CN117097487A - Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication - Google Patents

Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication Download PDF

Info

Publication number
CN117097487A
CN117097487A CN202311352301.6A CN202311352301A CN117097487A CN 117097487 A CN117097487 A CN 117097487A CN 202311352301 A CN202311352301 A CN 202311352301A CN 117097487 A CN117097487 A CN 117097487A
Authority
CN
China
Prior art keywords
certificate
client
authentication
execution environment
tls
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311352301.6A
Other languages
Chinese (zh)
Other versions
CN117097487B (en
Inventor
蔡仲华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Basebit Shanghai Information Technology Co ltd
Wing Fang Jianshu Beijing Information Technology Co ltd
Original Assignee
Basebit Shanghai Information Technology Co ltd
Wing Fang Jianshu Beijing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Basebit Shanghai Information Technology Co ltd, Wing Fang Jianshu Beijing Information Technology Co ltd filed Critical Basebit Shanghai Information Technology Co ltd
Priority to CN202311352301.6A priority Critical patent/CN117097487B/en
Publication of CN117097487A publication Critical patent/CN117097487A/en
Application granted granted Critical
Publication of CN117097487B publication Critical patent/CN117097487B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a remote authentication method, a system and a medium for simplifying a trusted execution environment by using digital certificate authentication. The method comprises the following steps: the method comprises the steps that after a central coordinator receives a client root certificate request, initialization is started, a private key and a self-signed root certificate are generated, an authentication report and the root certificate are simultaneously sent to a client, the client accepts and verifies the authentication report and the root certificate and then sends a request TLS interface, a server sends the authentication report to the central coordinator, after the central coordinator accepts and verifies the server authentication report, the central coordinator signs a leaf certificate and starts a TLS port, and after the client requests TLS interface information and the server starts the TLS port information and verifies the certificate with the root certificate, TLS handshake is completed, and trusted encryption channel establishment is successful. The application can provide a more efficient and simple trusted remote authentication scheme to solve the complex problem of the traditional trusted remote authentication technology.

Description

Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication
Technical Field
The application relates to the field of trusted execution environment remote authentication, in particular to a method, a system and a medium for simplifying trusted execution environment remote authentication by using digital certificate authentication.
Background
Current hardware-based trusted execution environment technologies include Intel SGX, AMD SEV, marine CSV, etc., which construct an encrypted, external isolated trusted execution environment (TEE, trusted Execution Environment) for specific applications of software by a special encryption processor on the CPU. When the program runs in a trusted execution environment, the memory and the CPU are in the encryption protection of hardware, the program can still communicate with the outside of the TEE through a file or network I/O, and a security transport layer protocol (TLS) ensures that the security and the data integrity are provided between two communication application programs.
The TEE hardware not only provides an encrypted operating environment, but also provides a remote authentication mechanism to enable a program running in the TEE to prove to a remote party that the program is actually running in the TEE. Remote authentication of the remote end is required before each connection is established, which can lead to a significant overall efficiency degradation when the connection is very frequent. Meanwhile, remote authentication requires verifying that both parties establish a transmission control protocol direct connection, and a common client/server architecture mode often does not support the direct connection of the transmission control protocols of the server and the client, and modification of an infrastructure brings huge cost and risk. In addition, the generation and verification of the remote authentication report both require the establishment of HTTPS public network communications with the server, which is not only an additional performance overhead, but also places new demands on network isolation.
In view of the above problems, an effective technical solution is currently needed.
Disclosure of Invention
The application aims to provide a remote authentication method, a system and a medium for simplifying a trusted execution environment by using digital certificate authentication, which can start initialization after a central coordinator receives a client root certificate request, generate a private key and a self-signed root certificate, send an authentication report and a root certificate to a client at the same time, send a request TLS interface after the client accepts and verifies the authentication report and the root certificate, send the authentication report to the central coordinator, issue a leaf certificate and start a TLS port after the central coordinator accepts and verifies the server authentication report, and complete TLS handshake after the client requests TLS interface information and the server start TLS port information pass the root certificate verification certificate, thereby realizing a more efficient and simple trusted remote authentication scheme and solving the conventional trusted remote authentication technology.
The application also provides a remote authentication method for simplifying the trusted execution environment by using the digital certificate authentication, which comprises the following steps:
acquiring state information of a hardware trusted execution environment, and correspondingly acquiring center coordinator information according to the state information;
The client sends root certificate request information;
starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program;
the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate;
starting a preset number of service ends, and sending a service end authentication report to the central coordinator;
the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issuing condition according to a check result;
the server starts the TLS network port program facing the client according to the leaf certificate;
the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate;
and correspondingly obtaining the TLS handshake communication condition according to the verification result.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate according to the present application, the obtaining state information of a hardware trusted execution environment and correspondingly obtaining central coordinator information according to the state information specifically includes:
acquiring state information of a hardware trusted execution environment, wherein the state information comprises trusted state information or untrusted state information;
Judging the state information, and if the state information is in a trusted state, establishing a central coordinator.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate according to the present application, the method for starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program specifically includes:
starting a central coordinator according to the root certificate request information;
the central coordinator completes initialization;
the central coordinator generates a random private key and a self-signed certificate in an encrypted memory according to a preset rule;
generating a client authentication report and a root certificate according to the random private key and the self-signed root certificate, and sending the client authentication report and the root certificate to the affiliated client;
and the central coordinator issues a TLS certificate and starts a TLS network port program.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to the present application, the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate, and specifically includes:
the client receives the client authentication report;
checking the client authentication report and the root certificate according to a preset rule, and obtaining checking information;
And judging the verification information, and if so, downloading the root certificate.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to the present application, the central coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issue condition according to a check result, and specifically includes:
the center coordinator checks the received server authentication report to obtain check result information;
and judging the verification result information, if yes, issuing a leaf certificate, and feeding back to the server.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate according to the present application, the server starts the TLS network port program facing the client according to the leaf certificate, and specifically includes:
the server receives the leaf certificate;
starting a monitor program by taking the leaf certificate as the TLS certificate;
the TLS network port program of the monitoring program facing the client;
and providing a trusted encrypted communication service according to the listener.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to the present application, the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate, which specifically includes:
The client sends out a TLS network interface request;
checking the root certificate and the leaf certificate according to the root certificate to obtain check result information;
the verification result information comprises verification passing or verification failure.
Optionally, in the method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to the present application, the obtaining TLS handshake communication condition according to the verification result includes:
judging the verification result information;
if the verification is passed, the client and the server complete TLS handshake, and a trusted encryption channel is established;
if the verification fails, the execution environment is not trusted, and the TLS network interface request is aborted.
In a second aspect, the present application provides a system for remotely authenticating a simplified trusted execution environment using digital certificate authentication, the system comprising: the memory comprises a program for simplifying the remote authentication method of the trusted execution environment by using the digital certificate authentication, and the program for simplifying the remote authentication method of the trusted execution environment by using the digital certificate authentication realizes the following steps when being executed by the processor:
acquiring state information of a hardware trusted execution environment, and correspondingly acquiring center coordinator information according to the state information;
The client sends root certificate request information;
starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program;
the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate;
starting a preset number of service ends, and sending a service end authentication report to the central coordinator;
the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issuing condition according to a check result;
the server starts the TLS network port program facing the client according to the leaf certificate;
the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate;
and correspondingly obtaining the TLS handshake communication condition according to the verification result.
In a third aspect, the present application also provides a computer readable storage medium having embodied therein a remote authentication method program for simplifying a trusted execution environment by using digital certificate authentication, which when executed by a processor, implements the steps of the remote authentication method for simplifying a trusted execution environment by using digital certificate authentication as described in any one of the above.
According to the remote authentication method, system and medium for simplifying the trusted execution environment by using the digital certificate authentication, which are provided by the application, the central coordinator receives the request of the client root certificate, starts initialization, generates a private key and a self-signed root certificate, simultaneously sends an authentication report and the root certificate to the client, the client receives and verifies the authentication report and the root certificate, sends a request TLS interface, and the server sends the authentication report to the central coordinator, the central coordinator receives and verifies the authentication report of the server, issues a leaf certificate and starts a TLS port, and the client requests TLS interface information and the server to start the TLS port information to verify the certificate by the root certificate, so that TLS handshake is completed, and the establishment of a trusted encryption channel is successful. The application can provide a more efficient and simple trusted remote authentication scheme to solve the complex problem of the traditional trusted remote authentication technology.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for simplifying remote authentication of a trusted execution environment by digital certificate authentication according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication to obtain a client authentication report and start a TLS network port program according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a remote authentication system for simplifying a trusted execution environment by using digital certificate authentication according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present application.
It should be noted that like reference numerals and letters refer to like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for simplifying remote authentication of a trusted execution environment by using digital certificate authentication according to some embodiments of the present application. The remote authentication method for simplifying the trusted execution environment by using the digital certificate authentication aims to provide a more efficient and simple trusted remote authentication scheme by using the mature and widely supported X.509 digital certificate technology, so as to solve the problems that the traditional trusted remote authentication technology is tedious and incompatible with the traditional architecture, and the method is simpler and easy to deploy, can be well integrated with the technology of the traditional client/server architecture, and can realize the trusted remote authentication more easily. The remote authentication method for simplifying the trusted execution environment by using the digital certificate authentication comprises the following steps:
S101, acquiring state information of a hardware trusted execution environment, and correspondingly acquiring center coordinator information according to the state information;
s102, a client sends root certificate request information;
s103, starting a center coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program;
s104, the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate;
s105, starting a preset number of service ends, and sending a service end authentication report to the central coordinator;
s106, the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issuing condition according to a check result;
s107, the server starts the TLS network port program facing the client according to the leaf certificate;
s108, the client requests to obtain the TLS network port program, and the leaf certificate of the server is checked according to the root certificate;
s109, correspondingly obtaining the TLS handshake communication condition according to the verification result.
It should be noted that, when the client/server operates in the hardware trusted environment, the client/server communication can complete authentication by only relying on the conventional x.509 digital certificate technology (the format standard of the public key certificate in cryptography is already applied to many Internet protocols including the secure transport layer protocol TLS), so that both parties of communication can confirm that the other party does operate in the hardware trusted environment, and can also be sure that the other party program is indeed the application program expected by themselves; in implementing this technology, a central coordinator plays an important role, and is a trusted computing program running in the TEE environment, and is also a certificate issuer, which is responsible for remotely authenticating all other trusted computing programs in the cluster. In the process of simplifying the remote authentication of the trusted execution environment by using the digital certificate authentication, the state information of the hardware trusted execution environment needs to be acquired firstly, when the state information is safe, the information of the central coordinator is correspondingly acquired, after confirming that the central coordinator is acquired, the client sends root certificate request information to the central coordinator, the root certificate is an unsigned public key certificate or a self-signed certificate, the central coordinator is started according to the root certificate request information, a client authentication report is acquired according to a preset rule, a TLS network port program is started, the client performs remote authentication on the client authentication report, if the authentication is passed, the root certificate is correspondingly downloaded, if the authentication is not passed, the connection is disconnected, the central coordinator checks after receiving the server authentication report transmitted after the preset number of server is started, if the verification is passed, the leaf certificate is issued (the certificate is used as the proof of the trusted computing program which has passed the verification), and if the verification is not passed, the issuing is not issued; after obtaining the leaf certificate, the server starts the TLS network port program and verifies the leaf certificate according to the root certificate, if the verification is passed, TLS handshake communication is completed, and the establishment of the trusted encryption channel is successful; if the verification fails, the client may determine that the server is not trusted, and terminate the connection, and in this embodiment, the preset number of servers may be any number.
According to an embodiment of the present application, the method for obtaining the state information of the trusted execution environment of the hardware and obtaining the information of the central coordinator according to the state information includes:
acquiring state information of a hardware trusted execution environment, wherein the state information comprises trusted state information or untrusted state information;
judging the state information, and if the state information is in a trusted state, establishing a central coordinator.
It should be noted that, the hardware trusted execution environment includes two aspects, one is a client hardware trusted execution environment, the other is a server hardware trusted execution environment, the state information of the client hardware trusted execution environment and the state information of the server hardware trusted execution environment both include trusted state information or untrusted state information, the state information of the hardware trusted execution environment is a trusted state only when the state information of the client hardware trusted execution environment and the state information of the server hardware trusted execution environment are both in a trusted state, otherwise, the state information of the hardware trusted execution environment is in an untrusted state; judging the state information of the hardware trusted execution environment, if the hardware trusted execution environment is in a trusted state, establishing a central coordinator, and if the hardware trusted execution environment is in an untrusted state, disconnecting the hardware trusted execution environment.
Referring to fig. 2, fig. 2 is a flowchart of a method for obtaining a client authentication report and starting a TLS network port procedure by using a digital certificate authentication simplified trusted execution environment remote authentication method according to an embodiment of the present application. According to the embodiment of the application, the mobile equipment information and the mobile equipment release control request information are input into a preset mobile equipment management service key bank for matching and identification, and release control response parameters are obtained, specifically:
S201, starting a center coordinator according to the root certificate request information;
s202, the central coordinator completes initialization;
s203, the center coordinator generates a random private key and a self-signed certificate in an encrypted memory according to a preset rule;
s204, generating a client authentication report and a root certificate according to the random private key and the self-signed root certificate, and sending the client authentication report and the root certificate to the affiliated client;
s205, the central coordinator issues a TLS certificate and starts a TLS network port program.
After the service of the central coordinator is established, the client sends root certificate request information to the central coordinator, the central coordinator starts and completes initialization work after receiving the request, the central coordinator presets a certain rule for generating a private key and a self-signed root certificate, generates a random private key and a self-signed root certificate in an encryption memory according to the request information, generates a client authentication report and a root certificate according to the random private key and the self-signed root certificate and sends the client authentication report and the root certificate to the client, and simultaneously the central coordinator signs a certificate for TLS for itself to start a TLS network port program.
According to the embodiment of the invention, the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate, and the method specifically comprises the following steps:
The client receives the client authentication report;
checking the client authentication report and the root certificate according to a preset rule, and obtaining checking information;
and judging the verification information, and if so, downloading the root certificate.
It should be noted that, after generating the client authentication report and the self-signed certificate, the central coordinator sends the client authentication report and the self-signed certificate to the client, and after the client receives the client authentication report and the root certificate, the client checks the client authentication report and the root certificate according to a preset rule, and obtains check information including that the check is passed or the check is not passed, and if the check is passed, the root certificate is downloaded, and if the check is not passed, the communication is terminated.
According to the embodiment of the invention, the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains the issue condition of the leaf certificate according to the check result, and the method specifically comprises the following steps:
the center coordinator checks the received server authentication report to obtain check result information;
and judging the verification result information, if yes, issuing a leaf certificate, and feeding back to the server.
It should be noted that, the remote authentication process of the trusted execution environment needs to authenticate both the client and the server, after the client completes remote authentication and downloads the root certificate, the preset number of servers are started, and the server authentication report is sent to the central coordinator, the central coordinator checks after receiving the server authentication report, the verification result includes that the verification is passed or not, when the verification result is passed, the central coordinator issues the leaf certificate, and feeds back the leaf certificate to the server; if the verification result is not passed, the communication is terminated.
According to the embodiment of the invention, the server starts the TLS network port program facing the client according to the leaf certificate, and specifically comprises the following steps:
the server receives the leaf certificate;
starting a monitor program by taking the leaf certificate as the TLS certificate;
the TLS network port program of the monitoring program facing the client;
and providing a trusted encrypted communication service according to the listener.
After the server receives the leaf certificate issued by the central coordinator, the server proves that the leaf certificate is trusted through verification, the server can be used as a TLS certificate, the TLS certificate is used for verifying the identities of websites and services, the TLS certificate contains public keys, information of certificate holders, digital signatures of certificate issuing institutions and other information, the generation of the TLS certificate indicates that the verification is passed, a monitoring program can be started according to the information, and the monitoring program faces to a TLS network port program of the client and can provide encrypted communication service according to the execution condition of the monitoring program.
According to an embodiment of the present invention, the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate, which specifically includes:
The client sends out a TLS network interface request;
checking the root certificate and the leaf certificate according to the root certificate to obtain check result information;
the verification result information comprises verification passing or verification failure.
It should be noted that, when the client verifies that the authentication report and the root certificate pass and the server starts the TLS network port according to the leaf certificate, the client sends a TLS network interface request to the server, and connects with the server TLS interface, and uses the root certificate verified by the client and the leaf certificate of the server to verify the verified result, where the verification result includes verification pass or verification fail.
According to the embodiment of the invention, the corresponding acquisition of the TLS handshake communication condition according to the verification result specifically comprises the following steps:
judging the verification result information;
if the verification is passed, the client and the server complete TLS handshake, and a trusted encryption channel is established;
if the verification fails, the execution environment is not trusted, and the TLS network interface request is aborted.
It should be noted that, the remote authentication of the trusted execution environments of the client and the server requires mutual authentication and verification of the client and the server, when the verification result is passed, the client completes TLS handshake with the server, and establishes a trusted encryption channel, when the verification result is failed, the execution environment is not trusted, and the connection of the trusted encryption channel requested by the TLS network interface is suspended.
It should be noted that the present invention further includes:
establishing a global center coordinator, and remotely authenticating the regional center coordinators by the global center coordinator and obtaining authentication result information;
judging the remote authentication result, if successful, issuing a certificate of a certification bookmark sender to the regional center coordinators;
the regional center coordinators conduct remote authentication on the corresponding service end, issue a leaf certificate and start a TLS network interface after successful authentication;
after the client side is checked by the global center coordinator, downloading a root certificate and sending a TLS network interface request to a corresponding server side;
and the corresponding server and the client perform verification according to the leaf certificate and the root certificate, judge the verification condition and correspondingly obtain the connection condition of the trusted encryption channel.
It should be noted that, the remote authentication method of the simplified trusted execution environment for digital certificate authentication not only can be used for a single cluster, but also can be used for networking of a plurality of independent clusters, and the plurality of clusters can be uniformly managed by using one central coordinator at the upstream, so that the remote authentication of all the clusters can be completed, and a client can trust a server program authenticated by the central coordinator and issued with the digital certificate only by using the root certificate of the upstream central coordinator; in this embodiment, the service provider provides a global center coordinator on the public network, the global center coordinator provides the root certificate and the remote authentication service, and any TEE client only needs to trust the global center coordinator, so that the global center coordinator can trust the root certificate issued by the global center coordinator, and all the services with the leaf certificate issued by the root certificate can be considered to operate in the trusted computing environment.
As shown in fig. 3, the invention also discloses a remote authentication system 3 for simplifying the trusted execution environment by using the digital certificate, which comprises a memory 31 and a processor 32, wherein the memory comprises a remote authentication method program for simplifying the trusted execution environment by using the digital certificate, and the remote authentication method program for simplifying the trusted execution environment by using the digital certificate realizes the following steps when being executed by the processor:
acquiring state information of a hardware trusted execution environment, and correspondingly acquiring center coordinator information according to the state information;
the client sends root certificate request information;
starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program;
the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate;
starting a preset number of service ends, and sending a service end authentication report to the central coordinator;
the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issuing condition according to a check result;
the server starts the TLS network port program facing the client according to the leaf certificate;
The client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate;
and correspondingly obtaining the TLS handshake communication condition according to the verification result.
It should be noted that, when the client/server operates in the hardware trusted environment, the client/server communication can complete authentication by only relying on the conventional x.509 digital certificate technology (the format standard of the public key certificate in cryptography is already applied to many Internet protocols including the secure transport layer protocol TLS), so that both parties of communication can confirm that the other party does operate in the hardware trusted environment, and can also be sure that the other party program is indeed the application program expected by themselves; in implementing this technology, a central coordinator plays an important role, and is a trusted computing program running in the TEE environment, and is also a certificate issuer, which is responsible for remotely authenticating all other trusted computing programs in the cluster. In the process of simplifying the remote authentication of the trusted execution environment by using the digital certificate authentication, the state information of the hardware trusted execution environment needs to be acquired firstly, when the state information is safe, the information of the central coordinator is correspondingly acquired, after confirming that the central coordinator is acquired, the client sends root certificate request information to the central coordinator, the root certificate is an unsigned public key certificate or a self-signed certificate, the central coordinator is started according to the root certificate request information, a client authentication report is acquired according to a preset rule, a TLS network port program is started, the client performs remote authentication on the client authentication report, if the authentication is passed, the root certificate is correspondingly downloaded, if the authentication is not passed, the connection is disconnected, the central coordinator checks after receiving the server authentication report transmitted after the preset number of server is started, if the verification is passed, the leaf certificate is issued (the certificate is used as the proof of the trusted computing program which has passed the verification), and if the verification is not passed, the issuing is not issued; after obtaining the leaf certificate, the server starts the TLS network port program and verifies the leaf certificate according to the root certificate, if the verification is passed, TLS handshake communication is completed, and the establishment of the trusted encryption channel is successful; if the verification fails, the client may determine that the server is not trusted, and terminate the connection, and in this embodiment, the preset number of servers may be any number.
According to an embodiment of the present invention, the method for obtaining the state information of the trusted execution environment of the hardware and obtaining the information of the central coordinator according to the state information includes:
acquiring state information of a hardware trusted execution environment, wherein the state information comprises trusted state information or untrusted state information;
judging the state information, and if the state information is in a trusted state, establishing a central coordinator.
It should be noted that, the hardware trusted execution environment includes two aspects, one is a client hardware trusted execution environment, the other is a server hardware trusted execution environment, the state information of the client hardware trusted execution environment and the state information of the server hardware trusted execution environment both include trusted state information or untrusted state information, the state information of the hardware trusted execution environment is a trusted state only when the state information of the client hardware trusted execution environment and the state information of the server hardware trusted execution environment are both in a trusted state, otherwise, the state information of the hardware trusted execution environment is in an untrusted state; judging the state information of the hardware trusted execution environment, if the hardware trusted execution environment is in a trusted state, establishing a central coordinator, and if the hardware trusted execution environment is in an untrusted state, disconnecting the hardware trusted execution environment.
According to the embodiment of the invention, the mobile equipment information and the mobile equipment release control request information are input into a preset mobile equipment management service key bank for matching and identification, and release control response parameters are obtained, specifically:
Starting a central coordinator according to the root certificate request information;
the central coordinator completes initialization;
the central coordinator generates a random private key and a self-signed certificate in an encrypted memory according to a preset rule;
generating a client authentication report and a root certificate according to the random private key and the self-signed root certificate, and sending the client authentication report and the root certificate to the affiliated client;
and the central coordinator issues a TLS certificate and starts a TLS network port program.
After the service of the central coordinator is established, the client sends root certificate request information to the central coordinator, the central coordinator starts and completes initialization work after receiving the request, the central coordinator presets a certain rule for generating a private key and a self-signed root certificate, generates a random private key and a self-signed root certificate in an encryption memory according to the request information, generates a client authentication report and a root certificate according to the random private key and the self-signed root certificate and sends the client authentication report and the root certificate to the client, and simultaneously the central coordinator signs a certificate for TLS for itself to start a TLS network port program.
According to the embodiment of the invention, the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate, and the method specifically comprises the following steps:
The client receives the client authentication report;
checking the client authentication report and the root certificate according to a preset rule, and obtaining checking information;
and judging the verification information, and if so, downloading the root certificate.
It should be noted that, after generating the client authentication report and the self-signed certificate, the central coordinator sends the client authentication report and the self-signed certificate to the client, and after the client receives the client authentication report and the root certificate, the client checks the client authentication report and the root certificate according to a preset rule, and obtains check information including that the check is passed or the check is not passed, and if the check is passed, the root certificate is downloaded, and if the check is not passed, the communication is terminated.
According to the embodiment of the invention, the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains the issue condition of the leaf certificate according to the check result, and the method specifically comprises the following steps:
the center coordinator checks the received server authentication report to obtain check result information;
and judging the verification result information, if yes, issuing a leaf certificate, and feeding back to the server.
It should be noted that, the remote authentication process of the trusted execution environment needs to authenticate both the client and the server, after the client completes remote authentication and downloads the root certificate, the preset number of servers are started, and the server authentication report is sent to the central coordinator, the central coordinator checks after receiving the server authentication report, the verification result includes that the verification is passed or not, when the verification result is passed, the central coordinator issues the leaf certificate, and feeds back the leaf certificate to the server; if the verification result is not passed, the communication is terminated.
According to the embodiment of the invention, the server starts the TLS network port program facing the client according to the leaf certificate, and specifically comprises the following steps:
the server receives the leaf certificate;
starting a monitor program by taking the leaf certificate as the TLS certificate;
the TLS network port program of the monitoring program facing the client;
and providing a trusted encrypted communication service according to the listener.
After the server receives the leaf certificate issued by the central coordinator, the server proves that the leaf certificate is trusted through verification, the server can be used as a TLS certificate, the TLS certificate is used for verifying the identities of websites and services, the TLS certificate contains public keys, information of certificate holders, digital signatures of certificate issuing institutions and other information, the generation of the TLS certificate indicates that the verification is passed, a monitoring program can be started according to the information, and the monitoring program faces to a TLS network port program of the client and can provide encrypted communication service according to the execution condition of the monitoring program.
According to an embodiment of the present invention, the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate, which specifically includes:
The client sends out a TLS network interface request;
checking the root certificate and the leaf certificate according to the root certificate to obtain check result information;
the verification result information comprises verification passing or verification failure.
It should be noted that, when the client verifies that the authentication report and the root certificate pass and the server starts the TLS network port according to the leaf certificate, the client sends a TLS network interface request to the server, and connects with the server TLS interface, and uses the root certificate verified by the client and the leaf certificate of the server to verify the verified result, where the verification result includes verification pass or verification fail.
According to the embodiment of the invention, the corresponding acquisition of the TLS handshake communication condition according to the verification result specifically comprises the following steps:
judging the verification result information;
if the verification is passed, the client and the server complete TLS handshake, and a trusted encryption channel is established;
if the verification fails, the execution environment is not trusted, and the TLS network interface request is aborted.
It should be noted that, the remote authentication of the trusted execution environments of the client and the server requires mutual authentication and verification of the client and the server, when the verification result is passed, the client completes TLS handshake with the server, and establishes a trusted encryption channel, when the verification result is failed, the execution environment is not trusted, and the connection of the trusted encryption channel requested by the TLS network interface is suspended.
It should be noted that the present invention further includes:
establishing a global center coordinator, and remotely authenticating the regional center coordinators by the global center coordinator and obtaining authentication result information;
judging the remote authentication result, if successful, issuing a certificate of a certification bookmark sender to the regional center coordinators;
the regional center coordinators conduct remote authentication on the corresponding service end, issue a leaf certificate and start a TLS network interface after successful authentication;
after the client side is checked by the global center coordinator, downloading a root certificate and sending a TLS network interface request to a corresponding server side;
and the corresponding server and the client perform verification according to the leaf certificate and the root certificate, judge the verification condition and correspondingly obtain the connection condition of the trusted encryption channel.
It should be noted that, the remote authentication method of the simplified trusted execution environment for digital certificate authentication not only can be used for a single cluster, but also can be used for networking of a plurality of independent clusters, and the plurality of clusters can be uniformly managed by using one central coordinator at the upstream, so that the remote authentication of all the clusters can be completed, and a client can trust a server program authenticated by the central coordinator and issued with the digital certificate only by using the root certificate of the upstream central coordinator; in this embodiment, the service provider provides a global center coordinator on the public network, the global center coordinator provides the root certificate and the remote authentication service, and any TEE client only needs to trust the global center coordinator, so that the global center coordinator can trust the root certificate issued by the global center coordinator, and all the services with the leaf certificate issued by the root certificate can be considered to operate in the trusted computing environment.
A third aspect of the present invention provides a readable storage medium having embodied therein a simplified trusted execution environment remote authentication method program using digital certificates, which when executed by a processor, implements the steps of the simplified trusted execution environment remote authentication method using digital certificates as described in any one of the preceding claims.
The invention discloses a remote authentication method, a system and a medium for simplifying a trusted execution environment by using digital certificate authentication, which are characterized in that a central coordinator receives a client root certificate request and then starts initialization, a private key and a self-signed root certificate are generated, an authentication report and the root certificate are simultaneously sent to a client, the client accepts and verifies the authentication report and the root certificate and then sends a request TLS interface, a server sends the authentication report to the central coordinator, the central coordinator accepts and verifies the server authentication report and then issues a leaf certificate and starts a TLS port, and the client requests TLS interface information and the server to start TLS port information and complete TLS handshake after the root certificate is verified by the client. The invention can provide a more efficient and simple trusted remote authentication scheme to solve the complex problem of the traditional trusted remote authentication technology.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above described device embodiments are only illustrative, e.g. the division of the units is only one logical function division, and there may be other divisions in practice, such as: multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. In addition, the various components shown or discussed may be coupled or directly coupled or communicatively coupled to each other via some interface, whether indirectly coupled or communicatively coupled to devices or units, whether electrically, mechanically, or otherwise.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units; can be located in one place or distributed to a plurality of network units; some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may be separately used as one unit, or two or more units may be integrated in one unit; the integrated units may be implemented in hardware or in hardware plus software functional units.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-only memory (ROM), a random access memory (RAM, randomAccessMemory), a magnetic disk or an optical disk, or the like, which can store program codes.
Alternatively, the above-described integrated units of the present invention may be stored in a readable storage medium if implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in essence or a part contributing to the prior art in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, ROM, RAM, magnetic or optical disk, or other medium capable of storing program code.

Claims (10)

1. A method for simplifying trusted execution environment remote authentication using digital certificate authentication, comprising:
acquiring state information of a hardware trusted execution environment, and correspondingly acquiring center coordinator information according to the state information;
the client sends root certificate request information;
starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program;
the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate;
starting a preset number of service ends, and sending a service end authentication report to the central coordinator;
the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issuing condition according to a check result;
the server starts the TLS network port program facing the client according to the leaf certificate;
the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate;
and correspondingly obtaining the TLS handshake communication condition according to the verification result.
2. The method for remotely authenticating a simplified trusted execution environment by using digital certificate according to claim 1, wherein the steps of obtaining the state information of the trusted execution environment of the hardware and correspondingly obtaining the central coordinator information according to the state information include:
Acquiring state information of a hardware trusted execution environment, wherein the state information comprises trusted state information or untrusted state information;
judging the state information, and if the state information is in a trusted state, establishing a central coordinator.
3. The method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to claim 2, wherein the step of starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program specifically comprises the steps of:
starting a central coordinator according to the root certificate request information;
the central coordinator completes initialization;
the central coordinator generates a random private key and a self-signed certificate in an encrypted memory according to a preset rule;
generating a client authentication report and a root certificate according to the random private key and the self-signed root certificate, and sending the client authentication report and the root certificate to the affiliated client;
and the central coordinator issues a TLS certificate and starts a TLS network port program.
4. The method for remotely authenticating a simplified trusted execution environment using digital certificate authentication as set forth in claim 3, wherein said client remotely authenticates said client authentication report and correspondingly downloads a root certificate, specifically comprising:
The client receives the client authentication report;
checking the client authentication report and the root certificate according to a preset rule, and obtaining checking information;
and judging the verification information, and if so, downloading the root certificate.
5. The method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to claim 4, wherein the central coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issue condition according to a check result, and specifically comprises:
the center coordinator checks the received server authentication report to obtain check result information;
and judging the verification result information, if yes, issuing a leaf certificate, and feeding back to the server.
6. The method for remotely authenticating a simplified trusted execution environment using digital certificate authentication as set forth in claim 5, wherein said server initiates said TLS network port procedure for said client according to said leaf certificate, specifically comprising:
the server receives the leaf certificate;
starting a monitor program by taking the leaf certificate as the TLS certificate;
The TLS network port program of the monitoring program facing the client;
and providing a trusted encrypted communication service according to the listener.
7. The method for remotely authenticating a simplified trusted execution environment using digital certificate authentication as set forth in claim 6, wherein said client requests to obtain said TLS network port program, verifies said leaf certificate at the server according to said root certificate, and specifically comprises:
the client sends out a TLS network interface request;
checking the root certificate and the leaf certificate according to the root certificate to obtain check result information;
the verification result information comprises verification passing or verification failure.
8. The method for remotely authenticating a simplified trusted execution environment by using digital certificate authentication according to claim 7, wherein the obtaining TLS handshake communication condition according to the verification result, specifically includes:
judging the verification result information;
if the verification is passed, the client and the server complete TLS handshake, and a trusted encryption channel is established;
if the verification fails, the execution environment is not trusted, and the TLS network interface request is aborted.
9. The remote authentication system for the simplified trusted execution environment by using the digital certificate is characterized by comprising a memory and a processor, wherein the memory comprises a remote authentication method program for the simplified trusted execution environment by using the digital certificate, and the remote authentication method program for the simplified trusted execution environment by using the digital certificate realizes the following steps when being executed by the processor:
Acquiring state information of a hardware trusted execution environment, and correspondingly acquiring center coordinator information according to the state information;
the client sends root certificate request information;
starting a central coordinator according to the root certificate request information, obtaining a client authentication report according to a preset rule, and starting a TLS network port program;
the client performs remote authentication on the client authentication report and correspondingly downloads a root certificate;
starting a preset number of service ends, and sending a service end authentication report to the central coordinator;
the center coordinator checks the received server authentication report to obtain check result information, and correspondingly obtains a leaf certificate issuing condition according to a check result;
the server starts the TLS network port program facing the client according to the leaf certificate;
the client requests to obtain the TLS network port program, and verifies the leaf certificate of the server according to the root certificate;
and correspondingly obtaining the TLS handshake communication condition according to the verification result.
10. A computer readable storage medium, wherein the computer readable storage medium includes a remote authentication method program for simplifying a trusted execution environment by using digital certificate authentication, and the remote authentication method program for simplifying a trusted execution environment by using digital certificate authentication is executed by a processor, and the steps of the remote authentication method for simplifying a trusted execution environment by using digital certificate authentication are implemented according to any one of claims 1 to 8.
CN202311352301.6A 2023-10-19 2023-10-19 Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication Active CN117097487B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311352301.6A CN117097487B (en) 2023-10-19 2023-10-19 Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311352301.6A CN117097487B (en) 2023-10-19 2023-10-19 Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication

Publications (2)

Publication Number Publication Date
CN117097487A true CN117097487A (en) 2023-11-21
CN117097487B CN117097487B (en) 2024-01-26

Family

ID=88783220

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311352301.6A Active CN117097487B (en) 2023-10-19 2023-10-19 Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication

Country Status (1)

Country Link
CN (1) CN117097487B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118233218A (en) * 2024-05-23 2024-06-21 杭州金智塔科技有限公司 Remote authentication system and method based on distributed trusted execution environment application

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110535628A (en) * 2019-08-29 2019-12-03 阿里巴巴集团控股有限公司 The method and device of Secure calculating is carried out by certificate issuance
CN110677240A (en) * 2019-08-29 2020-01-10 阿里巴巴集团控股有限公司 Method and device for providing high-availability computing service through certificate issuing
US20210067347A1 (en) * 2019-08-29 2021-03-04 Alibaba Group Holding Limited Method and apparatus for performing multi-party secure computing based-on issuing certificate
CN113261252A (en) * 2018-10-16 2021-08-13 华为技术有限公司 Node and method for secure server communication
CN114500054A (en) * 2022-01-27 2022-05-13 百度在线网络技术(北京)有限公司 Service access method, service access device, electronic device, and storage medium
CN115706666A (en) * 2021-08-02 2023-02-17 中国移动通信有限公司研究院 Authentication method and device based on trusted execution environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113261252A (en) * 2018-10-16 2021-08-13 华为技术有限公司 Node and method for secure server communication
CN110535628A (en) * 2019-08-29 2019-12-03 阿里巴巴集团控股有限公司 The method and device of Secure calculating is carried out by certificate issuance
CN110677240A (en) * 2019-08-29 2020-01-10 阿里巴巴集团控股有限公司 Method and device for providing high-availability computing service through certificate issuing
US20210067347A1 (en) * 2019-08-29 2021-03-04 Alibaba Group Holding Limited Method and apparatus for performing multi-party secure computing based-on issuing certificate
CN115706666A (en) * 2021-08-02 2023-02-17 中国移动通信有限公司研究院 Authentication method and device based on trusted execution environment
CN114500054A (en) * 2022-01-27 2022-05-13 百度在线网络技术(北京)有限公司 Service access method, service access device, electronic device, and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118233218A (en) * 2024-05-23 2024-06-21 杭州金智塔科技有限公司 Remote authentication system and method based on distributed trusted execution environment application

Also Published As

Publication number Publication date
CN117097487B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
US8793497B2 (en) Puzzle-based authentication between a token and verifiers
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
US8595501B2 (en) Network helper for authentication between a token and verifiers
CN111149335A (en) Distributed management system and method for remote equipment
US20090307486A1 (en) System and method for secured network access utilizing a client .net software component
US20090240936A1 (en) System and method for storing client-side certificate credentials
CN101060520A (en) Token-based SSO authentication system
CN117097487B (en) Remote authentication method, system and medium for simplifying trusted execution environment by using digital certificate authentication
CN113993127B (en) Method and device for realizing one-key login service
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN114390524B (en) Method and device for realizing one-key login service
US11611541B2 (en) Secure method to replicate on-premise secrets in a cloud environment
CN113810391A (en) Cross-machine-room communication bidirectional authentication and encryption method
CN113992411A (en) User identity authentication method and device based on trusted equipment
WO2024012318A1 (en) Device access method and system and non-volatile computer storage medium
CN117354032A (en) Multiple authentication method based on code server
CN114158046B (en) Method and device for realizing one-key login service
US9281947B2 (en) Security mechanism within a local area network
US8091123B2 (en) Method and apparatus for secured embedded device communication
CN107835196B (en) HDLC-based secure communication method
WO2015184507A1 (en) Identity verification
CN117749393B (en) SSLVPN user identity verification method and system based on collaborative signature
CN114697137B (en) Application program login method, device, equipment and storage medium
CN115549929B (en) SPA single packet authentication method and device based on zero trust network stealth
CN115883104B (en) Secure login method and device for terminal equipment and nonvolatile storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant