Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments, but not all embodiments, of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart of a method for verifying real data according to an embodiment of the present invention, as shown in fig. 1, including:
101. the method comprises the steps that a TLS/SSL connection between a client and a server is established, and the client is divided into a checked terminal and a checking terminal;
102. creating a dialogue between the audited terminal and the auditing terminal, wherein the audited terminal generates a Key ServerwriteKey, a Key clientackey and a Key clientwritekey, and the auditing terminal only generates an identity authentication Key SeverMac Key;
103. and the auditing terminal verifies that the data acquired by the audited terminal is consistent with the data of the server according to the SeverMac Key.
It should be noted that the method provided by the embodiment of the present invention is mainly applied to application environments of data service, certificate generation, and certificate verification, and can also be applied to special environments of risk management and investment management, traceability, infringement information in the entertainment and financial industries, and sensor information such as factory pollution emission. It is further described that the embodiment of the present invention may be combined with a blockchain, a connection channel between the blockchain and the real world is constructed, and trusted real world data is provided for the blockchain, and when the application is performed, external data may be written into the blockchain, and necessary conditions for running when contract terms are satisfied are set, so that the contract is automatically executed according to preset rules.
Specifically, in step 101, the embodiment of the present invention first establishes a TLS/SSL connection between the server and the audited party. It will be appreciated that the TLS protocol is intended to provide secure communications in a client-server model. Its most prominent use is to protect the HTTP protocol (HTTPs). In such an arrangement, only the (Web) server is authenticated, based on x.509 certificates, the current and recommended version of the protocol is TLS 1.2, but older versions, e.g. 1.0 and 1.1, are still widely supported. In order to prove that the data acquired by the client actually comes from the source server, the embodiment of the present invention divides the client into two parts, namely, an audited party and an auditor, namely, an audited terminal and an auditing terminal in the embodiment of the present invention. It can be understood that, in the embodiment of the present invention, the client side is divided into two parts, namely the executor and the supervisor, to complete the data acquisition work, and the TLS protocol does not need to be modified, so that the server side is not sensitive, and most of the current web pages support the TLS versions 1.0 and 1.1, so that the present invention can be applied to most of the websites.
Further, in step 102, different from the interaction process in the prior art, in the embodiment of the present invention, an interaction process between the audited party and the auditor is established when the session is created, and in the interaction process, in order to ensure security and prevent potential safety hazards such as collusion between the audited party and the auditor or tampering after the audited party obtains a complete key, the auditor sends a partial pre-master password of the auditor to the audited party after RSA encryption. The auditor multiplies the pre-master password with the auditor after the RSA encryption, and then transmits the result to the server, so that the server can decrypt the complete pre-master password through the private key according to the multiplication homomorphism of the RSA. Meanwhile, the auditor and the audited party generate the ServerMac Key and the other three session keys respectively. Wherein the Server Mac Key is a verification Key used by an auditor to verify data.
Finally, in step 103, the auditor can verify the authenticity of the data obtained by the client by using the ServerMac Key. Specifically, the audited party is responsible for generating an attestation file after obtaining the data from the server. The certificate mainly comprises a hash value of data outside the server and a signature of an auditor. Since the ServerMacKey obtained by the auditor needs to be written in the certification file, but in order to ensure that the auditor cannot tamper with the external data after obtaining the complete key, the auditor needs to sign the hash value of the external data obtained from the server. This document provides the user with proof that the data we have provided indeed came from the origin server. Then, the embodiment of the present invention may also perform verification of the certification document, where the verification step is determined according to the generation step, and mainly focuses on verification of the public key, the hash value, and the signature.
According to the method for verifying the real data, the TLS/SSL connection between the server and the audited party is verified through the third-party audit. The auditor and the audited party communicate by using a specific protocol, and simultaneously start to connect to the server, and the auditor can affirmatively prove that the audited party provides data from the server after auditing.
On the basis of the above embodiment, the establishing, by the client, the TLS/SSL connection with the server includes:
the client sends the client random number and the encryption method supported by the client to the server, so that the server sends a digital certificate and the server random number to the client after confirming the encryption method;
after the digital certificate and the server random number sent by the server are received and the digital certificate is verified to be valid, a pre-master password is generated, and the pre-master password is encrypted by using a public key in the digital certificate and then sent to the server so that the server can decrypt the pre-master password according to a private key of the server;
and the server and the client generate a session key according to the encryption method to complete the establishment of the TLS/SSL connection.
As can be seen from the above description of the embodiments, the implementation of the embodiments of the present invention is based on the verification of the TLS/SSL connection between the server and the audited party by a third-party auditor. Then, the auditor and the audited party communicate by using a specific protocol, and simultaneously start to connect to the server, and the auditor can affirmatively declare that the audited party provides the data from the server after the auditor goes through the audit.
Then the specific TLS/SSL connection establishment process is: firstly, a Client gives a protocol version number, a generated random number (Client random) and an encryption method supported by the Client; then the Server confirms the encryption method used by both sides and gives out the digital certificate and a Server generated random number (Server random); the client side confirms that the digital certificate is valid, then a new pre-master password is generated, the random number is encrypted by using a public key in the digital certificate, and the random number is sent to the server; the server uses its own private key to obtain the premaster password sent by the client. The client and the server use the three random numbers to generate a 'conversation key' according to an agreed encryption method, and the 'conversation key' is used for encrypting the whole conversation process. The session Key comprises a Client Write Key, a Server Write Key, a Client MacKey and a Server MacKey. It should be noted that the data transmission process provided by the embodiment of the present invention is the same as the ordinary Http request, except that the data is encrypted by using the Client Write Key and the Server Write Key.
On the basis of the above embodiment, the creating a dialog between the audited terminal and the audited terminal includes:
after the first handshake of the transport layer security TLS protocol, the audited terminal receives a first pre-master password which is sent by the audit terminal and encrypted by RSA;
and the audited terminal multiplies the second pre-main password encrypted by the RSA by the first pre-main password encrypted by the RSA and then sends the multiplied result to the server so that the server can decrypt the complete pre-main password according to the multiplication homomorphism of the RSA.
As can be seen from the content of the above embodiment, the auditing party and the audited party interact with each other in the embodiment of the present invention, and during the interaction, both the auditor and the audited party are responsible for generating a part of the pre-master password. The auditor sends the encrypted pre-master password required by the audited party to the audited party, so that the audited party can generate a 'session key'. Meanwhile, the auditor will obtain the partial generation authentication Key (SeverMac Key) required to generate the authentication Key from the audited party. Thus, the auditor and the auditor do not know the Key of the other party, and the auditor cannot make false data to deceive the auditor under the condition that the auditor does not have the Server Mac Key. And finally, the auditor is responsible for transmitting the encrypted two-part secret key to the server according to the multiplication homomorphism attribute of the RSA.
Furthermore, after the digital certificate of the server is verified, the audited party and the auditor respectively use the public keys transmitted by the server to carry out RSA encryption. In order to allow each party of the client to transmit a complete pre-master password to the server without sharing the two pre-master passwords, the embodiment of the invention utilizes the homomorphic property of RSA encryption:
(RSA(x1)×RSA(x2))mod n=RSA(x1×x2);
in order to obtain a string of 48bytes of random data, i.e. a spliced two-part pre-master password, after the server private key is decrypted, the special number of bits of the pre-master password 1(S1) and the pre-master password 2(S2) is defined as follows:
the first 24bytes is S1-48 bytes: 0301 | |12random bytes | |33bytes 00| |01
The last 24bytes is S2-48 bytes: 24bytes 00 < 9random bytes < 14bytes 00 < 01|
Meanwhile, since the RSA algorithm encryption specifies that a random padding string should be added before the message to be encrypted (if there is no padding, RSA encryption is not secure), the complete sequence of the auditor and auditor that is finally formed is:
the auditor: [39bytes P1| |00| | 0301 | |12random bytes | |33bytes 00| |01]
An auditor: [119bytes P2| | |25bytes 00| | |9random bytes | |14bytes 00| |01]
After multiplication of these two sequences, the last 48bytes of the resulting product is the concatenation of the previous S1 and S2, in the form:
00||02||...205bytes of padding...||00||S1||S2
the server receives the RSA-encrypted string of data and decrypts it with its own private key to obtain the complete pre-master password (S1| | S2).
On the basis of the foregoing embodiment, the generating an authentication Key SeverMac Key for the audit terminal includes:
and generating four keys according to a pseudo-random function, wherein one Key is the SeverMac Key and is used for authenticating whether the data comes from the server, and the other three keys are used for data capture and communication with the server.
As can be seen from the above description of the embodiments, the embodiments of the present invention generate the key to allow the auditor to perform authentication according to the key.
Specifically, the embodiment of the invention adopts a pseudo-random function for verification, and the audited party and the auditor use the pseudo-random function:
PRF(secret,label,seed)=PMD5(S1,label+seed)⊕PSHA-1(S2,label+seed)
respectively and correspondingly generating four keys of a Server MacKey and a ClientWriteKey/Server Mac Key/Client Mac Key, wherein an auditor only generates the Server MacKey, and the SeverMac Key is used for authenticating whether the data comes from the Server; the audited party generates three other keys which are mainly used for data capture and communication with the server; the server side has the complete premaster secret itself so that the complete four session keys can be generated.
On the basis of the above embodiment, the verifying that the data acquired by the client comes from the server according to the SeverMac Key by the auditing terminal includes:
the auditing terminal verifies whether the data provided by the audited terminal is matched with the data provided by the server according to the SeverMac Key;
and if the data provided by the audited terminal is matched with the data provided by the server, verifying that the data acquired by the client comes from the server.
As can be seen from the above description, the embodiment of the present invention requires the auditor to verify the data, and the auditor is responsible for generating a certification document after obtaining the data from the server.
Then the specific verification process is: when an auditor receives a certification document, whether a public key of a certification server is matched with a public key of the certification document or not is determined, the verification method comprises two steps, wherein the first step is as follows: verifying whether the digital certificate has a credible CA signature; the second step is: the public key delivered by the server is extracted and compared with the public key contained in the certificate. After the public key is verified, the information contained in the certificate is verified in one step. A session of audited parties and auditors is first created and initialized. And extracting the certificate from the uploaded certification file, and verifying whether the auditor provides a valid auditor signature. After the valid signature is verified, the auditor verifies whether the data provided by the auditor is matched with the data provided by the Server by using the Server Mac Key. If the certificate is correctly stated to be credible, the data comes from the original server and is not tampered. Otherwise, the verification certificate fails and the data is not matched with the original server.
Fig. 2 is a schematic structural diagram of an actual data verification system provided in an embodiment of the present invention, as shown in fig. 2, including: a connection establishing module 201, a verification key generating module 202 and a data verifying module 203, wherein:
the connection establishing module 201 is used for establishing TLS/SSL connection between a client and a server, and splitting the client into a checked terminal and an auditing terminal;
the verification Key generation module 202 is configured to create a dialog between the audited terminal and the auditing terminal, where the audited terminal generates a Key servermattekey, a Key clientackey, and a Key clientwritekey, and the auditing terminal only generates an authentication Key SeverMac Key;
the data verification module 203 is configured to verify, by the audit terminal, that the data acquired by the audited terminal is consistent with the data of the server according to the SeverMac Key.
Specifically, how to perform the real data verification through the connection establishing module 201, the verification key generating module 202, and the data verifying module 203 may be used to execute the technical solution of the real data verifying method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which is not described herein again.
The real data verification system provided by the embodiment of the invention verifies the TLS/SSL connection between the server and the checked party through the third-party verification. The auditor and the audited party communicate by using a specific protocol, and simultaneously start to connect to the server, and the auditor can affirmatively prove that the audited party provides data from the server after auditing.
An embodiment of the present invention provides an electronic device, including: at least one processor; and at least one memory communicatively coupled to the processor, wherein:
fig. 3 is a block diagram of an electronic device according to an embodiment of the present invention, and referring to fig. 3, the electronic device includes: a processor (processor)301, a communication Interface (communication Interface)302, a memory (memory)303 and a bus 304, wherein the processor 301, the communication Interface 302 and the memory 303 complete communication with each other through the bus 304. Processor 301 may call logic instructions in memory 303 to perform the following method: the method comprises the steps that a TLS/SSL connection between a client and a server is established, and the client is divided into a checked terminal and a checking terminal; creating a dialogue between the audited terminal and the auditing terminal, wherein the audited terminal generates a Key ServerwriteKey, a Key clientackey and a Key clientwritekey, and the auditing terminal only generates an identity authentication Key SeverMac Key; and the auditing terminal verifies that the data acquired by the audited terminal is consistent with the data of the server according to the SeverMac Key.
An embodiment of the present invention discloses a computer program product, which includes a computer program stored on a non-transitory computer readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer can execute the methods provided by the above method embodiments, for example, the method includes: the method comprises the steps that a TLS/SSL connection between a client and a server is established, and the client is divided into a checked terminal and a checking terminal; creating a dialogue between the audited terminal and the auditing terminal, wherein the audited terminal generates a Key ServerwriteKey, a Key clientackey and a Key clientwritekey, and the auditing terminal only generates an identity authentication Key SeverMac Key; and the auditing terminal verifies that the data acquired by the audited terminal is consistent with the data of the server according to the SeverMac Key.
Embodiments of the present invention provide a non-transitory computer-readable storage medium, which stores computer instructions, where the computer instructions cause the computer to perform the methods provided by the above method embodiments, for example, the methods include: the method comprises the steps that a TLS/SSL connection between a client and a server is established, and the client is divided into a checked terminal and a checking terminal; creating a dialogue between the audited terminal and the auditing terminal, wherein the audited terminal generates a Key ServerwriteKey, a Key clientackey and a Key clientwritekey, and the auditing terminal only generates an identity authentication Key SeverMac Key; and the auditing terminal verifies that the data acquired by the audited terminal is consistent with the data of the server according to the SeverMac Key.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to each embodiment or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.