CN114707158A - Network communication authentication method and network communication authentication system based on TEE - Google Patents

Network communication authentication method and network communication authentication system based on TEE Download PDF

Info

Publication number
CN114707158A
CN114707158A CN202111540458.2A CN202111540458A CN114707158A CN 114707158 A CN114707158 A CN 114707158A CN 202111540458 A CN202111540458 A CN 202111540458A CN 114707158 A CN114707158 A CN 114707158A
Authority
CN
China
Prior art keywords
random number
server
ciphertext
disposable
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111540458.2A
Other languages
Chinese (zh)
Inventor
李定洲
陈成钱
钱进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN202111540458.2A priority Critical patent/CN114707158A/en
Publication of CN114707158A publication Critical patent/CN114707158A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention relates to a network communication authentication method based on TEE and a system thereof. The method comprises the following steps: the TA initiates a first interaction request to the server, wherein the first interaction request is generated at least based on a first random number, and the first random number is generated and stored by the TA; the TA receives a first interactive response aiming at the first interactive request from the server, wherein the first interactive response is generated at least based on a second random number, and the second random number is generated by the server; the TA initiates a second interaction request to the server side, wherein the second interaction request is at least based on a third random number, and the third random number is generated and stored by the TA; the TA receives a second interaction response aiming at the second interaction request from the server; the TA generates a communication key based on the first random number, the second random number, and the third random number. According to the present invention, a lightweight TEE-based network communication authentication method can be provided.

Description

Network communication authentication method and network communication authentication system based on TEE
Technical Field
The invention relates to a computer technology, in particular to a network communication authentication method and a network communication authentication system based on TEE.
Background
Mobile computing devices or devices typically include multiple execution environments, typically a first execution environment, referred to as a Rich Execution Environment (REE), and a second execution environment, referred to as a Trusted Execution Environment (TEE). Sensitive applications such as cryptographic operations and related confidential keying material are typically protected within the TEE using hardware-based security features. The TEE exposes services through a controlled and well-defined interface that can be accessed by a Client Application (CA) executing within the REE, and a trusted application (trusted application) exposes services consumed by the CA.
Currently, with the improvement of personal privacy protection and information security awareness of an intelligent terminal user, more and more applications hand sensitive operations, security calculations and other operations to trusted applications (trusted applications) in a Trusted Execution Environment (TEE) in a terminal to complete, and currently, each mainstream TEE does not provide a secure network transmission protocol, so that data is easily attacked by interception, tampering and the like in the process of returning the data to a client application from the trusted applications.
The existing network communication authentication scheme generally relies on the secure network protocol (such as TLS, HTTPS, etc.) in the REE to package and transmit the message data. The original message is generally processed in one of the following two ways: (1) important data in the message is exposed in the REE, and is encrypted and packaged and sent through a code in the REE; (2) important data in the message is returned to the REE by a trusted application in the TEE after a series of complex encryption/signature operations, and then sent by the REE packet.
However, the prior art has several obvious disadvantages as follows:
(1) important data in the message is exposed in the REE, and the data exists in the internal memory of the REE in a plaintext form at the moment before encryption, so that the data is very easy to be tampered, deleted and the like by a malicious program, and the problems of plaintext attack and the like are caused;
(2) important data in the message is returned to the REE by a trusted application in the TEE after a series of complex encryption/signature operations, and the mode can solve the problem of safe communication between single front-end equipment and a back-end system, but is not suitable for cross-equipment or cross-system internet-of-things communication scenes. In this case, if a service channel between a different TEE terminal and a backend system is to be opened, the problems of security isolation and development cost during interaction need to be solved, and the difficulty is high, and a set of unified secure network communication authentication is needed in the industry;
(3) for some weak devices of the internet of things, because the REE does not have secure network protocols such as SSL and HTTPS, the current scheme cannot effectively ensure the secure transmission of data packets in the network.
Disclosure of Invention
In view of the above, the present invention aims to provide a network communication authentication method and a network communication authentication system based on TEE that are lightweight.
The network communication authentication method based on the TEE is realized between a trusted application in the TEE of a client side and a server side, and is characterized in that,
a first interaction request step, a trusted application initiates a first interaction request to a server, wherein the first interaction request is generated at least based on a first random number and is sent to the server in an encrypted form, and the first random number is generated and stored by the trusted application;
a first interactive response step, wherein the trusted application receives a first interactive response aiming at the first interactive request from the server, wherein the first interactive response is generated at least based on a second random number and is sent to the trusted application in an encrypted form, and the trusted application stores the second random number, wherein the second random number is generated by the server;
a second interaction request step, the trusted application initiates a second interaction request to the server, wherein the second interaction request is generated at least based on a third random number and is sent to the server in an encrypted form, and the third random number is generated and stored by the trusted application;
a second interactive response step, wherein the trusted application receives a second interactive response aiming at the second interactive request from the server; and
and a communication key generation step, wherein the trusted application generates a communication key based on the first random number, the second random number and the third random number.
Optionally, after the step of generating the communication key, the method further comprises:
and a trusted channel verification step, wherein the trusted application adopts the communication key to encrypt a preset channel identifier and sends a verification request to the server side so as to verify that the trusted channel is established.
Optionally, before the first interactive request, the method further includes:
the method comprises the steps of uploading a device public key, wherein the trusted application generates and stores the device public key and a device private key, and sends the device public key to a server in an encrypted form; and
and a server public key downloading step, wherein the trusted application receives the server public key sent in an encrypted form from the server, and the server generates a server public key and a server private key.
Optionally, further comprising, between the server public key downloading step and the first interaction requesting step:
a communication message format determining step, wherein the message format of the communication message is predetermined between the credible application and the server,
wherein, the message format of the communication message includes: a header section, a data section, and an end section,
the data section includes: at least the region of the ciphertext data,
wherein the ciphertext data region is used for storing ciphertext data obtained by encrypting data of the data region,
the data area includes: a nonce a field, a nonce field, and a data field.
Optionally, the first interactive request step includes:
a trusted application generates a one-time random number A and a first random number and fills the one-time random number A and the first random number into a one-time random number A field and a data field of the data area respectively, and the trusted application saves the one-time random number A and the first random number;
encrypting the disposable random number A and the first random number by adopting a server public key to obtain a first ciphertext; and
and signing the first ciphertext by adopting an equipment private key to form a first message and initiating a first interaction request to the server side.
Optionally, the first interactive response step includes:
the server receives the first message and uses a pre-stored equipment public key to verify the signature of the signature data;
decrypting the first ciphertext by using a server private key to obtain the disposable random number A and the first random number;
the server generates a disposable random number B and a second random number, fills the second random number into a data field of the data area, and stores the disposable random number B and the second random number;
the server side encrypts the disposable random number A, the disposable random number B and the second random number by adopting an equipment public key to obtain a second ciphertext; and
and the server adopts the server private key to sign the second ciphertext to form a second message and initiates a first interactive response to the client.
Optionally, the second interactive request step includes:
the trusted application receives the second message and verifies the signature data by using a pre-stored server public key;
the trusted application decrypts the second ciphertext by adopting an equipment private key to obtain the disposable random number A, the disposable random number B and the second random number;
comparing the disposable random number A obtained by decrypting the ciphertext with the disposable random number A generated in the first interaction request step, after the comparison is successful, storing the second random number, generating the disposable random number A again, then generating a third random number, filling the third random number into the data field of the data area, and storing the disposable random number A and the third random number;
encrypting the disposable random number A, the disposable random number B and the third random number by adopting a server public key to obtain a third ciphertext; and
and signing the third ciphertext by using the device private key to form a third message and then initiating a second interaction request to the server side.
Optionally, the second interactive response step includes:
the server receives the third message and verifies the signature data by using a pre-stored device public key;
decrypting the third ciphertext by using a server private key to obtain the disposable random number A, the disposable random number B and the third random number and obtain a third ciphertext;
the server compares the disposable random number B obtained by decrypting the ciphertext with the disposable random number B generated in the first interaction request step, stores the third random number after the comparison is successful, and generates the disposable random number B again;
the server generates a communication key based on the first random number, the second random number and the third random number, and establishes a binding relationship between the communication key and a client ID and stores the binding relationship;
the server side encrypts the disposable random number A, the disposable random number B and the negotiation ending identifier by adopting an equipment public key to obtain a fourth ciphertext, wherein the negotiation ending identifier is filled into a data field of the data area; and
and the server signs the fourth ciphertext by using a server private key to form a fourth message and initiates a second interactive response to the client.
Optionally, the communication key generating step includes:
the trusted application receives the fourth message and verifies the signature data by using a pre-stored server public key;
the trusted application decrypts the fourth ciphertext by adopting an equipment private key to obtain the disposable random number A, the disposable random number B and a negotiation ending identifier;
comparing the disposable random number A obtained by decrypting the ciphertext with the disposable random number A generated in the second interactive request step, and checking the negotiation ending identifier after the comparison is successful;
after the end of identity is negotiated, a traffic key is generated based on the first random number, the second random number, and the third random number and stored in the TEE.
Optionally, the communication channel verifying step includes:
the trusted application encrypts the channel identifier by adopting the communication key to obtain a channel identifier ciphertext and fills the channel identifier ciphertext into a data field of the data area;
the trusted application generates a one-time random number A again;
signing the channel identification ciphertext, the disposable random number A and the disposable random number B by adopting an equipment private key and sending the signed disposable random number A and the disposable random number B to a server;
the server side adopts a device public key to check the signature to obtain the one-time random number A and the one-time random number B of the channel ciphertext;
comparing the disposable random number B obtained by signature verification with the disposable random number B generated in the second interactive response step;
and under the condition of successful comparison, decrypting the channel identification ciphertext by using the stored communication key to obtain a channel identification, comparing the channel identification with a preset channel identification, and informing the trusted application that the trusted channel is established after successful comparison.
Optionally, after the communication channel verifying step, the method further comprises:
and a service data communication step, namely encrypting the service data by adopting the communication key and sending the service data to the server.
The invention relates to a TEE-based network communication authentication system, which comprises: the application triggers data interaction between the trusted application and the server by calling the trusted application, and is characterized in that the trusted application comprises:
the first processor is used for generating random numbers and one-time random numbers, transmitting the random numbers and the one-time random numbers with the server through a symmetric key, and generating a communication key based on a plurality of random numbers;
a first memory for storing a random number and a nonce; and
a first communication module, configured to perform data interaction with the server through the application,
the server side comprises:
a second processor, configured to generate a random number and a one-time random number, communicate the random number and the one-time random number with the client through a symmetric key, and generate a communication key based on the plurality of random numbers;
a second memory for storing the random number and the one-time random number; and
and the second communication module is used for carrying out data interaction with the client through the application.
Optionally, the first processor is configured to generate a device public key and a device private key, generate a random number and a one-time random number, encrypt the one-time random number and the random number using the server public key received from the server and sign with the device private key, and decrypt with the device private key after verifying the signature with the ciphertext from the server using the server public key received from the server,
the second processor is used for generating a server public key and a server private key, generating a random number and a one-time random number, encrypting the one-time random number and the random number by using the device public key received from the client, signing by using the server private key, verifying a signature on a ciphertext from the client by using the client public key received from the client, and decrypting by using the server private key.
Optionally, the first processor further encrypts a preset channel identifier by using the communication key to obtain a channel identifier ciphertext, and sends the channel identifier ciphertext to the server.
The second processor further decrypts the channel identification ciphertext by using the communication key to obtain a channel identification, and realizes the verification of the trusted channel establishment based on the obtained channel identification.
Optionally, a message format of the communication message is predetermined between the trusted application and the server, where the message format of the communication message includes: a header section, a data section, and an end section, the data section including: at least a ciphertext data region, wherein the ciphertext data region is used for storing ciphertext data obtained by encrypting data of the data region, and the data region comprises: a nonce a field, a nonce field, and a data field.
Optionally, the first processor generates a disposable random number a and a first random number, fills the disposable random number a and the first random number in a disposable random number a field and a data field of the data area, respectively, stores the disposable random number a and the first random number in the first memory, encrypts the disposable random number a and the first random number by using a server public key to obtain a first ciphertext, signs the first ciphertext by using an equipment private key to form a first message, and initiates a first interaction request to the server.
Optionally, the second processor receives the first packet, checks signature data by using a pre-stored device public key, decrypts the first ciphertext by using a server private key to obtain the disposable random number a and the first random number, generates a disposable random number B and a second random number, fills the second random number into a data field of the data area, stores the disposable random number B and the second random number in the second memory, encrypts the disposable random number a, the disposable random number B and the second random number by using the device public key to obtain a second ciphertext, signs the second ciphertext by using the server private key to form a second packet, and initiates a first interactive response to the server.
Optionally, the first processor further receives the second packet, verifies the signature data by using a pre-stored server public key, decrypts the second ciphertext by using an equipment private key to obtain the nonce a, the nonce B, and the second random number, compares the nonce a obtained by decrypting the ciphertext with the nonce a generated in the first interaction request, stores the second random number into the first memory after the comparison is successful, generates the nonce a again by the first processor, generates a third random number and fills the third random number into the data field of the data area, stores the nonce a and the third random number, encrypts the nonce a, the nonce B, and the third random number by using the server public key to obtain the third ciphertext, and signing the third ciphertext by using the device private key to form a third message and then initiating a second interaction request to the server side.
Optionally, the second processor receives the third packet, verifies the signature data by using a pre-stored device public key, decrypts the third ciphertext by using a server private key to obtain the disposable random number a, the disposable random number B, and the third random number and obtain a third ciphertext, compares the disposable random number B obtained by decrypting the ciphertext with the disposable random number B generated in the first interaction request, stores the third random number after the comparison is successful, generates the disposable random number B again, generates a communication key based on the first random number, the second random number, and the third random number, and establishes a binding relationship between the communication key and the client ID and stores the communication key and the client ID in the second memory.
And the second processor encrypts the disposable random number A, the disposable random number B and the negotiation ending identifier by adopting an equipment public key to obtain a fourth ciphertext, wherein the negotiation ending identifier is filled in a data field of the data area, and a server private key is adopted to sign the fourth ciphertext to form a fourth message and initiate a second interactive response to the client.
Optionally, the first processor receives the fourth packet, verifies the signature of the signature data by using a pre-stored server public key, decrypts the fourth ciphertext by using an equipment private key to obtain the nonce a, the nonce B, and a negotiation end identifier, compares the nonce a obtained by decrypting the ciphertext with the nonce a generated in the second interaction request, verifies the negotiation end identifier after the comparison is successful, generates a communication key based on the first nonce, the second nonce, and the third nonce after passing the negotiation end identifier, and stores the communication key in the first memory.
Optionally, the first processor encrypts a channel identifier by using the communication key to obtain a channel identifier ciphertext and fills the channel identifier ciphertext into the data field of the data area, generates a one-time random number a again, and signs the channel identifier ciphertext, the one-time random number a, and the one-time random number B by using an equipment private key and sends the signed result to the server.
Optionally, the second processor obtains the channel ciphertext by using a device public key to check the signature to obtain the disposable random number a and the disposable random number B, compares the disposable random number B obtained by checking the signature with the disposable random number B generated in the second interactive response, and if the comparison is successful, decrypts the channel identifier ciphertext by using the communication key stored in the second memory to obtain a channel identifier, compares the channel identifier with a preset channel identifier, and notifies the client that the trusted channel is established if the comparison is successful.
Optionally, the first processor encrypts service data using the communication key to send to a server.
The trusted application of one aspect of the invention is characterized by comprising:
the processor is used for generating a random number and a one-time random number, transmitting the random number and the one-time random number with the server through a symmetric key, and generating a communication key based on a plurality of random numbers;
a memory for storing a random number and a nonce;
and the communication module is used for carrying out data interaction with the server.
Optionally, the processor is configured to generate a device public key and a device private key, and is configured to generate a random number and a one-time random number, encrypt the one-time random number and the random number using the server public key received from the server, perform signature using the device private key, and decrypt the device private key after verifying and signing a ciphertext from the server using the server public key received from the server.
Optionally, the processor further encrypts a preset channel identifier by using the communication key to obtain a channel identifier ciphertext, and sends the channel identifier ciphertext to the server to implement verification of trusted channel establishment.
The server according to an aspect of the present invention includes:
a processor for generating a random number and a one-time random number, for communicating the random number and the one-time random number with a client via a symmetric key, and for generating a communication key based on a plurality of random numbers;
the memory is used for storing the random number and the one-time random number generated by the server and storing the random number and the one-time random number received from the client; and
and the communication module is used for carrying out data interaction with the client.
Optionally, the processor is configured to generate a server public key and a server private key, generate a random number and a one-time random number, encrypt the one-time random number and the random number by using a device public key received from the client, perform signature by using the server private key, and decrypt the ciphertext from the client by using the server private key after verifying the signature by using a client public key received from the client.
A computer-readable medium of an aspect of the invention, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the TEE-based network communication authentication method.
A computer device according to an aspect of the present invention includes a storage module, a processor, and a computer program stored on the storage module and executable on the processor, wherein the processor implements the TEE-based network communication authentication method when executing the computer program.
Drawings
Fig. 1 is a block diagram of a network communication authentication system of the present invention.
Fig. 2 is a schematic flow chart of device public key upload in the trusted key exchange stage.
Fig. 3 is a schematic flow chart of server public key downloading in the trusted key exchange stage.
Fig. 4 is a flowchart illustrating trusted channel establishment.
Fig. 5 is a flowchart illustrating trusted channel establishment.
Fig. 6 is a framework diagram of a specific structure of the TEE-based network communication authentication system of the present invention.
Detailed Description
The following description is of some of the several embodiments of the invention and is intended to provide a basic understanding of the invention. It is not intended to identify key or critical elements of the invention or to delineate the scope of the invention.
For the purposes of brevity and explanation, the principles of the present invention are described herein with reference primarily to exemplary embodiments thereof. However, those skilled in the art will readily recognize that the same principles are equally applicable to all types of TEE-based network communication authentication methods and network communication authentication systems and that these same principles may be implemented therein, as well as any such variations, without departing from the true spirit and scope of the present patent application.
Moreover, in the following description, reference is made to the accompanying drawings that illustrate certain exemplary embodiments. Electrical, mechanical, logical, and structural changes may be made to these embodiments without departing from the spirit and scope of the invention. In addition, while a feature of the invention may have been disclosed with respect to only one of several implementations/embodiments, such feature may be combined with one or more other features of the other implementations/embodiments as may be desired and/or advantageous for any given or identified function. The following description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined by the appended claims and their equivalents.
Terms such as "comprising" and "comprises" mean that, in addition to having elements (modules) and steps that are directly and explicitly stated in the description and claims, the solution of the invention does not exclude the presence of other elements (modules) and steps that are not directly or explicitly stated.
The network communication authentication method based on the TEE mainly comprises three stages: (1) trusted key exchange; (2) establishing a trusted channel; (3) the invention mainly relates to (2) a trusted channel establishment phase, and the following three phases are specifically described.
Fig. 1 is a block diagram of a network communication authentication system of the present invention.
As shown in fig. 1, the network communication authentication system of the present invention includes: an application 100, a trusted application (trusted application) 110, and a server 120.
Where the application 100 is located in the REE of the client and the trusted application 110 is located in the TEE of the client. The application 100 triggers an authentication process by invoking the trusted application 110, and then the trusted application 110 and the server 120 respectively complete trusted key exchange (see fig. 2 and fig. 3), trusted channel establishment (see fig. 4), and trusted service communication (see fig. 5) through multiple data interactions.
1. Trusted key exchange
This stage mainly comprises: public keys of the client and the server are exchanged to provide a trust starting point for the establishment of the trusted channel.
Fig. 2 is a schematic flow chart of device public key upload in the trusted key exchange stage.
As shown in fig. 2, the specific process of uploading the device public key in the information and key exchange includes:
step 1: the application 100 calls an equipment public key uploading interface of the trusted application 110 and triggers an equipment public key uploading process;
step 2: the trusted application 110 generates a device public and private key pair of the device and stores the key pair in the TEE, then generates a random number as a seed, generates a temporary session key by the seed according to a specific algorithm to encrypt the device public key, and assembles a device public key ciphertext and the random number into a request message;
and step 3: trusted application 110 returns message data to application 100;
and 4, step 4: the application 100 forwards the message data to the server 120;
and 5: the server 120 analyzes the request message, acquires the seed, recovers the temporary session key through an agreed algorithm, decrypts the device public key ciphertext by using the temporary session key to obtain a device public key original text, and establishes a binding relationship between the device ID and the device public key and stores the binding relationship;
step 6: the server 120 notifies the application 100 of the processing result.
Fig. 3 is a schematic flow chart of server public key downloading in the trusted key exchange stage.
As shown in fig. 3, the server public key downloading process in the trusted key exchange phase includes:
step 1: the application 100 calls a server public key downloading interface of the server 120 to trigger a server public key downloading process;
step 2: the server 120 generates a random number as a seed, generates a temporary session key by the seed through a specific algorithm, encrypts the server public key by using the temporary session key, and finally assembles the random number seed and the server public key ciphertext into a response message;
and step 3: the server 120 returns the message data to the application 100;
and 4, step 4: the application 100 forwards the message data to the trusted application 110;
and 5: the trusted application 110 analyzes the response message to obtain a random number seed, recovers a temporary session key by using the random number seed, decrypts a server public key ciphertext by using the temporary session key to obtain a server public key original text, and stores the server public key in the TEE;
and 6: the trusted application 110 returns the results of the operation to the application 100.
2. Trusted channel establishment
The trusted channel establishing stage mainly comprises the following steps: a communication key (symmetric key) is negotiated between the trusted application 110 and the server 120 through multiple handshake interactions, so as to achieve the purpose of establishing a secure and trusted data interaction channel.
The trusted channel establishment phase can be divided into two phases: unified protocol agreement and channel establishment.
(1) Agreement of uniform protocol: before communication, the trusted application 110 and the server 120 agree on a set of data communication protocols for handshake interaction between both parties, so as to specify a data packet format and related parameters during handshake interaction between the trusted application 110 and the server 120.
The data communication protocol includes three parts: header Section, Data Section, End Section.
Header Section, which contains version information of the protocol, different parsing strategies can be adopted according to different protocol version information in subsequent extension. The specific contents are shown in attached table 1:
Figure 449732DEST_PATH_IMAGE001
attached table 1
And Data Section, namely the part is the actual Data area, and the Data of the part specifies the step of the communication and encrypts the key information during the communication. The specific contents are shown in the attached table 2:
Figure 461682DEST_PATH_IMAGE002
attached table 2
Plain data (general data):
name(s) Size (bits) Description of the invention
Nonce A 128 Random numbers generated by trusted applications for matching operations
Nonce B 128 Random number generated by server for matching operation
Data X Actual textual data
Attached table 3
Where Nonce is an abbreviation for Number once, and in cryptography is an arbitrary or non-repeating random Number that is used only once.
And an End Section, wherein the End Section mainly contains signature information of the data packet and is used for ensuring that the whole data is not tampered in the communication process, and the signature of the data packet is completed by using a message digest + asymmetric signature mode. The specific contents are shown in the attached table 4:
Figure 130561DEST_PATH_IMAGE003
attached table 4
(2) Trusted channel establishment
Fig. 4 is a flowchart illustrating trusted channel establishment.
As shown in fig. 4, the specific process of establishing the trusted channel includes:
step 1: the application 100 calls the trusted channel setup interface of the trusted application 110, triggers the trusted channel setup procedure, the trusted application 110 generates nonce A and random number A (respectively filled in nonce A field and data field of Plain data), stores the random number A, encrypts Plain data and fills Encrypted data into Encrypted data by using a server public key (the server secret key is generated by the server 120 in a server public key downloading process of trusted key exchange and downloads the server public key into the trusted application 110, the process details refer to FIG. 3), then uses a device private key (the device secret key is generated by the trusted application 110 in a device public key uploading process of trusted key exchange and uploads the device public key to the server 120, the process details refer to FIG. 2) signs the head section and the data section and fills signature data into data File signature, and finally assembles a message to initiate a first interaction request to the server;
step 2: after the server 120 receives and analyzes the message Data (after the message is successfully checked by using the device public key, the Encrypted Data is decrypted by using the server private key), a random number A and a random number A are obtained, the random number A is stored, a nonceB is generated, the nonceA is backfilled, a random number B is generated (filled into a Data field of the plan Data), the random number B is stored, the plan Data is Encrypted by using the device public key, a ciphertext is filled into the Encrypted Data, the head section and the Data section are signed by using the server private key, the signature Data is filled into a Data File signature, and finally the assembled message returns a first interactive response to the trusted application 110;
and 3, step 3: the trusted application 110 receives and analyzes the first interactive response message (after the message is successfully checked by using the server public key, the Encrypted data is decrypted by using the device private key), NonceA, NonceB and random number B are obtained, the NonceA is compared firstly, the random number B is stored after the comparison is passed, a new NonceA is generated, the NonceB is backfilled, a random number C is generated (filled in a data field of the Plain data), the random number C is stored, the Plain data is Encrypted by using the server public key, the ciphertext is filled in the Encrypted data, then the head section and the data section are signed by using the device private key, the signed data is filled in the data File signature, and finally the assembled message initiates a second interactive request to the server;
and 4, step 4: the server 120 receives and analyzes the second interaction request message data (after the message is successfully checked by using the device public key, the Encrypted data is decrypted by using the server private key), NonceA, NonceB and random number C are obtained, the NonceB is compared first, the random number C is stored after the comparison is passed, the NonceB is generated newly, the NonceA is backfilled, a negotiation end identifier (filled in the data field of the Plain data) is added, meanwhile, the server 120 generates a communication key according to the random number A, B, C and establishes a binding relationship with the device ID and then stores the data, the Plain is Encrypted by using the device public key and fills the Encrypted data into the Encrypted data, the head section and the data section are signed by using the server private key, the signature data File signature is filled in, and finally, the assembled message returns a second interaction response to the trusted application 110;
and 5: after receiving and analyzing the second interactive response message data (after the server public key is used for successfully verifying and signing the message, the trusted application 110 uses the device private key to decrypt Encrypted data), the trusted application 110 obtains NonceA, NonceB and negotiation ending identification, compares the NonceA first, verifies the negotiation ending identification after the comparison is passed, and generates a communication key according to the random number A, B, C and stores the communication key into the TEE after the verification is passed;
and 6: the trusted application 110 encrypts the channel identifier (filled in the Data field of the Plain Data) by using the generated communication key, generates NonceA backfill NonceB, fills the Plain Data in Encrypted Data, signs the head section and the Data section by using the device private key, and fills the signed Data in Data File signature organization request message Data to be sent to the server 120 through the network. After receiving and analyzing the message (using the device public key to check and sign the message), the server 120 obtains NonceA, NonceB and a channel identifier ciphertext, compares the NonceB with the generated communication key to decrypt the channel identifier ciphertext to obtain a channel identifier original text, compares the channel identifier original text with a preset channel identifier, and notifies the trusted application 110 that a trusted secure channel is established after the comparison is successful (in response, the message returned by the server 120 is signed by the server private key, and the trusted application 110 uses the server public key to check and sign the message).
3. Trusted service communication
The trusted service communication phase comprises the following steps: and the client and the server establish a formal business communication process after the trusted channel is completed.
After the foregoing trusted key exchange and trusted channel establishment are completed, trusted service communication between the trusted application 110 and the server 120 may be performed, and a data format between the trusted application 110 and the server 120 is still assembled according to the requirements of the communication protocol, which may be specifically divided into two processes, namely a service request and a service response.
Fig. 5 is a flow diagram of trusted business communications.
As shown in fig. 5, the flow of trusted service communication includes:
step 1: the application 100 calls a trusted service communication interface of the trusted application 110 to initiate a trusted service communication flow;
step 2: the trusted application 110 encrypts the request data by using a communication key (the communication key is a symmetric key generated in the trusted channel establishment process, and the details of the process are shown in fig. 4), the original format of the encrypted data is shown in the attached table 5, and then the request message is assembled, and the assembled message follows the protocol format of the attached tables 1, 2 and 4;
and 3, step 3: the trusted application 110 returns a request message to the application 100;
and 4, step 4: the application 100 sends a request message to the server 120;
and 5: the server 120 analyzes the request message, and decrypts the request data ciphertext in the message by using the communication key to obtain an original text with a format as shown in the attached table 5;
step 6: the server 120 generates response data after performing service processing according to the request data, encrypts the response data by using a communication key, and assembles a response message according to the protocol format of the attached tables 1, 2 and 4, wherein the original text format of the encrypted data is shown in the attached table 6;
and 7: the server 120 returns a response message to the application 100;
and 8: the application 100 forwards the response message to the trusted application 110;
and step 9: the trusted application 110 analyzes the response message, and decrypts the response data ciphertext in the message by using the communication key to obtain an original text in a format as shown in the attached table 6, namely the original text of the response data can be obtained;
step 10: the trusted application 110 returns the results to the application 100.
The data area (Plain ata) of the service request is encapsulated according to the following format:
name(s) Size (bits) Description of the preferred embodiment
Nonce A 128 Random numbers generated by trusted applications for matching operations
Nonce B 128 Random number generated by server for matching operation
Request Length 16 Length of requested data
Request Data X Requesting data
Attached table 5
The Data area of the business response (Plain Data) is encapsulated in the following format:
name (R) Size (bits) Description of the invention
Nonce A 128 Random numbers generated by trusted applications for matching operations
Nonce B 128 Random number generated by server for matching operation
Response Length 16 Length of response data
Response Data X Response data
Attached table 6
The network communication authentication method by TEE of the present invention is explained above, and the network communication authentication system of the present invention is explained next.
Fig. 6 is a framework diagram of a specific structure of the TEE-based network communication authentication system of the present invention.
As shown in fig. 6, the client includes a TA110 disposed in the TEE and an application 100 disposed in the REE, and the application 100 triggers data interaction between the TA310 and the server 120 by invoking the TA 110.
Among them, the TA110 includes:
a first processor 111, configured to generate a random number and a one-time random number, communicate the random number and the one-time random number with a server through a symmetric key, and generate a communication key based on a plurality of random numbers;
a first memory 112 for storing random numbers and one-time random numbers; and
and the first communication module 113 is configured to perform data interaction with the server through the application.
The server 120 includes:
a second processor 121, configured to generate a random number and a one-time random number, to communicate the random number and the one-time random number with the client through a symmetric key, and to generate a communication key based on multiple random numbers;
a second memory 122 for storing random numbers and one-time random numbers; and
and the second communication module 123 is configured to perform data interaction with the client through the application.
The first processor 111 is configured to generate an apparatus public key and an apparatus private key, and is configured to generate a random number and a one-time random number, encrypt the one-time random number and the random number using a server public key received from the server, perform signature using the apparatus private key, and decrypt the apparatus private key after verifying and signing a ciphertext from the server using the server public key received from the server.
The second processor 121 is configured to generate a server public key and a server private key, and is configured to generate a random number and a one-time random number, encrypt the one-time random number and the random number by using the device public key received from the client, perform signature by using the server private key, and decrypt the ciphertext from the client by using the server private key after verifying the signature by using the client public key received from the client.
Moreover, the first processor 111 further encrypts a preset channel identifier with the communication key to obtain a channel identifier ciphertext, and sends the channel identifier ciphertext to the server. The second processor 121 further decrypts the channel identification ciphertext using the communication key to obtain a channel identification, and implements verification of trusted channel establishment based on the obtained channel identification.
The message format of the communication message is predetermined between the TA110 and the server 120, where the message format of the communication message includes: a header section, a data section, and an end section, the data section including: at least a ciphertext data region, wherein the ciphertext data region is used for storing ciphertext data obtained by encrypting data of the data region, and the data region comprises: a nonce a field, a nonce field, and a data field.
Specifically, the first processor 111 generates a one-time random number a and a first random number, fills the one-time random number a and the first random number in a one-time random number a field and a data field of the data area, respectively, stores the one-time random number a and the first random number in the first memory 112, encrypts the one-time random number a and the first random number by using a server public key to obtain a first ciphertext, signs the first ciphertext by using an equipment private key to form a first message, and initiates a first interaction request to the server 120.
The second processor 121 receives the first packet, verifies the signature data by using a pre-stored device public key, decrypts the first ciphertext by using a server private key to obtain the disposable random number a and the first random number, generates a disposable random number B and a second random number, fills the second random number into a data field of the data area, stores the disposable random number B and the second random number in the second memory 122, encrypts the disposable random number a, the disposable random number B and the second random number by using the device public key to obtain a second ciphertext, signs the second ciphertext by using the server private key to form a second packet, and initiates a first interactive response to the client.
Wherein the first processor 111 further receives the second packet, checks signature data using a pre-stored server public key, decrypts the second ciphertext using an equipment private key to obtain the nonce a, the nonce B, and the second random number, compares the nonce a obtained by decrypting the ciphertext with the nonce a generated in the first interaction request, stores the second random number in the first memory 112 after the comparison is successful, the first processor 111 generates the nonce a again, generates a third random number and fills the third random number in the data field of the data area, stores the nonce a and the third random number in the first memory 112, encrypts the nonce a, the nonce B, and the third random number using the server public key to obtain the third ciphertext, and signing the third ciphertext by using the device private key to form a third message and then initiating a second interaction request to the server side.
The second processor 121 receives the third packet, verifies the signature data by using a pre-stored device public key, decrypts the third ciphertext by using a server private key to obtain the disposable random number a, the disposable random number B, and the third random number to obtain a third ciphertext, compares the disposable random number B obtained by decrypting the ciphertext with the disposable random number B generated in the first interaction request, stores the third random number in the second memory 122 after the comparison is successful, generates the disposable random number B again by the second processor 121, generates a communication key based on the first random number, the second random number, and the third random number, and establishes a binding relationship between the communication key and the client ID and stores the communication key and the client ID in the second memory 122.
The second processor 121 encrypts the nonce a, the nonce B, and the negotiation end identifier by using the device public key to obtain a fourth ciphertext, where the negotiation end identifier is filled in a data field of the data area, and the fourth ciphertext is signed by using the server-side private key to form a fourth packet, which initiates a second interactive response to the client.
The first processor 111 receives the fourth packet, verifies the signature of the signature data by using a pre-stored server public key, decrypts the fourth ciphertext by using an equipment private key to obtain the disposable random number a, the disposable random number B and a negotiation end identifier, compares the disposable random number a obtained by decrypting the ciphertext with the disposable random number a generated in the second interaction request, verifies the negotiation end identifier after the comparison is successful, generates a communication key based on the first random number, the second random number and the third random number after passing the negotiation end identifier, and stores the communication key in the first memory 112.
The first processor 111 encrypts the channel identifier with the communication key to obtain a channel identifier ciphertext and fills the channel identifier ciphertext into the data field of the data area, generates the disposable random number a again, and signs the channel identifier ciphertext, the disposable random number a, and the disposable random number B with an equipment private key and sends the signature to the server.
The second processor 121 obtains the channel ciphertext by checking the signature with the device public key to obtain the disposable random number a and the disposable random number B, compares the disposable random number B obtained by checking the signature with the disposable random number B generated in the second interactive response, obtains a channel identifier by decrypting the channel identifier ciphertext with the communication key stored in the second memory 122 if the comparison is successful, compares the channel identifier with the preset channel identifier, and notifies the client that the trusted channel is established if the comparison is successful.
The first processor 111 encrypts the service data with the communication key to send to the server, and the second processor 121 at the server decrypts the service data with the communication key stored in the second processor 122 to obtain the service data.
The network communication authentication method and the network communication authentication system based on the TEE can enable the weak equipment of the Internet of things to help the weak equipment of the Internet of things to realize the capability of realizing the safe network communication under the weak resources under the condition that the resources in the weak equipment of the Internet of things are limited and the safe network protocol cannot be provided, and particularly can realize the following technical effects:
(1) under the condition that the existing software and hardware architecture system is not changed, a lightweight security network communication bidirectional authentication method based on TEE is provided, and a security channel from a data source in the TEE to a service end is constructed in a series of modes of equipment identity verification, encrypted communication and the like by a client and the service end;
(2) the network communication message format based on the TEE can be unified, and interconnection and intercommunication of different systems can be easily realized;
(3) the method can reduce the requirement on the network transmission protocol in the REE, skillfully enables some weak devices of the Internet of things to have the capability of secure network communication, and simultaneously, in consideration of the condition that a large amount of weak devices of the Internet of things have limited resources, a lightweight bidirectional authentication method is also designed, which is mainly reflected in (compared with the existing standard TLS handshake protocol):
(a) simplifying the selection of a password suite, reserving a password algorithm with sufficient security required by mainstream or national password administration in the industry, and managing through version information;
(b) the current time information is not acquired, a large number of Internet of things devices do not have the capacity of acquiring universal time, but generally have a timing function, and a time window can be designed through the timing function to ensure the session validity period of a client and a server;
(c) removing the session ID information, representing the session by a random number (challenge value), wherein the random number is simultaneously used for ensuring the uniqueness of the session and the consistency of the matching of the session sequence;
(d) TLS versus key agreement differences: TLS generates a final symmetric key through three random numbers in a handshake phase as in the present invention, but in the handshake process of TLS, the 1 st and 2 nd random numbers are plaintext in the transmission process, the security depends on whether the third random number can be cracked, and the encryption algorithms are also public and can be obtained in the message, while the three random numbers generating the symmetric key in the present invention are ciphertext-transmitted (encrypted using the public key of the other party and then signed by the private key of the own party), and the encryption algorithms are also not public and cannot obtain specific algorithms from the message, so compared with TLS, the key security of the present invention is higher.
As described above, the network communication authentication method and the network communication authentication system based on the TEE of the present invention can provide a safer, lighter, and more general network communication security framework based on the TEE, and implement data interconnection and intercommunication between different devices and systems by unifying network interaction message formats, so as to effectively reduce the development cost of network communication modules in the internet of things system, and reliably ensure the secure communication between the client and the server. The framework supports deployment to various intelligent terminal devices with TEE, can protect network communication channels and communication data, and is beneficial to avoiding various attack risks from network communication and REE.
The above examples mainly describe the network communication authentication method and the network communication authentication system based on TEE of the present invention. Although only a few embodiments of the present invention have been described in detail, those skilled in the art will appreciate that the present invention may be embodied in many other forms without departing from the spirit or scope thereof. Accordingly, the present examples and embodiments are to be considered as illustrative and not restrictive, and various modifications and substitutions may be made therein without departing from the spirit and scope of the present invention as defined by the appended claims.

Claims (31)

1. A network communication authentication method based on TEE is realized between a trusted application in the TEE of a client and a server, and is characterized by comprising the following steps:
a first interaction request step, a trusted application initiates a first interaction request to a server, wherein the first interaction request is generated at least based on a first random number and sent to the server in an encrypted form, and the first random number is generated and stored by the trusted application;
a first interactive response step, wherein the trusted application receives a first interactive response aiming at the first interactive request from the server, wherein the first interactive response is generated at least based on a second random number and is sent to the trusted application in an encrypted form, and the trusted application stores the second random number, wherein the second random number is generated by the server;
a second interaction request step, the trusted application initiates a second interaction request to the server, wherein the second interaction request is generated at least based on a third random number and is sent to the server in an encrypted form, and the third random number is generated and stored by the trusted application;
a second interactive response step, wherein the trusted application receives a second interactive response aiming at the second interactive request from the server; and
and a communication key generation step, wherein the trusted application generates a communication key based on the first random number, the second random number and the third random number.
2. The TEE based network communication authentication method of claim 1, further comprising after the communication key generation step:
and a trusted channel verification step, wherein the trusted application adopts the communication key to encrypt a preset channel identifier and sends a verification request to the server side so as to verify that the trusted channel is established.
3. The TEE-based network communication authentication method of claim 3,
further comprising, prior to the first interactive request:
the method comprises the steps of uploading a device public key, generating and storing the device public key and a device private key by trusted application, and sending the device public key to a server side in an encrypted form by the trusted application; and
and a server public key downloading step, wherein the trusted application receives the server public key sent in an encrypted form from the server, and the server generates a server public key and a server private key.
4. The TEE-based network communication authentication method of claim 3,
the method further comprises the following steps between the server public key downloading step and the first interaction request step:
a communication message format determining step, wherein the message format of the communication message is predetermined between the credible application and the server,
wherein, the message format of the communication message includes: a header section, a data section, and an end section, the data section including: the region of the ciphertext data may be,
wherein the ciphertext data region is used for storing ciphertext data obtained by encrypting data of the data region,
the data area includes: a nonce a field, a nonce field, and a data field.
5. The TEE-based network communication authentication method of claim 4, wherein the first interaction request step comprises:
a trusted application generates a one-time random number A and a first random number and fills the one-time random number A and the first random number into a one-time random number A field and a data field of the data area respectively, and the trusted application saves the one-time random number A and the first random number;
encrypting the disposable random number A and the first random number by adopting a server public key to obtain a first ciphertext; and
and signing the first ciphertext by adopting an equipment private key to form a first message and initiating a first interaction request to the server side.
6. The TEE based network communication authentication method of claim 5, wherein the first interactive response step comprises:
the server receives the first message and verifies the signature data by using a pre-stored device public key;
decrypting the first ciphertext by using a server private key to obtain the disposable random number A and the first random number;
the server generates a disposable random number B and a second random number, fills the second random number into a data field of the data area, and stores the disposable random number B and the second random number;
the server side encrypts the disposable random number A, the disposable random number B and the second random number by adopting an equipment public key to obtain a second ciphertext; and
and the server adopts the server private key to sign the second ciphertext to form a second message and initiates a first interactive response to the client.
7. The TEE based network communication authentication method of claim 6, wherein the second interaction request step comprises:
the trusted application receives the second message and verifies the signature data by using a pre-stored server public key;
the trusted application decrypts the second ciphertext by adopting an equipment private key to obtain the disposable random number A, the disposable random number B and the second random number;
comparing a disposable random number A obtained by decrypting the ciphertext with the disposable random number A generated in the first interactive request step, after the comparison is successful, storing the second random number, generating the disposable random number A again, then generating a third random number, filling the third random number into a data field of the data area, and storing the disposable random number A and the third random number;
encrypting the disposable random number A, the disposable random number B and the third random number by adopting a server public key to obtain a third ciphertext; and
and signing the third ciphertext by using the equipment private key to form a third message and initiating a second interaction request to the server.
8. The TEE based network communication authentication method of claim 7, wherein the second interactive response step comprises:
the server receives the third message and verifies the signature data by using a pre-stored device public key;
decrypting the third ciphertext by using a server private key to obtain the disposable random number A, the disposable random number B and the third random number and obtain a third ciphertext;
the server compares the disposable random number B obtained by decrypting the ciphertext with the disposable random number B generated in the first interaction request step, stores the third random number after the comparison is successful, and generates the disposable random number B again;
the server generates a communication key based on the first random number, the second random number and the third random number, and establishes a binding relationship between the communication key and a client ID and stores the binding relationship;
the server side encrypts the disposable random number A, the disposable random number B and the negotiation ending identifier by adopting an equipment public key to obtain a fourth ciphertext, wherein the negotiation ending identifier is filled into a data field of the data area; and
and the server signs the fourth ciphertext by using a server private key to form a fourth message and initiates a second interactive response to the client.
9. The TEE-based network communication authentication method of claim 8,
the communication key generating step includes:
the trusted application receives the fourth message and uses a pre-stored server public key to check the signature data;
the trusted application decrypts the fourth ciphertext by adopting an equipment private key to obtain the disposable random number A, the disposable random number B and a negotiation ending identifier;
comparing the disposable random number A obtained by decrypting the ciphertext with the disposable random number A generated in the second interaction request step, and after the comparison is successful, checking the negotiation ending identifier;
after the end of identity is negotiated, a traffic key is generated based on the first random number, the second random number, and the third random number and stored in the TEE.
10. The TEE based network communication authentication method of claim 9, wherein the communication channel verification step comprises:
the trusted application encrypts the channel identifier by adopting the communication key to obtain a channel identifier ciphertext and fills the channel identifier ciphertext into a data field of the data area;
the trusted application generates a one-time random number A again;
signing the channel identification ciphertext, the disposable random number A and the disposable random number B by adopting an equipment private key and sending the signed disposable random number A and the disposable random number B to a server;
the server side adopts a device public key to check the signature to obtain the one-time random number A and the one-time random number B of the channel ciphertext;
comparing the disposable random number B obtained by signature verification with the disposable random number B generated in the second interactive response step;
and under the condition of successful comparison, decrypting the channel identification ciphertext by using the stored communication key to obtain a channel identification, comparing the channel identification with a preset channel identification, and informing the trusted application that the trusted channel is established after successful comparison.
11. The TEE-based network communication authentication method of claim 2,
further comprising, after the communication channel verifying step:
and a service data communication step, namely encrypting the service data by adopting the communication key and sending the service data to the server.
12. A TEE-based network communication authentication system, the system comprising: the application triggers data interaction between the trusted application and the server by calling the trusted application, and is characterized in that the trusted application comprises:
the first processor is used for generating random numbers and one-time random numbers, transmitting the random numbers and the one-time random numbers with the server through a symmetric key, and generating a communication key based on a plurality of random numbers;
a first memory for storing a random number and a nonce; and
a first communication module, configured to perform data interaction with the server through the application,
the server side comprises:
a second processor, configured to generate a random number and a one-time random number, communicate the random number and the one-time random number with the client through a symmetric key, and generate a communication key based on the plurality of random numbers;
a second memory for storing the random number and the one-time random number; and
and the second communication module is used for carrying out data interaction with the client through the application.
13. The TEE-based network communication authentication system of claim 12,
the first processor is used for generating an equipment public key and an equipment private key, generating a random number and a one-time random number, encrypting the one-time random number and the random number by adopting the server public key received from the server, signing by adopting the equipment private key, verifying and signing a ciphertext from the server by adopting the server public key received from the server, and then decrypting by adopting the equipment private key,
the second processor is used for generating a server public key and a server private key, generating a random number and a one-time random number, encrypting the one-time random number and the random number by using the device public key received from the client, signing by using the server private key, verifying a signature on a ciphertext from the client by using the client public key received from the client, and decrypting by using the server private key.
14. The TEE-based network communication authentication system of claim 13,
and the first processor further encrypts a preset channel identifier by using the communication key to obtain a channel identifier ciphertext to send to the server.
15. The second processor further decrypts the channel identification ciphertext using the communication key to obtain a channel identification, and implements verification of trusted channel establishment based on the obtained channel identification.
16. The TEE-based network communication authentication system of claim 14,
the message format of a communication message is predetermined between a trusted application and a server, wherein the message format of the communication message comprises: a header section, a data section, and an end section, the data section including: at least a ciphertext data region, wherein the ciphertext data region is used to store ciphertext data obtained by encrypting data of the data region, and the data region includes: a nonce a field, a nonce field, and a data field.
17. The TEE-based network communication authentication system of claim 15,
the first processor generates a disposable random number A and a first random number, fills the disposable random number A and the first random number into a disposable random number A field and a data field of the data area respectively, stores the disposable random number A and the first random number in the first memory, encrypts the disposable random number A and the first random number by a server public key to obtain a first ciphertext, signs the first ciphertext by an equipment private key to form a first message, and initiates a first interaction request to the server.
18. The TEE-based network communication authentication system of claim 16,
the second processor receives the first message, checks signature data by using a pre-stored device public key, decrypts the first ciphertext by using a server private key to obtain the disposable random number A and the first random number, generates a disposable random number B and a second random number, fills the second random number into a data field of the data area, stores the disposable random number B and the second random number in the second memory, encrypts the disposable random number A, the disposable random number B and the second random number by using the device public key to obtain a second ciphertext, signs the second ciphertext by using a server private key to form a second message, and initiates a first interactive response to the server.
19. The TEE-based network communication authentication system of claim 17,
the first processor further receives the second message, checks signature data by using a pre-stored server public key, decrypts the second ciphertext by using an equipment private key to obtain the disposable random number A, the disposable random number B and the second random number, compares the disposable random number A obtained by decrypting the ciphertext with the disposable random number A generated in the first interaction request, stores the second random number into the first memory after the comparison is successful, generates the disposable random number A again by the first processor, generates a third random number and fills the third random number into a data field of the data area, stores the disposable random number A and the third random number, encrypts the disposable random number A, the disposable random number B and the third random number by using the server public key to obtain a third ciphertext, and signing the third ciphertext by using the device private key to form a third message and then initiating a second interaction request to the server side.
20. The TEE-based network communication authentication system of claim 18,
the second processor receives the third message, checks signature data by using a pre-stored device public key, decrypts the third ciphertext by using a server private key to obtain the disposable random number A, the disposable random number B and the third random number to obtain a third ciphertext, compares the disposable random number B obtained by decrypting the ciphertext with the disposable random number B generated in the first interactive request, stores the third random number after the comparison is successful, generates the disposable random number B again, generates a communication key based on the first random number, the second random number and the third random number, establishes a binding relationship between the communication key and a client ID and stores the communication key and the client ID in a second memory,
and the second processor encrypts the disposable random number A, the disposable random number B and the negotiation ending identifier by adopting an equipment public key to obtain a fourth ciphertext, wherein the negotiation ending identifier is filled in a data field of the data area, and a server private key is adopted to sign the fourth ciphertext to form a fourth message and initiate a second interactive response to the client.
21. The TEE-based network communication authentication system of claim 19,
the first processor receives the fourth message, checks signature data by using a pre-stored server public key, decrypts the fourth ciphertext by using an equipment private key to obtain the disposable random number A, the disposable random number B and a negotiation ending identifier, compares the disposable random number A obtained by decrypting the ciphertext with the disposable random number A generated in the second interactive request, verifies the negotiation ending identifier after the comparison is successful, generates a communication key based on the first random number, the second random number and the third random number after passing the negotiation ending identifier, and stores the communication key in the first memory.
22. The TEE-based network communication authentication system of claim 20,
and the first processor encrypts a channel identifier by using the communication key to obtain a channel identifier ciphertext and fills the channel identifier ciphertext into the data field of the data area, generates a disposable random number A again, signs the channel identifier ciphertext, the disposable random number A and the disposable random number B by using an equipment private key, and sends the channel identifier ciphertext, the disposable random number A and the disposable random number B to a server.
23. The TEE-based network communication authentication system of claim 21,
and the second processor adopts a device public key to check the signature to obtain the channel ciphertext, the disposable random number A and the disposable random number B, compares the disposable random number B obtained by the signature check with the disposable random number B generated in the second interactive response, and under the condition of successful comparison, decrypts the channel identification ciphertext by adopting the communication key stored in the second memory to obtain a channel identification which is compared with a preset channel identification, and notifies a client of the establishment of a trusted channel after the comparison is successful.
24. The TEE-based network communication authentication system of claim 12,
and the first processor encrypts service data by adopting the communication key to send the service data to a server.
25. A trusted application, comprising:
the processor is used for generating a random number and a one-time random number, transmitting the random number and the one-time random number with the server through a symmetric key, and generating a communication key based on a plurality of random numbers;
a memory for storing a random number and a nonce;
and the communication module is used for carrying out data interaction with the server.
26. The trusted application of claim 24,
the processor is used for generating an equipment public key and an equipment private key, generating a random number and a one-time random number, encrypting the one-time random number and the random number by adopting the server public key received from the server, signing by adopting the equipment private key, verifying and signing a ciphertext from the server by adopting the server public key received from the server, and then decrypting by adopting the equipment private key.
27. The trusted application of claim 25,
the processor further encrypts a preset channel identifier by using the communication key to obtain a channel identifier ciphertext to send to the server to realize verification of trusted channel establishment.
28. A server, comprising:
a processor for generating a random number and a one-time random number, for communicating the random number and the one-time random number with a client via a symmetric key, for generating a communication key based on a plurality of random numbers;
the memory is used for storing the random number and the one-time random number generated by the server and storing the random number and the one-time random number received from the client; and
and the communication module is used for carrying out data interaction with the client.
29. The server according to claim 27,
the processor is used for generating a server public key and a server private key, generating a random number and a one-time random number, encrypting the one-time random number and the random number by using the device public key received from the client, signing by using the server private key, verifying a signature by using a client public key received from the client, and decrypting by using the server private key after verifying the signature by using a ciphertext from the client.
30. A computer-readable medium, having stored thereon a computer program,
the computer program when executed by a processor implements a TEE-based network communication authentication method as claimed in any one of claims 1 to 11.
31. A computer device comprising a storage module, a processor, and a computer program stored on the storage module and executable on the processor, wherein the processor implements the TEE-based network communication authentication method according to any one of claims 1 to 11 when executing the computer program.
CN202111540458.2A 2021-12-16 2021-12-16 Network communication authentication method and network communication authentication system based on TEE Pending CN114707158A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111540458.2A CN114707158A (en) 2021-12-16 2021-12-16 Network communication authentication method and network communication authentication system based on TEE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111540458.2A CN114707158A (en) 2021-12-16 2021-12-16 Network communication authentication method and network communication authentication system based on TEE

Publications (1)

Publication Number Publication Date
CN114707158A true CN114707158A (en) 2022-07-05

Family

ID=82166416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111540458.2A Pending CN114707158A (en) 2021-12-16 2021-12-16 Network communication authentication method and network communication authentication system based on TEE

Country Status (1)

Country Link
CN (1) CN114707158A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116156495A (en) * 2023-04-11 2023-05-23 支付宝(杭州)信息技术有限公司 Security environment body checking method and system based on wireless signals

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116156495A (en) * 2023-04-11 2023-05-23 支付宝(杭州)信息技术有限公司 Security environment body checking method and system based on wireless signals
CN116156495B (en) * 2023-04-11 2023-07-07 支付宝(杭州)信息技术有限公司 Security environment body checking method and system based on wireless signals

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
US6263437B1 (en) Method and apparatus for conducting crypto-ignition processes between thin client devices and server devices over data networks
US8904178B2 (en) System and method for secure remote access
US8418242B2 (en) Method, system, and device for negotiating SA on IPv6 network
WO2022021992A1 (en) Data transmission method and system based on nb-iot communication, and medium
US11303431B2 (en) Method and system for performing SSL handshake
EP2634993A1 (en) System and method for connecting client devices to a network
CN111756529B (en) Quantum session key distribution method and system
CN108650227A (en) Handshake method based on datagram secure transfer protocol and system
CN102833253A (en) Method and server for establishing safe connection between client and server
CN112637136A (en) Encrypted communication method and system
CN111756528B (en) Quantum session key distribution method, device and communication architecture
CN110839240B (en) Method and device for establishing connection
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN107276996A (en) The transmission method and system of a kind of journal file
CN113904767A (en) System for establishing communication based on SSL
CN114707158A (en) Network communication authentication method and network communication authentication system based on TEE
CN115766119A (en) Communication method, communication apparatus, communication system, and storage medium
Shojaie et al. Enhancing EAP-TLS authentication protocol for IEEE 802.11 i
CN113950802B (en) Gateway device and method for performing site-to-site communication
CN113422753B (en) Data processing method, device, electronic equipment and computer storage medium
CN114928503B (en) Method for realizing secure channel and data transmission method
CN114039793B (en) Encryption communication method, system and storage medium
CN115549929B (en) SPA single packet authentication method and device based on zero trust network stealth
CN116017346A (en) V2X communication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination