CN109361681A - The close certificate authentication method of state, device and equipment - Google Patents
The close certificate authentication method of state, device and equipment Download PDFInfo
- Publication number
- CN109361681A CN109361681A CN201811338997.6A CN201811338997A CN109361681A CN 109361681 A CN109361681 A CN 109361681A CN 201811338997 A CN201811338997 A CN 201811338997A CN 109361681 A CN109361681 A CN 109361681A
- Authority
- CN
- China
- Prior art keywords
- state
- close
- challenge code
- certificate
- signing messages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Abstract
The invention discloses a kind of close certificate authentication method of state, device and equipment, wherein a kind of close certificate authentication method of state is used for client, comprising: SSL connection request is sent, to establish unidirectional SSL connection;Pass through the close certification request of the SSL connection forwarding country;Receive the challenge code returned based on the close certification request of the state;It signs to the challenge code;Send signing messages and the close certificate of state;Receive the verification result to the close certificate of the signing messages and state.By on the basis of establishing unidirectional SSL connection, the close certification of forwarding country, and sign to the challenge code of generation, then the close certificate of signing messages and state is verified, the certification of the close certificate of state is completed using challenge authentication mode.To solve the problems, such as not can be carried out the close certificate verification of state.
Description
Technical field
The present invention relates to the close certificate authentication method in mobile network security fields more particularly to a kind of state, device and equipment.
Background technique
There are two types of the modes of SSL certificate certification: international certificate certification and the close certificate verification of state.International certificate authentication mode is adopted
With international agreement, certification is completed using International Algorithmic in SSL connection procedure.The close certificate verification mode of state uses the close agreement of state,
The close agreement of state is using a set of standard of Chinese commercial cipher algorithm, includes tetra- kinds of algorithms of SM1, SM2, SM3 and SM4.
In existing SSL certificate certification, the system library of apple and Android can only support international agreement, not support the close calculation of state
Method.Therefore the close certificate verification of state is not can be carried out.
Summary of the invention
The embodiment of the present invention provides a kind of close certificate authentication method of state, device and equipment, deposits in the prior art to solve
The problem of not can be carried out state's close certificate verification.
In a first aspect, the embodiment of the present invention provides a kind of close certificate authentication method of state, it to be used for client, comprising:
SSL connection request is sent, to establish unidirectional SSL connection;
Pass through the close certification request of the SSL connection forwarding country;
Receive the challenge code returned based on the close certification request of the state;
It signs to the challenge code;
Send signing messages and the close certificate of state;
Receive the verification result to the close certificate of the signing messages and state.
As a kind of specific implementation of the embodiment of the present invention, the challenge code: made by time factor and random number
It is encrypted and is generated with hash algorithm.
It is described to sign to the challenge code as a kind of specific implementation of the embodiment of the present invention, specifically:
The challenge code is encrypted using private key.
Second aspect, the embodiment of the present invention provide a kind of close certificate authentication method of state, are used for server end, comprising:
SSL connection request is received, to establish unidirectional SSL connection;
Reception passes through the close certification request of the SSL connection forwarding country;
Challenge code is generated based on the close certification request of the state, and sends the challenge code;
Receive the close certificate of signing messages and state generated to challenge code signature;
The close certificate of the signing messages and state is verified, and sends verification result.
It is described that challenge is generated based on the close certification request of the state as a kind of specific implementation of the embodiment of the present invention
Code, and send the challenge code, comprising:
Receive the close certification request of the state;
Challenge code is generated based on the close certification request of the state;
The challenge code is saved in local, and sends the challenge code.
It is described that the close certificate of the signing messages and state is tested as a kind of specific implementation of the embodiment of the present invention
Card, and send verification result, comprising:
Obtain the public key of the close certificate of the state;
The signing messages is decrypted using the public key, to obtain the challenge code in signing messages;
Challenge code in the signing messages is compared with local challenge code is saved in, to be verified knot
Fruit;
Send the verification result.
The third aspect, the embodiment of the present invention provide a kind of method of close certificate verification of state, comprising:
Client sends SSL connection request to server, to establish unidirectional SSL connection;
The client gives the server by the close certification request of the SSL connection forwarding country
The server is based on the close certification request of the state and generates challenge code, and the challenge code is sent to the client
End;
The client receives the challenge code;
The client signs to the challenge code;
The client sends signing messages and the close certificate of state to server;
The server verifies the close certificate of the signing messages and state, and transmits verification result to client;
The client receives the verification result.
Fourth aspect, the embodiment of the present invention provide a kind of close certificate verification device of state, are used for client, comprising:
Connection request module: for sending SSL connection request, to establish unidirectional SSL connection;
Certificate sending module: for passing through the close certification request of the SSL connection forwarding country;
Challenge code receiving module: for receiving the challenge code returned based on the close certification request of the state;
Signature blocks: for signing to the challenge code;
Information sending module: for sending the close certificate of signing messages and state;
As a result receiving module: for receiving the verification result to the close certificate of the signing messages and state.
5th aspect, the embodiment of the present invention provide a kind of close certificate verification device of state, are used for server end, comprising:
Request receiving module: for receiving SSL connection request, to establish unidirectional SSL connection;
Certification request receiving module: pass through the close certification request of the SSL connection forwarding country for receiving;
Challenge code generation module: for generating challenge code based on the close certification request of the state, and the challenge code is sent;
Signing messages receiving module: for receiving the close certificate of signing messages and state generated to challenge code signature;
Authentication module: for verifying to the close certificate of the signing messages and state, and verification result is sent.
6th aspect, the embodiment of the present invention provide electronic equipment, the electronic equipment, comprising: memory, processor and deposit
The computer program that can be run on the memory and on the processor is stored up, the computer program is by the processor
The step of first aspect and second aspect any described method are realized when execution.
The embodiment of the present invention is by the basis of establishing unidirectional SSL connection, the close certification of forwarding country, and the challenge to generation
Code is signed, and is then verified to the close certificate of signing messages and state, is completed recognizing for the close certificate of state using challenge authentication mode
Card.To solve the problems, such as not can be carried out the close certificate verification of state, and achieve positive technical effect.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the flow chart of the close certificate authentication method of state described in the embodiment of the present invention one;
Fig. 2 is the flow chart of the close certificate authentication method of state described in the embodiment of the present invention two;
Fig. 3 is to generate challenge code based on the close certification request of the state described in the embodiment of the present invention two, and choose described in transmission
The flow chart of war code;
Fig. 4 verifies the close certificate of the signing messages and state to be described described in the embodiment of the present invention two, and sends
The flow chart of verification result;
Fig. 5 is the functional block diagram of the method for the close certificate verification of state described in the embodiment of the present invention three;
Fig. 6 is the functional block diagram of the close certificate verification device of state described in the embodiment of the present invention four;
Fig. 7 is the flow chart of the close certificate verification device of state described in the embodiment of the present invention five.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
The process of the close Handshake Protocol of SSL state is specific as follows in the prior art:
1, client sends client hello message to server, otherwise server response server hello message produces
It gives birth to a fatal error and disconnects.Client hello and server hello be used for and server carry out based on RSA,
The cryptographic algorithm of ECC or IBC is negotiated, and determines safe transmission ability, including protocol version, session identification, cipher suite etc.
Attribute, and generate and exchange random number.
It 2, is authentication and key exchange process after client hello and server hello message.Including service
Device certificate, server key exchange, client certificate, client key exchange.
3, after server has sent helllo message, the certificate message of oneself, server key exchange are then sent
Message.If server needs to verify the identity of client, certificate request message is sent to client.Then server is sent
Hello completes message, indicates that hello message phase is over, server waits the return message of client.If server
A certificate request message is had sent, client must return to a certificate message, and then client sends cipher key exchange message,
Message content depends on the Diffie-Hellman that client hello message and server hello message negotiate.If client
Certificate message is had sent, then client should also send the certification authentication message with digital signature for server authentication visitor
The identity at family end.
4, then client sends password specification and changes message, and then client uses the algorithm just negotiated and close immediately
Key, encrypting and transmitting are shaken hands end message.Server then responds password specification change message, uses the algorithm just negotiated and close
Key, encrypting and transmitting are shaken hands end message.So far handshake procedure terminates, and server and client side can start data safety biography
It is defeated.
It is specific as shown in table 1,
The process table of the close Handshake Protocol of table 1:SSL state.
Embodiment one:
First embodiment of the invention provides a kind of close certificate authentication method of state, be used for client, as shown in Figure 1, include with
Lower specific steps:
Step S101: SSL connection request is sent, to establish unidirectional SSL connection;
Client sends SSL connection request to server, connects to establish unidirectional SSL between clients and servers
It connects, unidirectional SSL connection refers to have user end to server unidirectionally to send SSL data.
In a specific application scenarios, establishing SSL connection is the prior art, calls the interface in the library openssl complete
At.
Step S102: pass through the close certification request of the SSL connection forwarding country;
After establishing unidirectional SSL connection between client and server, client passes through the close certification of unidirectional SSL connection forwarding country
It requests to server.
Step S103: the challenge code returned based on the close certification request of the state is received;
After server receives the close certification request of state of client, a challenge code is generated based on the close certification request of state, and
Challenge code is sent back into client, while saving a challenge code in server.
As a specific embodiment of the present invention, hash algorithm challenge code: is used by time factor and random number
Encryption generates, hash algorithm such as md5 or SHA-1 etc..Random number is that calling system bottom function generates.
Step S104: it signs to the challenge code;
After client receives challenge code, signed using the private key of client to challenge code.
Step S105: signing messages and the close certificate of state are sent;
The close certificate of signing messages after signing to challenge code and state is sent to server by client.
Step S106: the verification result to the close certificate of the signing messages and state is received.
Server verifies the close certificate of received signing messages and state, and transmits verification result to client.
As a specific embodiment of the present invention, server-side using the public key in client certificate to signing messages into
Row decryption, obtains the challenge code in signing messages, then will save in the challenge code and server in obtained signing messages
Challenge code is compared, and verification result is returned to client.As two challenge codes unanimously if be verified, such as it is inconsistent, then
Verifying not over.
Embodiment two:
As shown in Fig. 2, the embodiment of the present invention provides a kind of close certificate authentication method of state, it to be used for server end, comprising:
Step S201: SSL connection request is received, to establish unidirectional SSL connection;
Step S202: reception passes through the close certification request of the SSL connection forwarding country;
Step S203: challenge code is generated based on the close certification request of the state, and sends the challenge code;
Step S204: the close certificate of signing messages and state generated to challenge code signature is received;
Step S205: the close certificate of the signing messages and state is verified, and sends verification result.
As a specific embodiment of the present invention, as shown in figure 3, step S203: described to be based on the close certification of the state
Request generates challenge code, and sends the challenge code, comprising:
Step S301: the close certification request of the state is received;
Step S302: challenge code is generated based on the close certification request of the state;
Step S303: the challenge code is saved in local, and sends the challenge code.
As a specific embodiment of the present invention, as shown in figure 4, step S205: it is described to the signing messages and
The close certificate of state is verified, and sends verification result, comprising:
Step S401: the public key of the close certificate of the state is obtained;
Step S402: the signing messages is decrypted using the public key, to obtain the challenge in signing messages
Code;
Step S403: the challenge code in the signing messages is compared with local challenge code is saved in, thus
To verification result;
Step S404: the verification result is sent.
Its specific embodiment has been described in detail in example 1, and details are not described herein.
Embodiment three:
As shown in figure 5, the embodiment of the present invention provides a kind of method of close certificate verification of state, comprising:
Client sends SSL connection request to server, to establish unidirectional SSL connection;
The client gives the server by the close certification request of the SSL connection forwarding country
The server is based on the close certification request of the state and generates challenge code, and the challenge code is sent to the client
End;
The client receives the challenge code;
The client signs to the challenge code;
The client sends signing messages and the close certificate of state to server;
The server verifies the close certificate of the signing messages and state, and transmits verification result to client;
The client receives the verification result.
Client and server end is mainly combined and is illustrated by the technical program, and specific embodiment is being implemented
It has been described in detail in example one, details are not described herein.
Example IV:
As shown in fig. 6, fourth aspect, the embodiment of the present invention provides a kind of close certificate verification device of state, is used for client, packet
It includes:
Connection request module 601: for sending SSL connection request, to establish unidirectional SSL connection;
Certificate sending module 602: for passing through the close certification request of the SSL connection forwarding country;
Challenge code receiving module 603: for receiving the challenge code returned based on the close certification request of the state;
Signature blocks 604: for signing to the challenge code;
Information sending module 605: for sending the close certificate of signing messages and state;
As a result receiving module 606: for receiving the verification result to the close certificate of the signing messages and state.
As a specific embodiment of the present invention, Hash the challenge code: is used by time factor and random number
Algorithm for encryption generates.
It is described to sign to the challenge code as a specific embodiment of the present invention, specifically: use private key
The challenge code is encrypted.
Embodiment five:
As shown in fig. 7, the 5th aspect, the embodiment of the present invention provide a kind of close certificate verification device of state, it is used for server end,
Include:
Request receiving module 701: for receiving SSL connection request, to establish unidirectional SSL connection;
Certification request receiving module 702: pass through the close certification request of the SSL connection forwarding country for receiving;
Challenge code generation module 703: for generating challenge code based on the close certification request of the state, and the challenge is sent
Code;
Signing messages receiving module 704: for receiving the close certificate of signing messages and state generated to challenge code signature;
Authentication module 705: for verifying to the close certificate of the signing messages and state, and verification result is sent.
As a specific embodiment of the present invention, challenge code generation module 703 is also used to:
Receive the close certification request of the state;
Challenge code is generated based on the close certification request of the state;
The challenge code is saved in local, and sends the challenge code.
As a specific embodiment of the present invention, authentication module 705 is also used to:
Obtain the public key of the close certificate of the state;
The signing messages is decrypted using the public key, to obtain the challenge code in signing messages;
Challenge code in the signing messages is compared with local challenge code is saved in, to be verified knot
Fruit;
Send the verification result.
The technical program is mainly the statement of functional module in server end, specific embodiment embodiment one to
It has been described in detail in example IV, details are not described herein.
6th aspect, the embodiment of the present invention provide a kind of electronic equipment, the electronic equipment, comprising: memory, processor
And it is stored in the computer program that can be run on the memory and on the processor, the computer program is by the place
Reason device realizes the method and step that embodiment one or embodiment two are stated when executing.
Processor can be general processor, such as central processing unit (Central Processing Unit, CPU), also
It can be digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application
Specific Integrated Circuit, ASIC), or be arranged to implement the one or more of the embodiment of the present invention
Integrated circuit.Wherein, memory is used to store the executable instruction of the processor;Memory, for storing program code, and
The program code is transferred to processor.Memory may include volatile memory (Volatile Memory), such as at random
It accesses memory (Random Access Memory, RAM);It also may include nonvolatile memory (Non-Volatile
), such as read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), hard disk Memory
(Hard Disk Drive, HDD) or solid state hard disk (Solid-State Drive, SSD);It can also include depositing for mentioned kind
The combination of reservoir.
The embodiment of the present invention also provides a kind of offer computer readable storage medium, on the computer readable storage medium
It is stored with computer program, the method and step of embodiment one is realized when the computer program is executed by processor.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, service
Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of close certificate authentication method of state is used for client characterized by comprising
SSL connection request is sent, to establish unidirectional SSL connection;
Pass through the close certification request of the SSL connection forwarding country;
Receive the challenge code returned based on the close certification request of the state;
It signs to the challenge code;
Send signing messages and the close certificate of state;
Receive the verification result to the close certificate of the signing messages and state.
2. the close certificate authentication method of state as described in claim 1, which is characterized in that the challenge code:
It is generated by time factor and random number using hash algorithm encryption.
3. the close certificate authentication method of state as described in claim 1, which is characterized in that it is described to sign to the challenge code,
Specifically:
The challenge code is encrypted using private key.
4. a kind of close certificate authentication method of state is used for server end characterized by comprising
SSL connection request is received, to establish unidirectional SSL connection;
Reception passes through the close certification request of the SSL connection forwarding country;
Challenge code is generated based on the close certification request of the state, and sends the challenge code;
Receive the close certificate of signing messages and state generated to challenge code signature;
The close certificate of the signing messages and state is verified, and sends verification result.
5. the close certificate authentication method of state according to claim 4, which is characterized in that described to be based on the close certification request of the state
Challenge code is generated, and sends the challenge code, comprising:
Receive the close certification request of the state;
Challenge code is generated based on the close certification request of the state;
The challenge code is saved in local, and sends the challenge code.
6. the close certificate authentication method of state according to claim 5, which is characterized in that described close to the signing messages and state
Certificate is verified, and sends verification result, comprising:
Obtain the public key of the close certificate of the state;
The signing messages is decrypted using the public key, to obtain the challenge code in signing messages;
Challenge code in the signing messages is compared with local challenge code is saved in, to be verified result;
Send the verification result.
7. a kind of close certificate authentication method of state characterized by comprising
Client sends SSL connection request to server, to establish unidirectional SSL connection;
The client gives the server by the close certification request of the SSL connection forwarding country
The server is based on the close certification request of the state and generates challenge code, and the challenge code is sent to the client;
The client receives the challenge code;
The client signs to the challenge code;
The client sends signing messages and the close certificate of state to server;
The server verifies the close certificate of the signing messages and state, and transmits verification result to client;
The client receives the verification result.
8. a kind of close certificate verification device of state is used for client characterized by comprising
Connection request module: for sending SSL connection request, to establish unidirectional SSL connection;
Certificate sending module: for passing through the close certification request of the SSL connection forwarding country;
Challenge code receiving module: for receiving the challenge code returned based on the close certification request of the state;
Signature blocks: for signing to the challenge code;
Information sending module: for sending the close certificate of signing messages and state;
As a result receiving module: for receiving the verification result to the close certificate of the signing messages and state.
9. a kind of close certificate verification device of state is used for server end characterized by comprising
Request receiving module: for receiving SSL connection request, to establish unidirectional SSL connection;
Certification request receiving module: pass through the close certification request of the SSL connection forwarding country for receiving;
Challenge code generation module: for generating challenge code based on the close certification request of the state, and the challenge code is sent;
Signing messages receiving module: for receiving the close certificate of signing messages and state generated to challenge code signature;
Authentication module: for verifying to the close certificate of the signing messages and state, and verification result is sent.
10. a kind of electronic equipment, which is characterized in that the electronic equipment, comprising: memory, processor and be stored in described deposit
On reservoir and the computer program that can run on the processor, the computer program are realized when being executed by the processor
Such as the step of method as claimed in any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811338997.6A CN109361681B (en) | 2018-11-12 | 2018-11-12 | Method, device and equipment for authenticating national secret certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811338997.6A CN109361681B (en) | 2018-11-12 | 2018-11-12 | Method, device and equipment for authenticating national secret certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109361681A true CN109361681A (en) | 2019-02-19 |
CN109361681B CN109361681B (en) | 2021-10-15 |
Family
ID=65344870
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811338997.6A Active CN109361681B (en) | 2018-11-12 | 2018-11-12 | Method, device and equipment for authenticating national secret certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109361681B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112448958A (en) * | 2020-11-30 | 2021-03-05 | 南方电网科学研究院有限责任公司 | Domain policy issuing method and device, electronic equipment and storage medium |
CN113364776A (en) * | 2021-06-04 | 2021-09-07 | 北银金融科技有限责任公司 | Method and system for verifying block link point usage cryptographic algorithm communication |
CN113839927A (en) * | 2021-09-01 | 2021-12-24 | 北京天融信网络安全技术有限公司 | Method and system for performing bidirectional authentication based on third party |
CN114615046A (en) * | 2022-03-07 | 2022-06-10 | 中国大唐集团科学技术研究总院有限公司 | Administrator double-factor authentication method based on national secret certificate |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103188074A (en) * | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | Proxy method for improving SSL algorithm intensity of browser |
CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
US20140344567A1 (en) * | 2009-04-07 | 2014-11-20 | Secureauth Corporation | Identity-based certificate management |
CN104283886A (en) * | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | Web safety access implementation method based on intelligent terminal local authentication |
CN104735068A (en) * | 2015-03-24 | 2015-06-24 | 江苏物联网研究发展中心 | SIP security authentication method based on commercial passwords |
CN105337977A (en) * | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
CN105847247A (en) * | 2016-03-21 | 2016-08-10 | 飞天诚信科技股份有限公司 | Authentication system and working method thereof |
CN106330838A (en) * | 2015-07-01 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Dynamic signature method, client using the same and server |
CN106936790A (en) * | 2015-12-30 | 2017-07-07 | 上海格尔软件股份有限公司 | The method that client and server end carries out two-way authentication is realized based on digital certificate |
CN108064440A (en) * | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
-
2018
- 2018-11-12 CN CN201811338997.6A patent/CN109361681B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140344567A1 (en) * | 2009-04-07 | 2014-11-20 | Secureauth Corporation | Identity-based certificate management |
CN103188074A (en) * | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | Proxy method for improving SSL algorithm intensity of browser |
CN103747001A (en) * | 2014-01-14 | 2014-04-23 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm |
CN104283886A (en) * | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | Web safety access implementation method based on intelligent terminal local authentication |
CN104735068A (en) * | 2015-03-24 | 2015-06-24 | 江苏物联网研究发展中心 | SIP security authentication method based on commercial passwords |
CN106330838A (en) * | 2015-07-01 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Dynamic signature method, client using the same and server |
CN105337977A (en) * | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
CN106936790A (en) * | 2015-12-30 | 2017-07-07 | 上海格尔软件股份有限公司 | The method that client and server end carries out two-way authentication is realized based on digital certificate |
CN105847247A (en) * | 2016-03-21 | 2016-08-10 | 飞天诚信科技股份有限公司 | Authentication system and working method thereof |
CN108064440A (en) * | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
Non-Patent Citations (1)
Title |
---|
中国人民银行科技司: "《移动金融关键技术与标准解读》", 30 March 2016 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112448958A (en) * | 2020-11-30 | 2021-03-05 | 南方电网科学研究院有限责任公司 | Domain policy issuing method and device, electronic equipment and storage medium |
CN113364776A (en) * | 2021-06-04 | 2021-09-07 | 北银金融科技有限责任公司 | Method and system for verifying block link point usage cryptographic algorithm communication |
CN113839927A (en) * | 2021-09-01 | 2021-12-24 | 北京天融信网络安全技术有限公司 | Method and system for performing bidirectional authentication based on third party |
CN113839927B (en) * | 2021-09-01 | 2023-06-09 | 北京天融信网络安全技术有限公司 | Method and system for performing mutual authentication based on third party |
CN114615046A (en) * | 2022-03-07 | 2022-06-10 | 中国大唐集团科学技术研究总院有限公司 | Administrator double-factor authentication method based on national secret certificate |
Also Published As
Publication number | Publication date |
---|---|
CN109361681B (en) | 2021-10-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11716195B2 (en) | Facilitating communications using hybrid cryptography | |
CN110537346B (en) | Safe decentralized domain name system | |
US10263969B2 (en) | Method and apparatus for authenticated key exchange using password and identity-based signature | |
EP3318037B1 (en) | Content security at service layer | |
US9705859B2 (en) | Key exchange through partially trusted third party | |
US10412098B2 (en) | Signed envelope encryption | |
CN108886468B (en) | System and method for distributing identity-based key material and certificates | |
WO2018050081A1 (en) | Device identity authentication method and apparatus, electric device, and storage medium | |
JP2023099091A (en) | Method, storage medium and electronic device for secure dynamic threshold signature scheme | |
KR101786132B1 (en) | Low-latency peer session establishment | |
TWI487359B (en) | Secure key generation | |
US9185111B2 (en) | Cryptographic authentication techniques for mobile devices | |
CN107086981B (en) | Controlled security code authentication | |
WO2022021992A1 (en) | Data transmission method and system based on nb-iot communication, and medium | |
CN109981562B (en) | Software development kit authorization method and device | |
JP6896940B2 (en) | Symmetrical mutual authentication method between the first application and the second application | |
US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
CN109150897B (en) | End-to-end communication encryption method and device | |
CN110958209B (en) | Bidirectional authentication method, system and terminal based on shared secret key | |
CN109361681A (en) | The close certificate authentication method of state, device and equipment | |
US10601590B1 (en) | Secure secrets in hardware security module for use by protected function in trusted execution environment | |
CN109495445A (en) | Identity identifying method, device, terminal, server and medium based on Internet of Things | |
US11153074B1 (en) | Trust framework against systematic cryptographic | |
Lounis et al. | Bad-token: denial of service attacks on WPA3 | |
CN109525565B (en) | Defense method and system for short message interception attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |