CN109361681B - Method, device and equipment for authenticating national secret certificate - Google Patents
Method, device and equipment for authenticating national secret certificateDownload PDFInfo
- Publication number
- CN109361681B CN109361681BCN201811338997.6ACN201811338997ACN109361681BCN 109361681 BCN109361681 BCN 109361681BCN 201811338997 ACN201811338997 ACN 201811338997ACN 109361681 BCN109361681 BCN 109361681B
- Authority
- CN
- China
- Prior art keywords
- challenge code
- certificate
- cryptographic
- sending
- signature information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription43
- 238000012795verificationMethods0.000claimsabstractdescription44
- 238000004590computer programMethods0.000claimsdescription8
- 230000008569processEffects0.000description7
- 230000008901benefitEffects0.000description3
- 230000005540biological transmissionEffects0.000description3
- 230000006870functionEffects0.000description3
- 238000010586diagramMethods0.000description2
- 230000008859changeEffects0.000description1
- 230000000694effectsEffects0.000description1
- 238000012986modificationMethods0.000description1
- 230000004048modificationEffects0.000description1
- 230000003287optical effectEffects0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
Description
Technical Field
The invention relates to the field of mobile network security, in particular to a method, a device and equipment for authenticating a national secret certificate.
Background
There are two ways of SSL certificate authentication: international certificate authentication and national secret certificate authentication. The international certificate authentication mode adopts an international protocol, and the authentication is completed by adopting an international algorithm in the SSL connection process. The national cryptographic certificate authentication mode adopts a national cryptographic protocol, the national cryptographic protocol is a set of standard using Chinese commercial cryptographic algorithm, and the national cryptographic protocol comprises four algorithms of SM1, SM2, SM3 and SM 4.
In the existing SSL certificate authentication, the apple and android system libraries only can support international protocols and do not support the cryptographic algorithm. And thus cannot perform national secret certificate authentication.
Disclosure of Invention
The embodiment of the invention provides a method, a device and equipment for authenticating a national secret certificate, which are used for solving the problem that the national secret certificate authentication cannot be carried out in the prior art.
In a first aspect, an embodiment of the present invention provides a method for authenticating a cryptographic certificate, where the method is used for a client, and includes:
sending an SSL connection request, thereby establishing a unidirectional SSL connection;
sending a cryptographic authentication request through the SSL connection;
receiving a challenge code returned based on the cryptographic authentication request;
signing the challenge code;
sending signature information and a national secret certificate;
and receiving a verification result of the signature information and the cryptographic certificate.
As a specific implementation manner of the embodiment of the present invention, the challenge code: the time factor and the random value are encrypted by using a hash algorithm.
As a specific implementation manner of the embodiment of the present invention, the signing the challenge code specifically includes:
the challenge code is encrypted using a private key.
In a second aspect, an embodiment of the present invention provides a method for authenticating a cryptographic certificate, where the method is used at a server side, and includes:
receiving an SSL connection request, thereby establishing a unidirectional SSL connection;
receiving a cryptographic authentication request sent through the SSL connection;
generating a challenge code based on the cryptographic authentication request and sending the challenge code;
receiving signature information and a cryptographic certificate generated by signing the challenge code;
and verifying the signature information and the national password certificate, and sending a verification result.
As a specific implementation manner of the embodiment of the present invention, the generating a challenge code based on the cryptographic authentication request and sending the challenge code includes:
receiving the national secret authentication request;
generating a challenge code based on the cryptographic authentication request;
and saving the challenge code to the local and sending the challenge code.
As a specific implementation manner of the embodiment of the present invention, the verifying the signature information and the cryptographic certificate, and sending a verification result includes:
acquiring a public key of the national secret certificate;
decrypting the signature information by using the public key so as to obtain a challenge code in the signature information;
comparing the challenge code in the signature information with the challenge code stored locally to obtain a verification result;
and sending the verification result.
In a third aspect, an embodiment of the present invention provides a method for authenticating a cryptographic certificate, including:
the client sends an SSL connection request to the server, so that one-way SSL connection is established;
the client sends a cryptographic authentication request to the server through the SSL connection
The server generates a challenge code based on the cryptographic authentication request and sends the challenge code to the client;
the client receives the challenge code;
the client signs the challenge code;
the client sends the signature information and the national password certificate to the server;
the server verifies the signature information and the country password certificate and sends a verification result to the client;
and the client receives the verification result.
In a fourth aspect, an embodiment of the present invention provides a cryptographic certificate authentication apparatus, which is used for a client, and includes:
a connection request module: the SSL connection request is sent, so that a unidirectional SSL connection is established;
a certificate sending module: for sending a cryptographic authentication request over the SSL connection;
the challenge code receiving module: the challenge code is returned based on the national password authentication request;
a signature module: for signing the challenge code;
an information sending module: the system is used for sending signature information and a national secret certificate;
a result receiving module: and the verification module is used for receiving the verification result of the signature information and the cryptographic certificate.
In a fifth aspect, an embodiment of the present invention provides a cryptographic certificate authentication apparatus, which is used at a server side, and includes:
a request receiving module: for receiving an SSL connection request, thereby establishing a unidirectional SSL connection;
an authentication request receiving module: for receiving a cryptographic authentication request sent over the SSL connection;
the challenge code generation module: the password authentication server is used for generating a challenge code based on the password authentication request and sending the challenge code;
a signature information receiving module: receiving signature information and a cryptographic certificate generated by signing the challenge code;
a verification module: and the system is used for verifying the signature information and the cryptographic certificate and sending a verification result.
In a sixth aspect, an embodiment of the present invention provides an electronic device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method of any of the first and second aspects.
The embodiment of the invention sends the national secret authentication on the basis of establishing the one-way SSL connection, signs the generated challenge code, verifies the signature information and the national secret certificate and adopts a challenge authentication mode to finish the authentication of the national secret certificate. Therefore, the problem that the national secret certificate can not be authenticated is solved, and a positive technical effect is achieved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a flowchart of a cryptographic certificate authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a cryptographic certificate authentication method according to a second embodiment of the present invention;
fig. 3 is a flowchart of generating a challenge code based on the cryptographic authentication request and sending the challenge code according to the second embodiment of the present invention;
fig. 4 is a flowchart illustrating the verification of the signature information and the cryptographic certificate and the transmission of the verification result according to the second embodiment of the present invention;
fig. 5 is a schematic block diagram of a method for authenticating a cryptographic certificate according to a third embodiment of the present invention;
fig. 6 is a schematic block diagram of a cryptographic certificate authentication apparatus according to a fourth embodiment of the present invention;
fig. 7 is a flowchart of the authentication apparatus according to the fifth embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In the prior art, the process of the SSL cryptographic handshake protocol is specifically as follows:
1. the client sends a client hello message to the server, and the server responds to the server hello message, otherwise, a fatal error is generated and the connection is disconnected. The client hello and the server hello are used for carrying out RSA, ECC or IBC-based cryptographic algorithm negotiation with the server, determining the security transmission capability, including the attributes of protocol version, session identification, cipher suite and the like, and generating and exchanging random numbers.
2. The client hello and server hello messages are followed by authentication and key exchange procedures. The method comprises server certificate and server key exchange, and client certificate and client key exchange.
3. After the server has sent the helllo message, it then sends its own certificate message, the server key exchange message. If the server needs to verify the identity of the client, a certificate request message is sent to the client. Then a server hello complete message is sent, indicating that the hello message phase has ended, and the server waits for a return message from the client. If the server sends a credential request message, the client must return a credential message, and then the client sends a key exchange message, the content of which depends on the key exchange algorithm negotiated by the client hello message and the server hello message. If the client sends a certificate message, the client should also send a digitally signed certificate verification message for the server to verify the identity of the client.
4. Then the client sends the message of changing the cipher specification, and then the client uses the just negotiated algorithm and key immediately to encrypt and send the message of finishing the handshake. The server responds to the cipher specification change message, encrypts and sends a handshake end message by using the just negotiated algorithm and key. By the end of the handshake process, the server and the client can start data secure transmission.
As shown in table 1 in detail,
table 1: process table of SSL cryptographic handshake protocol.
The first embodiment is as follows:
a first embodiment of the present invention provides a method for authenticating a cryptographic certificate, which is applied to a client, and as shown in fig. 1, the method includes the following specific steps:
step S101: sending an SSL connection request, thereby establishing a unidirectional SSL connection;
the client sends SSL connection request to the server, so that unidirectional SSL connection is established between the client and the server, and the unidirectional SSL connection refers to that the client transmits SSL data to the server in a unidirectional mode.
In a specific application scenario, the establishment of the SSL connection is performed by calling an interface in the openssl library in the prior art.
Step S102: sending a cryptographic authentication request through the SSL connection;
after the unidirectional SSL connection is established between the client and the server, the client sends a cryptographic authentication request to the server through the unidirectional SSL connection.
Step S103: receiving a challenge code returned based on the cryptographic authentication request;
after receiving the national password authentication request of the client, the server generates a challenge code based on the national password authentication request, sends the challenge code back to the client, and simultaneously stores a challenge code in the server.
As a specific implementation of the present invention, the challenge code: the time factor and the random value are encrypted by using a hash algorithm, such as md5 or SHA-1. The random value is generated by calling the system bottom function.
Step S104: signing the challenge code;
and after receiving the challenge code, the client signs the challenge code by using a private key of the client.
Step S105: sending signature information and a national secret certificate;
and the client sends the signing information and the national password certificate after signing the challenge code to the server.
Step S106: and receiving a verification result of the signature information and the cryptographic certificate.
And the server verifies the received signature information and the national password certificate and sends a verification result to the client.
As a specific implementation manner of the present invention, the server decrypts the signature information using the public key in the client certificate to obtain the challenge code in the signature information, then compares the challenge code in the obtained signature information with the challenge code stored in the server, and returns the verification result to the client. If the two challenge codes are consistent, the verification is passed, and if the two challenge codes are inconsistent, the verification is not passed.
Example two:
as shown in fig. 2, an embodiment of the present invention provides a method for authenticating a cryptographic certificate, which is used at a server side, and includes:
step S201: receiving an SSL connection request, thereby establishing a unidirectional SSL connection;
step S202: receiving a cryptographic authentication request sent through the SSL connection;
step S203: generating a challenge code based on the cryptographic authentication request and sending the challenge code;
step S204: receiving signature information and a cryptographic certificate generated by signing the challenge code;
step S205: and verifying the signature information and the national password certificate, and sending a verification result.
As a specific implementation manner of the present invention, as shown in fig. 3, step S203: the generating a challenge code based on the cryptographic authentication request and sending the challenge code comprises:
step S301: receiving the national secret authentication request;
step S302: generating a challenge code based on the cryptographic authentication request;
step S303: and saving the challenge code to the local and sending the challenge code.
As a specific implementation manner of the present invention, as shown in fig. 4, step S205: the verifying the signature information and the cryptographic certificate and sending a verification result comprises:
step S401: acquiring a public key of the national secret certificate;
step S402: decrypting the signature information by using the public key so as to obtain a challenge code in the signature information;
step S403: comparing the challenge code in the signature information with the challenge code stored locally to obtain a verification result;
step S404: and sending the verification result.
The specific implementation thereof has been described in detail in the first embodiment, and is not repeated herein.
Example three:
as shown in fig. 5, an embodiment of the present invention provides a method for authenticating a cryptographic certificate, including:
the client sends an SSL connection request to the server, so that one-way SSL connection is established;
the client sends a cryptographic authentication request to the server through the SSL connection
The server generates a challenge code based on the cryptographic authentication request and sends the challenge code to the client;
the client receives the challenge code;
the client signs the challenge code;
the client sends the signature information and the national password certificate to the server;
the server verifies the signature information and the country password certificate and sends a verification result to the client;
and the client receives the verification result.
In the technical scheme, the client and the server are mainly combined for description, and the specific implementation of the technical scheme is described in detail in the first embodiment, which is not described herein again.
Example four:
as shown in fig. 6, in a fourth aspect, an embodiment of the present invention provides a cryptographic certificate authentication apparatus for a client, including:
the connection request module 601: the SSL connection request is sent, so that a unidirectional SSL connection is established;
the certificate sending module 602: for sending a cryptographic authentication request over the SSL connection;
the challenge code receiving module 603: the challenge code is returned based on the national password authentication request;
the signature module 604: for signing the challenge code;
the information sending module 605: the system is used for sending signature information and a national secret certificate;
the result receiving module 606: and the verification module is used for receiving the verification result of the signature information and the cryptographic certificate.
As a specific implementation manner of the present invention, the challenge code: the time factor and the random value are encrypted by using a hash algorithm.
As a specific implementation manner of the present invention, the signing the challenge code specifically includes: the challenge code is encrypted using a private key.
Example five:
as shown in fig. 7, in a fifth aspect, an embodiment of the present invention provides a cryptographic certificate authentication apparatus, which is used on a server side, and includes:
the request receiving module 701: for receiving an SSL connection request, thereby establishing a unidirectional SSL connection;
authentication request receiving module 702: for receiving a cryptographic authentication request sent over the SSL connection;
the challenge code generation module 703: the password authentication server is used for generating a challenge code based on the password authentication request and sending the challenge code;
signature information reception module 704: receiving signature information and a cryptographic certificate generated by signing the challenge code;
the verification module 705: and the system is used for verifying the signature information and the cryptographic certificate and sending a verification result.
As a specific implementation manner of the present invention, the challengecode generating module 703 is further configured to:
receiving the national secret authentication request;
generating a challenge code based on the cryptographic authentication request;
and saving the challenge code to the local and sending the challenge code.
As a specific implementation manner of the present invention, theverification module 705 is further configured to:
acquiring a public key of the national secret certificate;
decrypting the signature information by using the public key so as to obtain a challenge code in the signature information;
comparing the challenge code in the signature information with the challenge code stored locally to obtain a verification result;
and sending the verification result.
The technical solution is mainly to express a function module in a server, and the specific implementation manner of the function module is described in detail in the first to fourth embodiments, which are not described herein again.
In a sixth aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: a memory, a processor and a computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the method steps of embodiment one or embodiment two.
The Processor may be a general-purpose Processor, such as a Central Processing Unit (CPU), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement embodiments of the present invention. Wherein the memory is used for storing executable instructions of the processor; a memory for storing the program code and transmitting the program code to the processor. The Memory may include Volatile Memory (Volatile Memory), such as Random Access Memory (RAM); Non-Volatile Memory (Non-Volatile Memory) such as Read-Only Memory (ROM), Flash Memory (Flash Memory), Hard Disk (HDD), or Solid-State Drive (SSD) may also be included; combinations of the above categories of memory may also be included.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and the computer program, when executed by a processor, implements the method steps of the first embodiment.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
While the present invention has been described with reference to the embodiments shown in the drawings, the present invention is not limited to the embodiments, which are illustrative and not restrictive, and it will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (10)
1. A national secret certificate authentication method is used for a client, and is characterized by comprising the following steps:
sending an SSL connection request, thereby establishing a unidirectional SSL connection;
sending a cryptographic authentication request through the SSL connection;
receiving a challenge code returned based on the cryptographic authentication request;
signing the challenge code;
sending signature information and a national secret certificate;
and receiving a verification result of the signature information and the cryptographic certificate.
2. The cryptographic certificate authentication method of claim 1, wherein the challenge code:
the time factor and the random value are encrypted by using a hash algorithm.
3. The method according to claim 1, wherein the signing the challenge code comprises:
the challenge code is encrypted using a private key.
4. A national secret certificate authentication method is used for a server side, and is characterized by comprising the following steps:
receiving an SSL connection request, thereby establishing a unidirectional SSL connection;
receiving a cryptographic authentication request sent through the SSL connection;
generating a challenge code based on the cryptographic authentication request and sending the challenge code;
receiving signature information and a cryptographic certificate generated by signing the challenge code;
and verifying the signature information and the national password certificate, and sending a verification result.
5. The method according to claim 4, wherein the generating a challenge code based on the cryptographic authentication request and sending the challenge code comprises:
receiving the national secret authentication request;
generating a challenge code based on the cryptographic authentication request;
and saving the challenge code to the local and sending the challenge code.
6. The method according to claim 5, wherein the verifying the signature information and the cryptographic certificate and sending a verification result comprises:
acquiring a public key of the national secret certificate;
decrypting the signature information by using the public key so as to obtain a challenge code in the signature information;
comparing the challenge code in the signature information with the challenge code stored locally to obtain a verification result;
and sending the verification result.
7. A method for authenticating a cryptographic certificate, comprising:
the client sends an SSL connection request to the server, so that one-way SSL connection is established;
the client sends a cryptographic authentication request to the server through the SSL connection
The server generates a challenge code based on the cryptographic authentication request and sends the challenge code to the client;
the client receives the challenge code;
the client signs the challenge code;
the client sends the signature information and the national password certificate to the server;
the server verifies the signature information and the country password certificate and sends a verification result to the client;
and the client receives the verification result.
8. A cryptographic certificate authentication apparatus for a client, comprising:
a connection request module: the SSL connection request is sent, so that a unidirectional SSL connection is established;
a certificate sending module: for sending a cryptographic authentication request over the SSL connection;
the challenge code receiving module: the challenge code is returned based on the national password authentication request;
a signature module: for signing the challenge code;
an information sending module: the system is used for sending signature information and a national secret certificate;
a result receiving module: and the verification module is used for receiving the verification result of the signature information and the cryptographic certificate.
9. A national secret certificate authentication device is used for a server side, and is characterized by comprising:
a request receiving module: for receiving an SSL connection request, thereby establishing a unidirectional SSL connection;
an authentication request receiving module: for receiving a cryptographic authentication request sent over the SSL connection;
the challenge code generation module: the password authentication server is used for generating a challenge code based on the password authentication request and sending the challenge code;
a signature information receiving module: receiving signature information and a cryptographic certificate generated by signing the challenge code;
a verification module: and the system is used for verifying the signature information and the cryptographic certificate and sending a verification result.
10. An electronic device, characterized in that the electronic device comprises: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811338997.6ACN109361681B (en) | 2018-11-12 | 2018-11-12 | Method, device and equipment for authenticating national secret certificate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811338997.6ACN109361681B (en) | 2018-11-12 | 2018-11-12 | Method, device and equipment for authenticating national secret certificate |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109361681A CN109361681A (en) | 2019-02-19 |
| CN109361681Btrue CN109361681B (en) | 2021-10-15 |
Family
ID=65344870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811338997.6AActiveCN109361681B (en) | 2018-11-12 | 2018-11-12 | Method, device and equipment for authenticating national secret certificate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109361681B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112448958B (en)* | 2020-11-30 | 2022-08-30 | 南方电网科学研究院有限责任公司 | Domain policy issuing method and device, electronic equipment and storage medium |
| CN113364776A (en)* | 2021-06-04 | 2021-09-07 | 北银金融科技有限责任公司 | Method and system for verifying block link point usage cryptographic algorithm communication |
| CN113839927B (en)* | 2021-09-01 | 2023-06-09 | 北京天融信网络安全技术有限公司 | Method and system for performing mutual authentication based on third party |
| CN114615046B (en)* | 2022-03-07 | 2024-04-30 | 中国大唐集团科学技术研究总院有限公司 | Administrator double-factor authentication method based on national secret certificate |
| CN119814308B (en)* | 2025-03-14 | 2025-07-22 | 北京凝思软件股份有限公司 | Communication method, server and client based on national secret encryption network protocol |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188074A (en)* | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | Proxy method for improving SSL algorithm intensity of browser |
| CN104283886A (en)* | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | A realization method of web security access based on local authentication of intelligent terminal |
| CN104735068A (en)* | 2015-03-24 | 2015-06-24 | 江苏物联网研究发展中心 | SIP security authentication method based on commercial passwords |
| CN105337977A (en)* | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
| CN105847247A (en)* | 2016-03-21 | 2016-08-10 | 飞天诚信科技股份有限公司 | Authentication system and working method thereof |
| CN106330838A (en)* | 2015-07-01 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Dynamic signature method, client using the same and server |
| CN106936790A (en)* | 2015-12-30 | 2017-07-07 | 上海格尔软件股份有限公司 | The method that client and server end carries out two-way authentication is realized based on digital certificate |
| CN108064440A (en)* | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8707031B2 (en)* | 2009-04-07 | 2014-04-22 | Secureauth Corporation | Identity-based certificate management |
| CN103747001B (en)* | 2014-01-14 | 2017-02-01 | 中电长城(长沙)信息技术有限公司 | Audio-access mobile payment communication method based on security algorithm |
- 2018
- 2018-11-12CNCN201811338997.6Apatent/CN109361681B/enactiveActive
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103188074A (en)* | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | Proxy method for improving SSL algorithm intensity of browser |
| CN104283886A (en)* | 2014-10-14 | 2015-01-14 | 中国科学院信息工程研究所 | A realization method of web security access based on local authentication of intelligent terminal |
| CN104735068A (en)* | 2015-03-24 | 2015-06-24 | 江苏物联网研究发展中心 | SIP security authentication method based on commercial passwords |
| CN106330838A (en)* | 2015-07-01 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Dynamic signature method, client using the same and server |
| CN105337977A (en)* | 2015-11-16 | 2016-02-17 | 苏州通付盾信息技术有限公司 | Secure mobile communication architecture with dynamic two-way authentication and implementation method thereof |
| CN106936790A (en)* | 2015-12-30 | 2017-07-07 | 上海格尔软件股份有限公司 | The method that client and server end carries out two-way authentication is realized based on digital certificate |
| CN105847247A (en)* | 2016-03-21 | 2016-08-10 | 飞天诚信科技股份有限公司 | Authentication system and working method thereof |
| CN108064440A (en)* | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109361681A (en) | 2019-02-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109361681B (en) | Method, device and equipment for authenticating national secret certificate | |
| CN113438071B (en) | Method and device for secure communication | |
| US9621545B2 (en) | System and method for connecting client devices to a network | |
| CN109818747B (en) | Digital signature method and device | |
| KR102018971B1 (en) | Method for enabling network access device to access wireless network access point, network access device, application server and non-volatile computer readable storage medium | |
| CN111935712A (en) | Data transmission method, system and medium based on NB-IoT communication | |
| CN109150897B (en) | End-to-end communication encryption method and device | |
| CN106464690B (en) | Security authentication method, configuration method and related equipment | |
| JP7292263B2 (en) | Method and apparatus for managing digital certificates | |
| WO2018076365A1 (en) | Key negotiation method and device | |
| CN110650478B (en) | OTA method, system, device, SE module, program server and medium | |
| CN108366063B (en) | Data communication method, device and device for smart device | |
| CN110958209B (en) | Bidirectional authentication method, system and terminal based on shared secret key | |
| CN108111497B (en) | Mutual authentication method and device for camera and server | |
| CN109981562B (en) | Software development kit authorization method and device | |
| CN102577230A (en) | Low latency peer session establishment | |
| CN104836784B (en) | A kind of information processing method, client and server | |
| CN114125832B (en) | A network connection method, a terminal, a network-to-be-distributed device, and a storage medium | |
| US20160219045A1 (en) | Method and System for Authenticating a User of a Device | |
| CN106330857A (en) | Client device with certificate and related method | |
| CN114374522B (en) | Trusted device authentication method and device, computer device and storage medium | |
| CN111654481B (en) | Identity authentication method, identity authentication device and storage medium | |
| KR20200043855A (en) | Method and apparatus for authenticating drone using dim | |
| CN110636503A (en) | Data encryption method, apparatus, device, and computer-readable storage medium | |
| CN114500055A (en) | Password verification method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |