[go: up one dir, main page]

CN113904773B - SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium - Google Patents

SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium Download PDF

Info

Publication number
CN113904773B
CN113904773B CN202111183803.1A CN202111183803A CN113904773B CN 113904773 B CN113904773 B CN 113904773B CN 202111183803 A CN202111183803 A CN 202111183803A CN 113904773 B CN113904773 B CN 113904773B
Authority
CN
China
Prior art keywords
server
signature
mobile terminal
elliptic curve
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111183803.1A
Other languages
Chinese (zh)
Other versions
CN113904773A (en
Inventor
贺鑫
浦雨三
周细祥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Boya Zhongke Beijing Information Technology Co ltd
Original Assignee
Boya Zhongke Beijing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Boya Zhongke Beijing Information Technology Co ltd filed Critical Boya Zhongke Beijing Information Technology Co ltd
Priority to CN202111183803.1A priority Critical patent/CN113904773B/en
Publication of CN113904773A publication Critical patent/CN113904773A/en
Application granted granted Critical
Publication of CN113904773B publication Critical patent/CN113904773B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the application provides a SSL connection establishment method, a device, electronic equipment and a computer readable storage medium, comprising the following steps: the mobile terminal sends ClientHello to the server; after the server sends ServerHello to the mobile terminal, the server sends a server signature certificate, a server signature and a first elliptic curve point to the mobile terminal; after the mobile terminal passes the authentication of the server, the mobile terminal sends the collaborative signature intermediate quantity, the first signature value and the collaborative signature certificate to the server; the server acquires a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub-private key, after the authentication of the server on the mobile terminal is passed, the mobile terminal and the server respectively generate a session key based on the premaster secret key, and the server mutually sends handshake ending messages in double sending, namely SSL connection between the mobile terminal and the server is established. The scheme does not need to increase hardware overhead, has higher safety and is more suitable for establishing SSL connection between the mobile terminal and the server.

Description

SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, an electronic device, and a computer readable storage medium for SSL connection establishment.
Background
In a Web (World Wide Web) application of the internet, in order to protect secure transmission of application data, an SSL (Secure Sockets Layer secure socket) protocol is generally used to establish a secure connection from a client to a server. The SSL protocol is widely applied at present because of the advantages of simple implementation, small influence on the existing network system, high encryption speed, low cost and the like.
The process of establishing SSL connection can be generally divided into four phases, where the first phase is that the client sends a ClientHello message to the server first, and after receiving the ClientHello message, the server sends a ServerHello message to respond to the client. And the second stage is that the server sends a message to the client so that the client can verify the identity of the server. And the third stage is that after the client receives and analyzes a series of messages sent by the server, the client sends the corresponding messages to the server so as to verify the identity of the client. And the fourth stage is to generate session keys for the two parties respectively, complete a handshake protocol and establish SSL connection. With the development of the mobile internet, most Web applications also provide APP-based service applications, and mobile terminals increasingly serve as clients to establish SSL connection with a server.
Currently, in order to enhance security of Web applications, an information system may employ an SM2 algorithm to complete identity authentication and digital signature of a client. The mobile terminal can complete the identity authentication and the digital signature based on the SM2 algorithm by adopting a TF (Trans FLash) card mode or using a soft algorithm mode. However, the method adopting the TF card needs to increase the hardware cost overhead of the mobile terminal, and the method adopting the soft algorithm has poor safety.
Disclosure of Invention
The purpose of the present application is to at least solve one of the above technical drawbacks, and the technical solutions provided in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a method for establishing an SSL connection, where a mobile terminal and a server that request to establish an SSL connection share elliptic curve parameters of an SM2 algorithm, the server stores a first subprivate key with a collaborative signature, and the mobile terminal stores a second subprivate key with a collaborative signature and a collaborative signature certificate, and the method includes:
the mobile terminal sends a mobile terminal greeting ClientHello to a server;
after the server side responds to the ClientHello and sends a server side hello to the mobile terminal, the server side generates a first random number, acquires a first elliptic curve point based on a base point of an elliptic curve parameter and the first random number, and sends a server side signature certificate, a server side signature and the first elliptic curve point to the mobile terminal;
After the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, the mobile terminal generates a second random number, acquires a summary of the premaster secret key, acquires a collaborative signature intermediate quantity and a first signature value based on a first elliptic curve point, the second random number, the summary of the premaster secret key and a second subprivate key, and sends the collaborative signature intermediate quantity, the first signature value, the premaster secret key and the collaborative signature certificate to the server;
the server acquires a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub-private key, after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server respectively generate a session key based on the premaster secret key, the mobile terminal sends a handshake ending message to the server, and the server sends the handshake ending message to the mobile terminal, namely SSL connection between the mobile terminal and the server is established.
In an alternative embodiment of the present application, before the mobile terminal sends the mobile terminal greeting ClientHello to the server-side, the method further comprises:
the server generates a first sub private key, and the mobile terminal generates a second sub private key;
The server side obtains a first elliptic curve point based on the first sub private key and the elliptic curve base point and sends the first elliptic curve point to the mobile terminal;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point, and applies for the digital certificate system to obtain a collaborative signature certificate based on the collaborative signature public key.
In an alternative embodiment of the present application, the server obtains, based on the first subprivate key and the elliptic curve base point, a first elliptic curve point by the following formula:
P 1 =[d 1 +1]G
wherein P is 1 Is the first elliptic curve point, d 1 G is an elliptic curve base point and is a first subprivate key;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point through the following formula:
P=[d 2 +1]P1–G
wherein P is a public key of collaborative signature, d 2 Is the second child private key.
In an alternative embodiment of the present application, the first elliptic curve point is obtained based on the base point of the elliptic curve parameter and the first random number, and is obtained by the following formula:
V 1 =[k 1 ]G
wherein V is 1 As the first elliptic curve point, the base point, k of the G elliptic curve parameter 1 Is a first random number.
In an alternative embodiment of the present application, obtaining the collaborative signature intermediate quantity and the first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret, and the second subprivate key includes:
Acquiring a second elliptic curve point based on the first elliptic curve point, the second random number, the second subprivate key and a base point of the elliptic curve;
acquiring a first signature value based on the second elliptic curve point and the digest of the premaster secret key;
based on the first signature value, the second random number and the second sub-private key, a collaborative signature intermediate is obtained.
In an alternative embodiment of the present application, the second elliptic curve point is obtained based on the first elliptic curve point, the second random number, the second subprivate key and the base point of the elliptic curve by the following formula:
V 2 =(1+d 2 )*(V 1 +[k 2 ]G)
wherein V is 2 Is the second elliptic curve point, d 2 K is the second sub private key 2 Is a second random number;
based on the second elliptic curve point and the digest of the premaster secret, a first signature value is obtained by the following formula:
r=(x 1 +e)mod n
wherein r is a first signature value, x 1 Is the abscissa of the second elliptic curve point, e is the digest of the premaster secret, mod n is the operation of dividing by n and taking the remainder, n isThe order of the base point of the elliptic curve;
based on the first signature value, the second random number and the second sub-private key, obtaining a collaborative signature intermediate value through the following formula:
W 2 =[k 2 +r*(1+d 2 ) -1 ]mod n
wherein W is 2 Intermediate quantity for collaborative signature.
In an alternative embodiment of the present application, the server obtains the second signature value based on the collaborative signature intermediate, the first signature value, and the first subprivate key by the following formula:
s=[(1+d 1 ) -1 *(k 1 +W 2 )-r]mod n
Wherein s is the second signature value, d 1 Is the first child private key.
In a second aspect, an embodiment of the present application provides an SSL connection establishment device, where a mobile terminal and a server that request to establish an SSL connection share elliptic curve parameters of an SM2 algorithm, the server stores a first subprivate key with a collaborative signature, and the mobile terminal stores a second subprivate key with a collaborative signature and a collaborative signature certificate, where the device includes:
the mobile terminal greeting sending module is used for sending the mobile terminal greeting ClientHello to the server;
the first elliptic curve point sending module is used for generating a first random number by the server after the server responds to the ClientHello and sends a server hello to the mobile terminal, acquiring a first elliptic curve point based on a base point of an elliptic curve parameter and the first random number, and sending a server signature certificate, a server signature and the first elliptic curve point to the mobile terminal;
the mobile terminal generates a second random number after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, acquires a summary of a premaster secret key, acquires a cooperative signature intermediate quantity and a first signature value based on a first elliptic curve point, the second random number, the summary of the premaster secret key and a second subprivate key, and sends the cooperative signature intermediate quantity, the first signature value, the premaster secret key and the cooperative signature certificate to the server;
The second collaborative signature module is used for the server to acquire a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub private key, after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server respectively generate a session key based on the premaster secret key, the mobile terminal sends a handshake ending message to the server, and the server sends the handshake ending message to the mobile terminal, namely SSL connection between the mobile terminal and the server is established.
In an alternative embodiment of the present application, the apparatus further includes a collaborative-signature certificate acquisition module configured to:
before the mobile terminal sends the mobile terminal greeting ClientHello to the server, the server generates a first sub-private key, and the mobile terminal generates a second sub-private key;
the server side obtains a first elliptic curve point based on the first sub private key and the elliptic curve base point and sends the first elliptic curve point to the mobile terminal;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point, and applies for the digital certificate system to obtain a collaborative signature certificate based on the collaborative signature public key.
In an alternative embodiment of the present application, the collaborative-signature certificate acquisition module is specifically configured to:
the server obtains a first elliptic curve point based on the first sub private key and an elliptic curve base point through the following formula:
P 1 =[d 1 +1]G
wherein P is 1 Is the first elliptic curve point, d 1 G is an elliptic curve base point and is a first subprivate key;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point through the following formula:
P=[d 2 +1]P 1 –G
wherein P is a public key of collaborative signature, d 2 Is the second oneA child private key.
In an alternative embodiment of the present application, the first elliptic curve point sending module is specifically configured to:
obtaining a first elliptic curve point based on a base point of an elliptic curve parameter and a first random number, wherein the first elliptic curve point is obtained through the following formula:
V 1 =[k 1 ]G
wherein V is 1 As the first elliptic curve point, the base point, k of the G elliptic curve parameter 1 Is a first random number.
In an alternative embodiment of the present application, the first collaborative-signature module is specifically configured to:
based on the first elliptic curve point, the second random number, the digest of the premaster secret, and the second subprivate key, obtaining a collaborative signature intermediate and a first signature value includes:
acquiring a second elliptic curve point based on the first elliptic curve point, the second random number, the second subprivate key and a base point of the elliptic curve;
Acquiring a first signature value based on the second elliptic curve point and the digest of the premaster secret key;
based on the first signature value, the second random number and the second sub-private key, a collaborative signature intermediate is obtained.
In an alternative embodiment of the present application, the first collaborative-signature module is further configured to:
based on the first elliptic curve point, the second random number, the second subprivate key and the base point of the elliptic curve, the second elliptic curve point is obtained by the following formula:
V 2 =(1+d 2 )*(V 1 +[k 2 ]G)
wherein V is 2 Is the second elliptic curve point, d 2 K is the second sub private key 2 Is a second random number;
based on the second elliptic curve point and the digest of the premaster secret, a first signature value is obtained by the following formula:
r=(x 1 +e)mod n
wherein r is a first signature value, x 1 Is the second oneThe abscissa of elliptic curve point, e is the abstract of the premaster key, mod n is the operation of dividing n by the remainder, n is the order of the base point of elliptic curve;
based on the first signature value, the second random number and the second sub-private key, obtaining a collaborative signature intermediate value through the following formula:
W 2 =[k 2 +r*(1+d 2 ) -1 ]mod n
wherein W is 2 Intermediate quantity for collaborative signature.
In an alternative embodiment of the present application, the first collaborative-signature module is further configured to:
the server obtains a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub private key through the following formula:
s=[(1+d 1 ) -1 *(k 1 +W 2 )-r]mod n
Wherein s is the second signature value, d 1 Is the first child private key.
In a third aspect, embodiments of the present application provide an electronic device including a memory and a processor;
a memory having a computer program stored therein;
a processor for executing a computer program to implement the method provided in the first aspect embodiment or any of the alternative embodiments of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium, wherein the computer readable storage medium has a computer program stored thereon, which when executed by a processor implements the method provided in the embodiment of the first aspect or any of the alternative embodiments of the first aspect.
In a fifth aspect, embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from a computer readable storage medium by a processor of a computer device, which processor executes the computer instructions such that the computer device, when executed, implements the method provided in the embodiment of the first aspect or any alternative embodiment of the first aspect.
The beneficial effects that this application provided technical scheme brought are:
in the process of establishing SSL connection between the mobile terminal and the server, the mobile terminal is subjected to identity authentication by adopting a collaborative signature technology based on an SM2 algorithm, a private key in the SM2 algorithm is split into two parts which are respectively stored in the mobile terminal and the server, and even if part of the private key of the mobile terminal is leaked, the whole private key information cannot be leaked.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that are required to be used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a flow chart of an SSL connection establishment method according to an embodiment of the present application;
FIG. 2 is a flow diagram of a collaborative signature public key calculation process in one example of an embodiment of the present application;
FIG. 3 is a flow chart of a signature value calculation process of a collaborative signature in one example of an embodiment of the present application;
fig. 4 is an interactive schematic diagram of an SSL connection setup procedure in one example of the embodiment of the present application;
fig. 5 is a block diagram of an SSL connection device according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for the purpose of illustrating the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Currently, in the manner of implementing SM 2-based identity authentication and digital signature by a mobile terminal, there are two general cases of using TF card:
the first mode can customize a safe mobile phone, solidify an operating system of the mobile phone, build in a TF card and a middleware interface, and add a service APP into an application list of the safe mobile phone; and the second customized mobile terminal management suite, wherein the user purchases the TF card and installs corresponding software, and the mobile terminal security management suite completes the adapting and docking with the application. The mode has higher requirements on mobile phone hardware, the mobile phone must be provided with two hardware card slots, one card slot is used for placing the TF card, the other mobile communication card needs to be bound and associated with the TF card, and business personnel must be provided with a special safe mobile phone or purchase the TF card, so that extra hardware cost is required.
In another mode, the SM2 soft algorithm is packaged into a library in the mobile terminal for the mobile APP to call corresponding password operation, no additional password equipment is needed, the secret key is stored in the local mobile terminal, and the user can realize the identity authentication and the digital signature of the SM2 algorithm based on the soft algorithm. However, the mode key is stored locally in the mobile terminal, no special hardware protection key is used for safety, the system safety is poor, and the mode key is a safety risk point of an application system.
In view of the above problems, the present application uses a collaborative signature technology based on an SM2 algorithm in an SSL connection establishment procedure, and in particular, an embodiment of the present application provides an SSL connection establishment scheme applicable to a mobile terminal, and the scheme will be described in detail below.
Fig. 1 is a flow chart of an SSL connection establishment method provided in an embodiment of the present application, where a mobile terminal may be a mobile terminal (e.g. a mobile phone), and the mobile terminal and a server that request to establish an SSL connection share elliptic curve parameters of an SM2 algorithm, the server stores a first subprivate key of a collaborative signature, and the mobile terminal stores a second subprivate key of the collaborative signature and a collaborative signature certificate, and the method may include:
step S101, the mobile terminal sends the mobile terminal hello to the server.
The ClientHello may include SSL version information, session ID, mobile terminal random number, and a cipher suite supported by the mobile terminal.
Specifically, before the mobile terminal initiates the SSL connection establishment request, that is, before the ClientHello is sent out, the mobile terminal stores the second private key and the collaborative signature certificate for the subsequent collaborative signature, and the server stores the first private key for the subsequent collaborative signature. Compared with the digital signature of the existing SM2 algorithm, in the embodiment of the application, the private key is split into two parts, namely a first private key and a second private key, which are respectively stored in the server and the mobile terminal.
Step S102, after the server side responds to the ClientHello and sends the server side hello to the mobile terminal, the server side generates a first random number, acquires a first elliptic curve point based on a base point of an elliptic curve parameter and the first random number, and sends a server side signature certificate, a server side signature and the first elliptic curve point to the mobile terminal.
Specifically, after receiving the ClientHello sent by the mobile terminal, the server checks the condition specifying the mobile terminal hello, such as SSL version and encryption suite, and if the server accepts and supports all the conditions, it sends ServerHello, serverHello a server signature certificate and other detailed information of the server to the mobile terminal, otherwise, the server sends a handshake failure message.
Specifically, the difference between the method and the device is that in the embodiment of the application, after the ClientHello and ServerHello are completed, the server sends a server signature certificate and a server signature, so that the mobile terminal verifies the identity of the server, and a first elliptic curve point is needed to be sent, and the first elliptic curve point is used for the subsequent collaborative signature generation process.
Step S103, after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, the mobile terminal generates a second random number, obtains a digest of the premaster secret key, obtains a collaborative signature intermediate quantity and a first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret key and the second subprivate key, and sends the collaborative signature intermediate quantity, the first signature value, the premaster secret key and the collaborative signature certificate to the server.
Specifically, the mobile terminal verifies the signature of the server by using the public key in the signature certificate of the server, if the verification is successful, the authentication is successful, otherwise, the authentication is failed. On the other hand, the mobile terminal needs to further perform collaborative signature, specifically, the mobile terminal performs signature preprocessing on the premaster secret key to obtain a digest of the premaster secret key, and then obtains a collaborative signature intermediate quantity and a first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret key and the second subprivate key, wherein the first signature value is only a part of the final signature value, and the signature value of the other part needs to be obtained at the server.
Step S104, the server obtains a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub private key, after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server respectively generate a session key based on the premaster secret key, the mobile terminal sends a handshake ending message to the server, and the server sends the handshake ending message to the mobile terminal, namely SSL connection between the mobile terminal and the server is established.
Specifically, the server receives the cooperative signature intermediate quantity, the first signature value and the cooperative signature certificate sent by the mobile terminal, and firstly obtains a second signature value based on the cooperative signature intermediate quantity, the first signature value and the first sub-private key, so as to obtain a complete signature value containing the first signature value and the second signature value. And the server side verifies the complete signature value by utilizing the collaborative signature certificate, namely, the signature is verified by utilizing a public key in the collaborative signature, and if the verification is successful, the identity authentication of the mobile terminal is proved to pass.
In the foregoing steps, the identity authentication of the mobile terminal to the server and the identity authentication of the server to the mobile terminal are respectively completed, and then the mobile terminal and the server respectively send handshake ending messages to each other, so that SSL connection between the mobile terminal and the server is established.
After the server sends ServerHello, the server sends an encryption certificate to the mobile terminal, where the encryption certificate includes a public key used for key exchange, and in a subsequent step, the server encrypts the premaster secret key by using the public key of the encryption certificate. After the authentication of the mobile terminal by the server passes, the encrypted premaster secret key is decrypted by adopting the corresponding private key, and the corresponding session key is acquired based on the premaster secret key. After the SSL connection is established, the mobile terminal and the server will perform data transmission based on the session key.
According to the scheme provided by the embodiment of the application, in the process of establishing SSL connection between the mobile terminal and the server, the collaborative signature technology based on the SM2 algorithm is adopted for carrying out identity authentication on the mobile terminal, the private key in the SM2 algorithm is split into two parts to be respectively stored in the mobile terminal and the server, and even if part of the private key of the mobile terminal is leaked, the whole private key information cannot be leaked, the scheme does not need to increase hardware expenditure, the security is higher, and the scheme is more suitable for establishing SSL connection between the mobile terminal and the server.
In an alternative embodiment of the present application, before the mobile terminal sends the mobile terminal greeting ClientHello to the server-side, the method may further include:
the server generates a first sub private key, and the mobile terminal generates a second sub private key;
the server side obtains a first elliptic curve point based on the first sub private key and the elliptic curve base point and sends the first elliptic curve point to the mobile terminal;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point, and applies for the digital certificate system to obtain a collaborative signature certificate based on the collaborative signature public key.
The mobile terminal and the server terminal participating in the collaborative signature share elliptic curve parameters E (Fq), G and n of an SM2 algorithm, wherein the elliptic curve E is an elliptic curve defined on a finite field Fq, and G is an n-order base point on the elliptic curve E.
Specifically, as shown in fig. 2, the server obtains a first elliptic curve point based on the first subprivate key and the elliptic curve base point by the following formula:
P 1 =[d 1 +1]G
wherein P is 1 Is the first elliptic curve point, d 1 Is a first sub-private key, and is [1, n-2 ]]The large integer between G is the base point of the elliptic curve;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point through the following formula:
P=[d 2 +1]P 1 –G
wherein P is a public key of collaborative signature, d 2 Is a second sub-private key, and is [1, n-2 ]]Large integers in between.
It should be noted that splitting the private key into d 1 And d 2 The complete secret key can not be directly obtained by the server side or the mobile terminal, and the security of the private key can be ensured by the method.
In an alternative embodiment of the present application, the first elliptic curve point is obtained based on the base point of the elliptic curve parameter and the first random number, and is obtained by the following formula:
V 1 =[k 1 ]G
wherein V is 1 As the first elliptic curve point, the base point, k of the G elliptic curve parameter 1 Is a first random number, and k 1 ∈[1,n-1]。
Specifically, in the collaborative signature process, after the server sends ClientHello, a corresponding first elliptic curve point V is generated according to a first random number 1 Which will be used for subsequent signature value calculations.
In an alternative embodiment of the present application, obtaining the collaborative signature intermediate quantity and the first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret, and the second subprivate key includes:
acquiring a second elliptic curve point based on the first elliptic curve point, the second random number, the second subprivate key and a base point of the elliptic curve;
acquiring a first signature value based on the second elliptic curve point and the digest of the premaster secret key;
based on the first signature value, the second random number and the second sub-private key, a collaborative signature intermediate is obtained.
Specifically, as shown in fig. 3, based on the first elliptic curve point, the second random number, the second subprivate key, and the base point of the elliptic curve, the second elliptic curve point is obtained by the following formula:
V 2 =(1+d 2 )*(V 1 +[k 2 ]G)
wherein V is 2 Is the second elliptic curve point, d 2 K is the second sub private key 2 Is a second random number, and k 2 ∈[1,n-1]。
Based on the second elliptic curve point and the digest of the premaster secret, a first signature value is obtained by the following formula:
r=(x 1 +e)mod n
wherein r is a first signature value, x 1 Is the abscissa of the second elliptic curve point, e is the premaster secretMod n is the operation of dividing n by the remainder, n being the order of the base point of the elliptic curve.
It should be noted that, if r is equal to 0, the server terminal regenerates the first random number and then performs the above calculation until r is not equal to 0, and then performs the subsequent calculation.
Based on the first signature value, the second random number and the second sub-private key, obtaining a collaborative signature intermediate value through the following formula:
W 2 =[k 2 +r*(1+d 2 ) -1 ]mod n
wherein W is 2 Intermediate quantity for collaborative signature.
The server obtains a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub private key through the following formula:
s=[(1+d 1 ) -1 *(k 1 +W 2 )-r]mod n
wherein s is the second signature value, d 1 Is the first child private key.
It should be noted that, if s is equal to 0, the server generates the first random number again and then performs the above calculation until s is not equal to 0, so as to obtain the complete signature value.
Fig. 4 is an interaction diagram of the SSL connection establishment procedure provided in the present application, which may include the following steps:
1) ClientHello: the mobile terminal sends ClientHello to the server, and the message contains SSL version information, session ID, mobile terminal random number and encryption suite supported by the mobile terminal;
2) ServerHello: the server sends ServerHello, which checks the conditions specifying the mobile end hello such as version and encryption suite, if the server accepts and supports all the conditions, it will send its certificate and other detailed information, otherwise the server will send handshake failure message;
3) Server Certificate \Key Change\request: the server side sends the server signature certificate, the encryption certificate and the key exchange parameter, and the server signature, V 1 Requesting a mobile terminal certificate type list to be sent to the mobile terminal;
4) Client Certificate \Key Change\ Certificate Verify: the mobile terminal sends the mobile terminal signature certificate, encryption certificate, key exchange parameter and premaster secret key (encrypted by the public key in the teaching secret certificate sent by the server), r, W 2 Giving the server side;
5) The server side completes signature operation to obtain signature results s and r, and the public key is acquired from the mobile terminal certificate to check the signature value, and the mobile terminal and the server side respectively generate a session key based on the premaster secret key;
6) The mobile terminal sends a handshake ending message;
7) The server sends a handshake ending message;
8) Both parties encrypt the message to be transmitted using the session key.
As can be seen from the above examples, this solution has the following beneficial effects: the cost is saved, and the cost of additionally providing password hardware on the mobile phone terminal is saved. The security is high, and the identity authentication security and the transmission security of the mobile terminal and the server side are ensured by combining the collaborative signature and the SSL technology. The method has strong practicability, fully utilizes the prior SSL technology and collaborative signature technology, has small system transformation and short implementation period. Compared with the prior technical scheme of initiating collaborative signature from a mobile terminal, the method is simpler, saves more time, and does not need to configure an independent collaborative signature server in the interaction process.
Fig. 5 is a block diagram of an SSL connection establishment device, where, as shown in fig. 5, a mobile terminal and a server that request to establish an SSL connection share elliptic curve parameters of an SM2 algorithm, the server stores a first public key with a cooperative signature, and the mobile terminal stores a second private key with a cooperative signature and a cooperative signature certificate, and the device 500 may include: a mobile terminal hello sending module 501, a first elliptic curve point sending module 502, a first collaborative-signature module 503, and a second collaborative-signature module 504, wherein:
the mobile terminal hello sending module 501 is configured to send a mobile terminal hello to a server;
the first elliptic curve point sending module 502 is configured to generate a first random number by the server after the server sends a server hello to the mobile terminal in response to the ClientHello, obtain a first elliptic curve point based on a base point of an elliptic curve parameter and the first random number, and send a server signature certificate, a server signature and the first elliptic curve point to the mobile terminal;
the first collaborative signature module 503 is configured to generate a second random number and obtain a digest of a premaster secret key after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, obtain a collaborative signature intermediate and a first signature value based on a first elliptic curve point, the second random number, the digest of the premaster secret key and a second subprivate key, and send the collaborative signature intermediate, the first signature value, the premaster secret key and the collaborative signature certificate to the server;
The second collaborative signature module 504 is configured to obtain a second signature value by using the server based on the collaborative signature intermediate quantity, the first signature value and the first subprivate key, and after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server generate a session key based on the premaster secret key respectively, the mobile terminal sends a handshake end message to the server, and the server sends the handshake end message to the mobile terminal, that is, an SSL connection between the mobile terminal and the server is established.
According to the scheme, in the process of establishing SSL connection between the mobile terminal and the server, the mobile terminal is subjected to identity authentication by adopting a collaborative signature technology based on an SM2 algorithm, the private key in the SM2 algorithm is split into two parts which are respectively stored in the mobile terminal and the server, and even if part of the private key of the mobile terminal is leaked, the whole private key information cannot be leaked, the scheme does not need to increase hardware expenditure, the security is higher, and the scheme is more suitable for establishing SSL connection between the mobile terminal and the server.
In an alternative embodiment of the present application, the apparatus further includes a collaborative-signature certificate acquisition module configured to:
Before the mobile terminal sends the mobile terminal greeting ClientHello to the server, the server generates a first sub-private key, and the mobile terminal generates a second sub-private key;
the server side obtains a first elliptic curve point based on the first sub private key and the elliptic curve base point and sends the first elliptic curve point to the mobile terminal;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point, and applies for the digital certificate system to obtain a collaborative signature certificate based on the collaborative signature public key.
In an alternative embodiment of the present application, the collaborative-signature certificate acquisition module is specifically configured to:
the server obtains a first elliptic curve point based on the first sub private key and an elliptic curve base point through the following formula:
P 1 =[d 1 +1]G
wherein P is 1 Is the first elliptic curve point, d 1 G is an elliptic curve base point and is a first subprivate key;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point through the following formula:
P=[d 2 +1]P 1 –G
wherein P is a public key of collaborative signature, d 2 Is the second child private key.
In an alternative embodiment of the present application, the first elliptic curve point sending module is specifically configured to:
obtaining a first elliptic curve point based on a base point of an elliptic curve parameter and a first random number, wherein the first elliptic curve point is obtained through the following formula:
V 1 =[k 1 ]G
Wherein V is 1 As the first elliptic curve point, the base point, k of the G elliptic curve parameter 1 Is a first random number.
In an alternative embodiment of the present application, the first collaborative-signature module is specifically configured to:
based on the first elliptic curve point, the second random number, the digest of the premaster secret, and the second subprivate key, obtaining a collaborative signature intermediate and a first signature value includes:
acquiring a second elliptic curve point based on the first elliptic curve point, the second random number, the second subprivate key and a base point of the elliptic curve;
acquiring a first signature value based on the second elliptic curve point and the digest of the premaster secret key;
based on the first signature value, the second random number and the second sub-private key, a collaborative signature intermediate is obtained.
In an alternative embodiment of the present application, the first collaborative-signature module is further configured to:
based on the first elliptic curve point, the second random number, the second subprivate key and the base point of the elliptic curve, the second elliptic curve point is obtained by the following formula:
V 2 =(1+d 2 )*(V 1 +[k 2 ]G)
wherein V is 2 Is the second elliptic curve point, d 2 K is the second sub private key 2 Is a second random number;
based on the second elliptic curve point and the digest of the premaster secret, a first signature value is obtained by the following formula:
r=(x 1 +e)mod n
Wherein r is a first signature value, x 1 E is the abstract of the premaster key, mod n is the operation of dividing n and taking the remainder, n is the order of the base point of the elliptic curve;
based on the first signature value, the second random number and the second sub-private key, obtaining a collaborative signature intermediate value through the following formula:
W 2 =[k 2 +r*(1+d 2 ) -1 ]mod n
wherein W is 2 Intermediate quantity for collaborative signature.
In an alternative embodiment of the present application, the first collaborative-signature module is further configured to:
the server obtains a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub private key through the following formula:
s=[(1+d 1 ) -1 *(k 1 +W 2 )-r]mod n
wherein s is the second signature value, d 1 Is the first child private key.
Referring now to fig. 6, a schematic diagram of a configuration of an electronic device (e.g., a terminal device or server that performs the method of fig. 1) 600 suitable for use in implementing embodiments of the present application is shown. The electronic devices in the embodiments of the present application may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), wearable devices, and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 6 is only an example and should not impose any limitation on the functionality and scope of use of the embodiments of the present application.
An electronic device includes: the memory is used for storing programs for executing the methods according to the method embodiments; the processor is configured to execute a program stored in the memory. Herein, the processor may be referred to as a processing device 601, which is described below, and the memory may include at least one of a Read Only Memory (ROM) 602, a Random Access Memory (RAM) 603, and a storage device 608, which are described below, in detail:
as shown in fig. 6, the electronic device 600 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 601, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage means 608 into a Random Access Memory (RAM) 603. In the RAM603, various programs and data required for the operation of the electronic apparatus 600 are also stored. The processing device 601, the ROM 602, and the RAM603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
In general, the following devices may be connected to the I/O interface 605: input devices 606 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, and the like; an output device 607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 608 including, for example, magnetic tape, hard disk, etc.; and a communication device 609. The communication means 609 may allow the electronic device 600 to communicate with other devices wirelessly or by wire to exchange data. While fig. 6 shows an electronic device having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via communication means 609, or from storage means 608, or from ROM 602. The above-described functions defined in the methods of the embodiments of the present application are performed when the computer program is executed by the processing means 601.
It should be noted that the computer readable storage medium described in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal that propagates in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.
In some embodiments, the mobile terminal, server, may communicate using any currently known or future developed network protocol, such as HTTP (HyperText Transfer Protocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.
The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.
The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to:
the mobile terminal sends a mobile terminal greeting ClientHello to a server; after the server side responds to the ClientHello and sends a server side hello to the mobile terminal, the server side generates a first random number, acquires a first elliptic curve point based on a base point of an elliptic curve parameter and the first random number, and sends a server side signature certificate, a server side signature and the first elliptic curve point to the mobile terminal; after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, the mobile terminal generates a second random number, acquires a summary of the premaster secret key, acquires a collaborative signature intermediate quantity and a first signature value based on a first elliptic curve point, the second random number, the summary of the premaster secret key and a second subprivate key, and sends the collaborative signature intermediate quantity, the first signature value, the premaster secret key and the collaborative signature certificate to the server; the server acquires a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub-private key, after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server respectively generate a session key based on the premaster secret key, the mobile terminal sends a handshake ending message to the server, and the server sends the handshake ending message to the mobile terminal, namely SSL connection between the mobile terminal and the server is established.
Computer program code for carrying out operations of the present application may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules or units involved in the embodiments of the present application may be implemented by software, or may be implemented by hardware. The name of a module or unit is not limited to the unit itself in some cases, and for example, the first program switching module may also be described as "a module that switches the first program".
The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a Complex Programmable Logic Device (CPLD), and the like.
In the context of this application, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It will be clearly understood by those skilled in the art that, for convenience and brevity of description, a specific method implemented by the above-described computer readable medium when executed by an electronic device may refer to a corresponding procedure in the foregoing method embodiment, which is not described herein again.
Embodiments of the present application provide a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions such that the computer device performs:
the mobile terminal sends a mobile terminal greeting ClientHello to a server; after the server side responds to the ClientHello and sends a server side hello to the mobile terminal, the server side generates a first random number, acquires a first elliptic curve point based on a base point of an elliptic curve parameter and the first random number, and sends a server side signature certificate, a server side signature and the first elliptic curve point to the mobile terminal; after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, the mobile terminal generates a second random number, acquires a summary of the premaster secret key, acquires a collaborative signature intermediate quantity and a first signature value based on a first elliptic curve point, the second random number, the summary of the premaster secret key and a second subprivate key, and sends the collaborative signature intermediate quantity, the first signature value, the premaster secret key and the collaborative signature certificate to the server; the server acquires a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub-private key, after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server respectively generate a session key based on the premaster secret key, the mobile terminal sends a handshake ending message to the server, and the server sends the handshake ending message to the mobile terminal, namely SSL connection between the mobile terminal and the server is established.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.

Claims (10)

1. A method for establishing an SSL connection of a secure socket, wherein a mobile terminal requesting to establish an SSL connection and a server share elliptic curve parameters of an SM2 algorithm, the server stores a first subprivate key with a cooperative signature, and the mobile terminal stores a second subprivate key with a cooperative signature and a cooperative signature certificate, the method comprising:
The mobile terminal sends a mobile terminal greeting ClientHello to the service terminal;
after the server responds to the ClientHello and sends a server hello to the mobile terminal, the server generates a first random number, acquires a first elliptic curve point based on a base point of the elliptic curve parameter and the first random number, and sends a server signature certificate, a server signature and the first elliptic curve point to the mobile terminal;
after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, the mobile terminal generates a second random number, obtains a digest of a premaster secret key, obtains a cooperative signature intermediate quantity and a first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret key and the second subprivate key, and sends the cooperative signature intermediate quantity, the first signature value, the premaster secret key and the cooperative signature certificate to the server;
the server acquires a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub private key, after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server generate a session key based on the premaster secret key respectively, the mobile terminal sends a handshake ending message to the server, and the server sends the handshake ending message to the mobile terminal, namely SSL connection between the mobile terminal and the server is established.
2. The method of claim 1, wherein before the mobile terminal sends a mobile terminal greeting ClientHello to the server-side, the method further comprises:
the server generates a first sub private key, and the mobile terminal generates a second sub private key;
the server acquires a first elliptic curve point based on the first subprivate key and the elliptic curve base point, and sends the first elliptic curve point to the mobile terminal;
and the mobile terminal acquires a collaborative signature public key based on the second sub private key and the first elliptic curve point, and applies for the digital certificate system to acquire the collaborative signature certificate based on the collaborative signature public key.
3. The method of claim 2, wherein the server obtains a first elliptic curve point based on the first subprivate key and the elliptic curve base point by the following formula:
P 1 =[d 1 +1]G
wherein P is 1 D, as the first elliptic curve point 1 G is the base point of the elliptic curve for the first sub private key;
the mobile terminal obtains a collaborative signature public key based on the second sub private key and the first elliptic curve point through the following formula:
P=[d 2 +1]P 1 –G
Wherein P is a public key of collaborative signature, d 2 Is the second child private key.
4. The method of claim 1, wherein a first elliptic curve point is obtained based on the base point of the elliptic curve parameter and the first random number by the following formula:
V 1 =[k 1 ]G
wherein V is 1 For the first elliptic curve point, G is the base point, k of the elliptic curve parameters 1 Is the first random number.
5. The method of claim 4, wherein obtaining a collaborative signature intermediate and a first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret, and the second subprivate key comprises:
acquiring a second elliptic curve point based on the first elliptic curve point, the second random number, the second subprivate key and the base point of the elliptic curve;
acquiring the first signature value based on the second elliptic curve point and the digest of the premaster secret key;
and acquiring the collaborative signature intermediate quantity based on the first signature value, the second random number and the second sub private key.
6. The method of claim 5, wherein a second elliptic curve point is obtained based on the first elliptic curve point, the second random number, the second subprivate key and the base point of the elliptic curve by the following formula:
V 2 =(1+d 2 )*(V 1 +[k 2 ]G)
Wherein V is 2 D, as the second elliptic curve point 2 K is the second sub private key 2 Is the second random number;
based on the second elliptic curve point and the digest of the premaster secret, the first signature value is obtained by the following formula:
r=(x 1 +e)mod n
wherein r is the first signature value, x 1 E is the abstract of the premaster key, mod n is the operation of dividing n and taking the remainder, and n is the order of the base point of the elliptic curve;
based on the first signature value, the second random number and the second sub-private key, the collaborative signature intermediate quantity is obtained through the following formula:
W 2 =[k 2 +r*(1+d 2 ) -1 ]mod n
wherein W is 2 Intermediate quantity for collaborative signature.
7. The method of claim 6, wherein the server obtains a second signature value based on the collaborative signature intermediate, the first signature value, and the first subprivate key by:
s=[(1+d 1 ) -1 *(k 1 +W 2 )-r]mod n
wherein s is the second signature value, d 1 Is the first child private key.
8. An SSL connection establishment device, wherein a mobile terminal requesting to establish an SSL connection and a server share elliptic curve parameters of an SM2 algorithm, the server stores a first sub-private key cooperatively signed, and the mobile terminal stores a second sub-private key cooperatively signed and a cooperatively signed certificate, the device comprising:
A mobile terminal hello sending module, configured to send a mobile terminal hello to the server;
the first elliptic curve point sending module is used for generating a first random number by the server after the server responds to the ClientHello to send a server hello to the mobile terminal, acquiring a first elliptic curve point based on the base point of the elliptic curve parameter and the first random number, and sending a server signature certificate, a server signature and the first elliptic curve point to the mobile terminal;
the first collaborative signature module is used for generating a second random number by the mobile terminal after the mobile terminal passes the authentication of the server based on the server signature certificate and the server signature, acquiring a digest of a premaster secret key, acquiring a collaborative signature intermediate quantity and a first signature value based on the first elliptic curve point, the second random number, the digest of the premaster secret key and the second subprivate key, and transmitting the collaborative signature intermediate quantity, the first signature value, the premaster secret key and the collaborative signature certificate to the server;
The second collaborative signature module is configured to obtain a second signature value based on the collaborative signature intermediate quantity, the first signature value and the first sub-private key by the server, and after the server verifies the identity of the mobile terminal by using the collaborative signature certificate, the first signature value and the second signature value, the mobile terminal and the server generate a session key based on the premaster secret key respectively, the mobile terminal sends a handshake end message to the server, and the server sends a handshake end message to the mobile terminal, that is, SSL connection between the mobile terminal and the server is established.
9. An electronic device comprising a memory and a processor;
the memory stores a computer program;
the processor for executing the computer program to implement the method of any one of claims 1 to 7.
10. A computer readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the method of any of claims 1 to 7.
CN202111183803.1A 2021-10-11 2021-10-11 SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium Active CN113904773B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111183803.1A CN113904773B (en) 2021-10-11 2021-10-11 SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111183803.1A CN113904773B (en) 2021-10-11 2021-10-11 SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN113904773A CN113904773A (en) 2022-01-07
CN113904773B true CN113904773B (en) 2023-07-07

Family

ID=79191534

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111183803.1A Active CN113904773B (en) 2021-10-11 2021-10-11 SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN113904773B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378615B (en) * 2022-09-15 2025-01-21 博雅中科(北京)信息技术有限公司 Collaborative signature method, device, electronic device and storage medium
CN116318706A (en) * 2023-01-16 2023-06-23 环汇科技(福建)有限公司 Line encryption method, device and medium based on ECC algorithm
CN116436618B (en) * 2023-06-07 2023-08-22 江苏意源科技有限公司 Intelligent code scanning signature system and intelligent code scanning signature method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009143712A1 (en) * 2008-05-28 2009-12-03 北京易恒信认证科技有限公司 Compound public key generating method
CN104580189A (en) * 2014-12-30 2015-04-29 北京奇虎科技有限公司 Safety communication system
CN106790090A (en) * 2016-12-23 2017-05-31 北京奇虎科技有限公司 Communication means, apparatus and system based on SSL
CN109272314A (en) * 2018-08-14 2019-01-25 中国科学院数据与通信保护研究教育中心 A kind of safety communicating method and system cooperateing with signature calculation based on two sides
CN109302369A (en) * 2017-07-24 2019-02-01 贵州白山云科技股份有限公司 A kind of data transmission method and device based on key authentication
CN111865939A (en) * 2020-07-02 2020-10-30 上海缔安科技股份有限公司 Point-to-point national secret tunnel establishment method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102444239B1 (en) * 2016-01-21 2022-09-16 삼성전자주식회사 A security chip, an application processor, a device including the security chip, and an operating method thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009143712A1 (en) * 2008-05-28 2009-12-03 北京易恒信认证科技有限公司 Compound public key generating method
CN104580189A (en) * 2014-12-30 2015-04-29 北京奇虎科技有限公司 Safety communication system
CN106790090A (en) * 2016-12-23 2017-05-31 北京奇虎科技有限公司 Communication means, apparatus and system based on SSL
CN109302369A (en) * 2017-07-24 2019-02-01 贵州白山云科技股份有限公司 A kind of data transmission method and device based on key authentication
CN109272314A (en) * 2018-08-14 2019-01-25 中国科学院数据与通信保护研究教育中心 A kind of safety communicating method and system cooperateing with signature calculation based on two sides
CN111865939A (en) * 2020-07-02 2020-10-30 上海缔安科技股份有限公司 Point-to-point national secret tunnel establishment method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于PKI的无线异构网接入认证;袁理;黄大海;;软件导刊(第02期);全文 *

Also Published As

Publication number Publication date
CN113904773A (en) 2022-01-07

Similar Documents

Publication Publication Date Title
CN113904773B (en) SSL connection establishment method, SSL connection establishment device, electronic equipment and computer readable storage medium
CN117061105B (en) Data processing method, device, readable medium and electronic device
JP7235930B2 (en) Methods and apparatus, electronic devices, storage media and computer programs for processing data requests
CN111199037B (en) Login method, system and device
CN111786955B (en) Method and apparatus for protecting a model
CN117176340A (en) A communication method based on MQTT protocol and resistant to quantum attacks
CN110851210A (en) Interface program calling method, device, equipment and storage medium
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
CN113783966A (en) Data transmission method and device, readable medium and electronic equipment
CN111327605A (en) Method, terminal, server and system for transmitting private information
CN113810779A (en) Code stream signature checking method and device, electronic equipment and computer readable medium
CN115296807B (en) Key generation method, device and equipment for preventing industrial control network viruses
CN112329044A (en) Information acquisition method and device, electronic equipment and computer readable medium
CN116502189A (en) Software authorization method, system, device and storage medium
CN114499893B (en) Blockchain-based method and system for encryption and storage of tender documents
CN113343259B (en) SM 2-based joint signature realization method and device, electronic equipment and storage medium
CN114780124A (en) Differential upgrading method, device, medium and electronic equipment
CN113742774A (en) Data processing method and device, readable medium and electronic equipment
CN112667992A (en) Authentication method, authentication device, storage medium, and electronic apparatus
CN114297614B (en) SE-based TLS two-way authentication method, terminal device and readable storage medium
CN115378743B (en) Information encryption transmission method, device, equipment and medium
CN116738472B (en) Task data encryption method, device and equipment applied to task data interaction
CN115296934B (en) Information transmission method and device based on industrial control network intrusion and electronic equipment
CN112468470B (en) Data transmission method and device and electronic equipment
CN114915487B (en) Terminal authentication method, system, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant