CN109361681A - The close certificate authentication method of state, device and equipment - Google Patents

The close certificate authentication method of state, device and equipment Download PDF

Info

Publication number
CN109361681A
CN109361681A CN201811338997.6A CN201811338997A CN109361681A CN 109361681 A CN109361681 A CN 109361681A CN 201811338997 A CN201811338997 A CN 201811338997A CN 109361681 A CN109361681 A CN 109361681A
Authority
CN
China
Prior art keywords
state
close
challenge code
certificate
signing messages
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811338997.6A
Other languages
Chinese (zh)
Other versions
CN109361681B (en
Inventor
姜超
陈天凯
罗元
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN201811338997.6A priority Critical patent/CN109361681B/en
Publication of CN109361681A publication Critical patent/CN109361681A/en
Application granted granted Critical
Publication of CN109361681B publication Critical patent/CN109361681B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Abstract

The invention discloses a kind of close certificate authentication method of state, device and equipment, wherein a kind of close certificate authentication method of state is used for client, comprising: SSL connection request is sent, to establish unidirectional SSL connection;Pass through the close certification request of the SSL connection forwarding country;Receive the challenge code returned based on the close certification request of the state;It signs to the challenge code;Send signing messages and the close certificate of state;Receive the verification result to the close certificate of the signing messages and state.By on the basis of establishing unidirectional SSL connection, the close certification of forwarding country, and sign to the challenge code of generation, then the close certificate of signing messages and state is verified, the certification of the close certificate of state is completed using challenge authentication mode.To solve the problems, such as not can be carried out the close certificate verification of state.

Description

The close certificate authentication method of state, device and equipment
Technical field
The present invention relates to the close certificate authentication method in mobile network security fields more particularly to a kind of state, device and equipment.
Background technique
There are two types of the modes of SSL certificate certification: international certificate certification and the close certificate verification of state.International certificate authentication mode is adopted With international agreement, certification is completed using International Algorithmic in SSL connection procedure.The close certificate verification mode of state uses the close agreement of state, The close agreement of state is using a set of standard of Chinese commercial cipher algorithm, includes tetra- kinds of algorithms of SM1, SM2, SM3 and SM4.
In existing SSL certificate certification, the system library of apple and Android can only support international agreement, not support the close calculation of state Method.Therefore the close certificate verification of state is not can be carried out.
Summary of the invention
The embodiment of the present invention provides a kind of close certificate authentication method of state, device and equipment, deposits in the prior art to solve The problem of not can be carried out state's close certificate verification.
In a first aspect, the embodiment of the present invention provides a kind of close certificate authentication method of state, it to be used for client, comprising:
SSL connection request is sent, to establish unidirectional SSL connection;
Pass through the close certification request of the SSL connection forwarding country;
Receive the challenge code returned based on the close certification request of the state;
It signs to the challenge code;
Send signing messages and the close certificate of state;
Receive the verification result to the close certificate of the signing messages and state.
As a kind of specific implementation of the embodiment of the present invention, the challenge code: made by time factor and random number It is encrypted and is generated with hash algorithm.
It is described to sign to the challenge code as a kind of specific implementation of the embodiment of the present invention, specifically:
The challenge code is encrypted using private key.
Second aspect, the embodiment of the present invention provide a kind of close certificate authentication method of state, are used for server end, comprising:
SSL connection request is received, to establish unidirectional SSL connection;
Reception passes through the close certification request of the SSL connection forwarding country;
Challenge code is generated based on the close certification request of the state, and sends the challenge code;
Receive the close certificate of signing messages and state generated to challenge code signature;
The close certificate of the signing messages and state is verified, and sends verification result.
It is described that challenge is generated based on the close certification request of the state as a kind of specific implementation of the embodiment of the present invention Code, and send the challenge code, comprising:
Receive the close certification request of the state;
Challenge code is generated based on the close certification request of the state;
The challenge code is saved in local, and sends the challenge code.
It is described that the close certificate of the signing messages and state is tested as a kind of specific implementation of the embodiment of the present invention Card, and send verification result, comprising:
Obtain the public key of the close certificate of the state;
The signing messages is decrypted using the public key, to obtain the challenge code in signing messages;
Challenge code in the signing messages is compared with local challenge code is saved in, to be verified knot Fruit;
Send the verification result.
The third aspect, the embodiment of the present invention provide a kind of method of close certificate verification of state, comprising:
Client sends SSL connection request to server, to establish unidirectional SSL connection;
The client gives the server by the close certification request of the SSL connection forwarding country
The server is based on the close certification request of the state and generates challenge code, and the challenge code is sent to the client End;
The client receives the challenge code;
The client signs to the challenge code;
The client sends signing messages and the close certificate of state to server;
The server verifies the close certificate of the signing messages and state, and transmits verification result to client;
The client receives the verification result.
Fourth aspect, the embodiment of the present invention provide a kind of close certificate verification device of state, are used for client, comprising:
Connection request module: for sending SSL connection request, to establish unidirectional SSL connection;
Certificate sending module: for passing through the close certification request of the SSL connection forwarding country;
Challenge code receiving module: for receiving the challenge code returned based on the close certification request of the state;
Signature blocks: for signing to the challenge code;
Information sending module: for sending the close certificate of signing messages and state;
As a result receiving module: for receiving the verification result to the close certificate of the signing messages and state.
5th aspect, the embodiment of the present invention provide a kind of close certificate verification device of state, are used for server end, comprising:
Request receiving module: for receiving SSL connection request, to establish unidirectional SSL connection;
Certification request receiving module: pass through the close certification request of the SSL connection forwarding country for receiving;
Challenge code generation module: for generating challenge code based on the close certification request of the state, and the challenge code is sent;
Signing messages receiving module: for receiving the close certificate of signing messages and state generated to challenge code signature;
Authentication module: for verifying to the close certificate of the signing messages and state, and verification result is sent.
6th aspect, the embodiment of the present invention provide electronic equipment, the electronic equipment, comprising: memory, processor and deposit The computer program that can be run on the memory and on the processor is stored up, the computer program is by the processor The step of first aspect and second aspect any described method are realized when execution.
The embodiment of the present invention is by the basis of establishing unidirectional SSL connection, the close certification of forwarding country, and the challenge to generation Code is signed, and is then verified to the close certificate of signing messages and state, is completed recognizing for the close certificate of state using challenge authentication mode Card.To solve the problems, such as not can be carried out the close certificate verification of state, and achieve positive technical effect.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is the flow chart of the close certificate authentication method of state described in the embodiment of the present invention one;
Fig. 2 is the flow chart of the close certificate authentication method of state described in the embodiment of the present invention two;
Fig. 3 is to generate challenge code based on the close certification request of the state described in the embodiment of the present invention two, and choose described in transmission The flow chart of war code;
Fig. 4 verifies the close certificate of the signing messages and state to be described described in the embodiment of the present invention two, and sends The flow chart of verification result;
Fig. 5 is the functional block diagram of the method for the close certificate verification of state described in the embodiment of the present invention three;
Fig. 6 is the functional block diagram of the close certificate verification device of state described in the embodiment of the present invention four;
Fig. 7 is the flow chart of the close certificate verification device of state described in the embodiment of the present invention five.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
The process of the close Handshake Protocol of SSL state is specific as follows in the prior art:
1, client sends client hello message to server, otherwise server response server hello message produces It gives birth to a fatal error and disconnects.Client hello and server hello be used for and server carry out based on RSA, The cryptographic algorithm of ECC or IBC is negotiated, and determines safe transmission ability, including protocol version, session identification, cipher suite etc. Attribute, and generate and exchange random number.
It 2, is authentication and key exchange process after client hello and server hello message.Including service Device certificate, server key exchange, client certificate, client key exchange.
3, after server has sent helllo message, the certificate message of oneself, server key exchange are then sent Message.If server needs to verify the identity of client, certificate request message is sent to client.Then server is sent Hello completes message, indicates that hello message phase is over, server waits the return message of client.If server A certificate request message is had sent, client must return to a certificate message, and then client sends cipher key exchange message, Message content depends on the Diffie-Hellman that client hello message and server hello message negotiate.If client Certificate message is had sent, then client should also send the certification authentication message with digital signature for server authentication visitor The identity at family end.
4, then client sends password specification and changes message, and then client uses the algorithm just negotiated and close immediately Key, encrypting and transmitting are shaken hands end message.Server then responds password specification change message, uses the algorithm just negotiated and close Key, encrypting and transmitting are shaken hands end message.So far handshake procedure terminates, and server and client side can start data safety biography It is defeated.
It is specific as shown in table 1,
The process table of the close Handshake Protocol of table 1:SSL state.
Embodiment one:
First embodiment of the invention provides a kind of close certificate authentication method of state, be used for client, as shown in Figure 1, include with Lower specific steps:
Step S101: SSL connection request is sent, to establish unidirectional SSL connection;
Client sends SSL connection request to server, connects to establish unidirectional SSL between clients and servers It connects, unidirectional SSL connection refers to have user end to server unidirectionally to send SSL data.
In a specific application scenarios, establishing SSL connection is the prior art, calls the interface in the library openssl complete At.
Step S102: pass through the close certification request of the SSL connection forwarding country;
After establishing unidirectional SSL connection between client and server, client passes through the close certification of unidirectional SSL connection forwarding country It requests to server.
Step S103: the challenge code returned based on the close certification request of the state is received;
After server receives the close certification request of state of client, a challenge code is generated based on the close certification request of state, and Challenge code is sent back into client, while saving a challenge code in server.
As a specific embodiment of the present invention, hash algorithm challenge code: is used by time factor and random number Encryption generates, hash algorithm such as md5 or SHA-1 etc..Random number is that calling system bottom function generates.
Step S104: it signs to the challenge code;
After client receives challenge code, signed using the private key of client to challenge code.
Step S105: signing messages and the close certificate of state are sent;
The close certificate of signing messages after signing to challenge code and state is sent to server by client.
Step S106: the verification result to the close certificate of the signing messages and state is received.
Server verifies the close certificate of received signing messages and state, and transmits verification result to client.
As a specific embodiment of the present invention, server-side using the public key in client certificate to signing messages into Row decryption, obtains the challenge code in signing messages, then will save in the challenge code and server in obtained signing messages Challenge code is compared, and verification result is returned to client.As two challenge codes unanimously if be verified, such as it is inconsistent, then Verifying not over.
Embodiment two:
As shown in Fig. 2, the embodiment of the present invention provides a kind of close certificate authentication method of state, it to be used for server end, comprising:
Step S201: SSL connection request is received, to establish unidirectional SSL connection;
Step S202: reception passes through the close certification request of the SSL connection forwarding country;
Step S203: challenge code is generated based on the close certification request of the state, and sends the challenge code;
Step S204: the close certificate of signing messages and state generated to challenge code signature is received;
Step S205: the close certificate of the signing messages and state is verified, and sends verification result.
As a specific embodiment of the present invention, as shown in figure 3, step S203: described to be based on the close certification of the state Request generates challenge code, and sends the challenge code, comprising:
Step S301: the close certification request of the state is received;
Step S302: challenge code is generated based on the close certification request of the state;
Step S303: the challenge code is saved in local, and sends the challenge code.
As a specific embodiment of the present invention, as shown in figure 4, step S205: it is described to the signing messages and The close certificate of state is verified, and sends verification result, comprising:
Step S401: the public key of the close certificate of the state is obtained;
Step S402: the signing messages is decrypted using the public key, to obtain the challenge in signing messages Code;
Step S403: the challenge code in the signing messages is compared with local challenge code is saved in, thus To verification result;
Step S404: the verification result is sent.
Its specific embodiment has been described in detail in example 1, and details are not described herein.
Embodiment three:
As shown in figure 5, the embodiment of the present invention provides a kind of method of close certificate verification of state, comprising:
Client sends SSL connection request to server, to establish unidirectional SSL connection;
The client gives the server by the close certification request of the SSL connection forwarding country
The server is based on the close certification request of the state and generates challenge code, and the challenge code is sent to the client End;
The client receives the challenge code;
The client signs to the challenge code;
The client sends signing messages and the close certificate of state to server;
The server verifies the close certificate of the signing messages and state, and transmits verification result to client;
The client receives the verification result.
Client and server end is mainly combined and is illustrated by the technical program, and specific embodiment is being implemented It has been described in detail in example one, details are not described herein.
Example IV:
As shown in fig. 6, fourth aspect, the embodiment of the present invention provides a kind of close certificate verification device of state, is used for client, packet It includes:
Connection request module 601: for sending SSL connection request, to establish unidirectional SSL connection;
Certificate sending module 602: for passing through the close certification request of the SSL connection forwarding country;
Challenge code receiving module 603: for receiving the challenge code returned based on the close certification request of the state;
Signature blocks 604: for signing to the challenge code;
Information sending module 605: for sending the close certificate of signing messages and state;
As a result receiving module 606: for receiving the verification result to the close certificate of the signing messages and state.
As a specific embodiment of the present invention, Hash the challenge code: is used by time factor and random number Algorithm for encryption generates.
It is described to sign to the challenge code as a specific embodiment of the present invention, specifically: use private key The challenge code is encrypted.
Embodiment five:
As shown in fig. 7, the 5th aspect, the embodiment of the present invention provide a kind of close certificate verification device of state, it is used for server end, Include:
Request receiving module 701: for receiving SSL connection request, to establish unidirectional SSL connection;
Certification request receiving module 702: pass through the close certification request of the SSL connection forwarding country for receiving;
Challenge code generation module 703: for generating challenge code based on the close certification request of the state, and the challenge is sent Code;
Signing messages receiving module 704: for receiving the close certificate of signing messages and state generated to challenge code signature;
Authentication module 705: for verifying to the close certificate of the signing messages and state, and verification result is sent.
As a specific embodiment of the present invention, challenge code generation module 703 is also used to:
Receive the close certification request of the state;
Challenge code is generated based on the close certification request of the state;
The challenge code is saved in local, and sends the challenge code.
As a specific embodiment of the present invention, authentication module 705 is also used to:
Obtain the public key of the close certificate of the state;
The signing messages is decrypted using the public key, to obtain the challenge code in signing messages;
Challenge code in the signing messages is compared with local challenge code is saved in, to be verified knot Fruit;
Send the verification result.
The technical program is mainly the statement of functional module in server end, specific embodiment embodiment one to It has been described in detail in example IV, details are not described herein.
6th aspect, the embodiment of the present invention provide a kind of electronic equipment, the electronic equipment, comprising: memory, processor And it is stored in the computer program that can be run on the memory and on the processor, the computer program is by the place Reason device realizes the method and step that embodiment one or embodiment two are stated when executing.
Processor can be general processor, such as central processing unit (Central Processing Unit, CPU), also It can be digital signal processor (Digital Signal Processor, DSP), specific integrated circuit (Application Specific Integrated Circuit, ASIC), or be arranged to implement the one or more of the embodiment of the present invention Integrated circuit.Wherein, memory is used to store the executable instruction of the processor;Memory, for storing program code, and The program code is transferred to processor.Memory may include volatile memory (Volatile Memory), such as at random It accesses memory (Random Access Memory, RAM);It also may include nonvolatile memory (Non-Volatile ), such as read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), hard disk Memory (Hard Disk Drive, HDD) or solid state hard disk (Solid-State Drive, SSD);It can also include depositing for mentioned kind The combination of reservoir.
The embodiment of the present invention also provides a kind of offer computer readable storage medium, on the computer readable storage medium It is stored with computer program, the method and step of embodiment one is realized when the computer program is executed by processor.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, service Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much Form, all of these belong to the protection of the present invention.

Claims (10)

1. a kind of close certificate authentication method of state is used for client characterized by comprising
SSL connection request is sent, to establish unidirectional SSL connection;
Pass through the close certification request of the SSL connection forwarding country;
Receive the challenge code returned based on the close certification request of the state;
It signs to the challenge code;
Send signing messages and the close certificate of state;
Receive the verification result to the close certificate of the signing messages and state.
2. the close certificate authentication method of state as described in claim 1, which is characterized in that the challenge code:
It is generated by time factor and random number using hash algorithm encryption.
3. the close certificate authentication method of state as described in claim 1, which is characterized in that it is described to sign to the challenge code, Specifically:
The challenge code is encrypted using private key.
4. a kind of close certificate authentication method of state is used for server end characterized by comprising
SSL connection request is received, to establish unidirectional SSL connection;
Reception passes through the close certification request of the SSL connection forwarding country;
Challenge code is generated based on the close certification request of the state, and sends the challenge code;
Receive the close certificate of signing messages and state generated to challenge code signature;
The close certificate of the signing messages and state is verified, and sends verification result.
5. the close certificate authentication method of state according to claim 4, which is characterized in that described to be based on the close certification request of the state Challenge code is generated, and sends the challenge code, comprising:
Receive the close certification request of the state;
Challenge code is generated based on the close certification request of the state;
The challenge code is saved in local, and sends the challenge code.
6. the close certificate authentication method of state according to claim 5, which is characterized in that described close to the signing messages and state Certificate is verified, and sends verification result, comprising:
Obtain the public key of the close certificate of the state;
The signing messages is decrypted using the public key, to obtain the challenge code in signing messages;
Challenge code in the signing messages is compared with local challenge code is saved in, to be verified result;
Send the verification result.
7. a kind of close certificate authentication method of state characterized by comprising
Client sends SSL connection request to server, to establish unidirectional SSL connection;
The client gives the server by the close certification request of the SSL connection forwarding country
The server is based on the close certification request of the state and generates challenge code, and the challenge code is sent to the client;
The client receives the challenge code;
The client signs to the challenge code;
The client sends signing messages and the close certificate of state to server;
The server verifies the close certificate of the signing messages and state, and transmits verification result to client;
The client receives the verification result.
8. a kind of close certificate verification device of state is used for client characterized by comprising
Connection request module: for sending SSL connection request, to establish unidirectional SSL connection;
Certificate sending module: for passing through the close certification request of the SSL connection forwarding country;
Challenge code receiving module: for receiving the challenge code returned based on the close certification request of the state;
Signature blocks: for signing to the challenge code;
Information sending module: for sending the close certificate of signing messages and state;
As a result receiving module: for receiving the verification result to the close certificate of the signing messages and state.
9. a kind of close certificate verification device of state is used for server end characterized by comprising
Request receiving module: for receiving SSL connection request, to establish unidirectional SSL connection;
Certification request receiving module: pass through the close certification request of the SSL connection forwarding country for receiving;
Challenge code generation module: for generating challenge code based on the close certification request of the state, and the challenge code is sent;
Signing messages receiving module: for receiving the close certificate of signing messages and state generated to challenge code signature;
Authentication module: for verifying to the close certificate of the signing messages and state, and verification result is sent.
10. a kind of electronic equipment, which is characterized in that the electronic equipment, comprising: memory, processor and be stored in described deposit On reservoir and the computer program that can run on the processor, the computer program are realized when being executed by the processor Such as the step of method as claimed in any one of claims 1 to 6.
CN201811338997.6A 2018-11-12 2018-11-12 Method, device and equipment for authenticating national secret certificate Active CN109361681B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811338997.6A CN109361681B (en) 2018-11-12 2018-11-12 Method, device and equipment for authenticating national secret certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811338997.6A CN109361681B (en) 2018-11-12 2018-11-12 Method, device and equipment for authenticating national secret certificate

Publications (2)

Publication Number Publication Date
CN109361681A true CN109361681A (en) 2019-02-19
CN109361681B CN109361681B (en) 2021-10-15

Family

ID=65344870

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811338997.6A Active CN109361681B (en) 2018-11-12 2018-11-12 Method, device and equipment for authenticating national secret certificate

Country Status (1)

Country Link
CN (1) CN109361681B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448958A (en) * 2020-11-30 2021-03-05 南方电网科学研究院有限责任公司 Domain policy issuing method and device, electronic equipment and storage medium
CN113364776A (en) * 2021-06-04 2021-09-07 北银金融科技有限责任公司 Method and system for verifying block link point usage cryptographic algorithm communication
CN113839927A (en) * 2021-09-01 2021-12-24 北京天融信网络安全技术有限公司 Method and system for performing bidirectional authentication based on third party
CN114615046A (en) * 2022-03-07 2022-06-10 中国大唐集团科学技术研究总院有限公司 Administrator double-factor authentication method based on national secret certificate

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188074A (en) * 2011-12-28 2013-07-03 上海格尔软件股份有限公司 Proxy method for improving SSL algorithm intensity of browser
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm
US20140344567A1 (en) * 2009-04-07 2014-11-20 Secureauth Corporation Identity-based certificate management
CN104283886A (en) * 2014-10-14 2015-01-14 中国科学院信息工程研究所 Web safety access implementation method based on intelligent terminal local authentication
CN104735068A (en) * 2015-03-24 2015-06-24 江苏物联网研究发展中心 SIP security authentication method based on commercial passwords
CN105337977A (en) * 2015-11-16 2016-02-17 苏州通付盾信息技术有限公司 Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof
CN105847247A (en) * 2016-03-21 2016-08-10 飞天诚信科技股份有限公司 Authentication system and working method thereof
CN106330838A (en) * 2015-07-01 2017-01-11 阿里巴巴集团控股有限公司 Dynamic signature method, client using the same and server
CN106936790A (en) * 2015-12-30 2017-07-07 上海格尔软件股份有限公司 The method that client and server end carries out two-way authentication is realized based on digital certificate
CN108064440A (en) * 2017-05-25 2018-05-22 深圳前海达闼云端智能科技有限公司 FIDO authentication method, device and system based on block chain

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140344567A1 (en) * 2009-04-07 2014-11-20 Secureauth Corporation Identity-based certificate management
CN103188074A (en) * 2011-12-28 2013-07-03 上海格尔软件股份有限公司 Proxy method for improving SSL algorithm intensity of browser
CN103747001A (en) * 2014-01-14 2014-04-23 中电长城(长沙)信息技术有限公司 Audio-access mobile payment terminal based on security algorithm and communication method based on security algorithm
CN104283886A (en) * 2014-10-14 2015-01-14 中国科学院信息工程研究所 Web safety access implementation method based on intelligent terminal local authentication
CN104735068A (en) * 2015-03-24 2015-06-24 江苏物联网研究发展中心 SIP security authentication method based on commercial passwords
CN106330838A (en) * 2015-07-01 2017-01-11 阿里巴巴集团控股有限公司 Dynamic signature method, client using the same and server
CN105337977A (en) * 2015-11-16 2016-02-17 苏州通付盾信息技术有限公司 Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof
CN106936790A (en) * 2015-12-30 2017-07-07 上海格尔软件股份有限公司 The method that client and server end carries out two-way authentication is realized based on digital certificate
CN105847247A (en) * 2016-03-21 2016-08-10 飞天诚信科技股份有限公司 Authentication system and working method thereof
CN108064440A (en) * 2017-05-25 2018-05-22 深圳前海达闼云端智能科技有限公司 FIDO authentication method, device and system based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
中国人民银行科技司: "《移动金融关键技术与标准解读》", 30 March 2016 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448958A (en) * 2020-11-30 2021-03-05 南方电网科学研究院有限责任公司 Domain policy issuing method and device, electronic equipment and storage medium
CN113364776A (en) * 2021-06-04 2021-09-07 北银金融科技有限责任公司 Method and system for verifying block link point usage cryptographic algorithm communication
CN113839927A (en) * 2021-09-01 2021-12-24 北京天融信网络安全技术有限公司 Method and system for performing bidirectional authentication based on third party
CN113839927B (en) * 2021-09-01 2023-06-09 北京天融信网络安全技术有限公司 Method and system for performing mutual authentication based on third party
CN114615046A (en) * 2022-03-07 2022-06-10 中国大唐集团科学技术研究总院有限公司 Administrator double-factor authentication method based on national secret certificate

Also Published As

Publication number Publication date
CN109361681B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
US11716195B2 (en) Facilitating communications using hybrid cryptography
CN110537346B (en) Safe decentralized domain name system
US10263969B2 (en) Method and apparatus for authenticated key exchange using password and identity-based signature
EP3318037B1 (en) Content security at service layer
US9705859B2 (en) Key exchange through partially trusted third party
US10412098B2 (en) Signed envelope encryption
CN108886468B (en) System and method for distributing identity-based key material and certificates
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
JP2023099091A (en) Method, storage medium and electronic device for secure dynamic threshold signature scheme
KR101786132B1 (en) Low-latency peer session establishment
TWI487359B (en) Secure key generation
US9185111B2 (en) Cryptographic authentication techniques for mobile devices
CN107086981B (en) Controlled security code authentication
WO2022021992A1 (en) Data transmission method and system based on nb-iot communication, and medium
CN109981562B (en) Software development kit authorization method and device
JP6896940B2 (en) Symmetrical mutual authentication method between the first application and the second application
US9531540B2 (en) Secure token-based signature schemes using look-up tables
CN109150897B (en) End-to-end communication encryption method and device
CN110958209B (en) Bidirectional authentication method, system and terminal based on shared secret key
CN109361681A (en) The close certificate authentication method of state, device and equipment
US10601590B1 (en) Secure secrets in hardware security module for use by protected function in trusted execution environment
CN109495445A (en) Identity identifying method, device, terminal, server and medium based on Internet of Things
US11153074B1 (en) Trust framework against systematic cryptographic
Lounis et al. Bad-token: denial of service attacks on WPA3
CN109525565B (en) Defense method and system for short message interception attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant