CN114500040B - Safe and efficient communication method based on cryptographic algorithm and implementation thereof - Google Patents
Safe and efficient communication method based on cryptographic algorithm and implementation thereof Download PDFInfo
- Publication number
- CN114500040B CN114500040B CN202210082482.4A CN202210082482A CN114500040B CN 114500040 B CN114500040 B CN 114500040B CN 202210082482 A CN202210082482 A CN 202210082482A CN 114500040 B CN114500040 B CN 114500040B
- Authority
- CN
- China
- Prior art keywords
- initiator
- responder
- key
- party
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a safe and efficient communication method based on a national cryptographic algorithm and implementation thereof, wherein an A initiator and a B responder comprise the following steps: an initial handshake message sent to a B response party by an A initiator, wherein a temporary public key of the A initiator is safely transmitted to the B response party in an asymmetric encryption mode, and the A initiator is safely transmitted to a B end in a symmetric encryption mode through an identity identification of a fixed public key; in response to the handshake, the B-party feeds back a response signal to the a-party, the B-party's temporary public key is transmitted to the a-party in an encrypted manner, and the B-party uses key agreement to generate a session key: the method comprises the steps of data communication, wherein an A initiator and a B responder start normal data communication through a session key which is regularly negotiated, and the method is used for various real-time or non-real-time interaction scenes, duplex or half-duplex communication processes and long-connection or short-connection application modes. The communication process is optimized, unnecessary negotiations are reduced, and the application scene of the cryptographic algorithm is enriched.
Description
Technical Field
The invention belongs to the technical field of safe and efficient communication protocols, and particularly relates to a safe and efficient communication method based on a national encryption algorithm and implementation thereof.
Background
In various security communication protocols at the present stage, frequent handshake process generally exists, a large amount of negotiation content is involved, and waste of communication resources is caused, especially in some scenes with shortage of communication resources.
In the optimized communication process, the content of more handshakes and negotiations should be determined by configuration or standards at the application level, etc., and the communication level should only retain the most critical content. In addition, the practical application of the communication protocol of the foreign cryptographic algorithm, such as IPSEC/SSLVPN, the Transport Layer Crypto Protocol (TLCP) has related standards and practical applications, but there is also a waste of communication resources, and the practical application is limited to TCP or UDP.
Disclosure of Invention
The invention aims to provide a safe and efficient communication method based on a national cryptographic algorithm and implementation thereof, and the safe and efficient communication method based on the national cryptographic algorithm is realized, wherein at most one Round Trip Time (RTT) interaction process is used, communication data can be carried in a first RTT return message according to actual conditions, handshake is completed, a session is established, and safe, efficient and reliable data transmission can be performed based on the session, so that the problems in the background technology are solved.
In order to achieve the above purpose, the invention adopts the following technical scheme: a safe and efficient communication method based on a national cryptographic algorithm and implementation thereof, comprising an A initiator and a B responder, comprises the following steps:
s1, initial handshake, wherein an A initiator sends an initial handshake message to a B responder, a temporary public key of the A initiator is safely transmitted to the B responder in an asymmetric encryption mode, and the A initiator is safely transmitted to a B end in a symmetric encryption mode through an identity mark of a fixed public key;
s2, responding to handshake, wherein the B responder feeds back a response signal to the A initiator, the temporary public key of the B responder is transmitted to the A initiator in an encrypted mode, and the B responder uses key negotiation to generate a session key;
s3, data communication, wherein the A initiator and the B responder start normal data communication through a session key which is regularly negotiated.
Preferably, the identity confirmation element of the a initiator in S1 is securely transmitted to the B responder in combination with the unique characteristic of the timestamp.
Preferably, in S1, when the creating key is overtime by the a initiator and the B responder does not respond, the a initiator re-initiates the handshake.
Preferably, in S1, the initiator a may initiate an initial hold message only once within a time of each time of creating the key timeout, and discard the retry after creating the key timeout multiple times.
Preferably, in the step S2, the B responder and the a initiator are provided with a time interval with a heartbeat timeout, the a initiator and the B responder do not send messages to the peer within the time with the heartbeat timeout, and when no messages can be sent, the a initiator and the B responder can both perform communication connection by sending empty data packets after the time interval with the heartbeat timeout, and according to the requirement of the upper layer application of the communication, the two parties can terminate the session and release resources after the upper layer application identifies the communication of session termination.
Preferably, after the a initiator and the B responder in S2 send the encrypted data packet, and after the time of the heartbeat timeout+the creation key timeout+the random jitter, a new handshake is newly initiated if no response is received.
Preferably, after the first initiator B of the a initiator receives the message in S1 and after the session key usage time > = update key time-heartbeat timeout time-create key timeout time, the first initiator of the a initiator re-initiates a handshake and attempts to update the session key with the B responder.
Preferably, after the first sending of the data packet by the a initiator in S1, and the session key usage time > =update key time, the a initiator first initiates a handshake with the B responder again.
The invention provides a safe and efficient communication method based on a national cryptographic algorithm and an implementation thereof, and compared with the prior art, the invention has the beneficial effects that:
1. the initial handshake message sent to the B response party by the A initiation party is sent to the B response party by the A initiation party, the temporary public key of the A initiation party is safely transmitted to the B response party by an asymmetric encryption mode, the A initiation party is safely transmitted to the B end by an identity identification of a fixed public key by a symmetric encryption mode, the communication process is compressed in at most one RTT, privacy protection of both communication parties is additionally provided, forward confidentiality is guaranteed, the communication system is suitable for various communication scenes, communication resources are saved, and the safety of the communication system is enhanced.
2. After the first initiating party of the A initiating party receives the message and after the session key using time > = updating key time-heartbeat timeout time-creating key timeout time, the first initiating party of the A initiating party re-initiates a handshake and tries to update the session key with the B responding party, after the first sending party of the A initiating party sends a data packet and the session key using time > = updating key time, the first initiating party of the A initiating party re-initiates a handshake with the B responding party, so that the communication method is suitable for various real-time or non-real-time interaction scenes, duplex or half-duplex communication processes and long-connection or short-connection application modes, optimizes the communication process, reduces unnecessary negotiation and enriches the application scene of a national encryption algorithm.
Drawings
FIG. 1 is a schematic diagram of the normal communication process between an A initiator and a B responder according to the present invention;
FIG. 2 is a schematic diagram of a session lifecycle management communication process of the present invention;
fig. 3 is a schematic diagram of the time length of a timeout node in the life-cycle management process of the session according to the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. The specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in fig. 1 to 3, the invention provides a secure and efficient communication method based on a cryptographic algorithm and implementation thereof, wherein the secure and efficient communication method comprises an initiator a and a responder B, and the secure and efficient communication method comprises the following steps:
s1, initial handshake, wherein an A initiator sends an initial handshake message to a B responder, a temporary public key of the A initiator is safely transmitted to the B responder in an asymmetric encryption mode, the A initiator is safely transmitted to the B end in a symmetric encryption mode through an identity mark of a fixed public key, an identity confirmation element of the A initiator is safely transmitted to the B responder by combining with the unique characteristic of a time stamp, the A initiator creates a key timeout, the B responder does not respond, the A initiator re-initiates handshake, the A initiator can only initiate the initial handshake message within the time of creating the key timeout each time, and retries are abandoned after the key timeout is created for a plurality of times;
s2, responding to handshake, wherein a response signal of an A initiator is fed back by a B responder, a temporary public key of the B responder is transmitted to the A initiator in an encrypted mode, a session key is generated by the B responder through key negotiation, a heartbeat timeout time interval is arranged between the B responder and the A initiator, the A initiator and the B responder do not send messages to a peer in the heartbeat timeout time, when no messages can be sent, an empty data packet is sent after the heartbeat timeout time interval to maintain communication connection, both the A initiator and the B responder can perform, according to the requirement of the upper-layer application of the communication, after the upper-layer application identifies the communication of session termination, both the session termination and release resources, after the A initiator and the B responder send the encrypted data packet, and after the time of the heartbeat timeout + the creation of the key timeout + the random jitter, a new handshake is restarted after no response is received;
s3, data communication is carried out, wherein the A initiator and the B responder start normal data communication through a session key which is regularly negotiated, after the A initiator firstly initiates the B responder to receive a message, and after the session key using time > = updating key time-heartbeat timeout time-creating key timeout time, the A initiator firstly initiates handshake again and tries to update the session key with the B responder, after the A initiator firstly sends a data packet, and the session key using time > = updating key time, the A initiator firstly initiates handshake with the B responder again.
The communication method involves the following algorithm:
SM2/9 public key encryption algorithm, SM2/9 key exchange protocol, SM3 cryptographic hash algorithm, HMAC message authentication code (RFC 2104), HKDF key derivation algorithm (RFC 5869), SM4 packet symmetric encryption algorithm, GCM authenticatable encryption mode, ZUC sequence cipher algorithm, TAI64N international real-time standard, PKCS7Padding data stuffing algorithm (RFC 5652), etc.
The communication process involves both sides A, B, wherein party B can also be replaced by party a, e.g. the data sent by party a can then be decrypted and extracted by party a.
The communication process needs to define a protocol name in advance according to the selected algorithm, for example, the protocol name can be defined as 'rtt1_sm2_sm4gcm_sm3_psk 2_key', the value participates in HASH calculation, and the method is described by taking this as an example.
Wherein, RTT1 identifies the round trip delay RTT number of the negotiation process is 1; the pre-shared key (PSK) is optionally 0,1,2, respectively representing that PSK is not used, calculation is participated in the communication content sent from a to B, and calculation is participated in the communication content returned from B to a; the KEY/CERT in the last position indicates that public KEY information in the transmission process uses public KEY original text or public KEY certificate respectively. The remaining algorithm positions may be replaced with the same functional algorithm, such as "rt1_sm9_sm4ccmjsm3_psk 1_cert".
1. Both a (initiator) and B (responder) should initialize the following information:
a (initiator): APri, APub, AID, BPub, BID, PSK
B (responder): BPri, BPub, BID, PSK
TIPS: MSG is a transmitted message class, pri represents a private key, pub represents a public key, temp represents a temporary generation, and ChainKey is a set of mutually associated keys. I represents concatenation, i represents or, offset represents the Offset.
2. The contents of both communication of a (initiator) and B (responder) are described as follows:
as shown in fig. 1, 101 identifies: the A end/B end of both communication sides is in a peer-to-peer relationship, or a client server mode; when in peer-to-peer relationship, the first initiator needs to be clarified; in the client server mode, the client is the first initiator;
as identified at 102 in fig. 1: the initial handshake message sent by a (initiator) to B (responder) is calculated as follows:
msg.messagetype=0x01# message type
MSG.ProtocolVersionWithCiphersite= {0x01,0x01 } # protocol version and algorithm suite
Search identifier for both msg.senderrandom index=littale_ ENDIAN (ARandomIndex) # communication parties
TIPS random index is updated each time the key is handshaking and updated.
(ATempPri,ATempPub)=SM2_KEYPAIR()
Msg.encryptedatemppb=sm2_encrypt (BPub, atemppb) # encrypted temporary public key
ChainKey1=Hash1=HASH(ProtocolName)
Hash2=HASH(ChainKey1||BPub||BID)
Hash3=HASH(Hash2||ATempPub)
(ChainKey2||KEY1||KEY2)=HKDF(ChainKey1,ATempPub)
Msg.encryptedapubwithaid=sm4gcm_encypt (KEY 1,0, apub aidwithnodding, hash 3)) # encrypted fixed public KEY
TIPS-APub can be replaced with actrt if the communication type is "CERT".
TIPS (KEY 2 KEY1 KEY 2) =HKDF (HKDF (ChainKey 1, atempPub)) and PSK should be adjusted to PSK1
Hash4=HASH(Hash3||MSG.EncryptedAPubWithAID)
TAI64NTimeStamp=SM2_SIGN(TAI64N,APri,AID)
Msg.encryptedtimestamp=sm4gcm_encypt (KEY 2,1, tai64n||tai64 ntiimestamp, hash 4)) # encrypted timestamp
Hash5=HASH(Hash4||MSG.EncryptedTimestamp)
Msg.weamac1=hmac (HASH (Bpub BID), a message authentication code scheme with weak MSG [0:offset (msg.mac1) ]) # is weak
MSG.MAC2=[0..]|HMAC(A.ReceivedCookie,MSG[0:Offset(MSG.MAC2)])
As identified at 103 in fig. 1: the response handshake message fed back to A (initiator) by B (responder) is calculated as follows:
MSG.MessageType=0x02
MSG.ProtocolVersionWithCipherSuite={0x01,0x01,0x01}
MSG.SenderRandomIndex=LITTLE_ENDIAN(BRandomIndex)
MSG.ReceiverRandomIndex=LITTLE_ENDIAN(ARandomIndex)
(BTempPri,BTempPub)=SM2_KEYPAIR()
msg. btemppub=btemppub (default)
EncryptaedBTemmpPub=S2_ENCRYPT (APub, BTemmpPub) (one of two alternatives)
Hash6=HASH(Hash5||BTempPub)
ChainKey3=HKDF(ChainKey2,BTempPub)
ChainKey4=HKDF(ChainKey3,SM2_EXCHANGEKEY(BPri,BTempPri,BID,APub,ATempPub,AID))
(ChainKey5||TempKey||Key3)=HKDF(ChainKey4,PSK)
(BReceivingKey||BSendingKey)=HKDF(ChainKey5,NULL)
TIPS:AReceivingKey==BSendingKey;ASendingKey==BReceivingKey
BSendingKeyCounter=BReceivingKeyCounter=0
TIPS:ASendingKeyCounter=AReceivingKeyCounter=0
Hash7=HASH(Hash6||TempKey)
MSG.EncryptedNothingOrRequisite=SM4GCM_ENCRYPT(Key3,0,[0...|RequisiteDataWithLength],Hash7)
TIPS, securely negotiates and validates session keys and may carry communication information.
Msg.strongmac3=hmac (HASH (atemppb AID), MSG [0:offset (msg.mac3) ]) # strong message authentication code scheme
MSG.MAC4=[0..]|HMAC(B.ReceivedCookie,MSG[0:Offset(MSG.MAC4)])
As identified at 104 in fig. 1: b (response party) can increase delay identification when needing to delay feedback to A (initiator) because of performance or safety requirement, etc., the communication content calculation mode is as follows:
MSG.MessageType=0x03
MSG.ProtocolVersionWithCipherSuite={0x01,0x01,0x01}
MSG.ReceiverRandomIndex=LITTLE_ENDIAN(ARandomIndex)
MSG.Nonce=RANDOM(24)
Cookie=HMAC(KeyWithExpireTime,ACharacteristic.IPForExample)
msg.encryptedcookie=sm4gcm_encypt (HASH (bpub||bid), msg.nonce, cookie, weakMAC 1) # delay identity
As identified at 105 in fig. 1: the normal data communication is started between the A (original initiator) and the B (original responder), and the communication content is calculated as follows:
MSG.MessageType=0x04
MSG.ProtocolVersionWithCipherSuite={0x01,0x01,0x01}
MSG.ReceiverRandomIndex=LITTLE_ENDIAN(OtherRandomIndex)
msg.counter=littale_endian (mysendingkeycounter++) communication double counter (send and receive)
TIPS, wherein the two communication parties combine with Counter counters, and the goal of high-efficiency communication is realized through a sliding window algorithm.
MSG.EncryptedData=SM4GCM_ENCRYPT(MySendingKey,MySendingKeyCounter,DataWithLengthWithPadding,[0...])。
Finally, it should be noted that: the foregoing description is only illustrative of the preferred embodiments of the present invention, and although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described, or equivalents may be substituted for elements thereof, and any modifications, equivalents, improvements or changes may be made without departing from the spirit and principles of the present invention.
Claims (3)
1. The safe communication method based on the cryptographic algorithm comprises an A initiator and a B responder, and is characterized by comprising the following steps:
s1, initial handshake, wherein an A initiator sends an initial handshake message to a B responder, a temporary public key of the A initiator is safely transmitted to the B responder in an asymmetric encryption mode, and the A initiator is safely transmitted to a B end in a symmetric encryption mode through an identity mark of a fixed public key;
the identity confirmation element of the initiator A is safely transmitted to the responder B by combining the unique characteristic of the timestamp;
when the A initiator creates the overtime of the secret key, the B responder does not respond, and the A initiator reinitiates the handshake;
the A initiator can only initiate an initial handshake message within the time of overtime of each time of creating the secret key, and abandon retry after overtime of creating the secret key for many times;
s2, responding to handshake, wherein the B responder feeds back a response signal to the A initiator, the temporary public key of the B responder is transmitted to the A initiator in an encrypted mode, and the B responder uses key negotiation to generate a session key;
the method comprises the steps that a heartbeat timeout time interval is set between a response party B and an initiation party A, the initiation party A and the response party B do not send messages to a peer in the heartbeat timeout time, when no messages can be sent, an empty data packet is sent after the heartbeat timeout time interval to maintain communication connection, both the initiation party A and the response party B can perform communication, and according to the requirement of the upper-layer application of the communication, after the upper-layer application identifies the communication of session termination, both the parties terminate the session and release resources;
after the A initiator and the B responder send the encrypted data packet, and after the time of the heartbeat timeout, the time of the creation key timeout and the time of the random jitter, a new handshake is restarted if no response is received;
s3, data communication, wherein the A initiator and the B responder start normal data communication through a session key which is regularly negotiated.
2. The secure communication method based on the cryptographic algorithm as in claim 1, wherein: after the first message initiated by the a initiator in S1 is received by the B responder, and after the session key usage time > = update key time-heartbeat timeout time-create key timeout time, the a initiator re-initiates a handshake and tries to update the session key with the B responder.
3. The secure communication method based on the cryptographic algorithm as in claim 1, wherein: after the data packet is first sent by the a initiator in S1, and the session key usage time > =update key time, the a initiator re-initiates a handshake with the B responder.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210082482.4A CN114500040B (en) | 2022-01-24 | 2022-01-24 | Safe and efficient communication method based on cryptographic algorithm and implementation thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210082482.4A CN114500040B (en) | 2022-01-24 | 2022-01-24 | Safe and efficient communication method based on cryptographic algorithm and implementation thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114500040A CN114500040A (en) | 2022-05-13 |
| CN114500040B true CN114500040B (en) | 2023-09-19 |
Family
ID=81473934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210082482.4A Active CN114500040B (en) | 2022-01-24 | 2022-01-24 | Safe and efficient communication method based on cryptographic algorithm and implementation thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500040B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789042A (en) * | 2017-02-15 | 2017-05-31 | 西南交通大学 | User in IBC domains accesses the authentication key agreement method of the resource in PKI domains |
| CN111385289A (en) * | 2020-02-26 | 2020-07-07 | 平安科技(深圳)有限公司 | Method, device and storage medium for secure handshake between client and server |
| US10903990B1 (en) * | 2020-03-11 | 2021-01-26 | Cloudflare, Inc. | Establishing a cryptographic tunnel between a first tunnel endpoint and a second tunnel endpoint where a private key used during the tunnel establishment is remotely located from the second tunnel endpoint |
| CN112600667A (en) * | 2020-11-25 | 2021-04-02 | 广东电网有限责任公司电力科学研究院 | Key negotiation method, device, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170163607A1 (en) * | 2015-12-03 | 2017-06-08 | Microsoft Technology Licensing, Llc | Establishing a Communication Event Using Secure Signalling |
-
2022
- 2022-01-24 CN CN202210082482.4A patent/CN114500040B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789042A (en) * | 2017-02-15 | 2017-05-31 | 西南交通大学 | User in IBC domains accesses the authentication key agreement method of the resource in PKI domains |
| CN111385289A (en) * | 2020-02-26 | 2020-07-07 | 平安科技(深圳)有限公司 | Method, device and storage medium for secure handshake between client and server |
| US10903990B1 (en) * | 2020-03-11 | 2021-01-26 | Cloudflare, Inc. | Establishing a cryptographic tunnel between a first tunnel endpoint and a second tunnel endpoint where a private key used during the tunnel establishment is remotely located from the second tunnel endpoint |
| CN112600667A (en) * | 2020-11-25 | 2021-04-02 | 广东电网有限责任公司电力科学研究院 | Key negotiation method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114500040A (en) | 2022-05-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108650227B (en) | Handshaking method and system based on datagram secure transmission protocol | |
| US9094206B2 (en) | Method and system for secure session establishment using identity-based encryption (VDTLS) | |
| US6965992B1 (en) | Method and system for network security capable of doing stronger encryption with authorized devices | |
| US7234063B1 (en) | Method and apparatus for generating pairwise cryptographic transforms based on group keys | |
| Li et al. | iTLS: Lightweight transport-layer security protocol for IoT with minimal latency and perfect forward secrecy | |
| CN107104977B (en) | Block chain data secure transmission method based on SCTP | |
| EP1374533B1 (en) | Facilitating legal interception of ip connections | |
| Lavanya et al. | Lightweight key agreement protocol for IoT based on IKEv2 | |
| US7222234B2 (en) | Method for key agreement for a cryptographic secure point—to—multipoint connection | |
| CN113364811B (en) | Network layer safety protection system and method based on IKE protocol | |
| US20220263811A1 (en) | Methods and Systems for Internet Key Exchange Re-Authentication Optimization | |
| KR20180130203A (en) | APPARATUS FOR AUTHENTICATING IoT DEVICE AND METHOD FOR USING THE SAME | |
| US11637699B2 (en) | Rollover of encryption keys in a packet-compatible network | |
| Kaufman et al. | Rfc 7296: Internet key exchange protocol version 2 (ikev2) | |
| CN108040071B (en) | Dynamic switching method for VoIP audio and video encryption key | |
| CN114500040B (en) | Safe and efficient communication method based on cryptographic algorithm and implementation thereof | |
| Tiloca | Efficient protection of response messages in DTLS-based secure multicast communication | |
| CN115296803A (en) | Key agreement method, device, medium and electronic equipment | |
| Bala et al. | Separate session key generation approach for network and application flows in LoRaWAN | |
| Eronen et al. | Internet key exchange protocol version 2 (IKEv2) | |
| Gagneja et al. | IoT Devices with Non-interactive Key Management Protocol | |
| WO2009149579A1 (en) | Secure communication method and apparatus based on ibe algorithm in the store and forward manner | |
| US20220255911A1 (en) | Method for Secure Communication and Device | |
| Jennings et al. | RFC 8870: Encrypted Key Transport for DTLS and Secure RTP | |
| Andersson et al. | Evaluation of Key Management Protocols and Their Implementations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |