CN110380852B - Bidirectional authentication method and communication system - Google Patents
Bidirectional authentication method and communication system Download PDFInfo
- Publication number
- CN110380852B CN110380852B CN201910659616.2A CN201910659616A CN110380852B CN 110380852 B CN110380852 B CN 110380852B CN 201910659616 A CN201910659616 A CN 201910659616A CN 110380852 B CN110380852 B CN 110380852B
- Authority
- CN
- China
- Prior art keywords
- server
- client
- random number
- encryption algorithm
- sends
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention provides a bidirectional authentication method and a communication system. The bidirectional authentication method comprises the following steps: the client sends a first request message to the server; the first request message is used for requesting a certificate and a password suite of the server; the server side sends a first response message to the client side; the first response message comprises a certificate of the server, a password suite and a first random number; the client verifies the certificate of the server, selects a target encryption algorithm from the password suite after the verification is passed, and sends the target encryption algorithm and a second random number to the server; the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client; the client performs signature verification on the signature data to complete bidirectional authentication; the first random number and the second random number are used to generate a key. The invention improves the communication efficiency.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a bidirectional authentication method and a communication system.
Background
With the development of communication technology, the security problem during the communication between the client and the server is more and more concerned, and before the communication between the client and the server, the authentication of the client by the client or the server is an important means for guaranteeing the communication security.
When the client and the server use a basic hypertext transfer security protocol (Hyper Text Transfer Protocol over Secure Socket Layer, https) to communicate, an https bidirectional authentication mode is generally adopted to ensure the security of data communication. In the existing https bidirectional authentication process, the interaction times between the client and the server are more, the communication flow is complex, the communication time is too long, and the requirements of the client and the server on the communication time or the processing efficiency can not be met in some application scenes.
Therefore, the existing communication mode is adopted, so that the communication efficiency between the client and the server is poor.
Disclosure of Invention
The invention provides a bidirectional authentication method and a communication system, which are used for improving the communication efficiency between a client and a server.
The invention provides a bidirectional authentication method, which comprises the following steps:
the client sends a first request message to the server; the first request message is used for requesting a certificate and a password suite of the server; the first request message is sent after the certificate of the client is verified by the server;
the server side sends a first response message to the client side; the first response message comprises a certificate of the server, a password suite and a first random number;
the client verifies the certificate of the server, selects a target encryption algorithm from the password suite after the verification is passed, and sends the target encryption algorithm and a second random number to the server;
the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client;
the client performs signature verification on the signature data to complete bidirectional authentication; the first random number and the second random number are used for generating a key, and the key is used when the server and the client transmit data.
Optionally, before the client sends the first request message to the server, the method further includes:
after the certificate of the client passes verification, the server sends a second request message to the client, wherein the second request message is used for indicating the client to establish a Transmission Control Protocol (TCP) connection with the server;
and the client establishes TCP connection with the server according to the second request message.
Optionally, the sending the target encryption algorithm and the second random number to the server includes:
the client encrypts the target encryption algorithm and the second random number by using the public key of the server and sends the encrypted target encryption algorithm and the encrypted second random number to the server;
in a corresponding manner to the fact that,
the server signs the target encryption algorithm and the second random number, including:
the server uses the private key of the server to decrypt the encrypted target encryption algorithm and the second random number; and signing the decrypted target encryption algorithm and the second random number.
Optionally, the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client, including:
the server signs the target encryption algorithm and the second random number by using the public key of the client, and sends signed signature data to the client;
in a corresponding manner to the fact that,
the client performs signature verification on the signature data, and the method comprises the following steps:
the client uses the private key of the client to sign the signature data.
Optionally, the method further comprises:
the server and the client generate the key according to the first random number and the second random number respectively.
Optionally, the certificate of the server and the certificate of the client adopt an elliptic encryption algorithm (ECC) algorithm.
Optionally, the client is an embedded subscriber identity module (eSIM) card, and the server is an eSIM platform.
Further, the sending the second request message to the client includes:
the server side sends the second request message to the client side through the short message.
Further, the short message includes the Internet Protocol (IP) address and port information of the server.
The invention provides a communication system, which comprises a client and a server; the client and the server are used for executing the two-way authentication method of any one of the above.
The invention provides a bidirectional authentication method and a communication system, wherein a client sends a first request message to a server; the first request message is used for requesting a certificate and a password suite of the server; the first request message is sent after the certificate of the client is verified by the server; then the server side sends a first response message to the client side; the first response message comprises a certificate of the server, a password suite and a first random number; the client verifies the certificate of the server, selects a target encryption algorithm in the password suite after verification is passed, and sends the target encryption algorithm and the second random number to the server; the server further signs the target encryption algorithm and the second random number, and sends signed signature data to the client; the client performs signature verification on the signature data to finish bidirectional authentication; the first random number and the second random number are used for generating a key, and the key is used when the server and the client transmit data. According to the two-way authentication method, the certificate of the client is not required to be transmitted, and the interaction times between the client and the server are reduced, so that the communication time between the client and the server is shortened, and the communication efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to the drawings without inventive effort to a person skilled in the art.
Fig. 1 is a schematic flow chart of a bidirectional authentication method provided by the invention;
fig. 2 is a schematic structural diagram of a communication system according to the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms "first," "second," and "third," and the like, in various portions of the embodiments and in the drawings, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein.
With the development of communication technology, the security problem during communication between a client and a server in a communication system is more and more concerned, and when the client and the server use a basic https protocol for communication, an https bidirectional authentication mode is generally adopted to ensure the security of data communication. In the existing https bidirectional authentication process, the interaction times between the client and the server are more, the communication flow is complex, the communication time is too long, and the requirements of the client and the server on the communication time or the processing efficiency can not be met in some application scenes. In order to solve the above problems, the present invention provides a two-way authentication method to improve the communication efficiency between a client and a server.
Therefore, the existing communication mode is adopted, so that the communication efficiency between the client and the server is poor.
Fig. 1 is a schematic flow chart of a bidirectional authentication method provided by the invention. The execution subject of the method is a communication system comprising a client and a server. As shown in fig. 1, the method of the present embodiment may include:
s101, the client sends a first request message to the server.
The first request message is used for requesting a certificate and a password suite of the server; the first request message is sent after the certificate of the client is verified by the server.
In order to ensure communication security, the client and the server need to mutually authenticate the certificate of each other to perform identity confirmation, and the client requests the certificate of the server from the server by sending a first request to the server. In this embodiment, the first request message is sent after the server side verifies the certificate of the client side, that is, in the process of bidirectional authentication, the server side first verifies the certificate of the client side, where the certificate of the client side may be stored in the server side in advance, and the client side sends the first request message to the server side after the server side verifies the certificate of the client side.
Meanwhile, in order to realize the encryption transmission in the subsequent data interaction process, the client and the server need to negotiate the encryption algorithm adopted in the subsequent encryption transmission in the authentication process, so when the client sends the first request message to the server, the client requests the server for a password suite in addition to the certificate of the server, and the password suite contains a plurality of encryption algorithms supported by the server.
S102, the server side sends a first response message to the client side.
The first response message comprises a certificate of the server, a password suite and a first random number.
After receiving the first request message sent by the client, the server sends a first corresponding message to the client according to the first request message, wherein the first response message comprises a first random number in addition to the certificate and the password suite of the server requested by the client, and the first random number is used for generating keys used in the subsequent data encryption transmission process of the server and the client.
S103, the client verifies the certificate of the server, selects a target encryption algorithm in the password suite after verification is passed, and sends the target encryption algorithm and the second random number to the server.
After receiving the first response message sent by the server, the client verifies the server certificate in the first response message, and if the verification is passed, a target encryption algorithm is selected in the password suite, wherein the target encryption algorithm is an encryption algorithm which is selected by the client from encryption algorithms contained in the password suite and used for carrying out data encryption transmission between the subsequent client and the server. And then, the client sends the target encryption algorithm and a second random number to the server, wherein the second random number is used for generating a secret key used in the subsequent data encryption transmission process of the server and the client.
S104, the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client.
After receiving the target encryption algorithm and the second random number sent by the client, the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client.
S105, the client performs signature verification on the signature data to finish bidirectional authentication.
The first random number and the second random number are used for generating a secret key, and the secret key is used when the server and the client transmit data.
And the client receives the signature data sent by the server and then performs signature verification, and if the verification is passed, the two-way authentication is passed. In the above processes of S101 to S105, if any one of the authentication steps fails, the mutual authentication fails. After the two-way authentication is passed, the client and the server can use the target encryption algorithm and the secret key to carry out subsequent data transmission, wherein the secret key is generated according to the first random number and the second random number.
According to the bidirectional authentication method provided by the embodiment, a first request message is sent to a server through a client; the first request message is used for requesting a certificate and a password suite of the server; the first request message is sent after the certificate of the client is verified by the server; then the server side sends a first response message to the client side; the first response message comprises a certificate of the server, a password suite and a first random number; the client verifies the certificate of the server, selects a target encryption algorithm in the password suite after verification is passed, and sends the target encryption algorithm and the second random number to the server; the server further signs the target encryption algorithm and the second random number, and sends signed signature data to the client; the client performs signature verification on the signature data to finish bidirectional authentication; the first random number and the second random number are used for generating a key, and the key is used when the server and the client transmit data. Therefore, the mutual authentication method does not need to transmit the certificate of the client, and the interaction times between the client and the server are reduced, so that the communication time between the client and the server is shortened, and the communication efficiency is improved.
On the basis of the foregoing embodiment, before the client sends the first request message to the server in S101, the method may further include:
after the certificate of the client passes verification, the server sends a second request message to the client, wherein the second request message is used for indicating the client to establish a transmission control protocol (Transmission Control Protocol, TCP for short) connection with the server; and the client establishes TCP connection with the server according to the second request message.
Specifically, since the certificate of the client may be stored in the server in advance, the server first verifies the certificate of the client, and after the verification is passed, the server sends a second request message to the client to instruct the client to establish a TCP connection with the server, where the second request message may carry information required for establishing the TCP connection between the client and the server, for example, an internet protocol address (Internet Protocol Address, abbreviated as IP address) and a port of the server, and the client may establish a TCP connection with the server according to the information carried in the received second request message. And then, the authentication process between the client and the server is only based on the TCP protocol, but not based on the https communication protocol, namely, the standard https message is not required to be transmitted in the authentication process, so that the communication efficiency is higher.
In the process of bidirectional authentication, after the client and the server verify the certificate, the client or the server can encrypt the sent data by using the public key in the opposite-end certificate, and the opposite-end uses the private key to decrypt, so that the communication security in the process of bidirectional authentication is ensured.
Therefore, on the basis of the above embodiment, the client sends the target encryption algorithm and the second random number to the server in S103, including:
the client encrypts the target encryption algorithm and the second random number by using the public key of the server, and sends the encrypted target encryption algorithm and the second random number to the server.
In a corresponding manner to the fact that,
in S104, the server signs the target encryption algorithm and the second random number, including:
the server decrypts the encrypted target encryption algorithm and the second random number by using a private key of the server; and signing the decrypted target encryption algorithm and the second random number.
In the process, the client encrypts the target encryption algorithm and the second random number by using the public key of the server, and the server decrypts by using the private key of the server after receiving the encrypted data, so that the data security in the negotiation process of the target encryption algorithm is ensured, and only the server can decrypt by the private key to obtain the target encryption algorithm and the second random number selected by the client.
Similarly, in S104, the server signs the target encryption algorithm and the second random number, and sends the signed signature data to the client, which may further include:
the server signs the target encryption algorithm and the second random number by using the public key of the client, and sends the signed signature data to the client.
In a corresponding manner to the fact that,
in S105, the client performs signature verification on the signature data, including:
the client uses the private key of the client to check the signature data.
In the above process, the server signs the target encryption algorithm and the second random number, that is, the server calculates a signature value for the target encryption algorithm and the second random number according to the signature algorithm, and sends the signature value to the client as signature data after the signature value is attached to the target encryption algorithm and the second random number. After receiving the signature data, the client calculates a signature value again according to the target encryption algorithm and the second random number, compares the signature value with the signature value sent by the server, and if the two signature values are the same, the signature verification passes.
After the client passes the verification of the server, the bidirectional authentication process is ended, and then the client and the server can adopt the target encryption algorithm and the key selected by the client to carry out data transmission. The server and the client generate the secret key according to the first random number and the second random number respectively.
In the mutual authentication method provided in this embodiment, since the server side and the client side both obtain the first random number and the second random number, the server side and the client side generate the secret key according to the first random number and the second random number, respectively, that is, the server side and the client side generate the same secret key according to the first random number and the second random number, so as to perform data transmission after mutual authentication. In the process, the server and the client do not need to transmit the secret key to the opposite end, so that the secret key is prevented from being obtained by a third party when the secret key is transmitted, and the communication safety is further improved.
Further, on the basis of the above embodiment, the certificate of the server side and the certificate of the client side adopt an elliptic encryption algorithm (Elliptic curve cryptography, ECC algorithm). Compared with algorithms commonly used in the prior art, such as an asymmetric encryption algorithm (RSA algorithm), the ECC algorithm can use a shorter key to provide security equivalent to or higher than that of the RSA algorithm, and meanwhile, the ECC algorithm is faster in encryption and decryption speed than that of the RSA algorithm, occupies smaller storage space and has lower requirement on bandwidth.
The mutual authentication method provided by the embodiments can be applied to various scenes of communication between the client and the server, so as to reduce the time of mutual authentication between the client and the server and improve the efficiency of mutual authentication
In one application scenario, the client may be an embedded subscriber identity card (Embedded Subscriber Identification Module, eSIM card), and the corresponding server may be an eSIM platform, or an eSIM management platform.
The client sends a first request message to the server in S101; the first request message is used for requesting a certificate and a password suite of the server; the first request message is sent after the certificate of the client is verified by the server. That is, the eSIM card sends a first request message to the eSIM platform for requesting a certificate and a cryptographic suite of the eSIM platform.
Specifically, in this scenario, the eSIM platform first verifies the certificate of the eSIM card, where the certificate of the eSIM card may be pre-stored at the eSIM platform, so that the eSIM card does not need to transmit the certificate of the eSIM card to the eSIM platform during the two-way authentication. After verifying the certificate of the eSIM card, the eSIM card sends a first request message to the eSIM platform.
Correspondingly, the server side sends the second request message to the client side, and the method further comprises the following steps: the server sends a second request message to the client through a short message, and the short message comprises an internet protocol (Internet Protocol Address, IP address) and port information of the server. That is, after the eSIM platform verifies the certificate of the eSIM card, a second request message is sent to the eSIM card through a short message, and the second request message is used for indicating the eSIM card to establish a TCP connection with the eSIM platform, the short message sent to the eSIM card by the eSIM platform may include an IP address and port information of the eSIM platform, and after the eSIM card receives the short message, a TCP connection request is initiated to the eSIM platform according to the IP address and port information in the short message, so that a connection is established with the eSIM platform. The eSIM card can then send a first request message to the eSIM platform.
Further, in S102, the server sends a first response message to the client; the first response message comprises a certificate of the server, a password suite and a first random number, namely, the eSIM platform sends the first response message to the eSIM card, and the first response message comprises the certificate of the eSIM platform, the password suite and the first random number.
And S103, the client verifies the certificate of the server, selects a target encryption algorithm in the password suite after the verification is passed, and sends the target encryption algorithm and the second random number to the server, namely, the eSIM card verifies the certificate of the eSIM platform, and selects the target encryption algorithm in the password suite after the verification is passed, and sends the target encryption algorithm and the second random number to the eSIM platform.
And S104, the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client, namely, the eSIM platform signs the target encryption algorithm and the second random number and sends signed signature data to the eSIM card.
S105, the client performs signature verification on the signature data to finish bidirectional authentication; the first random number and the second random number are used for generating a secret key, wherein the secret key is used when the server and the client transmit data, namely, the eSIM card performs signature verification on signature data to complete bidirectional authentication; the first random number and the second random number are used for generating a secret key, and the secret key is a server and signature verification is carried out on signature data so as to finish bidirectional authentication; the first random number and the second random number are used for generating a key, and the key is used for data transmission by the key used for data transmission by the eSIM platform and the client.
Because the communication capability of the eSIM card is weaker, when the eSIM card and the eSIM platform are in communication, if a two-way authentication process in the prior art is adopted, the communication terminal is easy to cause and the concurrent processing efficiency of the eSIM platform is influenced if the communication time is too long, and the two-way authentication method provided by the invention is applied to a communication system consisting of the eSIM card and the eSIM platform, so that the interaction flow of the eSIM card and the eSIM platform can be simplified, the communication time of the eSIM card and the eSIM platform is shortened, and the concurrent processing efficiency of the eSIM platform is improved.
Fig. 2 is a schematic structural diagram of a communication system according to the present invention. As shown in fig. 2, the communication system 20 includes a client 201 and a server 202.
The client 201 and the server 202 are configured to execute the mutual authentication method in any of the above embodiments, and the implementation principle and technical effects are similar, and are not described herein.
In the description of the present invention, it should be understood that the terms "comprises" and "comprising," and any variations thereof, as used herein, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements that are expressly listed or inherent to such process, method, article, or apparatus.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (5)
1. A method of mutual authentication, comprising:
the client sends a first request message to the server; the first request message is used for requesting a certificate and a password suite of the server; the first request message is sent after the certificate of the client side is verified by the server side;
the server side sends a first response message to the client side; the first response message comprises a certificate of the server, a password suite and a first random number;
the client verifies the certificate of the server, selects a target encryption algorithm from the password suite after the verification is passed, and sends the target encryption algorithm and a second random number to the server;
the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client;
the client performs signature verification on the signature data, the client calculates a signature value again according to the target encryption algorithm and the second random number, compares the signature value with the signature value sent by the server, and if the two signature values are the same, the signature verification is passed to complete bidirectional authentication; the first random number and the second random number are used for generating a secret key, and the secret key is used when the server and the client transmit data;
the server signs the target encryption algorithm and the second random number, and sends signed signature data to the client, including:
the server signs the target encryption algorithm and the second random number by using the public key of the client, and sends signed signature data to the client;
the client performs signature verification on the signature data, and the method comprises the following steps:
the client uses the private key of the client to check the signature data;
the server and the client generate the secret key according to the first random number and the second random number respectively;
the sending the target encryption algorithm and the second random number to the server side includes:
the client encrypts the target encryption algorithm and the second random number by using the public key of the server, and sends the encrypted target encryption algorithm and the encrypted second random number to the server;
in a corresponding manner to the fact that,
the server signs the target encryption algorithm and the second random number, and the method comprises the following steps:
the server uses a private key of the server to decrypt the encrypted target encryption algorithm and the second random number; signing the decrypted target encryption algorithm and the second random number;
before the client sends the first request message to the server, the method further comprises:
the certificate of the client can be pre-stored in the server, and after the certificate of the client passes verification, the server sends a second request message to the client, wherein the second request message is used for indicating the client to establish Transmission Control Protocol (TCP) connection with the server;
the client establishes TCP connection with the server according to the second request message;
the client is an embedded subscriber identity module (eSIM) card, and the server is an eSIM platform.
2. The method of claim 1, wherein the certificate of the server and the certificate of the client employ an elliptic encryption algorithm, ECC, algorithm.
3. The method of claim 1, wherein the sending the second request message to the client comprises:
and the server sends the second request message to the client through a short message.
4. The method of claim 3, wherein the sms includes an IP address and port information of the server.
5. A communication system, comprising a client and a server; the client and the server are configured to perform the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910659616.2A CN110380852B (en) | 2019-07-22 | 2019-07-22 | Bidirectional authentication method and communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910659616.2A CN110380852B (en) | 2019-07-22 | 2019-07-22 | Bidirectional authentication method and communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110380852A CN110380852A (en) | 2019-10-25 |
| CN110380852B true CN110380852B (en) | 2023-06-16 |
Family
ID=68254551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910659616.2A Active CN110380852B (en) | 2019-07-22 | 2019-07-22 | Bidirectional authentication method and communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110380852B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111405537A (en) * | 2020-03-23 | 2020-07-10 | 杭州涂鸦信息技术有限公司 | Bidirectional security authentication method based on ble connection, system and equipment thereof |
| CN111885055B (en) * | 2020-07-22 | 2023-01-31 | 中国联合网络通信集团有限公司 | Communication method and device |
| CN111918283A (en) * | 2020-07-27 | 2020-11-10 | 宁波奥克斯电气股份有限公司 | Network distribution method, device and system of Internet of things equipment and storage medium |
| CN112134843B (en) * | 2020-08-19 | 2023-10-13 | 南京信息职业技术学院 | Authentication method of Internet of things equipment |
| CN114726558A (en) * | 2020-12-21 | 2022-07-08 | 航天信息股份有限公司 | Authentication method, authentication device, electronic equipment and storage medium |
| CN112543448A (en) * | 2020-12-21 | 2021-03-23 | 中国联合网络通信集团有限公司 | Electronic card mounting method, device and system |
| CN112636925B (en) * | 2020-12-24 | 2023-02-03 | 浪潮思科网络科技有限公司 | SM3 digital signature authentication method, device and equipment based on TCP |
| CN112737790B (en) * | 2020-12-30 | 2023-04-07 | 北京天融信网络安全技术有限公司 | Data transmission method and device, server and client terminal |
| CN113609467A (en) * | 2021-07-14 | 2021-11-05 | 海南视联通信技术有限公司 | Identity authentication method, identity authentication device, terminal equipment and storage medium |
| CN113672897B (en) * | 2021-07-22 | 2024-03-08 | 北京奇艺世纪科技有限公司 | Data communication method, device, electronic equipment and storage medium |
| CN113596046B (en) * | 2021-08-03 | 2022-10-11 | 中电金信软件有限公司 | Bidirectional authentication method, device, computer equipment and computer readable storage medium |
| CN113746807A (en) * | 2021-08-11 | 2021-12-03 | 北银金融科技有限责任公司 | Block chain node point support cryptographic algorithm communication detection method |
| CN113742710A (en) * | 2021-09-14 | 2021-12-03 | 广东中星电子有限公司 | Bidirectional authentication system |
| CN114143026B (en) * | 2021-10-26 | 2024-01-23 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
| CN115002745A (en) * | 2022-04-21 | 2022-09-02 | 武汉天喻信息产业股份有限公司 | eSIM card authentication method, terminal and eSIM card |
| CN114745204B (en) * | 2022-05-18 | 2023-04-07 | 北京天融信网络安全技术有限公司 | Registration method and device |
| CN116055188B (en) * | 2023-01-28 | 2023-07-14 | 紫光同芯微电子有限公司 | Bidirectional authentication method, bidirectional authentication device and bidirectional authentication system for equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082796A (en) * | 2011-01-20 | 2011-06-01 | 北京融易通信息技术有限公司 | Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol) |
| WO2014069985A1 (en) * | 2012-11-05 | 2014-05-08 | Mimos Berhad | System and method for identity-based entity authentication for client-server communications |
| CN105915342A (en) * | 2016-07-01 | 2016-08-31 | 广州爱九游信息技术有限公司 | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method |
| CN106161449A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | Transmission method without key authentication and system |
| CN108650227A (en) * | 2018-03-30 | 2018-10-12 | 苏州科达科技股份有限公司 | Handshake method based on datagram secure transfer protocol and system |
| CN110035071A (en) * | 2019-03-26 | 2019-07-19 | 南瑞集团有限公司 | A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100217975A1 (en) * | 2009-02-25 | 2010-08-26 | Garret Grajek | Method and system for secure online transactions with message-level validation |
| CN102857393B (en) * | 2012-09-11 | 2015-06-03 | 中国电力科学研究院 | Message simulation based non-public cryptographic algorithm SSL (secure sockets layer) VPN (virtual private network) equipment performance testing method |
| CN103491094B (en) * | 2013-09-26 | 2016-10-05 | 成都三零瑞通移动通信有限公司 | A kind of rapid identity authentication method based on C/S model |
| CN107147611B (en) * | 2016-03-01 | 2020-07-24 | 华为技术有限公司 | Method, user equipment, server and system for establishing link by transport layer security T L S |
| CN108429620B (en) * | 2018-01-25 | 2021-10-12 | 新华三技术有限公司 | Method and system for establishing secure connection, client and server |
| CN109040055A (en) * | 2018-07-30 | 2018-12-18 | 美通云动(北京)科技有限公司 | The method for realizing Web secure access using domestic password |
| CN109831464A (en) * | 2019-04-01 | 2019-05-31 | 北京百度网讯科技有限公司 | Method and apparatus for ciphertext data |
-
2019
- 2019-07-22 CN CN201910659616.2A patent/CN110380852B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082796A (en) * | 2011-01-20 | 2011-06-01 | 北京融易通信息技术有限公司 | Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol) |
| WO2014069985A1 (en) * | 2012-11-05 | 2014-05-08 | Mimos Berhad | System and method for identity-based entity authentication for client-server communications |
| CN105915342A (en) * | 2016-07-01 | 2016-08-31 | 广州爱九游信息技术有限公司 | Application program communication processing system, an application program communication processing device, an application program communication processing apparatus and an application program communication processing method |
| CN106161449A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | Transmission method without key authentication and system |
| CN108650227A (en) * | 2018-03-30 | 2018-10-12 | 苏州科达科技股份有限公司 | Handshake method based on datagram secure transfer protocol and system |
| CN110035071A (en) * | 2019-03-26 | 2019-07-19 | 南瑞集团有限公司 | A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system |
Non-Patent Citations (4)
| Title |
|---|
| DHCP server authentication using digital certificates;Dumitru Daniel Dinu et al.;《2014 10th International Conference on Communications (COMM)》;全文 * |
| Improvement Method of SSL Protocol Identity Authentication Based on the Attribute Certificate;Wei Li et al.;《2012 International Conference on Computer Science and Service System》;全文 * |
| 一种基于CPK的远程认证方案;陈亚茹;陈庄;齐锋;;信息安全研究(第11期);全文 * |
| 一种基于数字证书的USBKey身份认证方案;左志斌;;河南科技(第18期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110380852A (en) | 2019-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110380852B (en) | Bidirectional authentication method and communication system | |
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| EP3534565B1 (en) | Data transmission method, apparatus and system | |
| CN109309565B (en) | Security authentication method and device | |
| EP3723399A1 (en) | Identity verification method and apparatus | |
| CN109756500B (en) | Anti-quantum computation HTTPS communication method and system based on multiple asymmetric key pools | |
| CN112887338B (en) | Identity authentication method and system based on IBC identification password | |
| WO2018076365A1 (en) | Key negotiation method and device | |
| CN107040513B (en) | Trusted access authentication processing method, user terminal and server | |
| US11044082B2 (en) | Authenticating secure channel establishment messages based on shared-secret | |
| CN104506534A (en) | Safety communication secret key negotiation interaction scheme | |
| CN113497778B (en) | Data transmission method and device | |
| CN106788989B (en) | Method and equipment for establishing secure encrypted channel | |
| CN109861813B (en) | Anti-quantum computing HTTPS communication method and system based on asymmetric key pool | |
| CN111935712A (en) | Data transmission method, system and medium based on NB-IoT communication | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| US11070537B2 (en) | Stateless method for securing and authenticating a telecommunication | |
| CN103036880A (en) | Network information transmission method, transmission equipment and transmission system | |
| CN110493272B (en) | Communication method and communication system using multiple keys | |
| KR20110083886A (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN104243452A (en) | Method and system for cloud computing access control | |
| US20240113885A1 (en) | Hub-based token generation and endpoint selection for secure channel establishment | |
| CN114765543A (en) | Encryption communication method and system of quantum cryptography network expansion equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |