Data transmission method and device based on key authentication

Abstract

The invention discloses a data transmission method and device based on key authentication. The method comprises the following steps: sending digital certificate information to a client by a server, and sending summary information of the digital certificate information and a combined unique identifier value including a handshake information context information identifier and a digital certificate information identifier to a key server; determining a private key corresponding to the digital certificate information by the key server according to the summary information, signing the combined unique identifier value by using the private key, sending a signature value to the server, and sending the signature value to the client by the server; and after the client verifies that the signature value is valid by using a public key corresponding to the digital certificate information, carrying out data interaction by the client and the server. According to the data transmission method provided bythe invention, the problem of the server that the private key must be deployed at the front end and the client executes TLS 1.3 handshaking is solved, and the private key and a certificate are deployed on different equipment, so that the server cannot read private key contents, thus the probability of private key leakage is reduced, and the safety of the private key is guaranteed.

Description

technical field [0001] The invention relates to the technical field of the Internet, in particular to a data transmission method and device based on key authentication. Background technique [0002] There is a handshake in the current Secure Socket Layer (Secure Socket Layer, SSL) / Transport Layer Security protocol (TransportLayer Security, TLS) protocol (including the following versions: SSL3.0, TLS1.0, TLS1.1, TLS1.2) links. [0003] In some existing related technologies, a "no private key" solution is proposed for the SSL / TLS protocol of TLS1.2 and previous versions (SSL3.0, TLS1.0, TLS1.1). During the protocol handshake process, it is processed based on the flow of the specific protocol, so that the server does not need to deploy the private key text locally. [0004] In other existing related technologies, in the handshake link, the servers of the two parties to the handshake need to use the private key corresponding to the digital certificate to complete the handsha...

AI Technical Summary

Problems solved by technology

[0045] 1) Copies of the private key widely exist in multiple servers, and the possibility of private key leakage increases due to attacks

[0046] 2) For CDN and other types of network service providers, since the services of the SSL / TLS protocol are provided by these manufacturers, the user provides the private key to the service provider to increase the possibility of private key leakage

[0065] The existing data transmission process applied to the TLS1.3 protocol has the problem that the private key is easily leaked, and the existing process needs to be improved to ensure the security of the private key

Images