CN110401535B - Digital certificate generation, secure communication and identity authentication method and device - Google Patents

Digital certificate generation, secure communication and identity authentication method and device Download PDF

Info

Publication number
CN110401535B
CN110401535B CN201910652826.9A CN201910652826A CN110401535B CN 110401535 B CN110401535 B CN 110401535B CN 201910652826 A CN201910652826 A CN 201910652826A CN 110401535 B CN110401535 B CN 110401535B
Authority
CN
China
Prior art keywords
encryption algorithm
digital certificate
algorithm
public key
identity information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910652826.9A
Other languages
Chinese (zh)
Other versions
CN110401535A (en
Inventor
李日涵
曹江中
黄嘉庚
林文煜
李智辉
李民豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou U Road Information Technology Co ltd
Original Assignee
Guangzhou U Road Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou U Road Information Technology Co ltd filed Critical Guangzhou U Road Information Technology Co ltd
Priority to CN201910652826.9A priority Critical patent/CN110401535B/en
Publication of CN110401535A publication Critical patent/CN110401535A/en
Application granted granted Critical
Publication of CN110401535B publication Critical patent/CN110401535B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a method and a device for generating a digital certificate, performing secure communication and authenticating identity. The digital certificate generation method comprises the following steps: acquiring an algorithm type of a first encryption algorithm sent by first computer equipment, a first public key corresponding to the first encryption algorithm and identity information of the first computer equipment; verifying the identity information and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm; when the identity information passes the verification, the identity information, the algorithm type of the first encryption algorithm and the first public key are digitally signed through a second encryption algorithm and a second private key, and a digital certificate is generated; the digital certificate is stored and sent to the first computer device. By adopting the method, two different encryption algorithms can be used for carrying out digital signature and information encryption respectively, and the data security and integrity in the interaction process are improved.

Description

Digital certificate generation, secure communication and identity authentication method and device
Technical Field
The present application relates to the field of information security technologies, and in particular, to a method and an apparatus for generating a digital certificate, performing secure communication, and performing identity authentication.
Background
With the rapid development of network technology, information security events occur frequently, which causes more or less loss to enterprises and users. Information assets have become one of the most valuable assets recognized, so information security protection becomes an important research topic and technical means.
The provision of an identity authentication system is one of the main security measures of internet application systems, and plays a very important role therein. The improvement of data privacy, integrity and anti-cracking performance is the problem to be solved by the identity authentication system. The existing identity authentication system mainly adopts an RSA (RSA-lister-addi-sammor-lunandardman) asymmetric encryption algorithm to convert information into an encrypted ciphertext, and utilizes a third party organization (for example, a certificate authority, CA) to digitally sign a public key of an authentication entity by using the RSA asymmetric encryption algorithm to distinguish validity and authenticity of the identity of the authentication entity. However, with the further improvement of computer capability in recent years, the RSA algorithm with a secret key of 1024 bits can be cracked within 1 second by using a quantum computer with 512 qubits.
Disclosure of Invention
In view of the above, it is desirable to provide a method and an apparatus for generating a digital certificate, secure communication, and identity authentication with higher security.
A digital certificate generation method comprises the following steps:
acquiring the algorithm type of a first encryption algorithm sent by first computer equipment, a first public key corresponding to the first encryption algorithm and identity information of the first computer equipment;
verifying the identity information and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
when the identity information passes the verification, the identity information, the algorithm type of the first encryption algorithm and the first public key are digitally signed through a second encryption algorithm and a second private key, and a digital certificate is generated; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
the digital certificate is stored and sent to the first computer device.
In one embodiment, the digital certificate generation method further includes:
and deleting the digital certificate when the valid period of the digital certificate is exceeded.
In one embodiment, the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is RSA asymmetric encryption algorithm.
A method of secure communication, the method comprising:
sending a digital certificate acquisition request to a first computer device;
receiving a digital certificate which is fed back by a first computer device according to a digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
sending the digital certificate to an authentication end for verification;
obtaining a verification result fed back by the authentication end;
if the verification result is that the digital certificate is valid, verifying the digital signature through a second encryption algorithm and a second public key;
if the verification is passed, encrypting the information to be sent through a first encryption algorithm and a first public key to obtain a ciphertext;
and sending the ciphertext to the first computer device.
In one embodiment, the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is an RSA asymmetric encryption algorithm.
An identity authentication method, the method comprising:
generating a first public key and a first private key corresponding to a first encryption algorithm;
sending the algorithm type of the first encryption algorithm, the first public key and the identity information to an authentication end;
acquiring a digital certificate fed back by an authentication end after the identity information passes verification; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through a second encryption algorithm and a second private key corresponding to the second encryption algorithm, and the identity information, the algorithm type of the first encryption algorithm and the first public key are signed; the second encryption algorithm is different from the first encryption algorithm.
In one embodiment, the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is an RSA asymmetric encryption algorithm.
An apparatus for generating a digital certificate, the apparatus comprising:
the first information acquisition module is used for acquiring the algorithm type of a first encryption algorithm sent by the first computer equipment, a first public key corresponding to the first encryption algorithm and the identity information of the first computer equipment;
the identity information verification module is used for verifying the identity information and generating a second public key and a second private key; the second encryption algorithm is different from the first encryption algorithm;
the digital certificate generation module is used for carrying out digital signature on the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key when the identity information passes the verification, and generating a digital certificate; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
the digital certificate storage module is used for storing a digital certificate;
and the digital certificate sending module is used for sending the digital certificate to the first computer equipment.
A secure communications apparatus, the apparatus comprising:
a digital certificate acquisition request sending module, configured to send a digital certificate acquisition request to a first computer device;
the digital certificate receiving module is used for receiving a digital certificate fed back by the first computer equipment according to the digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
the digital certificate sending and verifying module is used for sending the digital certificate to the authentication end for verification;
the verification result acquisition module is used for acquiring a verification result fed back by the authentication end;
the digital signature verification module is used for verifying the digital signature through a second encryption algorithm and a second public key when the verification result is that the digital certificate is valid;
the information encryption module is used for encrypting the information to be sent through a first encryption algorithm and a first public key to obtain a ciphertext when the digital signature passes the verification;
and the ciphertext sending module is used for sending the ciphertext to the first computer equipment.
An identity authentication apparatus, the apparatus comprising:
a key generation module that generates a first public key and a first private key corresponding to a first encryption algorithm;
the first information sending module is used for sending the algorithm type of the first encryption algorithm, the first public key and the identity information to the authentication end;
the digital certificate acquisition module is used for acquiring a digital certificate fed back by the authentication end after the identity information passes verification; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring the algorithm type of a first encryption algorithm sent by first computer equipment, a first public key corresponding to the first encryption algorithm and identity information of the first computer equipment;
verifying the identity information and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
when the identity information passes the verification, the identity information, the algorithm type of the first encryption algorithm and the first public key are digitally signed through a second encryption algorithm and a second private key, and a digital certificate is generated; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
the digital certificate is stored and sent to the first computer device.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring the algorithm type of a first encryption algorithm sent by first computer equipment, a first public key corresponding to the first encryption algorithm and identity information of the first computer equipment;
verifying the identity information and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
when the identity information passes the verification, the identity information, the algorithm type of the first encryption algorithm and the first public key are digitally signed through a second encryption algorithm and a second private key, and a digital certificate is generated; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
the digital certificate is stored and sent to the first computer device.
According to the digital certificate generation, secure communication and identity authentication method and device, when the identity information of the first computer device passes through verification, the second encryption algorithm and the second private key are used for carrying out digital signature on the algorithm type of the first encryption algorithm which is different from the second encryption algorithm and is sent by the first computer device and the first public key corresponding to the first encryption algorithm, and the digital certificate is generated, so that the first computer device can carry out verification through the digital certificate when carrying out information interaction with other computer devices, and when the other computer devices need to send information to the first computer device, the information can be encrypted into the ciphertext which can be decrypted only by the first computer device with the first key corresponding to the first encryption algorithm through the first encryption algorithm and the first public key, and the two different encryption algorithms are respectively used for carrying out digital signature and information encryption, so that the data security and integrity in the interaction process are improved.
Drawings
FIG. 1 is a diagram of an application environment of a digital certificate generation method, a secure communication method, and an identity authentication method according to an embodiment;
FIG. 2 is a flowchart illustrating a digital certificate generation method according to an embodiment;
FIG. 3 is a flow chart illustrating a digital certificate generation method according to another embodiment;
FIG. 4 is a flow diagram illustrating a method of secure communication, according to an embodiment;
FIG. 5 is a flow diagram that illustrates a method for identity authentication, according to an embodiment;
FIG. 6 is a block diagram of an embodiment of a digital certificate generation apparatus;
FIG. 7 is a block diagram showing the structure of a digital certificate generating apparatus according to another embodiment;
FIG. 8 is a block diagram of a secure communications device in one embodiment;
FIG. 9 is a block diagram of an embodiment of an identity authentication device;
FIG. 10 is a diagram of the internal structure of a computer device in one embodiment;
fig. 11 is an internal structural diagram of a computer device in another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The digital certificate generation method, the secure communication method and the identity authentication method provided by the application can be applied to the application environment shown in fig. 1. The first computer device 101, the second computer device 103 and the authentication terminal 102 communicate with each other through a network. The first computer device 101 and the second computer device 103 may request the authentication end 102 to generate a digital certificate, and when information interaction is required between the first computer device 101 and the second computer device 103, the identity of the other party may be verified through the digital certificate, and information required to be sent is encrypted through an encryption algorithm and a key in the digital certificate. The first computer device 101 may be a terminal or a server, and the second computer device 103 may also be a terminal or a server; the authentication end 102 is a server. The terminal mentioned herein can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server can be implemented by an independent server or a server cluster composed of a plurality of servers, and the server can be a cloud server or a physical server.
In an embodiment, as shown in fig. 2, a digital certificate generation method is provided, which is described by taking the application of the method to the authentication end in fig. 1 as an example, and includes the following steps:
step 210, obtaining the algorithm type of the first encryption algorithm, the first public key corresponding to the first encryption algorithm, and the identity information of the first computer device sent by the first computer device 101.
When the first computer device 101 performs information interaction with other computer devices, the other computer devices encrypt information to be sent through the algorithm type of the first encryption algorithm and the first public key, and the first computer device 101 can decrypt the information through the corresponding first private key to obtain information, so that the security of the information is ensured.
Step 220, verifying the identity information, and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm.
For the verification of the identity information, the matching verification can be carried out in a preset identity information database, and the verification can also be carried out through an identification code with uniqueness. After learning the type of the first encryption algorithm, a second encryption algorithm of a different type from the first encryption algorithm may be determined, and a second public key and a second private key may be generated.
Step 230, when the identity information passes the verification, digitally signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key, and generating a digital certificate; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature.
And the digital signature is carried out through a second encryption algorithm and a second privacy key, so that the signed information cannot be falsified, the integrity of the signed information is ensured, and the information is prevented from being forged. The algorithm type of the second encryption algorithm and the second public key in the digital certificate are used for verifying by a computer device needing to verify the digital signature.
Step 240, storing the digital certificate and sending the digital certificate to the first computer device 101.
The generated digital certificate is sent back to the first computer device 101, the first computer device 101 can prove its identity through the digital certificate when interacting with the second computer device 103, and can encrypt through the algorithm type of the first encryption algorithm and the first public key in the digital certificate when the second computer device 103 needs to send information to the first computer device 101.
In the method for generating the digital certificate, when the identity information of the first computer device is verified to pass, the second encryption algorithm and the second privacy key are used for digitally signing the algorithm type of the first encryption algorithm which is different from the second encryption algorithm and is sent by the first computer device and the first public key corresponding to the first encryption algorithm to generate the digital certificate, so that the first computer device can verify the information by the digital certificate when interacting with other computer devices, and when the other computer devices need to send the information to the first computer device, the information can be encrypted into a ciphertext which can be decrypted only by the first computer device with the first key corresponding to the first encryption algorithm by using the first encryption algorithm and the first public key, and the two different encryption algorithms are respectively used for digitally signing and encrypting the information, so that the data security and integrity in the interaction process are improved.
In one embodiment, as shown in fig. 3, the digital certificate generation method further includes:
and step 250, deleting the digital certificate when the digital certificate exceeds the valid period.
In order to improve security, the generated digital certificate has a valid period, and if the valid period is exceeded, the digital certificate is deleted, that is, the digital certificate is invalid.
In one embodiment, the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is an RSA asymmetric encryption algorithm.
The RSA (Ronard-Levister-Adi-Sarmor-Lunnard-Adleman) asymmetric encryption algorithm is an encryption algorithm which is commonly used for identity authentication at present, the SM2 elliptic curve asymmetric encryption algorithm is an asymmetric encryption algorithm published by the national crypto administration, and because the algorithm is based on the elliptic curve encryption algorithm (ECC), the signature speed and the key generation speed are faster than those of the RSA asymmetric encryption algorithm. The 256-bit key security strength of the SM2 elliptic curve asymmetric encryption algorithm is higher than that of RSA 2048 bits, and the operation speed is higher than that of RSA. The two algorithms are matched, the first encryption algorithm and the second encryption algorithm can be not limited to a certain encryption algorithm, two combination modes can be provided, the cracking difficulty can be effectively improved, and the safety of identity authentication and information encryption is ensured.
The first computer device 101 and the second computer device 103 mentioned herein are any two ends in the information interaction process, and both the first computer device 101 and the second computer device 103 can be replaced by the second computer device 103, and the second computer device 103 can also be replaced by the first computer device 101.
In one embodiment, as shown in fig. 4, there is provided a secure communication method, which is described by taking the method as an example applied to the second computer device 103 in fig. 1, and includes the following steps:
step 310, sending a digital certificate acquisition request to a first computer device.
In order to ensure the security of information interaction, the identity of the first computer device 101 needs to be authenticated first, so a digital certificate acquisition request is sent to the first computer device 101 to request to acquire the digital certificate of the first computer device 101 for authentication.
Step 320, receiving the digital certificate fed back by the first computer device 101 according to the digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end 102 through signing the identity information, the algorithm type of the first encryption algorithm and the first public key by the second encryption algorithm and the second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm.
The first public key is a public key generated by the first computer device 101 corresponding to the first encryption algorithm. And the digital signature is carried out through a second encryption algorithm and a second privacy key, so that the signed information cannot be falsified, the integrity of the signed information is ensured, and the information is prevented from being forged. The algorithm type of the second encryption algorithm and the second public key in the digital certificate are used for the second computer device 103 to use when verifying the digital signature in the digital certificate.
Step 330, sending the digital certificate to the authentication end for verification.
The digital certificate of the first computer device is sent to the authenticator to verify whether the digital certificate is valid, and in some embodiments, the verification that the digital certificate is valid means that the digital certificate is still within the validity period, or means that the digital certificate is confirmed to be issued by the authenticator 102.
And step 340, obtaining a verification result fed back by the authentication end 102.
If the verification digital certificate is invalid, the subsequent steps are not executed, and in some embodiments, if the verification result is invalid, a prompt is sent to the first computer device 101.
And if the digital certificate is verified to be valid, waiting to execute the subsequent steps.
And 350, if the verification result is that the digital certificate is valid, verifying the digital signature through a second encryption algorithm and a second public key.
If the digital certificate is verified to be valid, the digital signature needs to be verified to confirm that the signed information in the digital certificate is not tampered.
And step 360, if the verification is passed, encrypting the information to be sent through a first encryption algorithm and a first public key to obtain a ciphertext.
Since the first public key is generated by the first computer device 101, only the first computer device 101 having the first private key corresponding to the first encryption algorithm can decrypt a ciphertext obtained by encrypting information through the first encryption algorithm and the first public key, and the ciphertext is generated by the second computer device 103, so that the information interaction security is ensured, and the security problem caused by the fact that others forge identities to transmit information is avoided.
Step 370, send the ciphertext to the first computer device.
In one embodiment, the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is an RSA asymmetric encryption algorithm.
The RSA (Ronard-Levister-Adi-Sarmor-Lunnard-Adleman) asymmetric encryption algorithm is an encryption algorithm which is commonly used for identity authentication at present, the SM2 elliptic curve asymmetric encryption algorithm is an asymmetric encryption algorithm published by the national crypto administration, and because the algorithm is based on the elliptic encryption algorithm (ECC), the signature speed and the key generation speed are faster than those of the RSA asymmetric encryption algorithm. The 256-bit key security strength of the SM2 elliptic curve asymmetric encryption algorithm is higher than that of RSA 2048 bits, and the operation speed is higher than that of RSA. The two algorithms are matched, the first encryption algorithm and the second encryption algorithm can be not limited to a certain encryption algorithm, two combination modes can be provided, the cracking difficulty can be effectively improved, and the safety of identity authentication and information encryption is ensured.
In one embodiment, as shown in fig. 5, a secure communication method is provided, which is described by taking the method as an example applied to the first computer device 101 in fig. 1, and includes the following steps:
at step 410, a first public key and a first private key corresponding to a first encryption algorithm are generated.
The algorithm type and the first public key of the first encryption algorithm are used for encrypting the information to be sent by the other computer equipment through the algorithm type and the first public key of the first encryption algorithm when the first computer equipment 101 performs information interaction with the other computer equipment, and the first computer equipment 101 can decrypt the information through the corresponding first private key to obtain the information, so that the information security is ensured.
Step 420, sending the algorithm type of the first encryption algorithm, the first public key and the identity information to the authentication end.
The authentication end 102 authenticates the identity information, and generates a digital certificate in which an algorithm type of the first encryption algorithm, the first public key, and the identity information are recorded as the identity authentication of the first computer device.
Step 430, acquiring a digital certificate fed back by the authentication terminal 102 after the identity information passes verification; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm.
The digital signature is carried out through a second encryption algorithm and a second private key, so that the signed information can not be tampered, the integrity of the signed information is guaranteed, and the information is prevented from being forged. The algorithm type of the second encryption algorithm and the second public key in the digital certificate are used for verification by a computer device needing to verify the digital signature.
In one embodiment, the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is RSA asymmetric encryption algorithm.
The RSA (Ronard-Levister-Adi-Sarmor-Lunnard-Adleman) asymmetric encryption algorithm is an encryption algorithm which is commonly used for identity authentication at present, the SM2 elliptic curve asymmetric encryption algorithm is an asymmetric encryption algorithm published by the national crypto administration, and because the algorithm is based on the elliptic encryption algorithm (ECC), the signature speed and the key generation speed are faster than those of the RSA asymmetric encryption algorithm. The 256-bit key security strength of the SM2 elliptic curve asymmetric encryption algorithm is higher than that of RSA 2048 bits, and the operation speed is higher than that of RSA. The two algorithms are matched, the first encryption algorithm and the second encryption algorithm can be not limited to a certain encryption algorithm, two combination modes can be provided, the cracking difficulty can be effectively improved, and the safety of identity authentication and information encryption is ensured.
It should be understood that although the various steps in the flow diagrams of fig. 2-5 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2-5 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternating with other steps or at least some of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 6, there is provided a digital certificate generating apparatus including: a first information obtaining module 510, an identity information verifying module 520, a digital certificate generating module 530, a digital certificate storing module 540, and a digital certificate sending module 550, wherein:
a first information obtaining module 510, configured to obtain an algorithm type of a first encryption algorithm sent by a first computer device, a first public key corresponding to the first encryption algorithm, and identity information of the first computer device;
an identity information verifying module 520, configured to verify identity information and generate a second public key and a second private key; the second encryption algorithm is different from the first encryption algorithm;
the digital certificate generation module 530 is configured to, when the identity information passes the verification, perform digital signature on the identity information, the algorithm type of the first encryption algorithm, and the first public key through a second encryption algorithm and a second private key, and generate a digital certificate; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
a digital certificate storage module 540, configured to store a digital certificate;
a digital certificate sending module 550, configured to send the digital certificate to the first computer device.
In one embodiment, as shown in fig. 7, the digital certificate generating apparatus further includes:
and an expired certificate deleting module 560, configured to delete the digital certificate when the digital certificate exceeds the validity period.
For specific limitations of the digital certificate generation apparatus, reference may be made to the above limitations of the digital certificate generation method, which are not described herein again. The modules in the digital certificate generating apparatus may be implemented in whole or in part by software, hardware, and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, as shown in fig. 8, there is provided a secure communication apparatus including: a digital certificate acquisition request sending module 610, a digital certificate receiving module 620, a digital certificate sending verification module 630, a verification result acquisition module 640, a digital signature verification module 650, an information encryption module 660, and a ciphertext sending module 670, wherein:
a digital certificate acquisition request sending module 610, configured to send a digital certificate acquisition request to a first computer device;
a digital certificate receiving module 620, configured to receive a digital certificate fed back by the first computer device according to the digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
a digital certificate sending verification module 630, configured to send a digital certificate to an authentication end for verification;
a verification result obtaining module 640, configured to obtain a verification result fed back by the authentication end;
the digital signature verification module 650 is configured to verify the digital signature through a second encryption algorithm and a second public key when the verification result is that the digital certificate is valid;
the information encryption module 660 is configured to encrypt, when the digital signature verification passes, information to be sent through a first encryption algorithm and a first public key to obtain a ciphertext;
and a ciphertext sending module 670, configured to send a ciphertext to the first computer device.
For specific limitations of the secure communication apparatus, reference may be made to the above limitations of the secure communication method, which are not described herein again. The various modules in the secure communications apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, as shown in fig. 9, there is provided an identity authentication apparatus including: a key generation module 710, a first information sending module 720 and a digital certificate acquisition module 730, wherein:
a key generation module 710 generating a first public key and a first private key corresponding to a first encryption algorithm;
a first information sending module 720, configured to send the algorithm type of the first encryption algorithm, the first public key, and the identity information to the authentication end;
the digital certificate acquisition module 730 is configured to acquire a digital certificate fed back by the authentication end after the identity information is verified; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm.
For specific limitations of the identity authentication device, reference may be made to the above limitations of the identity authentication method, which are not described in detail here. The modules in the identity authentication device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure thereof may be as shown in fig. 10. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The database of the computer device is used for storing data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a digital certificate generation method, a secure communication method, or an identity authentication method.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 11. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a secure communication method or an identity authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the configurations shown in fig. 10 and 11 are merely block diagrams of some configurations relevant to the present disclosure, and do not constitute a limitation on the computing devices to which the present disclosure may be applied, and that a particular computing device may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
acquiring an algorithm type of a first encryption algorithm sent by first computer equipment, a first public key corresponding to the first encryption algorithm and identity information of the first computer equipment;
verifying the identity information and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
when the identity information passes the verification, the identity information, the algorithm type of the first encryption algorithm and the first public key are digitally signed through a second encryption algorithm and a second private key, and a digital certificate is generated; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
the digital certificate is stored and sent to the first computer device.
In one embodiment, the processor when executing the computer program further performs the steps of:
and deleting the digital certificate when the valid period of the digital certificate is exceeded.
In one embodiment, a computer device is provided, comprising a memory having a computer program stored therein and a processor that when executing the computer program performs the steps of:
sending a digital certificate acquisition request to a first computer device;
receiving a digital certificate fed back by a first computer device according to a digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
sending the digital certificate to an authentication end for verification;
obtaining a verification result fed back by the authentication end;
if the verification result is that the digital certificate is valid, verifying the digital signature through a second encryption algorithm and a second public key;
if the verification is passed, encrypting the information to be sent through a first encryption algorithm and a first public key to obtain a ciphertext;
the ciphertext is transmitted to the first computer device.
In one embodiment, a computer device is provided, comprising a memory having a computer program stored therein and a processor that when executing the computer program performs the steps of:
generating a first public key and a first private key corresponding to a first encryption algorithm;
sending the algorithm type of the first encryption algorithm, the first public key and the identity information to an authentication end;
acquiring a digital certificate fed back by an authentication end after the identity information passes verification; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through a second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring the algorithm type of a first encryption algorithm sent by first computer equipment, a first public key corresponding to the first encryption algorithm and identity information of the first computer equipment;
verifying the identity information and generating a second public key and a second private key corresponding to a second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
when the identity information passes the verification, the identity information, the algorithm type of the first encryption algorithm and the first public key are digitally signed through a second encryption algorithm and a second private key, and a digital certificate is generated; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key and a digital signature;
the digital certificate is stored and sent to the first computer device.
In one embodiment, the computer program when executed by the processor further performs the steps of:
and deleting the digital certificate when the valid period of the digital certificate is exceeded.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
sending a digital certificate acquisition request to a first computer device;
receiving a digital certificate fed back by a first computer device according to a digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through a second encryption algorithm and a second private key corresponding to the second encryption algorithm, and the identity information, the algorithm type of the first encryption algorithm and the first public key are signed; the second encryption algorithm is different from the first encryption algorithm;
sending the digital certificate to an authentication end for verification;
obtaining a verification result fed back by the authentication end;
if the verification result is that the digital certificate is valid, verifying the digital signature through a second encryption algorithm and a second public key;
if the verification is passed, encrypting the information to be sent through a first encryption algorithm and a first public key to obtain a ciphertext;
and sending the ciphertext to the first computer device.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
generating a first public key and a first private key corresponding to a first encryption algorithm;
sending the algorithm type of the first encryption algorithm, the first public key and the identity information to an authentication end;
acquiring a digital certificate fed back after the authentication end passes the verification of the identity information; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key, identity information, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through a second encryption algorithm and a second private key corresponding to the second encryption algorithm, and the identity information, the algorithm type of the first encryption algorithm and the first public key are signed; the second encryption algorithm is different from the first encryption algorithm.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (8)

1. A secure communication method, applied to a second computer device, the method comprising:
sending a digital certificate acquisition request to a first computer device;
receiving a digital certificate fed back by the first computer equipment according to the digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through the second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
sending the digital certificate to the authentication end for verification;
obtaining a verification result fed back by the authentication end;
if the verification result is that the digital certificate is valid, verifying the digital signature through the second encryption algorithm and the second public key;
if the verification is passed, encrypting the information to be sent through the first encryption algorithm and the first public key to obtain a ciphertext;
and sending the ciphertext to the first computer device.
2. The secure communication method according to claim 1, wherein the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is an RSA asymmetric encryption algorithm.
3. An identity authentication method, the method comprising:
generating a first public key and a first private key corresponding to a first encryption algorithm;
sending the algorithm type of the first encryption algorithm, the first public key and the identity information to an authentication end;
acquiring a digital certificate fed back after the authentication end verifies that the identity information passes through preset identity information or an identification code with uniqueness; the digital certificate comprises the algorithm type of the first encryption algorithm, the first public key, the identity information, the algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through the second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
sending the digital certificate to a second computer device; the second computer equipment sends the digital certificate to the authentication end for verification and receives a verification result fed back by the authentication end; and if the verification result is that the digital certificate is valid, the second computer equipment verifies the digital signature through the second encryption algorithm and the second public key.
4. The identity authentication method according to claim 3, wherein the first encryption algorithm is an RSA asymmetric encryption algorithm, and the second encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm;
or
The first encryption algorithm is an SM2 elliptic curve asymmetric encryption algorithm, and the second encryption algorithm is an RSA asymmetric encryption algorithm.
5. A secure communications apparatus, the apparatus comprising:
a digital certificate acquisition request sending module, configured to send a digital certificate acquisition request to a first computer device;
the digital certificate receiving module is used for receiving the digital certificate fed back by the first computer equipment according to the digital certificate acquisition request; the digital certificate comprises an algorithm type of a first encryption algorithm, a first public key corresponding to the first encryption algorithm, identity information of the first computer device, an algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through the second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm;
the digital certificate sending and verifying module is used for sending the digital certificate to the authentication end for verification;
the verification result acquisition module is used for acquiring the verification result fed back by the authentication end;
the digital signature verification module is used for verifying the digital signature through the second encryption algorithm and the second public key when the verification result is that the digital certificate is valid;
the information encryption module is used for encrypting the information to be sent through the first encryption algorithm and the first public key to obtain a ciphertext when the digital signature passes the verification;
and the ciphertext sending module is used for sending the ciphertext to the first computer equipment.
6. An identity authentication apparatus, the apparatus comprising:
a key generation module that generates a first public key and a first private key corresponding to a first encryption algorithm;
the first information sending module is used for sending the algorithm type of the first encryption algorithm, the first public key and the identity information to an authentication end;
the digital certificate acquisition module is used for acquiring a digital certificate fed back after the authentication end verifies that the identity information passes through preset identity information or an identification code with uniqueness; the digital certificate comprises the algorithm type of the first encryption algorithm, the first public key, the identity information, the algorithm type of a second encryption algorithm, a second public key corresponding to the second encryption algorithm and a digital signature; the digital signature is generated by the authentication end through signing the identity information, the algorithm type of the first encryption algorithm and the first public key through the second encryption algorithm and a second private key corresponding to the second encryption algorithm; the second encryption algorithm is different from the first encryption algorithm; sending the digital certificate to a second computer device; the second computer equipment sends the digital certificate to the authentication end for verification and receives a verification result fed back by the authentication end; and if the verification result is that the digital certificate is valid, the second computer equipment verifies the digital signature through the second encryption algorithm and the second public key.
7. A computer arrangement comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method according to any of claims 1-4.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4.
CN201910652826.9A 2019-07-19 2019-07-19 Digital certificate generation, secure communication and identity authentication method and device Active CN110401535B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910652826.9A CN110401535B (en) 2019-07-19 2019-07-19 Digital certificate generation, secure communication and identity authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910652826.9A CN110401535B (en) 2019-07-19 2019-07-19 Digital certificate generation, secure communication and identity authentication method and device

Publications (2)

Publication Number Publication Date
CN110401535A CN110401535A (en) 2019-11-01
CN110401535B true CN110401535B (en) 2023-03-10

Family

ID=68324650

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910652826.9A Active CN110401535B (en) 2019-07-19 2019-07-19 Digital certificate generation, secure communication and identity authentication method and device

Country Status (1)

Country Link
CN (1) CN110401535B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4407928A1 (en) * 2023-01-30 2024-07-31 Siemens Aktiengesellschaft Authentication as a function of other digital certificates

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667609A (en) * 2017-04-01 2018-10-16 西安西电捷通无线网络通信股份有限公司 A kind of digital certificate management method and equipment
CN109493203A (en) * 2018-09-30 2019-03-19 咪咕文化科技有限公司 Data accounting method, device and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991650B (en) * 2016-01-21 2019-09-27 李明 A kind of transmission method and system of ID card information
CN106453330B (en) * 2016-10-18 2019-11-12 深圳市金立通信设备有限公司 A kind of identity authentication method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667609A (en) * 2017-04-01 2018-10-16 西安西电捷通无线网络通信股份有限公司 A kind of digital certificate management method and equipment
CN109493203A (en) * 2018-09-30 2019-03-19 咪咕文化科技有限公司 Data accounting method, device and storage medium

Also Published As

Publication number Publication date
CN110401535A (en) 2019-11-01

Similar Documents

Publication Publication Date Title
CN108768664B (en) Key management method, device, system, storage medium and computer equipment
CN109687963B (en) Anti-quantum computing alliance chain transaction method and system based on public key pool
CN108322451B (en) Data processing method, data processing device, computer equipment and storage medium
CN109325342B (en) Identity information management method, device, computer equipment and storage medium
CN113067699B (en) Data sharing method and device based on quantum key and computer equipment
CN113691502B (en) Communication method, device, gateway server, client and storage medium
CN109359977B (en) Network communication method, device, computer equipment and storage medium
CN108809655B (en) Data processing method, device, equipment and storage medium
CN114024710A (en) Data transmission method, device, system and equipment
JP2012044670A (en) User authentication method based on utilization of biometric identification techniques, and related architecture
CN110868291B (en) Data encryption transmission method, device, system and storage medium
CN111294203B (en) Information transmission method
CN110677382A (en) Data security processing method, device, computer system and storage medium
CN111368340A (en) Block chain-based evidence-based security verification method and device and hardware equipment
CN110942382A (en) Electronic contract generating method and device, computer equipment and storage medium
TWI724684B (en) Method, system and device for performing cryptographic operations subject to identity verification
CN109347813B (en) Internet of things equipment login method and system, computer equipment and storage medium
CN112822255A (en) Block chain-based mail processing method, mail sending end, receiving end and equipment
CN114172747B (en) Method and system for group members to obtain authentication certificate based on digital certificate
CN114500069A (en) Method and system for storing and sharing electronic contract
TWI476629B (en) Data security and security systems and methods
CN113595742A (en) Data transmission method, system, computer device and storage medium
CN110401535B (en) Digital certificate generation, secure communication and identity authentication method and device
CN112583588A (en) Communication method and device and readable storage medium
CN117294484A (en) Method, apparatus, device, medium and product for data interaction

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant