CN118174921A - Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication - Google Patents
Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication Download PDFInfo
- Publication number
- CN118174921A CN118174921A CN202410284647.5A CN202410284647A CN118174921A CN 118174921 A CN118174921 A CN 118174921A CN 202410284647 A CN202410284647 A CN 202410284647A CN 118174921 A CN118174921 A CN 118174921A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- authentication
- server
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 10
- 238000010586 diagram Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The multi-factor SSH login authentication method based on the national encryption algorithm and supporting bidirectional authentication uses the national encryption algorithm with higher security as a standard algorithm, uses GMT 0017-2012 intelligent cipher keys to generate host keys and temporary keys, distributes the host keys and the temporary keys for a server and a client, is used for generating random keys, generating key pairs and storing digital certificates, and realizes identity authentication and encryption and decryption by calling commercial cipher algorithms, when the client initiates an authentication request to the server, the server uses the intelligent cipher key of a sender as a client cipher key and uses the intelligent cipher key of a receiver as a remote server cipher key, so that the client can log in related websites of a network service program safely; the specific authentication method comprises six processes. The invention has higher security, can resist various password attack means, has relatively higher encryption speed and operation efficiency, can adapt to different password lengths and key lengths, and can meet different scene demands; the safety of customer service end can be ensured.
Description
Technical Field
The invention relates to the technical field of computer application, in particular to a multi-factor SSH login authentication method supporting bidirectional authentication based on a national encryption algorithm.
Background
In the internet field, a client may refer to a login authentication procedure when logging in a web site related to a web service program. In the prior art, login authentication has the following technical defects due to technical limitations. (1) The authentication login is performed by using a password-based identity authentication method, and because the protection level is weak, if a weak password is used or the password is subjected to violent cracking attack, an attacker can guess or crack the password to cause disclosure; (2) During SSH (SSH) session, which is a protocol for secure telnet and other secure network services over an unsecure network, there is a potential risk of session hijacking (1. Unsecure network connection (when using unsecure public Wi-Fi network or unencrypted communication protocol, an attacker can monitor and intercept communication data), 2.SSH key hijacking (attacker HOOK system call to replace own device or password on target host to achieve secure login), 3.SSH back door function (super password stealth login, account password to record login) can lead to security loophole or information leakage if attacker can intercept or tamper data during SSH session, (3) public key identity verification login is used, private key file needs to be managed and protected properly once the private key is leaked or lost, unauthorized access is caused, and then disclosure is caused), (4) under certain conditions, attacker can make intermediate person (namely attacker can insert own device or password between user and target system to achieve secure login), 3. The attacker can lead to security looses or falsification of security code, and falsification of security source of security information is caused by the traditional communication, and the malicious source is also can lead to falsification of security code or falsification of security code is caused by the traditional security source.
Disclosure of Invention
In order to overcome the defects that the prior client is involved in a login authentication flow when logging in a website related to a network service program, due to the technical limitation, the invention provides a multi-factor SSH login authentication method which is based on a national cryptographic algorithm and supports two-way authentication and can resist information disclosure caused by various traditional and modern cryptographic attack means under the combined action of related step flows and because of the adoption of a strict cryptographic principle and a complex operation mode.
The technical scheme adopted for solving the technical problems is as follows:
The multi-factor SSH login authentication method based on a national encryption algorithm and supporting bidirectional authentication is characterized in that the national encryption algorithm with higher security is used as a standard algorithm, a host key and a temporary key are generated by using an intelligent cipher key which conforms to the data format specification of a GMT 0017-2012 intelligent cipher key cipher application interface, the intelligent cipher key is distributed to a server and a client, a random key is generated, a key pair is generated, a digital certificate is stored, identity authentication and encryption and decryption are realized by calling a commercial cipher algorithm, when the client initiates an authentication request to the server, the server takes the intelligent cipher key of a sender as a client cipher key, and takes the intelligent cipher key of a receiver as a remote server cipher key, so that a related website of a client safe login network service program is realized; the specific authentication method comprises the following steps of S1: when a client logs in and a password key initiates SSH connection to a remote server, a version number co-quotient message is sent, and the remote server sends back a supported version number; s2: the remote server sends a cryptographic algorithm list supported by the intelligent key, and the client-side cryptographic key replies to the cryptographic algorithm list supported by the client-side cryptographic key respectively and generates a public key of the temporary SM2 key pair by using the hardware UKEY; s3: the remote server selects an algorithm supported by the intelligent key, generates a pair of temporary SM2 key pairs, sends a temporary public key and a host public key to the client, and calculates a public key value and an IV by using a key negotiation algorithm; s4: the client checks whether SM3 of the host key sent by the remote server is consistent with the host key in the hardware UKEY, if so, the SM3 is legal, otherwise, the SM3 is illegal, and the step completes the identity authentication of the client to the remote server; s5: the client uses the authenticated public key to verify the data sent by the remote server, if the verification is passed, the data is legal, otherwise, the data is illegal; and S6, the server decrypts the ciphertext data sent by the S5, checks whether the public key in the ciphertext data is consistent with SM3 of the public key to be stored in the server, and completes authentication of the remote server to the client if the public key is consistent with SM3 of the public key to be stored in the server.
Further, the commercial cryptographic algorithms are SM1, SM2 and SM3 algorithms.
Further, the public key of the host in step S3 can be a host signature, and the secret key of the host in step S4 can be a host signature.
Further, in the steps S3, S4, and S5, if the data packet is legal, the public key and the IV value are calculated by using the temporary public key and the private key in the packet and using the key negotiation, the host public key stored in the server-side cipher key is encrypted, and then the encrypted authentication data is sent to the client.
Further, in the step S6, the server decrypts the ciphertext data sent in the step S5, and can also perform authentication by verifying the signature mode.
Compared with the prior art, the invention has the beneficial effects that: (1) The invention uses the cryptographic algorithm standard issued by the national cryptographic administration as a basis, and under the combined action of related processes, the invention adopts a strict cryptography principle and a complex operation mode, has higher security, and can resist various traditional and modern cryptographic attack means; (2) The method has high efficiency and flexibility, particularly, the national encryption algorithm pays attention to the efficiency of the algorithm while ensuring the safety, has relatively high encryption speed and operation efficiency, can adapt to different password lengths and key lengths, and can meet the requirements of different scenes; (3) The method and the device prevent information from being illegally acquired due to key leakage, and ensure that the private key cannot leave the hardware because the host key and the key of the initiator are stored by the respective hardware UKEY, so that the security of the customer service end can be ensured.
Drawings
The invention will be further described with reference to the drawings and examples.
Fig. 1 is a schematic diagram of a module key agreement according to the present invention.
Fig. 2 is a block diagram of a login authentication system based on the UKey SSH.
Fig. 3 is a hardware UKey import procedure of the present invention.
Fig. 4 is a flowchart of login authentication based on the UKey SSH.
Fig. 5 is a diagram illustrating a process of generating key IV values between a client and a remote server according to the present invention.
FIG. 6 is a diagram illustrating a process for authenticating a remote server by a client according to the present invention.
FIG. 7 is a diagram illustrating a remote server authentication client process according to the present invention.
Fig. 8 is a diagram of a process of authentication of a remote server to a user of a client in the present invention.
Detailed Description
The multi-factor SSH login authentication method based on the national cryptographic algorithm and supporting bidirectional authentication shown in fig. 1, 2, 3,4, 5,6, 7 and 8 specifically uses a cryptographic algorithm issued by the national cryptographic administration with higher security as a standard (hereinafter referred to as the national cryptographic algorithm), uses UKEY conforming to the GMT 0017-2012 smart cryptographic key cryptographic application interface data format specification to generate a host key and a temporary key, distributes the host key and the temporary key to a server and a client, is used for generating a random key, generating a key pair and storing a digital certificate, and realizes identity authentication and encryption and decryption by calling a commercial cryptographic algorithm, when the client initiates a login authentication request to the server, the server uses the smart cryptographic key of a requester as a client cryptographic key, uses the smart key of the server as a remote server cryptographic key, and further realizes the client to log in a related website of a network service program, and the specific commercial cryptographic algorithms are SM1 (symmetric cryptographic algorithm), SM2 (asymmetric cryptographic algorithm) and SM3 (cryptographic function standard) cryptographic algorithm. UKEY is a hardware device of the USB interface.
The multi-factor SSH login authentication method based on the cryptographic algorithm and supporting bidirectional authentication is shown in fig. 1, 2, 3, 4, 5, 6, 7 and 8, and comprises the following procedures. Step 1: the customer service end logs in, sends a version number co-quotient message when initiating SSH connection to the remote service end through a login software unit by a client password key, and the remote service end sends back a supported version number; the negotiation version number is used to ensure that the communication parties can understand and adapt to the protocol versions used by each other, and can provide higher communication security when new security measures are introduced by functional expansion or protocol updating. And simultaneously, the system can be backwards compatible with the old version protocol. Step 2: the remote server sends a cryptographic algorithm list which can be supported by the intelligent key through a sending software unit, wherein specific key exchange algorithms comprise ecdhe _sm4_cbc_sm3, ecdhe _sm4_gcm_sm3, ecc_sm4_cbc_sm3 and ecc_sm4_gcm_sm3; the encryption algorithm comprises SM4_ecb, SM4_cbc and SM4_ctr; compression algorithms are zlib, none, etc. The client-side cipher key replies the self-supported cipher algorithm list respectively, and uses the hardware UKEY to generate the public key of the temporary SM2 key pair, and the temporary key pair generated in the step provides specific parameters for the next key negotiation. Step 3: the remote server selects an algorithm supported by the intelligent key of the customer service side through a selection software unit, generates a pair of temporary SM2 key pairs and sends a temporary public key and a host public key (or signature thereof) to the client; the key agreement algorithm is used to calculate the public key value and IV, which are an important parameter in the symmetric encryption algorithm of the computer network protocol, and the key value and IV are used to encrypt the user data when the remote server subsequently transmits the data. Step 4: the client checks whether S M of the host key sent by the remote server is consistent with the host key in the hardware UKEY (or verifies the signature of the host key) through the detection software unit, if so, the message is legal, the client performs step 5, otherwise, the message is illegal, the client is forced to actively disconnect, and the step completes the identity authentication of the client to the remote server. Step 5: the client uses the authenticated public key to verify the data sent by the remote server through the receiving software unit, if the data passes the verification, the data message is legal, the client sends the public key (or signature value) in the password of the remote server, otherwise, the client is illegal, and the client is forced to actively disconnect. And 6, the server decrypts the ciphertext data sent in the step 5 through a decryption software unit, checks whether the public key in the ciphertext data is consistent with SM3 of the public key to be stored in the password (or verifies the signature of the public key), and if so, the authentication of the remote server to the client is completed, and the user can log in safely. Specifically, the steps 3, 4 and 5 further include the following processes: (1) If the data message is legal, the temporary public key and the private key in the message are used, the public key and the IV value are calculated by key negotiation, and the host public key stored in the server-side password key is encrypted, so that the host public key in the server-side password key is ensured to be modified or replaced by an attacker in transmission engineering, and man-in-the-middle attack is avoided. (2) The client sends the authentication data (comprising user name, password, public key of the local end or data for proving identity) encrypted by the negotiated key value and IV value to the client, which ensures the ciphertext transmission of the sensitive data of the user and prevents the sensitive data from being cracked by an attacker.
The prior art SSH connection process shown in FIGS. 1,2, 3,4, 5, 6,7 and 8 can be divided into five stages (1) version number negotiation stage; (2) a key and algorithm negotiation stage; (3) an authentication phase; (4) session request phase; (5) an interactive session stage. The key is that the stage (2) and the stage (3) are mainly applied in the stage (2) in the traditional SSH login process, an international algorithm is used for carrying out key negotiation, and the traditional international standard encryption algorithm is safe and reliable, but the security of the source code cannot be guaranteed, so that the risk of permeation or tampering of the source code by an external attacker exists, and the generation and storage of the key are often carried out in a system memory or a hard disk, so that the security risk exists. The invention uses UKEY of national cipher certification as key generating device and storage medium, which can ensure key not to be acquired by outside to reveal sensitive information. In the invention, after the Key negotiation stage is completed, the two parties have the same Key and IV, the Key and the pre-generated public Key in the IV encryption hardware Key are used in the authentication stage and sent to the remote server, the remote server verifies whether the public Key is matched with the SM2 value of the public Key imported in the intelligent Key of the server, if so, the authentication is passed, otherwise, the authentication is not passed, and the method can also comprise the steps that in order to read the public Key in the hardware, the user needs to provide the PIN password of the intelligent Key of the client; step 2, before the remote server is connected for the first time, the public key of the client intelligent key needs to be imported into the remote server intelligent key, then the device ID and signature in the client intelligent key are sent in the authentication stage, the remote server uses the public key to verify the signature before, the method avoids the attack of a man in the middle on customer service end and server data effectively, meanwhile, in step 2, the remote server password key needs to be imported into the client intelligent key in advance, the step can be repeated for a plurality of times, namely a plurality of client intelligent keys are allowed to log in the same remote server, and various roles or personnel are allowed to operate the server, as shown in fig. 2.
Through all the steps, the invention uses the cryptographic algorithm standard issued by the national cryptographic administration as a basis, and under the combined action of related processes, the invention has higher security and can resist various traditional and modern cryptographic attack means due to the adoption of a strict cryptographic principle and a complex operation mode; the method has high efficiency and flexibility, particularly, the national encryption algorithm pays attention to the efficiency of the algorithm while ensuring the safety, has relatively high encryption speed and operation efficiency, can adapt to different password lengths and key lengths, and can meet the requirements of different scenes; the method and the device prevent information from being illegally acquired due to key leakage, and ensure that the private key cannot leave the hardware because the host key and the key of the initiator are stored by the respective hardware UKEY, so that the security of the customer service end can be ensured.
While the fundamental and principal features of the invention and advantages of the invention have been shown and described, it will be apparent to those skilled in the art that the invention is limited to the details of the foregoing exemplary embodiments, and that the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
Furthermore, it should be understood that although the present disclosure describes embodiments, the embodiments do not include only a single embodiment, and this description is for clarity only, and those skilled in the art should consider the disclosure as a whole, and embodiments may be suitably combined to form other embodiments that will be understood by those skilled in the art.
Claims (5)
1. The multi-factor SSH login authentication method based on a national encryption algorithm and supporting bidirectional authentication is characterized in that the national encryption algorithm with higher security is used as a standard algorithm, a GMT 0017-2012 intelligent encryption key is used for generating a host key and a temporary key, distributing the host key and the temporary key to a server and a client, generating a random key, generating a key pair and storing a digital certificate, and realizing identity authentication and encryption and decryption by calling a commercial encryption algorithm; the specific authentication method comprises the following steps of S1: when a client logs in and a password key initiates SSH connection to a remote server, a version number co-quotient message is sent, and the remote server sends back a supported version number; s2: the remote server sends a cryptographic algorithm list supported by the intelligent key, and the client-side cryptographic key replies to the cryptographic algorithm list supported by the client-side cryptographic key respectively and generates a public key of the temporary SM2 key pair by using the hardware UKEY; s3: the remote server selects an algorithm supported by the intelligent key, generates a pair of temporary SM2 key pairs, sends a temporary public key and a host public key to the client, and calculates a public key value and an IV by using a key negotiation algorithm; s4: the client checks whether SM3 of the host key sent by the remote server is consistent with the host key in the hardware UKEY, if so, the SM3 is legal, otherwise, the SM3 is illegal, and the step completes the identity authentication of the client to the remote server; s5: the client uses the authenticated public key to verify the data sent by the remote server, if the verification is passed, the data is legal, otherwise, the data is illegal; and S6, the server decrypts the ciphertext data sent by the S5, checks whether the public key in the ciphertext data is consistent with SM3 of the public key to be stored in the server, and completes authentication of the remote server to the client if the public key is consistent with SM3 of the public key to be stored in the server.
2. The multi-factor SSH login authentication method based on a cryptographic algorithm and supporting bidirectional authentication according to claim 1, wherein the commercial cryptographic algorithms are SM1, SM2 and SM3 algorithms.
3. The multi-factor SSH login authentication method based on the cryptographic algorithm and supporting bi-directional authentication according to claim 1, wherein the host public key in step S3 can also be a host signature, and the host key in S4 can also be a host signature.
4. The multi-factor SSH login authentication method according to claim 1, wherein in steps S3, S4, and S5, if the data message is legal, the public key and the private key in the message are used to calculate the public key and the IV value by using key negotiation, encrypt the host public key stored in the server-side cipher key, and then send the encrypted authentication data to the client.
5. The multi-factor SSH login authentication method based on the cryptographic algorithm and supporting bidirectional authentication according to claim 1, wherein in step S6, the server decrypts the ciphertext data sent from step S5, and can also perform authentication by verifying its signature.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410284647.5A CN118174921A (en) | 2024-03-13 | 2024-03-13 | Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410284647.5A CN118174921A (en) | 2024-03-13 | 2024-03-13 | Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118174921A true CN118174921A (en) | 2024-06-11 |
Family
ID=91349895
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410284647.5A Pending CN118174921A (en) | 2024-03-13 | 2024-03-13 | Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118174921A (en) |
-
2024
- 2024-03-13 CN CN202410284647.5A patent/CN118174921A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109728909B (en) | Identity authentication method and system based on USBKey | |
| WO2020087805A1 (en) | Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network | |
| CN103763356B (en) | A kind of SSL establishment of connection method, apparatus and system | |
| US7975139B2 (en) | Use and generation of a session key in a secure socket layer connection | |
| CN102026195B (en) | One-time password (OTP) based mobile terminal identity authentication method and system | |
| CN108494811B (en) | Data transmission security authentication method and device | |
| JP5845393B2 (en) | Cryptographic communication apparatus and cryptographic communication system | |
| CN111740844A (en) | SSL communication method and device based on hardware cryptographic algorithm | |
| CN106878016A (en) | Data is activation, method of reseptance and device | |
| US20110179478A1 (en) | Method for secure transmission of sensitive data utilizing network communications and for one time passcode and multi-factor authentication | |
| US20170338958A1 (en) | Implicit rsa certificates | |
| CN108809633B (en) | Identity authentication method, device and system | |
| CN112637136A (en) | Encrypted communication method and system | |
| CN109525565B (en) | Defense method and system for short message interception attack | |
| WO2023151427A1 (en) | Quantum key transmission method, device and system | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| CN111224784A (en) | Role separation distributed authentication and authorization method based on hardware trusted root | |
| CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
| CN110519222A (en) | Outer net access identity authentication method and system based on disposable asymmetric key pair and key card | |
| CN115865520B (en) | Authentication and access control method with privacy protection in mobile cloud service environment | |
| EP3185504A1 (en) | Security management system for securing a communication between a remote server and an electronic device | |
| CN113438074B (en) | Decryption method of received mail based on quantum security key | |
| CN114095229A (en) | Method, device and system for constructing data transmission protocol of energy Internet | |
| JP2004274134A (en) | Communication method, communication system using the communication method, server and client | |
| CN118174921A (en) | Multi-factor SSH login authentication method based on national encryption algorithm and supporting bidirectional authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |