Bidirectional authentication method, device and system

Abstract

The invention discloses a bidirectional authentication method, device and system and belongs to the technical field of network safety. The bidirectional authentication method comprises the steps that firstly, a first encryption key word is generated; secondly, an authentication request and the first encryption key word are sent; thirdly, authentication information is received; fourthly, decryption is conducted on the authentication information; fifthly, the authentication information is verified; sixthly, a logging-in request is sent; seventhly, a second encryption key word is received; eighthly, logging-in information is encrypted; ninthly, the logging-in information is sent so that decryption verification can be conducted; tenthly, bidirectional authentication is passed, and connection is established. By the adoption of the bidirectional authentication method, device and system, bidirectional hardware authentication of the host of a corresponding side and an opposite-end device of unidirectional isolation optical gate can be achieved, connection cheating is avoided, the safety of the information transmission process is guaranteed, and therefore the safety of a unidirectional importing system is guaranteed.

Description

technical field [0001] The present invention relates to the field of network security, in particular to a method, device and system for two-way authentication. Background technique [0002] With the continuous development of networked e-government, government departments at all levels have built a large number of networks and application systems, which are physically or logically separated due to different application scenarios, different users, and different data security requirements. Multiple divisions were made. [0003] In these networking applications, there are often cases where data content needs to be exchanged between multiple networks with different security levels, and even some high-security networks are themselves classified networks. Faced with this situation, in accordance with the requirements of the State Security Bureau for physical isolation, and at the same time to meet the data transmission between different networks, a one-way physical isolation trans...

AI Technical Summary

Problems solved by technology

[0005] In this way, although the one-way import system has increased security protection and audit capabilities, the security of the entire system needs to be further improved, especially the external network hosts that import the front-end processor and the one-way isolation optical gate, and the import server and the one-way isolation optical gate. The security problem of the connection between the intranet hosts of the gate

[0006] In order to ensure connection security, the following two authentication methods are usually used in the prior art: one is to use user name and password for identity authentication, the disadvantage of this method is that it cannot verify the hardware information of the connected machine, so connection fraud cannot be avoided , can only meet the network requirements that do not require high security; the other is to use digital certificates for identity authentication. Although hardware detection can be performed using specified digital certificates, the digital certificate mode cannot perform bidirectional detection, and there is no guarantee to avoid connection spoofing

Images