CN110190964A - Identity identifying method and electronic equipment - Google Patents
Identity identifying method and electronic equipment Download PDFInfo
- Publication number
- CN110190964A CN110190964A CN201910406642.4A CN201910406642A CN110190964A CN 110190964 A CN110190964 A CN 110190964A CN 201910406642 A CN201910406642 A CN 201910406642A CN 110190964 A CN110190964 A CN 110190964A
- Authority
- CN
- China
- Prior art keywords
- temporary
- public key
- server
- key
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Telephonic Communication Services (AREA)
Abstract
The present invention relates to video conferencing technology fields, specifically disclose identity identifying method and electronic equipment, and wherein method includes: to generate temporary key pair;Temporary key is to including temporary public key and temporary private;Temporary public key is sent to secure hardware;Receive the temporary public key authentication data that secure hardware is returned based on temporary public key;Temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to temporary public key;The identification authentication data sent based on temporary private to client is signed, and to obtain signature information, and temporary public key authentication data is added in signature information;Signature information is sent to client, so that client carries out authentication to server.It only needs to do once signed to temporary public key using hardware private keys in secure hardware, remaining can complete the signature for the identification authentication data that each client is sent in the server;It is signed using the process performance of server, greatly improves the efficiency of authentication.
Description
Technical field
The present invention relates to video conferencing technology fields, and in particular to identity identifying method and electronic equipment.
Background technique
In asymmetric cryptography system, public key is can be disclosed, and private key must secret keeping.In order to safely store
Private key is generally saved in safety chip, USBkey or cipher card by private key.Private key is once importing in these secure hardwares
It can not again read, certain operations, such as signature or decryption can only be carried out using internal private key.
When secure hardware is used in combination with videoconferencing platform server, since video conference is usually possible while several hundred
A thousands of a terminal devices concurrently log in, and carry out body to several hundred thousands of a terminal devices this requires secure hardware needs to realize
Part certification, or the data of terminal transmission are decrypted etc..Specifically, each client generates a random number service of issuing
Random number is sent to secure hardware by device, server, secure hardware signed using the private key of storage to random number after by
Server is then forwarded to client, and then client is signed with server public key by verifying come the identity of authentication server.But
It is that, due to the calculated performance of these secure hardwares, the speed that will lead to authentication is all slow, meanwhile, carrying out key
It in exchange process, needs to use the private key in server in secure hardware and is decrypted, also resulted in using secure hardware decryption
The speed of key exchange is slower, can not adapt to the needs of large capacity calculating.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of identity identifying method and electronic equipment, to solve authentication
Low efficiency the problem of.
According in a first aspect, the identity identifying method is by taking the embodiment of the invention provides a kind of identity identifying method
Business device executes, and the identity identifying method includes:
Generate temporary key pair;Wherein, the temporary key is to including temporary public key and temporary private;
The temporary public key is sent to secure hardware;
Receive the temporary public key authentication data that the secure hardware is returned based on the temporary public key;The temporary public key is recognized
Demonstrate,proving data is that the secure hardware is signed to obtain with hardware private keys to the temporary public key;
The identification authentication data sent based on the temporary private to client is signed, to obtain signature information, and
The temporary public key authentication data is added in the signature information;
The signature information is sent to the client, is recognized so that the client carries out identity to the server
Card.
Identity identifying method provided in an embodiment of the present invention determines temporary public key using the hardware private keys in secure hardware
Identity only needs to do once temporary public key using hardware private keys in secure hardware for the authentication of server
Signature, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using service
Temporary key in device is transferred to service to by originally in secure hardware to the signature of the identification authentication data of different clients
It is completed in device, is signed, greatly improved to the identification authentication data of different clients using the process performance of server
The efficiency of authentication.
With reference to first aspect, in first aspect first embodiment, the generation temporary key pair, comprising:
Log-on data treatment progress, the data processing process is for handling the server and at least one described client
Communication data between end;
The temporary key pair is generated in the memory of the server using the data processing process.
Identity identifying method provided in an embodiment of the present invention, since temporary key is to being in each data processing process initiation
When temporarily generate, stolen will not under the influence of one-shot safety, in the premise for not influencing essential safety requirements
Under, guarantee the efficiency of authentication;Simultaneously because the process of operating system all operates under empty mode, each process possesses independence
Address space, attacker generally can not to the key in proceeding internal memory carry out striding course access, further ensure identity and recognize
The safety of card.
First embodiment with reference to first aspect, in first aspect second embodiment, the reception safety is hard
After the step of temporary public key authentication data that part is returned based on the temporary public key, further includes:
The temporary public key authentication data is stored in the memory of the server.
With reference to first aspect, in first aspect third embodiment, it is described the signature information is sent to it is described
After client, further includes:
The encrypted session key that the client is sent is received, the encrypted session key is as described in client utilization
Temporary public key encrypted session key obtains, and the session key is used for the communication number between the server and the client
According to being encrypted;
The encrypted session key is decrypted using the temporary private, obtains the session key.
Identity identifying method provided in an embodiment of the present invention is confirming temporary public key using the hardware private keys in secure hardware
Identity after, decryption to session key data directly can be realized using server for the decryption of session key, without
Secure hardware must be recycled to be decrypted, since the process performance of server is far longer than secure hardware, can be greatly
Improve the efficiency of session key encryption and decryption.
First embodiment with reference to first aspect, in the 4th embodiment of first aspect, further includes:
At the end of the data processing process, the temporary key pair is removed.
Identity identifying method provided in an embodiment of the present invention ensure that body by removing the sensitive data of temporary key pair
The safety of part certification.
Any one of with reference to first aspect or first aspect first embodiment is to the 4th embodiment of first aspect,
In the 5th embodiment of first aspect, the method also includes:
The temporary key pair is removed every preset time, and regenerates new temporary key pair;
Signature authentication is carried out to the client to the unverified server using the new temporary key, and/or, benefit
Encryption and decryption is carried out to session key with the new temporary key;Wherein, the session key be used for the server with
Communication data between the client is encrypted.
Identity identifying method provided in an embodiment of the present invention guarantees temporary key pair by the update to temporary key pair
Safety, and then guarantee authentication safety.
According to second aspect, the embodiment of the invention also provides a kind of identity identifying method, the identity identifying method by
Client executing, the identity identifying method include:
Obtain the signature information that server is sent;Wherein, the signature information is that server uses temporary private to client
What the identification authentication data at end was signed, temporary public key authentication data is carried in the signature information, it is described interim
Authentication public key data are that secure hardware is signed to obtain using hardware private keys to temporary public key;
Using temporary public key authentication data described in hardware public key sign test, to extract the temporary public key;Wherein, the hardware
Public key is corresponding with the hardware private keys;
Sign test is carried out to the identification authentication data after signature based on the temporary public key, to carry out to the server
Authentication.
Identity identifying method provided in an embodiment of the present invention, using the hardware private keys confirmation temporary public key in secure hardware
Identity only needs to do once temporary public key using hardware private keys in secure hardware for the authentication of server
Signature, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using service
Temporary key in device is transferred to service to by originally in secure hardware to the signature of the identification authentication data of different clients
It is completed in device, is signed, greatly improved to the identification authentication data of different clients using the process performance of server
The efficiency of authentication.
In conjunction with second aspect, in second aspect first embodiment, it is described based on the temporary public key to signature after
The identification authentication data carried out after the step of sign test, further includes:
When the authentication of server success, session key is encrypted using the temporary public key, with
To encrypted session key;Wherein, the session key be used for the communication data between the server and the client into
Row encryption;
The encrypted session key is sent to the server.
Identity identifying method provided in an embodiment of the present invention, since temporary public key has used the hardware in secure hardware private
Key determined identity, then directly session key can be encrypted using server temporary public key generated, it is subsequent
The decryption of session key can be realized directly using server, without being carried out by secure hardware, due to server
Process performance is far longer than secure hardware, therefore, can greatly improve the efficiency of session key encryption and decryption.
According to the third aspect, the embodiment of the invention provides a kind of electronic equipment, comprising: memory and processor, it is described
Connection is communicated with each other between memory and the processor, computer instruction is stored in the memory, and the processor is logical
It crosses and executes the computer instruction, thereby executing body described in any one of first aspect or first aspect embodiment
Identity authentication method.
It is described computer-readable the embodiment of the invention provides a kind of computer readable storage medium according to fourth aspect
Storage medium stores computer instruction, and the computer instruction is for making the computer execute first aspect or first aspect
Any one embodiment described in identity identifying method.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 2 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 3 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 4 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 5 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 6 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 7 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 8 is the structural block diagram of identification authentication system according to an embodiment of the present invention;
Fig. 9 is the structural block diagram of identification authentication system according to an embodiment of the present invention;
Figure 10 is the hardware structural diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those skilled in the art are not having
Every other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
The application scenarios of identity identifying method described in the embodiment of the present invention and key exchange method can be with are as follows: in video
In meeting, video conference is carried out between server and client, wherein the quantity of client can be arranged according to the actual situation,
Hereinafter it is described in detail by taking multiple client as an example.
Secure hardware described in the embodiment of the present invention is electrically connected with the processor in server, secure hardware can be managed
Solution is cipher card, USBKey etc..Due to server processor arithmetic speed considerably beyond cipher card arithmetic speed, and
Server can also carry out multithreads computing using multi-core processor, can increase substantially operational performance.For example, general
The signature speed of USBKey can only achieve 50 times/second, and the signature speed of an Inter Xeon E5-2620 processor monokaryon
2000 times/second can be reached.If counting 16 core parallel computations in, it can achieve the label of 2000*16=32000 times/second
Name speed.Therefore, the processor that authentication can be theoretically put into server is handled.But due to hardware private keys
Being stored in secure hardware can not read, and operation is carried out in processor so cannot directly take.Based on this, present inventor
It proposes to generate temporary key pair in the server, and carries out signature authentication with the hardware private keys in secure hardware.That is secure hardware
Only once signed certification need to be carried out to temporary key using hardware private keys, subsequent all data processings can be in the server
It is handled using temporary key, greatly improves the efficiency of data processing.
Specifically, for server comprising processor and secure hardware are provided based on the embodiment of the present invention
Identity identifying method, secure hardware need to only carry out once signed operation, sign to server temporary public key generated,
The processing of subsequent all signatures, encryption and decryption can execute in the processor of server, unrelated with secure hardware.This method
The process performance that server can greatly be utilized, improves the efficiency of data processing.
According to embodiments of the present invention, a kind of identity identifying method embodiment is provided, it should be noted that in the stream of attached drawing
The step of journey illustrates can execute in a computer system such as a set of computer executable instructions, although also, flowing
Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein
The step of.
A kind of identity identifying method is provided in the present embodiment, can be applied to the processor of server in video conference
In, it also can be applied in other processors, this method is executed by server in a word.Hereinafter with the processing of server
It is described in detail for device.Fig. 1 is the flow chart of identity identifying method according to an embodiment of the present invention, as shown in Figure 1, the stream
Journey includes the following steps:
S11 generates temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The processor of server can be generates temporary key pair when video conference starts in real time.Wherein, server
Public key is referred to as hardware public key, and the private key of server is referred to as hardware private keys.The hardware public key is corresponding with hardware private keys, and
Hardware private keys are stored in secure hardware, and hardware public key is sent to client generally by the form of digital certificate.
The temporary key is also possible in same video conference to can be what each video conference was updated
It is updated every preset time, any restriction is not done to the renewal time of temporary key pair or update opportunity at this.For
Server update temporary key for, if before temporary key is to update, client had verified that server identity and
If always on, then there is no need to the identity of authentication server again for these clients;But it is subsequent in progress communication data
Encryption when, it is necessary to using update temporary key pair.If client goes offline online again after temporary key is to update
, alternatively, the client being newly added, these clients may be referred to collectively as the client of unverified server;It is above-mentioned unverified
The client of server requires to authenticate the identity of server, and using the temporary key updated to progress subsequent communications
The encryption of data.
Temporary public key is sent to secure hardware by S12.
Accessed temporary public key is sent to secure hardware by the processor of server, in order to which secure hardware utilizes institute
The hardware private keys of storage sign to it.
S13 receives the temporary public key authentication data that secure hardware is returned based on temporary public key.
Wherein, the temporary public key authentication data is that secure hardware sign to the temporary public key with hardware private keys
It arrives.
The processor of server is after being sent to secure hardware for temporary public key, and secure hardware is using hardware private keys to institute
The temporary public key got is signed, to obtain temporary public key authentication data.The processor of server is getting this temporarily
It after authentication public key data, can store it in memory, to be used for subsequent authentication.
S14, the identification authentication data sent based on temporary private to client are signed, to obtain signature information, and
Temporary public key authentication data is added in signature information.
When client connects server, user end to server sends identification authentication data, the processor benefit of server
The signature that authentication is carried out to identification authentication data is carried out with temporary private, specific signature scheme is carried out with using hardware private keys
The signature of authentication is similar, and details are not described herein.
The temporary public key authentication data that secure hardware is sent also is added in signature information by the processor of server, will face
When authentication public key data be sent to client together.
Optionally, the identification authentication data that client is sent can be the random number of client generation.For example, working as multiple visitors
When family end connects server, each client can generate a random number, and the random number is sent to server, take at this time
After business device receives random number, signed in the processor using temporary private to each random number, and in affix S13
The temporary public key authentication data received forms signature information and is sent to corresponding client.
Signature information is sent to client by S15, so that client carries out authentication to server.
Wherein, include two kinds of signed datas in signature information: (1) secure hardware is using hardware private keys to the label of temporary public key
Name data;(2) signed data for the identification authentication data that the processor of server sends client using temporary private.Service
Obtained signature information is sent to client by the processor of device, and client carries out server based on the signature information received
Authentication.Hereinafter, it will be described in client and identity authentication method carried out to server.
Identity identifying method provided in this embodiment, using the body of the hardware private keys confirmation temporary public key in secure hardware
Part, for the authentication of server, only need to make primary label to temporary public key using hardware private keys in secure hardware
Name, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using interim close
Key is transferred in server and completes to by originally in secure hardware to the signature of the identification authentication data of different clients, benefit
It is signed with identification authentication data of the process performance of server to different clients, greatly improves the effect of authentication
Rate.
A kind of identity identifying method is additionally provided in the present embodiment, can be applied to the processing of server in video conference
In device, Fig. 2 is the flow chart of identity identifying method according to an embodiment of the present invention, as shown in Fig. 2, the process includes following step
It is rapid:
S21 generates temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The temporary key generates the processor for being server when starting data processing in real time, specifically, the step
Suddenly include:
S211, log-on data treatment progress.
Wherein, data processing process is for the communication data between processing server and at least one client.
By taking video conference as an example, server is when starting video conference, and log-on data treatment progress in memory first should
Data processing process is used for authentication and subsequent data encrypting and deciphering.Alternatively, it is to be understood that the data processing process is
For handling the communication data in entire video conference.
S212 generates temporary key pair using data processing process in the memory of server.
The processor of server generates temporary key pair in log-on data treatment progress in real time in memory.
Temporary public key is sent to secure hardware by S22.
The S12 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S23 receives the temporary public key authentication data that secure hardware is returned based on temporary public key.
The temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to the temporary public key.
The S13 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S24, the identification authentication data sent based on temporary private to client are signed, to obtain signature information, and
Temporary public key authentication data is added in signature information.
Wherein, temporary public key authentication data is also carried in the signature information.
Specifically, which includes:
S241 signs to identification authentication data using temporary private, to obtain signature information.
The processor of server carries out the identification authentication data that each client is sent using generated temporary private
Signature, so as to obtain signature information.
S242 extracts temporary public key authentication data from memory.
After the processor of server receives the temporary public key authentication data of secure hardware return in S23, stored
In memory.At this point, the processor of server need to only extract temporary public key authentication data from memory.
S243, by the addition of temporary public key authentication data in signature information.
Temporary public key authentication data is attached in signed data by the processor of server.
Signature information is sent to client by S25, so that client carries out authentication to server.
The S15 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S26, judges whether data processing process terminates.
The monitoring terminated for process can be whether the data processing process real-time monitoring receives stopping data processing
The order of process indicates that data processing process terminates at this time upon reception of the command.
Alternatively, whether the processor of server can also terminate to judge using other modes to data treatment progress,
Any restrictions are not done to specific judgment method at this.
At the end of data processing process, temporary key pair is removed.Otherwise, S26 is executed.By removing temporary key pair
Sensitive data ensure that the safety of authentication.
Identity identifying method provided in this embodiment, since temporary key is to being faced in each data processing process initiation
When generate, even if stolen will not under the influence of the safety of one-shot protected under the premise of not influencing essential safety requirements
Demonstrate,prove the efficiency of authentication;Simultaneously because the process of operating system all operates under empty mode, each process possesses independently
Location space, attacker generally can not carry out striding course access to the key in proceeding internal memory, further ensure authentication
Safety.
The embodiment of the invention also provides a kind of identity identifying method, the processing of server in video conference can be applied to
In device, Fig. 2 is the flow chart of identity identifying method according to an embodiment of the present invention, as shown in Fig. 2, the process includes following step
It is rapid:
S31 generates temporary key pair.
The S21 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
Temporary public key is sent to secure hardware by S32.
The S21 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S33 receives the temporary public key authentication data that secure hardware is returned based on temporary public key.
The temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to the temporary public key.
The S23 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S34, the identification authentication data sent based on temporary private to client are signed, to obtain signature information, and
Temporary public key authentication data is added in signature information.
The S24 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
Signature information is sent to client by S35, so that client carries out authentication to server.
The S25 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S36 receives the encrypted session key that client is sent.
Wherein, the encrypted session key is obtained by client using temporary public key encrypted session key, and the session is close
Key is for encrypting the communication data between server and client.
When authentication success of the client to server, server can receive the encryption session of server transmission
Key.
S37 is decrypted encrypted session key using temporary private, obtains session key.
The processor of server is decrypted encrypted session key using stored temporary private, due to encrypting session
Key encrypts to obtain using temporary public key, and temporary private is corresponding with temporary public key, therefore, can be solved using temporary private
Close session key out.
The processor of subsequent server is the encryption and decryption that video data is carried out using the session key that decryption obtains.
S38, judges whether data processing process terminates.
At the end of data processing process, temporary key pair is removed.Otherwise, S38 is executed.
Identity identifying method provided in this embodiment, in the body using the hardware private keys confirmation temporary public key in secure hardware
After part, the decryption to session key directly can be realized using the processor of server for the decryption of session key, without
It must be decrypted by recycling secure hardware, since the process performance of server is far longer than secure hardware, Ke Yiji
The earth improves the efficiency of session key encryption and decryption.
According to embodiments of the present invention, a kind of identity identifying method embodiment is provided, it should be noted that in the stream of attached drawing
The step of journey illustrates can execute in a computer system such as a set of computer executable instructions, although also, flowing
Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein
The step of.
A kind of identity identifying method is provided in the present embodiment, can be applied to the client in video conference, and Fig. 4 is
The flow chart of identity identifying method according to an embodiment of the present invention, as shown in figure 3, the process includes the following steps:
S41 obtains the signature information that server is sent.
Wherein, the signature information is that server sign to the identification authentication data of client using temporary private
It arrives, temporary public key authentication data is carried in the signature information, the temporary public key authentication data is that secure hardware uses
Hardware private keys sign to temporary public key.
The signature information is that server is sent to client, wherein the description as described in temporary public key authentication data
The description of the S23 of the description or embodiment illustrated in fig. 2 of the S13 of embodiment shown in Figure 1;The description as described in signature information
The description of the S24 of the S14 or embodiment illustrated in fig. 2 of embodiment shown in Figure 1, details are not described herein.
S42, using hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
After client gets signature information, number is authenticated to temporary public key using hardware public key corresponding with hardware private keys
According to progress sign test, it is therefore intended that extract the temporary public key in temporary public key authentication data.
S43 carries out sign test to the identification authentication data after signature based on temporary public key, is recognized with carrying out identity to server
Card.
Client carries out sign test to the identification authentication data after server signature using temporary public key, extracts signature information
In identification authentication data, client by the identification authentication data extracted be sent to server identification authentication data carry out
Compare, when the two is identical, indicates the success of authentication at this time;Otherwise, authentication fails.
For example, client carries out sign test to the random number after server signature using temporary public key, it is random to extract first
Number;It is the second random number that client, which is sent to server, and when the first random number is identical as the second random number, identity is recognized at this time
It demonstrate,proves successfully;Otherwise, authentication fails.
Identity identifying method provided in this embodiment, using the body of the hardware private keys confirmation temporary public key in secure hardware
Part, for the authentication of server, only need to make primary label to temporary public key using hardware private keys in secure hardware
Name, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using interim close
Key is transferred in server and completes to by originally in secure hardware to the signature of the identification authentication data of different clients, benefit
It is signed with identification authentication data of the process performance of server to different clients, greatly improves the effect of authentication
Rate.
A kind of key exchange method is provided in the present embodiment, can be applied to the client in video conferencing system,
Fig. 5 is the flow chart of key exchange method according to an embodiment of the present invention, as shown in figure 5, the process includes the following steps:
S51 obtains the signature information that server is sent.
Wherein, the signature information is that server sign to the identification authentication data of client using temporary private
It arrives, temporary public key authentication data is carried in the signature information, the temporary public key authentication data is that secure hardware uses
Hardware private keys sign to temporary public key.
The S41 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S52, using hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
The S42 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S53 carries out sign test to the identification authentication data after signature based on temporary public key, is recognized with carrying out identity to server
Card.
The S43 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S54 encrypts session key using temporary public key, when the authentication of server success to be added
Close session key.
Wherein, the session key is for encrypting the communication data between the server and the client.
When authentication success of the client to server, client can use temporary public key to session key at this time
It is encrypted, encrypted session key can be obtained.
Encrypted session key is sent to server by S55.
Encrypted session key is sent to server by client, and the processor of subsequent server is using corresponding with temporary public key
Temporary private can decrypt the session key in encrypted session key.
Identity identifying method provided in this embodiment, since temporary public key has used the hardware private keys in secure hardware true
Recognized identity, then can directly be encrypted using server temporary public key generated to session key, it is subsequent for
The decryption of session key can be realized directly using server, without being carried out by secure hardware, due to the processing of server
Performance is far longer than secure hardware, therefore, can greatly improve the efficiency of session key encryption and decryption.
According to embodiments of the present invention, a kind of identity identifying method embodiment is provided, it should be noted that in the stream of attached drawing
The step of journey illustrates can execute in a computer system such as a set of computer executable instructions, although also, flowing
Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein
The step of.
A kind of identity identifying method is provided in the present embodiment, can be applied in video conferencing system, and Fig. 6 is basis
The flow chart of the identity identifying method of the embodiment of the present invention, as shown in fig. 6, the process includes the following steps:
S61, server generate temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The S11 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S21 of embodiment illustrated in fig. 2 also may refer to.
Temporary public key is sent to secure hardware by S62, server.
The S12 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S63, secure hardware signs to temporary public key using hardware private keys, to obtain temporary public key authentication data.
The description as described in temporary public key authentication data in the S13 of embodiment illustrated in fig. 1 is referred to, it is no longer superfluous herein
It states.
Temporary public key authentication data is sent to server by S64, secure hardware.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
S65, server are signed based on the identification authentication data that temporary private sends client, are disappeared with obtaining signature
Breath, and temporary public key authentication data is added in signature information.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
Signature information is sent to client by S66, server, so that client carries out authentication to server.
The S15 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S67, client uses hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
The S42 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S68 carries out sign test to the identification authentication data after signature based on temporary public key, is recognized with carrying out identity to server
Card.
The S43 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
A kind of identity identifying method is provided in the present embodiment, can be applied in video conferencing system, and Fig. 7 is basis
The flow chart of the identity identifying method of the embodiment of the present invention, as shown in fig. 7, the process includes the following steps:
S701, server generate temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The S11 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S21 of embodiment illustrated in fig. 2 also may refer to.
Temporary public key is sent to secure hardware by S702, server.
The S12 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S703, secure hardware signs to temporary public key using hardware private keys, to obtain temporary public key authentication data.
The description as described in temporary public key authentication data in the S13 of embodiment illustrated in fig. 1 is referred to, it is no longer superfluous herein
It states.
Temporary public key authentication data is sent to server by S704, secure hardware.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
S705, server are signed based on the identification authentication data that temporary private sends client, to be signed
Message, and temporary public key authentication data is added in signature information.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
Signature information is sent to client by S706, server, so that client carries out authentication to server.
The S15 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S707, client uses hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
The S42 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S708, client carries out sign test to the identification authentication data after signature based on temporary public key, to carry out to server
Authentication.
The S43 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S709, when the authentication of server success, client encrypts session key using temporary public key, with
Obtain encrypted session key.
Wherein, the session key is for encrypting the communication data between the server and the client.
The S54 of embodiment illustrated in fig. 5 is referred to, details are not described herein.
Encrypted session key is sent to server by S710, client.
The S55 of embodiment illustrated in fig. 5 is referred to, details are not described herein.
Encrypted session key is decrypted in S711, server by utilizing temporary private, obtains session key.
The S37 of embodiment illustrated in fig. 3 is referred to, details are not described herein.
S712, judges whether data processing process terminates.
At the end of data processing process, temporary key pair is removed.Otherwise, S712 is executed.
A kind of identification authentication system is additionally provided in the present embodiment, and the device is real for realizing above-described embodiment and preferably
Mode is applied, the descriptions that have already been made will not be repeated.As used below, the soft of predetermined function may be implemented in term " module "
The combination of part and/or hardware.Although device described in following embodiment is preferably realized with software, hardware, or
The realization of the combination of software and hardware is also that may and be contemplated.
It the present embodiment provides a kind of identification authentication system, can be applied in video conferencing system in server, such as Fig. 8 institute
Show, comprising:
Key production module 81, for generating temporary key pair;Wherein, the temporary key is to including temporary public key and facing
When private key.
First sending module 82, for the temporary public key to be sent to secure hardware.
First receiving module 83, the temporary public key certification returned for receiving the secure hardware based on the temporary public key
Data;The temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to the temporary public key.
Authentication module 84, the identification authentication data for being sent based on the temporary private to client are signed
Name, to obtain signature information, and temporary public key authentication data is added in signature information.
Second sending module 85, for the signature information to be sent to client, so that client carries out server
Authentication.
Identification authentication system provided in this embodiment, using only needed in secure hardware using hardware private keys to temporary public key
Once signed is done, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, adopting
With temporary key to by originally in secure hardware to the signature of the identification authentication data of different clients, it is transferred in server
It completes, is signed using the process performance of server to the identification authentication data of different clients, greatly improve identity
The efficiency of certification.
The present embodiment provides a kind of identification authentication system, can be applied in the client in video conferencing system, such as Fig. 9
It is shown, comprising:
First obtains module 91, for obtaining the signature information of server transmission;Wherein, the signature information is server
It is signed using identification authentication data of the temporary private to client, carries temporary public key in the signature information
Authentication data, the temporary public key authentication data are that secure hardware is signed to obtain using hardware private keys to temporary public key.
Sign test module 92, for using temporary public key authentication data described in hardware public key sign test, to extract the interim public affairs
Key;Wherein, the hardware public key is corresponding with the hardware private keys.
Determining module 93, for carrying out sign test to the identification authentication data after signature based on the temporary public key, with
Authentication is carried out to server.
Identification authentication system provided in this embodiment, using the body of the hardware private keys confirmation temporary public key in secure hardware
Part, for the authentication of server, only need to make primary label to temporary public key using hardware private keys in secure hardware
Name, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using interim close
Key is transferred in server and completes to by originally in secure hardware to the signature of the identification authentication data of different clients, benefit
It is signed with identification authentication data of the process performance of server to different clients, greatly improves the effect of authentication
Rate.
Identification authentication system or key exchange apparatus in the present embodiment are presented in the form of functional unit, here
Unit refer to ASIC circuit, execute one or more softwares or fixed routine processor and memory and/or other can be with
The device of above-mentioned function is provided.
The further function description of above-mentioned modules is identical as above-mentioned corresponding embodiment, and details are not described herein.
The embodiment of the present invention also provides a kind of electronic equipment, when the electronic equipment is as the server in video conferencing system
When, there is above-mentioned identification authentication system shown in Fig. 8;When the electronic equipment is as client in video conferencing system, tool
There is above-mentioned identification authentication system shown in Fig. 9.
Referring to Fig. 10, Figure 10 is the structural schematic diagram for a kind of electronic equipment that alternative embodiment of the present invention provides, such as scheme
Shown in 10, which may include: at least one processor 101, such as processor (Central Processing
Unit, central processing unit), at least one communication interface 103, memory 104, at least one communication bus 102.Wherein, it communicates
Bus 102 is for realizing the connection communication between these components.Wherein, communication interface 103 may include display screen
(Display), keyboard (Keyboard), optional communication interface 103 can also include standard wireline interface and wireless interface.It deposits
Reservoir 104 can be high speed RAM memory (Random Access Memory, effumability random access memory), can also
To be non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 104 can
Choosing can also be that at least one is located remotely from the storage device of aforementioned processor 101.Wherein, when electronic equipment is video conference
When server in system, processor 101 can store application in memory 104 with identification authentication system described in conjunction with Figure 8
Program, and processor 101 calls the corresponding program code stored in memory 104, with real shown in above-mentioned Fig. 1-3 for executing
Apply the identity identifying method step of example.When electronic equipment is the client in video conferencing system, processor 101 can be combined
Identification authentication system described in Fig. 9 stores application program in memory 104, and processor 101 is called and deposited in memory 104
The corresponding program code of storage, with the identity identifying method step for executing above-mentioned Fig. 4-5 illustrated embodiment.
Wherein, communication bus 102 can be Peripheral Component Interconnect standard (peripheral component
Interconnect, abbreviation PCI) bus or expanding the industrial standard structure (extended industry standard
Architecture, abbreviation EISA) bus etc..Communication bus 102 can be divided into address bus, data/address bus, control bus etc..
Only to be indicated with a thick line in Figure 10, it is not intended that an only bus or a type of bus convenient for indicating.
Wherein, memory 104 may include volatile memory (English: volatile memory), such as arbitrary access
Memory (English: random-access memory, abbreviation: RAM);Memory also may include nonvolatile memory (English
Text: non-volatile memory), for example, flash memory (English: flash memory), hard disk (English: hard disk
Drive, abbreviation: HDD) or solid state hard disk (English: solid-state drive, abbreviation: SSD);Memory 104 can also wrap
Include the combination of the memory of mentioned kind.
Wherein, processor 101 can be central processing unit (English: central processing unit, abbreviation: processing
Device), the combination of network processing unit (English: network processor, abbreviation: NP) or processor and NP.
Wherein, processor 101 can further include hardware chip.Above-mentioned hardware chip can be specific integrated circuit
(English: application-specific integrated circuit, abbreviation: ASIC), programmable logic device (English:
Programmable logic device, abbreviation: PLD) or combinations thereof.Above-mentioned PLD can be Complex Programmable Logic Devices
(English: complex programmable logic device, abbreviation: CPLD), field programmable gate array (English:
Field-programmable gate array, abbreviation: FPGA), Universal Array Logic (English: generic array
Logic, abbreviation: GAL) or any combination thereof.
Optionally, memory 104 is also used to store program instruction.Processor 101 can be instructed with caller, be realized such as this
Apply for identity identifying method shown in identity identifying method shown in Fig. 1-3 embodiment or Fig. 4-5 embodiment.
The embodiment of the invention also provides a kind of non-transient computer storage medium, the computer storage medium is stored with
The identity identifying method in above-mentioned any means embodiment can be performed in computer executable instructions, the computer executable instructions,
Or key exchange method.Wherein, the storage medium can be magnetic disk, CD, read-only memory (Read-Only
Memory, ROM), random access memory (Random Access Memory, RAM), flash memory (Flash
Memory), hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk (Solid-State Drive, SSD) etc.;Institute
State the combination that storage medium can also include the memory of mentioned kind.
Although being described in conjunction with the accompanying the embodiment of the present invention, those skilled in the art can not depart from the present invention
Spirit and scope in the case where make various modifications and variations, such modifications and variations are each fallen within by appended claims institute
Within the scope of restriction.
Claims (10)
1. a kind of identity identifying method, which is characterized in that the identity identifying method is executed by server, the authentication side
Method includes:
Generate temporary key pair;Wherein, the temporary key is to including temporary public key and temporary private;
The temporary public key is sent to secure hardware;
Receive the temporary public key authentication data that the secure hardware is returned based on the temporary public key;The temporary public key authenticates number
The temporary public key is signed to obtain with hardware private keys according to the secure hardware;
The identification authentication data sent based on the temporary private to client is signed, to obtain signature information, and by institute
Temporary public key authentication data is stated to be added in the signature information;
The signature information is sent to the client, so that the client carries out authentication to the server.
2. the method according to claim 1, wherein the generation temporary key pair, comprising:
Log-on data treatment progress, the data processing process for handle the server and at least one described client it
Between communication data;
The temporary key pair is generated in the memory of the server using the data processing process.
3. according to the method described in claim 2, it is characterized in that, described receive the secure hardware based on the temporary public key
After the step of temporary public key authentication data of return, further includes:
The temporary public key authentication data is stored in the memory of the server.
4. the method according to claim 1, wherein it is described by the signature information be sent to the client it
Afterwards, further includes:
The encrypted session key that the client is sent is received, the encrypted session key is utilized described interim by the client
Public key encryption session key obtains, the session key be used for the communication data between the server and the client into
Row encryption;
The encrypted session key is decrypted using the temporary private, obtains the session key.
5. according to the method described in claim 2, it is characterized by further comprising:
At the end of the data processing process, the temporary key pair is removed.
6. method according to any one of claims 1-5, which is characterized in that the method also includes:
The temporary key pair is removed every preset time, and regenerates new temporary key pair;
Signature authentication is carried out to the client to the unverified server using the new temporary key, and/or, utilize institute
It states new temporary key and carries out encryption and decryption to session key;Wherein, the session key be used for the server with it is described
Communication data between client is encrypted.
7. a kind of identity identifying method, which is characterized in that the identity identifying method is by client executing, the authentication side
Method includes:
Obtain the signature information that server is sent;Wherein, the signature information is that server uses temporary private to client
What identification authentication data was signed, temporary public key authentication data, the temporary public key are carried in the signature information
Authentication data is that secure hardware is signed to obtain using hardware private keys to temporary public key;
Using temporary public key authentication data described in hardware public key sign test, to extract the temporary public key;Wherein, the hardware public key
It is corresponding with the hardware private keys;
Sign test is carried out to the identification authentication data after signature based on the temporary public key, to carry out identity to the server
Certification.
8. the method according to the description of claim 7 is characterized in that it is described based on the temporary public key to the body after signature
After the step of part authentication data carries out sign test, further includes:
When the authentication of server success, session key is encrypted using the temporary public key, to be added
Close session key;Wherein, the session key is for adding the communication data between the server and the client
It is close;
The encrypted session key is sent to the server.
9. a kind of electronic equipment characterized by comprising
Memory and processor communicate with each other connection, are stored in the memory between the memory and the processor
Computer instruction, the processor is by executing the computer instruction, thereby executing any one of claim 1-6, or power
Benefit require 7 or 8 described in identity identifying method.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to
It enables, the computer instruction is for requiring the computer perform claim described in any one of 1-6 or claim 7 or 8
Identity identifying method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910406642.4A CN110190964B (en) | 2019-05-16 | 2019-05-16 | Identity authentication method and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910406642.4A CN110190964B (en) | 2019-05-16 | 2019-05-16 | Identity authentication method and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110190964A true CN110190964A (en) | 2019-08-30 |
CN110190964B CN110190964B (en) | 2022-03-15 |
Family
ID=67716468
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910406642.4A Active CN110190964B (en) | 2019-05-16 | 2019-05-16 | Identity authentication method and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110190964B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031047A (en) * | 2019-12-16 | 2020-04-17 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
CN111641615A (en) * | 2020-05-20 | 2020-09-08 | 深圳市今天国际物流技术股份有限公司 | Distributed identity authentication method and system based on certificate |
CN113315641A (en) * | 2021-08-02 | 2021-08-27 | 飞天诚信科技股份有限公司 | Seed key backup method, electronic equipment and system |
US20220377057A1 (en) * | 2021-05-21 | 2022-11-24 | Zoom Video Communications, Inc. | Systems and methods for securing videoconferencing meetings |
CN115529127A (en) * | 2022-09-23 | 2022-12-27 | 中科海川(北京)科技有限公司 | Device authentication method, device, medium and device based on SD-WAN scene |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102843675A (en) * | 2011-06-24 | 2012-12-26 | 中兴通讯股份有限公司 | Cluster call voice encryption method, terminal and system |
US20130219166A1 (en) * | 2012-02-20 | 2013-08-22 | Motorola Mobility, Inc. | Hardware based identity manager |
CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
CN107196922A (en) * | 2017-05-03 | 2017-09-22 | 国民认证科技(北京)有限公司 | Identity identifying method, user equipment and server |
CN107241317A (en) * | 2017-05-24 | 2017-10-10 | 国民认证科技(北京)有限公司 | The method and subscriber terminal equipment and authentication server of living things feature recognition identity |
CN108737430A (en) * | 2018-05-25 | 2018-11-02 | 全链通有限公司 | The encryption communication method and system of block chain node |
CN109064606A (en) * | 2018-08-03 | 2018-12-21 | 广州邦讯信息系统有限公司 | Gate inhibition's task executing method, system, access control system and readable storage medium storing program for executing |
-
2019
- 2019-05-16 CN CN201910406642.4A patent/CN110190964B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102843675A (en) * | 2011-06-24 | 2012-12-26 | 中兴通讯股份有限公司 | Cluster call voice encryption method, terminal and system |
US20130219166A1 (en) * | 2012-02-20 | 2013-08-22 | Motorola Mobility, Inc. | Hardware based identity manager |
CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
CN107196922A (en) * | 2017-05-03 | 2017-09-22 | 国民认证科技(北京)有限公司 | Identity identifying method, user equipment and server |
CN107241317A (en) * | 2017-05-24 | 2017-10-10 | 国民认证科技(北京)有限公司 | The method and subscriber terminal equipment and authentication server of living things feature recognition identity |
CN108737430A (en) * | 2018-05-25 | 2018-11-02 | 全链通有限公司 | The encryption communication method and system of block chain node |
CN109064606A (en) * | 2018-08-03 | 2018-12-21 | 广州邦讯信息系统有限公司 | Gate inhibition's task executing method, system, access control system and readable storage medium storing program for executing |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111031047A (en) * | 2019-12-16 | 2020-04-17 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
CN111031047B (en) * | 2019-12-16 | 2022-08-12 | 中国南方电网有限责任公司 | Device communication method, device, computer device and storage medium |
CN111641615A (en) * | 2020-05-20 | 2020-09-08 | 深圳市今天国际物流技术股份有限公司 | Distributed identity authentication method and system based on certificate |
US20220377057A1 (en) * | 2021-05-21 | 2022-11-24 | Zoom Video Communications, Inc. | Systems and methods for securing videoconferencing meetings |
US11765143B2 (en) * | 2021-05-21 | 2023-09-19 | Zoom Video Communications, Inc. | Systems and methods for securing videoconferencing meetings |
CN113315641A (en) * | 2021-08-02 | 2021-08-27 | 飞天诚信科技股份有限公司 | Seed key backup method, electronic equipment and system |
CN115529127A (en) * | 2022-09-23 | 2022-12-27 | 中科海川(北京)科技有限公司 | Device authentication method, device, medium and device based on SD-WAN scene |
CN115529127B (en) * | 2022-09-23 | 2023-10-03 | 中科海川(北京)科技有限公司 | Device authentication method, device, medium and device based on SD-WAN scene |
Also Published As
Publication number | Publication date |
---|---|
CN110190964B (en) | 2022-03-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
CN110190964A (en) | Identity identifying method and electronic equipment | |
CN104618116B (en) | A kind of cooperative digital signature system and its method | |
CN108768633B (en) | Method and device for realizing information sharing in block chain | |
CN109194465B (en) | Method for managing keys, user equipment, management device and storage medium | |
CN111431713B (en) | Private key storage method and device and related equipment | |
CN108462710B (en) | Authentication and authorization method, device, authentication server and machine-readable storage medium | |
CN111435913B (en) | Identity authentication method and device for terminal of Internet of things and storage medium | |
US11818120B2 (en) | Non-custodial tool for building decentralized computer applications | |
CN111460453A (en) | Machine learning training method, controller, device, server, terminal and medium | |
CN113691502B (en) | Communication method, device, gateway server, client and storage medium | |
CN109951295B (en) | Key processing and using method, device, equipment and medium | |
CN107800675A (en) | A kind of data transmission method, terminal and server | |
CN112740615B (en) | Key management for multiparty computing | |
CN109067528A (en) | Crypto-operation, method, cryptographic service platform and the equipment for creating working key | |
CN111131416A (en) | Business service providing method and device, storage medium and electronic device | |
CN108199847B (en) | Digital security processing method, computer device, and storage medium | |
CN109818747A (en) | Digital signature method and device | |
CN116980230B (en) | Information security protection method and device | |
CN112633884A (en) | Local private key recovery method and device for transaction main body identity certificate | |
CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
CN111654503A (en) | Remote control method, device, equipment and storage medium | |
CN114139176A (en) | Industrial internet core data protection method and system based on state secret | |
CN106257859A (en) | A kind of password using method | |
CN115473655B (en) | Terminal authentication method, device and storage medium for access network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |