to request after the request key request for rising;Subsequent step is performed if mutual trust certification success, otherwise directly
Connect and perform the tenth follow-up step;
Step 3, electronic certificate system are to request cipher key user request authentication:Electronic certificate system is to required parameter
The necessary information of middle carrying carries out authenticating user identification, and subsequent step is performed if authentication success, otherwise directly performs
The tenth follow-up step;
Step 4, electronic certificate system-computed key are simultaneously cached:Electronic certificate system-computed operation system is setting up current
Required parameter encryption key after connection, and timeliness setting and encryption storage are carried out to key data, in case subsequently using;
Step 5, operation system receive the key of return and cache:Operation system receives the key of return, and in business
Storage is realized in system, is encrypted to enter line parameter with this key in subsequent request, otherwise subsequent request is in follow-up 7th step
Rapid mutual trust certification and the authentication of the 8th step cannot correctly be certified;
Step 6, operation system make requests on parameter encryption and carry out service request according to key:Operation system is according to caching
Key be that the key that the 5th step is obtained is encrypted to service request parameter, and by https mode initiating business requests;
Step 7, electronic certificate system carry out mutual authentication:Electronic certificate system receives the business of operation system initiation
Mutual trust certification is carried out to request after request;Subsequent step is performed if mutual trust certification success, is otherwise directly performed follow-up
Tenth step;
Step 8, electronic certificate system carry out user's request authentication:Electronic certificate system in required parameter to carrying
Necessary information carry out authenticating user identification, if authentication success if perform subsequent step, otherwise directly perform follow-up
Tenth step;
Step 9, electronic certificate system make requests on business execution:Electronic certificate system is entered according to the request of operation system
The service logic of row electronic certificate system carries out calculating execution, with the end value asked;
Step 10, electronic certificate system return to implementing result:Electronic certificate system is returned to the implementing result asked.
Used as the further improvement of such scheme, whether mutual trust certification needs checking request to originate legal, and required parameter is
It is no legal.
Used as the further improvement of such scheme, authentication needs the https business authentications for calling operation system to provide
Interface carries out authentication.
Further, authentication is comprised the following steps:
Obtain request head data:The data that head is carried will be asked to be separated from request, and to isolating
Data are verified, and subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:Return
Return result;
Decrypt and verify head data:The data for obtaining request head data steps separate are decrypted, and decrypt posteriority
Whether card parameter is legal, subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:
Returning result;
Calling operation system carries out user's checking:To after decryption and verifying after successful data process, business is called
Whether the user's checking interface checking user of open system is legal, is continued executing with if legal, otherwise directly performs identity and recognizes
The final step of card:Returning result;
Perform certificate system's business:Service logic is performed to request after completing user's checking, business is organized after the completion of performing
Returned data;
Returning result:Request implementing result is returned into interface interchange side.
Used as the further improvement of such scheme, operation system is to be arranged on answering on communication terminal to based on SDK
With program, to provide the background system of service.
The present invention also provides secure communication of network device between a kind of operation system and electronic certificate system, the business system
System is verified, to the legitimacy of user's request after the trust for obtaining the electronic certificate system to the data of user's request
Carry out authentication;And the electronic certificate system can just be performed corresponding after the operation system completes checking and certification
Service logic simultaneously returns to the operation system its result;The secure communication of network device includes:
Request cipher key module, for making operation system ask key:Operation system is according to the encryption key made an appointment
With the encryption that cipher mode makes requests on parameter, the request of https is initiated to electronic certificate system;
Request key mutual trust authentication module, for making electronic certificate system make requests on key mutual trust certification:Electronic certificate
System carries out mutual trust certification after receiving the request key request that operation system is initiated to request;If mutual trust certification success
Follow-up request authentication module is performed, follow-up return implementing result module is otherwise directly performed;
Request authentication module, for electronic certificate system to request cipher key user request authentication:Electronic certificate
System carries out authenticating user identification to the necessary information carried in required parameter, and follow-up asking is performed if authentication success
Authentication module is sought, follow-up return implementing result module is otherwise directly performed;
Computation key and cache module, for making electronic certificate system-computed key and caching:Electronic certificate system-computed
Required parameter encryption key of the operation system after current connection is set up, and timeliness setting is carried out to key data and encryption is deposited
Storage, in case subsequently using;
Receiver module, for making operation system receive the key of return and cache:Operation system receives the key of return,
And storage is realized in operation system, and encrypted to enter line parameter with this key in subsequent request, otherwise subsequent request is rear
The mutual trust certification of continuous mutual authentication module and the authentication of user's request authentication module cannot correctly be certified;
Service request module, service request is carried out for making operation system make requests on parameter encryption according to key:Business
System is that the key that receiver module is obtained is encrypted to service request parameter according to the key of caching, and by https modes
Initiating business request;
Mutual authentication module, for making electronic certificate system carry out mutual authentication:Electronic certificate system receives business system
Mutual trust certification is carried out to request after the service request initiated of uniting;Follow-up user's request body is performed if mutual trust certification success
Part authentication module, otherwise directly performs follow-up return implementing result module;
User's request authentication module, for making electronic certificate system carry out user's request authentication:Electronic certificate
System carries out authenticating user identification to the necessary information carried in required parameter, and follow-up asking is performed if authentication success
Business execution module is sought, follow-up return implementing result module is otherwise directly performed;
Requested service performing module, performs for making electronic certificate system make requests on business:Electronic certificate system according to
The service logic that the request of operation system carries out electronic certificate system carries out calculating execution, with the end value asked;
Implementing result module is returned to, for making electronic certificate system return to implementing result:Electronic certificate system is to request
Implementing result is returned.
Used as the further improvement of such scheme, whether mutual trust certification needs checking request to originate legal, and required parameter is
It is no legal.
Used as the further improvement of such scheme, authentication needs the https business authentications for calling operation system to provide
Interface carries out authentication.
Used as the further improvement of such scheme, all of authentication is comprised the following steps:
Obtain request head data:The data that head is carried will be asked to be separated from request, and to isolating
Data are verified, and subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:Return
Return result;
Decrypt and verify head data:The data for obtaining request head data steps separate are decrypted, and decrypt posteriority
Whether card parameter is legal, subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:
Returning result;
Calling operation system carries out user's checking:To after decryption and verifying after successful data process, business is called
Whether the user's checking interface checking user of open system is legal, is continued executing with if legal, otherwise directly performs identity and recognizes
The final step of card:Returning result;
Perform certificate system's business:Service logic is performed to request after completing user's checking, business is organized after the completion of performing
Returned data;
Returning result:Request implementing result is returned into interface interchange side.
Used as the further improvement of such scheme, operation system is to be arranged on answering on communication terminal to based on SDK
With program, to provide the background system of service.
The stolen that will more effectively ensure the safety of data transfer and avoid during user's use using the present invention.
Brief description of the drawings
Fig. 1 is the integral frame figure of inventive network safe communication system.
Fig. 2 is the flow chart of the secure communication of network method between operation system and electronic certificate system.
Fig. 3 is the flow chart of the secure communication of network method between SDK and electronic certificate system.
Fig. 4 is the flow of the identity identifying method of the secure communication of network method between operation system and electronic certificate system
Figure.
Fig. 5 is the flow chart of mutual trust and encipher-decipher method based on bluetooth between the encryption chip of door lock and SDK.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
Inventive network safe communication system will be from during data storage, data transfer, data use to data two ends
It is authenticated and encrypts, so that usurping in solving data being stolen in storage, data transfer, data distorts in
Etc. potential safety hazard.It is therefore an object of the present invention to from network data storage, transmission, using solving safety problem in whole process,
A full set of security solution is provided.
Fig. 1 is referred to, secure communication of network system of the invention is used to coordinate operation system, electronic certificate system, movement
Secure communication between communication terminal (such as mobile phone), secure communication of network system of the invention can be used as software APP or plug-in unit etc.
It is attached in electronic certificate system etc. form, realizes the secure communication between operation system, electronic certificate system, mobile phone.
The present invention can be applied on communication terminal such as mobile phone, and it to the offer of APP is that some services are used that SDK is
Part, realizes that information is exchanged with the encryption chip of interior of mobile phone.Electronic certificate system generate beyond the clouds safety encryption electronics with
Card data, are transmitted by network encryption, are encrypted in SDK sides and stored, and are then transferred to encryption chip by SDK and are decrypted and test
Card.Electronic certificate system can be comprising Sever, api interface, Json interfaces, ID authentication mechanism and with supporting self-defined number
According to electronic certificate data data storage.
Operation system can be to the application program being arranged on based on SDK on communication terminal, to provide the backstage of service
System.Operation system is verified, to user's request after the trust for obtaining electronic certificate system to the data of user's request
Legitimacy carries out authentication;And electronic certificate system can just perform corresponding industry after operation system completes checking and certification
Business logic simultaneously returns to operation system its result.
Electronic certificate system itself provides the safety storage of data, and data encryption storage only has electronic certificate system to pass through
Interface routine can be decrypted normally when obtaining data, and other approach cannot view encryption data original contents.
The initial encryption key that can negotiate with one another that the network communication being related in the present invention is set up in communication connection every time,
Data in data exchange process are encrypted and decrypted for communicating two ends and used, even if other links have intercepted and captured data
Encryption key cannot be obtained, so as to the risk that the data prevented in transmitting procedure are stolen.Mistake of the present invention in network communication
Mutual identity can be verified when first connection is set up in journey, only can just be carried out after authentication success
Subsequent communications, so as to prevent the risk that non-legally user steals data.The present invention is also in operation system and electronic certificate system
Between add by operation system participate in certification verification mode so that the Information Security between system reaches highest.
Electronic certificate system generates the electronic certificate data of safety encryption beyond the clouds, is transmitted by network encryption, in mobile phone
On the encryption storage of SDK sides, the encryption chip being then transferred on mobile phone by SDK is decrypted checking.
Secure communication of network system can set mutual trust and encryption and decryption mechanism one between api interface and operation system, be formed
Secure communication of network device between operation system and electronic certificate system, realizes corresponding secure communication of network method.
As shown in Fig. 2 the communication mechanism between the api interface of operation system and electronic certificate system, operation system
The data asked are verified after to the trust of electronic certificate system, the legitimacy to asking carries out authentication;Work as system
Corresponding service logic can be just performed after completion checking and certification and return to operation system result.
Secure communication of network system can also set a mutual trust and encryption and decryption mechanism two, shape between Json interfaces and SDK
Into secure communication of network device between SDK and electronic certificate system, corresponding secure communication of network method is realized.
As shown in figure 3, the communication mechanism between SDK and the JSON interfaces of electronic certificate system, SDK is obtaining electronic certificate
After the trust of system, electronic certificate system is verified to the data asked, the legitimacy to asking carries out authentication;Work as electricity
Corresponding service logic can be just performed after sub- certificate system's completion checking and certification and return to SDK results.
Secure communication of network system can also using the HTTPS business authentications interface of operation system operation system and electronics with
ID authentication mechanism is set between card system, the body of secure communication of network method between operation system and electronic certificate system is formed
Part authentication device, realizes the identity identifying method of secure communication of network method.
As shown in figure 4, electronic certificate system carries out authentication to the request that operation system and SDK are initiated, identity is recognized
The basis source of card opens interface of the Third party system to user's validity check, third party in operation system, i.e. operation system
System judges whether to meet condition by interface return value.
Secure communication of network system can also be set between SDK and encryption chip one based on bluetooth Internet of Things mutual trust and
Encryption and decryption mechanism three, forms the mutual trust between the encryption chip and SDK of door lock and ciphering and deciphering device, realizes the encryption chip of door lock
And the mutual trust between SDK (SDK such as on mobile phone) and encipher-decipher method.
As shown in figure 5, the communication mechanism between SDK and encryption chip, SDK set up with encryption chip every time be connected when
Wait and complete certification;Corresponding service logic can be just performed after the completion of certification and SDK is returned result to carries out subsequent treatment.
Explanation is subsequently developed in details one by one to above designing points of the invention.
First, mutual trust and encryption and decryption mechanism one (i.e. between operation system and electronic certificate system secure communication of network method and
Its device)
Fig. 2 is referred to, secure communication of network device includes 10 big modules between operation system and electronic certificate system, per big
Module performs a corresponding step.According to this 10 big module, secure communication of network between operation system and electronic certificate system
The key step description of method:
1st, cipher key module is asked, for making operation system ask cipher key function.
Operation system makes requests on the encryption of parameter according to the encryption key and cipher mode made an appointment, to electronics with
Card system initiates the request of https.
2nd, key mutual trust authentication module is asked, for making electronic certificate system make requests on key mutual trust certification.
Electronic certificate system carries out mutual trust certification after receiving the request key request that operation system is initiated to request, needs
Whether legal checking request is wanted to originate, whether required parameter legal etc..Subsequent step is performed if certification success, otherwise directly
Perform the 10th step.
3rd, authentication module is asked, for making electronic certificate system make requests on cipher key user request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call business system to the necessary information carried in required parameter
The interface of https for providing of uniting verified, subsequent step is performed if being proved to be successful, otherwise direct the 10th step of execution.
4th, computation key and cache module, for making electronic certificate system-computed key and caching.
Required parameter encryption key of the electronic certificate system-computed operation system after current connection is set up, and to key
Data carry out timeliness setting and encryption storage, in case subsequently using.
5th, receiver module, for making operation system receive the key of return and cache.
Operation system receives the key of return, and storage is realized in operation system, to use this in subsequent request
Key enters line parameter encryption, and otherwise subsequent request cannot correctly be recognized in mutual trust certification (the 7th step) and authentication (the 8th step)
Card.
6th, service request module, service request is carried out for making operation system make requests on parameter encryption according to key.
Operation system is encrypted according to the key (key that the 5th step is obtained) of caching to service request parameter, and passes through
Https mode initiating business requests.
7th, mutual authentication module, for making electronic certificate system carry out mutual authentication.
Electronic certificate system carries out mutual trust certification, it is necessary to test after receiving the service request that operation system is initiated to request
Whether card request source is legal, and whether required parameter is legal, and whether required parameter cipher mode is legal etc..If certification success
Subsequent step is performed, the 10th step is otherwise directly performed.
8th, user's request authentication module, for making electronic certificate system carry out user's request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call business system to the necessary information carried in required parameter
The interface of https for providing of uniting verified, subsequent step is performed if being proved to be successful, otherwise direct the 10th step of execution.
9th, requested service performing module, performs for making electronic certificate system make requests on business.
Electronic certificate system carries out calculating execution according to the service logic that the request of operation system carries out electronic certificate system,
With the end value asked.
10th, implementing result module is returned to, for making electronic certificate system return to implementing result.
Electronic certificate system is returned to the implementing result asked.
2nd, mutual trust and encryption and decryption mechanism two (i.e. secure communication of network method and its dress between SDK and electronic certificate system
Put)
Fig. 3 is referred to, the secure communication of network device between SDK and electronic certificate system also includes 10 big modules, per big
Module performs a corresponding step.According to this 10 big module, the secure communication of network between mobile phone SDK and electronic certificate system
The key step description of method:
1st, SDK requests cipher key module, for making SDK ask key.
SDK makes requests on the encryption of parameter according to the encryption key and cipher mode made an appointment, to electronic certificate system
System initiates the request of https.
2nd, key mutual trust authentication module is asked, for making electronic certificate system make requests on key mutual trust certification.
Electronic certificate system carries out mutual trust certification, it is necessary to test after receiving the request key request that SDK is initiated to request
Whether card request source is legal, and whether required parameter is legal etc..Subsequent step is performed if certification success, is otherwise directly performed
10th step.
3rd, authentication module is asked, for making electronic certificate system make requests on cipher key user request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call SDK to carry to the necessary information carried in required parameter
The interface of the https of confession verified, subsequent step is performed if being proved to be successful, and otherwise directly performs the 10th step.
4th, computation key and cache module, for making electronic certificate system-computed key and caching.
Required parameter encryption keys of the electronic certificate system-computed SDK after current connection is set up, and to key data
Timeliness setting and encryption storage are carried out, in case subsequently using.
5th, receiver module, for making SDK receive the key of return and cache.
SDK receives the key of return, and storage is realized in SDK, to be joined with this key in subsequent request
Number encryption, otherwise subsequent request cannot correctly be certified in mutual trust certification (the 7th step) and authentication (the 8th step).It may be noted that
, the app if based on SDK exits, and key also directly fails, and whole flow process needs to restart.
6th, service request module, service request is carried out for making SDK make requests on parameter encryption according to key.
SDK is encrypted according to the key (key that the 5th step is obtained) of caching to service request parameter, and by https
Mode initiating business request.
7th, mutual authentication module, for making electronic certificate system carry out mutual authentication.
Electronic certificate system receive SDK initiation service request after to request carry out mutual trust certification, it is necessary to verify please
Ask whether source is legal, and whether required parameter is legal, and whether required parameter cipher mode is legal etc..Performed if certification success
Subsequent step, otherwise directly performs the 10th step.
8th, user's request authentication module, for making electronic certificate system carry out user's request authentication.
Electronic certificate system carries out authenticating user identification, it is necessary to call SDK to carry to the necessary information carried in required parameter
The interface of the https of confession verified, subsequent step is performed if being proved to be successful, and otherwise directly performs the 10th step.
9th, requested service performing module, performs for making electronic certificate system make requests on business.
Electronic certificate system carries out calculating execution according to the service logic that the request of SDK carries out electronic certificate system, with
To the end value of request.
10th, implementing result module is returned to, for making electronic certificate system return to implementing result.
Electronic certificate system is returned to the implementing result asked.
3rd, mutual trust encryption and decryption mechanism three (is based on the Internet of Things mutual trust of bluetooth and adds i.e. between the encryption chip and SDK of door lock
Decryption method and its device)
Fig. 4 is referred to, the mutual trust and ciphering and deciphering device between the encryption chip and SDK of door lock include 5 big modules, per big mould
Block performs a corresponding step.According to this 5 big module, mutual trust and encipher-decipher method between the encryption chip and SDK of door lock
Key step description:
1st, connection establishment module, is connected for making SDK be set up with BLE.
SDK is set up with BLE by bluetooth and is connected.
2nd, mutual trust authentication module, for making SDK and BLE carry out mutual trust certification.
SDK transfers data to BLE, BLE according to the encryption key and cipher mode made an appointment after setting up connection
Data deciphering is carried out according to the key made an appointment, is verified and is returned to the mutual letter datas of SDK, SDK according to the data for obtaining
Data to returning are authenticated, and certification mutual trust certification after connects and completes to set up.
3rd, BLE cachings and " return " key" module, for making BLE cache and " return " key" module.
By cipher key cache and SDK is transferred to according to mutual trust connection (the 1st, the connection set up of the 2 steps) BLE for pre-building.
4th, receiver module, for making SDK receive the key of return and cache.
SDK receives the key that BLE is returned, and encryption is buffered in locally, for subsequent data transmission encryption provides key.
5th, data transmission module, for making SDK be based on the current data transfer being connected with BLE.
Based on pre-build mutual trust connection (the 1st, 2 steps set up connection) in data transmission procedure by all data roots
Data Encryption Transmission is carried out according to key (key that the 4th step is cached).
It is pointed out that during any, as long as bluetooth disconnects, the key of SDK storages directly resets, whole flow process
Needs restart.
4th, ID authentication mechanism (i.e. recognize between operation system and electronic certificate system by the identity of secure communication of network method
Card method and its device)
Fig. 5 is referred to, the identification authentication system bag of secure communication of network method between operation system and electronic certificate system
5 big modules are included, a corresponding step is performed per big module.According to this 5 big module, between operation system and electronic certificate system
The key step description of the identity identifying method of secure communication of network method:
1st, request head data modules are obtained, for obtaining request head data.
The data for asking head to carry are separated from request, and is verified from the data to isolating, if
It is legal, subsequent operation is carried out, if not conforming to rule directly performs the 5th step.
2nd, decrypt and verify head data modules, for decrypting and verify head data.
The data that 1st step is separate are decrypted, whether certificate parameter is legal after decryption, is subsequently grasped if legal
Make, if not conforming to rule directly performs the 5th step.
3rd, calling operation system carries out subscriber authentication module, for calling operation system to carry out user's checking.
To after decryption and verifying after successful data process, the user's checking interface for calling operation system to open is verified
Whether user is legal, is continued executing with if legal, otherwise directly performs the 5th step.
4th, certificate system's business module is performed, for performing certificate system's business.
Service logic is performed to request after completing user's checking, business organizes returned data after the completion of performing.
5th, returning result module, for returning result.
Request implementing result is returned into interface interchange to put.
In sum, the present invention is from network data storage, transmission, using solving safety problem in whole process, there is provided complete
The security solution of set.Electronic certificate system itself provides the safety storage of data, and data encryption storage only has system to lead to
Crossing when interface routine obtains data normally to decrypt, and other approach cannot view encryption data original contents.
The features of the present invention is as follows:
1st, based on the security mechanism on https agreements, SDK will be carried out first before carrying out data interaction with electronic certificate system
Mutual trust checking and key agreement, complete to carry out data encryption biography using based on arranging key after mutual trust Authentication and Key Agreement
It is defeated, complete encryption at the two ends of https;
2nd, the Credential data of electronic certificate storage and transmission is made up of two parts, i.e. communication data and self-defining data, leads to
News data are the data for being interacted with Bluetooth chip mutual trust;Self-defining data is the user using electronic certificate system according to certainly
The data structure that body needs and designs, this data are to be directly passed to Bluetooth chip after SDK and Bluetooth chip complete mutual trust;
3rd, bluetooth connection mutual confidence-building mechanism, SDK first carries out mutual trust checking and key after setting up initial connection with Bluetooth chip
Consult, complete to carry out Data Encryption Transmission using based on arranging key after mutual trust Authentication and Key Agreement;
4th, this programme overall description secure communication of network mechanism.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all in essence of the invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Claims (10)
1. a kind of secure communication of network method between operation system and electronic certificate system, the operation system is obtaining described
After the trust of electronic certificate system, the data of user's request are verified, authentication is carried out to the legitimacy of user's request;
And the electronic certificate system can just perform corresponding service logic and return after the operation system completes checking and certification
Give the operation system its result;It is characterized in that:The secure communication of network method is comprised the following steps:
Step one, operation system request key:Operation system is asked according to the encryption key and cipher mode made an appointment
The encryption of parameter is asked, the request of https is initiated to electronic certificate system;
Step 2, electronic certificate system make requests on key mutual trust certification:Electronic certificate system receives operation system initiation
Mutual trust certification is carried out to request after request key request;Subsequent step is performed if mutual trust certification success, is otherwise directly held
The tenth follow-up step of row;
Step 3, electronic certificate system are to request cipher key user request authentication:Electronic certificate system in required parameter to taking
The necessary information of band carries out authenticating user identification, and subsequent step is performed if authentication success, otherwise directly performs follow-up
The tenth step;
Step 4, electronic certificate system-computed key are simultaneously cached:Electronic certificate system-computed operation system is setting up current connection
Required parameter encryption key afterwards, and timeliness setting and encryption storage are carried out to key data, in case subsequently using;
Step 5, operation system receive the key of return and cache:Operation system receives the key of return, and in operation system
It is middle to realize storage, encrypted to enter line parameter with this key in subsequent request, otherwise subsequent request is in follow-up 7th step
Mutual trust certification and the authentication of the 8th step cannot correctly be certified;
Step 6, operation system make requests on parameter encryption and carry out service request according to key:Operation system is close according to caching
Key is that the key that the 5th step is obtained is encrypted to service request parameter, and by https mode initiating business requests;
Step 7, electronic certificate system carry out mutual authentication:Electronic certificate system receives the service request of operation system initiation
Mutual trust certification is carried out to request afterwards;Subsequent step is performed if mutual trust certification success, follow-up the tenth is otherwise directly performed
Step;
Step 8, electronic certificate system carry out user's request authentication:Electronic certificate system must to what is carried in required parameter
Wanting information carries out authenticating user identification, and subsequent step is performed if authentication success, otherwise directly performs follow-up the tenth
Step;
Step 9, electronic certificate system make requests on business execution:Electronic certificate system carries out electricity according to the request of operation system
The service logic of sub- certificate system carries out calculating execution, with the end value asked;
Step 10, electronic certificate system return to implementing result:Electronic certificate system is returned to the implementing result asked.
2. the secure communication of network method between operation system as claimed in claim 1 and electronic certificate system, its feature exists
In:Whether mutual trust certification needs checking request to originate legal, and whether required parameter is legal.
3. the secure communication of network method between operation system as claimed in claim 1 and electronic certificate system, its feature exists
In:Authentication needs to call the https business authentications interface that operation system is provided carry out authentication.
4. the secure communication of network method between operation system as claimed in claim 3 and electronic certificate system, its feature exists
In:Authentication is comprised the following steps:
Obtain request head data:The data that head is carried will be asked to be separated from request, and from the data to isolating
Verified, subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:Return to knot
Really;
Decrypt and verify head data:The data for obtaining request head data steps separate are decrypted, and ginseng is verified after decryption
Whether number is legal, subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:Return
As a result;
Calling operation system carries out user's checking:To after decryption and verifying after successful data process, operation system is called
Whether open user's checking interface checking user is legal, is continued executing with if legal, otherwise directly performs authentication
Final step:Returning result;
Perform certificate system's business:Service logic is performed to request after completing user's checking, business is organized after the completion of performing and returned
Data;
Returning result:Request implementing result is returned into interface interchange side.
5. the secure communication of network method between operation system as claimed in claim 1 and electronic certificate system, its feature exists
In:Operation system is to the application program being arranged on based on SDK on communication terminal, as the background system for providing service.
6. a kind of secure communication of network device between operation system and electronic certificate system, the operation system is obtaining described
After the trust of electronic certificate system, the data of user's request are verified, authentication is carried out to the legitimacy of user's request;
And the electronic certificate system can just perform corresponding service logic and return after the operation system completes checking and certification
Give the operation system its result;It is characterized in that:The secure communication of network device includes:
Request cipher key module, for making operation system ask key:Operation system is according to the encryption key made an appointment and adds
Close mode makes requests on the encryption of parameter, and the request of https is initiated to electronic certificate system;
Request key mutual trust authentication module, for making electronic certificate system make requests on key mutual trust certification:Electronic certificate system
Receive operation system initiation request key request after to request carry out mutual trust certification;Performed if mutual trust certification success
Follow-up request authentication module, otherwise directly performs follow-up return implementing result module;
Request authentication module, for electronic certificate system to request cipher key user request authentication:Electronic certificate system
Necessary information to being carried in required parameter carries out authenticating user identification, and follow-up request body is performed if authentication success
Part authentication module, otherwise directly performs follow-up return implementing result module;
Computation key and cache module, for making electronic certificate system-computed key and caching:Electronic certificate system-computed business
Required parameter encryption key of the system after current connection is set up, and timeliness setting and encryption storage are carried out to key data,
In case subsequently using;
Receiver module, for making operation system receive the key of return and cache:Operation system receives the key of return, and
Storage is realized in operation system, is encrypted to enter line parameter with this key in subsequent request, otherwise subsequent request is follow-up
The mutual trust certification of mutual authentication module and the authentication of user's request authentication module cannot correctly be certified;
Service request module, service request is carried out for making operation system make requests on parameter encryption according to key:Operation system
Key according to caching is that the key that receiver module is obtained is encrypted to service request parameter, and is initiated by https modes
Service request;
Mutual authentication module, for making electronic certificate system carry out mutual authentication:Electronic certificate system receives operation system hair
Mutual trust certification is carried out to request after the service request for rising;Follow-up user's request identity is performed if mutual trust certification success to recognize
Card module, otherwise directly performs follow-up return implementing result module;
User's request authentication module, for making electronic certificate system carry out user's request authentication:Electronic certificate system
Necessary information to being carried in required parameter carries out authenticating user identification, and follow-up request industry is performed if authentication success
Business performing module, otherwise directly performs follow-up return implementing result module;
Requested service performing module, performs for making electronic certificate system make requests on business:Electronic certificate system is according to business
The service logic that the request of system carries out electronic certificate system carries out calculating execution, with the end value asked;
Implementing result module is returned to, for making electronic certificate system return to implementing result:Execution of the electronic certificate system to asking
Result is returned.
7. the secure communication of network device between operation system as claimed in claim 6 and electronic certificate system, its feature exists
In:Whether mutual trust certification needs checking request to originate legal, and whether required parameter is legal.
8. the secure communication of network device between operation system as claimed in claim 6 and electronic certificate system, its feature exists
In:Authentication needs to call the https business authentications interface that operation system is provided carry out authentication.
9. the secure communication of network device between operation system as claimed in claim 8 and electronic certificate system, its feature exists
In:All of authentication is comprised the following steps:
Obtain request head data:The data that head is carried will be asked to be separated from request, and from the data to isolating
Verified, subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:Return to knot
Really;
Decrypt and verify head data:The data for obtaining request head data steps separate are decrypted, and ginseng is verified after decryption
Whether number is legal, subsequent operation is carried out if legal, if not conforming to the final step that rule directly performs authentication:Return
As a result;
Calling operation system carries out user's checking:To after decryption and verifying after successful data process, operation system is called
Whether open user's checking interface checking user is legal, is continued executing with if legal, otherwise directly performs authentication
Final step:Returning result;
Perform certificate system's business:Service logic is performed to request after completing user's checking, business is organized after the completion of performing and returned
Data;
Returning result:Request implementing result is returned into interface interchange side.
10. the secure communication of network device between operation system as claimed in claim 6 and electronic certificate system, its feature exists
In:Operation system is to the application program being arranged on based on SDK on communication terminal, to provide the background system of service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611196059.8A CN106790080A (en) | 2016-12-22 | 2016-12-22 | Secure communication of network method and apparatus between operation system and electronic certificate system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611196059.8A CN106790080A (en) | 2016-12-22 | 2016-12-22 | Secure communication of network method and apparatus between operation system and electronic certificate system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106790080A true CN106790080A (en) | 2017-05-31 |
Family
ID=58897295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611196059.8A Withdrawn CN106790080A (en) | 2016-12-22 | 2016-12-22 | Secure communication of network method and apparatus between operation system and electronic certificate system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106790080A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108737442A (en) * | 2018-06-12 | 2018-11-02 | 北京多采多宜网络科技有限公司 | A kind of cryptographic check processing method |
| CN109034798A (en) * | 2018-07-13 | 2018-12-18 | 惠龙易通国际物流股份有限公司 | Electronic fare payment system, method, apparatus, equipment and medium based on micro services |
| CN110535648A (en) * | 2018-05-24 | 2019-12-03 | 腾讯科技(深圳)有限公司 | Electronic certificate is generated and verified and key controlling method, device, system and medium |
| CN112422532A (en) * | 2020-11-05 | 2021-02-26 | 腾讯科技(深圳)有限公司 | Business communication method, system, device and electronic equipment |
| CN112995144A (en) * | 2021-02-05 | 2021-06-18 | 杭州华橙软件技术有限公司 | File processing method and system, readable storage medium and electronic device |
| CN115952484A (en) * | 2023-03-14 | 2023-04-11 | 天聚地合(苏州)科技股份有限公司 | Data circulation method, device and system based on trusted execution environment |
-
2016
- 2016-12-22 CN CN201611196059.8A patent/CN106790080A/en not_active Withdrawn
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110535648A (en) * | 2018-05-24 | 2019-12-03 | 腾讯科技(深圳)有限公司 | Electronic certificate is generated and verified and key controlling method, device, system and medium |
| CN110535648B (en) * | 2018-05-24 | 2022-05-06 | 腾讯科技(深圳)有限公司 | Electronic certificate generation and verification and key control method, device, system and medium |
| CN108737442A (en) * | 2018-06-12 | 2018-11-02 | 北京多采多宜网络科技有限公司 | A kind of cryptographic check processing method |
| CN108737442B (en) * | 2018-06-12 | 2019-05-10 | 北京多采多宜网络科技有限公司 | A kind of cryptographic check processing method |
| CN109034798A (en) * | 2018-07-13 | 2018-12-18 | 惠龙易通国际物流股份有限公司 | Electronic fare payment system, method, apparatus, equipment and medium based on micro services |
| CN109034798B (en) * | 2018-07-13 | 2022-09-09 | 惠龙易通国际物流股份有限公司 | Electronic payment system, method, apparatus, device and medium based on micro service |
| CN112422532A (en) * | 2020-11-05 | 2021-02-26 | 腾讯科技(深圳)有限公司 | Business communication method, system, device and electronic equipment |
| WO2022095730A1 (en) * | 2020-11-05 | 2022-05-12 | 腾讯科技(深圳)有限公司 | Service communication method, system and apparatus, and electronic device |
| CN112422532B (en) * | 2020-11-05 | 2024-02-23 | 腾讯科技(深圳)有限公司 | Service communication method, system and device and electronic equipment |
| CN112995144A (en) * | 2021-02-05 | 2021-06-18 | 杭州华橙软件技术有限公司 | File processing method and system, readable storage medium and electronic device |
| CN115952484A (en) * | 2023-03-14 | 2023-04-11 | 天聚地合(苏州)科技股份有限公司 | Data circulation method, device and system based on trusted execution environment |
| CN115952484B (en) * | 2023-03-14 | 2023-07-25 | 天聚地合(苏州)科技股份有限公司 | Data circulation method, device and system based on trusted execution environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108512862B (en) | Internet of things terminal security authentication management and control platform based on certificate-free identification authentication technology | |
| CN106790080A (en) | Secure communication of network method and apparatus between operation system and electronic certificate system | |
| US7725717B2 (en) | Method and apparatus for user authentication | |
| CN110177354A (en) | A kind of wireless control method and system of vehicle | |
| CN108347729B (en) | Network is sliced interior method for authenticating, slice authentication agent entity and session management entity | |
| US10050791B2 (en) | Method for verifying the identity of a user of a communicating terminal and associated system | |
| CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
| CN106230838A (en) | A kind of third-party application accesses the method and apparatus of resource | |
| CN102143482A (en) | Method and system for authenticating mobile banking client information, and mobile terminal | |
| JP2005504459A (en) | Authentication method between portable article for telecommunication and public access terminal | |
| WO2017185450A1 (en) | Method and system for authenticating terminal | |
| US9319882B2 (en) | Method for mutual authentication between a terminal and a remote server by means of a third-party portal | |
| CN105871777A (en) | Wireless router access processing method, wireless router access method and device | |
| CN105282179A (en) | Family Internet of things security control method based on CPK | |
| CN107612949B (en) | Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint | |
| CN106790078A (en) | Safety communicating method and device between a kind of SDK and electronic certificate system | |
| US9444815B2 (en) | Method and system for accessing a service | |
| CN107733652A (en) | For sharing the method for unlocking and system and lock of the vehicles | |
| JP2016519873A (en) | Establishing secure voice communication using a generic bootstrapping architecture | |
| EP3376421A1 (en) | Method for authenticating a user and corresponding device, first and second servers and system | |
| CN110278083A (en) | ID authentication request treating method and apparatus, equipment replacement method and apparatus | |
| CN112020716A (en) | Remote biometric identification | |
| CN110278084B (en) | eID establishing method, related device and system | |
| CN107786978B (en) | NFC authentication system based on quantum encryption | |
| CN202026332U (en) | Information authentication system of client end for mobile telephone banking and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180628 Address after: 518052 Room 201, building A, 1 front Bay Road, Shenzhen Qianhai cooperation zone, Shenzhen, Guangdong Applicant after: Shenzhen Qianhai Sheng Tai Industrial Co., Ltd. Address before: 518066 room 2407, Oriental Science and technology building, 16 Keyuan Road, Nanshan District, Shenzhen, Guangdong Applicant before: Shenzhen Zhongcheng science and Technology Co. Ltd |
|
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170531 |