CN110048920B - Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob - Google Patents

Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob Download PDF

Info

Publication number
CN110048920B
CN110048920B CN201910261672.0A CN201910261672A CN110048920B CN 110048920 B CN110048920 B CN 110048920B CN 201910261672 A CN201910261672 A CN 201910261672A CN 110048920 B CN110048920 B CN 110048920B
Authority
CN
China
Prior art keywords
key
home
mobile terminal
communication
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910261672.0A
Other languages
Chinese (zh)
Other versions
CN110048920A (en
Inventor
富尧
钟一民
杨羽成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201910261672.0A priority Critical patent/CN110048920B/en
Publication of CN110048920A publication Critical patent/CN110048920A/en
Application granted granted Critical
Publication of CN110048920B publication Critical patent/CN110048920B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a quantum computation resistant intelligent home close range energy-saving communication method and system based on a key fob, wherein intelligent home components comprise a home gateway, home devices and a mobile terminal, each intelligent home component is provided with the key fob, a computed communication key table is arranged in the home device key fob, the home devices and the mobile terminal extract corresponding communication keys by combining respective random numbers and home gateway random numbers, and authenticate tickets distributed by the home gateway to further obtain a trusted session key; the communication key generated by the home device is extracted by combining the home device random number and the home gateway random number with the communication key table look-up table. The key fob effectively reduces the possibility that the key is stolen by malicious software or malicious operations, and the home device utilizes the communication key table to directly extract the communication key, so that the calculation amount is small, the speed is high, and the battery service time of the home device is prolonged.

Description

Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob
Technical Field
The invention relates to the technical field of intelligent home equipment, in particular to a quantum computation resistant intelligent home near field energy-saving communication method and system based on a key fob.
Background
With the continuous development of information technology and social economy, the living standard of people is continuously improved, the living pace is gradually accelerated, and residents can conveniently and quickly enjoy intelligent, comfortable, efficient and safe home life through terminals such as mobile phones. With the gradual increase of household intelligent devices, people put higher requirements on the intelligent operation of the household devices. In a general intelligent home device communication method, asymmetric key encryption is used for ensuring data security, different keys are used for encryption and decryption in asymmetric key encryption, one key is published publicly, namely a public key, and the other key is kept secretly by a user, namely a private key. The information sender uses the public key to decrypt, and the information receiver uses the private key to decrypt; or the sender of the information is decrypted with the private key and the receiver of the information is decrypted with the public key.
At present, traditional communication encryption and transmission security both rely on complex mathematical algorithms. That is, because the computing power of the computer is limited at present, the result cannot be calculated in the time period of the demand, so that the present digital cryptosystem is safe. But this state of security has become increasingly compromised by quantum computers. For example, for asymmetric key algorithms in classical cryptography, there is a dedicated quantum computer algorithm (shor algorithm, etc.) for cracking. In the presence of quantum computers with high computing power, even higher-level secure communication is likely to be deciphered and intercepted by the current communication means. Therefore, it is an urgent need to establish a practically usable whole set of quantum communication network schemes.
As most people know, quantum computers have great potential in password cracking. The asymmetric (public key) encryption algorithms, such as the RSA encryption algorithm, which are mainstream today, are mostly based on two mathematical challenges, namely factorization of large integers or computation of discrete logarithms over a finite field. Their difficulty in breaking is also dependent on the efficiency with which these problems are solved. On a traditional computer, the two mathematical problems are required to be solved, and the time is taken to be exponential (namely, the cracking time increases in exponential order along with the increase of the length of the public key), which is not acceptable in practical application. The xiuer algorithm tailored for quantum computers can perform integer factorization or discrete logarithm calculation within polynomial time (i.e. the cracking time increases at the speed of k power along with the increase of the length of a public key, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for the cracking of RSA and discrete logarithm encryption algorithms.
The problems existing in the prior art are as follows:
(1) in the prior art, the home gateway has no reliable protection measures. The home gateway is a central network element of an intelligent home, has Internet surfing capability and is likely to be infected with viruses Trojan horse so as to steal information; or is attacked to cause paralysis, resulting in paralysis of the entire smart-home solution.
(2) In the prior art, a mobile terminal key is stored in a mobile terminal memory, and can be stolen by malicious software or malicious operations when exposed to the threat of a virus trojan of a mobile terminal.
(3) Because the quantum computer can quickly obtain the corresponding private key through the public key, the existing intelligent home communication method established on the basis of the public and private keys is easy to crack by the quantum computer.
(4) If the key fob stores the public key and the private key, the household equipment with low power consumption cannot bear the calculation amount, the calculation is slow, and the electric quantity is easy to be quickly consumed.
(5) If the symmetric key pool is stored in the key fob, the home gateway serving as the home communication center needs to store a plurality of large-capacity symmetric key pools, which greatly consumes the storage space of the home gateway.
Disclosure of Invention
In view of the above, it is necessary to provide a method and a system for quantum computation resistant smart home proximity energy-saving communication based on a key fob.
A quantum computation resistant intelligent home near-distance energy-saving communication method based on a key fob comprises intelligent home components, home devices and a mobile terminal, wherein the intelligent home components are connected with one another and used for realizing information interaction, each intelligent home component is provided with the key fob, a computed communication key table is arranged in the key fob of the home devices, the home devices and the mobile terminal extract corresponding communication keys by combining respective random numbers with the random numbers of the home gateways and authenticate tickets distributed by the home gateways by using the communication keys to further obtain trusted session keys, wherein,
the communication key generated by the mobile terminal is generated by combining a mobile terminal random number and a home gateway random number with a corresponding algorithm;
the communication key generated by the home equipment is extracted by combining the home equipment random number and the home gateway random number with the communication key table and looking up the table.
The issuer of the key fob is the owner of the key fob, typically the smart home itself, or a management entity of the smart home, such as a community property, and the issuer of the key fob is a member of the management of the owner of the key fob, typically a family member, a maintenance person, and a visitor of the smart home.
Key fobs are identity authentication and encryption/decryption products that combine cryptographic techniques, hardware security isolation techniques, quantum physics techniques (with quantum random number generators). The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. The key fob is a stand-alone hardware device and the likelihood of a key being stolen by malware or malicious operations is greatly reduced.
In one embodiment, the method for authenticating the ticket by the mobile terminal and the home device by using the generated communication key comprises the following steps: and decrypting the ticket by using the communication key, and comparing the random number in the ticket with the self random number to obtain a trusted session key.
In one embodiment, the ticket comprises a mobile terminal ticket and a home device ticket, wherein the mobile terminal ticket is composed of the session key, a communication key between the mobile terminal and the home gateway, an address ID of the home device and a random number of the mobile terminal;
the home device bill is composed of the session key, a communication key between the home device and the home gateway, an address ID of the mobile terminal, and a random number of the home device.
In one embodiment, the method for generating the communication key by the mobile terminal includes: and respectively extracting a corresponding mobile terminal public key and a corresponding home gateway private key by combining a mobile terminal random number and a home gateway random number with a key pool in a mobile terminal key fob and generating a communication key between the mobile terminal and the home gateway by using a corresponding algorithm, wherein the public key pool of the mobile terminal key fob key pool comprises a home gateway public key pool, a home device public key pool and a mobile terminal public key pool.
In one embodiment, the method for generating the communication key by the home device includes: and respectively combining the home equipment random number and the home gateway random number with corresponding pointer functions to generate corresponding private key pointers, and extracting the communication key from the communication key table by using the obtained private key pointers.
In one embodiment, the method for extracting the public key of the mobile terminal comprises the following steps: combining the random number of the mobile terminal with a pointer function to obtain a mobile terminal private key pointer, adding the mobile terminal private key pointer to the initial position of a mobile terminal public key pool in a corresponding mobile terminal key fob to obtain a mobile terminal public key pointer, and extracting a corresponding mobile terminal public key from the key fob by using the mobile terminal public key pointer.
A quantum computation resistant intelligent home near field energy-saving communication method based on a key fob comprises intelligent home components, wherein the intelligent home components comprise a home gateway, home devices and a mobile terminal, all the components are connected with each other and used for realizing information interaction, each intelligent home component is provided with the key fob, a calculated communication key table is arranged in the home device key fob, the home devices and the mobile terminal authenticate bills distributed by the home gateway by using communication keys so as to obtain a trusted session key, and the message authentication between the mobile terminal and the home devices is realized by using the session key, wherein:
the communication key generated by the mobile terminal is generated by combining a mobile terminal random number and a home gateway random number with a corresponding algorithm;
the communication key generated by the home equipment is extracted by combining the home equipment random number and the home gateway random number with the communication key table and looking up the table.
A quantum computation resistant intelligent home near-field energy-saving communication system based on a key fob comprises intelligent home components, wherein the intelligent home components comprise a home gateway, home devices and a mobile terminal, all the components are connected with each other and are used for realizing information interaction, each intelligent home component is provided with the key fob, a calculated communication key table is arranged in the home device key fob, the home devices and the mobile terminal extract corresponding communication keys by combining respective random numbers with home gateway random numbers, the communication keys are used for authenticating bills distributed by the home gateway so as to obtain a trusted session key, wherein,
the communication key generated by the mobile terminal is generated by combining a mobile terminal random number and a home gateway random number with a corresponding algorithm;
the communication key generated by the home equipment is extracted by combining the home equipment random number and the home gateway random number with the communication key table and looking up the table.
The quantum computation resistant intelligent home near-field energy-saving communication method and system based on the key fob are characterized in that the intelligent home components comprise a home gateway, home devices and a mobile terminal, all the components are connected with each other and used for realizing information interaction, each intelligent home component is provided with the key fob, a computed communication key table is arranged in the home device key fob, the home devices and the mobile terminal extract corresponding communication keys by combining respective random numbers with home gateway random numbers, and authenticate tickets distributed by the home gateway by using the communication keys to further obtain trusted session keys, wherein the communication keys generated by the mobile terminal are generated by combining the mobile terminal random numbers and the home gateway random numbers with corresponding algorithms; the communication key generated by the home equipment is extracted by combining the home equipment random number and the home gateway random number with the communication key table and looking up the table. The key fob effectively reduces the possibility that the key is stolen by malicious software or malicious operations, and the home device uses the communication key table to directly extract the communication key, so that the calculation amount is small, the speed is high, and the battery service time of the home device is prolonged.
Drawings
Fig. 1 is a diagram of an intelligent home networking provided by an embodiment of the present invention;
fig. 2 is a schematic diagram of a configuration of a key zone of a home gateway key fob;
fig. 3 is a schematic structural diagram of a public key pool in a key area of a home gateway key card;
fig. 4 is a schematic diagram of a structure of a key zone of a key fob of a home device;
fig. 5 is a flowchart of obtaining public and private keys according to an embodiment of the present invention;
fig. 6 is a communication timing diagram of a key agreement process.
Detailed Description
Intelligent home components as shown in fig. 1, the home gateway S has a routing function and is a management center that connects all devices (devices include a home device C or a mobile terminal M). The home gateway S is connected with the mobile terminal M through Wifi or Internet. In this embodiment, the address ID of the home gateway S is IDs. The home gateway key fob used by the home gateway S is located inside the home gateway S and is generally embodied in the form of a key fob. The specific structure is shown in fig. 2, and the home gateway key fob includes a public key pool and a private key pool. The specific structure of the public key pool is shown in fig. 3, and includes a home gateway public key pool and N device public key pools of N devices, where the device public key pool includes a home device public key pool and a mobile terminal public key pool. The home gateway public key pool has the starting position Kp0 and the size Ks 0. The size of the home gateway private key pool is also Ks 0. The starting positions of the N device public key pools are Kp1, Kp2, … … and KpN respectively, and the sizes of the N device private key pools are Ks1, Ks2, … … and KsN respectively. The size of each key pool varies from 1G to 4096G.
The number of the home gateway key is 1-m, the private key pool of the home gateway is { S1, S2, … …, Sm }, and the public key pool of the home gateway is { S1, S2, … …, Sm }. According to the Diffie-Hellman protocol, namely a key exchange protocol, a large prime number p and a number g are defined, the number g is an original root of the large prime number p, and both the number g and the large prime number p are parameters of the Diffie-Hellman protocol. The home gateway S generates a true random large integer Si (i is belonged to {1, 2, … …, m }) as a private key thereof according to the matched home gateway key fob, and obtains a home gateway public key Si which is g through calculationsi mod p(i∈{1,2,……,m})。
The household equipment C comprises a monitoring camera, a cat eye, a door lock, an intelligent switch, a video server, a monitoring server and the like. In this embodiment, the address ID of the home device C is IDC, and the home device C uses a home device key fob. The key numbers of certain household equipment C are respectively 1-n, the private key pool of the household equipment is { C1, C2, … …, Cn }, the public key pool of the household equipment is { C1, C2, … …, Cn }, wherein the household equipment C is arranged in a familySpare public key Cj ═ gcjmod p, j ∈ {1, 2, … …, n }. The key fob issuer calculates all communication keys Kij for the home device C in such a way that Kij ═ Sicjmod p, where Si is the home gateway public key and cj is the home device private key. The key fob issuer will create a communication key table (i.e., the gray area in fig. 4) of all the calculated communication keys Kij and copy them into the home device key fob.
The mobile terminal M includes a mobile phone of a home owner, a tablet computer, and the like. The home gateway S can be accessed through Wifi or Internet, and the home device C can be controlled through near field communication (such as BLE/NFC/two-dimensional code/infrared). In this embodiment, the address ID of the mobile terminal M is IDM. The mobile terminal M uses a mobile terminal key fob, the internal storage key zone of which is the same as the home gateway key fob. Except that the key fob is typically embodied in a portable form such as SDKEY or UKEY or a mobile phone motherboard chip.
Example 1
The steps of the home gateway S and the home device C negotiating the key are as follows:
and the home gateway S takes out the random number r according to the random number generator matched in the home gateway key fob and splits the random number r into a home gateway random number rs and a home device random number rc. And obtaining a communication key Kc according to the home gateway random number rs and the home equipment random number rc. The process is shown in fig. 5, and the text is described as follows:
and obtaining a home gateway private key pointer Ns by combining the home gateway random number rs with a specific pointer function Fs, and extracting a home gateway private key SKs from the home gateway private key pool through the home gateway private key pointer Ns. And the home gateway public key pointer Kss can be obtained by adding the home gateway private key pointer Ns and the home gateway public key pool starting position Ks0, and the home gateway public key PKs is extracted from the home gateway public key pool through the home gateway public key pointer Kss.
The home device random number rc is used to combine with a specific pointer function Fc to obtain a home device private key pointer Nc, the home device public key pointer Ksc is obtained by adding the home device private key pointer Nc to the home device public key pool starting position KsN, and the home device public key PKc is extracted from the home device public key pool by the home device public key pointer Ksc.
Calculating communication key Kc ═ (PKc)SKs mod p。
The PKc is a public key of the home device, the SKs is a private key of the home gateway, and the p is a large prime number.
The home gateway S communicates with the home device C using the communication key Kc as a key encryption message. After the home device C receives the message encrypted by using Kc as a key, a home gateway private key pointer Ns and a home device private key pointer Nc are calculated according to the home gateway random number rs and the home device random number rc, and a communication key Kc is obtained by table lookup corresponding to a row i and a column j in a communication key table.
In this embodiment, the mobile terminal M and the home device C perform a key agreement process through the home gateway S.
The key agreement comprises message authentication and bill authentication, wherein the bill authentication is that the home device C and the mobile terminal M use respective random numbers to combine with a home gateway S random number to extract corresponding communication keys, the bills distributed by the home gateway S are authenticated by using the communication keys, and the session key Kmc is generated by the home gateway S to realize direct communication between the mobile terminal M and the home device C;
the ticket comprises a mobile terminal ticket Tm and a home device ticket Tc, wherein the mobile terminal ticket Tm is formed by the session key Kmc, a communication key Km between the mobile terminal M and the home gateway S, an address IDC of the home device C and a random number rm of the mobile terminal M, namely Tm ═ { Kmc | | IDC | | rm } Km;
the home device ticket Tc is composed of the session key Kmc, a communication key Kc between the home device C and the home gateway S, an address IDM of the mobile terminal M, and a random number rc of the home device C, that is, Tc { Kmc | | | IDM | | rc } Kc.
The message authentication includes that the home device C and the mobile terminal M authenticate the ticket distributed by the home gateway S by using a communication key, obtain a trusted session key Kmc, and use the session key Kmc to implement message authentication between the mobile terminal M and the home device C.
Fig. 6 shows a process of the mobile terminal M and the home device C negotiating a key through the home gateway S, which includes the following steps:
step 1.1, the mobile terminal M and the home device C send key negotiation basic information to the home gateway S.
Step 1.1.1 the mobile terminal M generates a mobile terminal random number rm according to the random number generator in the matched mobile terminal key fob, and sends it to the home device C together with the mobile terminal address IDM.
Step 1.1.2 after receiving the mobile terminal random number rm and the address IDM of the mobile terminal, the home device C generates a home device random number rc according to a random number generator in the matched home device key fob, and sends the home device random number rc, the IDC of the home device address, the address IDM of the mobile terminal received from the mobile terminal M, and the mobile terminal random number rm as a first message sesdd to the home gateway S. The first message sestd is also used as the session ID for the key negotiation and can be expressed as sestd | | Nc | | IDM | | Nm.
Step 1.2, the home gateway S distributes the ticket.
Step 1.2.1 after the home gateway S receives the first message sesssid, it generates a home gateway random number rs according to the random number generator in the matched home gateway key fob, and also generates a session key Kmc between the mobile terminal M and the home device C and makes two tickets, i.e., a mobile terminal ticket Tm and a home device ticket Tc, respectively.
Wherein the home device ticket Tc is formed by encrypting a home device parameter by a communication key Kc between the home device C and the home gateway S, and the home device parameter includes a session key Kmc, an address IDM of the mobile terminal M, and a random number rc of the home device C, that is, Tc { Kmc | | | IDM | | rc } Kc.
The communication key Kc between the home device C and the home gateway S is determined by the home device rc and the home gateway random number rs through calculation, and the calculation method comprises the following steps:
and obtaining a home gateway private key pointer Ns by combining the home gateway random number rs with a specific home gateway key pointer function Fs, and extracting a home gateway private key SKs from the home gateway private key pool through the home gateway private key pointer Ns. And the home gateway public key pointer Kss can be obtained by adding the home gateway private key pointer Ns and the home gateway public key pool starting position Ks0, and the home gateway public key PKs is extracted from the home gateway public key pool through the home gateway public key pointer Kss.
The home device random number rc is used to combine with a specific home device key pointer function Fc to obtain a home device private key pointer Nc, the home device public key pointer Ksc is obtained by adding the home device private key pointer Nc to the home device public key pool starting position KsN, and the home device public key PKc is extracted from the home device public key pool by the home device public key pointer Ksc.
Calculating communication key Kc ═ (PKc)SKs mod p。
The PKc is a public key of the home device, the SKs is a private key of the home gateway, and the p is a large prime number.
Similarly, the mobile terminal ticket Tm is formed by encrypting mobile terminal parameters by using the communication key Km between the mobile terminal M and the home gateway S, and the mobile terminal parameters include the session key Kmc, the address IDC of the home device C, and the random number rm of the mobile terminal M, that is, Tm ═ Kmc | | | IDC | | rm } Km.
And the communication key Km between the mobile terminal M and the home gateway S is obtained by calculating a mobile terminal random number rm and a home gateway random number rs.
The home gateway S sends the first message sesssid, the home gateway random number rs, and the two tickets Tm and Tc to the home device C.
Step 1.2.2 after the home device C receives the first message sesssid, the home gateway random number rs, and the two tickets Tm and Tc, the home device C checks the communication key table according to the home device random number rc and the home gateway random number rs in the first message sesssid to determine the communication key Kc, and specifically, the method for obtaining the communication key Kc includes:
and respectively combining the random number rs of the home gateway and the random number rc of the home equipment with a pointer function to obtain a private key pointer Ns of the home gateway and a private key pointer Nc of the home equipment, wherein the private key pointer Ns of the home gateway and the private key pointer Nc of the home equipment correspond to a row i and a column j in a communication key table, and looking up the table to obtain a communication key Kc.
The communication key Kc decrypts the home device ticket Tc to obtain the session key Kmc, and compares the home device random number rc decrypted from the home device ticket Tc with the home device random number of the user, and after verification, trusts the session key Kmc. A first message authentication code is then made using the session key Kmc for the mobile terminal random number rm, the home device random number rc, and the address of the home device IDC, which may be denoted as MACmc1 ═ MAC (Kmc, rm | | | | rc | | | IDC). Where MAC (k, m) represents a message authentication code with k as a key and m as a message. And sending the first message SESSID, the first message authentication code MACmc1, the mobile terminal bill Tm, the home gateway random number rs, namely SESSID | | | rs | | Tm | | MACmc1 to the mobile terminal M.
And step 1.3, performing message authentication.
Step 1.3.1, after receiving the first message sesssid, the first message authentication code MACmc1, the mobile terminal ticket Tm, and the home gateway random number rs, the mobile terminal M calculates a communication key Km according to the mobile terminal random number rm and the home gateway random number rs in the first message sesssid, and specifically, the method for obtaining the communication key Km includes:
and obtaining a home gateway private key pointer Ns by combining the home gateway random number rs with a specific pointer function Fs, and extracting a home gateway private key SKs from the home gateway private key pool through the home gateway private key pointer Ns. And the home gateway public key pointer Kss can be obtained by adding the home gateway private key pointer Ns and the home gateway public key pool starting position Ks0, and the home gateway public key PKs is extracted from the home gateway public key pool through the home gateway public key pointer Kss.
And obtaining a mobile terminal private key pointer Nm by combining the mobile terminal random number rm with a specific pointer function Fm, obtaining a mobile terminal public key pointer Ksm by adding the mobile terminal private key pointer Nm to the starting position KsN of the mobile terminal public key pool, and extracting a mobile terminal public key PKm from the mobile terminal public key pool by using the mobile terminal public key pointer Ksm.
Calculating communication key Km ═ (PKm)SKs mod p。
The session key Kmc is obtained by decrypting the mobile terminal ticket Tm with the communication key Km, and the mobile terminal random number rm decrypted from the mobile terminal ticket Tm is compared with the own mobile terminal random number, and after verification, the session key Kmc is trusted. And then, a session key Kmc is used for calculating a second message authentication code MACmc1 'for the mobile terminal random number rm, the home device random number rc and the address IDC of the home device, namely rm | | | rc | | | IDC, and comparing the second message authentication code MACmc 1' with the first message authentication code MACmc1, and if the first message authentication code MACmc and the second message authentication code MACmc are equal, message authentication is completed. After the first message authentication code MACmc1 is verified, a third message authentication code MACm for performing message authentication on the home gateway S is created using the communication key Km, and a fourth message authentication code MACmc2 is created using the session key Kmc. May be expressed as MACm ═ MAC (Km, Nm | | | Ns), MACmc2 ═ MAC (Kmc, Nm | | | Nc). And sending the first message, the third message authentication code and the fourth message authentication code, namely SESSID | | MACm | | MACmc2 to the household equipment C.
Step 1.3.2 after receiving the first message, the third message authentication code and the fourth message authentication code, the home device C uses the session key Kmc to calculate a fifth message authentication code MACmc2 'for the mobile terminal random number rm and the home device random number rcrm | | | rc, and compares the fifth message authentication code MACmc 2' with the fourth message authentication code MACmc2, and if the first message, the third message authentication code and the fourth message authentication code are equal, the message authentication is completed. After the fourth message authentication code MACmc2 is verified, a sixth message authentication code MACc for authenticating the message to the home gateway S is generated using the communication key Kc, which may be denoted as MACc ═ MAC (Kc, Nc | | | Ns). And sending the first message, the sixth message authentication code and the third message authentication code, namely SESSID | | MACc | | MACm to the home gateway S.
Step 1.3.3, after receiving the message, the home gateway S queries the first message SESSID to obtain a communication key Km and a communication key Kc, calculates a seventh message authentication code MACm ' for the mobile terminal random number rm and the home gateway random number rs rm | | | rs by using the communication key Km, compares the seventh message authentication code MACm ' with the third message authentication code MACm, completes message authentication if the seventh message authentication code MACm ' is equal to the third message authentication code MACm, and confirms that the mobile terminal M completes authentication and session key issuance. And calculating an eighth message authentication code MACc ' for rc | | | rs by using the communication key Kc, comparing the eighth message authentication code MACc ' with the sixth message authentication code MACc, and finishing message authentication if the eighth message authentication code MACc ' is equal to the sixth message authentication code MACc, and confirming that the home equipment C finishes authentication and session key issuance. And after the verification is passed, the key agreement between the mobile terminal M and the home equipment C is completed, and the event is recorded in a log for later audit.
Key fobs are identity authentication and encryption/decryption products that combine cryptographic techniques, hardware security isolation techniques, quantum physics techniques (with quantum random number generators). The embedded chip and operating system of the key fob may provide secure storage of keys and cryptographic algorithms, among other functions. Due to its independent data processing capabilities and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob can be protected by a hardware PIN code, and the PIN code and hardware constitute two essential factors for a user to use the key fob, so-called "two-factor authentication", and a user can log in the system only by simultaneously acquiring the key fob and the user PIN code which store relevant authentication information. Even if the PIN code of the user is leaked, the identity of the legal user cannot be counterfeited as long as the key fob held by the user is not stolen; if the key card of the user is lost, the finder can not imitate the identity of the legal user because the user PIN code is not known. In short, the key fob prevents confidential information such as keys from appearing in the form of plaintext on the disk and memory of the host, thereby effectively ensuring the security of the confidential information.
Members of the smart family are each provided with a key fob using which keys are stored, the key fob being a separate hardware device, the likelihood of the keys being stolen by malware or malicious operations is greatly reduced. Meanwhile, each intelligent family member utilizes the anti-quantum computation public key disclosed by the shared user side to be combined with the asymmetric key pool to extract the public key of the required intelligent family member, and the public key of the intelligent family member is stored in the key fob, so that the quantum computer is ensured not to obtain the user public key, and further the corresponding private key can not be obtained, and the cracking risk of the intelligent family member by the quantum computer is reduced.
The low-power-consumption home device C does not use a public key and a private key for calculation, can obtain a shared key for encrypted communication with the home gateway S only by looking up a table, and has small calculation amount and high speed; and can save energy and prolong the service time of the battery of the household equipment C. In the process of obtaining the shared key by the mobile terminal M and the home gateway S, the exponential calculation of 2 public keys in the Diffie-Hellman protocol is not needed to be calculated, and only the exponential calculation of the final key is needed to be carried out for 1 time, so that the calculation amount is reduced, the energy can be saved for the mobile terminal M and the home gateway S, and the battery service time of the mobile phone is prolonged.
The home gateway S serving as the home communication center only needs to store a plurality of groups of public key pools without storing a plurality of large-capacity symmetric key pools, so that the storage space of the home gateway S is greatly saved. According to the above embodiment, when the home gateway S adds the nth home device C, it is originally necessary to add and store the same key amount, i.e., m × N, as the nth home device C according to the symmetric key pool method; now, only the key amount of the public key pool corresponding to the nth household device C needs to be added, that is, N, the newly added key amount is greatly reduced. The above embodiment thus saves a great deal of storage space for the home gateway S.
The Diffie-Hellman protocol used in the above described embodiment may also be replaced with an Elliptic Curve version thereof, i.e., ECDH (Elliptic Current Diffie-Hellman), the effect of which is the same.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (5)

1. A quantum computation resistant intelligent home near-field energy-saving communication method based on a key fob is disclosed, wherein intelligent home components comprise a home gateway, home devices and a mobile terminal, all the components are connected with each other and used for realizing information interaction, the method is characterized in that each intelligent home component is provided with the key fob, a key fob issuer calculates all communication keys for the home devices to form a communication key table and copies the communication keys into the home device key fob, the home devices and the mobile terminal extract corresponding communication keys by combining respective random numbers with home gateway random numbers, and the communication keys are used for authenticating bills distributed by the home gateway, and the authentication method comprises the following steps: decrypting the ticket using the communication key and comparing the random number in the ticket with the self random number to obtain a trusted session key, wherein,
the method for generating the communication key by the mobile terminal comprises the following steps:
respectively extracting a corresponding mobile terminal public key and a corresponding home gateway private key by combining a mobile terminal random number and a home gateway random number with a key pool in a mobile terminal key fob and generating a communication key between the mobile terminal and the home gateway by using a corresponding algorithm, wherein the public key pool of the mobile terminal key fob key pool comprises a home gateway public key pool, a home device public key pool and a mobile terminal public key pool;
the method for generating the communication key by the home equipment comprises the following steps:
and respectively combining the home equipment random number and the home gateway random number with corresponding pointer functions to generate corresponding private key pointers, and extracting the communication key from the communication key table by using the obtained private key pointers.
2. The key fob-based quantum computing-resistant smart home proximity energy-saving communication method of claim 1, wherein the ticket includes a mobile terminal ticket and a home device ticket,
the mobile terminal bill is composed of the session key, a communication key between the mobile terminal and the home gateway, the address ID of the home device and the random number of the mobile terminal;
the home device bill is composed of the session key, a communication key between the home device and the home gateway, an address ID of the mobile terminal, and a random number of the home device.
3. The key fob-based quantum computation-resistant smart home near field energy-saving communication method according to claim 1, wherein the mobile terminal public key extraction method comprises: combining the random number of the mobile terminal with a pointer function to obtain a mobile terminal private key pointer, adding the mobile terminal private key pointer to the initial position of a mobile terminal public key pool in a corresponding mobile terminal key fob to obtain a mobile terminal public key pointer, and extracting a corresponding mobile terminal public key from the key fob by using the mobile terminal public key pointer.
4. A quantum computation resistant smart home near field energy-saving communication method based on a key fob is disclosed, wherein smart home components comprise a home gateway, home devices and a mobile terminal, all the components are connected with each other for realizing information interaction, the method is characterized in that each smart home component is provided with the key fob, a key fob issuer calculates all communication keys for the home devices to form a communication key table and copies the communication keys into the home device key fob, the home devices and the mobile terminal authenticate tickets distributed by the home gateway by using the communication keys, and the authentication method comprises the following steps: decrypting the bill by using a communication key, comparing a random number in the bill with a random number of the mobile terminal, obtaining a trusted session key, generating a message authentication code between the mobile terminal and the home device by using the session key, and performing message authentication between the mobile terminal and the home device by using the message authentication code, wherein:
the method for generating the communication key by the mobile terminal comprises the following steps:
respectively extracting a corresponding mobile terminal public key and a corresponding home gateway private key by combining a mobile terminal random number and a home gateway random number with a key pool in a mobile terminal key fob and generating a communication key between the mobile terminal and the home gateway by using a corresponding algorithm, wherein the public key pool of the mobile terminal key fob key pool comprises a home gateway public key pool, a home device public key pool and a mobile terminal public key pool;
the method for generating the communication key by the home equipment comprises the following steps:
and respectively combining the home equipment random number and the home gateway random number with corresponding pointer functions to generate corresponding private key pointers, and extracting the communication key from the communication key table by using the obtained private key pointers.
5. A quantum computation resistant intelligent home near-field energy-saving communication system based on a key fob is disclosed, wherein intelligent home components comprise a home gateway, home devices and a mobile terminal, all the components are connected with each other and used for realizing information interaction, the system is characterized in that each intelligent home component is provided with the key fob, a key fob issuer calculates all communication keys for the home devices to prepare a communication key table and copies the communication keys into the home device key fob, the home devices and the mobile terminal extract corresponding communication keys by combining respective random numbers with home gateway random numbers and authenticate tickets distributed by the home gateway by using the communication keys, and the authentication method comprises the following steps: decrypting the ticket using the communication key and comparing the random number in the ticket with the self random number to obtain a trusted session key, wherein,
the method for generating the communication key by the mobile terminal comprises the following steps:
respectively extracting a corresponding mobile terminal public key and a corresponding home gateway private key by combining a mobile terminal random number and a home gateway random number with a key pool in a mobile terminal key fob and generating a communication key between the mobile terminal and the home gateway by using a corresponding algorithm, wherein the public key pool of the mobile terminal key fob key pool comprises a home gateway public key pool, a home device public key pool and a mobile terminal public key pool;
the method for generating the communication key by the home equipment comprises the following steps:
and respectively combining the home equipment random number and the home gateway random number with corresponding pointer functions to generate corresponding private key pointers, and extracting the communication key from the communication key table by using the obtained private key pointers.
CN201910261672.0A 2019-04-02 2019-04-02 Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob Active CN110048920B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910261672.0A CN110048920B (en) 2019-04-02 2019-04-02 Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910261672.0A CN110048920B (en) 2019-04-02 2019-04-02 Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob

Publications (2)

Publication Number Publication Date
CN110048920A CN110048920A (en) 2019-07-23
CN110048920B true CN110048920B (en) 2021-06-22

Family

ID=67275812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910261672.0A Active CN110048920B (en) 2019-04-02 2019-04-02 Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob

Country Status (1)

Country Link
CN (1) CN110048920B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115250189B (en) * 2021-04-27 2023-06-02 西门子(中国)有限公司 Key management method and device for intelligent household equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200000A (en) * 2013-03-27 2013-07-10 武汉大学 Shared secret key establishment method under quantum computing environment
CN109495251A (en) * 2018-12-03 2019-03-19 如般量子科技有限公司 Anti- quantum calculation wired home cloud storage method and system based on key card
CN109495250A (en) * 2018-12-03 2019-03-19 如般量子科技有限公司 Anti- quantum calculation wired home communication means based on key card

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10798086B2 (en) * 2017-05-08 2020-10-06 Amazon Technologies, Inc. Implicit certificates using ring learning with errors
CN109104276B (en) * 2018-07-31 2021-10-22 如般量子科技有限公司 Cloud storage security control method and system based on key pool

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200000A (en) * 2013-03-27 2013-07-10 武汉大学 Shared secret key establishment method under quantum computing environment
CN109495251A (en) * 2018-12-03 2019-03-19 如般量子科技有限公司 Anti- quantum calculation wired home cloud storage method and system based on key card
CN109495250A (en) * 2018-12-03 2019-03-19 如般量子科技有限公司 Anti- quantum calculation wired home communication means based on key card

Also Published As

Publication number Publication date
CN110048920A (en) 2019-07-23

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
US10785019B2 (en) Data transmission method and apparatus
CN109151053B (en) Anti-quantum computing cloud storage method and system based on public asymmetric key pool
CN109495250B (en) Quantum-computation-resistant intelligent home communication method and system based on key fob
CN109951513B (en) Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card
CN109495251B (en) Anti-quantum-computation intelligent home cloud storage method and system based on key fob
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
CN110224816B (en) Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment
Petrov et al. Towards the era of wireless keys: How the IoT can change authentication paradigm
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN110380859B (en) Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol
CN111404664A (en) Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices
CN109347923B (en) Anti-quantum computing cloud storage method and system based on asymmetric key pool
Guo et al. A Secure and Efficient Mutual Authentication and Key Agreement Protocol with Smart Cards for Wireless Communications.
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN112291179B (en) Method, system and device for realizing equipment authentication
Feiri et al. Efficient and secure storage of private keys for pseudonymous vehicular communication
CN109299618B (en) Quantum-resistant computing cloud storage method and system based on quantum key card
CN110213056B (en) Anti-quantum computing energy-saving communication method and system and computer equipment
CN110519214B (en) Application system short-distance energy-saving communication method, system and equipment based on online and offline signature and auxiliary verification signature
CN110048920B (en) Anti-quantum-computation intelligent home near-distance energy-saving communication method and system based on key fob
Tsague et al. An advanced mutual-authentication algorithm using 3DES for smart card systems
CN109302283B (en) Anti-quantum computing agent cloud storage method and system based on public asymmetric key pool
CN110061895B (en) Close-range energy-saving communication method and system for quantum computing resisting application system based on key fob
CN109412788B (en) Anti-quantum computing agent cloud storage security control method and system based on public key pool

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant