CN108155991B - Generation system of trusted key - Google Patents
Generation system of trusted key Download PDFInfo
- Publication number
- CN108155991B CN108155991B CN201810241949.9A CN201810241949A CN108155991B CN 108155991 B CN108155991 B CN 108155991B CN 201810241949 A CN201810241949 A CN 201810241949A CN 108155991 B CN108155991 B CN 108155991B
- Authority
- CN
- China
- Prior art keywords
- key
- party
- server
- secret
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention relates to a generation system of a trusted key, which comprises a key requesting party, a key receiving party and a server, wherein: the key requesting party is a party initiating the encrypted communication, and a key generating process is initiated by the key requesting party; the key receiving method is a key generating process which is initiated by a party receiving encrypted communication and matched with the key requesting party; the server is used for registering for each party needing to generate the key in advance and providing randomly generated secret information for each party; in the process of generating the secret key, the server verifies both sides based on the secret information based on the related information sent by the secret key requesting party and the secret key receiving party, randomly generates the secret key if the both sides pass the verification, encrypts the secret key based on the secret information and sends the encrypted secret key to both sides.
Description
[ technical field ] A method for producing a semiconductor device
The invention belongs to the field of computer security, and particularly relates to a generation system of a trusted key.
[ background of the invention ]
In recent years, with the development of computer technology, people's lives begin to rely on computers in large quantities, and various computer programs are used for processing and communication, so that computer security is increasingly related to people. In computer security, a key is important security data, and the key is different from a user password, which is usually core data used for ensuring security inside a computer and used for encryption, so how to generate a trusted key is the most important ring for computer security.
[ summary of the invention ]
The invention provides a simple and reliable generation system of a trusted key, which adopts the following technical scheme:
a system for generating a trusted key, comprising a key requester, a key receiver, and a server, wherein:
the key requesting party is a party initiating the encrypted communication, and a key generating process is initiated by the key requesting party;
the key receiving method is a key generating process which is initiated by a party receiving encrypted communication and matched with the key requesting party;
the server is used for registering for each party needing to generate the key in advance and providing randomly generated secret information for each party;
in the process of generating the secret key, the server verifies both sides based on the secret information based on the related information sent by the secret key requesting party and the secret key receiving party, randomly generates the secret key if the both sides pass the verification, encrypts the secret key based on the secret information and sends the encrypted secret key to both sides.
Further, the step of encrypting the secret key by the server based on the secret information and then sending the encrypted secret key to the two parties specifically includes: and sending the key and the corresponding secret information to a corresponding party after XOR.
Further, the key requester or the key receiver is a PC.
Further, the key requester or key receiver is a smartphone.
Further, the key requestor or key receiver is a smart card.
The invention has the beneficial effects that: under the condition of not reducing the safety, compared with the prior art, the method is simpler and more reliable, reduces the complexity of implementation, has low requirement on computing capacity, and can be applied to equipment with different computing capacities.
[ description of the drawings ]
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, and are not to be considered limiting of the invention, in which:
fig. 1 is a logical block diagram of the trusted key generation system of the present invention.
[ detailed description ] embodiments
The present invention will now be described in detail with reference to the drawings and specific embodiments, wherein the exemplary embodiments and descriptions are provided only for the purpose of illustrating the present invention and are not to be construed as limiting the present invention.
The trusted key generation system of the present invention includes: a key requester, a key receiver and a server. The key requesting party and the receiving party are both parties needing encrypted communication on the network. The key requester is the party that initiates the encrypted communication, and the key generation process is initiated by the key requester. The key receiving method is a key generating process which is initiated by a party receiving encrypted communication and matched with the key requesting party. Specifically, the key requester and the key receiver may be various types of devices with different computing capabilities, such as a PC, a smart phone, and a smart card.
The server is a neutral trusted third party that is used to register in advance for the parties that need to generate the keys and to provide each party with a randomly generated secret. For example, a registers with the server, and after the server authenticates the identity of a, it randomly generates a Secret information Secret, preferably, in order to ensure sufficient security, Secret is a binary number of not less than 1024 bits. The secret information is provided to A and is stored by A and the server respectively.
Based on the above three-party structure, the following describes the key generation process of the present invention in detail:
(1) the key request party initiates a connection request to a key receiver, and the connection request carries a connection code LA and a request code ID; both the connection code LA and the request code ID are a number randomly generated by the key requester.
For security reasons, the number of bits of the connection code should be sufficiently long, and preferably, the connection code should be no less than 1024 bits, as with the Secret information Secret described above.
(2) After receiving the connection request, the key receiver also randomly generates a connection code LB, and then sends a response message to the key requester.
The number of bits of the concatenated code LB should also be sufficiently long, as with the concatenated code LA, and preferably LB and LA are the same number of bits. However, the LB is not included in a reply message that simply informs the key requester that the key receiver has received the request and is ready to generate the key.
(3) After receiving the response message, the key requester sends a key request message KeyRequestA to the server, where the KeyRequestA includes a connection code LA, a request code ID, and a Hash result HA, where HA is Hash (SecretA ^ LA).
And the key receiver simultaneously sends another key request message KeyRequestB to the server, wherein the KeyRequestB comprises a request code ID, LC and a hash result HB.
LC ═ LA ≦ LB, and HB ≦ Hash (SecretB ≦ LA ≦ LB).
Where SecretA is secret information obtained by the key requester at the time of server registration, and SecretB is secret information obtained by the key receiver at the time of server registration. The Hash is a Hash function that may use any one of the Hash algorithms known in the art.
The hash calculation of the key requesting party and the key receiving party comprises numbers which are randomly generated by the key requesting party and the key receiving party, so that a specified hash result can be prevented from being acquired by a man-in-the-middle, and the safety is ensured.
(4) After receiving the two key request messages, the server firstly determines that the two key request messages come from a pair of key requesters and receivers based on the request code ID; then, the hash results in the two key request messages are verified respectively, if one of the two key request messages fails to pass the verification, the server ignores the two key request messages, and the method is ended; if the verification is passed, the subsequent steps are continued.
The specific verification process is as follows:
for KeyRequestA, the server calculates Hash (SecretA ≧ LA) by itself (since SerectA is stored in the server in advance, the server can calculate the Hash), judges whether the calculation result is equal to HA or not, if not, the verification fails, otherwise, the verification passes.
For KeyRequestB, the server calculates Hash by itself (SecretB ^ LA ^ LB), judges whether the calculation result is equal to HB or not, if not, the verification is not passed, otherwise, the verification is passed.
(5) The server randomly generates a Key Key, and calculates KA and KB respectively, namely:
KA=Key⊕SecretA,KB=Key⊕SecretB
the server then sends KA to the key requester and KB to the key receiver.
(6) After receiving the KA, the Key requester calculates Key ═ KA ≦ SecretA; after receiving the KB, the Key receiver calculates Key KB ≦ SecretB.
Thus, the Key requester and the Key receiver each obtain a common Key, so that operations such as encrypted communication can be performed based on the Key.
From the above process, it can be seen that the whole key generation process only involves xor calculation, and the calculation process is simple, so that the requirements on the calculation capabilities of the key requester and the key receiver are low, and therefore, even if the two parties are devices with low computer capabilities, the key generation process can be completed. Moreover, each key generation process depends on the generated connection codes of the two parties, and needs to be centrally verified by a trusted server, and the server generates the key after respectively verifying the identities of the two parties, so that the whole process has enough safety, and the identities of the two parties generating the key can be traced in the later period.
The above description is only a preferred embodiment of the present invention, and all equivalent changes or modifications of the structure, characteristics and principles described in the present invention are included in the scope of the present invention.
Claims (5)
1. A system for generating a trusted key, comprising a key requester, a key receiver, and a server, wherein:
the key requesting party is a party initiating encrypted communication, and initiates a key generation process by the key requesting party;
the key receiving method is a key generating process which is initiated by a party receiving encrypted communication and matched with the key requesting party;
the server is used for registering for each party needing to generate the key in advance and providing randomly generated secret information for each party;
the server is a neutral trusted third party and is used for registering for each party needing to generate a secret key in advance and providing each party with randomly generated secret information, and the secret information is binary number not less than 1024 bits;
in the process of generating the secret key, the server verifies both sides based on the secret information based on the related information sent by the secret key requesting party and the secret key receiving party, randomly generates the secret key if the both sides pass the verification, encrypts the secret key based on the secret information and sends the encrypted secret key to both sides;
the process of generating the key is as follows:
(1) the key request party initiates a connection request to a key receiver, and the connection request carries a connection code LA and a request code ID; the connection code LA and the request code ID are both a number randomly generated by a key requester;
the concatenated code is a binary number of not less than 1024 bits;
(2) after receiving the connection request, the key receiver also randomly generates a connection code LB, and then sends a response message to the key requester;
the connecting code LB and the connecting code LA have the same number of bits; however, the LB is not included in a response message, which simply informs the key requester that the key receiver has received the request and is ready to generate the key;
(3) after receiving the response message, the key requester sends a key request message keyRequestA to the server, where the keyRequestA includes a connection code LA, a request code ID, and a Hash result HA, where HA is Hash (SecretA ^ LA);
the key receiver simultaneously sends another key request message KeyRequestB to the server, wherein the KeyRequestB comprises a request code ID, an LC and a Hash result HB;
LC ═ LA ≦ LB, HB ≦ Hash (SecretB ≦ LA ≦ LB);
wherein, SecretA is secret information obtained by the key requesting party when registering in the server, SecretB is secret information obtained by the key receiving party when registering in the server; hash is a Hash function;
(4) after receiving the two key request messages, the server firstly determines that the two key request messages come from a pair of key requesters and receivers based on the request code ID; then, the hash results in the two key request messages are verified respectively, if one of the two key request messages fails to pass the verification, the server ignores the two key request messages, and the method is ended; if the verification is passed, executing the step (5);
(5) the server randomly generates a Key and respectively calculates KA and KB, wherein KA (Key) and SECREtA are equal to Key and SECREtB
Then the server sends the KA to the key requesting party and sends the KB to the key receiving party;
(6) after receiving the KA, the Key requester calculates Key ═ KA ≦ SecretA; after the Key receiver receives the KB, calculating Key (KB) and then secretB;
to this end, the Key requester and the Key receiver each obtain a common Key.
2. The system according to claim 1, wherein the server sends the encrypted key to both parties based on the secret information, and specifically comprises: and sending the key and the corresponding secret information to a corresponding party after XOR.
3. The system of any of claims 1-2, wherein the key requestor or key recipient is a PC.
4. The system according to any of claims 1-2, wherein the key requestor or key recipient is a smartphone.
5. The system according to any of claims 1-2, wherein the key requestor or key recipient is a smart card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810241949.9A CN108155991B (en) | 2018-03-22 | 2018-03-22 | Generation system of trusted key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810241949.9A CN108155991B (en) | 2018-03-22 | 2018-03-22 | Generation system of trusted key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108155991A CN108155991A (en) | 2018-06-12 |
| CN108155991B true CN108155991B (en) | 2022-01-04 |
Family
ID=62456246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810241949.9A Active CN108155991B (en) | 2018-03-22 | 2018-03-22 | Generation system of trusted key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108155991B (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004023276A2 (en) * | 2002-08-28 | 2004-03-18 | Matsushita Electric Industrial Co., Ltd. | Content-duplication management system, apparatus and method, playback apparatus and method, and computer program |
| JP2007060066A (en) * | 2005-08-23 | 2007-03-08 | Toshiba Corp | Content data distribution method, and content data distribution system and portable terminal for use therein |
| CN101707770B (en) * | 2009-11-12 | 2012-02-01 | 浙江大学 | Key exchange authentication method capable of guaranteeing system security |
| CN104683304B (en) * | 2013-11-29 | 2019-01-01 | 中国移动通信集团公司 | A kind of processing method of secure traffic, equipment and system |
| CN107154849A (en) * | 2017-05-09 | 2017-09-12 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on highly reliable smart card |
-
2018
- 2018-03-22 CN CN201810241949.9A patent/CN108155991B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108155991A (en) | 2018-06-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111314056B (en) | Heaven and earth integrated network anonymous access authentication method based on identity encryption system | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| CN107483191B (en) | SM2 algorithm key segmentation signature system and method | |
| CN110969431B (en) | Secure hosting method, device and system for private key of blockchain digital coin | |
| CN109981562B (en) | Software development kit authorization method and device | |
| CN111682938A (en) | Three-party authenticatable key agreement method facing centralized mobile positioning system | |
| CN105391734A (en) | Secure login system, secure login method, login server and authentication server | |
| CN111935712A (en) | Data transmission method, system and medium based on NB-IoT communication | |
| CN113067823B (en) | Mail user identity authentication and key distribution method, system, device and medium | |
| KR102284396B1 (en) | Method for generating pki keys based on bioinformation on blockchain network and device for using them | |
| CN115580396B (en) | Tight trace query system and method | |
| US10419212B2 (en) | Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols | |
| CN111614679B (en) | Federal learning qualification recovery method, device and readable storage medium | |
| Chen et al. | Enhanced authentication protocol for the Internet of Things environment | |
| CN114244530A (en) | Resource access method and device, electronic equipment and computer readable storage medium | |
| CN103368918A (en) | Method, device and system for dynamic password authentication | |
| CN115955320B (en) | Video conference identity authentication method | |
| CN108155992B (en) | Method for generating credible secret key | |
| CN109698839B (en) | Desensitization data comparison method and device based on asymmetric algorithm | |
| JP2003234734A (en) | Mutual authentication method, server device, client device, mutual authentication program and storage medium stored with mutual authentication program | |
| CN108155991B (en) | Generation system of trusted key | |
| CN114584975B (en) | SDN-based anti-quantum satellite network access authentication method | |
| CN113872979B (en) | Login authentication method, login authentication device, electronic equipment and computer readable storage medium | |
| CN108449347B (en) | Key generation server | |
| CN115473655A (en) | Terminal authentication method, device and storage medium for access network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |