Unlock instant, AI-driven research and patent intelligence for your innovation.

Client authentication method and computer-readable storage medium

An authentication method and storage medium technology, applied in the field of client authentication method and computer-readable storage medium, can solve problems such as inability to guarantee security, and achieve the effect of preventing server software from being linked and ensuring security

Pending Publication Date: 2019-03-15
XIAMEN YAXON NETWORKS CO LTD
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method is suitable for remote authentication, but there is a hidden danger, that is, if there is a rogue software on the device running the client at the same time, this rogue software can steal the digital certificate of the client, and the rogue software can send this digital certificate to the server. The server can consider the current rogue software to be legitimate
Therefore, the scheme cannot guarantee security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Client authentication method and computer-readable storage medium
  • Client authentication method and computer-readable storage medium
  • Client authentication method and computer-readable storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0082] Please refer to figure 2 , Embodiment 1 of the present invention is: a client authentication method, the method is based on trustzone, and is suitable for running in a trustzone dual operating system environment. In this embodiment, the software running on a common operating system is called client software (CA), the software running under the safe operating system is called server software (SA), and the described method comprises the following steps:

[0083] S101: The development host generates a pair of corresponding public key and private key, and saves the public key in the secure operating system; further, saves the public key in a secure storage area of ​​the secure operating system. Among them, the development host generally refers to a personal computer, that is, a computer device, on which tools required for developing client software are installed, and all client software is encrypted and signed with the private key in the same pair of public and private key...

Embodiment 2

[0093] Please refer to image 3 , this embodiment is a further expansion of Embodiment 1. After step S107 determines that the authentication is successful, it also includes the following steps:

[0094] S201: The security operating system generates a symmetrical communication key, starts the server software corresponding to the client software at the same time, and transmits the communication key to the server software; the authentication center passes the key of the security operating system The library generates a symmetric communication key key, and at the same time starts the server software SA corresponding to the client software, and transfers the communication key key to the server software SA as the data communication key of the server software.

[0095] S202: The secure operating system returns the decrypted client software and the communication key to the common operating system; further, the secure operating system decrypts the client software CA in clear text obtai...

Embodiment 3

[0101] Please refer to Figure 4-5 , this embodiment is a specific application scenario of the foregoing embodiment.

[0102] first, Figure 4 It is a block diagram of the system communication model of dual operating systems based on trustzone. The two operating systems are respectively a secure operating system and a common operating system. The two operating systems communicate data through the underlying common communication driver and the secure communication driver.

[0103]Among them, tee-supplicant is an application program running under the common operating system, which mainly provides services for the secure operating system. For example, the secure operating system can read and write the file system of the common operating system through the tee-supplicant application program, or start the file system under the normal operating system. Some applications, such as starting the client program;

[0104] Client API is the client system call interface under the common o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a client authentication method and a computer-readable storage medium. The method includes: generating a pair of a corresponding public key and private key by a development host, and saving the public key into a secure operating system; using the private key to carry out encryption and signature on client software to obtain encrypted client software and a digital signature;using the public key to carry out decryption on the encrypted client software and the digital signature by the secure operating system to obtain client software and a first digest value; carrying outdigest operation on the client software, which is obtained by decryption, to obtain a second digest value; and if the first digest value is consistent with the second digest value, determining that authentication is successful. According to the method, identity authentication is carried out through the client software and the digital signature at the same time, and security is effectively guaranteed; and the client software is loaded by the secure operating system, and the client software is authenticated and started, and illegal client software can be effectively prevented from linking service-end software.

Description

technical field [0001] The invention relates to the technical field of trustzone, in particular to a client authentication method and a computer-readable storage medium. Background technique [0002] Trustzone technology is a trusted zone technology on the ARM processor, which can divide the hardware resources and software resources on the processor into two operating environments: a trusted environment and an untrusted environment. Run a secure operating system in a trusted environment, and run a common operating system in an untrusted environment. Using trustzone technology can put important resources in a trusted environment, because ordinary operating systems in untrusted environments cannot access resources in trusted environments, so that important resources can be protected from malicious attacks in ordinary environments. If the software of a common operating system needs to access resources in a trusted environment, it needs to access secure resources indirectly thr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/32
CPCH04L9/3236H04L9/3249H04L2209/603
Inventor 刘炯钟赵国开池炜宾
Owner XIAMEN YAXON NETWORKS CO LTD