CN107248075A - A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction - Google Patents
A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction Download PDFInfo
- Publication number
- CN107248075A CN107248075A CN201710359305.5A CN201710359305A CN107248075A CN 107248075 A CN107248075 A CN 107248075A CN 201710359305 A CN201710359305 A CN 201710359305A CN 107248075 A CN107248075 A CN 107248075A
- Authority
- CN
- China
- Prior art keywords
- client
- certificate
- server
- signature
- original text
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Abstract
The invention discloses a kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction, belong to information security field.Methods described includes:When receiving the request for obtaining client certificate, the client certificate list built in intelligent cipher key equipment loopback, client certificate list is indexed including certificate;When receiving the request signed using client certificate, intelligent cipher key equipment is according to the certificate indexed search certificate included in request, according to the determined property client certificate type of the certificate retrieved, if the certificate of two-way authentication, computing that client signature original text is made a summary and signed;If the certificate of transaction, then first judge whether signature original text meets message specification, be, after user key-press confirms Transaction Information, computing that client signature original text is made a summary and signed;Otherwise direct computing that client signature original text is made a summary and signed.Technical scheme in the present invention, greatly improves the security of bidirectional authentication of smart secret key equipment and transaction.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of side for realizing bidirectional authentication of smart secret key equipment and transaction
Method and device.
Background technology
With the development of cryptographic technique and computer technology, 1024 RSA Algorithms commonly used at present face serious safety
Threaten, State Commercial Cryptography Administration determines to replace RSA Algorithm using the close algorithm of state (SM2 algorithms and SM3 algorithms).Wherein, SM2 algorithms are provided
Signature, checking, key such as exchange at the detail, digital signature that SM3 is used in cipher application and checking, message authentication code
Generation and checking and the generation of random number, can meet the demand for security of a variety of cipher applications.
Intelligent cipher key equipment can realize that sensitive information to be signed is shown on the liquid crystal of intelligent cipher key equipment, reach
Process of exchange has been prevented hacker and has been distorted the security breaches that information is brought by user's controllable state and finding and the effect signed,
The lifting of matter has been obtained in level of security.
At present, still it is traded for the most banks of intelligent cipher key equipment using RSA Algorithm and two-way authentication, for intelligence
Energy key devices, the close algorithm of state wouldn't support two-way authentication and transaction, and security is seriously threatened.
The content of the invention
The invention aims to solve problems of the prior art there is provided one kind to realize intelligent cipher key equipment
Two-way authentication and the method and device of transaction.
The technical solution adopted by the present invention is:
On the one hand, a kind of method for realizing bidirectional authentication of smart secret key equipment and transaction, method includes:
Step S1:When receiving the request of acquisition client certificate of server transmission, in intelligent cipher key equipment loopback
The client certificate list put, client certificate list is indexed including certificate;
Step S2:When receiving the request signed using client certificate, intelligent cipher key equipment is included according in request
Certificate indexed search certificate, according to the determined property client certificate type of the certificate retrieved, if two-way authentication
Certificate, performs step S3;If the certificate of transaction, then step S4 is performed;
Step S3:Intelligent cipher key equipment is made a summary and signed to client signature original text computing, and by client signature
As a result client is returned, is terminated;
Step S4:When the client signature original text and judgement request for receiving client transmission, intelligent cipher key equipment is sentenced
Whether disconnected client signature original text meets message specification, is then to perform step S5;Otherwise step S6 is performed;
Step S5:Intelligent cipher key equipment parses client signature original text and shows Transaction Information, right after user key-press confirms
Client signature original text is made a summary and signed computing, and client signature result is returned into client, is terminated;
Step S6:After intelligent cipher key equipment receives the signature request of client transmission, client signature original text is parsed,
Client signature original text is made a summary and signed computing, and signature result is returned into client, terminated.
Specifically, in step S1, after judging client certificate type, in addition to:When receive client transmission it is close
When code and checking request, whether intelligent cipher key equipment checking password is correct, if mistake, returns to error message to client, such as
Fruit is correct, is returned to client after correct information, waits the client certificate for receiving server transmission.
Specifically, before intelligent cipher key equipment returns to error message to client, in addition to:Intelligent cipher key equipment judges certainly
Whether body is locked, is then to open lock, performs intelligent cipher key equipment and verifies whether password is correct, otherwise returns to mistake letter to client
Breath.
Specifically, when client signature result being returned into client in step S3, in addition to:Client signature is former
Text, client signature result and client certificate are sent to server;
Server receives client signature original text, client signature result and the client certificate of client transmission, adjusts
Computing of once making a summary is done to client signature result with summary computing interface.
Further, server receives client signature original text, client signature result and the client of client transmission
After certificate, in addition to:Whether server is correct using client certificate verification client signature result;Server authentication client
Hold certificate whether legal.
Preferably, also include before step S3:When the client signature original text and judgement that receive client transmission are asked
When, intelligent cipher key equipment parsing client signature original text simultaneously judge whether client signature original text meets message specification, be then to
Client returns to error message, otherwise returns to correct information to client, performs step S3.
Further, before step S3, in addition to:Client call makes a summary computing interface to the progress of client signature original text
Summary computing, and summary result is sent to intelligent cipher key equipment;
Intelligent cipher key equipment is received after the summary result of client transmission, former using summary result as client signature
Text, parsing active client signature original text simultaneously judges whether active client signature original text meets message specification, is then to client
End returns to error message, otherwise returns to correct information to client, performs step S3.
Closer, when client signature result being returned into client in step S3, in addition to:Client signature is former
Text, client signature result and client certificate are sent to server;
Server receives active client signature original text, client signature result and the client card of client transmission
Book, calls summary computing interface to do computing of making a summary twice to client signature result.
Specifically, in step S3, when client signature result is returned into client, in addition to:Client is currently supported
Symmetric encipherment algorithm return client.
Specifically, client signature result is returned after client in step S3, in addition to:Server selects client branch
The AES that the security highest symmetric encipherment algorithm held communicates as two-way authentication, and use client certificate public key pair
This AES is encrypted, and encrypted result is sent into client.
Specifically, when receiving the decoding request of client transmission, encrypted result is decrypted intelligent cipher key equipment,
And obtained AES return client will be decrypted.
Further, by decrypted result return client after, in addition to:Client passes through production according to AES
Random number interface produces a random number and is sent to server as communication key, and using server certificate public key encryption, services
Device is received after the encrypted result of client transmission, is decrypted by decryption interface using server certificate private key, and acquisition is two-way to be recognized
Demonstrate,prove the communication key of encryption.
Specifically, also include before step S1:User end to server sends two-way authentication connection request, and server will take
Business device information, which is sent to client, to be verified, checking does not pass through, and client interrupts two-way authentication establishment of connection, and checking is logical
Cross, server sends two-way authentication connection request to client, perform step S1.
Further, server info is specifically included in step S1:Server public key certificate, server signature original text kimonos
Business device signature result;
Server info is sent to client before being verified, in addition to:Server passes through generating random number interface
Random number is produced as server signature original text, server signature original text is made an abstract after computing by digest interface, to summary
Operation result sign obtaining server signature result.
Yet further, server info is sent to client and verified by server, is specifically included:Client validation
Whether server certificate public key is legal;Whether client validation server signature result is correct.
Further, whether client validation server certificate public key is legal, specifically includes:Client validation server
Whether public key certificate is expired, and whether the CA of client validation issuance server certificate is reliable, client validation publisher certificate
Whether can public key correctly untie domain name in the digital signature of the publisher of server certificate, client validation server certificate
Match with the actual domain name of server;
Whether client validation server signature result is correct, specifically includes:Client is carried out to server signature original text
Summary computing, is verified using server certificate to server signature result.
Specifically, also include before step S4:Client reads intelligent cipher key equipment sequence number, server authentication user letter
Whether breath and intelligent cipher key equipment sequence number match, and are to log in internet banking system success, perform step S4, otherwise log in Net silver system
System failure.
Specifically, in step S5 and step S6, client signature result is returned after client, in addition to:Client will
Client signature original text, client signature result and client certificate are sent to server.
Specifically, server is received after the information of client transmission, in addition to:Client signature original text is carried out once
Make a summary computing, and according to user profile and certificate information, compare current certificates whether be this user binding certificate, if not
It is, Fail Transaction;If it is, server carries out summary computing to signature original text and verifies whether signature succeeds, it is to transfer accounts
Merchandise successfully, otherwise money transfer transactions fail.
Specifically, according to the determined property client certificate type of the certificate retrieved, it is specially:Intelligent cipher key equipment root
Judge client certificate type according to the key value of certificate.
On the other hand, a kind of bidirectional authentication of smart secret key equipment and the device of transaction, device include:
First receiving module, the request of the acquisition client certificate sent for the reception server;
Loopback module, for when the first receiving module receive server transmission acquisition client certificate request when,
Client certificate list built in loopback, client certificate list is indexed including certificate;
Second receiving module, for receiving the request signed using client certificate;
Module is retrieved, for when the second receiving module receives the request signed using client certificate, according to request
In the certificate indexed search certificate that includes;
First judge module, for the determined property client certificate type of the certificate retrieved according to retrieval module;
Computing module, for when the first judge module judges client certificate type for the certificate of two-way authentication, to visitor
Family end signature original text is made a summary and signed computing;It is additionally operable to after display module shows Transaction Information, after user key-press confirms,
Client signature original text is made a summary and signed computing;
Sending module, the client signature result for computing module to be obtained is sent to client;
3rd receiving module, for when the first judge module judges client certificate type for the certificate of transaction, receiving
Client signature original text and judge to ask that client is sent;
Second judge module, client signature original text and judgement for receiving client transmission when the 3rd receiving module
During request, judge whether client signature original text meets message specification;
Parsing module, for when the second judge module judges that client signature original text meets message specification, parsing client
End signature original text;It is additionally operable to when the 4th receiving module receives the signature request of client transmission, parsing client signature is former
Text;
Display module, for showing Transaction Information;
4th receiving module, for when the second judge module judges that client signature original text does not meet message specification, connecing
Receive the signature request that client is sent.
Specifically, device also includes:5th receiving module, authentication module, return module and the 6th receiving module;
5th receiving module, password and checking request for receiving client transmission;
Authentication module, for when the 5th receiving module receives password and the checking request that client is sent, verifying close
Whether code is correct;
Module is returned to, for when authentication module verifies code error, error message to be returned to client;Work as authentication module
When verifying that password is correct, correct information is returned to client;
6th receiving module, for when authentication module checking password is correct, waiting the client for receiving server transmission
Hold certificate.
Preferably, device also includes:3rd judge module;
3rd judge module, it is whether locked for judgment means itself;
Authentication module, is additionally operable to when the 3rd judge module judgment means itself are locked, whether just to open lock checking password
Really;
Module is returned, is additionally operable to when the 3rd judge module judgment means itself are locked, error message is returned to client.
Specifically, sending module, specifically for:By client signature original text, client signature result and client certificate
Send to server.
Specifically, module is returned to be additionally operable to:When the second judge module judges that client signature original text meets message specification,
Error message is returned to client;When the second judge module judges that client signature original text does not meet message specification, to client
End returns to correct information, runs computing module.
Preferably, device also includes:7th receiving module and it is used as module;
7th receiving module, the summary result for receiving client transmission;
As module, for after the 7th receiving module receives the summary result that client is sent, summary result to be made
For client signature original text;
Parsing module, is additionally operable to parse client signature original text;
Second judge module, is additionally operable to judge whether active client signature original text meets message specification;
Module is returned, is additionally operable to when the second judge module judges that active client signature original text meets message specification, to
Client returns to error message;When the second judge module judges that active client signature original text does not meet message specification, to visitor
Family end returns to correct information;
Computing module, is additionally operable to after module is returned to client return correct information, carry out client signature original text
Summary and signature computing.
Specifically, device also includes:8th receiving module;
8th receiving module, the signature request for receiving client transmission.
Specifically, sending module, also particularly useful for:By client signature original text, client signature result and client card
Book is sent to server.
Specifically, sending module, specifically for:The symmetric encipherment algorithm that client is currently supported returns to client.
Preferably, device also includes:9th receiving module and deciphering module;
9th receiving module, the decoding request for receiving client transmission;
Deciphering module, for when the 9th receiving module receives the decoding request that client is sent, entering to encrypted result
Row decryption, and obtained AES return client will be decrypted.
Specifically, the first judge module, specifically for:Client certificate type is judged according to the key value of certificate.
The beneficial effect that the present invention is obtained is:Using the technical method of the present invention, bidirectional authentication of smart secret key equipment and friendship
Easily, the security of two-way authentication and transaction is greatly improved.
Brief description of the drawings
, below will be to embodiment or existing for the clearer explanation embodiment of the present invention or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 be the embodiment of the present invention two in provide a kind of method for realizing bidirectional authentication of smart secret key equipment;
Fig. 2 be the embodiment of the present invention three in provide a kind of method for realizing bidirectional authentication of smart secret key equipment;
Fig. 3 be the embodiment of the present invention four in provide it is a kind of realize intelligent cipher key equipment transaction method;
Fig. 4 be the embodiment of the present invention seven in provide it is a kind of realize bidirectional authentication of smart secret key equipment and transaction device.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Embodiment one
A kind of method for realizing bidirectional authentication of smart secret key equipment and transaction is present embodiments provided, this method includes:
Step S1:When receiving the request of acquisition client certificate of server transmission, in intelligent cipher key equipment loopback
The client certificate list put, client certificate list is indexed including certificate;
Step S2:When receiving the request signed using client certificate, intelligent cipher key equipment is included according in request
Certificate indexed search certificate, according to the determined property client certificate type of the certificate retrieved, if two-way authentication
Certificate, performs step S3;If the certificate of transaction, then step S4 is performed;
Step S3:Intelligent cipher key equipment is made a summary and signed to client signature original text computing, and by client signature
As a result client is returned, is terminated;
Step S4:When the client signature original text and judgement request for receiving client transmission, intelligent cipher key equipment is sentenced
Whether disconnected client signature original text meets message specification, is then to perform step S5;Otherwise step S6 is performed;
Step S5:Intelligent cipher key equipment parses client signature original text and shows Transaction Information, right after user key-press confirms
Client signature original text is made a summary and signed computing, and client signature result is returned into client, is terminated;
Step S6:After intelligent cipher key equipment receives the signature request of client transmission, client signature original text is parsed,
Client signature original text is made a summary and signed computing, and signature result is returned into client, terminated.
Specifically, in step S1, after judging client certificate type, in addition to:When receive client transmission it is close
When code and checking request, whether intelligent cipher key equipment checking password is correct, if mistake, returns to error message to client, such as
Fruit is correct, is returned to client after correct information, waits the client certificate for receiving server transmission.
Specifically, before intelligent cipher key equipment returns to error message to client, in addition to:Intelligent cipher key equipment judges certainly
Whether body is locked, is then to open lock, performs intelligent cipher key equipment and verifies whether password is correct, otherwise returns to mistake letter to client
Breath.
Specifically, when client signature result being returned into client in step S3, in addition to:Client signature is former
Text, client signature result and client certificate are sent to server;
Server receives client signature original text, client signature result and the client certificate of client transmission, adjusts
Computing of once making a summary is done to client signature result with summary computing interface.
Further, server receives client signature original text, client signature result and the client of client transmission
After certificate, in addition to:Whether server is correct using client certificate verification client signature result;Server authentication client
Hold certificate whether legal.
Preferably, also include before step S3:When the client signature original text and judgement that receive client transmission are asked
When, intelligent cipher key equipment parsing client signature original text simultaneously judge whether client signature original text meets message specification, be then to
Client returns to error message, otherwise returns to correct information to client, performs step S3.
Further, before step S3, in addition to:Client call makes a summary computing interface to the progress of client signature original text
Summary computing, and summary result is sent to intelligent cipher key equipment;
Intelligent cipher key equipment is received after the summary result of client transmission, former using summary result as client signature
Text, parsing active client signature original text simultaneously judges whether active client signature original text meets message specification, is then to client
End returns to error message, otherwise returns to correct information to client, performs step S3.
Closer, when client signature result being returned into client in step S3, in addition to:Client signature is former
Text, client signature result and client certificate are sent to server;
Server receives active client signature original text, client signature result and the client card of client transmission
Book, calls summary computing interface to do computing of making a summary twice to client signature result.
Specifically, in step S3, when client signature result is returned into client, in addition to:Client is currently supported
Symmetric encipherment algorithm return client.
Specifically, client signature result is returned after client in step S3, in addition to:Server selects client branch
The AES that the security highest symmetric encipherment algorithm held communicates as two-way authentication, and use client certificate public key pair
This AES is encrypted, and encrypted result is sent into client.
Specifically, when receiving the decoding request of client transmission, encrypted result is decrypted intelligent cipher key equipment,
And obtained AES return client will be decrypted.
Further, by decrypted result return client after, in addition to:Client passes through production according to AES
Random number interface produces a random number and is sent to server as communication key, and using server certificate public key encryption, services
Device is received after the encrypted result of client transmission, is decrypted by decryption interface using server certificate private key, and acquisition is two-way to be recognized
Demonstrate,prove the communication key of encryption.
Specifically, also include before step S1:User end to server sends two-way authentication connection request, and server will take
Business device information, which is sent to client, to be verified, checking does not pass through, and client interrupts two-way authentication establishment of connection, and checking is logical
Cross, server sends two-way authentication connection request to client, perform step S1.
Further, server info is specifically included in step S1:Server public key certificate, server signature original text kimonos
Business device signature result;
Server info is sent to client before being verified, in addition to:Server passes through generating random number interface
Random number is produced as server signature original text, server signature original text is made an abstract after computing by digest interface, to summary
Operation result sign obtaining server signature result.
Yet further, server info is sent to client and verified by server, is specifically included:Client validation
Whether server certificate public key is legal;Whether client validation server signature result is correct.
Further, whether client validation server certificate public key is legal, specifically includes:Client validation server
Whether public key certificate is expired, and whether the CA of client validation issuance server certificate is reliable, client validation publisher certificate
Whether can public key correctly untie domain name in the digital signature of the publisher of server certificate, client validation server certificate
Match with the actual domain name of server;
Whether client validation server signature result is correct, specifically includes:Client is carried out to server signature original text
Summary computing, is verified using server certificate to server signature result.
Specifically, also include before step S4:Client reads intelligent cipher key equipment sequence number, server authentication user letter
Whether breath and intelligent cipher key equipment sequence number match, and are to log in internet banking system success, perform step S4, otherwise log in Net silver system
System failure.
Specifically, in step S5 and step S6, client signature result is returned after client, in addition to:Client will
Client signature original text, client signature result and client certificate are sent to server.
Specifically, server is received after the information of client transmission, in addition to:Client signature original text is carried out once
Make a summary computing, and according to user profile and certificate information, compare current certificates whether be this user binding certificate, if not
It is, Fail Transaction;If it is, server carries out summary computing to signature original text and verifies whether signature succeeds, it is to transfer accounts
Merchandise successfully, otherwise money transfer transactions fail.
Specifically, according to the determined property client certificate type of the certificate retrieved, it is specially:Intelligent cipher key equipment root
Judge client certificate type according to the key value of certificate.
Embodiment two
The present embodiment two provides a kind of method for realizing bidirectional authentication of smart secret key equipment, as shown in figure 1, including:
Step 101:Client installs intelligent cipher key equipment middleware and in Net silver diploma system download signed certificate;
In the present embodiment, intelligent cipher key equipment middleware be it is installed in PC ends, can be by the interface and intelligence of this software
The software that energy key devices are interacted.Intelligent cipher key equipment can show pertinent transaction information, and it defines first in design
It is secondary directly the summary result outside intelligent cipher key equipment to be signed when being signed with signature algorithm, download signed certificate
After end, the summary result no longer obtained when signature algorithm is signed to the intelligent cipher key equipment outside summary computing realized by software
Inside signature, all necessary incoming intelligent cipher key equipments of signature original texts, made an abstract, then signed again by intelligent cipher key equipment hardware
Name, prevents this intelligent cipher key equipment from being used as other USBKEY.
Step 102:Client sends two-way authentication connection request by network to server;
It should be noted that the server in the present embodiment refers in particular to two-way authentication (SSL) server.
In the present embodiment, the two-way authentication connection request that client is sent includes the version number of bidirectional identification protocol, visitor
Required information is communicated between the species for the AES that family end is supported and other server and client sides.
Step 103:Server is received after the request of client, generates server signature original text, and former to server signature
After text is signed, server public key certificate, server signature original text and server signature result are issued client by server;
Specifically, in the present embodiment, server is used as signature original text by generating random number interface generation random number, leads to
Digest interface is crossed to make an abstract to random number (hash) computing, then to summary (hash) result signature after, server public key is demonstrate,proved
Book, server signature original text and server signature result issue client.
In addition, server also transfers the version number of bidirectional identification protocol, the encryption that server is supported to client
The species of algorithm and other relevant informations.
For example, signature original text is 123456, the result after the second preset algorithm is summary computing is:
FEqNCco3Yq9h5ZUglD3CZJT4lBs=, by the first preset algorithm be signature after result be:
MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBbwwg
gW4MIIEoKADAgECAgo24tUMAAAAAZkuMA0GCSqGSIb3DQEBBQUAMDgxEzARBgoJkiaJk/IsZ。
Step 104:Whether client validation server public key certificate is legal, if it is performs step 105, otherwise interrupts
Two-way authentication establishment of connection;
In the present embodiment, client using server be transmitted through come information authentication service device public key certificate legitimacy.
Wherein, the legitimacy of authentication server public key certificate is specifically included:Judge whether server public key certificate is expired, judge distribution clothes
Whether the CA of business device certificate is reliable, and can judge the public key of publisher's certificate correctly untie the publisher of server public key certificate
Digital signature, judges whether the domain name on server public key certificate matches with the actual domain name of server, is to be when judging
When then server public key certificate it is legal, otherwise server public key certificate is illegal.
Specifically, when issuing server certificate or client certificate, the certificate being awarded is signed by CA root certificates.Pass through root
Certificate or certificate chain, it may be verified that server certificate and the legitimacy of client certificate, reach the purpose of checking certificate legitimacy.
Step 105:Client is carried out using server public key certificate and server signature original text to server signature result
Checking, is verified then execution step 106, verifies not by then interrupting two-way authentication establishment of connection;
Specifically, in the present embodiment, client carries out summary computing to signature original text, then calls checking signer
Method, summary result, are verified using server public key to signature result, wherein, signature result can call customized interface
Verified.
Step 106:Server sends two-way authentication connection request to client;
In the present embodiment, the two-way authentication connection request that server is sent by network to client, including:It is two-way to recognize
Required information is communicated between version number, the species of AES and other server and client sides for demonstrate,proving agreement.
Step 107:Intelligent cipher key equipment verifies Pin codes, and checking does not pass through, then interrupts two-way authentication establishment of connection, test
Card is by then performing step 108;
Specifically, in the present embodiment, user client input login password after, client by login password send to
Whether intelligent cipher key equipment, intelligent cipher key equipment goes this password of comparison identical with itself default password, if identical, verifies
Pass through, perform step 108, otherwise interrupt two-way authentication establishment of connection.
More specifically, in the present embodiment, verifying the Pin codes of intelligent cipher key equipment, after Pin codes are verified, signature connects
Eloquence can be signed, if checking does not pass through, need to be judged whether intelligent cipher key equipment is locked, is, exits, otherwise be continued to test
Whether correct demonstrate,prove Pin codes.
It should be noted that also including before step 108 is performed:The server original text that will sign is sent to intelligent key and set
Standby, after intelligent cipher key equipment is received, parsing signature original text judges whether signature original text meets message specification, is to report an error, terminates
Two-way authentication, otherwise performs step 108.Because signature original text is random number, original text of being signed in two-way authentication is not met
Message specification, i.e., press " confirmation " key, not display information without using intelligent cipher key equipment, only need to verify password.
Step 108:Client is received after the connection request of server transmission, client generation signature original text, and passes through intelligence
Energy key devices middleware interface finds the client certificate in intelligent cipher key equipment, and signature interface is passed through using client certificate
Signature original text is made a summary and signed computing;
Specifically, in the present embodiment, client is received after server request, and client can first produce random number as label
Name original text, client by sign original text be sent to after intelligent cipher key equipment, client call signature interface and send call signature
The request of interface carries out summary computing and signature computing to random number to intelligent cipher key equipment, intelligent cipher key equipment.
Generally, client certificate is called to do before signature computing by software interface, summary computing interface is only included
Digest instructions, signature interface only includes signature command, but in the present embodiment, signature interface had not only included digest instructions but also comprising label
Summary and signature computing are successively realized in name instruction, i.e. signature interface.
It should be noted that in the present embodiment, signature computing is carried out with the close algorithm SM2 of state, SM3 carries out summary fortune
Calculate.
In the present embodiment, the signature interface called is SKF_ECCSignData, and interface SKF_ECCSignData is only done
Signature, but in order to avoid this intelligent cipher key equipment is used as other USBKEY, in the present embodiment, interface SKF_
ECCSignData both made an abstract, and signed again.Before interface signature, it is necessary to first make an abstract, general summary computing has corresponding interface real
It is existing, generate the data of regular length.
For example, signature original text is 123456, the result after the second preset algorithm is summary computing is:
FEqNCco3Yq9h5ZUglD3CZJT4lBs=, by the first preset algorithm be signature after result be:
MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBbwwg
gW4MIIEoKADAgECAgo24tUMAAAAAZkuMA0GCSqGSIb3DQEBBQUAMDgxEzARBgoJkiaJk/IsZ。
Step 109:Signature terminate after, client by client signature original text, client signature result, client certificate and
The symmetric encipherment algorithm currently supported is sent to server;
In the present embodiment, which symmetric encipherment algorithm notification server supports to client, determines which is used in server
Plant after AES, AES used can be sent to client.
Step 110:Server is once made a summary computing to client signature original text;
For example, the result after summary is fEqNCco3Yq9h5ZUglD3CZJT4lBs=.
Step 111:Whether server is correct using client certificate verification client signature result, is to perform step
112, otherwise interrupt two-way authentication establishment of connection;
In the present embodiment, verify when signature result, it is necessary to first be made an abstract to signature original text, then verify signature result
It is whether correct.Specifically, first call verify interfaces to signature original text make an abstract after, to signature result verify.
, it is necessary to first be made an abstract to signature original text when checking signature, then verify.It is also to dislike to signature original text when signature
Take, then sign.Make an abstract, be the data for generating regular length.
Step 112:Whether server authentication client certificate is legal, is verified, and server preserves client card temporarily
Book, continues executing with step 113, verifies not by interrupting two-way authentication establishment of connection;
In the present embodiment, whether server authentication client certificate is legal specifically includes:Judge that the certificate of client is used
Whether the date is effective, is judged as whether the CA of client's offer certificate is reliable, can judge distribution CA public key correctly untie client
Whether the distribution CA of certificate digital signature, check the certificate of client in certification revocation list (CRL).
Step 113:The security highest symmetric encipherment algorithm that server selection client is supported is logical as two-way authentication
The AES of letter, and this AES is encrypted with client certificate public key, and encrypted result is sent to client;
In the present embodiment, server encrypts interface by server end, and this encryption is calculated using client certificate public key
Method is encrypted, after the complete client certificate of server authentication, and the AES of support is sent to server by client.
Step 114:Client is received after encrypted result, is decrypted using client certificate private key, according to server about
Fixed AES, a random number is produced by producing random number interface, as communication key, and using server public key to logical
Letter key is encrypted, and encrypted result is sent into server;
In the present embodiment, the encrypted result that client is received, is the public affairs using correspondence certificate in intelligent cipher key equipment
What key was encrypted, use the corresponding private key of same public key, you can decryption ciphertext, the data before being encrypted, and client is logical
Cross decryption interface, be decrypted using encrypted certificate private key.
Step 115:Server receives the encrypted result that client is sent, and is decrypted using privacy key, and acquisition is two-way to be recognized
The communication key of encryption is demonstrate,proved, duplex channel is set up, and is terminated.
Specifically, the encrypted result that server is received is produced using the public key encryption of server certificate, using same
The corresponding private key of server certificate, you can decryption ciphertext, obtains the data before secret.
In the present embodiment, server is obtained after the communication key of two-way authentication encryption, and server, client are following
Communication, all using the symmetric encipherment algorithm and symmetric key encryption appointed, two-way authentication Path Setup success.
Embodiment three
The present embodiment provides a kind of method for realizing bidirectional authentication of smart secret key equipment, as shown in Fig. 2 including:
Step 201:Client installs intelligent cipher key equipment middleware and in Net silver diploma system download signed certificate;
In the present embodiment, intelligent cipher key equipment middleware be it is installed in PC ends, can be by the interface and intelligence of this software
The software that energy key devices are interacted.Intelligent cipher key equipment can show pertinent transaction information, and it defines first in design
It is secondary directly the summary result outside intelligent cipher key equipment to be signed when being signed with signature algorithm, download signed certificate
After end, the summary result no longer obtained when signature algorithm is signed to the intelligent cipher key equipment outside summary computing realized by software
Inside signature, all necessary incoming intelligent cipher key equipments of signature original texts, made an abstract, then signed again by intelligent cipher key equipment hardware
Name, prevents this intelligent cipher key equipment from being used as other USBKEY.
Step 202:Client sends two-way authentication connection request by network to server;
It should be noted that the server in the present embodiment refers in particular to two-way authentication (SSL) server.
In the present embodiment, the two-way authentication connection request that client is sent includes the version number of bidirectional identification protocol, added
Required information is communicated between the species of close algorithm and other server and client sides.
Step 203:Server is received after the request of client, generation signature original text, and to signature original text sign after,
Server public key certificate, server signature original text and server signature result are issued client by server;
Specifically, in the present embodiment, server is used as signature original text by generating random number interface generation random number, leads to
Digest interface is crossed to make an abstract to random number (hash) computing, then to summary (hash) result signature after, server public key is demonstrate,proved
Book, server signature original text, server signature result issue client.
In addition, server also transfers the version number of bidirectional identification protocol, the encryption that server is supported to client
The species of algorithm and other relevant informations.
For example, signature original text is 123456, the result after the second preset algorithm is summary computing is:
FEqNCco3Yq9h5ZUglD3CZJT4lBs=, by the first preset algorithm be signature after result be:
MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBbwwg
gW4MIIEoKADAgECAgo24tUMAAAAAZkuMA0GCSqGSIb3DQEBBQUAMDgxEzARBgoJkiaJk/IsZ。
Step 204:Whether client validation server public key certificate is legal, if it is performs step 205, otherwise interrupts
Two-way authentication establishment of connection;
In the present embodiment, client using server be transmitted through come information authentication service device public key certificate legitimacy.
Wherein, the legitimacy of authentication server public key certificate is specifically included:Judge whether server public key certificate is expired, judge distribution clothes
Whether the CA of business device certificate is reliable, and can judge the public key of publisher's certificate correctly untie the publisher of server public key certificate
Digital signature, judges whether the domain name on server public key certificate matches with the actual domain name of server.
Specifically, when issuing server certificate or client certificate, the certificate being awarded is signed by CA root certificates.Pass through root
Certificate or certificate chain, it may be verified that server certificate and the legitimacy of client certificate, reach checking certificate purpose trusty.
Step 205:Client is carried out using server public key certificate and server signature original text to server signature result
Checking, is verified then execution step 206, and checking does not interrupt two-way authentication establishment of connection by then client;
Specifically, in the present embodiment, client carries out summary computing by digest algorithm to signature original text, then calls
Endorsement method, summary result are verified, signature result is verified using server public key.
Step 206:Server sends two-way authentication connection request to client;
In the present embodiment, the two-way authentication connection request that server is sent by network to client, including:It is two-way to recognize
Required information is communicated between version number, the species of AES and other server and client sides for demonstrate,proving agreement.
Step 207:Intelligent cipher key equipment verifies Pin codes, and checking does not pass through, then interrupts two-way authentication establishment of connection, test
Card is by then performing step 208;
Specifically, in the present embodiment, user client input login password after, client by login password send to
Whether intelligent cipher key equipment, intelligent cipher key equipment goes this password of comparison identical with itself default password, if identical, verifies
Pass through, perform step 208, otherwise interrupt two-way authentication establishment of connection.
More specifically, in the present embodiment, verifying the Pin codes of intelligent cipher key equipment, after Pin codes are verified, signature connects
Eloquence can be signed, if checking does not pass through, need to be judged whether intelligent cipher key equipment is locked, is, exits, otherwise be continued to test
Whether correct demonstrate,prove Pin codes.
It should be noted that also including before step 208 is performed:The server original text that will sign is sent to intelligent key and set
Standby, after intelligent cipher key equipment is received, parsing signature original text judges whether signature original text meets message specification, is to report an error, terminates
Two-way authentication, otherwise performs step 208.Because signature original text is random number, original text of being signed in two-way authentication is not met
Message specification, i.e., press " confirmation " key, not display information without using intelligent cipher key equipment, only need to verify password.
Step 208:Client is received after server request, client generation signature original text, and passes through intelligent cipher key equipment
Middleware finds the client certificate in intelligent cipher key equipment, calls summary computing interface to carry out summary computing to signature original text;
Specifically, in the present embodiment, client is received after server request, and client can first produce random number as label
Name original text, then by computing interface of making a summary, carries out summary computing, generation is solid in the outside of intelligent cipher key equipment to signature original text
The data of measured length.
It should be noted that in the present embodiment, signature computing is carried out with the close algorithm SM2 of state, SM3 carries out summary fortune
Calculate.
In the present embodiment, the interface called is SKF_DigestInit and SKF_Digest,
SKF_DigestInit interfaces carry out summary initialization, and SKF_Digest interfaces carry out summary computing, two interfaces
It is combined, realizes summary computing.
For example, signature original text is 123456, the result after the second preset algorithm is summary computing is:
FEqNCco3Yq9h5ZUglD3CZJT4lBs=.
In the present embodiment, called by software interface before client certificate signs, summary computing interface is only comprising plucking
Instruct, signature interface only includes signature command, but in the present embodiment, signature interface includes digest instructions, and includes label
Summary and signature computing are successively realized in name instruction, i.e. signature interface.In the present embodiment, the signature interface called is SKF_
ECCSignData, interface SKF_ECCSignData only signs, but in order to avoid this intelligent cipher key equipment is as other
USBKEY is used, in the present embodiment, and interface SKF_ECCSignData both made an abstract, and signed again.Before interface signature, it is necessary to
First make an abstract, general summary computing has corresponding interface realization, generates the data of regular length.
For example, signature original text is 123456, the result after the second preset algorithm is summary computing is:8gkHg+
VRPaWJMzsFDH3RIYK6Ffg=, by the first preset algorithm be signature after result be:
MIIG3gYJKoZIhvcNAQcCoIIGzzCCBssCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCBbwwg
gW4MIIEoKADAgECAgo24tUMAAAAAZkuMA0GCSqGSIb3DQEBBQUAMDgxEzARBgoJkiaJk/IsZ。
Step 209:Signature terminate after, client by client signature original text, client signature result, client certificate and
The symmetric encipherment algorithm currently supported is sent to server;
In the present embodiment, which symmetric encipherment algorithm notification server supports to client, determines which is used in server
Plant after AES, algorithm used can be sent to client.
Step 210:Server is made a summary computing twice to client signature original text;
For example, the result after making a summary for the first time is:FEqNCco3Yq9h5ZUglD3CZJT4lBs=, after second is made a summary
Result be:8gkHg+VRPaWJMzsFDH3RIYK6Ffg=.
Step 211:Whether server is correct using client certificate verification client signature result, is to perform step
212, otherwise interrupt two-way authentication establishment of connection;
In the present embodiment, verify when signature result, it is necessary to first be made an abstract to signature original text, then verify signature result
It is whether correct.Specifically, first call verify interfaces to signature original text make an abstract after, to signature result verify.
, it is necessary to first be made an abstract to signature original text when checking signature, then verify.It is also first to signature original text when signature
Make an abstract, then sign.Make an abstract, be the data for generating regular length.
Step 212:Whether server authentication client certificate is legal, is verified, and server preserves client card temporarily
Book, continues executing with step 213, and checking does not interrupt two-way authentication establishment of connection by then server;
In the present embodiment, whether the public key certificate of server authentication client is legal specifically includes:Judge the card of client
Whether book use date is effective, is judged as whether the CA of client's offer certificate is reliable, can judge distribution CA public key correctly solve
The distribution CA of customer's certificate digital signature is opened, checks the certificate of client whether in certification revocation list (CRL).
Step 213:The security highest symmetric cryptography that server selection client is supported calculates hair method and is used as two-way authentication
The AES of communication, and after this AES is encrypted with client certificate, encrypted result is sent to client;
In the present embodiment, server encrypts interface by server end, and this AES is entered using client certificate
Row encryption, after the complete client certificate of server authentication, the AES of support is sent to server by client.
Step 214:Client is received after encrypted result, is decrypted using client certificate private key, according to server about
Fixed symmetric encipherment algorithm, produces a random number by producing random number interface, as communication key, and uses server public key
Encryption is sent to server;
In the present embodiment, the encrypted result that client is received, is the public affairs using correspondence certificate in intelligent cipher key equipment
What key was encrypted, use the corresponding private key of same public key, you can decryption ciphertext, the data before being encrypted, and client is logical
Cross decryption interface, be decrypted using encrypted certificate private key.
Step 215:Server receives the encrypted result that client is sent, and is decrypted using privacy key, and acquisition is two-way to be recognized
The communication key of encryption is demonstrate,proved, duplex channel is set up, and is terminated.
Specifically, the encrypted result that server is received is produced using the public key encryption of server certificate, using same
The corresponding private key of server certificate, you can decryption ciphertext, obtains the data before secret.
In the present embodiment, server is obtained after the communication key of two-way authentication encryption, and server, client are following
Communication, all using the symmetric encipherment algorithm and symmetric key encryption appointed, two-way authentication Path Setup success.
Example IV
A kind of method for realizing intelligent cipher key equipment transaction is present embodiments provided, as shown in figure 3, including:
Step 301:Net silver sales counter installs intelligent cipher key equipment middleware and in Net silver diploma system download signed certificate;
Step 302:Net silver sales counter is bound by intelligent cipher key equipment sequence number, certificate information and user's Net silver account, into
Work(is opened an account;
In the present embodiment, certificate information is certificate serial number, validity period of certificate etc.;User's Net silver account is Net silver account
Number, such as identification card number or bank's card number etc..
For example, intelligent cipher key equipment Serial No. 100000001, certificate serial number is ABC000001, bank's card number is:
6201 2345 6789 0123。
What deserves to be explained is, user account, intelligent cipher key equipment sequence number and certificate serial number are corresponded.Specifying use
On the premise of name in an account book, it is necessary to hold corresponding intelligent cipher key equipment and corresponding certificate, network bank business can be just carried out.
Step 303:When User logs in internet banking system, client reads intelligent cipher key equipment sequence number, server authentication
Whether user name, password and intelligent cipher key equipment sequence number match, and are to log in internet banking system success, perform step 304, otherwise
Log in internet banking system failure;
In the present embodiment, perform this step before, in addition it is also necessary to user insert intelligent cipher key equipment and input user name,
Password.
It should be noted that the server in the present embodiment refers in particular to ebanking server.
Step 304:Intelligent cipher key equipment receives the signature original text that server is transmitted, and judges whether signature original text meets report
Literary specification, is then to perform step 305, otherwise performs step 308;
In the present embodiment, signature original text is the Transaction Information transferred accounts.
If for example, signature original text is:
“<Xml version=" 1.0 " encoding=" UTF-8 "><T><D><M><k>
Payee's name:</k><v>Zhang San</v></M><M><k>
Payee's account number:</k><v>955823609076818</v></M><M><k>
The amount of money:</k><v>123.23</v></M></D><E><M><k>
Serial number:</k><v>12345678</v></M></E></T>", then meet message specification;
If signature original text is:" payee's name:Zhang San payee's account number:955823609076818 amount of money:123.23 stream
Water number:12345678 ", then do not meet message specification.
Step 305:Intelligent cipher key equipment verifies Pin codes, is verified then execution step 306, and otherwise money transfer transactions fail;
Specifically, in the present embodiment, intelligent cipher key equipment checking Pin codes are by rear, and intelligent cipher key equipment could be carried out
Ensuing work, if checking does not pass through, need to judge whether intelligent cipher key equipment is locked, is, exits, and otherwise continue to verify
Whether Pin codes are correct, if correctly, performing step 306, otherwise money transfer transactions fail.
Step 306:Intelligent cipher key equipment parses transaction message and shows Transaction Information, judges whether Transaction Information is correct,
It is then button confirmation, performs step 307, otherwise money transfer transactions fails, and exit;
Step 307:Signature original text is transmitted to intelligent cipher key equipment by client, and intelligent cipher key equipment calls signature interface, root
Signature original text is made a summary and signed computing according to transaction message specification, execution step 310;
Specifically, in the present embodiment, signature original text is transmitted to intelligent cipher key equipment by client, in intelligent cipher key equipment
Portion is carried out after summary computing to signature original text, and client finds the visitor in intelligent cipher key equipment by intelligent cipher key equipment middleware
Family end certificate, calls signature interface to be parsed according to transaction message specification to signature interface, and signed.
Step 308:Intelligent cipher key equipment verifies Pin codes, is verified then execution step 309, and otherwise money transfer transactions fail;
Specifically, in the present embodiment, intelligent cipher key equipment is verified
By rear, intelligent cipher key equipment could carry out ensuing work, if checking does not pass through, need to judge intelligent key
Whether equipment is locked, is, exits, and otherwise continues to verify whether Pin codes are correct, if correctly, performing step 309, otherwise transferring accounts
Fail Transaction.
Step 309:Signature original text is transmitted to intelligent cipher key equipment by client, and intelligence is found by intelligent cipher key equipment middleware
Client certificate that can be in key devices, calls signature interface signature original text to be made a summary and signed computing;
Step 310:Signature original text, client signature result and client certificate are sent to server by client;
Step 311:Server is once made a summary computing to the signature original text that client is sent;
Step 312:Server compares whether client certificate is card that this user binds according to user name and certificate information
Book, if it is, performing step 309, otherwise money transfer transactions fail;
In the present embodiment, server also needs to the corresponding certificate information of checking user.
Step 313:Server to signature original text carry out summary computing and verify signature whether succeed, be then money transfer transactions into
Work(, otherwise money transfer transactions failure.
Specifically, in the present embodiment, server receives client-side information, signature original text is carried out after once summary computing
Whether correct using client certificate verification signature result, money transfer transactions fail if incorrect, if correctly, server
Confirm whether the message format transferred accounts is correct, if correctly, money transfer transactions success, otherwise money transfer transactions failure.
More specifically, in the present embodiment, the transaction for meeting message format is pressed " confirmation " in intelligent cipher key equipment
Signed after key successfully, Net silver backstage can be verified;Transaction for not meeting message format, Net silver backstage may determine that
Not transfer accounts, checking signature failure.
Embodiment five
The operation that intelligent cipher key equipment carries out execution during two-way authentication is present embodiments provided, including:
Step 401:When receiving the request of acquisition client certificate of server transmission, in intelligent cipher key equipment loopback
The client certificate list put, client certificate list is indexed including certificate;
In the present embodiment, also include before step 401:User end to server sends two-way authentication connection request, clothes
Business device, which sends server info to client, to be verified, checking does not pass through, and client interrupts two-way authentication establishment of connection,
It is verified, server sends two-way authentication connection request to client, performs step 401;
Wherein, server info is specifically included:Server public key certificate, server signature original text and server signature knot
Really;
Further, server info is sent to client before being verified, in addition to:Server passes through random number
Generate interface and produce random number as server signature original text, server signature original text is made an abstract computing by digest interface
Afterwards, summary operation result sign obtaining server signature result.
Further, server info is sent to client and verified by server, is specifically included:Client validation
Whether server certificate public key is legal;Whether client validation server signature result is correct;
Yet further, whether client validation server certificate public key is legal, specifically includes:Client validation server
Whether public key certificate is expired, and whether the CA of client validation issuance server certificate is reliable, client validation publisher certificate
Whether can public key correctly untie domain name in the digital signature of the publisher of server certificate, client validation server certificate
Match with the actual domain name of server;
Whether client validation server signature result is correct, specifically includes:Client is carried out to server signature original text
Summary computing, is verified using server certificate to server signature result.
Step 402:When receiving the request signed using client certificate, intelligent cipher key equipment is according to using client
The certificate indexed search certificate included in the request of certificate signature, be according to the determined property client certificate of the certificate retrieved
The certificate of two-way authentication;
In the present embodiment, according to the determined property client certificate type of the certificate retrieved, it is specially:Intelligent key
Equipment judges client certificate type according to the key value of certificate.
For example, the key value of the certificate of two-way authentication is:5;The key value of the certificate of transaction is:4.
Step 403:When the password and checking request for receiving client transmission, whether intelligent cipher key equipment checking password
Correctly, if mistake, error message is returned to client, if correctly, correct information is returned to client;
In the present embodiment, before returning to error message to client, in addition to:Whether intelligent cipher key equipment judges itself
It is locked, it is then to open lock to verify that whether password is correct, otherwise returns to error message to client again.
Step 404:When the client signature original text and judgement request for receiving client transmission, intelligent cipher key equipment solution
Analysis client signature original text simultaneously judges whether client signature original text meets message specification, is that then institute returns to mistake letter to client
Breath, otherwise returns to correct information to client;
Step 405:When receiving the signature request of client transmission, intelligent cipher key equipment enters to client signature original text
Row summary and signature computing, and client signature result is returned into client;
In the present embodiment, in addition to client signature result is returned into client, in addition to:Client is by client label
Name original text, client signature result and client certificate are sent to server;
Specifically, server receives client signature original text, client signature result and the client of client transmission
Certificate, calls summary computing interface to do computing of once making a summary to client signature result.
Specifically, server receives client signature original text, client signature result and the client card of client transmission
After book, in addition to:Whether server is correct using client certificate verification server signature result;Server authentication client is demonstrate,proved
Whether book is legal;
In the present embodiment, when the client signature original text and judgement request for receiving client transmission, intelligent key
Equipment parses client signature original text and judges whether client signature original text meets message specification, is, institute returns to client
Error message, otherwise returns to correct information to client, performs step 405;
In addition, before step 405 is performed, can also include:Client call makes a summary computing interface to client signature
Original text carries out summary computing, and summary result is sent to intelligent cipher key equipment;Intelligent cipher key equipment receives client transmission
Summary result after, will summary result as active client sign original text, parsing active client signature original text simultaneously judge work as
Whether preceding client signature original text meets message specification, is then to return to error message to client, is otherwise returned just to client
Firmly believe breath;
More specifically, when receiving the signature request of client transmission, intelligent cipher key equipment is signed to active client
Original text is made a summary and signed computing, and client signature result is returned into client.In addition, client signature result is returned
During client, in addition to:Client signature original text, client signature result and client certificate are sent to server;
Server receives active client signature original text, client signature result and the client card of client transmission
Book, calls summary computing interface to do computing of making a summary twice to client signature result.
In the present embodiment, client signature result is returned outside client, in addition to:Pair that client is currently supported
AES is claimed to return to client.
Client signature result is returned after client, in addition to:The security highest that server selection client is supported
The AES that is communicated as two-way authentication of symmetric encipherment algorithm, and this AES is carried out using client certificate public key
Encryption, and encrypted result is sent to client.
Step 406:When receiving the decoding request of client transmission, intelligent cipher key equipment is decrypted, and will decryption
As a result client is returned.
Specifically, in the present embodiment, by decrypted result return client after, in addition to:Client is calculated according to encryption
Method, is used as communication key, and be sent to clothes using server certificate public key encryption by producing random number interface generation random number
Business device, server is received after the encrypted result of client transmission, is decrypted, obtained using server certificate private key by decryption interface
Obtain the communication key of two-way authentication encryption.
Embodiment six
The operation performed when intelligent cipher key equipment is traded is present embodiments provided, including:
Step 501:When receiving the request of acquisition client certificate of server transmission, in intelligent cipher key equipment loopback
The client certificate list put, client certificate list is indexed including certificate;
Step 502:When receiving the request signed using client certificate, intelligent cipher key equipment is according to using client
The certificate indexed search certificate included in the request of certificate signature, be according to the determined property client certificate of the certificate retrieved
The certificate of transaction;
Step 502:When the password and checking request for receiving client transmission, whether intelligent cipher key equipment checking password
Correctly, if mistake, error message is returned to client, if correctly, correct information is returned to client, step S5 is performed;
Step 503:When the client signature original text and judgement request for receiving client transmission, intelligent cipher key equipment is sentenced
It is disconnected whether to meet message specification, it is that then institute returns to error message to client, performs step 504;Otherwise returned just to client
Breath is firmly believed, step 505 is performed;
In the present embodiment, before receiving the client signature original text of client transmission and judging request, in addition to:
Client reads intelligent cipher key equipment sequence number, and whether server authentication user profile and intelligent cipher key equipment sequence number match,
It is to log in success, performs step 503, otherwise login failure.
Step 504:Intelligent cipher key equipment parses client signature original text and shows Transaction Information, after user key-press confirms,
After the signature request that client to be received is sent, computing that client signature original text is made a summary and signed, and by client label
Name result returns to client;
In the present embodiment, client signature result is returned after client, in addition to:Client is former by client signature
Text, client signature result and client certificate are sent to server.
Specifically, server is received after the information of client transmission, and summary is carried out once to client signature original text and is transported
Calculate, and according to user profile and certificate information, compare whether current certificates are the certificate of this user binding, if it is not, merchandising
Failure;If it is, server to signature original text carry out summary computing and verify signature whether succeed, be then money transfer transactions into
Work(, otherwise money transfer transactions failure.
Step 505:Intelligent cipher key equipment is parsed after client signature original text, the signature request that client to be received is sent,
Client signature original text is made a summary and signed computing, and signature result is returned into client.
In the present embodiment, client signature result is returned after client, in addition to:Client is former by client signature
Text, client signature result and client certificate are sent to server.
Specifically, server is received after the information of client transmission, and summary is carried out once to client signature original text and is transported
Calculate, and according to user profile and certificate information, compare whether current certificates are the certificate of this user binding, if it is not, merchandising
Failure;If it is, server to signature original text carry out summary computing and verify signature whether succeed, be then money transfer transactions into
Work(, otherwise money transfer transactions failure.
Embodiment seven
A kind of device for realizing bidirectional authentication of smart secret key equipment and transaction is present embodiments provided, as shown in figure 4, bag
Include:
First receiving module 601, the request of the acquisition client certificate sent for the reception server;
Loopback module 602, for receiving asking for the acquisition client certificate that server is sent when the first receiving module 601
When asking, the client certificate list built in loopback, client certificate list is indexed including certificate;
Second receiving module 603, for receiving the request signed using client certificate;
Module 604 is retrieved, for being received when the second receiving module 603 during the request using client certificate signature, root
According to the certificate indexed search certificate included in the request signed using client certificate;
First judge module 605, for when retrieval module 604 retrieves certificate, according to the attribute of the certificate retrieved
Judge client certificate type;
Computing module 606, for judging certificate of the client certificate type for two-way authentication when the first judge module 605
When, computing that client signature original text is made a summary and signed, and client signature result is returned into client;It is additionally operable to when aobvious
Show that module 611 is shown after Transaction Information, after user key-press confirms, computing that client signature original text is made a summary and signed, and
Client signature result is returned into client;
Sending module 607, the client signature result for computing module 606 to be obtained is sent to client;
3rd receiving module 608, for judging certificate of the client certificate type for transaction when the first judge module 605
When, receive client signature original text and judgement request that client is sent;
Second judge module 609, the client signature original text for receiving client transmission when the 3rd receiving module 608
During with judging request, judge whether client signature original text meets message specification;
Parsing module 610, for when the second judge module 609 judges that client signature original text meets message specification, going back
For when the 4th receiving module 612 receives the signature request that client is sent, parsing client signature original text;
Display module 611, for showing Transaction Information;
4th receiving module 612, for judging that client signature original text does not meet message specification when the second judge module 609
When, receive the signature request that client is sent.
In the present embodiment, device also includes:5th receiving module, authentication module, return module and the 6th receiving module;
5th receiving module, password and checking request for receiving client transmission;
Authentication module, for when the 5th receiving module receives password and the checking request that client is sent, verifying close
Whether code is correct;
Module is returned to, for when authentication module verifies code error, error message to be returned to client;Work as authentication module
When verifying that password is correct, correct information is returned to client;
6th receiving module, for when authentication module checking password is correct, waiting the client for receiving server transmission
Hold certificate.
In the present embodiment, device also includes:3rd judge module;
3rd judge module, it is whether locked for judgment means itself;
Authentication module, is additionally operable to when the 3rd judge module judgment means itself are locked, and opening lock, checking password is again
It is no correct;
Module is returned, is additionally operable to when the 3rd judge module judgment means itself are locked, error message is returned to client.
Specifically, sending module 607, specifically for:By client signature original text, client signature result and client card
Book is sent to server.
Specifically, return mechanism is additionally operable to:When the second judge module 609 judges that client signature original text meets message specification
When, return to error message to client;When the second judge module 609 judges that client signature original text does not meet message specification,
Correct information is returned to client, computing module 606 is run.
Further, device also includes:7th receiving module and it is used as module;
7th receiving module, the summary result for receiving client transmission;
As module, for after the 7th receiving module receives the summary result that client is sent, summary result to be made
For active client signature original text;
Parsing module 610, is additionally operable to parsing parsing active client signature original text;
Second judge module 609, is additionally operable to judge whether active client signature original text meets message specification;
Module is returned, is additionally operable to when the second judge module 609 judges that active client signature original text meets message specification,
Error message is returned to client;When the second judge module 609 judges that active client signature original text does not meet message specification,
Correct information is returned to client.
Further, device also includes:8th receiving module;
8th receiving module, the signature request for receiving client transmission.
Specifically, sending module 607, specifically for:By client signature original text, client signature result and client card
Book is sent to server.
More specifically, sending module 607, specifically for:The symmetric encipherment algorithm that client is currently supported returns described
Client.
Yet further, device also includes:9th receiving module and deciphering module;
9th receiving module, the decoding request for receiving client transmission;
Deciphering module, for when the 9th receiving module receives the decoding request that client is sent, entering to encrypted result
Row decryption, and obtained AES return client will be decrypted.
Specifically, in the present embodiment, the first judge module 605, specifically for:Client is judged according to the key value of certificate
Hold certificate type.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art is in technical scope disclosed by the invention, the change or replacement that can be readily occurred in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (31)
1. a kind of method for realizing bidirectional authentication of smart secret key equipment and transaction, it is characterised in that methods described includes:
Step S1:When receiving the request of acquisition client certificate of server transmission, built in intelligent cipher key equipment loopback
Client certificate list, the client certificate list is indexed including certificate;
Step S2:When receiving the request signed using client certificate, the intelligent cipher key equipment is according in the request
Comprising certificate indexed search certificate, the client certificate type according to the determined property of the certificate retrieved, if double
To the certificate of certification, step S3 is performed;If the certificate of transaction, then step S4 is performed;
Step S3:The intelligent cipher key equipment is made a summary and signed to client signature original text computing, and by client signature
As a result the client is returned, is terminated;
Step S4:When the client signature original text and judgement request for receiving client transmission, the intelligent cipher key equipment is sentenced
Whether disconnected client signature original text meets message specification, is then to perform step S5;Otherwise step S6 is performed;
Step S5:The intelligent cipher key equipment parses the client signature original text and shows Transaction Information, and user key-press confirms
Afterwards, the client signature original text is made a summary and signed computing, and client signature result is returned into the client, knot
Beam;
Step S6:After the intelligent cipher key equipment receives the signature request that the client is sent, the client is parsed
Signature original text, computing that the client signature original text is made a summary and signed, and signature result is returned into the client, knot
Beam.
2. according to the method described in claim 1, it is characterised in that in the step S1, judge the client certificate type
Afterwards, in addition to:When the password and checking request for receiving client transmission, just whether intelligent cipher key equipment checking password
Really, if mistake, error message is returned to the client, if correctly, returned to the client after correct information, is waited
Receive the client certificate of server transmission.
3. method according to claim 2, it is characterised in that the intelligent cipher key equipment returns to mistake to the client
Before information, in addition to:The intelligent cipher key equipment judges whether itself is locked, is then to open lock, performs the intelligent key
Whether device authentication password is correct, otherwise returns to error message to the client.
4. according to the method described in claim 1, it is characterised in that return to client signature result described in the step S3
When the client, in addition to:By the client signature original text, the client signature result and the client card
Book is sent to server;
The server receives the client signature original text, the client signature result and the visitor of client transmission
Family end certificate, calls summary computing interface to do computing of once making a summary to the client signature result.
5. method according to claim 4, it is characterised in that the server receives the client that the client is sent
After signature original text, the client signature result and the client certificate, in addition to:The server uses the client
Hold client signature result described in certification authentication whether correct;Whether client certificate is legal described in the server authentication.
6. according to the method described in claim 1, it is characterised in that also include before the step S3:When receiving the visitor
When the client signature original text and judgement that family end is sent are asked, the intelligent cipher key equipment parses the client signature original text simultaneously
Judge whether the client signature original text meets message specification, be then to return to error message to the client, otherwise to institute
State client and return to correct information, perform step S3.
7. according to the method described in claim 1, it is characterised in that before the step S3, in addition to:The client call
Computing interface of making a summary carries out summary computing to the client signature original text, and the summary result is sent into close to the intelligence
Key equipment;
The intelligent cipher key equipment is received after the summary result that the client is sent, and regard the summary result as visitor
Family end signature original text, parses the active client signature original text and simultaneously judges whether the active client signature original text meets report
Literary specification, is then to return to error message to the client, otherwise returns to correct information to the client, perform step S3.
8. method according to claim 7, it is characterised in that return to client signature result described in the step S3
During the client, in addition to:By the client signature original text, the client signature result and the client certificate hair
Deliver to server;
The server receives active client signature original text, the client signature result and the institute of client transmission
Client certificate is stated, calls summary computing interface to do computing of making a summary twice to the client signature result.
9. according to the method described in claim 1, it is characterised in that described to return client signature result in the step S3
When returning the client, in addition to:The symmetric encipherment algorithm that the client is currently supported returns to the client.
10. method according to claim 9, it is characterised in that return client signature result described in the step S3
Return after the client, in addition to:Server selects the security highest symmetric encipherment algorithm conduct that the client is supported
The AES of two-way authentication communication, and this AES is encrypted using client certificate public key, and by encrypted result
It is sent to the client.
11. method according to claim 10, it is characterised in that when the decoding request for receiving the client transmission
When, the encrypted result is decrypted the intelligent cipher key equipment, and the AES return that decryption is obtained is described
Client.
12. method according to claim 11, it is characterised in that it is described decrypted result is returned into the client after,
Also include:The client is used as communication key according to the AES by producing one random number of random number interface generation,
And the server is sent to using server certificate public key encryption, the server receives the encryption that the client is sent
As a result after, decrypted by decryption interface using server certificate private key, obtain the communication key of two-way authentication encryption.
13. according to the method described in claim 1, it is characterised in that also include before the step S1:The client is to clothes
Business device sends two-way authentication connection request, and server info is sent to the client and verified by the server, verifies
Do not pass through, the client interrupts two-way authentication establishment of connection, is verified, the server sends double to the client
To certification connection request, step S1 is performed.
14. method according to claim 13, it is characterised in that server info is specifically included described in step S1:Clothes
Business device public key certificate, server signature original text and server signature result;
It is described server info is sent to the client verified before, in addition to:The server passes through random number
Generate interface and produce random number as server signature original text, server signature original text is made an abstract computing by digest interface
Afterwards, summary operation result sign obtaining server signature result.
15. method according to claim 14, it is characterised in that the server sends server info to the visitor
Family end is verified, is specifically included:Whether the client validation server certificate public key is legal;Described in the client validation
Whether server signature result is correct.
16. method according to claim 15, it is characterised in that whether the client validation server certificate public key closes
Method, is specifically included:Whether the client validation server public key certificate is expired, the client validation issuance server certificate
CA it is whether reliable, can the public key of client validation publisher certificate correctly untie the number of the publisher of server certificate
Word is signed, and whether the domain name in the client validation server certificate matches with the actual domain name of server;
Whether the client validation server signature result is correct, specifically includes:The client is to the server signature
Original text carries out summary computing, and server signature result is verified using server certificate.
17. according to the method described in claim 1, it is characterised in that also include before the step S4:The client is read
Whether intelligent cipher key equipment sequence number, the server authentication user profile and the intelligent cipher key equipment sequence number match, and are
Internet banking system success is then logged in, step S4 is performed, internet banking system failure is otherwise logged in.
18. it is according to the method described in claim 1, it is characterised in that in the step S5 and the step S6, described by client
End signature result is returned after the client, in addition to:The client is by the client signature original text, client signature knot
Fruit and the client certificate are sent to server.
19. method according to claim 18, it is characterised in that the server receives the letter that the client is sent
After breath, in addition to:The client signature original text is once made a summary computing, and according to user profile and certificate information, than
To current certificates whether be this user binding certificate, if it is not, Fail Transaction;If it is, the server is to signature
Original text carries out summary computing and verifies whether signature succeeds, and is then money transfer transactions success, and otherwise money transfer transactions fail.
20. according to the method described in claim 1, it is characterised in that described in the determined property for the certificate that the basis is retrieved
Client certificate type, be specially:The intelligent cipher key equipment judges client certificate type according to the key value of certificate.
21. a kind of device for realizing bidirectional authentication of smart secret key equipment and transaction, it is characterised in that described device includes:
First receiving module, the request of the acquisition client certificate sent for the reception server;
Loopback module, for when first receiving module receive server transmission acquisition client certificate request when,
Client certificate list built in loopback, the client certificate list is indexed including certificate;
Second receiving module, for receiving the request signed using client certificate;
Module is retrieved, for being received when second receiving module during request using client certificate signature, the basis
The certificate indexed search certificate included in the request;
First judge module, for client certificate class described in the determined property of the certificate retrieved according to the retrieval module
Type;
Computing module, for when first judge module judges the client certificate type for the certificate of two-way authentication,
Client signature original text is made a summary and signed computing;It is additionally operable to after display module shows Transaction Information, user key-press is true
After recognizing, computing that the client signature original text is made a summary and signed;
Sending module, the client signature result for the computing module to be obtained is sent to the client;
3rd receiving module, for when first judge module judge the client certificate type for transaction certificate when,
Receive client signature original text and judgement request that client is sent;
Second judge module, client signature original text and judgement for receiving client transmission when the 3rd receiving module
During request, judge whether the client signature original text meets message specification;
Parsing module, for when the second judge module judges that the client signature original text meets message specification, parsing to be described
Client signature original text;It is additionally operable to when the 4th receiving module receives the signature request that the client is sent, parsing is described
Client signature original text;
Display module, for showing Transaction Information;
4th receiving module, for judging that the client signature original text does not meet message specification when second judge module
When, receive the signature request that the client is sent.
22. device according to claim 21, it is characterised in that described device also includes:5th receiving module, checking mould
Block, return module and the 6th receiving module;
5th receiving module, password and checking request for receiving client transmission;
The authentication module, for when the 5th receiving module receives password and the checking request that client is sent, testing
Whether correct demonstrate,prove password;
The return module, for when the authentication module verifies code error, error message to be returned to the client;When
When the authentication module verifies that password is correct, correct information is returned to the client;
6th receiving module, for when authentication module checking password is correct, waiting and receiving server transmission
Client certificate.
23. device according to claim 22, it is characterised in that described device also includes:3rd judge module;
3rd judge module, it is whether locked for judgment means itself;
The authentication module, is additionally operable to when the 3rd judge module judgment means itself are locked, and opening lock checking password is
It is no correct;
The return module, is additionally operable to when the 3rd judge module judgment means itself are locked, is returned to the client
Error message.
24. device according to claim 21, it is characterised in that the sending module, specifically for:By the client
Signature original text, the client signature result and the client certificate are sent to server.
25. device according to claim 21, it is characterised in that the return module is additionally operable to:When the described second judgement
When module judges that the client signature original text meets message specification, error message is returned to the client;When described second
When judge module judges that the client signature original text does not meet message specification, correct information, operation are returned to the client
Computing module.
26. device according to claim 21, it is characterised in that described device also includes:7th receiving module and conduct
Module;
7th receiving module, for receiving the summary result that the client is sent;
It is described as module, for after the 7th receiving module receives the summary result that the client is sent,
It regard the summary result as client signature original text;
The parsing module, is additionally operable to parse the client signature original text;
Second judge module, is additionally operable to judge whether the active client signature original text meets message specification;
The return module, is additionally operable to when second judge module judges that the active client signature original text meets message rule
Fan Shi, error message is returned to the client;When second judge module judges the active client signature original text not
When meeting message specification, correct information is returned to the client;
The computing module, is additionally operable to after the return module returns to correct information to client, to client signature original text
Made a summary and signed computing.
27. device according to claim 26, it is characterised in that described device also includes:8th receiving module;
8th receiving module, for receiving the signature request that the client is sent.
28. device according to claim 27, it is characterised in that the sending module, also particularly useful for:By the client
End signature original text, the client signature result and the client certificate are sent to server.
29. device according to claim 21, it is characterised in that the sending module, specifically for:By the client
The symmetric encipherment algorithm currently supported returns to the client.
30. device according to claim 29, it is characterised in that described device also includes:9th receiving module and decryption
Module;
9th receiving module, for receiving the decoding request that the client is sent;
The deciphering module, for when the 9th receiving module receives the decoding request that the client is sent, to institute
State encrypted result to be decrypted, and the obtained AES return client will be decrypted.
31. device according to claim 21, it is characterised in that first judge module, specifically for:According to certificate
Key value judge client certificate type.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710359305.5A CN107248075B (en) | 2017-05-19 | 2017-05-19 | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710359305.5A CN107248075B (en) | 2017-05-19 | 2017-05-19 | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107248075A true CN107248075A (en) | 2017-10-13 |
CN107248075B CN107248075B (en) | 2020-07-07 |
Family
ID=60017167
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710359305.5A Active CN107248075B (en) | 2017-05-19 | 2017-05-19 | Method and device for realizing bidirectional authentication and transaction of intelligent key equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107248075B (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108366112A (en) * | 2018-02-06 | 2018-08-03 | 杭州朗和科技有限公司 | Data transmission method and system, the medium and computing device of client |
CN108494565A (en) * | 2018-05-24 | 2018-09-04 | 北京深思数盾科技股份有限公司 | digital signature system and method |
CN108833112A (en) * | 2018-06-04 | 2018-11-16 | 北京艾丕科技有限责任公司 | A method of Activate Phone shield |
CN109447646A (en) * | 2018-11-13 | 2019-03-08 | 华瓴(南京)信息技术有限公司 | Privacy of identities guard method and system in a kind of electricity transaction system |
CN109698746A (en) * | 2019-01-21 | 2019-04-30 | 北京邮电大学 | Negotiate the method and system of the sub-key of generation bound device based on master key |
CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
CN111144879A (en) * | 2019-12-27 | 2020-05-12 | 北京虎符信息技术有限公司 | Digital wallet initializing and using method and system based on IDA |
CN111709747A (en) * | 2020-06-10 | 2020-09-25 | 中国工商银行股份有限公司 | Intelligent terminal authentication method and system |
CN113810391A (en) * | 2021-09-01 | 2021-12-17 | 杭州视洞科技有限公司 | Cross-machine-room communication bidirectional authentication and encryption method |
CN113886892A (en) * | 2021-08-31 | 2022-01-04 | 盐城金堤科技有限公司 | Data acquisition method and device for application program, storage medium and electronic equipment |
CN114785773A (en) * | 2022-04-27 | 2022-07-22 | 广州宸祺出行科技有限公司 | File transmission method and device for converting file data into messages |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101770619A (en) * | 2008-12-31 | 2010-07-07 | 中国银联股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
CN102404347A (en) * | 2011-12-28 | 2012-04-04 | 南京邮电大学 | Mobile internet access authentication method based on public key infrastructure |
CN102427459A (en) * | 2011-12-23 | 2012-04-25 | 杭州数盾信息技术有限公司 | Offline authorization method based on Usbkeys |
CN102790678A (en) * | 2012-07-11 | 2012-11-21 | 飞天诚信科技股份有限公司 | Authentication method and system |
CN103457939A (en) * | 2013-08-19 | 2013-12-18 | 飞天诚信科技股份有限公司 | Method for achieving bidirectional authentication of smart secret key equipment |
EP2819050A1 (en) * | 2013-06-25 | 2014-12-31 | Aliaslab S.p.A. | Electronic signature system for an electronic document using a third-party authentication circuit |
-
2017
- 2017-05-19 CN CN201710359305.5A patent/CN107248075B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101770619A (en) * | 2008-12-31 | 2010-07-07 | 中国银联股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
CN102427459A (en) * | 2011-12-23 | 2012-04-25 | 杭州数盾信息技术有限公司 | Offline authorization method based on Usbkeys |
CN102404347A (en) * | 2011-12-28 | 2012-04-04 | 南京邮电大学 | Mobile internet access authentication method based on public key infrastructure |
CN102790678A (en) * | 2012-07-11 | 2012-11-21 | 飞天诚信科技股份有限公司 | Authentication method and system |
EP2819050A1 (en) * | 2013-06-25 | 2014-12-31 | Aliaslab S.p.A. | Electronic signature system for an electronic document using a third-party authentication circuit |
CN103457939A (en) * | 2013-08-19 | 2013-12-18 | 飞天诚信科技股份有限公司 | Method for achieving bidirectional authentication of smart secret key equipment |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109802825A (en) * | 2017-11-17 | 2019-05-24 | 深圳市金证科技股份有限公司 | A kind of data encryption, the method for decryption, system and terminal device |
CN108366112A (en) * | 2018-02-06 | 2018-08-03 | 杭州朗和科技有限公司 | Data transmission method and system, the medium and computing device of client |
CN110149354A (en) * | 2018-02-12 | 2019-08-20 | 北京京东尚科信息技术有限公司 | A kind of encryption and authentication method and device based on https agreement |
CN108494565A (en) * | 2018-05-24 | 2018-09-04 | 北京深思数盾科技股份有限公司 | digital signature system and method |
CN108833112A (en) * | 2018-06-04 | 2018-11-16 | 北京艾丕科技有限责任公司 | A method of Activate Phone shield |
CN109447646B (en) * | 2018-11-13 | 2020-06-30 | 华瓴(南京)信息技术有限公司 | Identity privacy protection method and system in electric power transaction system |
CN109447646A (en) * | 2018-11-13 | 2019-03-08 | 华瓴(南京)信息技术有限公司 | Privacy of identities guard method and system in a kind of electricity transaction system |
CN109698746A (en) * | 2019-01-21 | 2019-04-30 | 北京邮电大学 | Negotiate the method and system of the sub-key of generation bound device based on master key |
CN111144879A (en) * | 2019-12-27 | 2020-05-12 | 北京虎符信息技术有限公司 | Digital wallet initializing and using method and system based on IDA |
CN111144879B (en) * | 2019-12-27 | 2023-04-25 | 北京虎符信息技术有限公司 | IDA-based digital wallet initializing and using method and system |
CN111709747A (en) * | 2020-06-10 | 2020-09-25 | 中国工商银行股份有限公司 | Intelligent terminal authentication method and system |
CN111709747B (en) * | 2020-06-10 | 2023-08-18 | 中国工商银行股份有限公司 | Intelligent terminal authentication method and system |
CN113886892A (en) * | 2021-08-31 | 2022-01-04 | 盐城金堤科技有限公司 | Data acquisition method and device for application program, storage medium and electronic equipment |
CN113886892B (en) * | 2021-08-31 | 2024-02-23 | 盐城天眼察微科技有限公司 | Application program data acquisition method and device, storage medium and electronic equipment |
CN113810391A (en) * | 2021-09-01 | 2021-12-17 | 杭州视洞科技有限公司 | Cross-machine-room communication bidirectional authentication and encryption method |
CN114785773A (en) * | 2022-04-27 | 2022-07-22 | 广州宸祺出行科技有限公司 | File transmission method and device for converting file data into messages |
Also Published As
Publication number | Publication date |
---|---|
CN107248075B (en) | 2020-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107248075A (en) | A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction | |
CN101848090B (en) | Authentication device and system and method using same for on-line identity authentication and transaction | |
CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
US9184913B2 (en) | Authenticating a telecommunication terminal in a telecommunication network | |
CN101765108B (en) | Safety certification service platform system, device and method based on mobile terminal | |
EP2536062B1 (en) | Improvements in communication security | |
US9900148B1 (en) | System and method for encryption | |
US20140059348A1 (en) | System and methods for online authentication | |
CN101393628B (en) | Novel network safe transaction system and method | |
CN101340294A (en) | Cipher keyboard apparatus and implementing method thereof | |
CN103229452A (en) | Mobile handset identification and communication authentication | |
CN101631305B (en) | Encryption method and system | |
CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
JPH113033A (en) | Method for identifying client for client-server electronic transaction, smart card and server relating to the same, and method and system for deciding approval for co-operation by user and verifier | |
CN103036681B (en) | A kind of password safety keyboard device and system | |
CN103200176A (en) | Identification method, identification device and identification system based on bank independent communication channel | |
KR101051420B1 (en) | Secure one time password generating apparatus and method | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN106209386B (en) | A kind of methods, devices and systems for realizing safety certification | |
TW201601083A (en) | One-time password generation method and device, authentication method and authentication system | |
CN106712939A (en) | Offline key transmission method and device | |
CN107948186A (en) | A kind of safety certifying method and device | |
CN108460597A (en) | A kind of key management system and method | |
CN106056419A (en) | Method, system and device for realizing independent transaction by using electronic signature equipment | |
CN104992329A (en) | Method for safely issuing transaction message |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |