CN111371555A - Signature authentication method and system - Google Patents
Signature authentication method and system Download PDFInfo
- Publication number
- CN111371555A CN111371555A CN202010287016.0A CN202010287016A CN111371555A CN 111371555 A CN111371555 A CN 111371555A CN 202010287016 A CN202010287016 A CN 202010287016A CN 111371555 A CN111371555 A CN 111371555A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- server
- signature
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000005540 biological transmission Effects 0.000 claims abstract description 14
- 238000012795 verification Methods 0.000 claims description 12
- 238000001914 filtration Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000004075 alteration Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a signature authentication method, which comprises the following steps: the encryption chip key generator generates a pair of a client private key and a client public key and stores the client private key and the client public key into the client and the server; a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; carrying out signature operation on the client session key by using a client private key to generate a signature; generating a server session key through a third step of key exchange according to the server private key and the second symmetric key; and performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful. The invention ensures the safety and accuracy of data by using encryption and signature authentication technology.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a signature authentication method and a system.
Background
With the rapid development of computer network technology, networks have become the largest-scale public data source in the world, and the scale thereof is still growing rapidly. While the internet greatly changes the lives of people and promotes social progress, along with the continuous expansion of the application range of the network, the problem of leakage of confidential information becomes increasingly serious, the problem of network security caused by the problem becomes increasingly prominent, and the network information can be illegally stolen, exposed or tampered in the using, transmitting and other processes. To address these security issues, information encryption and authentication are not trivial.
Disclosure of Invention
In order to achieve the purpose, the technical scheme adopted by the invention is as follows: a signature authentication method, comprising:
s1: the encryption chip key generator generates a pair of client private key and client public key; the client private key is stored in the client, and the client public key is stored in the server;
s2: storing a server public key into the client and a server private key into the server;
s3: a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key;
s4: generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key;
s5: carrying out signature operation on the client session key by using a client private key to generate a signature;
s6: generating a server session key through a third step of key exchange according to the server private key and the second symmetric key;
s7: and performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful.
Further, in the signature authentication method, before the step S1, the method further includes the steps of:
a client sends a service request to a server, wherein the service request comprises client user information and request acquisition data type information;
and the server filters the received service request, verifies the legal client user information obtained by filtering, establishes a session with the client if the verification is passed, and rejects the service request if the verification is not passed.
Further, in the signature authentication method, the client includes a storage device with an encryption chip built therein, and the storage device is used for storing a client private key and a server public key.
Further, in the signature authentication method, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
Correspondingly, the invention also provides a signature authentication system, which comprises:
the encryption chip key generator is used for generating a pair of client private key and client public key;
the client is used for storing a client private key and a server public key; carrying out signature operation on the client session key by using a client private key to generate a signature; performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful;
the server side is used for storing a client public key and a server private key; generating a random number, and generating a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; and generating a server session key through a third step of key exchange according to the server private key and the second symmetric key.
Further, in the signature authentication system,
the client is also used for sending a service request to the server, wherein the service request comprises client user information and request for acquiring data type information;
the server is also used for filtering the received service request, verifying the legal client user information obtained by filtering, establishing a session with the client if the verification is passed, and rejecting the service request if the verification is not passed.
Further, in the signature authentication system, the client includes a storage device with an encryption chip built therein, and is used for storing a client private key and a server public key.
Further, in the signature authentication system, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
Compared with the prior art, the invention has the advantages that: the security and the accuracy of the data are ensured by utilizing the encryption and signature authentication technology.
Drawings
Fig. 1 is a flowchart of a signature authentication method according to the present invention.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will be made with reference to the accompanying drawings. It is obvious that the drawings in the following description are only some examples of the invention, and that for a person skilled in the art, other drawings and embodiments can be derived from them without inventive effort.
For the sake of simplicity, the drawings only schematically show the parts relevant to the present invention, and they do not represent the actual structure as a product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "one" means not only "only one" but also a case of "more than one".
As shown in fig. 1, the present invention provides a signature authentication method, including:
s0: a client sends a service request to a server, wherein the service request comprises client user information and request acquisition data type information;
and the server filters the received service request, verifies the legal client user information obtained by filtering, establishes a session with the client if the verification is passed, and rejects the service request if the verification is not passed.
S1: the encryption chip key generator generates a pair of client private key and client public key; the client private key is stored in the client, and the client public key is stored in the server;
further, in the embodiment of the present invention, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
S2: storing the server public key into the client, wherein an encryption chip built-in storage device is arranged in the client and is used for storing a client private key and the server public key; storing the server private key into the server;
s3: a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key;
s4: generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key;
s5: carrying out signature operation on the client session key by using a client private key to generate a signature;
s6: generating a server session key through a third step of key exchange according to the server private key and the second symmetric key;
s7: and performing signature authentication according to the client session key and the signature, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful.
Correspondingly, the invention also provides a signature authentication system, which comprises:
the encryption chip key generator is used for generating a pair of client private key and client public key;
the client is used for storing a client private key and a server public key; carrying out signature operation on the client session key by using a client private key to generate a signature; performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful;
the server side is used for storing a client public key and a server private key; generating a random number, and generating a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; and generating a server session key through a third step of key exchange according to the server private key and the second symmetric key.
Further, in the signature authentication system,
the client is also used for sending a service request to the server, wherein the service request comprises client user information and request for acquiring data type information;
the server is also used for filtering the received service request, verifying the legal client user information obtained by filtering, establishing a session with the client if the verification is passed, and rejecting the service request if the verification is not passed.
Further, in the signature authentication system, the client includes a storage device with an encryption chip built therein, and is used for storing a client private key and a server public key.
Further, in the signature authentication system, the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, an SIM encryption chip, or a national cipher SM encryption chip.
The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any way. It will be understood by those skilled in the art that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (8)
1. A signature authentication method, comprising:
s1: the encryption chip key generator generates a pair of client private key and client public key; the client private key is stored in the client, and the client public key is stored in the server;
s2: storing a server public key into the client and a server private key into the server;
s3: a server generates a random number, and generates a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key;
s4: generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key;
s5: carrying out signature operation on the client session key by using a client private key to generate a signature;
s6: generating a server session key through a third step of key exchange according to the server private key and the second symmetric key;
s7: and performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful.
2. The signature authentication method as claimed in claim 1, further comprising, before step S1, the steps of:
a client sends a service request to a server, wherein the service request comprises client user information and request acquisition data type information;
and the server filters the received service request, verifies the legal client user information obtained by filtering, establishes a session with the client if the verification is passed, and rejects the service request if the verification is not passed.
3. The signature authentication method as claimed in claim 1, wherein the client comprises a storage device built in a cryptographic chip for storing a client private key and a server public key.
4. The signature authentication method as claimed in claim 1, wherein the encryption chip is any one of an ECC encryption chip, an RSA encryption chip, an ASIC encryption chip, a lattice cipher encryption chip, a SIM encryption chip, or a national cipher SM encryption chip.
5. A signature authentication system, comprising:
the encryption chip key generator is used for generating a pair of client private key and client public key;
the client is used for storing a client private key and a server public key; carrying out signature operation on the client session key by using a client private key to generate a signature; performing signature authentication according to the client session key and the signature result, performing subsequent data transmission if the authentication is successful, and terminating the subsequent data transmission if the authentication is unsuccessful;
the server side is used for storing a client public key and a server private key; generating a random number, and generating a first primary symmetric key through a first step of key exchange according to the random number, a client public key and a server private key; generating a second primary symmetric key and a client session key through a second step of key exchange according to the first primary symmetric key, the server public key and the client private key; and generating a server session key through a third step of key exchange according to the server private key and the second symmetric key.
6. The signature authentication system as recited in claim 5,
the client is also used for sending a service request to the server, wherein the service request comprises client user information and request for acquiring data type information;
the server is also used for filtering the received service request, verifying the legal client user information obtained by filtering, establishing a session with the client if the verification is passed, and rejecting the service request if the verification is not passed.
7. The signature authentication system as claimed in claim 5, wherein said client comprises a cryptographic chip built-in storage device for storing a client private key and a server public key.
8. The signature authentication system as claimed in claim 5, wherein the cryptographic chip is any one of an ECC cryptographic chip, an RSA cryptographic chip, an ASIC cryptographic chip, a grid cipher cryptographic chip, a SIM cryptographic chip, or a national cipher SM cryptographic chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010287016.0A CN111371555A (en) | 2020-04-13 | 2020-04-13 | Signature authentication method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010287016.0A CN111371555A (en) | 2020-04-13 | 2020-04-13 | Signature authentication method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111371555A true CN111371555A (en) | 2020-07-03 |
Family
ID=71210785
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010287016.0A Pending CN111371555A (en) | 2020-04-13 | 2020-04-13 | Signature authentication method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111371555A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113868684A (en) * | 2021-09-30 | 2021-12-31 | 成都卫士通信息产业股份有限公司 | Signature method, device, server, medium and signature system |
CN114143026A (en) * | 2021-10-26 | 2022-03-04 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
CN116827560A (en) * | 2023-08-31 | 2023-09-29 | 北京云驰未来科技有限公司 | Dynamic password authentication method and system based on asynchronous password |
-
2020
- 2020-04-13 CN CN202010287016.0A patent/CN111371555A/en active Pending
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113868684A (en) * | 2021-09-30 | 2021-12-31 | 成都卫士通信息产业股份有限公司 | Signature method, device, server, medium and signature system |
CN114143026A (en) * | 2021-10-26 | 2022-03-04 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
CN114143026B (en) * | 2021-10-26 | 2024-01-23 | 福建福诺移动通信技术有限公司 | Data security interface based on asymmetric and symmetric encryption and working method thereof |
CN116827560A (en) * | 2023-08-31 | 2023-09-29 | 北京云驰未来科技有限公司 | Dynamic password authentication method and system based on asynchronous password |
CN116827560B (en) * | 2023-08-31 | 2023-11-17 | 北京云驰未来科技有限公司 | Dynamic password authentication method and system based on asynchronous password |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11799668B2 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
US11588637B2 (en) | Methods for secure cryptogram generation | |
CN112333198B (en) | Secure cross-domain login method, system and server | |
CN111080295B (en) | Electronic contract processing method and device based on blockchain | |
CN109983466A (en) | A kind of account management system and management method, storage medium based on block chain | |
WO2018145127A1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain | |
CN108242999B (en) | Key escrow method, device and computer-readable storage medium | |
WO2014182957A1 (en) | Authentication system | |
CN111371555A (en) | Signature authentication method and system | |
CN111800262B (en) | Digital asset processing method and device and electronic equipment | |
CN109726578B (en) | Dynamic two-dimensional code anti-counterfeiting solution | |
CN105812366A (en) | Server, anti-crawler system and anti-crawler verification method | |
CN113132363B (en) | Front-end and back-end security verification method and equipment | |
CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
CN107566393A (en) | A kind of dynamic rights checking system and method based on trust certificate | |
CN104657860A (en) | Mobile banking security authentication method | |
CN100476844C (en) | Method for realizing binding function between electronic key and computer | |
CN109818965B (en) | Personal identity verification device and method | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
CN113890736A (en) | Mobile terminal identity authentication method and system based on SM9 cryptographic algorithm | |
CN117040765A (en) | Smart grid terminal authentication method and device, storage medium and computer equipment | |
CN113592484A (en) | Account cubing method, system and device | |
CN108282336A (en) | Device subscription verification method and device | |
CN111914308A (en) | Method for mobile data signature by using CA certificate in intelligent card | |
USRE49968E1 (en) | Electronic identification verification methods and systems with storage of certification records to a side chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200703 |
|
WD01 | Invention patent application deemed withdrawn after publication |