CN111931158A - Bidirectional authentication method, terminal and server - Google Patents
Bidirectional authentication method, terminal and server Download PDFInfo
- Publication number
- CN111931158A CN111931158A CN202010797811.4A CN202010797811A CN111931158A CN 111931158 A CN111931158 A CN 111931158A CN 202010797811 A CN202010797811 A CN 202010797811A CN 111931158 A CN111931158 A CN 111931158A
- Authority
- CN
- China
- Prior art keywords
- certificate
- public key
- module
- terminal
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 230000002457 bidirectional effect Effects 0.000 title claims abstract description 26
- 230000000739 chaotic effect Effects 0.000 claims abstract description 41
- 230000008569 process Effects 0.000 claims abstract description 22
- 238000012545 processing Methods 0.000 claims description 27
- 238000003860 storage Methods 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 8
- 238000004422 calculation algorithm Methods 0.000 abstract description 36
- 238000010586 diagram Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 7
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 210000000056 organ Anatomy 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a bidirectional authentication method, a terminal and a server, wherein the bidirectional authentication method comprises the steps that the terminal sends a public key of a signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance; the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance; the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information; and the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate. According to the method and the device, the bidirectional authentication can be realized, the national cryptographic algorithm is adopted to replace the international cryptographic algorithm, the bidirectional authentication process is realized again based on the national cryptographic algorithm, and the safety performance is obviously improved.
Description
Technical Field
The present invention relates to the field of authentication technologies, and in particular, to a bidirectional authentication method, a terminal, and a server.
Background
The POS machine is often used for sign-in operation in the using process, and the aim is to update a working key, so that sensitive information such as bank card passwords and the like related to the transaction process is protected and is not leaked. Before the check-in operation, the machine terminal needs to perform bidirectional authentication with the background server to confirm that the identities of the two parties are legal.
In the prior art, a new mode of bidirectional authentication key agreement can be realized by 2 rounds of interaction, the 1 st round of identity authentication in the mode is realized by a state-encryption algorithm SM2 encryption/decryption and signature verification module, and the 2 nd round of identity authentication is realized by a state-encryption algorithm SM3 Hash operation.
In the general mutual authentication implementation of the POS industry, the privacy cannot be well protected due to the simple implementation process and low safety factor.
Disclosure of Invention
In view of the above problems, embodiments of the present invention are proposed to provide a mutual authentication method, a terminal, and a server that overcome or at least partially solve the above problems.
In order to solve the above problem, an embodiment of the present invention discloses a bidirectional authentication method, including: the method is applied to bidirectional authentication of the POS machine terminal and the background server, and comprises the following steps:
the terminal sends a public key of a signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance;
the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information;
and the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate.
Preferably, before the step of processing the chaotic sequence according to the private key of the signature certificate and the public key of the encryption certificate by the terminal to obtain the authentication information, the method further includes:
the terminal sends a first random value to a server;
the terminal receives a second random value of the server, wherein the second random value is generated by the server according to the first random value;
the terminal determines a chaotic sequence based on the second random value and the first random value.
Preferably, the step of determining the authentication information by the terminal processing the preset chaotic sequence according to the private key of the signature certificate and the public key of the encryption certificate includes:
the terminal signs the chaotic sequence according to the private key of the signature certificate to generate signature information;
the terminal encrypts the chaotic sequence according to the public key data of the encryption certificate to generate an encrypted file;
the authentication information includes signature information and an encrypted file.
Preferably, the step of verifying the authentication information by the server according to the public key of the signature certificate and the private key of the encryption certificate includes:
the server decrypts the encrypted file according to the private key of the encrypted certificate;
and the server checks the signature information according to the public key of the signature certificate.
In addition, this application still provides a mutual authentication terminal, the terminal includes:
a sending module: the terminal is used for sending a public key of a signature certificate, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
a receiving module: the system comprises a public key module, a public key module and a public key module, wherein the public key module is used for receiving an encrypted certificate public key, and the encrypted certificate public key is determined according to the signature certificate public key;
a processing module: the system is used for processing the chaotic sequence according to the private key of the signature certificate and the public key of the encryption certificate to obtain authentication information;
an authentication module: for sending the authentication information.
Preferably, the processing module further includes:
a first module: for transmitting a first random value;
a second module: for receiving a second random value, wherein the second random value is generated according to the first random value;
a chaotic module: for determining a chaotic sequence based on the second random value and the first random value.
Preferably, the processing module comprises:
a signature module: the private key is used for signing the chaotic sequence according to the private key of the signature certificate to generate signature information;
an encryption module: the encryption device is used for encrypting the chaotic sequence according to the public key data of the encryption certificate to generate an encrypted file;
a file module: the authentication information comprises signature information and an encrypted file.
The present application further provides a mutual authentication server, the server including:
a signature certificate module: the system comprises a public key for receiving a signature certificate, wherein the public key for the signature certificate is matched with a private key for the signed certificate;
an encryption certificate module: the server is used for sending an encrypted certificate public key, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance;
an information module: the system is used for receiving authentication information, wherein the authentication information is obtained according to the private key of the signature certificate and the public key of the encryption certificate;
a verification module: and the authentication information is verified according to the public key of the signature certificate and the private key of the encryption certificate.
The invention also provides an electronic device comprising a processor, a memory and a computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing the steps of the mutual authentication method.
The invention also provides a computer-readable storage medium on which a computer program is stored which, when executed by a processor, implements the steps of the mutual authentication method.
The method comprises the steps that a terminal sends a public key of a signature certificate to a server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance; the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance; the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information; and the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate. The method has the advantages that the bidirectional authentication can be realized, the national cryptographic algorithm is adopted to replace the international cryptographic algorithm, the bidirectional authentication process is realized again based on the national cryptographic algorithm, and the safety performance is obviously improved.
Drawings
FIG. 1 is a flow chart of the steps of an embodiment of a mutual authentication method of the present invention;
FIG. 2 is a block diagram of a bidirectional authentication terminal according to an embodiment of the present invention;
FIG. 3 is an electronic device implementing the mutual authentication method of the present invention;
FIG. 4 is a flow chart of the steps of a prior art authentication method embodiment;
FIG. 5 is a flowchart of the steps of a two-way authentication cryptographic algorithm according to the present invention;
fig. 6 is a flowchart of the steps of an embodiment of a mutual authentication method of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
One of the core ideas of the embodiment of the invention is that the method can realize bidirectional authentication, and adopts a national cryptographic algorithm to replace an international cryptographic algorithm, thereby realizing the bidirectional authentication process based on the national cryptographic algorithm and obviously improving the safety performance.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a mutual authentication method according to the present invention is shown, which may specifically include the following steps:
step S100, the terminal sends a public key of the signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance.
Step S200, the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance.
And step S300, the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information.
And step S400, the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate.
Before the step of processing the chaotic sequence by the terminal according to the private key of the signature certificate and the public key of the encryption certificate to obtain the authentication information, the method further comprises the following steps:
and the terminal sends the first random value to the server.
And the terminal receives a second random value of the server, wherein the second random value is generated by the server according to the first random value.
The terminal determines a chaotic sequence based on the second random value and the first random value.
The terminal processes a preset chaos sequence according to the signature certificate private key and the encryption certificate public key to determine authentication information, and the method comprises the following steps: the terminal signs the chaotic sequence according to the private key of the signature certificate to generate signature information; the terminal encrypts the chaotic sequence according to the public key data of the encryption certificate to generate an encrypted file; the authentication information includes signature information and an encrypted file.
The step of verifying the authentication information by the server according to the public key of the signature certificate and the private key of the encryption certificate comprises the following steps:
the server decrypts the encrypted file according to the private key of the encrypted certificate; and the server checks the signature information according to the public key of the signature certificate.
The existing POS machine is required to sign in frequently in the using process, and the aim is to update a working key, so that sensitive information such as bank card passwords and the like related to the transaction process is protected and is not leaked. Before the check-in operation, the machine terminal needs to perform bidirectional authentication with the background server to confirm that the identities of the two parties are legal.
The cryptographic algorithm is a core technology for guaranteeing information security, in particular to the core field of the banking industry, and is an international universal cryptographic algorithm system and related standards such as a triple data encryption algorithm, a cryptographic hash function and the like for a long time. With the increase of financial security to the high degree of national security, in recent years, national relevant organs and regulatory agencies have proposed requirements for promoting the application and implementation of national cryptographic algorithms and strengthening the controllable industry security in the aspect of national security and long-term strategy. In order to get rid of excessive dependence on foreign technologies and products, an industry network security environment is built, and the security and controllability of the industry information method in China are enhanced.
In the general mutual authentication implementation of the POS industry, the cryptographic algorithm is an international cryptographic algorithm, and the application provides the mutual authentication implementation using the national cryptographic algorithm.
In the mutual authentication implementation commonly used in the POS industry, a random number and a transmission key are used to perform mutual authentication between a machine terminal and a background server, but because the implementation process is simple, the security level is not high. The method is based on the use of cryptographic algorithm, and uses mutual verification of bidirectional random number, encryption and signature certificate to raise the safety of bidirectional authentication.
Referring to fig. 2, a block diagram of a bidirectional authentication terminal according to an embodiment of the present invention is shown, and specifically includes the following modules:
the sending module 100: the terminal sends a public key of the signature certificate, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance.
The receiving module 200: and the terminal is used for receiving an encryption certificate public key, wherein the encryption certificate public key is determined according to the signature certificate public key.
The processing module 300: and the terminal is used for processing the chaotic sequence according to the private key of the signature certificate and the public key of the encryption certificate to obtain authentication information.
The authentication module 400: the terminal is used for sending the authentication information.
The processing module 300 further includes:
a first module: for the terminal to send the first random value.
A second module: the terminal receives a second random value, wherein the second random value is generated according to the first random value.
A chaotic module: for the terminal to determine a chaotic sequence based on the second random value and the first random value.
The processing module 300 includes:
a signature module: and the terminal signs the chaotic sequence according to the private key of the signature certificate to generate signature information.
An encryption module: the terminal encrypts the chaotic sequence according to the public key data of the encryption certificate to generate an encrypted file;
a file module: the authentication information includes signature information and an encrypted file.
For the terminal embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for relevant points, reference may be made to the partial description of the method embodiment.
The present application further includes a mutual authentication server, the server comprising:
a signature certificate module: the server receives a public key of a signature certificate, wherein the public key of the signature certificate is matched with a private key of the signed certificate;
an encryption certificate module: the server sends an encryption certificate public key, wherein the encryption certificate public key is matched with an encryption certificate private key stored in the server in advance;
an information module: the server receives authentication information, wherein the authentication information is obtained according to the signature certificate private key and the encryption certificate public key;
a verification module: and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate.
Before the information module, the method further comprises the following steps:
a first random value module: for the server to receive a first random value;
a second random value module: and the server generates and sends a second random value according to the first random value.
The authentication module includes:
a decomposition module: the authentication information is decomposed into an encrypted file and signature information;
a decryption module: the server is used for decrypting the encrypted file according to the private key of the encrypted certificate;
a label checking module: and the server is used for verifying the signature information according to the public key of the signature certificate.
Referring to fig. 4, a flowchart of steps of an embodiment of a conventional authentication method is shown, which specifically includes the following steps: the machine terminal generates random numbers and encrypts the random numbers by using the transmission key, and the server background is provided with a private key corresponding to the transmission key, so that decryption operation can be performed. And calculating the decrypted data by a triple data encryption algorithm on 16 bytes to obtain a check value, comparing whether the check values are consistent, if so, successfully authenticating in two directions, and if not, failing to authenticate in two directions. However, the prior art has the advantages of simple implementation process and low safety degree.
Referring to fig. 5, a flowchart of steps of a bidirectional authentication based on a cryptographic algorithm of the present invention is shown, which specifically includes the following steps: the national cryptographic algorithm is realized by hardware of the chip, a chip manufacturer provides a software interface of the national cryptographic algorithm, and the chip manufacturer repacks the software interface to enhance the readability of the software interface, wherein the national cryptographic algorithm comprises the following algorithms: an SM2 encryption algorithm, an SM2 decryption algorithm, an SM2 signature algorithm, an SM2 signature algorithm, an SM3 hash value calculation algorithm, and an SM4 algorithm.
Referring to fig. 6, a flowchart illustrating steps of an embodiment of a bidirectional authentication method according to the present invention is shown, and the specific steps are as follows:
in one particular embodiment, the method comprises:
the terminal sends a public key of a signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance;
in one embodiment, a terminal generates a first chaotic sequence, and sends a part of values in the first chaotic sequence as a first random number to a server;
the server generates a second random number according to the first random number;
and the terminal receives the second random number, combines the second random number with the first chaotic sequence and the first random number, and generates a chaotic sequence.
In one embodiment, the terminal generates a random number of 48 bytes, and preferably, the first 16 bytes of the 48 random bytes generated by the terminal can be sent to the server as the first random number;
the server generates a second random number according to the first random number, namely 16 bytes, the server regenerates 16 bytes and sends the 16 bytes generated by the server to the terminal as the second random number;
the terminal replaces the second random number with the middle 16 bytes of the 48-byte random number generated by the terminal, and the recombined 48 bytes are used as a chaotic sequence;
the terminal reads the public key data of the encrypted certificate and encrypts a random number of 48 bytes by using a secret SM2 algorithm;
the terminal reads the private key data of the signature certificate and signs the Hash result of the 48-byte random number by using the SM2 algorithm, wherein the Hash result is obtained by calculating by using the SM3 algorithm;
the terminal sends the encrypted and signed data to generate authentication information and sends the authentication information to the server;
the server uses the private key of the decryption certificate and the public key of the signature verification certificate to decrypt and sign respectively, and specifically uses the national secret SM2 and SM4 algorithms to decrypt and sign respectively;
if the signature verification is successful, the bidirectional authentication is successful, and if the signature verification is failed, the bidirectional authentication is failed.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 3, a computer device of an XX method of the present invention is shown, which may specifically include the following:
in an embodiment of the present invention, the present invention further provides a computer device, where the computer device 12 is represented in a general computing device, and the components of the computer device 12 may include but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)31 and/or cache memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (commonly referred to as "hard drives"). Although not shown in FIG. 3, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. The memory may include at least one program product having a set (e.g., at least one) of program modules 42, with the program modules 42 configured to carry out the functions of embodiments of the invention.
A program/utility 41 having a set (at least one) of program modules 42 may be stored, for example, in memory, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules 42, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, to implement the mutual authentication method provided by the embodiment of the present invention.
That is, the processing unit 16 implements, when executing the program: the terminal sends a public key of a signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance;
the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information;
and the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate.
In an embodiment of the present invention, the present invention further provides a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the method of mutual authentication as provided in all embodiments of the present application.
That is, the program when executed by the processor implements: the terminal sends a public key of a signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance;
the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information;
and the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer-readable storage medium or a computer-readable signal medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor method, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPOM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution method, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution method, apparatus, or device.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (methods), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The above describes in detail a mutual authentication method provided by the present invention, and a specific example is applied in the present document to explain the principle and the implementation of the present invention, and the description of the above embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (10)
1. A bidirectional authentication method is applied to bidirectional authentication of a POS machine terminal and a background server, and is characterized by comprising the following steps:
the terminal sends a public key of a signature certificate to the server, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
the terminal receives an encrypted certificate public key sent by the server, wherein the encrypted certificate public key is matched with an encrypted certificate private key stored in the server in advance;
the terminal processes the chaotic sequence according to the signature certificate private key and the encryption certificate public key to obtain authentication information;
and the terminal sends the authentication information to a server, and the server verifies the authentication information according to the public key of the signature certificate and the private key of the encryption certificate.
2. The mutual authentication method according to claim 1, wherein before the step of processing the chaotic sequence by the terminal according to the private key of the signature certificate and the public key of the encryption certificate to obtain the authentication information, the method further comprises:
the terminal sends a first random value to a server;
the terminal receives a second random value of the server, wherein the second random value is generated by the server according to the first random value;
the terminal determines a chaotic sequence based on the second random value and the first random value.
3. The mutual authentication method according to claim 2, wherein the step of the terminal processing the chaotic sequence according to the private key of the signature certificate and the public key of the encryption certificate to obtain the authentication information comprises:
the terminal signs the chaotic sequence according to the private key of the signature certificate to generate signature information;
the terminal encrypts the chaotic sequence according to the public key data of the encryption certificate to generate an encrypted file;
the authentication information includes the signature information and the encrypted file.
4. The mutual authentication method according to claim 3, wherein the step of verifying the authentication information by the server according to the public key of the signature certificate and the private key of the encryption certificate comprises:
the server decrypts the encrypted file according to the private key of the encrypted certificate;
and the server checks the signature information according to the public key of the signature certificate.
5. A bi-directional authentication terminal, characterized in that the terminal comprises:
a sending module: the terminal is used for sending a public key of a signature certificate, wherein the public key of the signature certificate is matched with a private key of the signature certificate stored in the terminal in advance;
a receiving module: the system comprises a public key module, a public key module and a public key module, wherein the public key module is used for receiving an encrypted certificate public key, and the encrypted certificate public key is determined according to the signature certificate public key;
a processing module: the system is used for processing the chaotic sequence according to the private key of the signature certificate and the public key of the encryption certificate to obtain authentication information;
an authentication module: for sending the authentication information.
6. The mutual authentication terminal as claimed in claim 5, wherein the processing module further comprises:
a first module: for transmitting a first random value;
a second module: for receiving a second random value, wherein the second random value is generated according to the first random value;
a chaotic module: and the chaotic sequence is determined according to the second random value and the first random value.
7. The mutual authentication terminal as claimed in claim 5, wherein the processing module comprises:
a signature module: the private key is used for signing the chaotic sequence according to the private key of the signature certificate to generate signature information;
an encryption module: the encryption device is used for encrypting the chaotic sequence according to the public key data of the encryption certificate to generate an encrypted file;
a file module: the authentication information comprises signature information and an encrypted file.
8. A mutual authentication server, wherein the server comprises:
a signature certificate module: the system comprises a public key module, a public key module and a private key module, wherein the public key module is used for receiving a signature certificate public key, and the signature certificate public key is matched with a signature certificate private key;
an encryption certificate module: the system comprises a public key module, a public key module and a public key module, wherein the public key module is used for sending an encrypted certificate public key, and the encrypted certificate public key is matched with a prestored encrypted certificate private key;
an information module: the system is used for receiving authentication information, wherein the authentication information is obtained according to the private key of the signature certificate and the public key of the encryption certificate;
a verification module: and the authentication information is verified according to the public key of the signature certificate and the private key of the encryption certificate.
9. Electronic device, characterized in that it comprises a processor, a memory and a computer program stored on said memory and capable of running on said processor, said computer program, when executed by said processor, implementing the steps of the mutual authentication method according to any one of claims 1 to 4.
10. Computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the mutual authentication method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010797811.4A CN111931158A (en) | 2020-08-10 | 2020-08-10 | Bidirectional authentication method, terminal and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010797811.4A CN111931158A (en) | 2020-08-10 | 2020-08-10 | Bidirectional authentication method, terminal and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111931158A true CN111931158A (en) | 2020-11-13 |
Family
ID=73307831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010797811.4A Pending CN111931158A (en) | 2020-08-10 | 2020-08-10 | Bidirectional authentication method, terminal and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111931158A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112508138A (en) * | 2020-11-18 | 2021-03-16 | 北京融讯科创技术有限公司 | Single board server management method, device, equipment and computer readable storage medium |
| CN113592484A (en) * | 2021-07-16 | 2021-11-02 | 支付宝(杭州)信息技术有限公司 | Account cubing method, system and device |
| CN114374522A (en) * | 2022-03-22 | 2022-04-19 | 杭州美创科技有限公司 | Trusted device authentication method and device, computer device and storage medium |
| CN114692120A (en) * | 2020-12-30 | 2022-07-01 | 成都鼎桥通信技术有限公司 | State password authentication method, virtual machine, terminal equipment, system and storage medium |
| CN114785532A (en) * | 2022-06-22 | 2022-07-22 | 广州万协通信息技术有限公司 | Security chip communication method and device based on bidirectional signature authentication |
| CN115001864A (en) * | 2022-07-27 | 2022-09-02 | 深圳市西昊智能家具有限公司 | Communication authentication method and device for intelligent furniture, computer equipment and storage medium |
| CN115150158A (en) * | 2022-06-30 | 2022-10-04 | 深圳前海微众银行股份有限公司 | Remote identity authentication method, device, equipment and storage medium |
| CN115378998A (en) * | 2022-08-22 | 2022-11-22 | 中国工商银行股份有限公司 | Service calling method, device, system, computer equipment and storage medium |
| CN115514480A (en) * | 2022-09-30 | 2022-12-23 | 深圳奇迹智慧网络有限公司 | Data interaction method and readable storage medium |
| CN117521052A (en) * | 2024-01-04 | 2024-02-06 | 中国电信股份有限公司江西分公司 | Protection authentication method and device for server privacy, computer equipment and medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662705A (en) * | 2009-10-19 | 2010-03-03 | 国网信息通信有限公司 | Equipment authentication method of Ethernet passive optical network (EPON) and system thereof |
| CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
| CN104426657A (en) * | 2013-08-23 | 2015-03-18 | 阿里巴巴集团控股有限公司 | Service authentication method and system, server |
| CN105162760A (en) * | 2015-07-28 | 2015-12-16 | 郝孟一 | Random draw-off method, apparatus and system |
| CN105872848A (en) * | 2016-06-13 | 2016-08-17 | 北京可信华泰信息技术有限公司 | Credible two-way authentication method applicable to asymmetric resource environment |
| CN106453330A (en) * | 2016-10-18 | 2017-02-22 | 深圳市金立通信设备有限公司 | Identity authentication method and system |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| CN106656481A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Identity authentication method, apparatus and system |
| CN107094156A (en) * | 2017-06-21 | 2017-08-25 | 北京明朝万达科技股份有限公司 | A kind of safety communicating method and system based on P2P patterns |
| WO2018113362A1 (en) * | 2016-12-20 | 2018-06-28 | 百富计算机技术(深圳)有限公司 | Remote key acquisition method, point-of-sale terminal and storage medium |
| CN108512846A (en) * | 2018-03-30 | 2018-09-07 | 北京邮电大学 | Mutual authentication method and device between a kind of terminal and server |
| CN109309565A (en) * | 2017-07-28 | 2019-02-05 | 中国移动通信有限公司研究院 | A kind of method and device of safety certification |
-
2020
- 2020-08-10 CN CN202010797811.4A patent/CN111931158A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771535A (en) * | 2008-12-30 | 2010-07-07 | 上海茂碧信息科技有限公司 | Mutual authentication method between terminal and server |
| CN101662705A (en) * | 2009-10-19 | 2010-03-03 | 国网信息通信有限公司 | Equipment authentication method of Ethernet passive optical network (EPON) and system thereof |
| CN104426657A (en) * | 2013-08-23 | 2015-03-18 | 阿里巴巴集团控股有限公司 | Service authentication method and system, server |
| CN105162760A (en) * | 2015-07-28 | 2015-12-16 | 郝孟一 | Random draw-off method, apparatus and system |
| CN105872848A (en) * | 2016-06-13 | 2016-08-17 | 北京可信华泰信息技术有限公司 | Credible two-way authentication method applicable to asymmetric resource environment |
| CN106453330A (en) * | 2016-10-18 | 2017-02-22 | 深圳市金立通信设备有限公司 | Identity authentication method and system |
| CN106656481A (en) * | 2016-10-28 | 2017-05-10 | 美的智慧家居科技有限公司 | Identity authentication method, apparatus and system |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| WO2018113362A1 (en) * | 2016-12-20 | 2018-06-28 | 百富计算机技术(深圳)有限公司 | Remote key acquisition method, point-of-sale terminal and storage medium |
| CN107094156A (en) * | 2017-06-21 | 2017-08-25 | 北京明朝万达科技股份有限公司 | A kind of safety communicating method and system based on P2P patterns |
| CN109309565A (en) * | 2017-07-28 | 2019-02-05 | 中国移动通信有限公司研究院 | A kind of method and device of safety certification |
| CN108512846A (en) * | 2018-03-30 | 2018-09-07 | 北京邮电大学 | Mutual authentication method and device between a kind of terminal and server |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112508138B (en) * | 2020-11-18 | 2024-03-26 | 北京融讯科创技术有限公司 | Single board server management method, device, equipment and computer readable storage medium |
| CN112508138A (en) * | 2020-11-18 | 2021-03-16 | 北京融讯科创技术有限公司 | Single board server management method, device, equipment and computer readable storage medium |
| CN114692120A (en) * | 2020-12-30 | 2022-07-01 | 成都鼎桥通信技术有限公司 | State password authentication method, virtual machine, terminal equipment, system and storage medium |
| CN113592484A (en) * | 2021-07-16 | 2021-11-02 | 支付宝(杭州)信息技术有限公司 | Account cubing method, system and device |
| CN114374522A (en) * | 2022-03-22 | 2022-04-19 | 杭州美创科技有限公司 | Trusted device authentication method and device, computer device and storage medium |
| CN114374522B (en) * | 2022-03-22 | 2022-06-28 | 杭州美创科技有限公司 | Trusted device authentication method and device, computer device and storage medium |
| CN114785532A (en) * | 2022-06-22 | 2022-07-22 | 广州万协通信息技术有限公司 | Security chip communication method and device based on bidirectional signature authentication |
| CN115150158A (en) * | 2022-06-30 | 2022-10-04 | 深圳前海微众银行股份有限公司 | Remote identity authentication method, device, equipment and storage medium |
| CN115001864A (en) * | 2022-07-27 | 2022-09-02 | 深圳市西昊智能家具有限公司 | Communication authentication method and device for intelligent furniture, computer equipment and storage medium |
| CN115378998B (en) * | 2022-08-22 | 2024-02-02 | 中国工商银行股份有限公司 | Service calling method, device, system, computer equipment and storage medium |
| CN115378998A (en) * | 2022-08-22 | 2022-11-22 | 中国工商银行股份有限公司 | Service calling method, device, system, computer equipment and storage medium |
| CN115514480A (en) * | 2022-09-30 | 2022-12-23 | 深圳奇迹智慧网络有限公司 | Data interaction method and readable storage medium |
| CN117521052A (en) * | 2024-01-04 | 2024-02-06 | 中国电信股份有限公司江西分公司 | Protection authentication method and device for server privacy, computer equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111931158A (en) | Bidirectional authentication method, terminal and server | |
| CN109522698B (en) | User authentication method based on block chain and terminal equipment | |
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| US9075980B2 (en) | Integrity protected smart card transaction | |
| CN110519309B (en) | Data transmission method, device, terminal, server and storage medium | |
| CN117579281A (en) | Method and system for ownership verification using blockchain | |
| CN111835774B (en) | Data processing method, device, equipment and storage medium | |
| US11711213B2 (en) | Master key escrow process | |
| CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
| CN111639325B (en) | Merchant authentication method, device, equipment and storage medium based on open platform | |
| CN111160909B (en) | Hidden static supervision system and method for blockchain supply chain transaction | |
| KR102013983B1 (en) | Method and server for authenticating an application integrity | |
| CN110245466B (en) | Software integrity protection and verification method, system, device and storage medium | |
| US20130212391A1 (en) | Elliptic curve cryptographic signature | |
| CN113610526A (en) | Data trust method and device, electronic equipment and storage medium | |
| CN113688399A (en) | Firmware digital signature protection method and device, computer equipment and storage medium | |
| CN113904850B (en) | Block chain private key keystore-based secure login method, electronic equipment and storage medium | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| CN112887097A (en) | Signature method based on SM2 elliptic curve, related device and storage medium | |
| US12141248B2 (en) | Systems and methods for whitebox device binding | |
| CN115643012A (en) | Evidence obtaining method and system based on block chain | |
| US20230124498A1 (en) | Systems And Methods For Whitebox Device Binding | |
| TWM659947U (en) | Transaction Verification System | |
| CN110955883A (en) | Method, device, equipment and storage medium for generating user key | |
| CN113194090A (en) | Authentication method, authentication device, terminal device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |