CN101662362B - Method, system and equipment for managing autonomic public key certificate - Google Patents

Abstract

The embodiment of the invention discloses a method, a system and equipment for managing an autonomic public key certificate, which are applied to a system comprising a plurality of network nodes. The system comprises offline management equipment. The method comprises the following steps that: the network nodes perform identity certification through the offline management equipment; the network nodes with approved identity certification require the offline management equipment to sign and issue certificate counterfoils for the network nodes; and the network nodes generate a public key certificate according to the certificate counterfoil which is signed and issued by the offline management equipment. Under a distributed and autonomic environment, the method, the system and the equipment sufficiently consider the provisionality and the application-oriented characteristics of a network without the support of a fixed online reliable third party, realize the autonomic generation, the distribution, the certification, the refreshing and the cancel of the public key certificate of the nodes.

Description

Autonomic public key certificate management method, system and equipment

Technical field

The present invention relates to communication technical field, relate in particular to a kind of autonomic public key certificate management method, system and equipment.

Background technology

Mobile ad hoc network is a kind of wireless mobile multihop network that does not rely on any static infrastructure.Mobile ad hoc network also often has complete distributivity, Site autonomy and provisional except having mobility, self-organization.Specifically, do not exist any static infrastructure to provide service for other node in the mobile ad hoc network, all nodes all are reciprocity in the network, for accomplishing a task, often need mutual cooperation (fully distributivity) between the node; The various resources that each node is all fully independently managed and drawn oneself up determine factum (autonomy); Mobile ad hoc network is interim urgent foundation for certain specific purposes often, because the node in the network is mobile device mostly, energy is limited often, so that nodes in MANET can not long-term sustainable existence (provisional).

Mobile ad hoc network may exist outside off-line organizer or management organization often towards application-specific in its a lot of application, the node that is about to enter network is carried out the Authentication and authorization of identity, only has legal node just can enter network.

Public-key cryptography (abbreviation PKI) technology is a kind of important key cryptosystem, is widely used in authentication, digital signature, the key agreement.Wherein, public key certificate is the important carrier of public-key cryptography, and public key certificate management is the important foundation that realizes the network information security, generally includes generation, distribution to public key certificate, verifies, refreshes and cancel.Because only have key that node in the effective public key certificate Managed Solution guarantee network has oneself easily to (private cipher key/public-key cryptography), realize effective cipher key change with other node, realize the authentication of internodal cipher consistency, node and to the digital signature of message.

In realizing process of the present invention, the inventor finds that there is following shortcoming in prior art:

Existing scheme or need to rely on online trusted third party at the mobile ad hoc network public key management is not suitable with the autonomous characteristic of nodes in MANET, perhaps cipher key management operation cost prohibitive, inefficiency.In addition, lack effective certificate revocation mechanism in the mobile ad hoc network public key management, certificate fail safe control has much room for improvement.

Summary of the invention

The embodiment of the invention provides a kind of autonomic public key certificate management method, does not rely on online trusted third party and realizes the mobile ad hoc network public key management.

The embodiment of the invention provides a kind of autonomic public key certificate management method, is applied to comprise that described system also comprises outline management equipment, said method comprising the steps of in the system of a plurality of network nodes:

By described outline management equipment network node is carried out authentication;

The network node that authentication is passed through is its grant a certificate counterfoil to described outline management device request;

The certificate counterfoil that described network node is signed and issued according to described outline management equipment generates public key certificate.

Described network node the bookkeeping such as distributes, refreshes, cancels to the public key certificate that generates.

The embodiment of the invention provides a kind of autonomic public key certificate management system, comprises a plurality of network nodes and an outline management equipment;

Described outline management equipment is used for network node is carried out authentication, and the network node grant a certificate counterfoil that passes through for authentication;

Described network node, be used for by described outline management equipment network node being carried out authentication, the network node that authentication is passed through is its grant a certificate counterfoil to described outline management device request, and the certificate counterfoil of signing and issuing according to described outline management equipment generates public key certificate, and public key certificate such as is distributed, refreshes and cancel at the bookkeeping.

The embodiment of the invention provides a kind of outline management equipment, comprising:

The authentication unit is used for network node is carried out authentication;

The certificate counterfoil is signed and issued the unit, the network node grant a certificate counterfoil that is used to authentication to pass through.

The embodiment of the invention provides a kind of network node, comprising:

Certificate counterfoil acquiring unit, the network node that passes through for authentication is its grant a certificate counterfoil to described outline management device request;

The public key certificate generation unit, the certificate counterfoil that is used for signing and issuing according to described outline management equipment generates public key certificate;

The public key certificate administrative unit is for bookkeepings such as the public key certificate of oneself are distributed, refreshed and cancels;

The public key certificate authentication unit is used for the public key certificate of other node of receiving is carried out verification operation, judges whether it is effective.

In the embodiments of the invention, distributing, under the autonomous environment, taking into full account the provisional and application-oriented characteristic of network, need not fix the support of online trusted third party, realize the node public key certificate generation, distribution, verify, refresh and cancel.

Description of drawings

Fig. 1 a kind ofly in the embodiment of the invention supports grading authorized autonomic public key certificate management method flow chart;

Fig. 2 is the HOTTPO structure chart that is comprised of two-stage authorized organization in the embodiment of the invention;

Fig. 3 is that MA equipment and SA equipment are the process schematic diagram of this node combined authorization in the embodiment of the invention;

Fig. 4 is the mandate path schematic diagram among the multistage HOTTPO in the embodiment of the invention;

Fig. 5 is the cryptographic Hash in the one-way hash chain and the corresponding relation schematic diagram of refresh cycle in the embodiment of the invention;

Fig. 6 is a kind of autonomic public key certificate management system structure chart in the embodiment of the invention.

Embodiment

Please refer to Fig. 1, the embodiment of the invention provides a kind of autonomic public key certificate management method, is applied to comprise that the method may further comprise the steps in the system of a plurality of network nodes and outline management equipment:

Step 101, network node carries out authentication by outline management equipment.

The network node that step 102, authentication are passed through is its grant a certificate counterfoil to the outline management device request.

Step 103, network node autonomously generates and manages public key certificate according to the certificate counterfoil.

Comprise that also in the public key certificate use procedure, network node can pass to its public key certificate the checking node after the step 103, by the validity of checking node inspection certificate; Network node can also upgrade or cancel the public key certificate of oneself where necessary.

Wherein, also comprise before the step 101: generate outline management equipment, HOTTPO (Hierarchical Off-line Trusted Third Party Organization for example, off-line trusted third party tissue), this HOTTPO carries out authentication by this mechanism to network node for the management of mobile ad hoc network autonomic public key certificate provides a two-stage authentication and authorized organization.

Please refer to Fig. 2, in embodiments of the present invention, described HOTTPO comprises majesty (MasterAuthority is hereinafter to be referred as MA) equipment and secondary authority (Subordinate Authority is hereinafter to be referred as SA) equipment.Before forming mobile ad hoc network, the MA device authorization is given each SA equipment, is its each network node grant a certificate counterfoil of administering by SA equipment.Signing and issuing finally of network node certificate counterfoil carried out by each SA equipment in the mobile ad hoc network, in order to realize the two-stage mandate, the power that MA equipment need to be signed and issued network node certificate counterfoil is appointed each SA equipment, is each the network node grant a certificate counterfoil in its group of managing by SA equipment associating MA equipment.Specifically appoint process as follows:

Suppose p, q is two large prime numbers, and q|p-1 (p-1 is the multiple of q); G is the number between 1 to p, and g ^qModp ≡ 1 (g ^qP remmed equals 1), h (.) is a collisionless hash function.

MA equipment is at first at z _q ^*Select at random a value x on (all integers from 0 to q-1) _MA(number of selecting at random from all integers of 0 to q-1) is as its private cipher key, namely $x_{\mathrm{MA}}{\∈}_R{Z}_q^{*};$ Calculate $y_{\mathrm{MA}}=g^{x_{\mathrm{MA}}}\mathrm{mod}p$ As its public-key cryptography, namely the key of MA equipment is to being (x _MA, y _MA).

Then, MA equipment is at z _q ^*Select at random K _MA, calculate

r _MA＝g ^KmAodp (1)

S _MA＝X _MAh(ID _MA‖ID _SA)+K _MA(2)

And the parameter group (r that is formed by two parameters that will generate _MA, s _MA), send to SA equipment, wherein ID with secured fashion _MA, ID _SARepresent respectively the identify label of MA equipment and SA equipment, this identify label can be character string, also can be numerical value.So-called secured fashion is exactly that certain interim public-key cryptography PK (Public Key, public-key cryptography) that generates of MA equipment utilization SA equipment is to (r _MA, s _MA) encrypt, then ciphertext is sent to SA equipment.

SA equipment is with the decrypt ciphertext of private cipher key SK to receiving of corresponding interim generation, thereby receives (r _MA, s _MA) plaintext.

Afterwards, SA equipment is at first judged

$g^{S_{\mathrm{MA}}}\≡y_{\mathrm{MA}}^{h\left(I{D}_{\mathrm{MA}}\right|\left|I{D}_{\mathrm{SA}}\right)}{r}_{\mathrm{MA}}\mathrm{mod}p---\left(3\right)$

Whether set up, if set up then explanation (r _MA, s _MA) really from MA equipment.Suppose that the key of SA equipment is to being (x _SA, y _SA), x wherein _SABe private cipher key, y _SABe public-key cryptography, and $y_{\mathrm{SA}}\≡g^{x_{\mathrm{SA}}}$ mod p。Then, SA equipment calculates

x _p＝S _MA+x _SA h(ID _MA‖ID _SA)(4)

$y_p=g^{x_p}\mathrm{mod}p={(y_{\mathrm{MA}}\·y_{\mathrm{SA}})}^{h\left(I{D}_{\mathrm{MA}}\right|\left|I{D}_{\mathrm{SA}}\right)}{r}_{\mathrm{MA}}\mathrm{mod}p---\left(5\right)$

Like this, SA equipment can utilize key to (x _p, y _p) be its nodes in MANET grant a certificate counterfoil of administering, private cipher key x wherein _pBe called the certificate counterfoil and sign and issue key, y _pAccording to x _pCarry out the public-key cryptography that computing obtains.Because x _pBe to utilize the private cipher key of MA equipment and SA equipment to unite generation, so SA equipment is that the process of nodes in MANET grant a certificate root is exactly that MA equipment and SA equipment are the process of this node combined authorization, as shown in Figure 3.

Although the HOTTPO in the embodiment of the invention is a kind of tissue of two-stage mandate, in fact, HOTTPO can expand to the multi-stage authentication structure, has the more situation of the off-line trusted third party tissue of labyrinth to adapt to.Suppose that in a multistage HOTTPO mandate path is as shown in Figure 4 arranged.MA wherein ₁Be majesty equipment, its identity is ID _MA1, key is to being (x _MA1, y _MA1), the authority of its subordinate is MA successively ₂, MA ₃..., MA _i... MA _n, SA equipment, identity and key are to being ID successively _MA2, ID _MA3..., ID _MAi... ID _MAn, ID _SA(x _MA2, y _MA2), (x _MA3, y _MA3) ..., (x _MAi, y _MAi) ... (x _MAn, y _MAn), (x _SA, y _SA).Licensing process is as follows:

MA ₁At Z _q ^*Select at random k _MA1, calculate:

${\mathrm{<figure-callout\; id="1"\; label="r\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">r</figure-callout>}}_{M{A}_{}}=g^{{\mathrm{<figure-callout\; id="1"\; label="K\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">K</figure-callout>}}_{M{A}_{}}}\mathrm{mod}p$

S _MA1＝x _MA1h(ID _MA1‖ID _SA)+K _MA1

And (the r that will generate _MA1, s _MA1) send to MA in the mode of safety ₂MA ₂At Z _qSelect at random k _MA2, calculate

${\mathrm{<figure-callout\; id="2"\; label="r\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">r</figure-callout>}}_{M{A}_{}}=r_{M{A}_1}{g}^{{\mathrm{<figure-callout\; id="2"\; label="K\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">K</figure-callout>}}_{M{A}_{}}}\mathrm{mod}p$

S _MA2＝s _MA1+x _MA2h(ID _MA1‖ID _MA2‖ID _SA)+K _MA2

MA ₂With (the r that generates _MA2, s _MA2) send to MA in the mode of safety ₃....So go down, SA equipment will be received MA _n(the r that sends with secured fashion _MAn, s _MAn), wherein:

$r_{M{A}_n}\&equiv;r_{M{A}_{n-1}}{g}^{K_{\mathrm{MAn}}}\mathrm{mod}p=\underset{i=1}{\overset{n}{\mathrm{\&Pi;}}}{g}^{K_{M{A}_i}}\mathrm{mod}p$

$S_{M{A}_n}=s_{M{A}_{n-1}}+x_{M{A}_n}h\left(I{\mathrm{<figure-callout\; id="1"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|I{\mathrm{<figure-callout\; id="2"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|\mathrm{\&Lambda;\&Lambda;}\right|\left|I{D}_{M{A}_n}\right|\left|I{D}_{\mathrm{SA}}\right)+K_{M{A}_n}$

$=\underset{i=1}{\overset{n}{\mathrm{\&Sigma;}}}(K_{M{A}_i}+x_{M{A}_i}h\left(I{\mathrm{<figure-callout\; id="1"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|I{\mathrm{<figure-callout\; id="2"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|\mathrm{\&Lambda;\&Lambda;}\right|\left|I{D}_{M{A}_n}\right|\left|I{D}_{\mathrm{SA}}\right))---\left(2^{,}\right)$

Afterwards, SA equipment is at first judged

$g^{S_{M{A}_n}}\&equiv;r_{M{A}_n}{\left(\underset{i=1}{\overset{n}{\mathrm{\&Pi;}}}{y}_{M{A}_i}\right)}^{h\left(I{\mathrm{<figure-callout\; id="1"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|I{\mathrm{<figure-callout\; id="2"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|\mathrm{\&Lambda;\&Lambda;}\right|\left|I{D}_{M{A}_n}\right|\left|I{D}_{\mathrm{SA}}\right)}\mathrm{mod}p---\left(3^{,}\right)$

Whether set up, if set up then explanation Really from MA ₁... MA _nSuppose that the key of SA equipment is to being (x _SA, y _SA), x wherein _SABe private cipher key, y _SABe public-key cryptography, and $y_{\mathrm{SA}}\&equiv;g^{x_{\mathrm{SA}}}\mathrm{mod}p.$ Then, SA equipment calculates the key pair of certificate counterfoil:

$x_p^{\&prime;}=s_{M{A}_n}+x_{SA}h\left(I{\mathrm{<figure-callout\; id="1"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|I{\mathrm{<figure-callout\; id="2"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|\mathrm{\&Lambda;\&Lambda;}\right|\left|I{D}_{M{A}_n}\right|\left|I{D}_{\mathrm{SA}}\right)---\left(4^{,}\right)$

$y_p^{\&prime;}=g^{x_p^{\&prime;}}\mathrm{mod}p=r_{M{A}_n}{\left(y_{\mathrm{SA}}\underset{i=1}{\overset{n}{\mathrm{\&Pi;}}}{y}_{M{A}_i}\right)}^{h\left(I{\mathrm{<figure-callout\; id="1"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|I{\mathrm{<figure-callout\; id="2"\; label="D\; M\; A"\; filenames="H2008101469694E00023.png"\; state="\{\{state\}\}">D</figure-callout>}}_{M{A}_{}}\right|\left|\mathrm{\&Lambda;\&Lambda;}\right|\left|I{D}_{M{A}_n}\right|\left|I{D}_{\mathrm{SA}}\right)}\mathrm{mod}p---\left(5^{,}\right)$

Like this, the key that SA equipment just can the certificate of utility counterfoil is to (x _p', y _p') be its nodes in MANET grant a certificate counterfoil of administering, private cipher key x wherein _p' be called the certificate counterfoil and sign and issue key.Because x _p' be to utilize MA _i(i=1......n) and the private cipher key of SA equipment unite generation, so SA equipment is that the process of nodes in MANET grant a certificate root is exactly MA _i(i=1......n) be the process of this node multi-stage combination mandate with SA equipment, as shown in Figure 4.

In the step 102 the certificate counterfoil to sign and issue specific implementation as follows:

The certificate counterfoil is the required core information of network node certificate management through the HOTTPO authentication, is that network node realizes that the Distributed Autonomous public key certificate generates, the basis of management.After HOTTPO generates, wherein each SA equipment can carry out the off-line authentication to its nodes in MANET of administering, according to different certification policys, network node may need to provide corresponding physical identity to prove to SA equipment, makes SA equipment carry out authentication according to this physical identity proof.After authentication was passed through, SA equipment can utilize counterfoil to sign and issue key x _pRepresent MA equipment to this network node grant a certificate counterfoil.

For network node, enter before the mobile ad hoc network, must submit to the proof of identification of oneself to carry out authentication to the SA equipment under it.Only after authentication was passed through, network node is the qualified mobile ad hoc network that enters, obtains the public key certificate counterfoil of oneself, generated and manage the public key certificate of oneself, realized secure communication with other node.

When a network node N submitted proof of identification to SA equipment, can ask SA equipment was its grant a certificate counterfoil.In order to ask the certificate counterfoil, network node N must at first generate or definite following parameter: the private cipher key of network node N $x_N{\&Element;}_R{Z}_q^{*},$ Public-key cryptography $y_N=g^{x_N}\mathrm{mod}p.$

In order to obtain the certificate counterfoil, network node N need to by the SA equipment sending message m of an escape way (encrypting or offline mode) under it, carry (ID in the message m _N, y _N, ID _SA, the public-key cryptography y of SA equipment _SA, H (.), n, δ).ID wherein _NThe identify label of expression network node N, H (.) is one-way Hash function, can utilize H (.) to generate corresponding one-way hash chain, network node N is secret to select a random number t, and utilizes H (.) to generate an one-way hash chain:

H ⁱ(t)＝H(H ^i-1(t))，i＝1，2，...，n.(6)

Cryptographic Hash H ^N-iCorresponding to i the refresh cycle of public key certificate, that is to say that (t) network node N can be by issue H i refresh cycle ^N-i(t) validity of its certificate refreshed, as shown in Figure 5.

In the certificate request process, network node can decide choosing of n in the vector (number of refresh cycle) and RP (public key certificate validity refresh cycle) according to the network lifetime length L N of the mobile ad hoc network of predicting, so that

The maximum lifetime n of public key certificate ^*RP (ML)〉network lifetime length L N (7)

Wherein, ML represent network node N from the application of affiliated SA equipment to the maximum lifetime of public key certificate, surpass this lifetime after this public key certificate just can't continue to use.Certainly before a public key certificate reached its maximum lifetime, network node also can be cancelled it.The maximum lifetime of a network node public key certificate is calculated and is started from certain time point ST, and is divided into n refresh cycle RP, n=ML/RP (can force to make the length of ML is the integral multiple of RP).Determine n+1 time point in the maximum lifespan of public key certificate, i.e. ST, ST+RP, ST+2RP ..., ST+i*RP, ST+ (i+1) * RP ..., ST+n*RP.In order to keep the validity of public key certificate, network node often need to be in certain current refresh cycle, such as i cycle [ST+ (i-1) * RP, ST+i*RP], before expiring this cycle is carried out validity and refresh, namely before ST+i*RP, i cycle refreshed.

SA equipment is network node N grant a certificate counterfoil CS _N: suppose m=(ID _N, y _N, ID _SA, y _SA, H (.), n, δ), SA equipment is to network node N signature, and counterfoil CS Generates Certificate _N, and with certificate counterfoil CS _NReturn network node N.Detailed process is as follows:

SA equipment is selected a ∈ _RZ _q ^*, calculate

r＝g ^a modp(8)

s＝x _ph(m‖r)+a(9)

Each SA equipment records relevant information verifies that then SA equipment is the certificate counterfoil CS that network node N signs and issues _N=(r, s, m, r _MA).

(such as 10 hours) network node (network node that does not comprise MA, SA) is with respect to the time deviation value of MA equipment in the δ representation unit time, and δ is calculated as follows:

δ＝(1 _MA-1 _N)/1 _MA(10)

Wherein, 1 _MARepresent that predefined clock take MA equipment is the time span of benchmark, 1 _NBe illustrated in 1 _MAIn time, the time span value that network node N is measured.Obviously, 1 _MATime is longer, the δ value that records more accurate (because 1 _MA Time interior 1 _NFortuitous event may occur, cause 1 _NChange, therefore, if 1 _MATime lengthens, can equilibrium 1 _NChange, obtain accurate δ value).In fact δ is determined by the phy clock of MA equipment and network node N, is subjected to the outer room condition influence very little, therefore δ can be regarded as the physical constant of network node N, measures and once can use for a long time.Calculating formula (10) by δ can be found out, can carry out simultaneously for the measurement of heterogeneous networks node δ value, only needs each network node that each leisure 1 is provided when measuring _MAThe time value 1 that records in time _NGet final product.When measuring the end of δ value, calculate and realize the time synchronized of network node and MA equipment according to deviate, and record synchronous moment T _Init, wherein, init is initiation parameter.

Network node N utilizes δ, T _InitAnd current time T _N, can calculate the current time T of MA equipment _MA:

$T_{\mathrm{MA}}=\frac{T_N-\mathrm{\&delta;}{T}_{\mathrm{init}}}{1-\mathrm{\&delta;}}---\left(11\right)$

Thereby realize the time synchronized of network node N and MA equipment.

In order to raise the efficiency, N can once choose many group certificate counterfoil parameters, asks a plurality of certificate counterfoils.When a node is moved in mobile ad hoc network, can be as required (in the time of may be revealed such as private cipher key) dynamically change the key pair of its certificate, thereby improve the fail safe of public key certificate management.

In a single day node successfully applies for the certificate counterfoil, no longer needs any support of HOTTPO.Later on just can be in mobile ad hoc network independent operating, generation, the validity of independently finishing certificate refreshes, certificate update and the operation such as cancel.Like this, the key management in the mobile ad hoc network just can move with distribution, Ad hoc mode, and need not the participation of any trusted third party.

Step 103, the generative process of public key certificate is as follows:

The public key certificate of network node N comprises additional parameter Cinfo=(H ⁿ(t), RP, ST), wherein ST is for enabling take MA equipment as the certificate of benchmark constantly.The computing network node is to the signature L=(j, k, Cinfo) of additional parameter Cinfo, and is concrete:

Network node N chooses b ∈ _RZ _q ^*, calculate

j＝g ^bmodp(12)

k＝x _Nh(Cinfo‖j)+b(13)

Network node N is at the certificate Cert of i refresh cycle _NBe { CS _N, L, H ^N-i(t), i}, that is:

Cert _N＝{CS _N，L，H ^n-i(t)，i}(14)

Wherein, the moment of MA equipment when ST can be certificates constructing, the off-line counterfoil that Generates Certificate, but do not enter network at once, and as entering network, then ST is the current time at once, if entered network in 1 hour, then ST is 1 hour; Thereby can control flexibly enabling of its public key certificate by network node; RP is the validity refresh cycle of network node public key certificate, and network node can be specified the value of RP as required, thereby can determine neatly the maximum lifetime ML (ML=n*RP) of this certificate.

The transmission of certificate and checking in the step 104:

(1) transmission of certificate

In order to make checking node V obtain the public-key cryptography of oneself, node N does not need the public key certificate Cert by broadcast mode issue oneself _N, and only need according to practical application, where necessary with Cert _NBe attached to and send to together V in the relevant data (such as node N in digital signature applications to the signature of certain message) and get final product.This has demonstrated fully the as required principle of issue, can effectively avoid the message transmission that produces because of certificate issuance in the network.

(2) checking of certificate

Checking node V is receiving the certificate Cert of N _N, i.e. { CS _N, L, H ^N-i(t), during i}, in order to verify its validity, need to carry out following operation:

At first node V checking

g ^s≡((y _MAy _SA) ^{h(IDMA‖IDSA)}r _MA) ^h(m‖r)rmodp(15)

Whether set up.If set up, the certificate counterfoil CS of node N is described then _NBe through MA device authorization SA equipment, united by MA equipment and SA equipment and sign and issue.

Then, V utilizes CS _NThe public-key cryptography y of middle N _NThe validity of check additional parameter signature L, i.e. check

g ^k≡y _N ^h(Cinfo‖j)jmodp(16)

Whether set up.If set up, Cert then be described _NReally be the legal certificate of node N, because only have node N just to have corresponding y _NPrivate cipher key x _N, could effectively sign to additional parameter Cinfo.And yN unites the certificate counterfoil CS that signs and issues by MA equipment and SA equipment _NSpecified.

At last, node V, judges according to the current time T ' of (7) calculating take MA equipment as benchmark according to own time deviation coefficient δ v with respect to MA equipment

With

H ⁱ(H ^n-i(t))＝H ⁿ(t)(18)

Whether set up, if set up simultaneously, y then _NBe the current effective public-key cryptography of node N.Because (17) formula shows, if less than (maximum integer of T ＇-ST)/RP value is i, and namely the current refresh cycle of node N and node V all is i; And formula (18) illustrates the certificate Cert of node N _N, i.e. { CS _N, L, H ^N-i(t), i} is effective at current refresh cycle i, and the public-key cryptography y in this certificate also is described _NCurrent effective.

In addition, repeatedly mutual if checking node V and N (may continue a plurality of refresh cycle RP) within a period of time, then verify the certificate Cert that node V can buffer memory N _NV is at each check Cert like this _NWhen current validity, only need judgement (17) and (18) formula whether to set up and get final product.Certainly, if only repeatedly mutual in same refresh cycle RP, verify that then node V just need not verify Cert again _NValidity.

3) renewal of certificate

If the public key certificate Cert of node N _NLifetime finish (namely the cryptographic Hash in the hash chain of correspondence uses), then this certificate can't use.At this moment, node can pass through voluntarily more new authentication additional parameter Cinfo ', re-constructs new certificate Cert _N', continue to use of original certificate key pair, finish the renewal of certificate, prolong the lifetime of certificate, but do not need any support of HOTTPO.Detailed process is as follows:

N chooses new hash function H (.) ', hash function initial input r ', hash chain length n ', refresh cycle RP ' and certificate and enables constantly T ', calculates new hash chain, form new certificate additional parameter Cinfo '=(H (.) ', H ⁿ' (t ') ', RP ', T ', δ).Regenerate the signature L ' of Cinfo ', with certificate counterfoil CS _NForm together the new public key certificate of node N.That is:

Node N chooses b ' ∈ _RZ _q ^*, calculate j '=g ^b'; K '=x _NH (Cinfo ' ‖ j ')+b ', then L '=(j ', k ', Cinfo ').

Therefore, N is at the certificate Cert of i refresh cycle _N' be { CS _N, L ', H ^{N '-i}(t ') ', i}.

Certainly, if N suspects former Cert _NCorresponding private cipher key is cracked, and then can utilize other certificate counterfoil CS that obtains simultaneously in " 2) certificate counterfoil sign and issue " part _N', generate in a manner described the node certificate of new PKI.

4) certificate cancels

By one-way hash chain, can realize node N cancelling temporarily and forever cancelling its public key certificate.Node N is by stopping to issue the cryptographic Hash corresponding to the current refresh cycle, so that the validation verification of node certificate PKI can't pass through, and can reach and makes certificate lose efficacy temporarily, realize the purpose that certificate is cancelled temporarily; By key parameters such as nonvolatil destruction node private cipher key, hash function initial input r, thoroughly destroy its public key certificate.

In the embodiment of the invention, before node adds mobile ad hoc network, by HOTTPO (HierarchicalOff-line Trusted Third Party Organization, off-line trusted third party tissue) to node carry out authentication (HOTTPO is pre-stored have one can be by the network node identification list of authentication, check that network node sends the sign of carrying in the message and whether belongs to this tabulation, if belong to, then authentication is passed through), can effectively stop the random adding of malicious node.The mandate of guaranteeing to only have legal node can obtain HOTTPO (obtain signed and issued by SA equipment certificate counterfoil), and then can generate and manage the secure communication of own public key certificate, realization and other node.

Further, by the two-stage combined authorization of HOTTPO realization to nodes in MANET, cooperate perfect authentication strategy, guarantee the authenticity of node identity.

Further, distribution, autonomous as required public key certificate are managed, and have broken away from the dependence of node certificate management to online trusted third party, greatly reduce the communication complexity in the management.

Further, behind the public key certificate of node acquisition certificate counterfoil, generation oneself, no longer need any support of HOTTPO; The simultaneously generation of certificate, upgrade and cancel all only where necessary just at the local complete independently of node, at ordinary times need not any attended operation, do not need node to carry out the transmission of any message yet, demonstrated fully distribution, the autonomy of certificate management and the characteristic of managing as required; And certificate can be issued with other related data, does not also need the operation of independent certificate issuance, thereby calculating and communication complexity all greatly reduce.

Further, effectively eliminated the required message transmission of time synchronized in the public key certificate management by time deviation coefficient δ.

The embodiment of the invention provides a kind of mobile ad hoc network autonomic public key certificate management system, as shown in Figure 6, comprises a plurality of network nodes 100 and outline management equipment 200.Outline management equipment 200 is used for network node is carried out authentication, and the network node grant a certificate counterfoil that passes through for authentication; Network node 100, be used for carrying out authentication by 200 pairs of network nodes of outline management equipment, the network node that authentication is passed through is its grant a certificate counterfoil to 200 requests of outline management equipment, and generates public key certificate according to the certificate counterfoil that outline management equipment 200 is signed and issued.

Wherein, outline management equipment 200 comprises: authentication unit 210 is used for network node is carried out authentication; The certificate counterfoil is signed and issued unit 220, the network node grant a certificate counterfoil that is used to authentication to pass through.

Outline management equipment also comprises a plurality of authorized organizations, and wherein, the right that the certificate counterfoil is signed and issued by the highest authorized organization is appointed secondary authorized organization, by associating the highest described authorized organization of described secondary authorized organization grant a certificate counterfoil.

The highest described authorized organization specifically comprises: the private cipher key acquiring unit is used for choosing private cipher key; Key is to computing unit, is used for obtaining public-key cryptography according to described private cipher key, forms the key pair of described the highest authorized organization; Transmitting element is used for according to described key obtaining (r _MA, s _MA), and with described (r _MA, s _MA) send to secondary authorized organization.

Described secondary authorized organization specifically comprises: key is used for according to described (r acquiring unit _MA, s _MA) obtain described key pair; The certificate counterfoil is signed and issued the unit, is used for according to described key being the network node grant a certificate counterfoil of administering.

Wherein, network node 100 comprises: certificate counterfoil acquiring unit 110, and the network node that passes through for authentication is its grant a certificate counterfoil to described outline management device request; Public key certificate generation unit 120, the certificate counterfoil that is used for signing and issuing according to described outline management equipment generates public key certificate.Public key certificate administrative unit 130 is used for the public key certificate of oneself is distributed, refreshed and cancels bookkeeping; Public key certificate authentication unit 140 is used for the public key certificate of other node of receiving is carried out verification operation, judges whether it is effective.

In the embodiments of the invention, distributing, under the autonomous environment, taking into full account the provisional and application-oriented characteristic of network, need not fix the support of online trusted third party, realize the node public key certificate generation, distribution, verify, refresh and cancel.Before node adds mobile ad hoc network, by HOTTPO node is carried out authentication, can effectively stop the random adding of malicious node.The mandate of guaranteeing to only have legal node can obtain HOTTPO (obtain signed and issued by SA equipment certificate counterfoil), and then can generate and manage the secure communication of own public key certificate, realization and other node.

Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode in a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.

More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.

Claims (14)

1. an autonomic public key certificate management method is applied to comprise in the system of a plurality of network nodes, and it is characterized in that, described system also comprises outline management equipment, said method comprising the steps of:

Described network node carries out authentication by described outline management equipment; Described outline management equipment

Comprise the highest MA of authorized organization and the secondary SA of authorized organization;

The network node that authentication is passed through is its grant a certificate counterfoil to described outline management device request;

Described network node autonomously generates and manages public key certificate according to described certificate counterfoil, and wherein, described network node comprises for its grant a certificate counterfoil to described outline management device request:

Node sends (ID by escape way to the secondary authorized organization under it _N, y _N, ID _SA, y _SA, H (.), n, δ), ID wherein _NThe identify label of expression node N, y _NBe the public-key cryptography of network node N, ID _SABe the identify label of secondary authorized organization, H (.) is one-way Hash function, y _SABe the public-key cryptography of the secondary SA of authorized organization, n is the length of certificate one-way hash chain, and network node is with respect to the time deviation value of high authorized organization in the δ representation unit time.

2. autonomic public key certificate management method as claimed in claim 1 is characterized in that, describedly network node is carried out authentication is specially:

By multistage authentication and authorized organization network node is carried out authentication.

3. autonomic public key certificate management method as claimed in claim 2 is characterized in that, comprising:

The right that the certificate counterfoil is signed and issued by the highest authorized organization is appointed secondary authorized organization, by associating the highest described authorized organization of described secondary authorized organization grant a certificate counterfoil.

4. autonomic public key certificate management method as claimed in claim 3 is characterized in that described mandate specifically comprises:

The highest authorized organization chooses private cipher key, obtains public-key cryptography according to described private cipher key, forms the key pair of described the highest authorized organization;

The highest described authorized organization according to described key to obtaining (r _MA, s _MA), and with described (r _MA, s _MA) send to secondary authorized organization;

Described secondary authorized organization is according to described (r _MA, s _MA) obtain described secondary authorized organization be the key of the network node grant a certificate counterfoil institute foundation of administering to (xp, yp), wherein private cipher key xp is that the certificate counterfoil is signed and issued key, yp carries out the public-key cryptography that computing obtains according to xp;

Described secondary authorized organization is the network node grant a certificate counterfoil of administering to (xp, yp) according to described key.

5. autonomic public key certificate management method as claimed in claim 1 is characterized in that,

δ is calculated as follows:

δ＝(l _MA-l _N)/l _MA

Wherein, l _MAThe time span of expression take the clock of the highest authorized organization equipment as the reference measurement gained, l _NBe illustrated in l _MAIn time, the time span value that N is measured.

6. autonomic public key certificate management method as claimed in claim 1 is characterized in that, specifically comprises for its grant a certificate counterfoil to described outline management device request:

A plurality of certificate counterfoils are signed and issued in request, when in mobile ad hoc network, moving, and the key of the certificate that uses according to dynamic change pair.

7. autonomic public key certificate management method as claimed in claim 1 is characterized in that, the certificate counterfoil that described network node is signed and issued according to described outline management equipment generates public key certificate and specifically comprises:

Computing node is to the signature L of additional parameter Cinfo, L=(j, k, Cinfo);

Described network node is at the certificate Cert of i refresh cycle _NBe { CS _N, L, H ^N-i(t), i};

j＝g ^bmod p；k＝x _Nh(C info||j)+b；

Cinfo＝(H ⁿ(t)，RP，ST)；

Wherein, CS _NBe the certificate counterfoil, t is the secret random number of selecting of network node N, and RP is the validity refresh cycle of network node public key certificate, and ST enables constantly for the certificate take MA equipment as benchmark.

8. autonomic public key certificate management method as claimed in claim 1 is characterized in that, the certificate counterfoil that network node is signed and issued according to described outline management equipment also comprises after generating public key certificate:

In the public key certificate use procedure, the network node public key certificate passes to the checking node, by the validity of checking node inspection certificate.

9. autonomic public key certificate management method as claimed in claim 1 is characterized in that, the certificate counterfoil that described network node is signed and issued according to described outline management equipment also comprises after generating public key certificate:

Network node upgrades or cancels the public key certificate of oneself.

10. autonomic public key certificate management method as claimed in claim 9 is characterized in that,

Described network node is by one-way hash chain cancelling and forever cancelling its public key certificate temporarily.

11. an autonomic public key certificate management system is characterized in that, comprises a plurality of network nodes and outline management equipment;

Described outline management equipment is used for network node is carried out authentication, and the network node grant a certificate counterfoil that passes through for authentication; Described outline management equipment comprises the highest MA of authorized organization and the secondary SA of authorized organization;

Described network node, be used for by described outline management equipment network node being carried out authentication, the network node that authentication is passed through is its grant a certificate counterfoil to described outline management device request, and generates public key certificate according to the certificate counterfoil that described outline management equipment is signed and issued;

Described network node specifically comprises for its grant a certificate counterfoil to described outline management device request:

Node sends (ID by escape way to the secondary authorized organization equipment under it _N, y _N, ID _SA, y _SA, H (.), n, δ), ID wherein _NThe identify label of expression node N, y _NBe the public-key cryptography of network node N, ID _SABe the identify label of secondary authorized organization, H (.) is one-way Hash function, y _SABe the public-key cryptography of the secondary SA of authorized organization, n is the length of certificate one-way hash chain, and network node is with respect to the time deviation value of the highest authorized organization equipment in the δ representation unit time.

12. an outline management equipment is characterized in that, comprising:

The authentication unit is used for network node is carried out authentication;

The certificate counterfoil is signed and issued the unit, the network node grant a certificate counterfoil that is used to authentication to pass through;

A plurality of authorized organizations comprise the highest MA of authorized organization and the secondary SA of authorized organization; Wherein, the right that the certificate counterfoil is signed and issued by the highest authorized organization is appointed secondary authorized organization, by associating the highest described authorized organization of described secondary authorized organization grant a certificate counterfoil;

The highest described authorized organization specifically comprises:

The private cipher key acquiring unit is used for choosing private cipher key;

Key is to computing unit, is used for obtaining public-key cryptography according to described private cipher key, forms the key pair of described the highest authorized organization;

Transmitting element is used for according to described key obtaining (r _MA, s _MA), and with described (r _MA, s _MA) send to secondary authorized organization;

Described secondary authorized organization specifically comprises:

Key is used for according to described (r acquiring unit _MA, s _MA) obtain described secondary authorized organization be the key of the network node grant a certificate counterfoil institute foundation of administering to (xp, yp), wherein private cipher key xp is that the certificate counterfoil is signed and issued key, yp carries out the public-key cryptography that computing obtains according to xp;

The certificate counterfoil is signed and issued the unit, and being used for according to described key is the network node grant a certificate counterfoil of administering to (xp, yp).

13. a network node is characterized in that, comprising:

Certificate counterfoil acquiring unit, the network node that passes through for authentication is its grant a certificate counterfoil to the outline management device request; Described outline management equipment comprises the highest MA of authorized organization and the secondary SA of authorized organization;

The public key certificate generation unit, the certificate counterfoil that is used for signing and issuing according to described outline management equipment generates public key certificate;

Described network node specifically comprises for its grant a certificate counterfoil to described outline management device request:

Node sends (ID by escape way to the secondary authorized organization equipment under it _N, y _N, ID _SA, y _SA, H (.), n, δ), ID wherein _NThe identify label of expression node N, y _NBe the public-key cryptography of network node N, ID _SABe the identify label of secondary authorized organization, H (.) is one-way Hash function, y _SABe the public-key cryptography of the secondary SA of authorized organization, n is the length of certificate one-way hash chain, and network node is with respect to the time deviation value of the highest authorized organization equipment in the δ representation unit time.

14. network node is characterized in that as claimed in claim 13, also comprises:

The public key certificate administrative unit is used for the public key certificate of oneself is distributed, refreshed and cancels bookkeeping;

The public key certificate authentication unit is used for the public key certificate of other node of receiving is carried out verification operation, judges whether it is effective.

Images