CN110535632B

CN110535632B - Quantum communication service station AKA key negotiation method and system based on asymmetric key pool pair and DH protocol

Info

Publication number: CN110535632B
Application number: CN201910591318.4A
Authority: CN
Inventors: 富尧; 钟一民; 余秋炜
Original assignee: Ruban Quantum Technology Co Ltd
Current assignee: Ruban Quantum Technology Co Ltd
Priority date: 2019-07-02
Filing date: 2019-07-02
Publication date: 2023-09-05
Anticipated expiration: 2039-07-02
Also published as: CN110535632A

Abstract

The application relates to a quantum communication service station AKA key negotiation method and system based on an asymmetric key pool pair and DH protocol, wherein a client A, a service station and a client B are all provided with key cards, the key cards are used for storing keys, the key cards are independent hardware devices, and the possibility of stealing the keys by malicious software or malicious operation is greatly reduced.

Description

Quantum communication service station AKA key negotiation method and system based on asymmetric key pool pair and DH protocol

Technical Field

The application relates to the technical field of secure communication, in particular to a quantum communication service station AKA key negotiation method and system based on an asymmetric key pool pair and DH protocol.

Background

The rapidly developed Internet brings great convenience to the life and work of people, and people can sit at home to send and receive e-mails, make calls, conduct online shopping, bank transfer and other activities through the Internet. At the same time, network message security is becoming a potentially enormous problem. Generally, network messages face several security risks: network messages are stolen, messages are tampered with, attacker counterfeits messages, vandalism, etc.

Authentication is one of the means to protect people's network messages. Identity authentication is also called "identity verification" or "identity authentication" and refers to the process of confirming the identity of an operator in a computer and a computer network system, so as to determine whether the user has access and use rights to a certain resource, further enable the access policies of the computer and the network system to be reliably and effectively executed, prevent an attacker from impersonating a legal user to obtain the access rights of the resource, ensure the security of the system and data, and authorize the legal interests of the visitor.

While the current guarantee of successful authentication mainly depends on cryptography, in the field of cryptography today there are mainly two types of cryptosystems, namely symmetric key cryptosystems, i.e. the encryption key and decryption key use the same. The other is a public key cryptosystem, i.e. the encryption key and the decryption key are different, one of which can be disclosed. Most of the identity authentication using algorithms currently mainly rely on public key cryptography.

The encryption key (public key) and the decryption key (private key) employed by the public key encryption system are different. Since the encryption key is public, distribution and management of keys is simple, and the public key encryption system can easily implement digital signatures.

Since the advent of public key encryption, scholars have proposed many public key encryption methods, the security of which is based on complex mathematical problems. Classified according to the mathematical problem on which it is based, there are three types of systems currently considered safe and effective: large integer factorization systems (typically RSA), discrete logarithmic systems (typically DSA), and elliptic discrete logarithmic systems (ECC).

However, with the development of a quantum computer, the classical asymmetric key encryption algorithm is no longer safe, and the quantum computer can obtain a private key through public key calculation no matter encryption and decryption or a key exchange method, so that the currently commonly used asymmetric key becomes incomparable in the quantum age. The current quantum key distribution device QKD can ensure that the negotiated key cannot be obtained. But QKD is mainly used for quantum trunk, and the user equipment to quantum communication service station is still a classical network, so it is difficult to guarantee the security of the identity authentication process by means of asymmetric algorithm.

The AKA mechanism (collectively, "Authentication and Key Agreement", authentication and key agreement) which is one of the authentication methods that are currently relatively common in the field of mobile communications, enables the negotiation and distribution of symmetric keys. However, there is a certain risk in calculating the key fixing on the authentication vector, but there is a large storage burden on the quantum communication service station if a large number of symmetric key pools are used.

Problems of the prior art:

1. the symmetric key pool is used between the quantum communication service station and the quantum key card, the capacity is huge, and the key storage of the quantum communication service station is stressed;

2. because of the huge key capacity of the symmetric key pool, the quantum communication service station has to store the key in a common storage medium such as a hard disk in an encrypted manner, but cannot store the key in a key fob of the quantum communication service station;

3. the key backup is troublesome because of the huge key capacity of the symmetric key pool.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a method and system for quantum communication service station AKA key agreement based on an asymmetric key pool pair and DH protocol.

The application discloses a quantum communication service station AKA key negotiation method based on an asymmetric key pool pair and DH protocol, which is implemented at a client A, and comprises the following steps:

generating a second random parameter, a first intermediate parameter and a first key after acquiring a first random parameter generated by a client B, wherein the first key is generated according to a DH protocol by utilizing a first private key of the client A and a first public key of a service station; generating a first message, wherein the first message comprises a first intermediate parameter, a device parameter of a client A, a device parameter of a service station and the second random parameter; encrypting at least a portion of the content of the first message with a first key and producing a first authentication code; sending a first message containing the first authentication code to the client B;

Obtaining a fourth message from the client B, wherein the fourth message comprises a network authentication token, the network authentication token is obtained by the service station through calculation by using a vector key, and the vector key is generated by using the first intermediate parameter and a first private key of the service station; generating the vector key and calculating to obtain a message authentication code, an authentication response, a confidentiality key and an integrity key in an authentication vector; comparing the message authentication code with the network authentication token and generating a fourth authentication code by using the integrity key and the authentication response after the message authentication code and the network authentication token pass through, and generating a fifth message, wherein the fifth message comprises the authentication response encrypted by using the confidentiality key and the fourth authentication code; sending the fifth message to the client B;

obtaining a sixth message from the client B, wherein the sixth message comprises a fifth authentication code encrypted by using a confidentiality key and a comparison result; the fifth authentication code is generated by the client B by using an integrity key and a comparison result, wherein the comparison result is generated after the client B compares the authentication response with the authentication response stored by the client B, the comparison result is decrypted and read, and if the comparison result is true, the trust confidentiality key is a session key, and the trust integrity key is an authentication key.

The application also discloses a quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and DH protocol, which is implemented in the service station and comprises the following steps:

acquiring a second message from the client B, wherein the second message comprises the first message, the equipment parameter of the client B, the first random parameter, the second intermediate parameter and the third random parameter; encrypting at least a portion of the content of the second message with a second key and producing a second authentication code; the first message comprises a first intermediate parameter, a device parameter of the client A, a device parameter of the service station and a second random parameter; encrypting at least a portion of the content of the first message with a first key and producing a first authentication code; the second random parameter, the first intermediate parameter and the third random parameter are generated by the client A, the first key is generated by the client A according to a DH protocol by using a first private key of the client A and a first public key of a service station, the second key is generated by using a first private key of the client B and a second public key of the service station according to the DH protocol, the second random parameter and the first intermediate parameter are generated by the client A, and the first random parameter and the second intermediate parameter are generated by the client B;

Decrypting and sequentially verifying the second authentication code, after the first authentication code, generating a vector key, a fourth random parameter and a third key, wherein the vector key is generated by using the first intermediate parameter and a first private key of a service station, and the third key is generated by using a second private key of the service station and the second intermediate parameter according to a DH protocol; generating an authentication vector by using the vector key, wherein the authentication vector comprises a message authentication code, an authentication response, a confidentiality key, an integrity key and a network authentication token; generating a third message, the third message comprising a fourth random parameter, an authentication vector; encrypting at least a portion of the content of the third message with a third key and producing a third authentication code; sending the third message containing a third authentication code to the client B;

the authentication vector is used for the client A and the client B to complete AKA authentication.

The application also discloses a quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and DH protocol, which is implemented at the client B, and comprises the following steps:

generating a first random parameter and sending the first random parameter to a client A;

Acquiring a first message from the client A, wherein the first message comprises a first intermediate parameter, a device parameter of the client A, a device parameter of a service station and a second random parameter; encrypting at least a portion of the content of the first message with a first key and producing a first authentication code; the second random parameter, a first intermediate parameter and a first secret key are generated by the client A according to a DH protocol by using a first private key of the client A and a first public key of the service station; generating a second intermediate parameter, a third random parameter and a second secret key after decryption, wherein the second secret key is generated by using a first private key of a client B and a second public key of a service station according to a DH protocol, and a second message is generated, and comprises the first message, equipment parameters of the client B, the first random parameter, the second intermediate parameter and the third random parameter; encrypting at least a portion of the content of the second message with a second key and producing a second authentication code; transmitting the second message including the second authentication code to a service station;

acquiring a third message from the service station, wherein the third message comprises a fourth random parameter and an authentication vector; encrypting at least a portion of the content of the third message with a third key and producing a third authentication code; the third secret key is generated by the service station by using a second private key of the service station and the second intermediate parameter according to a DH protocol, and the authentication vector is generated by the service station by using a vector secret key and comprises a message authentication code, an authentication response, a confidentiality secret key, an integrity secret key and a network authentication token; the vector key is generated by using the first intermediate parameter and a first private key of the service station; after decrypting and verifying the third authentication code, resolving and storing the authentication vector, generating a fourth message containing a network authentication token and sending the fourth message to the client A;

Obtaining a fifth message from the client A, wherein the fifth message comprises an authentication response encrypted by using a confidentiality key and a fourth authentication code; the fourth authentication code is generated by the client A by using an integrity key and an authentication response, wherein the authentication response and the confidentiality key, and the integrity key is generated by the client A by using a vector key; comparing the authentication response with the stored authentication response after decryption and generating a comparison result, wherein if the authentication response is equal to the authentication response, the trust confidentiality key is a session key, and the trust integrity key is an authentication key; generating a fifth authentication code by using the comparison result and the integrity key; generating a sixth message comprising a fifth authentication code encrypted with the confidentiality key and the comparison result; and sending the sixth message to the client A.

The application also discloses a quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and DH protocol, wherein the quantum communication service station AKA key negotiation method comprises the following steps:

the client B generates a first random parameter and sends the first random parameter to the client A;

the client A acquires a first random parameter generated by the client B and then generates a second random parameter, a first intermediate parameter and a first key, wherein the first key is generated according to a DH protocol by using a first private key of the client A and a first public key of a service station; generating a first message, wherein the first message comprises a first intermediate parameter, a device parameter of a client A, a device parameter of a service station and the second random parameter; encrypting at least a portion of the content of the first message with a first key and producing a first authentication code; sending a first message containing the first authentication code to the client B;

The client B obtains the first message, generates a second intermediate parameter, a third random parameter and a second key after decryption, the second key is generated according to a DH protocol by using a first private key of the client B and a second public key of a service station, and generates a second message, wherein the second message comprises the first message, equipment parameters of the client B, the first random parameter, the second intermediate parameter and the third random parameter; encrypting at least a portion of the content of the second message with a second key and producing a second authentication code; transmitting the second message including the second authentication code to a service station;

the service station obtains a second message, decrypts and sequentially verifies the second authentication code, generates a vector key, a fourth random parameter and a third key after the first authentication code, wherein the vector key is generated by using the first intermediate parameter and a first private key of the service station, and the third key is generated by using a second private key of the service station and the second intermediate parameter according to a DH protocol; generating an authentication vector by using the vector key, wherein the authentication vector comprises a message authentication code, an authentication response, a confidentiality key, an integrity key and a network authentication token; generating a third message, the third message comprising a fourth random parameter, an authentication vector; encrypting at least a portion of the content of the third message with a third key and producing a third authentication code; sending the third message containing a third authentication code to the client B;

The client B acquires the third message, decrypts and verifies the third authentication code, then analyzes and stores the authentication vector, generates a fourth message containing a network authentication token and sends the fourth message to the client A;

the client A acquires the fourth message, generates the vector key and calculates to obtain a message authentication code, an authentication response, a confidentiality key and an integrity key in an authentication vector; comparing the message authentication code with the network authentication token and generating a fourth authentication code by using the integrity key and the authentication response after the message authentication code and the network authentication token pass through, and generating a fifth message, wherein the fifth message comprises the authentication response encrypted by using the confidentiality key and the fourth authentication code; sending the fifth message to the client B;

the client B acquires the fifth message, compares the authentication response with the stored authentication response after decryption and generates a comparison result, and if the authentication response is equal to the authentication response, the trust confidentiality key is a session key, and the trust integrity key is an authentication key; generating a fifth authentication code by using the comparison result and the integrity key; generating a sixth message comprising a fifth authentication code encrypted with the confidentiality key and the comparison result; sending the sixth message to the client a;

And the client A acquires the sixth message, decrypts and reads the comparison result, and if the comparison result is true, the trust confidentiality key is a session key, and the trust integrity key is an authentication key.

Preferably, the service station includes a service station Qa and a service station Qb, the client a is a sub-device of the service station Qa, and the client B is a sub-device of the service station Qb;

the service station Qb acquires a second message from the client B, wherein a second key is generated by the client B according to a DH protocol by using a first private key of the client B and a first public key of the service station Qb; the first message further comprises equipment parameters of the service station Qa, and the first key is generated by the client A according to a DH protocol by using a first private key of the client A and a first public key of the service station Qa; decrypting and verifying the second authentication code, and then carrying out encrypted communication with the service station Qa to obtain a first inter-station key, so as to generate a first inter-station message, wherein the first inter-station message comprises equipment parameters of the service station Qb, and the first message and the first random parameters; encrypting and transmitting the first inter-station message to a service station Qa by using the first inter-station key;

after the first authentication code is acquired, decrypted and verified by the service station Qa, a vector key is generated by using a first intermediate parameter and a first private key of the service station Qa, the vector key is used for generating the authentication vector, and is in encrypted communication with the service station Qb to obtain a second inter-station key, a second inter-station message containing the authentication vector is generated, and the second inter-station message is encrypted and sent to the service station Qb by using the second inter-station key;

After the service station Qb obtains, decrypts and verifies, a fourth random parameter is generated, a second intermediate parameter is utilized, a fifth secret key is generated by the first private key of the service station Qb, a seventh message is generated, the seventh message comprises the fourth random parameter and the second inter-station message, and at least one part of the seventh message is encrypted by the fifth secret key; sending a seventh message to the client B;

the seventh message is used for the client a and the client B to complete AKA authentication.

Preferably, the client a and the client B are configured with a client key fob, and a service station public key pool, a client public key and a client private key of the client key fob are stored in the client key fob; the server is configured with a server key card, and a client public key pool and a server private key pool comprising client public keys are stored in the server key card.

The application also discloses a client device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the AKA key negotiation method of the quantum communication service station in the technical scheme when executing the computer program.

The application also discloses a service station device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the AKA key negotiation method of the quantum communication service station in the technical scheme when executing the computer program.

The application also discloses a quantum communication service station AKA key negotiation system based on the asymmetric key pool pair and DH protocol, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the quantum communication service station AKA key negotiation method in the technical scheme when executing the computer program; the client A and the client B are configured with client key cards, and a service station public key pool, a client public key and a client private key of the client key cards are stored in the client key cards; the server is configured with a server key card, and a client public key pool and a server private key pool comprising client public keys are stored in the server key card.

The application discloses a quantum communication service station AKA key negotiation system based on an asymmetric key pool pair and DH protocol, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the quantum communication service station AKA key negotiation method in the technical scheme when executing the computer program; the client A and the client B are configured with client key cards, and a service station public key pool, a client public key and a client private key of the client key cards are stored in the client key cards; the server is configured with a server key card, and a client public key pool and a server private key pool comprising client public keys are stored in the server key card.

The key fob in the application is an identity authentication and encryption and decryption product combining cryptography technology, hardware security isolation technology and quantum physics technology (under the condition of carrying a quantum random number generator). The embedded chip and the operating system of the key fob can provide the functions of secure storage of keys, cryptographic algorithms, and the like. Because of its independent data processing capability and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob may be protected by a hardware PIN code, which forms two necessary factors for the user to use the key fob, namely so-called "two-factor authentication", and the user may log into the system only by simultaneously obtaining the key fob and the user PIN code, which have stored the relevant authentication information. Even if the PIN code of the user is revealed, the identity of the legal user cannot be imitated as long as the key fob held by the user is not stolen; if the key fob of the user is lost, the pick-up cannot impersonate the identity of the legitimate user because the user PIN code is not known. In a word, the key fob makes the secret information such as the key not appear in the disk and the memory of the host in a plaintext form, thereby effectively ensuring the safety of the secret information.

Each member is equipped with a key fob, using which keys are stored, which is a separate hardware device, with a greatly reduced likelihood of theft of keys by malware or malicious manipulation. Meanwhile, each member utilizes a random number to combine with the asymmetric key pool to extract the public key of each member, and the public key of each member is stored in the key fob, so that the quantum computer cannot obtain the public key of the user and further cannot obtain the corresponding private key, and therefore the risk of being cracked by the quantum computer is reduced.

The quantum communication service station serving as the communication center does not need to store a plurality of large-capacity symmetric key pools, only needs to store the client public key pools, greatly saves the storage space of the quantum communication service station, and also provides convenience for key backup.

Drawings

FIG. 1 is a schematic diagram of key pool distribution of a server key fob according to the present application;

FIG. 2 is a schematic diagram of a key pool distribution of a client key fob according to the present application;

fig. 3 is a flowchart of AKA authentication in embodiment 1 where a client a and a client B are located at the same service station Q;

fig. 4 is a flowchart of AKA authentication in embodiment 2 where the client a and the client B are located at the service station QA and the service station QB, respectively.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application. The service stations in the application are all quantum communication service stations under the condition of not making special description, and all names in the application are based on the combination of letters and numbers, such as equipment parameters IDA, equipment information IDA and identity parameters IDA, wherein the IDA represents the same meaning in the following, namely the equipment parameters IDA; for example, the authentication key AK2, the message authentication key AK2, and the message authentication keys AK2, AK2 are hereinafter referred to as the same meaning, i.e., the authentication key AK2, and the remaining names are the same.

In an embodiment, the service station includes a service station Qa and a service station Qb, the client a is a sub-device of the service station Qa, and the client B is a sub-device of the service station Qb;

In an embodiment, the client a and the client B are configured with a client key fob, where a server public key pool, a client public key and a client private key of the client a and the client B are stored in the client key fob; the server is configured with a server key card, and a client public key pool and a server private key pool comprising client public keys are stored in the server key card.

In a specific implementation scenario, each parameter has various actual expression modes. For example, a first random parameter may be expressed as a true random number R0, a second random parameter may be expressed as a true random number R1, and so on; the first intermediate parameter may be expressed as a true random number xa and the second intermediate parameter may be expressed as a true random number xb; the first key may be expressed as key K1, the second key may be expressed as key K2, and so on; each parameter is essentially a string of characters generated by the device, but plays a different role in AKA, and is distinguished for ease of understanding.

The following is described in terms of specific implementations in a usage scenario:

embodiment 1 client A and client B are located at the same service station Q

System description

The scenario of this embodiment is shown in fig. 4, which includes a client a, a client B, and a quantum communication service station Q, which is simply referred to as service station Q. Both client a and client B are provided with a client key fob and quantum communication service station Q is provided with a service station key fob. The key cards are all key cards of the same batch issued by the same key management server. The ID of the client A is set as IDA, the corresponding public key is PKA, and the corresponding private key is SKA; let ID of client B be IDB, corresponding public key be PKB, and corresponding private key be SKB.

The process of negotiating the key between the client and the quantum communication service station is as follows:

the client or the quantum communication service station obtains a corresponding asymmetric key pointer P according to the key pointer random number rand and a specific asymmetric key pointer function Fp, and extracts a corresponding public key and a corresponding private key from a service station public key pool or a service station private key pool in the key card through the asymmetric key pool pointer P.

Step 1: client B initiates an identity authentication request with client A

Client B generates a true random number R0 based on a random number generator in the local key fob. Let m0=r0, the client B sends M0 to the client a with the authentication request.

Step 2: client A responds to the request

After the client A receives the data, two true random numbers xa and R1 are generated according to the random number generated by a random number generator in the local key fob, wherein xa is in the range of [1, p-1 ]]And (3) inner part. Client a calculates xa=g ^xa mod p. Client A is taken from local key fob through R1The public key PKQ1 is fetched from the public key pool of the service station, and this procedure is referred to the above key negotiation procedure. The client a takes out its own private key SKA and public key PKQ1 to calculate k1=pkq1 ^SKA mod p. The client a splits K1 into an encryption key EK1 and a message authentication key AK1. Let m1_0=xa, and the client a performs message authentication calculation on m1_0||r0 by using the message authentication key AK1 to obtain MAC (m1_0||r0, AK 1). MAC (m, k) denotes a message authentication code with m as a message and k as a key. The client a encrypts m1_0|mac (m1_0|r0, AK 1) with the encryption key ek1 to obtain { m1_0|mac (m1_0|r0, AK 1) } ek1.

Client a packages the message to get M1, can be expressed as m1=ida||idq||r1|. I { m1_0|mac (m1_0|r0, AK 1) } EK1. Client a sends M1 to client B.

Step 3: client B vector sub-communication service station Q requests authentication vector

After receiving the message, the client B parses the message to obtain IDA, IDQ, R and { m1_0|mac (m1_0|r0, AK 1) } ek1. Client B generates two true random numbers xb and R2 based on random number generation by random number generator in local key fob, where xb is in the range of [1, p-1 ] ]And (3) inner part. The client B takes out the public key PKQ2 from the service station public key pool of the local key fob through R2, and this procedure please refer to the above key agreement procedure. The client B takes out its own private key SKB and public key PKQ2 to calculate k2=pkq2 ^SKB mod p. The client B splits K2 into an encryption key EK2 and a message authentication key AK2. Client B calculates xb=g ^xb mod p. Let m2_0=m1|idb|r0|xb, and client B performs message authentication calculation on m2_0 by using message authentication key AK2 to obtain MAC (m2_0, ak2). The client B encrypts m2_0||mac (m2_0, ak2) with the encryption key ek2 to obtain { m2_0|mac (m2_0, ak2) } ek2.

Client B packages the message to get M2, can be expressed as m2= IDB R2M 2_0||mac (m2_0, ak2) } ek2. Client B sends an authentication vector request M2 to quantum service station Q.

Step 4: quantum communication service station Q returns authentication vector

After receiving the message, the service station Q parses the message to obtain IDB, R2, and { m2_0|mac (m2_0, ak2) } ek2. The service station Q takes out from the private key pool of the local key fob service station according to R2Private key SKQ2, this process refers to the key agreement process above. And the service station Q takes out the public key PKB corresponding to the client B from the client public key pool according to the IDB. The service station Q calculates k2=pkb ^SKQ2 mod p. The service station Q splits K2 into an encryption key EK2 and a message authentication key AK2.

The service station Q decrypts { m2_0|mac (m2_0, ak2) } ek2 with the encryption key ek2 to obtain m2_0 and MAC (m2_0, ak2) and verifies the message authentication code with the message authentication key. If the authentication is passed, the next step is carried out, otherwise, the AKA authentication fails.

After the verification has been passed, the verification device, service station Q analyzes M2_0 to obtain M1 IDB R0 Xb. And the service station Q obtains the client A as the equipment terminal in the self group according to the IDA and IDQ information in the M2_0.

The service station Q parses M1 to obtain IDA, IDQ, R1, R0 and { m1_0||mac (m1_0||r0, AK 1) } ek1. The service station Q takes out the private key SKQ1 from the private key pool of the local key fob service station according to R1, and the process refers to the above key agreement process, and takes out the public key PKA corresponding to the client a from the public key pool of the local key fob client according to IDA. The service station Q calculates k1=pka ^SKQ1 mod p. The service station Q splits K1 into an encryption key EK1 and a message authentication key AK1. The service station Q decrypts { m1_0|mac (m1_0|r0, AK 1) } ek1 with EK1 to obtain m1_0 and MAC (m1_0|r0, AK 1), and performs message authentication on MAC (m1_0|r0, AK 1) with AK1.

After passing the verification, the service station Q generates a true random number Ra according to a random number generator in the local key fob, and takes out a private key SKQa from a private key pool of the local key fob service station according to Ra. The server Q calculates the key k=xa ^SKQa mod p. The key K is used for the following vector calculation. The following authentication vector calculation refers to AKA authentication techniques.

Calculate Message Authentication Code (MAC): mac=f1 _K (Xa||Ra||AMF)；

Calculate the expected authentication response (XRES): xres=f2 _K (Xa||Ra)；

Calculate Confidentiality Key (CK): ck=f3 _K (Xa||Ra)；

Calculate Integrity Key (IK): ik=f4 _K (Xa||Ra)；

Network authentication token (AUTN): autn=ra|| AMF||MAC;

integration results in an authentication vector AV = XRES CK IK AUTN.

The server Q generates a true random number R3 based on the random number generated by the random number generator in the local key fob. The server Q takes out the private key SKQ3 from the private key pool of the local key fob server according to R3, and this procedure is referred to above as key agreement procedure. The service station Q obtains k3=xb by calculation ^SKQ3 mod p. The service station Q splits K3 into an encryption key EK3 and a message authentication key AK3.

The service station Q performs a message authentication algorithm on the authentication vector AV to obtain a message authentication code MAC (AV, AK 3). The service station Q encrypts the av|mac (AV, AK 3) with the encryption key EK3 to obtain { av|mac (AV, AK 3) } ek3 and transmits m3=r3||{ av|mac (AV, AK 3) } ek3 to the client B.

Step 5: client B initiates authentication challenge

After receiving the request, the client B extracts the public key PKQ3 from the public key pool of the local key fob service station according to R3, and the process refers to the above key agreement process. The client B obtains k3=pkq3 by calculation ^xb mod p. The client B splits K3 into an encryption key EK3 and a message authentication key AK3. The client B decrypts { av||mac (AV, AK 3) } ek3 with EK3 to obtain av|mac (AV, AK 3), and verifies the message authentication code MAC (AV, AK 3) with AK3. After the verification is passed, the client B analyzes the AV to obtain XRES CK IK AUTN, and the XRES CK IK is reserved in the local safe storage area. Let m4=autn, and send M4 to client a.

Step 6: client A returns an authentication response

After receiving the request, the client a extracts the public key PKQa from the public key pool of the local key fob service station according to Ra, and the process refers to the key agreement process. Client a calculates k=pkqa ^xa mod p. The client a performs the following calculation using K.

XMAC＝F1 _K (Xa||Ra||AMF)；

RES＝F2 _K (Xa||Ra)；

CK＝F3 _K (Xa||Ra)；

IK＝F4 _K (Xa||Ra)；

The client A compares the XMAC with the MAC in the AUTN, and if the same, the next step is carried out; otherwise, authentication fails. After the verification is passed, the client A performs a message authentication algorithm on the RES by using the IK to obtain a message authentication code MAC (RES, IK), and encrypts the RES I MAC (RES, IK) by using the CK to obtain { RES I MAC (RES, IK) } CK. Let m5= { res||mac (RES, IK) } CK. Client a sends M5 to client B.

Step 7: client B verifies the authentication response of client a

After receiving the message authentication code, the client B decrypts M5 by using CK to obtain RES I MAC (RES, IK), and verifies the message authentication code MAC (RES, IK) by using IK. If the verification passes, client B verifies that RES is equal to the local XRES. Rep=ok if the verification passes; conversely, rep=fail.

The client B performs a message authentication algorithm on the REP by using IK to obtain a message authentication code MAC (REP, IK), and encrypts the rep|mac (REP, IK) by using CK to obtain M6, which may be expressed as m6= { rep|mac (REP, IK) } CK. Client B sends M6 to client a. The client A decrypts and authenticates by using CK and IK and then analyzes the authentication result REP.

After the authentication is finished, the client a and the client B acquire session keys, namely an encryption key CK and a message authentication key IK.

Embodiment 2 client A and client B are located under service station QA and service station QB, respectively

System description

The scenario of this embodiment is shown in fig. 3, which includes a client a, a client B, a quantum communication service station QA, and a quantum communication service station QB, which are simply referred to as service station QA and service station QB. Both client a and client B are provided with a client key fob and quantum communication service station QA and quantum communication service station QB are provided with a service station key fob. The client a described above belongs to the quantum communication service station QA, and the client B belongs to the quantum communication service station QB. The ID of the client A is set as IDA, the corresponding public key is PKA, and the corresponding private key is SKA; let ID of client B be IDB, corresponding public key be PKB, and corresponding private key be SKB.

the client or the quantum communication service station obtains a corresponding asymmetric key pointer P according to the key pointer random number rand and a specific asymmetric key pointer function Fp, and extracts a corresponding public key or private key from a service station public key pool or a service station private key pool in the key card through the asymmetric key pool pointer P.

Step 1: client B initiates an identity authentication request with client A

The client B generates a true random number R0 based on the random number generated by the random number generator in the local key fob. Let m0=r0, the client B sends M0 to the client a with the authentication request.

Step 2: client A responds to the request

After the client A receives it, it generates two true random numbers xa and R1 according to the random number generator in the local key fob, where xa has a size in the range [1, p-1 ]]And (3) inner part. Client a calculates xa=g ^xa mod p. The client a takes out the public key PKQA1 from the service station public key pool of the local key fob through R1, which refers to the above key agreement procedure. The client side A takes out the private key SKA and the public key PKQA1 and calculates to obtain K1=PKQA1 ^SKA mod p. The client a splits K1 into an encryption key EK1 and a message authentication key AK1. Let m1_0=xa, and the client a performs message authentication calculation on m1_0||r0 by using the message authentication key AK1 to obtain MAC (m1_0||r0, AK 1). MAC (m, k) denotes a message authentication code with m as a message and k as a key. The client a encrypts m1_0|mac (m1_0|r0, AK 1) with the encryption key ek1 to obtain { m1_0|mac (m1_0|r0, AK 1) } ek1.

Client a packages the message to get M1, can be expressed as m1=ida||idqa||r1 ||{ m1_0||mac (m1_0|r0, AK 1) } EK1. Client a sends M1 to client B.

Step 3: client B vector sub-communication service station QB requests authentication vector

After receiving the message, the client B parses the message to obtain IDA, IDQA, R and { m1_0|mac (m1_0|r0, AK 1) } ek1. Client B generates two true random numbers xb and R2 based on random number generation by random number generator in local key fob, where xb is in the range of [1, p-1 ]]And (3) inner part. The client B takes out the public key PKQB2 from the service station public key pool of the local key fob through R2, and this procedure please refer to the above key agreement procedure. The client B takes out the private key SKB and the public key PKQB2 thereof, and calculates to obtain k2=pkqb2 ^SKB mod p. The client B splits K2 into an encryption key EK2 and a message authentication key AK2. Client B calculates xb=g ^xb mod p. Let m2_0=m1|idb|r0|xb, and client B performs message authentication calculation on m2_0 by using message authentication key AK2 to obtain MAC (m2_0, ak2). The client B encrypts m2_0||mac (m2_0, ak2) with the encryption key ek2 to obtain { m2_0|mac (m2_0, ak2) } ek2.

Client B packages the message to get M2, can be expressed as m2= IDB R2M 2_0||mac (m2_0, ak2) } ek2. Client B sends an authentication vector request M2 to quantum service station QB.

Step 4: quantum communication service station QB requests quantum communication service station QA

After receiving the message, the service station QB parses the message to obtain IDB, R2, and { m2_0|mac (m2_0, ak2) } ek2. The service station QB takes out the private key SKQB2 from the private key pool of the local key fob service station according to R2, and this procedure is referred to the key agreement procedure above. And the service station QB takes out the public key PKB corresponding to the client B from the client public key pool according to the IDB. The service station QB calculates k2=pkb ^SKQB2 mod p. The service station QB splits K2 into an encryption key EK2 and a message authentication key AK2.

The service station QB decrypts { m2_0||mac (m2_0, ak2) } ek2 with the encryption key ek2 to obtain m2_0 and MAC (m2_0, ak2) and verifies the message authentication code with the message authentication key. If the authentication is passed, the next step is carried out, otherwise, the AKA authentication fails.

After the verification has been passed, the verification device, service station QB analyzes M2_0 to obtain M1 IDB R0 Xb. The service station QB and the service station QA obtain an encryption key EK3 'and a message authentication key AK3' through quantum key distribution negotiation. Let M3' =idqb m1|r0, and the service station QB performs message authentication calculation on M3' by AK3' to obtain MAC (M3 ', AK3 '). The service station QB encrypts the M3 '|mac (M3', AK3 ') with the encryption key EK3' to obtain { M3 '|mac (M3', AK3 ') } EK3'.

The service station QB transmits { M3'||mac (M3', AK3 ') } EK3' to the service station QA according to the IDQA information in m2_0.

Step 5: quantum communication service station QA returns authentication vector

After receiving the request, the service station QA decrypts { M3' ||mac (M3 ', AK3 ') } EK3' by using the EK3' obtained by negotiation to obtain M3' |mac (M3 ', AK3 '), and verifies the message authentication code MAC (M3 ', AK3 ') by using AK3 '. After the verification is passed, the service station QA parses M3' to obtain IDQB, IDA, IDQA, R1, R0, and { m1_0||mac (m1_0||r0, AK 1) } ek1. The service station QA takes out a private key SKQA1 from the private key pool of the local key fob service station according to R1, and the process refers to the above key agreement process, and takes out a public key PKA corresponding to the client a from the public key pool of the local key fob client according to IDA. The service station QA calculates k1=pka ^SKQA1 mod p. The service station QA splits K1 into an encryption key EK1 and a message authentication key AK1. The service station QA decrypts { m1_0|mac (m1_0|r0, AK 1) } ek1 with EK1 to obtain m1_0 and MAC (m1_0|r0, AK 1), and performs message authentication on MAC (m1_0|r0, AK 1) with AK1.

After passing the verification, the service station QA generates a true random number Ra according to a random number generator in the local key fob, and takes out a private key SKQAa from a private key pool of the local key fob service station according to Ra. The service station QA calculates a key k=xa ^SKQAa mod p. The key K is used for the following vector calculation. The following authentication vector calculation refers to AKA authentication techniques.

Calculate Message Authentication Code (MAC): mac=f1 _K (Xa||Ra||AMF)；

Calculate the expected authentication response (XRES): xres=f2 _K (Xa||Ra)；

Calculate Confidentiality Key (CK): ck=f3 _K (Xa||Ra)；

Calculate Integrity Key (IK): ik=f4 _K (Xa||Ra)；

Network authentication token (AUTN): autn=ra|| AMF||MAC;

integration yields an authentication vector av=m4' =xres|ck|ik|autn. The service station QA negotiates with the service station QB to obtain the encryption key EK4 'and the message authentication key AK4'. The service station QA performs a message authentication algorithm on M4' to obtain a message authentication code MAC (M4 ', AK4 '). The service station QA encrypts the M4 '|mac (M4', AK4 ') with the encryption key EK4' to obtain { M4 '|mac (M4', AK4 ') } EK4' and transmits it to the service station QB.

Step 6: quantum communication service station QB forwarding authentication vector

After the service station QB receives the message authentication code, the message authentication code MAC (M4 ', AK4 ') is verified by using AK4', and decrypting { M4' |mac (M4 ', AK4 ') } EK4' with EK4' to obtain M4' |mac (M4 ', AK4 '). After passing the verification, the service station QB generates a true random number R3 based on the random number generated by the random number generator in the local key fob. The service station QB takes out the private key SKQB3 from the private key pool of the local key fob service station according to R3, and this procedure is referred to the key agreement procedure above. The service station QB obtains k5=xb by calculation ^SKQB3 mod p. The service station QB splits K5 into an encryption key EK5 and a message authentication key AK5.

The service station QB performs a message authentication algorithm on M4 'to obtain a message authentication code MAC (M4', AK 5). The service station QB encrypts the M4' |mac (M4 ', AK 5) with the encryption key EK5 to obtain { M4' |mac (M4 ', AK 5) } ek5 and transmits M5' =r3|| { M4' |mac (M4 ', AK 5) } ek5 to the client B.

Step 7: client B initiates authentication challenge

After receiving the request, the client B extracts the public key PKQB3 from the public key pool of the local key fob service station according to R3, and the process refers to the above key agreement process. The client B obtains k5=pkqb3 by calculation ^xb mod p. The client B splits K5 into an encryption key EK5 and a message authentication key AK5. The client B decrypts { M4' ||MAC (M4 ', AK 5) } EK5 by using EK5 to obtain M4' |MAC (M4 ', AK 5), and verifies the message authentication code MAC (M4 ', AK 5) by using AK5. After verification, the client B analyzes M4' to obtain XRES CK IK AUTN, and the XRES CK IK is reserved in the local safe storage area. Let M6 '=autn, and send M6' to client a.

Step 8: client A returns an authentication response

After receiving the request, the client a extracts the public key PKQAa from the public key pool of the local key fob service station according to Ra, and the process refers to the above key agreement process. Client a calculates k=pkqaa ^xa mod p. The client a performs the following calculation using K.

XMAC＝F1 _K (Xa||Ra||AMF)；

RES＝F2 _K (Xa||Ra)；

CK＝F3 _K (Xa||Ra)；

IK＝F4 _K (Xa||Ra)；

The client A compares the XMAC with the MAC in the AUTN, and if the same, the next step is carried out; otherwise, authentication fails. After the verification is passed, the client A performs a message authentication algorithm on the RES by using the IK to obtain a message authentication code MAC (RES, IK), and encrypts the RES I MAC (RES, IK) by using the CK to obtain { RES I MAC (RES, IK) } CK. Let m7= { res||mac (RES, IK) } CK. Client a sends M7 to client B.

Step 9: client B verifies the authentication response of client a

After receiving the message authentication code, the client B decrypts M7 by using CK to obtain RES I MAC (RES, IK), and verifies the message authentication code MAC (RES, IK) by using IK. If the verification passes, client B verifies that RES is equal to the local XRES. Rep=ok if the verification passes; conversely, rep=fail.

The client B performs a message authentication algorithm on the REP by using IK to obtain a message authentication code MAC (REP, IK), and encrypts the rep|mac (REP, IK) by using CK to obtain M8, which may be expressed as m8= { rep|mac (REP, IK) } CK. Client B sends M8 to client a. The client A decrypts and authenticates by using CK and IK and then analyzes the authentication result REP.

The specific limitations of the client a device, the client B device, the service station Q device, and the system may be referred to the above limitations of the quantum communication service station authentication method, and will not be described herein. The respective modules in the respective devices described above may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a service station Q, the internal structure of which may be as shown in fig. 1. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing relevant data of identity authentication. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program when executed by a processor implements a quantum communication service station AKA key agreement method based on an asymmetric key pool pair and DH protocol.

According to the above disclosed technical solution, the summary of the specific steps can obtain a quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and the DH protocol, which is implemented in the claims, and a quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and the DH protocol, which is implemented in the service station, and a quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and the DH protocol, which are implemented in the client B, so that the detailed description is omitted.

It will be appreciated by those skilled in the art that the architecture shown in fig. 1 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements may be implemented, as a particular computer device may include more or less components than those shown, or may be combined with some components, or may have a different arrangement of components.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims

1. The quantum communication service station AKA key negotiation method based on the asymmetric key pool pair and DH protocol is characterized in that a client key card is configured on the client A and the client B, and a service station public key pool, a client public key and a client private key are stored in the client key card; the service station is configured with a service station key card, a client public key pool comprising client public keys and a service station private key pool are stored in the service station key card, and the quantum communication service station AKA key negotiation method comprises the following steps:

The client B generates a first random parameter R0 and sends the first random parameter R0 to the client A;

the method comprises the steps that a client A obtains a first random parameter R0 generated by a client B and then generates a second random parameter R1, a first intermediate parameter Xa and a first secret key K1, wherein the first secret key K1 is generated according to DH protocol by using a first private key SKA of the client A and a first public key PKQ1 of a service station;

the client A splits the first secret key K1 into an encryption key EK1 and a message authentication key AK1, and sets M1_0 equal to a first intermediate parameter Xa, and the client A performs message authentication calculation on M1_0|R0 by using the message authentication key AK1 to obtain a first authentication code MAC (M1_0|R0, AK 1) which takes the message authentication key AK1 as a secret key and takes the M1_0|R0 as a message; the client A encrypts M1_0|MAC (M1_0|R0, AK1) by using an encryption key EK1 to obtain { M1_0|MAC (M1_0|R0, AK1) } EK1;

the client a generates a first message M1, m1=ida|idq|r1| { m1_0|mac (m1_0|r0, AK 1) } ek1, wherein IDA is a device parameter of the client a, IDQ is a device parameter of the service station, and R1 is the second random parameter; transmitting a first message M1 containing the first authentication code MAC (m1_0||r0, AK 1) to the client B;

the client B acquires the first message M1, generates a second intermediate parameter Xb, a third random parameter R2 and a second key K2 after decryption, and the second key K2 is generated according to DH protocol by using a first private key SKB of the client B and a second public key PKQ2 of the server;

The client B splits the second key K2 into an encryption key EK2 and a message authentication key AK2, sets m2—0 equal to m1|idb|r0|xb, the client B performs message authentication calculation on the M2_0 by using a message authentication key AK2 to obtain a second authentication code MAC (M2_0, AK2); the client B encrypts the M2_0||MAC (M2_0, AK2) by using an encryption key EK2 to obtain { M2_0|MAC (M2_0, AK2) } EK2;

the client B generates a second message M2, m2=idb|r2| { m2_0|mac (m2_0, ak2) } ek2, wherein IDB is a device parameter of the client B, and R2 is the third random parameter; transmitting said second message M2 containing said second authentication code MAC (m2_0, ak2) to a serving station;

the service station acquires a second message M2, decrypts and sequentially verifies the second authentication code M2_0|MAC (M2_0, AK2), generates a vector key K, a fourth random parameter R3 and a third key K3 after the first authentication code MAC (M1_0|R0, AK1), wherein the vector key K is generated by the service station by utilizing the first intermediate parameter Xa and the first private key SKQa of the service station, and the third key K3 is generated by the service station by utilizing the second private key SKQ3 of the service station and the second intermediate parameter Xb according to a DH protocol;

generating an authentication vector AV by using the vector key K, wherein the authentication vector AV comprises an authentication response XRES, a confidentiality key, an integrity key and a network authentication token, and the network authentication token comprises a message verification code;

Generating a third message M3, wherein M3 is equal to R3I { AV I MAC (AV, AK 3) } EK3, R3 is a fourth random parameter, AV is an authentication vector, AK3 and EK3 are respectively an encryption key and a message authentication key which are obtained by splitting a third key K3 by a service station; MAC (AV, AK 3) is a third authentication code; transmitting the third message M3 containing a third authentication code MAC (AV, AK 3) to the client B;

the client B acquires the third message M3, decrypts and verifies a third authentication code MAC (AV, AK 3), then analyzes and stores the authentication vector AV, generates a fourth message M4 containing a network authentication token, and sends the fourth message M4 to the client A;

the client A acquires the fourth message M4, generates the vector key K and calculates an authentication response RES, a confidentiality key, an integrity key and a network authentication token of the AV in the authentication vector;

comparing the message verification code of the network authentication token in the fourth message M4 with the message verification code in the network authentication token in the third message M3, if the message verification code is the same, generating a fourth authentication code MAC (RES, IK) by using the integrity key IK and the authentication response RES, and generating a fifth message M5, wherein the fifth message comprises the authentication response RES and the fourth authentication code MAC (RES, IK) encrypted by using the confidentiality key; sending the fifth message to the client B;

The client B acquires the fifth message M5, compares the authentication response RES with the stored authentication response XRES after decryption and generates a comparison result, and if the authentication response RES in the fifth message M5 is equal to the authentication response XRES in the fifth message M5, obtains a comparison result REP=OK;

the client B generates a message authentication code (REP, IK) by utilizing the integrity key in the fifth message M5 and combining the comparison result REP, encrypts the REP||MAC (REP, IK) by utilizing the confidentiality key in the fifth message M5 to obtain a sixth message M6, wherein the sixth message M6 is equal to { REP|MAC (REP, IK) } CK, the IK represents the integrity key in the fifth message M5, and the CK represents the confidentiality key in the fifth message M5; transmitting the sixth message M6 to the client a;

the client A acquires the sixth message M6, decrypts and authenticates by using CK and IK, and then analyzes to obtain a comparison result REP, and the comparison result REP is used as an authentication result.

2. A quantum communication service station AKA key agreement system based on an asymmetric key pool pair and DH protocol, comprising a memory and a processor, said memory storing a computer program, characterized in that said processor, when executing said computer program, implements the steps of the quantum communication service station AKA key agreement method of claim 1.