CN112333207B - Method and system for verifying data - Google Patents

Method and system for verifying data Download PDF

Info

Publication number
CN112333207B
CN112333207B CN202011632978.1A CN202011632978A CN112333207B CN 112333207 B CN112333207 B CN 112333207B CN 202011632978 A CN202011632978 A CN 202011632978A CN 112333207 B CN112333207 B CN 112333207B
Authority
CN
China
Prior art keywords
data
mac
module
initiator
receiver
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011632978.1A
Other languages
Chinese (zh)
Other versions
CN112333207A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN202011632978.1A priority Critical patent/CN112333207B/en
Publication of CN112333207A publication Critical patent/CN112333207A/en
Application granted granted Critical
Publication of CN112333207B publication Critical patent/CN112333207B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and a system for checking data, and relates to the field of communication. The system comprises an initiator and a receiver, wherein the initiator comprises a first acquisition module, a first authentication operation module, a first acting module, a first organization module, a first sending module, a first receiving module, a second analysis module, a fourth authentication operation module and an initiator verification module; the receiver comprises a second acquisition module, a second receiving module, a first analysis module, a second authentication operation module, a receiver verification module, a second acting module, an execution module, a third authentication operation module, a second organization module and a second sending module.

Description

Method and system for verifying data
Technical Field
The present invention relates to the field of communications, and in particular, to a method and system for verifying data.
Background
The MessageAuthentication Code (MAC) is a cryptographic method for guaranteeing information integrity and authentication, and realizes message authentication based on symmetric encryption modes such as an AES algorithm and the like. In the data message interaction process, the MAC algorithm is often used to check the data message. The existing method for checking the data message by using the MAC algorithm has the following problems:
first, in the existing data verification method, when the same message data is repeatedly sent, the same MAC data can be obtained, and certain data guessing and falsification risks exist; secondly, in the existing data verification method, once a data message is forged or stolen, a malicious party can use the forged or stolen data message to carry out brute force attack on equipment receiving the data message, so that the risk that the equipment is subjected to brute force attack is increased; thirdly, the existing data verification method cannot guarantee the authenticity and reliability of both interactive parties of the data message, and the safety is low.
Disclosure of Invention
In order to solve the technical defects in the prior art, the invention provides a method and a system for verifying data.
The invention provides a method for verifying data, which comprises the following steps:
step S01: the initiator acquires the stored second symmetric key and acquires the stored first common data as current initiator MAC data; the receiver acquires the stored second symmetric key and acquires the stored first common data as the current receiver MAC data;
before the step S01, the method further includes: the initiator acquires instruction data;
step S02: the initiator uses a second symmetric key to perform information authentication operation on the current initiator MAC data and instruction data to obtain second MAC data; organizing the request message data according to the instruction data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
step S03: the receiver receives and analyzes the request message data to obtain instruction data and second MAC analysis data; acquiring MAC data of a current receiver; performing information authentication operation on the MAC data and the instruction data of the current receiver by using a second symmetric key to obtain fourth MAC data; performing receiver authentication according to the second MAC parsing data and the fourth MAC data, and when the receiver authentication is successful, performing step S04;
step S04: the receiver takes the fourth MAC data as the current receiver MAC data; executing operation according to the instruction data to obtain instruction operation data; performing information authentication operation on the current receiver MAC data and the instruction operation data by using a second symmetric key to obtain sixth MAC data; organizing a response data message according to the sixth MAC data and the instruction operation data; sending a response data message to the initiator;
step S05: the initiator receives and analyzes the response data message to obtain sixth MAC analysis data and instruction operation data; performing information authentication operation on the current initiator MAC data and the instruction operation data by using a second symmetric key to obtain eighth MAC data; verifying the initiator according to the eighth MAC data and the sixth MAC analysis data, and ending when the initiator is successfully verified; when the initiator authentication fails, return is made to step S01.
The invention provides a system for verifying data, which comprises an initiator and a receiver:
the initiator comprises a first acquisition module, a first authentication operation module, a first acting module, a first organization module, a first sending module, a first receiving module, a second analysis module, a fourth authentication operation module and an initiator verification module;
the receiver comprises a second acquisition module, a second receiving module, a first analysis module, a second authentication operation module, a receiver verification module, a second serving module, an execution module, a third authentication operation module, a second organization module and a second sending module;
the first obtaining module is used for obtaining the stored second symmetric key and obtaining the stored first common data as the current initiator MAC data;
the first obtaining module is further used for obtaining instruction data;
the second obtaining module is used for obtaining a second symmetric key and obtaining the stored first common data as the current receiver MAC data;
the first authentication operation module is used for performing information authentication operation on the current initiator MAC data and instruction data by using a second symmetric key to obtain second MAC data;
the first organizing module is used for organizing request message data according to instruction data and second MAC data obtained by information authentication operation of the first authentication operation module;
the first acting module is used for taking the second MAC data as the current initiator MAC data;
the first sending module is used for sending the request message data organized by the first organizing module to a receiving party;
the second receiving module is configured to receive the request message data sent by the first sending module;
the first analysis module is used for analyzing the request message data received by the second receiving module to obtain instruction data and second MAC analysis data;
the second obtaining module is further configured to obtain MAC data of a current receiver;
the second authentication operation module is configured to perform information authentication operation on the current receiver MAC data acquired by the second acquisition module and the instruction data acquired by the first analysis module by using a second symmetric key to obtain fourth MAC data;
the receiver verification module is used for verifying the receiver according to the second MAC analysis data analyzed by the first analysis module and the fourth MAC data obtained by the second authentication operation module through information authentication operation;
the second acting module is used for taking fourth MAC data obtained by information authentication operation of the second authentication operation module as current receiver MAC data when the receiver verification module successfully verifies;
the execution module is used for executing operation according to the instruction data obtained by the analysis of the first analysis module to obtain instruction operation data;
the third authentication operation module is configured to perform information authentication operation on the MAC data of the current receiver, which is the second module, and the instruction operation data obtained by the execution module by using a second symmetric key to obtain sixth MAC data;
the second organization module is used for organizing a response data message according to sixth MAC data obtained by information authentication operation performed by the third authentication operation module and instruction operation data obtained by the execution module;
the second sending module is configured to send the response data packet organized by the second organizing module to the initiator;
the first receiving module is configured to receive the response data packet sent by the second sending module;
the second analysis module is used for analyzing the response data message received by the first receiving module to obtain sixth MAC analysis data and instruction operation data;
the fourth authentication operation module is configured to perform information authentication operation on the current initiator MAC data and the instruction operation data analyzed by the second analysis module by using a second symmetric key to obtain eighth MAC data;
the initiator verification module is used for verifying the initiator according to eighth MAC data obtained by information authentication operation performed by the fourth authentication operation module and sixth MAC analysis data obtained by analysis performed by the second analysis module; when the initiator successfully verifies, ending;
the first obtaining module is further configured to obtain a stored second symmetric key when the initiator verification module fails to verify, and obtain stored first common data as current initiator MAC data.
The beneficial effects achieved by adopting the technical scheme are as follows: the invention provides a method and a system for verifying data; the method is used for improving the guessing and solving difficulty of the data messages and improving the defense capability of carrying out brute force attack by using the same data messages; the authenticity and reliability of the data message initiator can be ensured, and the safety of message data is improved.
Drawings
Fig. 1 is a flowchart of a method for verifying data according to embodiment 2 of the present invention;
fig. 2 is a flowchart of a process of negotiating to generate a first symmetric key, a second symmetric key and first common data according to a method for verifying data provided in embodiment 3 of the present invention;
fig. 3 is a block diagram of a system for verifying data according to embodiment 4 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
In the following embodiments, the mac (message Authentication code) is a method for performing information integrity check and Authentication based on a key; MAC data verifies and authenticates information transmitted between two parties sharing the secret key. All MAC data in the embodiments refer to a message authentication code that verifies information.
Example 1
The embodiment provides a method for verifying data, which is applicable to a system with two devices, wherein one device is an initiator of communication data, and the other device is a receiver and receives the communication data sent by the initiator; the method comprises the following steps:
step 101: the initiator acquires the stored second symmetric key and acquires the stored first common data as current initiator MAC data; the receiver acquires a second symmetric key and acquires the stored first common data as current receiver MAC data;
before step 101, the method further comprises: the initiator acquires instruction data;
step 102: the initiator uses the second symmetric key to perform information authentication operation on the current initiator MAC data and instruction data to obtain second MAC data; organizing the request message data according to the instruction data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
step 103: the receiver receives and analyzes the request message data to obtain instruction data and second MAC analysis data; acquiring MAC data of a current receiver; performing information authentication operation on the MAC data and the instruction data of the current receiver by using a second symmetric key to obtain fourth MAC data; performing receiver authentication according to the second MAC analysis data and the fourth MAC data, and executing step 104 when the receiver authentication is successful;
optionally, in step 103, performing receiver authentication according to the second MAC analysis data and the fourth MAC data, specifically: the receiver judges whether the fourth MAC data is the same as the second MAC analysis data, and when the fourth MAC data is the same as the second MAC analysis data, the receiver successfully verifies the data; when the fourth MAC data is not identical to the second MAC resolution data, the receiver fails in authentication.
Step 104: the receiver takes the fourth MAC data as the current receiver MAC data; executing operation according to the instruction data to obtain instruction operation data; performing information authentication operation on the current receiver MAC data and the instruction operation data by using a second symmetric key to obtain sixth MAC data; organizing a response data message according to the sixth MAC data and the instruction operation data; sending a response data message to the initiator;
step 105: the initiator receives and analyzes the response data message to obtain sixth MAC analysis data and instruction operation data; performing information authentication operation on the current initiator MAC data and the instruction operation data by using a second symmetric key to obtain eighth MAC data; verifying the initiator according to the eighth MAC data and the sixth MAC analysis data, and ending when the initiator is successfully verified; when the initiator authentication fails, the process returns to step 101.
Optionally, in step 105, the ending is replaced by: the initiator acquires new instruction data and returns to step 102; after the information authentication operation is performed on the current receiver MAC data and the instruction operation data by using the second symmetric key to obtain sixth MAC data, the method further comprises the following steps: and the receiver takes the first common data as the MAC data of the current receiver.
Optionally, in step 105, the ending is replaced by: the initiator takes the eighth MAC data as the current initiator MAC data; acquiring new instruction data, and returning to the step 102;
correspondingly, step 104 further includes: and the receiver takes the sixth MAC data as the current receiver MAC data.
Optionally, before step 101, further comprising: the initiator and the receiver negotiate to generate and store first common data.
Optionally, step 101 further includes: the initiator and the receiver negotiate to generate and store first common data;
accordingly, in step 105, the end is replaced by: the initiator acquires new instruction data; returning to step 101.
Optionally, in step 105, the ending is replaced by: the initiator and the receiver negotiate to generate first common data; acquiring new instruction data; returning to step 101.
Optionally, before step 101, further comprising: the initiator and the receiver negotiate to generate and store first common data;
accordingly, in step 105, the end is replaced by: the initiator and the receiver renegotiate to generate and store first common data; and acquiring new instruction data and returning to the step 101.
Optionally, in step 105, when the initiator fails to verify, the method further includes: the initiator and the receiver negotiate to generate and store first common data; returning to step 101.
Optionally, step 101 further includes: the initiator and the receiver negotiate to generate and store the first common data and the second symmetric key.
Optionally, in step 105, the ending is replaced by: the initiator and the receiver negotiate to generate and store first common data and a second symmetric key, obtain new instruction data, and return to step 101;
further correspondingly, step D11: the initiator encrypts an initiator public key and first certificate information comprising a first serial number by using a preset root private key to obtain first signature data; obtaining an initiator certificate according to the first certificate information, the initiator public key and the first signature data; sending the initiator certificate to the receiver;
further correspondingly, step D12: the receiver receives and analyzes the initiator certificate to obtain first certificate information, an initiator public key and first signature data; the method comprises the steps that a preset root public key is used for checking the first signature data, when the checking is successful, a first serial number is obtained from an initiator certificate, and the first serial number and the initiator public key are stored; encrypting the public key of the receiver and second certificate information comprising a second serial number by using a preset root private key to obtain second signature data; obtaining a receiver certificate according to the second certificate information, the receiver public key and the second signature data; sending a receiver certificate to the initiator;
further correspondingly, step D13: the initiator receives and analyzes the receiver certificate to obtain second certificate information, a receiver public key and second signature data; the preset root public key is used for checking the second signature data, when the checking is successful, a second serial number is obtained from a receiver certificate, and the second serial number and the receiver public key are stored;
further correspondingly, step D14: the initiator randomly generates a temporary public key and a temporary private key; generating second key data and third key data according to the temporary private key, the initiator private key and the receiver public key; storing the second key data as a second symmetric key; performing information authentication operation on the first serial number and the second serial number by using third key data to obtain a first calculation result, and storing the first calculation result as first common data; sending the temporary public key to a receiver;
further correspondingly, step D15: the receiver generates fifth key data and sixth key data according to the temporary public key, the initiator public key and the receiver private key; storing the fifth key data as a second symmetric key; and performing information authentication operation on the first serial number and the second serial number by using the sixth key data to obtain a second calculation result, and storing the second calculation result as the first common data.
Optionally, step 101 further includes: the initiator and the receiver negotiate to generate and store first common data and a second symmetric key;
accordingly, in step 105, the end is replaced by: the initiator takes the eighth MAC data as the current initiator MAC data; acquiring new instruction data, and returning to the step 101;
correspondingly, step 104 further includes: and the receiver takes the sixth MAC data as the current receiver MAC data.
Optionally, in step 105, when the initiator fails to verify, the method further includes: the initiator and the receiver negotiate to generate and store first common data and a second symmetric key; returning to step 101.
Optionally, in step 103, the method further includes: when the receiver fails to verify, the receiver sends error response data to the initiator, and step D01 is executed;
accordingly, step D01: the initiator receives the error response data and returns to step 101.
Optionally, in step 105, performing initiator verification according to the eighth MAC data and the sixth MAC analysis data, specifically: the initiator judges whether the eighth MAC data is the same as the sixth MAC analysis data, and if the eighth MAC data is the same as the sixth MAC analysis data, the initiator successfully verifies the data; when the eighth MAC data is not identical to the sixth MAC resolution data, the initiator authentication fails.
Optionally, in step 102, organizing the request message data according to the instruction data and the second MAC data, specifically: the initiator obtains third MAC data according to the second MAC data and organizes request message data according to the instruction data and the third MAC data;
correspondingly, in step 103, the receiver receives and analyzes the request message data to obtain instruction data and second MAC analysis data, and replaces the instruction data and the second MAC analysis data with: the receiver receives and analyzes the request message data to obtain instruction data and third MAC analysis data;
correspondingly, in step 103, after performing information authentication operation on the current initiator MAC data and the instruction data by using the second symmetric key to obtain fourth MAC data, the method further includes: the receiver obtains fifth MAC data according to the fourth MAC data;
correspondingly, receiver authentication is performed according to the second MAC analysis data and the fourth MAC data, which specifically includes: the receiver judges whether the third MAC analysis data is the same as the fifth MAC data, and if the third MAC analysis data is the same as the fifth MAC data, the receiver successfully verifies the third MAC analysis data, and step 104 is executed; when the third MAC analysis data is different from the fifth MAC data, the receiver fails to verify and sends error-reporting response data to the initiator;
accordingly, the initiator receives the error response data.
Optionally, the initiator obtains third MAC data according to the second MAC data, specifically: the initiator acquires third MAC data from the second MAC data according to a second preset rule;
correspondingly, the receiver obtains fifth MAC data according to the fourth MAC data, specifically: and the receiver acquires fifth MAC data from the fourth MAC data according to a second preset rule.
Optionally, in step 104, organizing the response data packet according to the sixth MAC data and the instruction operation data, specifically: the receiving party obtains seventh MAC data according to the sixth MAC data, and organizes a response data message according to the instruction operation data and the seventh MAC data;
correspondingly, in step 105, the initiator receives and analyzes the response data packet to obtain sixth MAC analysis data and instruction operation data, and replaces the sixth MAC analysis data and the instruction operation data with: the initiator receives and analyzes the response data message to obtain seventh MAC analysis data and instruction operation data;
correspondingly, in step 105, after performing information authentication operation on the current initiator MAC data and the instruction operation data by using the second symmetric key to obtain eighth MAC data, the method further includes: the initiator obtains ninth MAC data according to the eighth MAC data;
correspondingly, in step 105, performing initiator verification according to the eighth MAC data and the sixth MAC resolution data, specifically: the initiator judges whether the seventh MAC analysis data is the same as the ninth MAC data, and if the seventh MAC analysis data is the same as the ninth MAC data, the initiator successfully verifies the seventh MAC analysis data; when the seventh MAC resolution data is not identical to the ninth MAC data, the initiator authentication fails.
Optionally, the receiving side obtains seventh MAC data according to the sixth MAC data, specifically: the receiver acquires seventh MAC data from the sixth MAC data according to a second preset rule;
correspondingly, the initiator obtains ninth MAC data according to the eighth MAC data, specifically: and the initiator acquires ninth MAC data from the eighth MAC data according to a second preset rule.
Example 2
The embodiment provides a method for verifying data, which is applicable to a system with two devices, wherein one device is an initiator of communication data, and the other device is a receiver and receives the communication data sent by the initiator; as shown in fig. 1, the method comprises the following steps:
step 201: the initiator and the receiver negotiate to generate a first symmetric key, a second symmetric key and first common data; the initiator takes the first common data as the MAC data of the current initiator; the receiver takes the first common data as the MAC data of the current receiver;
for example, the initiator and the receiver negotiate to generate a first symmetric key \ xCC \ x 7\ x 0\ x \ x \ x \ xF \ xCD \ x 3\ x \ x 8\ xF \ x 9\ x 1\ x \ x 9\ x, a second symmetric key \ xF \ xC \ x \ x 9\ x 0\ x 3\ x \ x \ x 4\ x \ x and current initiator MAC data \ \ xFA xCC \ x 1\ x \ x7 xBB \ x xC \ x 1\ xD \ x 4\ xCD \; the initiator takes the first common data as the MAC data of the current initiator; the receiver takes the first common data as the MAC data of the current receiver;
step 202: the initiator encrypts command plaintext data by using a first symmetric key to obtain command ciphertext data; performing information authentication operation on the current initiator MAC data and the instruction ciphertext data by using a second symmetric key to obtain second MAC data; organizing the request message data according to the instruction ciphertext data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
optionally, the step specifically includes: the initiator encrypts command plaintext data by using a first symmetric key according to a first preset algorithm to obtain command ciphertext data; organizing the MAC data and the instruction ciphertext data of the current initiator according to a first preset rule to obtain first splicing data, and performing information authentication operation on the first splicing data by using a second symmetric key according to a second preset algorithm to obtain second MAC data; organizing the request message data according to the instruction ciphertext data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
further, the method specifically comprises the following steps: the initiator encrypts command plaintext data by using a first symmetric key according to a first preset algorithm to obtain command ciphertext data; sequentially splicing the MAC data of the current initiator and the instruction ciphertext data to obtain first splicing data, using a second symmetric key to perform information authentication operation on the first splicing data according to a second preset algorithm to obtain second MAC data; organizing the request message data according to the instruction ciphertext data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
further, the method specifically comprises the following steps: the initiator encrypts command plaintext data by using a first symmetric key according to a first preset algorithm to obtain command ciphertext data; sequentially splicing the instruction ciphertext data and the current initiator MAC data to obtain first spliced data, and performing information authentication operation on the first spliced data by using a second symmetric key according to a second preset algorithm to obtain second MAC data; organizing the request message data according to the instruction ciphertext data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
for example, the initiator encrypts command plaintext data \ x \ x \ x \ x \ x \ x 9\ x 1\ x \ x 9\ x and encrypts command plaintext data \ x \ x \ x \ x \ x \ x \ x \ x \ xxAA \ xBB \ xC \ xEE \ xFF and obtains command ciphertext data \ x 6\ x \ x 9\ x \ x \ x \ x \ x 1\ x \ x 7\ x \ xxxAB \ x 0\ xxA; sequentially splicing the instruction ciphertext data and the current initiator MAC data to obtain first splicing data \ xFA \ xXCC \ x 1\ x \ x 7\ xBB \ x \ xC \ x 1\ xD \ x \ x \ x \ x 4\ xCDD \ x 6\ x \ x 9\ x \ x \ x 1\ x 7\ xE \ x \ x 7\ x \ xAB \ x 0\ x, and performing information authentication on the first splicing data by using a second pair of symmetric keys \ xF \ xC \ x \ x \ x 9\ x 0\ x 3\ x \ x \ x 4\ x \ xA \ x \ x \ x. Organizing request message data \ x6D \ x70\ x9B \ x14\ x05\ x1C \ xCB \ x7D \ xE3\ x60\ x7F \ x35\ xAB \ x0A \ x70\ xA6\ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB1\ x18\ x93\ xFA x xAE \ xFA 90\ x65\ x71\ x 42; taking the second MAC data as the current initiator MAC data; and sending the request message data to a receiving party.
Step 203: the receiver receives and analyzes the request message data to obtain instruction ciphertext data and second MAC analysis data; acquiring MAC data of a current receiver; performing information authentication operation on the current receiver MAC data and the instruction ciphertext data by using a second symmetric key to obtain fourth MAC data;
optionally, the step specifically includes: the receiver receives and analyzes the request message data to obtain instruction ciphertext data and second MAC analysis data; acquiring MAC data of a current receiver; organizing the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain second splicing data, and performing information authentication operation on the second splicing data by using a second symmetric key according to a second preset algorithm to obtain fourth MAC data;
further, the step is more specifically as follows: the receiver receives and analyzes the request message data to obtain instruction ciphertext data and second MAC analysis data; acquiring MAC data of a current receiver; sequentially splicing the MAC data of the current receiver and the instruction ciphertext data to obtain second spliced data, and performing information authentication operation on the second spliced data by using a second symmetric key according to a second preset algorithm to obtain fourth MAC data;
further, the step is more specifically as follows: the receiver receives and analyzes the request message data to obtain instruction ciphertext data and second MAC analysis data; acquiring MAC data of a current receiver; sequentially splicing the instruction ciphertext data and the current receiver MAC data to obtain second spliced data, and performing information authentication operation on the second spliced data by using a second symmetric key according to a second preset algorithm to obtain fourth MAC data;
for example, the receiving party receives and analyzes the request message data \ x 6\ x \ x \ x 9\ x \ x \ x 1\ x 7\ xE \ x \ x 7\ x \ xAB \ x 0\ x \ xA \ x \ x 4\ xD \ xD \ x 8\ x \ x \ x \ xB \ x \ x \ xFA \ x \ x \ x \ to obtain the instruction ciphertext data \ x 6\ x \ x \ x 9\ x \ x \ x 1\ x 7\ xE \ x \ x 7\ x \ x \ xB \ x 0\ x \ xA and the second MAC data \ x 4\ xD \ xD \ x \ x \ x 8\ x \ x \ x 7\ x \ x \ x \ xA \ x \ x \ x; acquiring MAC data of a current receiver; sequentially splicing the MAC data \ \ xFA \ xCC \ x 1\ x \ x 7\ xBB \ x \ xC \ x \ x \ xD and the instruction ciphertext data \ x 6\ x \ x 9\ x \ x 1\ x 7\ x \ xAB \ x 0\ x \ xA to obtain the second spliced data \ \ xFA \ xC \ x 1\ x 7\ x \ xBB \ x \ xC \ x 1\ xD \ x 4\ xDD \ x 6\ x 9\ x \ x 7\ x \ x \ xBD \ x \ xB \ xAB \ x 0\ x \ xA, according to a second preset algorithm CMAC, information authentication operation is carried out on second splicing data by using a second symmetric key \ xF5\ xC0\ x01\ x26\ x9D \ x0E \ x3C \ x66\ x13\ x05\ xDC \ x45\ x4C \ x00\ x90\ x33 to obtain fourth MAC data \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB1 x18\ x93\ xAE \ xFA \ x90\ x65\ x71\ x 42.
Step 204: the receiving party judges whether the fourth MAC data is the same as the second MAC analysis data, if so, step 205 is executed, otherwise, error report response data is sent to the initiating party;
step A01: the initiator receives the error response data and performs step 211;
alternatively, step a01 is replaced with: the initiator receives the error response data and ends;
alternatively, the execution of step a01 may be replaced by: the receiver finishes reporting the error;
in this embodiment, if the receiver determines that the fourth MAC data is the same as the second MAC analysis data, the receiver sends a response data packet including preset correct response data to the initiator in step 206; for example, the correct response data is \ x90\ x 00.
Step 205: the receiver takes the fourth MAC data as the current receiver MAC data; decrypting and analyzing the instruction ciphertext data by using the first symmetric key to perform information authentication operation to obtain instruction plaintext data; executing operation according to the instruction plaintext data to obtain instruction operation data; encrypting the instruction operation data by using the first symmetric key to obtain instruction operation ciphertext data;
optionally, the step specifically includes: the receiver takes the fourth MAC data as the current receiver MAC data; analyzing the instruction ciphertext data by using a first symmetric key according to a first preset algorithm to obtain instruction plaintext data; executing operation according to the instruction plaintext data to obtain instruction operation data; encrypting the instruction operation data by using the first symmetric key to obtain instruction operation ciphertext data;
for example, the receiver takes the fourth MAC data as the current initiator MAC data; according to a first preset algorithm AES, a first symmetric key \ xCC \ x 7\ x 0\ x \ x \ x \ xF \ xCD \ x 3\ x \ x 8\ xF \ x 9\ x 1\ x \ x 9\ x resolves instruction ciphertext data \ x 6\ x \ x 9\ x \ x \ x 1\ x 7\ xE \ x \ x 7\ x \ xAB \ x 0\ x \ xxxxA to obtain instruction plaintext data \ x \ x \ x \ x \ x \ x \ xBB \ xCC \ xEE \ xFF; executing operation according to the instruction plaintext data to obtain instruction operation data \ x90\ x 00; the first symmetric key is used for encrypting the instruction operation data to obtain instruction operation ciphertext data \ xC2\ xFB \ x23\ x41\ xEB \ x74\ x94\ xA0\ xFB \ x0D \ xAD \ x04\ x92\ x10\ xCF \ xB 8.
Step 206: the receiver uses the second symmetric key to operate the ciphertext data and the current receiver MAC data to obtain sixth MAC data; organizing a response data message according to the sixth MAC data, the instruction operation ciphertext data and preset correct response data; taking the sixth MAC data as the current receiver MAC data; sending a response data message to the initiator;
optionally, the step specifically includes: the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain third splicing data, and performs information authentication operation on the third splicing data by using a second symmetric key according to a second preset algorithm to obtain sixth MAC data; organizing a response data message according to the sixth MAC data, the instruction operation ciphertext data and preset correct response data; taking the sixth MAC data as the current receiver MAC data; sending a response data message to the initiator;
further, the step is more specifically as follows: the receiver sequentially splices the MAC data of the current receiver and the instruction ciphertext data to perform information authentication operation to obtain third spliced data, and the third spliced data is spliced by using a second symmetric key according to a second preset algorithm to obtain sixth MAC data; organizing a response data message according to the sixth MAC data, the instruction operation ciphertext data and preset correct response data; taking the sixth MAC data as the current receiver MAC data; sending a response data message to the initiator;
further, the step is more specifically as follows: the receiver sequentially splices the instruction ciphertext data and the current receiver MAC data to obtain third spliced data, and uses a second symmetric key to splice the third spliced data according to a second preset algorithm to obtain sixth MAC data; organizing a response data message according to the sixth MAC data, the instruction operation ciphertext data and preset correct response data; taking the sixth MAC data as the current receiver MAC data; sending a response data message to the initiator;
for example, the receiving party sequentially splices the instruction ciphertext data \ xC \ xFB \ x \ xB \ x \ x \ x \ xF \ xB and the current initiator MAC data \ x 4\ xD \ xD \ x 8\ x \ x \ x \ xB \ x \ x \ xFA \ x \ x \ x \ x \ xB \ x \ xX \ xFA \ x \ x \ x \ xB \ x \ xFB \ xB xX \ xFA \ x \ xB \ x \ x \ xB, performing information authentication operation on the third splicing data by using a second symmetric key \ xF5\ xC0\ x01\ x26\ x3 26\ x26\ x26\ x26\ x26\ x26 to obtain sixth MAC data \ x 9\ xB 26\ x2 26\ x26\ x26\ x26\ xB 26\ x6 26\ x26\ x26\ x26\ x26\ x26\ xA 26\ x26\ x26\ x26\ x26\ x 36; organizing a response data message \ xC2\ xFB \ x23\ x41\ xEB \ x74\ x94\ xA0\ xFB \ x0D \ xAD \ x04\ x92\ x10\ xCF \ xB8\ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08\ x67\ x95\ xB8\ x 6\ 6A \ xAE \ x50\ x23\ xA8 x90\ x90 according to sixth MAC data, instruction operation ciphertext data and preset correct response data \ x90\ x 00; taking the sixth MAC data as the current receiver MAC data; and sending a response data message to the initiator.
Step 207: the initiator analyzes the response data message to obtain sixth MAC analysis data, instruction operation ciphertext data and correct response data; judging whether the correct response data is the same as the third preset data, if so, executing step 208, otherwise, executing step 211;
optionally, when it is determined that the correct response data is not the same as the third preset data, the initiator performs step 211 instead of: the initiator ends;
for example, the initiator analyzes the response data message to obtain sixth MAC analysis data \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x02\ x02\ xA 02\ x02\ x02\ 02\ x02\ x02\ xf \ xB 02 and correct response data \ x02\ x02\ x 02; and judging whether the correct response data is the same as the third preset data \ x90\ x00, if so, executing the step 208, otherwise, executing the step 211.
Step 208: the initiator uses the second symmetric key to perform information authentication operation on the current initiator MAC data and the instruction operation ciphertext data to obtain eighth MAC data;
optionally, the step specifically includes: the initiator organizes the MAC data of the current initiator and the instruction operation ciphertext data according to a first preset rule to obtain fourth splicing data, and performs information authentication operation on the fourth splicing data by using a second symmetric key according to a second preset algorithm to obtain eighth MAC data;
further, the step is more specifically as follows: the initiator sequentially splices the current initiator MAC data and the instruction operation ciphertext data to obtain fourth spliced data, and performs information authentication operation on the fourth spliced data by using a second symmetric key according to a second preset algorithm to obtain eighth MAC data;
further, the step is more specifically as follows: the initiator sequentially splices the current initiator MAC data and the instruction operation ciphertext data to obtain fourth spliced data, and performs information authentication operation on the fourth spliced data by using a second symmetric key according to a second preset algorithm to obtain eighth MAC data;
for example, the initiator sequentially splices current initiator MAC data \ x 4\ xD \ xD \ x 8\ x \ x \ x \ xB \ x \ x \ xFA \ x \ x \ x \ x and command operation ciphertext data \ xC \ xFB \ x \ x \ x \ x \ x \ xFB \ x 0\ x \ x \ x \ x \ xF \ xB to obtain fourth spliced data \ x 4\ xD \ xD \ x 8\ x \ x \ x \ x \ xB x \ x \ x \ x \ xFA \ xB \ x \ x \ xB \ x \ xFB \ x \ x \ xF \ x \ x \ x \ x \ xB \ x \ xFB \ x \ x \ x \ x \ x \ xFA \ x \ x \ x \ xB \ x \ x \ x \ xFB \ x \ x \ xB \ x \ x \ xFB \ x, according to a second preset algorithm CMAC, information authentication operation is carried out on fourth splicing data by using a second symmetric key \ xF5\ xC0\ x01\ x26\ x9D \ x0E \ x3C \ x66\ x13\ x05\ xDC \ x45\ x4C \ x00\ x90\ x33 to obtain eighth MAC data \ x 9\ 9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08 x67\ x95\ xB8\ x6A \ xAE \ x50\ x23\ xA 8.
Step 209: the initiator determines whether the eighth MAC data is the same as the sixth MAC parsed data, if so, performs step 210, otherwise, performs step 211;
for example, the initiator determines whether the eighth MAC data \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08\ x67\ x95\ xB8\ x6A \ xAE \ x50\ x23\ xA8 is the same as the sixth MAC analytic data \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08\ x67\ x95 xB8\ x6A \ xAE \ x50\ x23\ xA8, if so, then step 210 is executed, otherwise, step 211 is executed.
Step 210: the initiator acquires new instruction plaintext data according to the eighth MAC data as the first shared data, and returns to step 202;
optionally, new instruction plaintext data is acquired, specifically: the initiator generates new instruction plaintext data.
Optionally, new instruction plaintext data is acquired, specifically: the initiator acquires next preset instruction plaintext data as new instruction plaintext data; the next preset instruction plaintext data refers to the next instruction plaintext data to be sent to the receiving party by the initiator.
For example, the initiator uses the eighth MAC data \ x 9\ 9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08\ x67\ x95\ xB8\ x6A \ xAE \ x50\ x23\ xA8 as the current initiator MAC data \ x4D \ xD3\ 8\ xD 8A \ x91\ x93\ x21\ xB1\ x18\ x93\ x xAE \ xFA ciphertext \ x90\ x65\ x71\ x42 to store the instruction operation data, and returns to step 202.
Step 211: the initiator and the receiver renegotiate to generate a first symmetric key, a second symmetric key and first common data; the initiator takes the first common data as the MAC data of the current initiator; the receiver takes the first common data as the MAC data of the current receiver; returning to step 202.
In this embodiment, a method for verifying data is further provided, which includes the following steps:
step 301: the initiator and the receiver negotiate to generate a first symmetric key, a second symmetric key and first common data; the initiator takes the first common data as the MAC data of the current initiator; the receiver takes the first common data as the MAC data of the current receiver;
for example, the first symmetric key is \ xCC \ x7B \ x0F \ x22\ x73\ xF7\ xCD \ x3D \ x45\ x8C \ xF4\ x9B \ x1B \ x17\ x9E \ x 69;
the second symmetric key is \ xF5\ xC0\ x01\ x26\ x9D \ x0E \ x3C \ x66\ x13\ x05\ xDC \ x45\ x4C \ x00\ x90\ x 33;
the current initiator MAC data is \ xDF \ xFA \ xCC \ x1E \ x39\ x7D \ xBB \ x 98;
step 302: the initiator encrypts command plaintext data by using a first symmetric key to obtain command ciphertext data; performing information authentication operation on the current initiator MAC data and the instruction ciphertext data by using a second symmetric key to obtain second MAC data; taking the second MAC data as the current initiator MAC data; obtaining third MAC data according to the second MAC data; organizing the request message data according to the instruction ciphertext data and the third MAC data; sending request message data to a receiver;
optionally, the initiator encrypts the instruction plaintext data using the first symmetric key to obtain instruction ciphertext data, specifically: and the initiator encrypts the command plaintext data by using the first symmetric key according to a first preset algorithm to obtain command ciphertext data.
Optionally, performing information authentication operation on the current initiator MAC data and the instruction ciphertext data using a second symmetric key to obtain second MAC data, specifically: the initiator organizes the MAC data and the instruction ciphertext data of the current initiator according to a first preset rule to obtain first splicing data, and performs information authentication operation on the first splicing data by using a second symmetric key according to a second preset algorithm to obtain second MAC data;
further, the initiator organizes the current initiator MAC data and the instruction ciphertext data according to a first preset rule to obtain first concatenation data, which specifically includes: the initiator sequentially splices the current initiator MAC data and the instruction ciphertext data to obtain first spliced data, and performs information authentication operation on the first spliced data by using a second symmetric key according to a second preset algorithm to obtain second MAC data;
further, the initiator organizes the current initiator MAC data and the instruction ciphertext data according to a first preset rule to perform information authentication operation to obtain first concatenation data, which specifically includes: and the initiator sequentially splices the instruction ciphertext data and the current initiator MAC data to obtain first spliced data, and performs information authentication operation on the first spliced data by using a second symmetric key according to a second preset algorithm to obtain second MAC data.
Optionally, obtaining third MAC data according to the second MAC data specifically includes: the initiator acquires third MAC data from the second MAC data according to a second preset rule;
further, the initiator acquires third MAC data from the second MAC data according to a second preset rule, specifically: the initiator acquires byte data with a second preset length from the second MAC data as third MAC data;
further, the initiator acquires third MAC data from the second MAC data according to a second preset rule, specifically: the initiator acquires byte data with a second preset length from the second MAC data as third MAC data;
further, the initiator acquires third MAC data from the second MAC data according to a second preset rule, specifically: and the initiator acquires byte data with a second preset length from the first preset data bytes in the second MAC data as third MAC data.
For example, the first preset algorithm may be the AES algorithm;
the second preset algorithm may be a CMAC algorithm;
the first symmetric key is \ xCC \ x7B \ x0F \ x22\ x73\ xF7\ xCD \ x3D \ x45\ x8C \ xF4\ x9B \ x1B \ x17\ x9E \ x 69;
the instruction plaintext data is \ x00\ x11\ x22\ x33\ x44\ x55\ x66\ x77\ x88\ x99\ xAA \ xBB \ xCC \ xDD \ xEE \ xFF;
the second symmetric key is \ xF5\ xC0\ x01\ x26\ x9D \ x0E \ x3C \ x66\ x13\ x05\ xDC \ x45\ x4C \ x00\ x90\ x 33;
the current initiator MAC data is \ xDF \ xFA \ xCC \ x1E \ x39\ x7D \ xBB \ x98\ xC9\ xAE \ x1C \ xD5\ x01\ xED \ x4E \ xCD;
the first splicing data is \ xDF \ xFA \ xCC \ x1E \ x39\ x7D \ xBB \ x98\ xC9\ xAE \ x1C \ xD5\ x01\ xED \ x4E \ xCD \ x6D \ x70\ x9B \ x14\ x05\ x1C \ xCB \ x7D \ xE3\ x60\ x7F \ x35\ xAB \ x0A \ x70\ xA 6;
the second MAC data is \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB1\ x18\ x93\ xAE \ xFA \ x90\ x65\ x71\ x 42;
the first preset data is \ 00;
the second preset length is 8;
the third MAC data is \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB 1;
the request message data is \ x6D \ x70\ x9B \ x14\ x05\ x1C \ xCB \ x7D \ xE3\ x60\ x7F \ x35\ xAB \ x0A \ x70\ xA6 x4D \ xD3\ xD8\ x8A \ x91\ x93 x21\ xB 1;
step 303: the receiver receives and analyzes the request message data to obtain instruction ciphertext data and third MAC analysis data; acquiring MAC data of a current receiver; performing information authentication operation on the current receiver MAC data and the instruction ciphertext data by using a second symmetric key to obtain fourth MAC data; obtaining fifth MAC data according to the fourth MAC data;
optionally, performing information authentication operation on the current receiver MAC data and the instruction ciphertext data using the second symmetric key to obtain fourth MAC data, specifically: the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain second splicing data, and performs information authentication operation on the second splicing data by using a second symmetric key according to a second preset algorithm to obtain fourth MAC data;
further, the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain second concatenation data, which specifically includes: the receiver sequentially splices the MAC data of the current receiver and the instruction ciphertext data to obtain second spliced data, and information authentication operation is performed on the second spliced data by using a second symmetric key according to a second preset algorithm to obtain fourth MAC data;
further, the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain second concatenation data, which specifically includes: and the receiver sequentially splices the instruction ciphertext data and the current receiver MAC data to obtain second spliced data.
Optionally, obtaining fifth MAC data according to the fourth MAC data specifically includes: the receiver acquires fifth MAC data from the fourth MAC data according to a second preset rule;
further, the receiver obtains fifth MAC data from the fourth MAC data according to a second preset rule, specifically: the receiver acquires byte data with a second preset length from the fourth MAC data as fifth MAC data;
further, the receiver obtains fifth MAC data from the fourth MAC data according to a second preset rule, specifically: the receiver acquires byte data with a second preset length from the fourth MAC data as fifth MAC data;
further, the receiver obtains fifth MAC data from the fourth MAC data according to a second preset rule, specifically: and the receiver acquires byte data with a second preset length from the first preset data byte in the fourth MAC data as fifth MAC data.
For example, the second preset algorithm may be a CMAC algorithm;
the second symmetric key is \ xF5\ xC0\ x01\ x26\ x9D \ x0E \ x3C \ x66\ x13\ x05\ xDC \ x45\ x4C \ x00\ x90\ x 33;
the MAC data of the current receiving party is \ xDF \ xFA \ xCC \ x1E \ x39\ x7D \ xBB \ x98\ xC9\ xAE \ x1C \ xD5\ x01\ xED \ x4E \ xCD;
the instruction plaintext data is \ x00\ x11\ x22\ x33\ x44\ x55\ x66\ x77\ x88\ x99\ xAA \ xBB \ xCC \ xDD \ xEE \ xFF;
the fourth MAC data is \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB1\ x18\ x93\ xAE \ xFA \ x90\ x65\ x71\ x 42;
the fifth MAC data is \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB 1;
step 304: the receiving party judges whether the fifth MAC data is the same as the third MAC analysis data, if so, step 305 is executed, otherwise, error report response data is sent to the initiating party;
step A11: the initiator receives the error response data and performs step 311;
alternatively, step a11 is replaced with: the initiator receives the error response data and ends;
alternatively, the execution of step a01 may be replaced by: the receiver ends;
in this embodiment, if the receiver determines that the fourth MAC data is the same as the second MAC analysis data, the receiver sends a response data packet including preset correct response data to the initiator in step 306; for example, the correct response data is \ x90\ x 00.
Step 305: the receiver takes the fourth MAC data as the current receiver MAC data; analyzing the instruction ciphertext data by using the first symmetric key to obtain instruction plaintext data; executing operation according to the instruction plaintext data to obtain instruction operation data; encrypting the instruction operation data by using the first symmetric key to obtain instruction operation ciphertext data;
optionally, the instruction operation ciphertext data is obtained by encrypting the instruction operation data by using the first symmetric key, which specifically includes: the receiver encrypts the instruction operation data by using the first symmetric key according to a first preset algorithm to obtain instruction operation ciphertext data;
for example, the instruction operation data is \ x90\ x 00;
the instruction operation ciphertext data is \ xC2\ xFB \ x23\ x41\ xEB \ x74\ x94\ xA0\ xFB \ x0D \ xAD \ x04\ x92\ x10\ xCF \ xB 8;
step 306: the receiver uses the second symmetric key to perform information authentication operation on the instruction operation ciphertext data and the current receiver MAC data to obtain sixth MAC data; obtaining seventh MAC data according to the sixth MAC data; taking the sixth MAC data as the current receiver MAC data; organizing a response data message according to the seventh MAC data, the instruction operation ciphertext data and preset correct response data; sending a response data message to the initiator;
optionally, performing information authentication operation on the current receiver MAC data and the instruction ciphertext data using the second symmetric key to obtain sixth MAC data, which specifically includes: the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain third splicing data, and performs information authentication operation on the third splicing data by using a second symmetric key according to a second preset algorithm to obtain sixth MAC data;
further, the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to obtain third splicing data, which specifically includes: the receiver sequentially splices the MAC data of the current receiver and the instruction ciphertext data to perform information authentication operation to obtain third spliced data;
further, the receiver organizes the MAC data of the current receiver and the instruction ciphertext data according to a first preset rule to perform information authentication operation to obtain third splicing data, which specifically includes: and the receiver sequentially splices the instruction ciphertext data and the current receiver MAC data to obtain third spliced data.
Optionally, the seventh MAC data is obtained according to the sixth MAC data, specifically: the receiver acquires seventh MAC data from the sixth MAC data according to a second preset rule;
further, the receiver obtains seventh MAC data from the sixth MAC data according to a second preset rule, specifically: the receiver acquires byte data with a second preset length from the sixth MAC data to serve as seventh MAC data;
further, the receiver obtains seventh MAC data from the sixth MAC data according to a second preset rule, specifically: the receiver acquires byte data with a second preset length from the sixth MAC data as seventh MAC data;
further, the receiver obtains seventh MAC data from the sixth MAC data according to a second preset rule, specifically: and the receiver acquires byte data with a second preset length from the first preset data byte in the sixth MAC data as seventh MAC data.
For example, the correct response data is \ x90\ x 00;
the sixth MAC data is \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08\ x67\ x95\ xB8\ x6A \ xAE \ x50\ x23\ xA 8;
the MAC data of the current receiving party is \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB1\ x18\ x93\ xAE \ xFA \ x90\ x65\ x71\ x 42;
the seventh MAC data is \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x 08;
the response data message is \ xC2\ xFB \ x23\ x41\ xEB \ x74\ x94\ xA0\ xFB \ x0D \ xAD \ x04\ x92\ x10\ xCF \ xB8\ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02 x08\ x90\ x 90;
step 307: the initiator analyzes the response data message to obtain seventh MAC analysis data, instruction operation ciphertext data and correct response data; judging whether the correct response data is the same as the third preset data, if so, executing a step 308, otherwise, executing a step 311;
optionally, when it is determined that the correct response data is not the same as the third preset data, the initiator performs step 311 by replacing: the initiator ends;
for example, the third preset data is \ x90\ x 00;
step 308: the initiator uses the second symmetric key to perform information authentication operation on the current initiator MAC data and the instruction operation ciphertext data to obtain eighth MAC data; obtaining ninth MAC data according to the eighth MAC data;
optionally, the initiator performs information authentication operation on the current initiator MAC data and the instruction operation ciphertext data using the second symmetric key to obtain eighth MAC data, which specifically includes: the initiator organizes the MAC data of the current initiator and the instruction operation ciphertext data according to a first preset rule to obtain fourth splicing data, and performs information authentication operation on the fourth splicing data by using a second symmetric key according to a second preset algorithm to obtain eighth MAC data;
further, the initiator organizes the current initiator MAC data and the instruction operation ciphertext data according to a first preset rule to obtain fourth concatenation data, which specifically includes: the initiator sequentially splices the MAC data of the current initiator and the instruction operation ciphertext data to obtain fourth spliced data;
further, the initiator organizes the current initiator MAC data and the instruction operation ciphertext data according to a first preset rule to obtain fourth concatenation data, which specifically includes: and the initiator sequentially splices the current initiator MAC data and the instruction operation ciphertext data to obtain fourth spliced data.
Optionally, the ninth MAC data is obtained according to the eighth MAC data, and specifically: the initiator acquires ninth MAC data from the eighth MAC data according to a second preset rule;
further, the initiator acquires the ninth MAC data from the eighth MAC data according to a second preset rule, specifically: the initiator acquires byte data with a second preset length from the eighth MAC data to serve as ninth MAC data;
further, the initiator acquires the ninth MAC data from the eighth MAC data according to a second preset rule, specifically: the initiator acquires byte data with a second preset length from the eighth MAC data as ninth MAC data;
further, the initiator acquires the ninth MAC data from the eighth MAC data according to a second preset rule, specifically: and the initiator acquires byte data with a second preset length from the first preset data byte in the eighth MAC data as ninth MAC data.
For example, the fourth splicing data is \ x4D \ xD3\ xD8\ x8A \ x91\ x93\ x21\ xB1\ x18\ x93\ xAE \ xFA \ x90\ x65\ x71\ x42\ xC2\ xFB \ x23\ x41\ xEB \ x74\ x94\ xA0\ xFB \ x0D \ xAD \ x04\ x92\ x10\ xCF \ xB 8;
the eighth MAC data is \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x08\ x67\ x95\ xB8\ x6A \ xAE \ x50\ x23\ xA 8;
the ninth MAC data is \ x9F \ xC3\ x2C \ x40\ xE2\ x04\ x02\ x 08;
step 309: the initiator determines whether the ninth MAC data is the same as the seventh MAC parsed data, if so, performs step 310, otherwise, performs step 311;
step 310: the initiator takes the eighth MAC data as the current initiator MAC data, obtains new instruction plaintext data, and returns to step 302;
optionally, new instruction plaintext data is acquired, specifically: the initiator generates new instruction plaintext data.
Optionally, new instruction plaintext data is acquired, specifically: the initiator acquires next preset instruction plaintext data as new instruction plaintext data; the next preset instruction plaintext data refers to the next instruction plaintext data to be sent to the receiving party by the initiator.
Step 311: the initiator and the receiver renegotiate to generate a first symmetric key, a second symmetric key and first common data; the initiator takes the first common data as the MAC data of the current initiator; the receiver takes the first common data as the MAC data of the current receiver; returning to step 302.
Example 3
The embodiment provides a process for negotiating and generating a first symmetric key, a second symmetric key and first common data in a method for verifying data, as shown in fig. 2, including the following steps:
step 401: the initiator encrypts a preset initiator public key and first certificate information comprising a first serial number by using a preset root private key to obtain first signature data; obtaining an initiator certificate according to the first certificate information, the initiator public key and the first signature data; sending the initiator certificate to the receiver;
step 402: the receiver receives and analyzes the initiator certificate to obtain first certificate information, an initiator public key and first signature data; the method comprises the steps that a preset root public key is used for checking the first signature data, when the checking is successful, a first serial number is obtained from an initiator certificate, and the first serial number and the initiator public key are stored; encrypting a preset public key of a receiver and second certificate information comprising a second serial number by using a preset root private key to obtain second signature data; obtaining a receiver certificate according to the second certificate information, the receiver public key and the second signature data; sending a receiver certificate to the initiator;
step 403: the initiator receives and analyzes the receiver certificate to obtain second certificate information, a receiver public key and second signature data; the preset root public key is used for checking the second signature data, when the checking is successful, a second serial number is obtained from a receiver certificate, and the second serial number and the receiver public key are stored;
step 404: the initiator randomly generates a temporary public key and a temporary private key; generating first key data, second key data and third key data according to the temporary private key, the initiator private key and the receiver public key; storing the first key data as a first symmetric key; storing the second key data as a second symmetric key; performing information authentication operation on the first serial number and the second serial number by using third key data to obtain a first calculation result, and storing the first calculation result as first common data; sending the temporary public key to a receiver;
step 405: the receiver generates fourth key data, fifth key data and sixth key data according to the temporary public key, the initiator public key and the receiver private key; storing the fourth key data as a first symmetric key; storing the fifth key data as a second symmetric key; performing information authentication operation on the first serial number and the second serial number by using sixth key data to obtain a second calculation result, and storing the second calculation result as first common data; sending current initiator MAC data to the initiator;
step 406: the initiator receives the current initiator MAC data, judges whether the received current initiator MAC data is the same as the stored current initiator MAC data, if so, completes negotiation and ends; otherwise, error reporting is finished.
Example 4
The present embodiment provides a system for verifying data, as shown in fig. 3, the system includes an initiator 500 and a receiver 600:
the initiator 500 comprises a first obtaining module 501, a first authentication operation module 502, a first acting module 503, a first organizing module 504, a first sending module 505, a first receiving module 506, a second analyzing module 507, a fourth authentication operation module 508 and an initiator verifying module 509;
the receiver 600 comprises a second obtaining module 601, a second receiving module 602, a first analyzing module 603, a second authentication operation module, a receiver verifying module 605, a second acting module 606, an executing module 607, a third authentication operation module 608, a second organizing module 609 and a second sending module 610;
a first obtaining module 501, configured to obtain a stored second symmetric key, and obtain a stored first common data as a current initiator MAC data;
the first obtaining module 501 is further configured to obtain instruction data;
a second obtaining module 601, configured to obtain a second symmetric key, and obtain the stored first common data as MAC data of the current receiver;
a first authentication operation module 502, configured to perform information authentication operation on the current initiator MAC data and instruction data using a second symmetric key to obtain second MAC data;
a first organizing module 504, configured to organize request message data according to the instruction data and second MAC data obtained by performing information authentication operation by the first authentication operation module 502;
a first as module 503, configured to use the second MAC data as the current initiator MAC data;
a first sending module 505, configured to send, to a receiving party, request message data organized by the first organizing module 504;
a second receiving module 602, configured to receive the request message data sent by the first sending module 505;
a first parsing module 603, configured to parse the request message data received by the second receiving module 602 to obtain instruction data and second MAC parsing data;
the second obtaining module 601 is further configured to obtain MAC data of a current receiver;
a second authentication operation module, configured to perform information authentication operation on the current receiver MAC data acquired by the second acquisition module 601 and the instruction data acquired by the first analysis module 603 by using a second symmetric key to obtain fourth MAC data;
a receiver verifying module 605, configured to perform receiver verification according to the second MAC data analyzed by the first analyzing module 603 and the fourth MAC data obtained by performing information authentication operation by the second authentication operation module;
a second acting module 606, configured to, when the receiver verifying module 605 successfully verifies, use fourth MAC data obtained by performing information authentication operation by the second authentication operation module as current receiver MAC data;
an executing module 607, configured to execute an operation according to the instruction data obtained through analysis by the first analyzing module 603 to obtain instruction operation data;
a third authentication operation module 608, configured to perform information authentication operation on the MAC data of the current receiver, which is the second module 606, and the instruction operation data obtained by the execution module 607 using the second symmetric key, to obtain sixth MAC data;
a second organizing module 609, configured to organize a response data packet according to sixth MAC data obtained by performing information authentication operation by the third authentication operation module 608 and instruction operation data obtained by the execution module 607;
a second sending module 610, configured to send, to the initiator, the response data packet organized by the second organizing module 609;
a first receiving module 506, configured to receive a response data packet sent by the second sending module 610;
a second parsing module 507, configured to parse the response data packet received by the first receiving module 506 to obtain sixth MAC data and instruction operation data;
a fourth authentication operation module 508, configured to perform information authentication operation on the current initiator MAC data and the instruction operation data analyzed by the second analysis module 507 using the second symmetric key to obtain eighth MAC data;
the initiator verification module 509 is configured to perform initiator verification according to the eighth MAC data obtained by performing information authentication operation by the fourth authentication operation module 508 and the sixth MAC analysis data obtained by analyzing by the second analysis module 507; when the initiator successfully verifies, ending;
the first obtaining module 501 is further configured to obtain the stored second symmetric key when the initiator verifying module 509 fails to verify, and obtain the stored first common data as the current initiator MAC data.
Optionally, the first obtaining module 501 is further configured to obtain new instruction data;
correspondingly, the second obtaining module 601 is further configured to use the first common data as the current receiver MAC data.
Optionally, the first acting module 503 is further configured to take the eighth MAC data as the current initiator MAC data;
correspondingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator successfully verifies;
accordingly, the second as module 606 is further configured to use the sixth MAC data as the current receiver MAC data.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data;
accordingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator successfully verifies.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data when the initiator successfully verifies;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data when the initiator successfully verifies;
accordingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator successfully verifies.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data; the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data when the initiator successfully verifies;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data; the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data when the initiator successfully verifies;
accordingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator successfully verifies.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data when the verification of the initiator fails;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data when the authentication of the initiator fails.
Optionally, the initiator further includes a first negotiation module; the receiver further comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data and the second symmetric key.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key when the initiator successfully verifies;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data and the second symmetric key when the initiator successfully verifies;
accordingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator successfully verifies.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data and the second symmetric key;
correspondingly, the first acting module 503 is further configured to take the eighth MAC data as the current initiator MAC data;
correspondingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator successfully verifies;
accordingly, the second as module 606 is further configured to use the sixth MAC data as the current receiver MAC data.
Optionally, the initiator further includes a first negotiation module; the receiver also comprises a second negotiation module;
correspondingly, the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key when the authentication of the initiator fails;
correspondingly, the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data and the second symmetric key when the authentication of the initiator fails;
accordingly, the first obtaining module 501 is further configured to obtain new instruction data when the initiator fails in verification.
Optionally, the second sending module 610 is further configured to send error response data to the first receiving module 506 when the recipient verifying module 605 fails to verify;
correspondingly, the first receiving module 506 is further configured to receive the error response data sent by the second sending module 610;
correspondingly, the first obtaining module 501 is further configured to obtain the stored second symmetric key when the first receiving module 506 receives the error reporting response data sent by the second sending module 610, and obtain the stored first common data as the current initiator MAC data.
Optionally, the receiver verifying module 605 is specifically configured to determine whether fourth MAC data obtained by performing information authentication operation by the second authentication operation module is the same as second MAC analysis data obtained by analyzing by the first analyzing module 603, and when the fourth MAC data is the same as the second MAC analysis data, the receiver is successfully verified; when the fourth MAC data is not identical to the second MAC resolution data, the receiver fails in authentication.
Optionally, the initiator verification module 509 is specifically configured to determine whether eighth MAC data obtained by performing information authentication operation by the fourth authentication operation module 508 is the same as sixth MAC analysis data obtained by analyzing by the second analysis module 507, and when the eighth MAC data is the same as the sixth MAC analysis data, the initiator verification is successful; when the eighth MAC data is not identical to the sixth MAC resolution data, the initiator authentication fails.
Optionally, the first organizing module 504 is specifically configured to obtain third MAC data according to the second MAC data, and organize the request message data according to the instruction data and the third MAC data;
correspondingly, the first parsing module 603 is further configured to parse the request message data received by the second receiving module 602 to obtain instruction data and third MAC parsing data;
correspondingly, the second authentication operation module is further configured to obtain fifth MAC data according to the fourth MAC data;
correspondingly, the receiver verifying module 605 is specifically configured to determine whether the third MAC analysis data is the same as the fifth MAC data, and when the third MAC analysis data is the same as the fifth MAC data, the receiver is successfully verified; when the third MAC analysis data is different from the fifth MAC data, the receiver fails to verify;
correspondingly, the second sending module 610 is further configured to send error response data to the first receiving module when the receiver verifying module 605 fails to verify;
correspondingly, the first receiving module 506 is further configured to receive the error response data sent by the second sending module 610;
further, the second organizing module 609 is configured to obtain seventh MAC data according to the sixth MAC data obtained by performing the information authentication operation by the third authentication operation module 608, specifically: the second organizing module 609 is configured to obtain seventh MAC data from the sixth MAC data according to a second preset rule;
correspondingly, the fourth authentication operation module 508 is configured to obtain ninth MAC data according to the eighth MAC data, specifically: the fourth authentication operation module 508 is specifically configured to obtain ninth MAC data from the eighth MAC data according to a second preset rule.
Optionally, the second organizing module 609 is specifically configured to obtain seventh MAC data according to sixth MAC data obtained by performing information authentication operation by the third authentication operation module 608, and organize the response data packet according to the instruction operation data obtained by the executing module 607 and the seventh MAC data;
correspondingly, the second parsing module 507 is further configured to parse the response data packet received by the first receiving module 506 to obtain seventh MAC data and instruction operation data;
correspondingly, the fourth authentication operation module 508 is further configured to obtain ninth MAC data according to the eighth MAC data;
correspondingly, the initiator verification module 509 is specifically configured to determine whether the seventh MAC analysis data obtained by the analysis by the second analysis module 507 is the same as the ninth MAC data obtained by the fourth authentication operation module 508, and when the seventh MAC analysis data is the same as the ninth MAC data, the initiator verification is successful; when the seventh MAC analysis data is different from the ninth MAC data, the initiator fails to verify;
further, the second organizing module 609 is configured to obtain seventh MAC data according to the sixth MAC data obtained by performing the information authentication operation by the third authentication operation module 608, specifically: the second organizing module 609 is specifically configured to obtain seventh MAC data from the sixth MAC data according to a second preset rule;
correspondingly, the fourth authentication operation module 508 is configured to obtain ninth MAC data according to the eighth MAC data, specifically: the fourth authentication operation module 508 is specifically configured to obtain ninth MAC data from the eighth MAC data according to a second preset rule.
Further, the first negotiation module comprises a first negotiation unit and a third negotiation unit;
further correspondingly, the second negotiation module comprises a second negotiation unit and a fourth negotiation unit;
correspondingly, the first negotiation unit is used for encrypting the initiator public key and first certificate information comprising the first serial number by using a preset root private key to obtain first signature data; obtaining an initiator certificate according to the first certificate information, the initiator public key and the first signature data;
further correspondingly, the first sending module 505 is further configured to send the initiator certificate to the second receiving module 602;
further correspondingly, the second receiving module 602 is further configured to receive the initiator certificate;
further correspondingly, the second negotiation unit is configured to parse the initiator certificate received by the second receiving module 602 to obtain the first certificate information, the initiator public key, and the first signature data; the method comprises the steps that a preset root public key is used for checking the first signature data, when the checking is successful, a first serial number is obtained from an initiator certificate, and the first serial number and the initiator public key are stored; encrypting the public key of the receiver and second certificate information comprising a second serial number by using a preset root private key to obtain second signature data; obtaining a receiver certificate according to the second certificate information, the receiver public key and the second signature data;
further correspondingly, the second sending module 610 is further configured to send the receiver certificate to the first receiving module 506;
further correspondingly, the first receiving module 506 is further configured to receive the receiver certificate;
further correspondingly, the third negotiation unit is configured to parse the receiver certificate received by the first receiving module 506 to obtain second certificate information, a receiver public key, and second signature data; the preset root public key is used for checking the second signature data, when the checking is successful, a second serial number is obtained from a receiver certificate, and the second serial number and the receiver public key are stored; randomly generating a temporary public key and a temporary private key; generating second key data and third key data according to the temporary private key, the initiator private key and the receiver public key; storing the second key data as a second symmetric key; performing information authentication operation on the first serial number and the second serial number by using third key data to obtain a first calculation result, and storing the first calculation result as first common data;
further correspondingly, the first sending module 505 is further configured to send the temporary public key to the receiving party;
correspondingly, the second receiving module 602 is further configured to receive the sending temporary public key;
correspondingly, the fourth negotiation unit is configured to generate fifth key data and sixth key data according to the temporary public key, the initiator public key, and the receiver private key received by the second receiving module 602; storing the fifth key data as a second symmetric key; and performing information authentication operation on the first serial number and the second serial number by using the sixth key data to obtain a second calculation result, and storing the second calculation result as the first common data.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (40)

1. A method of verifying data, the method comprising the steps of:
step S01: the initiator acquires the stored second symmetric key and acquires the stored first common data as current initiator Message Authentication Code (MAC) data; the receiver acquires the stored second symmetric key and acquires the stored first common data as the current receiver MAC data;
before the step S01, the method further includes: the initiator acquires instruction data;
step S02: the initiator uses a second symmetric key to perform information authentication operation on the current initiator MAC data and instruction data to obtain second MAC data; organizing the request message data according to the instruction data and the second MAC data; taking the second MAC data as the current initiator MAC data; sending request message data to a receiver;
step S03: the receiver receives and analyzes the request message data to obtain instruction data and second MAC analysis data; acquiring MAC data of a current receiver; performing information authentication operation on the MAC data and the instruction data of the current receiver by using a second symmetric key to obtain fourth MAC data; performing receiver authentication according to the second MAC parsing data and the fourth MAC data, and when the receiver authentication is successful, performing step S04;
step S04: the receiver takes the fourth MAC data as the current receiver MAC data; executing operation according to the instruction data to obtain instruction operation data; performing information authentication operation on the current receiver MAC data and the instruction operation data by using a second symmetric key to obtain sixth MAC data; organizing a response data message according to the sixth MAC data and the instruction operation data; sending a response data message to the initiator;
step S05: the initiator receives and analyzes the response data message to obtain sixth MAC analysis data and instruction operation data; performing information authentication operation on the current initiator MAC data and the instruction operation data by using a second symmetric key to obtain eighth MAC data; verifying the initiator according to the eighth MAC data and the sixth MAC analysis data, and ending when the initiator is successfully verified; when the initiator authentication fails, return is made to step S01.
2. The method of claim 1, wherein in step S05, the ending is replaced with: the initiator acquires new instruction data and returns to step S02;
after the information authentication operation is performed on the current receiver MAC data and the instruction operation data by using the second symmetric key to obtain sixth MAC data, the method further includes: and the receiver takes the first common data as the MAC data of the current receiver.
3. The method of claim 1, wherein in step S05, the ending is replaced with: the initiator takes the eighth MAC data as the current initiator MAC data; acquiring new instruction data, and returning to the step S02;
in step S04, the method further includes: and the receiver takes the sixth MAC data as the current receiver MAC data.
4. The method of claim 1, wherein step S01 is preceded by: the initiator and the receiver negotiate to generate and store first common data.
5. The method according to claim 1, wherein the step S01 further comprises: the initiator and the receiver negotiate to generate and store first common data;
in step S05, the end is replaced by: the initiator acquires new instruction data; return is made to step S01.
6. The method of claim 1, wherein in step S05, the ending is replaced with: the initiator and the receiver negotiate to generate first common data; acquiring new instruction data; return is made to step S01.
7. The method of claim 1, wherein step S01 is preceded by: the initiator and the receiver negotiate to generate and store first common data;
in step S05, the end is replaced by: the initiator and the receiver renegotiate to generate first common data and store the first common data; new instruction data is acquired, and the process returns to step S01.
8. The method according to claim 1, wherein in step S05, when the initiator authentication fails, the method further comprises: the initiator and the receiver negotiate to generate and store first common data; return is made to step S01.
9. The method according to claim 1, wherein the step S01 further comprises: the initiator and the receiver negotiate to generate and store first common data and a second symmetric key.
10. The method of claim 1, wherein in step S05, the ending is replaced with: and the initiator and the receiver negotiate to generate and store the first common data and the second symmetric key, acquire new instruction data, and return to the step S01.
11. The method according to claim 1, wherein the step S01 further comprises: the initiator and the receiver negotiate to generate and store first common data and a second symmetric key;
in step S05, the end is replaced by: the initiator takes the eighth MAC data as the current initiator MAC data; acquiring new instruction data, and returning to the step S01;
in step S04, the method further includes: and the receiver takes the sixth MAC data as the current receiver MAC data.
12. The method according to claim 1, wherein in step S05, when the initiator authentication fails, the method further comprises: the initiator and the receiver negotiate to generate and store first common data and a second symmetric key; return is made to step S01.
13. The method according to claim 1, wherein in step S03, the method further comprises: when the verification of the receiver fails, the receiver sends error response data to the initiator, and step D01 is executed;
step D01: the initiator receives the error response data and returns to step S01.
14. The method according to claim 1, wherein in step S03, the performing receiver authentication according to the second MAC analysis data and the fourth MAC data specifically includes: the receiver judges whether the fourth MAC data is the same as the second MAC analysis data, and when the fourth MAC data is the same as the second MAC analysis data, the receiver successfully verifies; when the fourth MAC data is not identical to the second MAC resolution data, the receiver fails in authentication.
15. The method according to claim 1, wherein in step S05, the performing initiator verification according to the eighth MAC data and the sixth MAC resolution data specifically includes: the initiator judges whether the eighth MAC data is the same as the sixth MAC analysis data, and if the eighth MAC data is the same as the sixth MAC analysis data, the initiator successfully verifies the data; when the eighth MAC data is not identical to the sixth MAC resolution data, the initiator authentication fails.
16. The method according to claim 1, wherein in step S02, the organizing of the request message data according to the instruction data and the second MAC data includes: the initiator obtains third MAC data according to the second MAC data and organizes request message data according to the instruction data and the third MAC data;
in step S03, the receiver receives and analyzes the request message data to obtain instruction data and second MAC data, and replaces: the receiver receives and analyzes the request message data to obtain instruction data and third MAC analysis data;
in step S03, after performing information authentication operation on the MAC data of the current receiver and the instruction data by using the second symmetric key to obtain fourth MAC data, the method further includes: the receiver obtains fifth MAC data according to the fourth MAC data;
the receiver verification according to the second MAC analysis data and the fourth MAC data specifically includes: the receiver determines whether the third MAC analysis data is the same as the fifth MAC data, and if the third MAC analysis data is the same as the fifth MAC data, the receiver successfully verifies the third MAC analysis data, and then step S04 is executed; when the third MAC analysis data is different from the fifth MAC data, the receiver fails to verify and sends error-reporting response data to the initiator;
the initiator receives error response data.
17. The method of claim 16, wherein the initiator obtains third MAC data according to the second MAC data, specifically: the initiator acquires third MAC data from the second MAC data according to a second preset rule;
the receiver obtains fifth MAC data according to the fourth MAC data, which specifically includes: and the receiver acquires fifth MAC data from the fourth MAC data according to a second preset rule.
18. The method according to claim 1, wherein in step S04, the organizing of the response data packet according to the sixth MAC data and the instruction operation data includes: the receiver obtains seventh MAC data according to the sixth MAC data, and organizes a response data message according to the instruction operation data and the seventh MAC data;
in step S05, the initiator receives and analyzes the response data packet to obtain sixth MAC analysis data and instruction operation data, and replaces the sixth MAC analysis data and the instruction operation data with: the initiator receives and analyzes the response data message to obtain seventh MAC analysis data and instruction operation data;
in step S05, after the performing information authentication operation on the current initiator MAC data and the instruction operation data by using the second symmetric key to obtain eighth MAC data, the method further includes: the initiator obtains ninth MAC data according to the eighth MAC data;
in step S05, the verifying the initiator according to the eighth MAC data and the sixth MAC analysis data specifically includes: the initiator judges whether the seventh MAC analysis data is the same as the ninth MAC data, and if the seventh MAC analysis data is the same as the ninth MAC data, the initiator successfully verifies the data; when the seventh MAC resolution data is not identical to the ninth MAC data, the initiator authentication fails.
19. The method according to claim 18, wherein the receiver obtains seventh MAC data according to the sixth MAC data, specifically: the receiver acquires seventh MAC data from the sixth MAC data according to a second preset rule;
the initiator obtains ninth MAC data according to the eighth MAC data, and specifically includes: and the initiator acquires ninth MAC data from the eighth MAC data according to a second preset rule.
20. The method of claim 9, wherein the generating the first common data and the second symmetric key comprises:
step D11: the initiator encrypts an initiator public key and first certificate information comprising a first serial number by using a preset root private key to obtain first signature data; obtaining an initiator certificate according to the first certificate information, the initiator public key and the first signature data; sending the initiator certificate to the receiver;
step D12: the receiver receives and analyzes the initiator certificate to obtain first certificate information, an initiator public key and first signature data; the method comprises the steps that a preset root public key is used for checking the first signature data, when the checking is successful, a first serial number is obtained from an initiator certificate, and the first serial number and the initiator public key are stored; encrypting the public key of the receiver and second certificate information comprising a second serial number by using a preset root private key to obtain second signature data; obtaining a receiver certificate according to the second certificate information, the receiver public key and the second signature data; sending a receiver certificate to the initiator;
step D13: the initiator receives and analyzes the receiver certificate to obtain second certificate information, a receiver public key and second signature data; the preset root public key is used for checking the second signature data, when the checking is successful, a second serial number is obtained from a receiver certificate, and the second serial number and the receiver public key are stored;
step D14: the initiator randomly generates a temporary public key and a temporary private key; generating second key data and third key data according to the temporary private key, the initiator private key and the receiver public key; storing the second key data as a second symmetric key; performing information authentication operation on the first serial number and the second serial number by using third key data to obtain a first calculation result, and storing the first calculation result as first common data; sending the temporary public key to a receiver;
step D15: the receiver generates fifth key data and sixth key data according to the temporary public key, the initiator public key and the receiver private key; storing the fifth key data as a second symmetric key; and performing information authentication operation on the first serial number and the second serial number by using the sixth key data to obtain a second calculation result, and storing the second calculation result as the first common data.
21. A system for verifying data, the system comprising an initiator and a recipient:
the initiator comprises a first acquisition module, a first authentication operation module, a first acting module, a first organization module, a first sending module, a first receiving module, a second analysis module, a fourth authentication operation module and an initiator verification module;
the receiver comprises a second acquisition module, a second receiving module, a first analysis module, a second authentication operation module, a receiver verification module, a second serving module, an execution module, a third authentication operation module, a second organization module and a second sending module;
the first obtaining module is used for obtaining the stored second symmetric key and obtaining the stored first common data as the current initiator message authentication code MAC data;
the first obtaining module is further used for obtaining instruction data;
the second obtaining module is used for obtaining a second symmetric key and obtaining the stored first common data as the current receiver MAC data;
the first authentication operation module is used for performing information authentication operation on the current initiator MAC data and instruction data by using a second symmetric key to obtain second MAC data;
the first organizing module is used for organizing request message data according to instruction data and second MAC data obtained by information authentication operation of the first authentication operation module;
the first acting module is used for taking the second MAC data as the current initiator MAC data;
the first sending module is used for sending the request message data organized by the first organizing module to a receiving party;
the second receiving module is configured to receive the request message data sent by the first sending module;
the first analysis module is used for analyzing the request message data received by the second receiving module to obtain instruction data and second MAC analysis data;
the second obtaining module is further configured to obtain MAC data of a current receiver;
the second authentication operation module is configured to perform information authentication operation on the current receiver MAC data acquired by the second acquisition module and the instruction data acquired by the first analysis module by using a second symmetric key to obtain fourth MAC data;
the receiver verification module is used for verifying the receiver according to the second MAC analysis data analyzed by the first analysis module and the fourth MAC data obtained by the second authentication operation module through information authentication operation;
the second acting module is used for taking fourth MAC data obtained by information authentication operation of the second authentication operation module as current receiver MAC data when the receiver verification module successfully verifies;
the execution module is used for executing operation according to the instruction data obtained by the analysis of the first analysis module to obtain instruction operation data;
the third authentication operation module is configured to perform information authentication operation on the MAC data of the current receiver, which is the second module, and the instruction operation data obtained by the execution module by using a second symmetric key to obtain sixth MAC data;
the second organization module is used for organizing a response data message according to sixth MAC data obtained by information authentication operation performed by the third authentication operation module and instruction operation data obtained by the execution module;
the second sending module is configured to send the response data packet organized by the second organizing module to the initiator;
the first receiving module is configured to receive the response data packet sent by the second sending module;
the second analysis module is used for analyzing the response data message received by the first receiving module to obtain sixth MAC analysis data and instruction operation data;
the fourth authentication operation module is configured to perform information authentication operation on the current initiator MAC data and the instruction operation data analyzed by the second analysis module by using a second symmetric key to obtain eighth MAC data;
the initiator verification module is used for verifying the initiator according to eighth MAC data obtained by information authentication operation performed by the fourth authentication operation module and sixth MAC analysis data obtained by analysis performed by the second analysis module; when the initiator successfully verifies, ending;
the first obtaining module is further configured to obtain a stored second symmetric key when the initiator verification module fails to verify, and obtain stored first common data as current initiator MAC data.
22. The system of claim 21, wherein the first obtaining module is further configured to obtain new instruction data;
the second obtaining module is further configured to use the first common data as MAC data of the current receiver.
23. The system of claim 21, wherein the first acting module is further configured to treat eighth MAC data as current initiator MAC data;
the first obtaining module is further configured to obtain new instruction data when the initiator successfully verifies the instruction data;
the second acting module is further configured to act as the sixth MAC data as the current receiver MAC data.
24. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data;
and the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data.
25. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data;
the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data;
the first obtaining module is further configured to obtain new instruction data when the initiator successfully verifies the instruction data.
26. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data when the initiator successfully verifies;
the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data when the initiator successfully verifies;
the first obtaining module is further configured to obtain new instruction data when the initiator successfully verifies the instruction data.
27. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data; the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data when the initiator successfully verifies;
the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data; the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data when the initiator successfully verifies;
the first obtaining module is further configured to obtain new instruction data when the initiator successfully verifies the instruction data.
28. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data when the verification of the initiator fails;
and the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data when the verification of the initiator fails.
29. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key;
and the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data and the second symmetric key.
30. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key when the initiator successfully verifies;
the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data and a second symmetric key when the initiator successfully verifies;
the first obtaining module is further configured to obtain new instruction data when the initiator successfully verifies the instruction data.
31. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key;
the second negotiation module is used for negotiating with the first negotiation module to generate and store first common data and a second symmetric key;
the first acting module is further configured to act as the current initiator MAC data with the eighth MAC data;
the first obtaining module is further configured to obtain new instruction data when the initiator successfully verifies the instruction data;
the second acting module is further configured to act as the sixth MAC data as the current receiver MAC data.
32. The system of claim 21, wherein the initiator further comprises a first negotiation module; the receiver further comprises a second negotiation module;
the first negotiation module is used for negotiating with the second negotiation module to generate and store first common data and a second symmetric key when the authentication of the initiator fails;
and the second negotiation module is used for negotiating with the first negotiation module to generate and store the first common data and the second symmetric key when the authentication of the initiator fails.
33. The system of claim 21, wherein the second sending module is further configured to send error response data to the first receiving module when the receiver authentication module fails to authenticate;
the first receiving module is further configured to receive error-reporting response data sent by the second sending module;
the first obtaining module is further configured to obtain a stored second symmetric key when the first receiving module receives the error reporting response data sent by the second sending module, and obtain stored first common data as current initiator MAC data.
34. The system according to claim 21, wherein the receiver verification module is specifically configured to determine whether fourth MAC data obtained by performing information authentication operation by the second authentication operation module is the same as second MAC analysis data obtained by analyzing by the first analysis module, and when the fourth MAC data is the same as the second MAC analysis data, the receiver verification is successful; when the fourth MAC data is not identical to the second MAC resolution data, the receiver fails in authentication.
35. The system according to claim 21, wherein the initiator verification module is specifically configured to determine whether eighth MAC data obtained by performing information authentication operation by the fourth authentication operation module is the same as sixth MAC analysis data obtained by analyzing by the second analysis module, and when the eighth MAC data is the same as the sixth MAC analysis data, the initiator verification is successful; when the eighth MAC data is not identical to the sixth MAC resolution data, the initiator authentication fails.
36. The system according to claim 21, wherein the first organizing module is specifically configured to obtain third MAC data according to the second MAC data, and organize the request packet data according to the instruction data and the third MAC data;
the first analysis module is further configured to analyze the request message data received by the second receiving module to obtain instruction data and third MAC analysis data;
the second authentication operation module is further configured to obtain fifth MAC data according to the fourth MAC data;
the receiver authentication module is specifically configured to determine whether the third MAC analysis data is the same as the fifth MAC data, and when the third MAC analysis data is the same as the fifth MAC data, the receiver authentication is successful; when the third MAC analysis data is different from the fifth MAC data, the receiver fails to verify;
the second sending module is further configured to send error-reporting response data to the first receiving module when the verification of the receiver verifying module fails;
the first receiving module is further configured to receive the error response data sent by the second sending module.
37. The system according to claim 36, wherein the second organizing module is configured to obtain seventh MAC data according to sixth MAC analysis data obtained by performing information authentication operation by the third authentication operation module, specifically: the second organization module is used for acquiring seventh MAC data from the sixth MAC data according to a second preset rule;
the fourth authentication operation module is configured to obtain ninth MAC data according to the eighth MAC data, specifically: the fourth authentication operation module is specifically configured to obtain ninth MAC data from the eighth MAC data according to a second preset rule.
38. The system according to claim 21, wherein the second organizing module is specifically configured to obtain seventh MAC data according to sixth MAC data obtained by performing information authentication operation by the third authentication operation module, and organize response data packets according to instruction operation data and the seventh MAC data obtained by the execution module;
the second analysis module is further configured to analyze the response data packet received by the first receiving module to obtain seventh MAC analysis data and instruction operation data;
the fourth authentication operation module is further configured to obtain ninth MAC data according to the eighth MAC data;
the initiator verification module is specifically configured to determine whether seventh MAC analysis data obtained by analysis by the second analysis module is the same as ninth MAC data obtained by the fourth authentication operation module, and when the seventh MAC analysis data is the same as the ninth MAC data, the initiator verification is successful; when the seventh MAC resolution data is not identical to the ninth MAC data, the initiator authentication fails.
39. The system according to claim 38, wherein the second organizing module is configured to obtain seventh MAC data according to the sixth MAC data obtained by performing the information authentication operation by the third authentication operation module, specifically: the second organization module is specifically configured to obtain seventh MAC data from sixth MAC data according to a second preset rule;
the fourth authentication operation module is configured to obtain ninth MAC data according to the eighth MAC data, specifically: the fourth authentication operation module is specifically configured to obtain ninth MAC data from the eighth MAC data according to a second preset rule.
40. The system of claim 29, wherein the first negotiation module comprises a first negotiation unit and a third negotiation unit;
the second negotiation module comprises a second negotiation unit and a fourth negotiation unit;
the first negotiation unit is used for encrypting the initiator public key and first certificate information comprising a first serial number by using a preset root private key to obtain first signature data; obtaining an initiator certificate according to the first certificate information, the initiator public key and the first signature data;
the first sending module is further configured to send an initiator certificate to the second receiving module;
the second receiving module is further configured to receive an initiator certificate;
the second negotiation unit is used for analyzing the initiator certificate received by the second receiving module to obtain first certificate information, an initiator public key and first signature data; the method comprises the steps that a preset root public key is used for checking the first signature data, when the checking is successful, a first serial number is obtained from an initiator certificate, and the first serial number and the initiator public key are stored; encrypting the public key of the receiver and second certificate information comprising a second serial number by using a preset root private key to obtain second signature data; obtaining a receiver certificate according to the second certificate information, the receiver public key and the second signature data;
the second sending module is further configured to send a receiver certificate to the first receiving module;
the first receiving module is further used for receiving a receiver certificate;
the third negotiation unit is configured to analyze the receiver certificate received by the first receiving module to obtain second certificate information, a receiver public key, and second signature data; the preset root public key is used for checking the second signature data, when the checking is successful, a second serial number is obtained from a receiver certificate, and the second serial number and the receiver public key are stored; randomly generating a temporary public key and a temporary private key; generating second key data and third key data according to the temporary private key, the initiator private key and the receiver public key; storing the second key data as a second symmetric key; performing information authentication operation on the first serial number and the second serial number by using third key data to obtain a first calculation result, and storing the first calculation result as first common data;
the first sending module is further configured to send the temporary public key to a receiving party;
the second receiving module is further configured to receive and send the temporary public key;
the fourth negotiation unit is configured to generate fifth key data and sixth key data according to the temporary public key, the initiator public key, and the receiver private key received by the second receiving module; storing the fifth key data as a second symmetric key; and performing information authentication operation on the first serial number and the second serial number by using the sixth key data to obtain a second calculation result, and storing the second calculation result as the first common data.
CN202011632978.1A 2020-12-31 2020-12-31 Method and system for verifying data Active CN112333207B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011632978.1A CN112333207B (en) 2020-12-31 2020-12-31 Method and system for verifying data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011632978.1A CN112333207B (en) 2020-12-31 2020-12-31 Method and system for verifying data

Publications (2)

Publication Number Publication Date
CN112333207A CN112333207A (en) 2021-02-05
CN112333207B true CN112333207B (en) 2021-04-06

Family

ID=74301908

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011632978.1A Active CN112333207B (en) 2020-12-31 2020-12-31 Method and system for verifying data

Country Status (1)

Country Link
CN (1) CN112333207B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574599B1 (en) * 2002-10-11 2009-08-11 Verizon Laboratories Inc. Robust authentication and key agreement protocol for next-generation wireless networks
EP2571306A1 (en) * 2011-09-15 2013-03-20 Kabushiki Kaisha Toshiba An authentication client proxy for a communication apparatus
CN109951823A (en) * 2017-12-20 2019-06-28 英特尔公司 Method and apparatus for vehicle-to-vehicle communication
CN111491299A (en) * 2019-01-25 2020-08-04 英飞凌科技股份有限公司 Data message authentication system and authentication method in vehicle communication network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109150541B (en) * 2018-08-15 2020-05-19 飞天诚信科技股份有限公司 Authentication system and working method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574599B1 (en) * 2002-10-11 2009-08-11 Verizon Laboratories Inc. Robust authentication and key agreement protocol for next-generation wireless networks
EP2571306A1 (en) * 2011-09-15 2013-03-20 Kabushiki Kaisha Toshiba An authentication client proxy for a communication apparatus
CN109951823A (en) * 2017-12-20 2019-06-28 英特尔公司 Method and apparatus for vehicle-to-vehicle communication
CN111491299A (en) * 2019-01-25 2020-08-04 英飞凌科技股份有限公司 Data message authentication system and authentication method in vehicle communication network

Also Published As

Publication number Publication date
CN112333207A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN105187450B (en) A kind of method and apparatus authenticated based on authenticating device
CN107294937B (en) Data transmission method based on network communication, client and server
CN112054906B (en) Key negotiation method and system
CN109309565A (en) A kind of method and device of safety certification
CN105245341A (en) Remote identity authentication method and system and remote account opening method and system
CN102315937A (en) The affaris safety trade system of data and method between radio communication device and the server
CN102118387A (en) System and method for secure transaction of data between wireless communication device and server
CN111884811B (en) Block chain-based data evidence storing method and data evidence storing platform
CN103888938A (en) PKI private key protection method of dynamically generated key based on parameters
CN106656489B (en) Mobile payment-oriented safety improvement method for information interaction between self-service selling equipment and server
CN110190950B (en) Method and device for realizing security signature
CN109474419A (en) A kind of living body portrait photo encryption and decryption method and encrypting and deciphering system
CN108599926A (en) A kind of HTTP-Digest modified AKA identity authorization systems and method based on pool of symmetric keys
CN110493162A (en) Identity identifying method and system based on wearable device
CN113781678A (en) Vehicle Bluetooth key generation and authentication method and system under network-free environment
CN102624710B (en) Sensitive information transmission method and sensitive information transmission system
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
Basin et al. Improving the security of cryptographic protocol standards
US20120284787A1 (en) Personal Secured Access Devices
CN103905388A (en) Authentication method, authentication device, smart card, and server
CN114915396B (en) Hopping key digital communication encryption system and method based on national encryption algorithm
CN113726524A (en) Secure communication method and communication system
CN105407102B (en) Http request data reliability verifying method
CN108616350A (en) A kind of HTTP-Digest class AKA identity authorization systems and method based on pool of symmetric keys
CN112242993B (en) Bidirectional authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant