CN110190964A - Identity identifying method and electronic equipment - Google Patents

Identity identifying method and electronic equipment Download PDF

Info

Publication number
CN110190964A
CN110190964A CN201910406642.4A CN201910406642A CN110190964A CN 110190964 A CN110190964 A CN 110190964A CN 201910406642 A CN201910406642 A CN 201910406642A CN 110190964 A CN110190964 A CN 110190964A
Authority
CN
China
Prior art keywords
temporary
public key
server
key
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910406642.4A
Other languages
Chinese (zh)
Other versions
CN110190964B (en
Inventor
顾志松
王彦杰
顾振华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Keda Technology Co Ltd
Original Assignee
Suzhou Keda Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Keda Technology Co Ltd filed Critical Suzhou Keda Technology Co Ltd
Priority to CN201910406642.4A priority Critical patent/CN110190964B/en
Publication of CN110190964A publication Critical patent/CN110190964A/en
Application granted granted Critical
Publication of CN110190964B publication Critical patent/CN110190964B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention relates to video conferencing technology fields, specifically disclose identity identifying method and electronic equipment, and wherein method includes: to generate temporary key pair;Temporary key is to including temporary public key and temporary private;Temporary public key is sent to secure hardware;Receive the temporary public key authentication data that secure hardware is returned based on temporary public key;Temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to temporary public key;The identification authentication data sent based on temporary private to client is signed, and to obtain signature information, and temporary public key authentication data is added in signature information;Signature information is sent to client, so that client carries out authentication to server.It only needs to do once signed to temporary public key using hardware private keys in secure hardware, remaining can complete the signature for the identification authentication data that each client is sent in the server;It is signed using the process performance of server, greatly improves the efficiency of authentication.

Description

Identity identifying method and electronic equipment
Technical field
The present invention relates to video conferencing technology fields, and in particular to identity identifying method and electronic equipment.
Background technique
In asymmetric cryptography system, public key is can be disclosed, and private key must secret keeping.In order to safely store Private key is generally saved in safety chip, USBkey or cipher card by private key.Private key is once importing in these secure hardwares It can not again read, certain operations, such as signature or decryption can only be carried out using internal private key.
When secure hardware is used in combination with videoconferencing platform server, since video conference is usually possible while several hundred A thousands of a terminal devices concurrently log in, and carry out body to several hundred thousands of a terminal devices this requires secure hardware needs to realize Part certification, or the data of terminal transmission are decrypted etc..Specifically, each client generates a random number service of issuing Random number is sent to secure hardware by device, server, secure hardware signed using the private key of storage to random number after by Server is then forwarded to client, and then client is signed with server public key by verifying come the identity of authentication server.But It is that, due to the calculated performance of these secure hardwares, the speed that will lead to authentication is all slow, meanwhile, carrying out key It in exchange process, needs to use the private key in server in secure hardware and is decrypted, also resulted in using secure hardware decryption The speed of key exchange is slower, can not adapt to the needs of large capacity calculating.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of identity identifying method and electronic equipment, to solve authentication Low efficiency the problem of.
According in a first aspect, the identity identifying method is by taking the embodiment of the invention provides a kind of identity identifying method Business device executes, and the identity identifying method includes:
Generate temporary key pair;Wherein, the temporary key is to including temporary public key and temporary private;
The temporary public key is sent to secure hardware;
Receive the temporary public key authentication data that the secure hardware is returned based on the temporary public key;The temporary public key is recognized Demonstrate,proving data is that the secure hardware is signed to obtain with hardware private keys to the temporary public key;
The identification authentication data sent based on the temporary private to client is signed, to obtain signature information, and The temporary public key authentication data is added in the signature information;
The signature information is sent to the client, is recognized so that the client carries out identity to the server Card.
Identity identifying method provided in an embodiment of the present invention determines temporary public key using the hardware private keys in secure hardware Identity only needs to do once temporary public key using hardware private keys in secure hardware for the authentication of server Signature, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using service Temporary key in device is transferred to service to by originally in secure hardware to the signature of the identification authentication data of different clients It is completed in device, is signed, greatly improved to the identification authentication data of different clients using the process performance of server The efficiency of authentication.
With reference to first aspect, in first aspect first embodiment, the generation temporary key pair, comprising:
Log-on data treatment progress, the data processing process is for handling the server and at least one described client Communication data between end;
The temporary key pair is generated in the memory of the server using the data processing process.
Identity identifying method provided in an embodiment of the present invention, since temporary key is to being in each data processing process initiation When temporarily generate, stolen will not under the influence of one-shot safety, in the premise for not influencing essential safety requirements Under, guarantee the efficiency of authentication;Simultaneously because the process of operating system all operates under empty mode, each process possesses independence Address space, attacker generally can not to the key in proceeding internal memory carry out striding course access, further ensure identity and recognize The safety of card.
First embodiment with reference to first aspect, in first aspect second embodiment, the reception safety is hard After the step of temporary public key authentication data that part is returned based on the temporary public key, further includes:
The temporary public key authentication data is stored in the memory of the server.
With reference to first aspect, in first aspect third embodiment, it is described the signature information is sent to it is described After client, further includes:
The encrypted session key that the client is sent is received, the encrypted session key is as described in client utilization Temporary public key encrypted session key obtains, and the session key is used for the communication number between the server and the client According to being encrypted;
The encrypted session key is decrypted using the temporary private, obtains the session key.
Identity identifying method provided in an embodiment of the present invention is confirming temporary public key using the hardware private keys in secure hardware Identity after, decryption to session key data directly can be realized using server for the decryption of session key, without Secure hardware must be recycled to be decrypted, since the process performance of server is far longer than secure hardware, can be greatly Improve the efficiency of session key encryption and decryption.
First embodiment with reference to first aspect, in the 4th embodiment of first aspect, further includes:
At the end of the data processing process, the temporary key pair is removed.
Identity identifying method provided in an embodiment of the present invention ensure that body by removing the sensitive data of temporary key pair The safety of part certification.
Any one of with reference to first aspect or first aspect first embodiment is to the 4th embodiment of first aspect, In the 5th embodiment of first aspect, the method also includes:
The temporary key pair is removed every preset time, and regenerates new temporary key pair;
Signature authentication is carried out to the client to the unverified server using the new temporary key, and/or, benefit Encryption and decryption is carried out to session key with the new temporary key;Wherein, the session key be used for the server with Communication data between the client is encrypted.
Identity identifying method provided in an embodiment of the present invention guarantees temporary key pair by the update to temporary key pair Safety, and then guarantee authentication safety.
According to second aspect, the embodiment of the invention also provides a kind of identity identifying method, the identity identifying method by Client executing, the identity identifying method include:
Obtain the signature information that server is sent;Wherein, the signature information is that server uses temporary private to client What the identification authentication data at end was signed, temporary public key authentication data is carried in the signature information, it is described interim Authentication public key data are that secure hardware is signed to obtain using hardware private keys to temporary public key;
Using temporary public key authentication data described in hardware public key sign test, to extract the temporary public key;Wherein, the hardware Public key is corresponding with the hardware private keys;
Sign test is carried out to the identification authentication data after signature based on the temporary public key, to carry out to the server Authentication.
Identity identifying method provided in an embodiment of the present invention, using the hardware private keys confirmation temporary public key in secure hardware Identity only needs to do once temporary public key using hardware private keys in secure hardware for the authentication of server Signature, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using service Temporary key in device is transferred to service to by originally in secure hardware to the signature of the identification authentication data of different clients It is completed in device, is signed, greatly improved to the identification authentication data of different clients using the process performance of server The efficiency of authentication.
In conjunction with second aspect, in second aspect first embodiment, it is described based on the temporary public key to signature after The identification authentication data carried out after the step of sign test, further includes:
When the authentication of server success, session key is encrypted using the temporary public key, with To encrypted session key;Wherein, the session key be used for the communication data between the server and the client into Row encryption;
The encrypted session key is sent to the server.
Identity identifying method provided in an embodiment of the present invention, since temporary public key has used the hardware in secure hardware private Key determined identity, then directly session key can be encrypted using server temporary public key generated, it is subsequent The decryption of session key can be realized directly using server, without being carried out by secure hardware, due to server Process performance is far longer than secure hardware, therefore, can greatly improve the efficiency of session key encryption and decryption.
According to the third aspect, the embodiment of the invention provides a kind of electronic equipment, comprising: memory and processor, it is described Connection is communicated with each other between memory and the processor, computer instruction is stored in the memory, and the processor is logical It crosses and executes the computer instruction, thereby executing body described in any one of first aspect or first aspect embodiment Identity authentication method.
It is described computer-readable the embodiment of the invention provides a kind of computer readable storage medium according to fourth aspect Storage medium stores computer instruction, and the computer instruction is for making the computer execute first aspect or first aspect Any one embodiment described in identity identifying method.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 2 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 3 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 4 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 5 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 6 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 7 is the flow chart of identity identifying method according to an embodiment of the present invention;
Fig. 8 is the structural block diagram of identification authentication system according to an embodiment of the present invention;
Fig. 9 is the structural block diagram of identification authentication system according to an embodiment of the present invention;
Figure 10 is the hardware structural diagram of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those skilled in the art are not having Every other embodiment obtained under the premise of creative work is made, shall fall within the protection scope of the present invention.
The application scenarios of identity identifying method described in the embodiment of the present invention and key exchange method can be with are as follows: in video In meeting, video conference is carried out between server and client, wherein the quantity of client can be arranged according to the actual situation, Hereinafter it is described in detail by taking multiple client as an example.
Secure hardware described in the embodiment of the present invention is electrically connected with the processor in server, secure hardware can be managed Solution is cipher card, USBKey etc..Due to server processor arithmetic speed considerably beyond cipher card arithmetic speed, and Server can also carry out multithreads computing using multi-core processor, can increase substantially operational performance.For example, general The signature speed of USBKey can only achieve 50 times/second, and the signature speed of an Inter Xeon E5-2620 processor monokaryon 2000 times/second can be reached.If counting 16 core parallel computations in, it can achieve the label of 2000*16=32000 times/second Name speed.Therefore, the processor that authentication can be theoretically put into server is handled.But due to hardware private keys Being stored in secure hardware can not read, and operation is carried out in processor so cannot directly take.Based on this, present inventor It proposes to generate temporary key pair in the server, and carries out signature authentication with the hardware private keys in secure hardware.That is secure hardware Only once signed certification need to be carried out to temporary key using hardware private keys, subsequent all data processings can be in the server It is handled using temporary key, greatly improves the efficiency of data processing.
Specifically, for server comprising processor and secure hardware are provided based on the embodiment of the present invention Identity identifying method, secure hardware need to only carry out once signed operation, sign to server temporary public key generated, The processing of subsequent all signatures, encryption and decryption can execute in the processor of server, unrelated with secure hardware.This method The process performance that server can greatly be utilized, improves the efficiency of data processing.
According to embodiments of the present invention, a kind of identity identifying method embodiment is provided, it should be noted that in the stream of attached drawing The step of journey illustrates can execute in a computer system such as a set of computer executable instructions, although also, flowing Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein The step of.
A kind of identity identifying method is provided in the present embodiment, can be applied to the processor of server in video conference In, it also can be applied in other processors, this method is executed by server in a word.Hereinafter with the processing of server It is described in detail for device.Fig. 1 is the flow chart of identity identifying method according to an embodiment of the present invention, as shown in Figure 1, the stream Journey includes the following steps:
S11 generates temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The processor of server can be generates temporary key pair when video conference starts in real time.Wherein, server Public key is referred to as hardware public key, and the private key of server is referred to as hardware private keys.The hardware public key is corresponding with hardware private keys, and Hardware private keys are stored in secure hardware, and hardware public key is sent to client generally by the form of digital certificate.
The temporary key is also possible in same video conference to can be what each video conference was updated It is updated every preset time, any restriction is not done to the renewal time of temporary key pair or update opportunity at this.For Server update temporary key for, if before temporary key is to update, client had verified that server identity and If always on, then there is no need to the identity of authentication server again for these clients;But it is subsequent in progress communication data Encryption when, it is necessary to using update temporary key pair.If client goes offline online again after temporary key is to update , alternatively, the client being newly added, these clients may be referred to collectively as the client of unverified server;It is above-mentioned unverified The client of server requires to authenticate the identity of server, and using the temporary key updated to progress subsequent communications The encryption of data.
Temporary public key is sent to secure hardware by S12.
Accessed temporary public key is sent to secure hardware by the processor of server, in order to which secure hardware utilizes institute The hardware private keys of storage sign to it.
S13 receives the temporary public key authentication data that secure hardware is returned based on temporary public key.
Wherein, the temporary public key authentication data is that secure hardware sign to the temporary public key with hardware private keys It arrives.
The processor of server is after being sent to secure hardware for temporary public key, and secure hardware is using hardware private keys to institute The temporary public key got is signed, to obtain temporary public key authentication data.The processor of server is getting this temporarily It after authentication public key data, can store it in memory, to be used for subsequent authentication.
S14, the identification authentication data sent based on temporary private to client are signed, to obtain signature information, and Temporary public key authentication data is added in signature information.
When client connects server, user end to server sends identification authentication data, the processor benefit of server The signature that authentication is carried out to identification authentication data is carried out with temporary private, specific signature scheme is carried out with using hardware private keys The signature of authentication is similar, and details are not described herein.
The temporary public key authentication data that secure hardware is sent also is added in signature information by the processor of server, will face When authentication public key data be sent to client together.
Optionally, the identification authentication data that client is sent can be the random number of client generation.For example, working as multiple visitors When family end connects server, each client can generate a random number, and the random number is sent to server, take at this time After business device receives random number, signed in the processor using temporary private to each random number, and in affix S13 The temporary public key authentication data received forms signature information and is sent to corresponding client.
Signature information is sent to client by S15, so that client carries out authentication to server.
Wherein, include two kinds of signed datas in signature information: (1) secure hardware is using hardware private keys to the label of temporary public key Name data;(2) signed data for the identification authentication data that the processor of server sends client using temporary private.Service Obtained signature information is sent to client by the processor of device, and client carries out server based on the signature information received Authentication.Hereinafter, it will be described in client and identity authentication method carried out to server.
Identity identifying method provided in this embodiment, using the body of the hardware private keys confirmation temporary public key in secure hardware Part, for the authentication of server, only need to make primary label to temporary public key using hardware private keys in secure hardware Name, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using interim close Key is transferred in server and completes to by originally in secure hardware to the signature of the identification authentication data of different clients, benefit It is signed with identification authentication data of the process performance of server to different clients, greatly improves the effect of authentication Rate.
A kind of identity identifying method is additionally provided in the present embodiment, can be applied to the processing of server in video conference In device, Fig. 2 is the flow chart of identity identifying method according to an embodiment of the present invention, as shown in Fig. 2, the process includes following step It is rapid:
S21 generates temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The temporary key generates the processor for being server when starting data processing in real time, specifically, the step Suddenly include:
S211, log-on data treatment progress.
Wherein, data processing process is for the communication data between processing server and at least one client.
By taking video conference as an example, server is when starting video conference, and log-on data treatment progress in memory first should Data processing process is used for authentication and subsequent data encrypting and deciphering.Alternatively, it is to be understood that the data processing process is For handling the communication data in entire video conference.
S212 generates temporary key pair using data processing process in the memory of server.
The processor of server generates temporary key pair in log-on data treatment progress in real time in memory.
Temporary public key is sent to secure hardware by S22.
The S12 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S23 receives the temporary public key authentication data that secure hardware is returned based on temporary public key.
The temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to the temporary public key.
The S13 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S24, the identification authentication data sent based on temporary private to client are signed, to obtain signature information, and Temporary public key authentication data is added in signature information.
Wherein, temporary public key authentication data is also carried in the signature information.
Specifically, which includes:
S241 signs to identification authentication data using temporary private, to obtain signature information.
The processor of server carries out the identification authentication data that each client is sent using generated temporary private Signature, so as to obtain signature information.
S242 extracts temporary public key authentication data from memory.
After the processor of server receives the temporary public key authentication data of secure hardware return in S23, stored In memory.At this point, the processor of server need to only extract temporary public key authentication data from memory.
S243, by the addition of temporary public key authentication data in signature information.
Temporary public key authentication data is attached in signed data by the processor of server.
Signature information is sent to client by S25, so that client carries out authentication to server.
The S15 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S26, judges whether data processing process terminates.
The monitoring terminated for process can be whether the data processing process real-time monitoring receives stopping data processing The order of process indicates that data processing process terminates at this time upon reception of the command.
Alternatively, whether the processor of server can also terminate to judge using other modes to data treatment progress, Any restrictions are not done to specific judgment method at this.
At the end of data processing process, temporary key pair is removed.Otherwise, S26 is executed.By removing temporary key pair Sensitive data ensure that the safety of authentication.
Identity identifying method provided in this embodiment, since temporary key is to being faced in each data processing process initiation When generate, even if stolen will not under the influence of the safety of one-shot protected under the premise of not influencing essential safety requirements Demonstrate,prove the efficiency of authentication;Simultaneously because the process of operating system all operates under empty mode, each process possesses independently Location space, attacker generally can not carry out striding course access to the key in proceeding internal memory, further ensure authentication Safety.
The embodiment of the invention also provides a kind of identity identifying method, the processing of server in video conference can be applied to In device, Fig. 2 is the flow chart of identity identifying method according to an embodiment of the present invention, as shown in Fig. 2, the process includes following step It is rapid:
S31 generates temporary key pair.
The S21 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
Temporary public key is sent to secure hardware by S32.
The S21 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S33 receives the temporary public key authentication data that secure hardware is returned based on temporary public key.
The temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to the temporary public key.
The S23 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S34, the identification authentication data sent based on temporary private to client are signed, to obtain signature information, and Temporary public key authentication data is added in signature information.
The S24 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
Signature information is sent to client by S35, so that client carries out authentication to server.
The S25 of embodiment illustrated in fig. 2 is referred to, details are not described herein.
S36 receives the encrypted session key that client is sent.
Wherein, the encrypted session key is obtained by client using temporary public key encrypted session key, and the session is close Key is for encrypting the communication data between server and client.
When authentication success of the client to server, server can receive the encryption session of server transmission Key.
S37 is decrypted encrypted session key using temporary private, obtains session key.
The processor of server is decrypted encrypted session key using stored temporary private, due to encrypting session Key encrypts to obtain using temporary public key, and temporary private is corresponding with temporary public key, therefore, can be solved using temporary private Close session key out.
The processor of subsequent server is the encryption and decryption that video data is carried out using the session key that decryption obtains.
S38, judges whether data processing process terminates.
At the end of data processing process, temporary key pair is removed.Otherwise, S38 is executed.
Identity identifying method provided in this embodiment, in the body using the hardware private keys confirmation temporary public key in secure hardware After part, the decryption to session key directly can be realized using the processor of server for the decryption of session key, without It must be decrypted by recycling secure hardware, since the process performance of server is far longer than secure hardware, Ke Yiji The earth improves the efficiency of session key encryption and decryption.
According to embodiments of the present invention, a kind of identity identifying method embodiment is provided, it should be noted that in the stream of attached drawing The step of journey illustrates can execute in a computer system such as a set of computer executable instructions, although also, flowing Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein The step of.
A kind of identity identifying method is provided in the present embodiment, can be applied to the client in video conference, and Fig. 4 is The flow chart of identity identifying method according to an embodiment of the present invention, as shown in figure 3, the process includes the following steps:
S41 obtains the signature information that server is sent.
Wherein, the signature information is that server sign to the identification authentication data of client using temporary private It arrives, temporary public key authentication data is carried in the signature information, the temporary public key authentication data is that secure hardware uses Hardware private keys sign to temporary public key.
The signature information is that server is sent to client, wherein the description as described in temporary public key authentication data The description of the S23 of the description or embodiment illustrated in fig. 2 of the S13 of embodiment shown in Figure 1;The description as described in signature information The description of the S24 of the S14 or embodiment illustrated in fig. 2 of embodiment shown in Figure 1, details are not described herein.
S42, using hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
After client gets signature information, number is authenticated to temporary public key using hardware public key corresponding with hardware private keys According to progress sign test, it is therefore intended that extract the temporary public key in temporary public key authentication data.
S43 carries out sign test to the identification authentication data after signature based on temporary public key, is recognized with carrying out identity to server Card.
Client carries out sign test to the identification authentication data after server signature using temporary public key, extracts signature information In identification authentication data, client by the identification authentication data extracted be sent to server identification authentication data carry out Compare, when the two is identical, indicates the success of authentication at this time;Otherwise, authentication fails.
For example, client carries out sign test to the random number after server signature using temporary public key, it is random to extract first Number;It is the second random number that client, which is sent to server, and when the first random number is identical as the second random number, identity is recognized at this time It demonstrate,proves successfully;Otherwise, authentication fails.
Identity identifying method provided in this embodiment, using the body of the hardware private keys confirmation temporary public key in secure hardware Part, for the authentication of server, only need to make primary label to temporary public key using hardware private keys in secure hardware Name, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using interim close Key is transferred in server and completes to by originally in secure hardware to the signature of the identification authentication data of different clients, benefit It is signed with identification authentication data of the process performance of server to different clients, greatly improves the effect of authentication Rate.
A kind of key exchange method is provided in the present embodiment, can be applied to the client in video conferencing system, Fig. 5 is the flow chart of key exchange method according to an embodiment of the present invention, as shown in figure 5, the process includes the following steps:
S51 obtains the signature information that server is sent.
Wherein, the signature information is that server sign to the identification authentication data of client using temporary private It arrives, temporary public key authentication data is carried in the signature information, the temporary public key authentication data is that secure hardware uses Hardware private keys sign to temporary public key.
The S41 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S52, using hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
The S42 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S53 carries out sign test to the identification authentication data after signature based on temporary public key, is recognized with carrying out identity to server Card.
The S43 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S54 encrypts session key using temporary public key, when the authentication of server success to be added Close session key.
Wherein, the session key is for encrypting the communication data between the server and the client.
When authentication success of the client to server, client can use temporary public key to session key at this time It is encrypted, encrypted session key can be obtained.
Encrypted session key is sent to server by S55.
Encrypted session key is sent to server by client, and the processor of subsequent server is using corresponding with temporary public key Temporary private can decrypt the session key in encrypted session key.
Identity identifying method provided in this embodiment, since temporary public key has used the hardware private keys in secure hardware true Recognized identity, then can directly be encrypted using server temporary public key generated to session key, it is subsequent for The decryption of session key can be realized directly using server, without being carried out by secure hardware, due to the processing of server Performance is far longer than secure hardware, therefore, can greatly improve the efficiency of session key encryption and decryption.
According to embodiments of the present invention, a kind of identity identifying method embodiment is provided, it should be noted that in the stream of attached drawing The step of journey illustrates can execute in a computer system such as a set of computer executable instructions, although also, flowing Logical order is shown in journey figure, but in some cases, it can be to be different from shown or described by sequence execution herein The step of.
A kind of identity identifying method is provided in the present embodiment, can be applied in video conferencing system, and Fig. 6 is basis The flow chart of the identity identifying method of the embodiment of the present invention, as shown in fig. 6, the process includes the following steps:
S61, server generate temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The S11 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S21 of embodiment illustrated in fig. 2 also may refer to.
Temporary public key is sent to secure hardware by S62, server.
The S12 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S63, secure hardware signs to temporary public key using hardware private keys, to obtain temporary public key authentication data.
The description as described in temporary public key authentication data in the S13 of embodiment illustrated in fig. 1 is referred to, it is no longer superfluous herein It states.
Temporary public key authentication data is sent to server by S64, secure hardware.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
S65, server are signed based on the identification authentication data that temporary private sends client, are disappeared with obtaining signature Breath, and temporary public key authentication data is added in signature information.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
Signature information is sent to client by S66, server, so that client carries out authentication to server.
The S15 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S67, client uses hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
The S42 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S68 carries out sign test to the identification authentication data after signature based on temporary public key, is recognized with carrying out identity to server Card.
The S43 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
A kind of identity identifying method is provided in the present embodiment, can be applied in video conferencing system, and Fig. 7 is basis The flow chart of the identity identifying method of the embodiment of the present invention, as shown in fig. 7, the process includes the following steps:
S701, server generate temporary key pair.
Wherein, the temporary key is to including temporary public key and temporary private.
The S11 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S21 of embodiment illustrated in fig. 2 also may refer to.
Temporary public key is sent to secure hardware by S702, server.
The S12 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S703, secure hardware signs to temporary public key using hardware private keys, to obtain temporary public key authentication data.
The description as described in temporary public key authentication data in the S13 of embodiment illustrated in fig. 1 is referred to, it is no longer superfluous herein It states.
Temporary public key authentication data is sent to server by S704, secure hardware.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
S705, server are signed based on the identification authentication data that temporary private sends client, to be signed Message, and temporary public key authentication data is added in signature information.
The S14 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
As a kind of optional embodiment of the present embodiment, the S24 of embodiment illustrated in fig. 2 also may refer to.
Signature information is sent to client by S706, server, so that client carries out authentication to server.
The S15 of embodiment illustrated in fig. 1 is referred to, details are not described herein.
S707, client uses hardware public key sign test temporary public key authentication data, to extract temporary public key.
Wherein, the hardware public key is corresponding with the hardware private keys.
The S42 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S708, client carries out sign test to the identification authentication data after signature based on temporary public key, to carry out to server Authentication.
The S43 of embodiment illustrated in fig. 4 is referred to, details are not described herein.
S709, when the authentication of server success, client encrypts session key using temporary public key, with Obtain encrypted session key.
Wherein, the session key is for encrypting the communication data between the server and the client.
The S54 of embodiment illustrated in fig. 5 is referred to, details are not described herein.
Encrypted session key is sent to server by S710, client.
The S55 of embodiment illustrated in fig. 5 is referred to, details are not described herein.
Encrypted session key is decrypted in S711, server by utilizing temporary private, obtains session key.
The S37 of embodiment illustrated in fig. 3 is referred to, details are not described herein.
S712, judges whether data processing process terminates.
At the end of data processing process, temporary key pair is removed.Otherwise, S712 is executed.
A kind of identification authentication system is additionally provided in the present embodiment, and the device is real for realizing above-described embodiment and preferably Mode is applied, the descriptions that have already been made will not be repeated.As used below, the soft of predetermined function may be implemented in term " module " The combination of part and/or hardware.Although device described in following embodiment is preferably realized with software, hardware, or The realization of the combination of software and hardware is also that may and be contemplated.
It the present embodiment provides a kind of identification authentication system, can be applied in video conferencing system in server, such as Fig. 8 institute Show, comprising:
Key production module 81, for generating temporary key pair;Wherein, the temporary key is to including temporary public key and facing When private key.
First sending module 82, for the temporary public key to be sent to secure hardware.
First receiving module 83, the temporary public key certification returned for receiving the secure hardware based on the temporary public key Data;The temporary public key authentication data is that secure hardware is signed to obtain with hardware private keys to the temporary public key.
Authentication module 84, the identification authentication data for being sent based on the temporary private to client are signed Name, to obtain signature information, and temporary public key authentication data is added in signature information.
Second sending module 85, for the signature information to be sent to client, so that client carries out server Authentication.
Identification authentication system provided in this embodiment, using only needed in secure hardware using hardware private keys to temporary public key Once signed is done, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, adopting With temporary key to by originally in secure hardware to the signature of the identification authentication data of different clients, it is transferred in server It completes, is signed using the process performance of server to the identification authentication data of different clients, greatly improve identity The efficiency of certification.
The present embodiment provides a kind of identification authentication system, can be applied in the client in video conferencing system, such as Fig. 9 It is shown, comprising:
First obtains module 91, for obtaining the signature information of server transmission;Wherein, the signature information is server It is signed using identification authentication data of the temporary private to client, carries temporary public key in the signature information Authentication data, the temporary public key authentication data are that secure hardware is signed to obtain using hardware private keys to temporary public key.
Sign test module 92, for using temporary public key authentication data described in hardware public key sign test, to extract the interim public affairs Key;Wherein, the hardware public key is corresponding with the hardware private keys.
Determining module 93, for carrying out sign test to the identification authentication data after signature based on the temporary public key, with Authentication is carried out to server.
Identification authentication system provided in this embodiment, using the body of the hardware private keys confirmation temporary public key in secure hardware Part, for the authentication of server, only need to make primary label to temporary public key using hardware private keys in secure hardware Name, remaining can complete the signature for the identification authentication data that each client is sent in the server;That is, using interim close Key is transferred in server and completes to by originally in secure hardware to the signature of the identification authentication data of different clients, benefit It is signed with identification authentication data of the process performance of server to different clients, greatly improves the effect of authentication Rate.
Identification authentication system or key exchange apparatus in the present embodiment are presented in the form of functional unit, here Unit refer to ASIC circuit, execute one or more softwares or fixed routine processor and memory and/or other can be with The device of above-mentioned function is provided.
The further function description of above-mentioned modules is identical as above-mentioned corresponding embodiment, and details are not described herein.
The embodiment of the present invention also provides a kind of electronic equipment, when the electronic equipment is as the server in video conferencing system When, there is above-mentioned identification authentication system shown in Fig. 8;When the electronic equipment is as client in video conferencing system, tool There is above-mentioned identification authentication system shown in Fig. 9.
Referring to Fig. 10, Figure 10 is the structural schematic diagram for a kind of electronic equipment that alternative embodiment of the present invention provides, such as scheme Shown in 10, which may include: at least one processor 101, such as processor (Central Processing Unit, central processing unit), at least one communication interface 103, memory 104, at least one communication bus 102.Wherein, it communicates Bus 102 is for realizing the connection communication between these components.Wherein, communication interface 103 may include display screen (Display), keyboard (Keyboard), optional communication interface 103 can also include standard wireline interface and wireless interface.It deposits Reservoir 104 can be high speed RAM memory (Random Access Memory, effumability random access memory), can also To be non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 104 can Choosing can also be that at least one is located remotely from the storage device of aforementioned processor 101.Wherein, when electronic equipment is video conference When server in system, processor 101 can store application in memory 104 with identification authentication system described in conjunction with Figure 8 Program, and processor 101 calls the corresponding program code stored in memory 104, with real shown in above-mentioned Fig. 1-3 for executing Apply the identity identifying method step of example.When electronic equipment is the client in video conferencing system, processor 101 can be combined Identification authentication system described in Fig. 9 stores application program in memory 104, and processor 101 is called and deposited in memory 104 The corresponding program code of storage, with the identity identifying method step for executing above-mentioned Fig. 4-5 illustrated embodiment.
Wherein, communication bus 102 can be Peripheral Component Interconnect standard (peripheral component Interconnect, abbreviation PCI) bus or expanding the industrial standard structure (extended industry standard Architecture, abbreviation EISA) bus etc..Communication bus 102 can be divided into address bus, data/address bus, control bus etc.. Only to be indicated with a thick line in Figure 10, it is not intended that an only bus or a type of bus convenient for indicating.
Wherein, memory 104 may include volatile memory (English: volatile memory), such as arbitrary access Memory (English: random-access memory, abbreviation: RAM);Memory also may include nonvolatile memory (English Text: non-volatile memory), for example, flash memory (English: flash memory), hard disk (English: hard disk Drive, abbreviation: HDD) or solid state hard disk (English: solid-state drive, abbreviation: SSD);Memory 104 can also wrap Include the combination of the memory of mentioned kind.
Wherein, processor 101 can be central processing unit (English: central processing unit, abbreviation: processing Device), the combination of network processing unit (English: network processor, abbreviation: NP) or processor and NP.
Wherein, processor 101 can further include hardware chip.Above-mentioned hardware chip can be specific integrated circuit (English: application-specific integrated circuit, abbreviation: ASIC), programmable logic device (English: Programmable logic device, abbreviation: PLD) or combinations thereof.Above-mentioned PLD can be Complex Programmable Logic Devices (English: complex programmable logic device, abbreviation: CPLD), field programmable gate array (English: Field-programmable gate array, abbreviation: FPGA), Universal Array Logic (English: generic array Logic, abbreviation: GAL) or any combination thereof.
Optionally, memory 104 is also used to store program instruction.Processor 101 can be instructed with caller, be realized such as this Apply for identity identifying method shown in identity identifying method shown in Fig. 1-3 embodiment or Fig. 4-5 embodiment.
The embodiment of the invention also provides a kind of non-transient computer storage medium, the computer storage medium is stored with The identity identifying method in above-mentioned any means embodiment can be performed in computer executable instructions, the computer executable instructions, Or key exchange method.Wherein, the storage medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), flash memory (Flash Memory), hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk (Solid-State Drive, SSD) etc.;Institute State the combination that storage medium can also include the memory of mentioned kind.
Although being described in conjunction with the accompanying the embodiment of the present invention, those skilled in the art can not depart from the present invention Spirit and scope in the case where make various modifications and variations, such modifications and variations are each fallen within by appended claims institute Within the scope of restriction.

Claims (10)

1. a kind of identity identifying method, which is characterized in that the identity identifying method is executed by server, the authentication side Method includes:
Generate temporary key pair;Wherein, the temporary key is to including temporary public key and temporary private;
The temporary public key is sent to secure hardware;
Receive the temporary public key authentication data that the secure hardware is returned based on the temporary public key;The temporary public key authenticates number The temporary public key is signed to obtain with hardware private keys according to the secure hardware;
The identification authentication data sent based on the temporary private to client is signed, to obtain signature information, and by institute Temporary public key authentication data is stated to be added in the signature information;
The signature information is sent to the client, so that the client carries out authentication to the server.
2. the method according to claim 1, wherein the generation temporary key pair, comprising:
Log-on data treatment progress, the data processing process for handle the server and at least one described client it Between communication data;
The temporary key pair is generated in the memory of the server using the data processing process.
3. according to the method described in claim 2, it is characterized in that, described receive the secure hardware based on the temporary public key After the step of temporary public key authentication data of return, further includes:
The temporary public key authentication data is stored in the memory of the server.
4. the method according to claim 1, wherein it is described by the signature information be sent to the client it Afterwards, further includes:
The encrypted session key that the client is sent is received, the encrypted session key is utilized described interim by the client Public key encryption session key obtains, the session key be used for the communication data between the server and the client into Row encryption;
The encrypted session key is decrypted using the temporary private, obtains the session key.
5. according to the method described in claim 2, it is characterized by further comprising:
At the end of the data processing process, the temporary key pair is removed.
6. method according to any one of claims 1-5, which is characterized in that the method also includes:
The temporary key pair is removed every preset time, and regenerates new temporary key pair;
Signature authentication is carried out to the client to the unverified server using the new temporary key, and/or, utilize institute It states new temporary key and carries out encryption and decryption to session key;Wherein, the session key be used for the server with it is described Communication data between client is encrypted.
7. a kind of identity identifying method, which is characterized in that the identity identifying method is by client executing, the authentication side Method includes:
Obtain the signature information that server is sent;Wherein, the signature information is that server uses temporary private to client What identification authentication data was signed, temporary public key authentication data, the temporary public key are carried in the signature information Authentication data is that secure hardware is signed to obtain using hardware private keys to temporary public key;
Using temporary public key authentication data described in hardware public key sign test, to extract the temporary public key;Wherein, the hardware public key It is corresponding with the hardware private keys;
Sign test is carried out to the identification authentication data after signature based on the temporary public key, to carry out identity to the server Certification.
8. the method according to the description of claim 7 is characterized in that it is described based on the temporary public key to the body after signature After the step of part authentication data carries out sign test, further includes:
When the authentication of server success, session key is encrypted using the temporary public key, to be added Close session key;Wherein, the session key is for adding the communication data between the server and the client It is close;
The encrypted session key is sent to the server.
9. a kind of electronic equipment characterized by comprising
Memory and processor communicate with each other connection, are stored in the memory between the memory and the processor Computer instruction, the processor is by executing the computer instruction, thereby executing any one of claim 1-6, or power Benefit require 7 or 8 described in identity identifying method.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to It enables, the computer instruction is for requiring the computer perform claim described in any one of 1-6 or claim 7 or 8 Identity identifying method.
CN201910406642.4A 2019-05-16 2019-05-16 Identity authentication method and electronic equipment Active CN110190964B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910406642.4A CN110190964B (en) 2019-05-16 2019-05-16 Identity authentication method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910406642.4A CN110190964B (en) 2019-05-16 2019-05-16 Identity authentication method and electronic equipment

Publications (2)

Publication Number Publication Date
CN110190964A true CN110190964A (en) 2019-08-30
CN110190964B CN110190964B (en) 2022-03-15

Family

ID=67716468

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910406642.4A Active CN110190964B (en) 2019-05-16 2019-05-16 Identity authentication method and electronic equipment

Country Status (1)

Country Link
CN (1) CN110190964B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031047A (en) * 2019-12-16 2020-04-17 中国南方电网有限责任公司 Device communication method, device, computer device and storage medium
CN111641615A (en) * 2020-05-20 2020-09-08 深圳市今天国际物流技术股份有限公司 Distributed identity authentication method and system based on certificate
CN113315641A (en) * 2021-08-02 2021-08-27 飞天诚信科技股份有限公司 Seed key backup method, electronic equipment and system
US20220377057A1 (en) * 2021-05-21 2022-11-24 Zoom Video Communications, Inc. Systems and methods for securing videoconferencing meetings
CN115529127A (en) * 2022-09-23 2022-12-27 中科海川(北京)科技有限公司 Device authentication method, device, medium and device based on SD-WAN scene

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843675A (en) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 Cluster call voice encryption method, terminal and system
US20130219166A1 (en) * 2012-02-20 2013-08-22 Motorola Mobility, Inc. Hardware based identity manager
CN106656510A (en) * 2017-01-04 2017-05-10 天地融科技股份有限公司 Encryption key acquisition method and system
CN107196922A (en) * 2017-05-03 2017-09-22 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server
CN107241317A (en) * 2017-05-24 2017-10-10 国民认证科技(北京)有限公司 The method and subscriber terminal equipment and authentication server of living things feature recognition identity
CN108737430A (en) * 2018-05-25 2018-11-02 全链通有限公司 The encryption communication method and system of block chain node
CN109064606A (en) * 2018-08-03 2018-12-21 广州邦讯信息系统有限公司 Gate inhibition's task executing method, system, access control system and readable storage medium storing program for executing

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843675A (en) * 2011-06-24 2012-12-26 中兴通讯股份有限公司 Cluster call voice encryption method, terminal and system
US20130219166A1 (en) * 2012-02-20 2013-08-22 Motorola Mobility, Inc. Hardware based identity manager
CN106656510A (en) * 2017-01-04 2017-05-10 天地融科技股份有限公司 Encryption key acquisition method and system
CN107196922A (en) * 2017-05-03 2017-09-22 国民认证科技(北京)有限公司 Identity identifying method, user equipment and server
CN107241317A (en) * 2017-05-24 2017-10-10 国民认证科技(北京)有限公司 The method and subscriber terminal equipment and authentication server of living things feature recognition identity
CN108737430A (en) * 2018-05-25 2018-11-02 全链通有限公司 The encryption communication method and system of block chain node
CN109064606A (en) * 2018-08-03 2018-12-21 广州邦讯信息系统有限公司 Gate inhibition's task executing method, system, access control system and readable storage medium storing program for executing

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111031047A (en) * 2019-12-16 2020-04-17 中国南方电网有限责任公司 Device communication method, device, computer device and storage medium
CN111031047B (en) * 2019-12-16 2022-08-12 中国南方电网有限责任公司 Device communication method, device, computer device and storage medium
CN111641615A (en) * 2020-05-20 2020-09-08 深圳市今天国际物流技术股份有限公司 Distributed identity authentication method and system based on certificate
US20220377057A1 (en) * 2021-05-21 2022-11-24 Zoom Video Communications, Inc. Systems and methods for securing videoconferencing meetings
US11765143B2 (en) * 2021-05-21 2023-09-19 Zoom Video Communications, Inc. Systems and methods for securing videoconferencing meetings
CN113315641A (en) * 2021-08-02 2021-08-27 飞天诚信科技股份有限公司 Seed key backup method, electronic equipment and system
CN115529127A (en) * 2022-09-23 2022-12-27 中科海川(北京)科技有限公司 Device authentication method, device, medium and device based on SD-WAN scene
CN115529127B (en) * 2022-09-23 2023-10-03 中科海川(北京)科技有限公司 Device authentication method, device, medium and device based on SD-WAN scene

Also Published As

Publication number Publication date
CN110190964B (en) 2022-03-15

Similar Documents

Publication Publication Date Title
CN110493261B (en) Verification code obtaining method based on block chain, client, server and storage medium
CN110190964A (en) Identity identifying method and electronic equipment
CN104618116B (en) A kind of cooperative digital signature system and its method
CN108768633B (en) Method and device for realizing information sharing in block chain
CN109194465B (en) Method for managing keys, user equipment, management device and storage medium
CN111431713B (en) Private key storage method and device and related equipment
CN108462710B (en) Authentication and authorization method, device, authentication server and machine-readable storage medium
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
US11818120B2 (en) Non-custodial tool for building decentralized computer applications
CN111460453A (en) Machine learning training method, controller, device, server, terminal and medium
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN109951295B (en) Key processing and using method, device, equipment and medium
CN107800675A (en) A kind of data transmission method, terminal and server
CN112740615B (en) Key management for multiparty computing
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN109818747A (en) Digital signature method and device
CN116980230B (en) Information security protection method and device
CN112633884A (en) Local private key recovery method and device for transaction main body identity certificate
CN112308236A (en) Method, device, electronic equipment and storage medium for processing user request
CN111654503A (en) Remote control method, device, equipment and storage medium
CN114139176A (en) Industrial internet core data protection method and system based on state secret
CN106257859A (en) A kind of password using method
CN115473655B (en) Terminal authentication method, device and storage medium for access network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant