CN110380852A - Mutual authentication method and communication system - Google Patents

Mutual authentication method and communication system Download PDF

Info

Publication number
CN110380852A
CN110380852A CN201910659616.2A CN201910659616A CN110380852A CN 110380852 A CN110380852 A CN 110380852A CN 201910659616 A CN201910659616 A CN 201910659616A CN 110380852 A CN110380852 A CN 110380852A
Authority
CN
China
Prior art keywords
server
client
random number
encryption algorithm
target encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910659616.2A
Other languages
Chinese (zh)
Other versions
CN110380852B (en
Inventor
闵庆学
赵东辉
侯晓军
方恒明
李贺男
王佳晗
肖志玮
徐功伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201910659616.2A priority Critical patent/CN110380852B/en
Publication of CN110380852A publication Critical patent/CN110380852A/en
Application granted granted Critical
Publication of CN110380852B publication Critical patent/CN110380852B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of mutual authentication method and communication system.The mutual authentication method, which includes: client, sends the first request message to server-side;Wherein, which is used to request the certificate and cipher suite of the server-side;The server-side sends the first response message to the client;Wherein, which includes the certificate, cipher suite and the first random number of the server-side;The certificate of the client validation server-side, and after being verified in the cipher suite selection target Encryption Algorithm, the target Encryption Algorithm and the second random number are sent to the server-side;The server-side signs to the target Encryption Algorithm and second random number, and the signed data after signature is sent to the client;The client carries out sign test to the signed data, to complete two-way authentication;First random number and second random number are for generating key.The present invention improves communication efficiency.

Description

Mutual authentication method and communication system
Technical field
The present invention relates to field of communication technology more particularly to a kind of mutual authentication method and communication systems.
Background technique
With the development of communication technology, safety problem when client and server-side are communicated more and more attention has been paid to, Before client is communicated with server-side, it is to ensure communication that client, which carries out certification to client to server-side or server-side, The important means of safety.
When client and server-side use basic Hyper text transfer security protocol (Hyper Text Transfer Protocol over Secure Socket Layer, abbreviation https) communication protocol when being communicated, generallys use https The mode of two-way authentication guarantees data communications security.Existing https mutual authentication process, between client and server-side Interaction times are more, and communication process is complicated, and call duration time is too long, and client and service are unable to satisfy in application scenes Hold the requirement to call duration time or treatment effeciency.
Therefore, using existing communication mode, so that the communication efficiency between client and server-side is poor.
Summary of the invention
The present invention provides a kind of mutual authentication method and communication system, to improve the effect of the communication between client and server-side Rate.
The present invention provides a kind of mutual authentication method, comprising:
Client sends the first request message to server-side;Wherein, first request message is for requesting the server-side Certificate and cipher suite;First request message is that server-side sends the certification authentication of client after;
The server-side sends the first response message to the client;Wherein, which includes the server-side Certificate, cipher suite and the first random number;
The certificate of the client validation server-side, and selection target encryption is calculated in the cipher suite after being verified The target Encryption Algorithm and the second random number are sent to the server-side by method;
The server-side signs to the target Encryption Algorithm and second random number, and the signed data after signature is sent Give the client;
The client carries out sign test to the signed data, to complete two-way authentication;First random number and this is second random For number for generating key, which is the key used when the server-side and the client carry out data transmission.
Optionally, before which sends the first request message to server-side, further includes:
Server-side sends the second request message after the certification authentication to client passes through, to the client, this second Request message, which is used to indicate the client, to be established transmission control protocol TCP with the server-side and connect;
The client establishes TCP connection according to second request message and the server-side.
Optionally, the target Encryption Algorithm and the second random number are sent to the server-side by this, comprising:
The client encrypts the target Encryption Algorithm and second random number using the public key of the server-side, and will The encrypted target Encryption Algorithm and second random number are sent to the server-side;
Accordingly,
The server-side signs to the target Encryption Algorithm and second random number, comprising:
The server-side carries out the encrypted target Encryption Algorithm and second random number using the private key of server-side Decryption;And to after decryption the target Encryption Algorithm and second random number sign.
Optionally, which signs to the target Encryption Algorithm and second random number, by the signature after signature Data are sent to the client, comprising:
The server-side signs to the target Encryption Algorithm and second random number using the public key of the client, and will Signed data after signature is sent to the client;
Accordingly,
The client carries out sign test to the signed data, comprising:
The client carries out sign test to the signed data using the private key of the client.
Optionally, this method further include:
The server-side and the client are respectively according to first random number and second generating random number key.
Optionally, the certificate of the server-side and the certificate of the client use elliptic curve encryption algorithm ECC algorithm.
Optionally, which is embedded user identification card eSIM card, which is eSIM platform.
Further, this sends the second request message to the client, comprising:
The server-side sends second request message to the client by short message.
It further, include the internet protocol address and port information of the server-side in the short message.
The present invention provides a kind of communication system, including client and server-side;The client and the server-side are for executing The mutual authentication method of any of the above item.
The present invention provides a kind of mutual authentication method and communication system, sends the first request to server-side by client and disappears Breath;Wherein, the first request message is used to request the certificate and cipher suite of the server-side;First request message is server-side pair What the certification authentication of client was sent after;Server-side sends the first response message to client later;Wherein, the first sound Answering message includes the certificate, cipher suite and the first random number of the server-side;The certificate of client validation server-side, and verifying After in cipher suite selection target Encryption Algorithm, target Encryption Algorithm and the second random number are sent to server-side;Clothes Business end further signs to target Encryption Algorithm and the second random number, and the signed data after signature is sent to client End;Client carries out sign test to the signed data, to complete two-way authentication;First random number and second random number are for giving birth to At key, which is the key used when the server-side and the client carry out data transmission.This pair of the mutual authentication method The certificate that transmission client is not needed into authentication method, the interaction times between client and server-side are reduced, so as to shorten Call duration time between client and server-side, improves communication efficiency.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to do one simply to introduce, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without any creative labor, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of mutual authentication method provided by the invention;
Fig. 2 is a kind of structural schematic diagram of communication system provided by the invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Term " first ", " second " and " third " in each section of the embodiment of the present invention and attached drawing etc. are similar for distinguishing Object, without being used to describe a particular order or precedence order.It should be understood that the data used in this way are in the appropriate case It can be interchanged, so that the embodiment of the present invention described herein can be with suitable other than those of illustrating or describing herein Sequence is implemented.
With the development of communication technology, the safety problem when client in communication system and server-side are communicated is more next It more attracts attention, when client is communicated with server-side using basic https agreement, generallys use that https is two-way to be recognized The mode of card guarantees data communications security.Existing https mutual authentication process, the interaction time between client and server-side Number is more, and communication process is complicated, and call duration time is too long, and client and server-side are unable to satisfy in application scenes to logical Believe the requirement of time or treatment effeciency.To solve the above problems, the present invention provides a kind of mutual authentication method, to improve client Communication efficiency between server-side.
Therefore, using existing communication mode, so that the communication efficiency between client and server-side is poor.
Fig. 1 is a kind of flow diagram of mutual authentication method provided by the invention.The executing subject of this method is to include The communication system of client and server-side.As shown in Figure 1, the method for the present embodiment may include:
S101, client send the first request message to server-side.
Wherein, the first request message is used to request the certificate and cipher suite of server-side;First request message is service The certification authentication to client is held to send after.
In order to ensure communication safety, client and server-side need the certificate of verifying other side mutually to carry out identity validation, Client requests the certificate of server-side to server-side by sending the first request to server-side.In the present embodiment, this first is asked Seeking message is that server-side sends the certification authentication of client after, i.e., during two-way authentication, server-side is first First verify the certificate of client, wherein the certificate of client can be stored in advance in server-side, certificate of the server-side to client After being verified, client just sends first request message to server-side.
Meanwhile in order to realize the encrypted transmission in follow-up data interactive process, client and server-side needs are being authenticated Negotiate the Encryption Algorithm used when subsequent encrypted transmission in the process, therefore, when client sends the first request message to server-side, Other than the certificate to server-side request server-side, cipher suite also is requested to server-side, which includes server-side The multiple encryption algorithms of support.
S102, server-side send the first response message to client.
Wherein, the first response message includes the certificate, cipher suite and the first random number of server-side.
Server-side is sent after the first request message for receiving client transmission, according to the first request message to client First corresponding message, in the first response message other than including the certificate and cipher suite of the requested server-side of client, also Including first random number, which is used to generate during server-side and the subsequent Data Encryption Transmission of client Used key.
The certificate of S103, client validation server-side, and selection target encryption is calculated in cipher suite after being verified Target Encryption Algorithm and the second random number are sent to server-side by method.
After client receives the first response message of server-side transmission, the server-side card in the first response message is verified Book, if being verified, the selection target Encryption Algorithm in cipher suite, the target Encryption Algorithm is client in cipher suite The Encryption Algorithm for progress Data Encryption Transmission between subsequent client and server-side selected in the Encryption Algorithm for being included. Later, the target Encryption Algorithm and the second random number are sent to server-side by client, and second random number is for generating clothes Key used in during business end and the subsequent Data Encryption Transmission of client.
S104, server-side sign to target Encryption Algorithm and the second random number, and the signed data after signature is sent To client.
After server-side receives the target Encryption Algorithm and the second random number of client transmission, to target Encryption Algorithm and Second random number is signed, and the signed data after signature is sent to client.
S105, client carry out sign test to signed data, to complete two-way authentication.
Wherein, for generating key, which is that server-side and client are counted for the first random number and the second random number The key used when according to transmission.
Client carries out sign test after receiving the signed data that server-side is sent, and two-way authentication passes through if being verified. During the above S101 to S105, if the authentication failed of any step, two-way authentication failure.After two-way authentication passes through, visitor Target Encryption Algorithm and key can be used to carry out subsequent data transmission for family end and server-side, wherein key is according to first Random number and the second generating random number.
Mutual authentication method provided in this embodiment sends the first request message to server-side by client;Wherein, One request message is used to request the certificate and cipher suite of the server-side;First request message is card of the server-side to client What book was sent after being verified;Server-side sends the first response message to client later;Wherein, the first response message includes Certificate, cipher suite and the first random number of the server-side;The certificate of client validation server-side, and close after being verified Selection target Encryption Algorithm in code external member, is sent to server-side for target Encryption Algorithm and the second random number;Server-side is further It signs to target Encryption Algorithm and the second random number, and the signed data after signature is sent to client;Client pair The signed data carries out sign test, to complete two-way authentication;For generating key, this is close for first random number and second random number Key is the key used when the server-side and the client carry out data transmission.As it can be seen that not needing to pass in the mutual authentication method The certificate for sending client, the interaction times between client and server-side are reduced, so as to shorten between client and server-side Call duration time, improve communication efficiency.
On the basis of the above embodiments, it before client sends the first request message to server-side in S101, can also wrap It includes:
Server-side sends the second request message after the certification authentication to client passes through, to client, this second is asked It asks message to be used to indicate client and establishes transmission control protocol (Transmission Control Protocol, letter with server-side Claim TCP) connection;Client establishes TCP connection according to second request message and server-side.
Specifically, can be stored in advance in server-side by the certificate of client in this present embodiment, server-side is first verified that The certificate of client, after being verified, server-side sends the second request message to client, to indicate that client is built with server-side TCP connection is found, client can be carried in second request message and establishes information required for TCP connection, such as server-side Internet protocol address (Internet Protocol Address, abbreviation IP address) and port etc., client can basis The information and server-side carried in the second request message received establishes TCP connection.Later between client and server-side Verification process is based only upon Transmission Control Protocol and is communicated, rather than is based on https communication protocol, that is, does not need to transmit in verification process The https message of standard, keeps communication efficiency higher.
During two-way authentication, after verifying certificate, client or server-side can make for client and server-side It is encrypted with the public key in the certificate of opposite end to data are sent, and opposite end is then decrypted using private key, to guarantee two-way to recognize Communication security during card.
Therefore, on the basis of the above embodiments, client sends target Encryption Algorithm and the second random number in S103 To server-side, comprising:
Client encrypts target Encryption Algorithm and the second random number using the public key of server-side, and will be encrypted Target Encryption Algorithm and the second random number are sent to server-side.
Accordingly,
Server-side signs to target Encryption Algorithm and the second random number in S104, comprising:
Server-side using after the private key pair encryption of server-side target Encryption Algorithm and the second random number be decrypted;And it is right Target Encryption Algorithm and the second random number after decryption are signed.
In the above process, client is encrypted target Encryption Algorithm and the second random number using the public key of server-side, Server-side is decrypted after receiving encryption data using the private key of server-side, to guarantee the association in target Encryption Algorithm Data safety during quotient ensure that only server-side could obtain the encryption of target selected by client by private key decryption Algorithm and the second random number.
Similarly, server-side signs to target Encryption Algorithm and the second random number in S104, by the signature after signature Data are sent to client, may also include that
Server-side signs to target Encryption Algorithm and the second random number using the public key of client, and will be after signature Signed data is sent to client.
Accordingly,
Client carries out sign test to signed data in S105, comprising:
Client carries out sign test to signed data using the private key of client.
In the above process, server-side signs to target Encryption Algorithm and the second random number, i.e., server-side is according to signature Algorithm is attached to target Encryption Algorithm and second to target Encryption Algorithm and the second random number calculate the signature value, and by the signature value After random number, client is sent to as signed data.Client is encrypted according to target again after receiving signed data Algorithm and the second random number calculate the signature value, and the signature value sent with server-side compares, if two signature values are identical, sign test Pass through.
After client passes through server-side sign test, then mutual authentication process terminates, and client can be adopted with server-side later The target Encryption Algorithm and key selected with client carries out data transmission.Wherein, server-side and client are respectively according to first Random number and the second generating random number key.
In mutual authentication method provided in this embodiment, since server-side and client have obtained first random number With the second random number, therefore server-side and client visitor are respectively according to the first random number and the second generating random number key, that is, clothes End and the client of being engaged in are according to one identical key of the first random number and the second generating random number, for after carrying out two-way authentication Data transmission.In the process, server-side and client do not need cipher key delivery avoiding carry out cipher key delivery to opposite end When key obtained by third party, to further improve the safety of communication.
Further, on the basis of the above embodiments, the certificate of server-side and the certificate of client are added using oval Close algorithm (Elliptic curve cryptography, ECC algorithm).Common algorithm in compared with the prior art, for example, it is non- Symmetric encipherment algorithm (RSA Algorithm), it is comparable or more high with RSA Algorithm to provide that shorter key can be used in ECC algorithm The safety of grade, at the same ECC algorithm in encrypting and decrypting speed also faster than the speed of RSA Algorithm, the memory space of occupancy is more Small, the requirement to bandwidth is also lower.
The mutual authentication method that the various embodiments described above provide can be applied to the scene of various clients and server-side communication In, the time of two-way authentication is carried out to reduce client and server-side, improves the efficiency of two-way authentication
In a kind of application scenarios, client can be embedded user identification card (Embedded Subscriber Identification Module, eSIM card), corresponding server-side can be eSIM platform, or manage platform for eSIM.
Then in S101 client to server-side send the first request message;Wherein, the first request message is for requesting service The certificate and cipher suite at end;First request message is that server-side sends the certification authentication of client after.That is, ESIM card sends the certificate and cipher suite that the first request message is used to request eSIM platform to eSIM platform.
Specifically, in this scenario, eSIM platform first verifies that the certificate of eSIM card, wherein the card of the certificate of eSIM card Book can be stored in advance in eSIM platform, so that eSIM card does not need to transmit eSIM to eSIM platform during two-way authentication The certificate of card.After the certificate of eSIM platform validation eSIM card, eSIM card sends the first request message to eSIM platform.
Correspondingly, server-side sends the second request message to client, it may also include that server-side passes through short message to client The second request message is sent, correspondingly, including Internet protocol (the Internet Protocol of server-side in short message Address, IP address) and port information.That is, being sent out by short message to eSIM card after the certificate of eSIM platform validation eSIM card The second request message is sent, eSIM card is used to indicate and eSIM platform establishes TCP connection, the short message that eSIM platform is sent to eSIM card In may include eSIM platform IP address and port information, eSIM clamping receive the short message after, according to the IP address in short message TCP connection request is initiated to eSIM platform with port information, to establish connection with eSIM platform.Later, eSIM card can be to ESIM platform sends the first request message.
Further, in S102 server-side to client send the first response message;Wherein, the first response message includes clothes Certificate, cipher suite and first random number at business end, as, eSIM platform sends the first response message to eSIM card, this first It include the certificate, cipher suite and the first random number of eSIM platform in corresponding message.
The certificate of client validation server-side in S103, and selection target encryption is calculated in cipher suite after being verified Target Encryption Algorithm and the second random number are sent to server-side by method, as, the certificate of eSIM card verifying eSIM platform, and After being verified in cipher suite selection target Encryption Algorithm, target Encryption Algorithm and the second random number are sent to eSIM and put down Platform.
Server-side signs to target Encryption Algorithm and the second random number in S104, and the signed data after signature is sent To client, as, eSIM platform signs to target Encryption Algorithm and the second random number, and the signed data after signature is sent out Give eSIM card.
Client carries out sign test to signed data in S105, to complete two-way authentication;First random number and the second random number For generating key, which is the key used when server-side and client carry out data transmission, and as, eSIM card is to signature Data carry out sign test, to complete two-way authentication;For generating key, which is server-side for first random number and the second random number Sign test is carried out with to signed data, to complete two-way authentication;First random number and the second random number are for generating key, the key The key that the key used when carrying out data transmission for eSIM platform and client uses when carrying out data transmission.
Since the communication capacity of eSIM card itself is weaker, when eSIM card and eSIM platform are communicated, according to existing There is the mutual authentication process in technology, call duration time is too long, then be easy to cause communication terminal, and influence the concurrently place of eSIM platform Efficiency is managed, and mutual authentication method provided by the invention is applied in the communication system that eSIM card and eSIM platform form, it can To simplify the interaction flow of eSIM card and eSIM platform, shorten the call duration time of eSIM card and eSIM platform, improves eSIM platform Concurrent processing efficiency.
Fig. 2 is a kind of structural schematic diagram of communication system provided by the invention.As shown in Fig. 2, communication system 20 includes visitor Family end 201 and server-side 202.
Wherein, client 201 and server-side 202 are used to execute mutual authentication method shown in any of the above embodiment, The realization principle and technical effect are similar, and details are not described herein again.
In the description of the present invention, it is to be understood that, term " includes " used herein and " having " and they Any deformation, it is intended that cover it is non-exclusive include, for example, containing the process, method of a series of steps or units, being System, product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include be not clearly listed or For the intrinsic other step or units of these process, methods, product or equipment.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or The various media that can store program code such as person's CD.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (10)

1. a kind of mutual authentication method characterized by comprising
Client sends the first request message to server-side;Wherein, first request message is for requesting the server-side Certificate and cipher suite;First request message is that server-side sends the certification authentication of client after;
The server-side sends the first response message to the client;Wherein, first response message includes the service Certificate, cipher suite and first random number at end;
The certificate of server-side described in the client validation, and selection target encrypts in the cipher suite after being verified The target Encryption Algorithm and the second random number are sent to the server-side by algorithm;
The server-side signs to the target Encryption Algorithm and second random number, and the signed data after signature is sent out Give the client;
The client carries out sign test to the signed data, to complete two-way authentication;First random number and described second Random number is the key used when the server-side and the client carry out data transmission for generating key, the key.
2. the method according to claim 1, wherein the client to server-side send the first request message it Before, further includes:
Server-side is after the certification authentication to client passes through, Xiang Suoshu client the second request message of transmission, and described second Request message, which is used to indicate the client, to be established transmission control protocol TCP with the server-side and connect;
The client establishes TCP connection according to second request message and the server-side.
3. the method according to claim 1, wherein described send out the target Encryption Algorithm and the second random number Give the server-side, comprising:
The client encrypts the target Encryption Algorithm and second random number using the public key of the server-side, And the encrypted target Encryption Algorithm and second random number are sent to the server-side;
Accordingly,
The server-side signs to the target Encryption Algorithm and second random number, comprising:
The server-side is using the private key of server-side to the encrypted target Encryption Algorithm and second random number It is decrypted;And to after decryption the target Encryption Algorithm and second random number sign.
4. the method according to claim 1, wherein the server-side is to the target Encryption Algorithm and described Two random numbers are signed, and the signed data after signature is sent to the client, comprising:
The server-side signs to the target Encryption Algorithm and second random number using the public key of the client, And the signed data after signature is sent to the client;
Accordingly,
The client carries out sign test to the signed data, comprising:
The client carries out sign test to the signed data using the private key of the client.
5. method according to claim 1-4, which is characterized in that further include:
The server-side and the client key according to first random number and second generating random number respectively.
6. method according to claim 1-4, which is characterized in that the certificate of the server-side and the client Certificate use elliptic curve encryption algorithm ECC algorithm.
7. according to the method described in claim 2, it is characterized in that, the client is embedded user identification card eSIM Card, the server-side are eSIM platform.
8. the method according to the description of claim 7 is characterized in that described send the second request message, packet to the client It includes:
The server-side sends second request message to the client by short message.
9. according to the method described in claim 8, it is characterized in that, including the Internet protocol of the server-side in the short message IP address and port information.
10. a kind of communication system, which is characterized in that including client and server-side;The client and the server-side are used for Perform claim requires the described in any item methods of 1-9.
CN201910659616.2A 2019-07-22 2019-07-22 Bidirectional authentication method and communication system Active CN110380852B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910659616.2A CN110380852B (en) 2019-07-22 2019-07-22 Bidirectional authentication method and communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910659616.2A CN110380852B (en) 2019-07-22 2019-07-22 Bidirectional authentication method and communication system

Publications (2)

Publication Number Publication Date
CN110380852A true CN110380852A (en) 2019-10-25
CN110380852B CN110380852B (en) 2023-06-16

Family

ID=68254551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910659616.2A Active CN110380852B (en) 2019-07-22 2019-07-22 Bidirectional authentication method and communication system

Country Status (1)

Country Link
CN (1) CN110380852B (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111405537A (en) * 2020-03-23 2020-07-10 杭州涂鸦信息技术有限公司 Bidirectional security authentication method based on ble connection, system and equipment thereof
CN111885055A (en) * 2020-07-22 2020-11-03 中国联合网络通信集团有限公司 Communication method and device
CN111918283A (en) * 2020-07-27 2020-11-10 宁波奥克斯电气股份有限公司 Network distribution method, device and system of Internet of things equipment and storage medium
CN112134843A (en) * 2020-08-19 2020-12-25 南京信息职业技术学院 Authentication method of Internet of things equipment
CN112543448A (en) * 2020-12-21 2021-03-23 中国联合网络通信集团有限公司 Electronic card mounting method, device and system
CN112636925A (en) * 2020-12-24 2021-04-09 浪潮思科网络科技有限公司 SM3 digital signature authentication method, device and equipment based on TCP
CN112737790A (en) * 2020-12-30 2021-04-30 北京天融信网络安全技术有限公司 Data transmission method and device, server and client terminal
CN113596046A (en) * 2021-08-03 2021-11-02 中电金信软件有限公司 Bidirectional authentication method and device
CN113609467A (en) * 2021-07-14 2021-11-05 海南视联通信技术有限公司 Identity authentication method, identity authentication device, terminal equipment and storage medium
CN113672897A (en) * 2021-07-22 2021-11-19 北京奇艺世纪科技有限公司 Data communication method, device, electronic equipment and storage medium
CN113746807A (en) * 2021-08-11 2021-12-03 北银金融科技有限责任公司 Block chain node point support cryptographic algorithm communication detection method
CN113742710A (en) * 2021-09-14 2021-12-03 广东中星电子有限公司 Bidirectional authentication system
CN114143026A (en) * 2021-10-26 2022-03-04 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN114726558A (en) * 2020-12-21 2022-07-08 航天信息股份有限公司 Authentication method, authentication device, electronic equipment and storage medium
CN114745204A (en) * 2022-05-18 2022-07-12 北京天融信网络安全技术有限公司 Registration method and device
CN115002745A (en) * 2022-04-21 2022-09-02 武汉天喻信息产业股份有限公司 eSIM card authentication method, terminal and eSIM card
CN116055188A (en) * 2023-01-28 2023-05-02 紫光同芯微电子有限公司 Bidirectional authentication method, bidirectional authentication device and bidirectional authentication system for equipment

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN102082796A (en) * 2011-01-20 2011-06-01 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
CN102857393A (en) * 2012-09-11 2013-01-02 中国电力科学研究院 Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method
CN103491094A (en) * 2013-09-26 2014-01-01 成都三零瑞通移动通信有限公司 Rapid identity authentication method based on C/S mode
WO2014069985A1 (en) * 2012-11-05 2014-05-08 Mimos Berhad System and method for identity-based entity authentication for client-server communications
CN105915342A (en) * 2016-07-01 2016-08-31 广州爱九游信息技术有限公司 Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method
CN106161449A (en) * 2016-07-19 2016-11-23 青松智慧(北京)科技有限公司 Transmission method without key authentication and system
CN107147611A (en) * 2016-03-01 2017-09-08 华为技术有限公司 Method, user equipment, server and the system of Transport Layer Security TLS link setups
CN108429620A (en) * 2018-01-25 2018-08-21 新华三技术有限公司 Method for building up, system and the client and server-side of secure connection
CN108650227A (en) * 2018-03-30 2018-10-12 苏州科达科技股份有限公司 Handshake method based on datagram secure transfer protocol and system
CN109040055A (en) * 2018-07-30 2018-12-18 美通云动(北京)科技有限公司 The method for realizing Web secure access using domestic password
CN109831464A (en) * 2019-04-01 2019-05-31 北京百度网讯科技有限公司 Method and apparatus for ciphertext data
CN110035071A (en) * 2019-03-26 2019-07-19 南瑞集团有限公司 A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100217975A1 (en) * 2009-02-25 2010-08-26 Garret Grajek Method and system for secure online transactions with message-level validation
CN102082796A (en) * 2011-01-20 2011-06-01 北京融易通信息技术有限公司 Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
CN102857393A (en) * 2012-09-11 2013-01-02 中国电力科学研究院 Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method
WO2014069985A1 (en) * 2012-11-05 2014-05-08 Mimos Berhad System and method for identity-based entity authentication for client-server communications
CN103491094A (en) * 2013-09-26 2014-01-01 成都三零瑞通移动通信有限公司 Rapid identity authentication method based on C/S mode
CN107147611A (en) * 2016-03-01 2017-09-08 华为技术有限公司 Method, user equipment, server and the system of Transport Layer Security TLS link setups
CN105915342A (en) * 2016-07-01 2016-08-31 广州爱九游信息技术有限公司 Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method
CN106161449A (en) * 2016-07-19 2016-11-23 青松智慧(北京)科技有限公司 Transmission method without key authentication and system
CN108429620A (en) * 2018-01-25 2018-08-21 新华三技术有限公司 Method for building up, system and the client and server-side of secure connection
CN108650227A (en) * 2018-03-30 2018-10-12 苏州科达科技股份有限公司 Handshake method based on datagram secure transfer protocol and system
CN109040055A (en) * 2018-07-30 2018-12-18 美通云动(北京)科技有限公司 The method for realizing Web secure access using domestic password
CN110035071A (en) * 2019-03-26 2019-07-19 南瑞集团有限公司 A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system
CN109831464A (en) * 2019-04-01 2019-05-31 北京百度网讯科技有限公司 Method and apparatus for ciphertext data

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
DUMITRU DANIEL DINU ET AL.: "DHCP server authentication using digital certificates", 《2014 10TH INTERNATIONAL CONFERENCE ON COMMUNICATIONS (COMM)》 *
WEI LI ET AL.: "Improvement Method of SSL Protocol Identity Authentication Based on the Attribute Certificate", 《2012 INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND SERVICE SYSTEM》 *
左志斌;: "一种基于数字证书的USBKey身份认证方案", 河南科技, no. 18 *
陈亚茹;陈庄;齐锋;: "一种基于CPK的远程认证方案", 信息安全研究, no. 11 *

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111405537A (en) * 2020-03-23 2020-07-10 杭州涂鸦信息技术有限公司 Bidirectional security authentication method based on ble connection, system and equipment thereof
CN111885055A (en) * 2020-07-22 2020-11-03 中国联合网络通信集团有限公司 Communication method and device
CN111885055B (en) * 2020-07-22 2023-01-31 中国联合网络通信集团有限公司 Communication method and device
CN111918283A (en) * 2020-07-27 2020-11-10 宁波奥克斯电气股份有限公司 Network distribution method, device and system of Internet of things equipment and storage medium
CN112134843A (en) * 2020-08-19 2020-12-25 南京信息职业技术学院 Authentication method of Internet of things equipment
CN112134843B (en) * 2020-08-19 2023-10-13 南京信息职业技术学院 Authentication method of Internet of things equipment
CN114726558A (en) * 2020-12-21 2022-07-08 航天信息股份有限公司 Authentication method, authentication device, electronic equipment and storage medium
CN112543448A (en) * 2020-12-21 2021-03-23 中国联合网络通信集团有限公司 Electronic card mounting method, device and system
CN114726558B (en) * 2020-12-21 2024-05-28 航天信息股份有限公司 Authentication method, authentication device, electronic equipment and storage medium
CN112636925A (en) * 2020-12-24 2021-04-09 浪潮思科网络科技有限公司 SM3 digital signature authentication method, device and equipment based on TCP
CN112636925B (en) * 2020-12-24 2023-02-03 浪潮思科网络科技有限公司 SM3 digital signature authentication method, device and equipment based on TCP
CN112737790B (en) * 2020-12-30 2023-04-07 北京天融信网络安全技术有限公司 Data transmission method and device, server and client terminal
CN112737790A (en) * 2020-12-30 2021-04-30 北京天融信网络安全技术有限公司 Data transmission method and device, server and client terminal
CN113609467B (en) * 2021-07-14 2024-05-10 海南视联通信技术有限公司 Identity authentication method, device, terminal equipment and storage medium
CN113609467A (en) * 2021-07-14 2021-11-05 海南视联通信技术有限公司 Identity authentication method, identity authentication device, terminal equipment and storage medium
CN113672897A (en) * 2021-07-22 2021-11-19 北京奇艺世纪科技有限公司 Data communication method, device, electronic equipment and storage medium
CN113672897B (en) * 2021-07-22 2024-03-08 北京奇艺世纪科技有限公司 Data communication method, device, electronic equipment and storage medium
CN113596046A (en) * 2021-08-03 2021-11-02 中电金信软件有限公司 Bidirectional authentication method and device
CN113746807A (en) * 2021-08-11 2021-12-03 北银金融科技有限责任公司 Block chain node point support cryptographic algorithm communication detection method
CN113742710A (en) * 2021-09-14 2021-12-03 广东中星电子有限公司 Bidirectional authentication system
CN114143026A (en) * 2021-10-26 2022-03-04 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN114143026B (en) * 2021-10-26 2024-01-23 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN115002745A (en) * 2022-04-21 2022-09-02 武汉天喻信息产业股份有限公司 eSIM card authentication method, terminal and eSIM card
CN114745204A (en) * 2022-05-18 2022-07-12 北京天融信网络安全技术有限公司 Registration method and device
CN116055188A (en) * 2023-01-28 2023-05-02 紫光同芯微电子有限公司 Bidirectional authentication method, bidirectional authentication device and bidirectional authentication system for equipment
CN116055188B (en) * 2023-01-28 2023-07-14 紫光同芯微电子有限公司 Bidirectional authentication method, bidirectional authentication device and bidirectional authentication system for equipment

Also Published As

Publication number Publication date
CN110380852B (en) 2023-06-16

Similar Documents

Publication Publication Date Title
CN110380852A (en) Mutual authentication method and communication system
US10601801B2 (en) Identity authentication method and apparatus
CN107508796B (en) A kind of data communications method and device
CN109067539B (en) Alliance chain transaction method, alliance chain transaction equipment and computer readable storage medium
CN105007279B (en) Authentication method and Verification System
WO2018000886A1 (en) Application program communication processing system, apparatus, method, and client terminal, and server terminal
CN108810029A (en) Right discriminating system and optimization method between a kind of micro services infrastructure services
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
CN109495445A (en) Identity identifying method, device, terminal, server and medium based on Internet of Things
CA3164765A1 (en) Secure communication method and device based on identity authentication
WO2019001061A1 (en) Payment verification method and system, and mobile device and security authentication device
CN108768633A (en) Realize the method and device of information sharing in block chain
CN107579826A (en) A kind of method for network authorization, transit node and related system
CN111131416A (en) Business service providing method and device, storage medium and electronic device
CN112351037B (en) Information processing method and device for secure communication
US10411886B1 (en) Authenticating secure channel establishment messages based on shared-secret
CN109741068A (en) Internetbank inter-bank contracting method, apparatus and system
CN103546289A (en) USB (universal serial bus) Key based secure data transmission method and system
CN104660412A (en) Password-less security authentication method and system for mobile equipment
CN111949958B (en) Authorization authentication method and device in Oauth protocol
CN103414699A (en) Authentication method for client certificate, server and client
CN110958209A (en) Bidirectional authentication method, system and terminal based on shared secret key
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
CN114362993A (en) Block chain assisted Internet of vehicles security authentication method
TW201537937A (en) Unified identity authentication platform and authentication method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant