Certificate-based socks5 mutual authentication method, device and equipment

By introducing a certificate authentication method identifier into the SOCKS5 protocol, a two-way verification process is implemented where the client sends its user certificate first, and the server sends its certificate later. This solves the one-way authentication problem and leakage risk in the SOCKS5 protocol, and improves security and efficiency.

CN122179243APending Publication Date: 2026-06-09CBC TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CBC TECH CO LTD
Filing Date
2026-05-11
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

The existing SOCKS5 protocol authentication method is one-way and based on a shared secret, which is easily leaked and cannot achieve two-way authentication, posing risks of man-in-the-middle attacks and data leakage.

Method used

By introducing a certificate authentication method identifier into the SOCKS5 protocol, the client first sends the user certificate for the server to verify. After the server verifies the certificate, it then sends the user certificate back, thus achieving strict two-way certificate exchange and verification and using public key infrastructure for strong identity verification.

Benefits of technology

It implements two-way strong authentication to prevent password leakage and man-in-the-middle attacks, reduces operational complexity, and improves connection security and efficiency, making it suitable for high-security environments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179243A_ABST
    Figure CN122179243A_ABST
Patent Text Reader

Abstract

The application relates to a certificate-based SOCKS5 bidirectional authentication method, device and equipment. The method comprises the following steps: based on an established transmission layer connection, an authentication method request containing a certificate authentication method identifier is sent, the certificate authentication method identifier selected by a server is acquired, an authentication request carrying a user certificate is sent according to the certificate authentication method identifier selected by the server, the user certificate is verified by the server, the server certificate is acquired after a response of the server to the user certificate verification is received, the server certificate is verified according to the acquired server certificate, an authentication success message is sent after the verification is passed, and a business data transmission channel is established. The application expands the SOCKS5 protocol, defines a certificate authentication identifier, realizes identity strong authentication based on asymmetric cryptography through bidirectional certificate exchange and verification, replaces traditional passwords and automatically establishes a secure data transmission channel.
Need to check novelty before this filing date? Find Prior Art