CN111371555A - Signature authentication method and system - Google Patents

Signature authentication method and system Download PDF

Info

Publication number
CN111371555A
CN111371555A CN202010287016.0A CN202010287016A CN111371555A CN 111371555 A CN111371555 A CN 111371555A CN 202010287016 A CN202010287016 A CN 202010287016A CN 111371555 A CN111371555 A CN 111371555A
Authority
CN
China
Prior art keywords
key
client
server
signature
private key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010287016.0A
Other languages
Chinese (zh)
Inventor
邵启伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Maoqi Intelligent Technology Shanghai Co Ltd
Original Assignee
Maoqi Intelligent Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Maoqi Intelligent Technology Shanghai Co Ltd filed Critical Maoqi Intelligent Technology Shanghai Co Ltd
Priority to CN202010287016.0A priority Critical patent/CN111371555A/en
Publication of CN111371555A publication Critical patent/CN111371555A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a signature authentication method, which comprises the following steps: the encryption chip key generator generates a pair of a client private key and a client public key and stores the client private key and the client public key into the client and the server; a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; carrying out signature operation on the client session key by using a client private key to generate a signature; generating a server session key through a third step of key exchange according to the server private key and the second symmetric key; and performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful. The invention ensures the safety and accuracy of data by using encryption and signature authentication technology.

Description

Signature authentication method and system
Technical Field
The invention relates to the technical field of communication, in particular to a signature authentication method and a system.
Background
With the rapid development of computer network technology, networks have become the largest-scale public data source in the world, and the scale thereof is still growing rapidly. While the internet greatly changes the lives of people and promotes social progress, along with the continuous expansion of the application range of the network, the problem of leakage of confidential information becomes increasingly serious, the problem of network security caused by the problem becomes increasingly prominent, and the network information can be illegally stolen, exposed or tampered in the using, transmitting and other processes. To address these security issues, information encryption and authentication are not trivial.
Disclosure of Invention
In order to achieve the purpose, the technical scheme adopted by the invention is as follows: a signature authentication method, comprising:
s1: the encryption chip key generator generates a pair of client private key and client public key; the client private key is stored in the client, and the client public key is stored in the server;
s2: storing a server public key into the client and a server private key into the server;
s3: a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key;
s4: generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key;
s5: carrying out signature operation on the client session key by using a client private key to generate a signature;
s6: generating a server session key through a third step of key exchange according to the server private key and the second symmetric key;
s7: and performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful.
Further, in the signature authentication method, before the step S1, the method further includes the steps of:
a client sends a service request to a server, wherein the service request comprises client user information and request acquisition data type information;
and the server filters the received service request, verifies the legal client user information obtained by filtering, establishes a session with the client if the verification is passed, and rejects the service request if the verification is not passed.
Further, in the signature authentication method, the client includes a storage device with an encryption chip built therein, and the storage device is used for storing a client private key and a server public key.
Further, in the signature authentication method, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
Correspondingly, the invention also provides a signature authentication system, which comprises:
the encryption chip key generator is used for generating a pair of client private key and client public key;
the client is used for storing a client private key and a server public key; carrying out signature operation on the client session key by using a client private key to generate a signature; performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful;
the server side is used for storing a client public key and a server private key; generating a random number, and generating a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; and generating a server session key through a third step of key exchange according to the server private key and the second symmetric key.
Further, in the signature authentication system,
the client is also used for sending a service request to the server, wherein the service request comprises client user information and request for acquiring data type information;
the server is also used for filtering the received service request, verifying the legal client user information obtained by filtering, establishing a session with the client if the verification is passed, and rejecting the service request if the verification is not passed.
Further, in the signature authentication system, the client includes a storage device with an encryption chip built therein, and is used for storing a client private key and a server public key.
Further, in the signature authentication system, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
Compared with the prior art, the invention has the advantages that: the security and the accuracy of the data are ensured by utilizing the encryption and signature authentication technology.
Drawings
Fig. 1 is a flowchart of a signature authentication method according to the present invention.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will be made with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
For the sake of simplicity, the drawings only schematically show the parts relevant to the present invention, and they do not represent the actual structure as a product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "one" means not only "only one" but also a case of "more than one".
As shown in fig. 1, the present invention provides a signature authentication method, including:
s0: a client sends a service request to a server, wherein the service request comprises client user information and request acquisition data type information;
and the server filters the received service request, verifies the legal client user information obtained by filtering, establishes a session with the client if the verification is passed, and rejects the service request if the verification is not passed.
S1: the encryption chip key generator generates a pair of client private key and client public key; the client private key is stored in the client, and the client public key is stored in the server;
further, in the embodiment of the present invention, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
S2: storing the server public key into the client, wherein an encryption chip built-in storage device is arranged in the client and is used for storing a client private key and the server public key; storing the server private key into the server;
s3: a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key;
s4: generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key;
s5: carrying out signature operation on the client session key by using a client private key to generate a signature;
s6: generating a server session key through a third step of key exchange according to the server private key and the second symmetric key;
s7: and performing signature authentication according to the client session key and the signature, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful.
Correspondingly, the invention also provides a signature authentication system, which comprises:
the encryption chip key generator is used for generating a pair of client private key and client public key;
the client is used for storing a client private key and a server public key; carrying out signature operation on the client session key by using a client private key to generate a signature; performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful;
the server side is used for storing a client public key and a server private key; generating a random number, and generating a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; and generating a server session key through a third step of key exchange according to the server private key and the second symmetric key.
Further, in the signature authentication system,
the client is also used for sending a service request to the server, wherein the service request comprises client user information and request for acquiring data type information;
the server is also used for filtering the received service request, verifying the legal client user information obtained by filtering, establishing a session with the client if the verification is passed, and rejecting the service request if the verification is not passed.
Further, in the signature authentication system, the client includes a storage device with an encryption chip built therein, and is used for storing a client private key and a server public key.
Further, in the signature authentication system, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any way. It will be understood by those skilled in the art that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. A signature authentication method, comprising:
s1: the encryption chip key generator generates a pair of client private key and client public key; the client private key is stored in the client, and the client public key is stored in the server;
s2: storing a server public key into the client and a server private key into the server;
s3: a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key;
s4: generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key;
s5: carrying out signature operation on the client session key by using a client private key to generate a signature;
s6: generating a server session key through a third step of key exchange according to the server private key and the second symmetric key;
s7: and performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful.
2. The signature authentication method as claimed in claim 1, further comprising, before step S1, the steps of:
a client sends a service request to a server, wherein the service request comprises client user information and request acquisition data type information;
and the server filters the received service request, verifies the legal client user information obtained by filtering, establishes a session with the client if the verification is passed, and rejects the service request if the verification is not passed.
3. The signature authentication method as claimed in claim 1, wherein the client comprises a storage device built in a cryptographic chip for storing a client private key and a server public key.
4. The signature authentication method as claimed in claim 1, wherein the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, a SIM encryption chip, or a national cipher SM encryption chip.
5. A signature authentication system, comprising:
the encryption chip key generator is used for generating a pair of client private key and client public key;
the client is used for storing a client private key and a server public key; carrying out signature operation on the client session key by using a client private key to generate a signature; performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful;
the server side is used for storing a client public key and a server private key; generating a random number, and generating a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; and generating a server session key through a third step of key exchange according to the server private key and the second symmetric key.
6. The signature authentication system as recited in claim 5,
the client is also used for sending a service request to the server, wherein the service request comprises client user information and request for acquiring data type information;
the server is also used for filtering the received service request, verifying the legal client user information obtained by filtering, establishing a session with the client if the verification is passed, and rejecting the service request if the verification is not passed.
7. The signature authentication system as claimed in claim 5, wherein said client comprises a cryptographic chip built-in storage device for storing a client private key and a server public key.
8. The signature authentication system as claimed in claim 5, wherein the cryptographic chip is any one of an ECC cryptographic chip, an RSA cryptographic chip, an ASIC cryptographic chip, a grid cipher cryptographic chip, a SIM cryptographic chip, or a national cipher SM cryptographic chip.
CN202010287016.0A 2020-04-13 2020-04-13 Signature authentication method and system Pending CN111371555A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010287016.0A CN111371555A (en) 2020-04-13 2020-04-13 Signature authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010287016.0A CN111371555A (en) 2020-04-13 2020-04-13 Signature authentication method and system

Publications (1)

Publication Number Publication Date
CN111371555A true CN111371555A (en) 2020-07-03

Family

ID=71210785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010287016.0A Pending CN111371555A (en) 2020-04-13 2020-04-13 Signature authentication method and system

Country Status (1)

Country Link
CN (1) CN111371555A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113868684A (en) * 2021-09-30 2021-12-31 成都卫士通信息产业股份有限公司 Signature method, device, server, medium and signature system
CN114143026A (en) * 2021-10-26 2022-03-04 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN116827560A (en) * 2023-08-31 2023-09-29 北京云驰未来科技有限公司 Dynamic password authentication method and system based on asynchronous password

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113868684A (en) * 2021-09-30 2021-12-31 成都卫士通信息产业股份有限公司 Signature method, device, server, medium and signature system
CN114143026A (en) * 2021-10-26 2022-03-04 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN114143026B (en) * 2021-10-26 2024-01-23 福建福诺移动通信技术有限公司 Data security interface based on asymmetric and symmetric encryption and working method thereof
CN116827560A (en) * 2023-08-31 2023-09-29 北京云驰未来科技有限公司 Dynamic password authentication method and system based on asynchronous password
CN116827560B (en) * 2023-08-31 2023-11-17 北京云驰未来科技有限公司 Dynamic password authentication method and system based on asynchronous password

Similar Documents

Publication Publication Date Title
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11588637B2 (en) Methods for secure cryptogram generation
CN112333198B (en) Secure cross-domain login method, system and server
CN111080295B (en) Electronic contract processing method and device based on blockchain
CN109983466A (en) A kind of account management system and management method, storage medium based on block chain
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
CN108242999B (en) Key escrow method, device and computer-readable storage medium
WO2014182957A1 (en) Authentication system
CN111371555A (en) Signature authentication method and system
CN111800262B (en) Digital asset processing method and device and electronic equipment
CN109726578B (en) Dynamic two-dimensional code anti-counterfeiting solution
CN105812366A (en) Server, anti-crawler system and anti-crawler verification method
CN113132363B (en) Front-end and back-end security verification method and equipment
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN107566393A (en) A kind of dynamic rights checking system and method based on trust certificate
CN104657860A (en) Mobile banking security authentication method
CN100476844C (en) Method for realizing binding function between electronic key and computer
CN109818965B (en) Personal identity verification device and method
CN110572392A (en) Identity authentication method based on HyperLegger network
CN113890736A (en) Mobile terminal identity authentication method and system based on SM9 cryptographic algorithm
CN117040765A (en) Smart grid terminal authentication method and device, storage medium and computer equipment
CN113592484A (en) Account cubing method, system and device
CN108282336A (en) Device subscription verification method and device
CN111914308A (en) Method for mobile data signature by using CA certificate in intelligent card
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200703

WD01 Invention patent application deemed withdrawn after publication