CN1617484A - Two-way communication method using secrete key - Google Patents
Two-way communication method using secrete key Download PDFInfo
- Publication number
- CN1617484A CN1617484A CN 200310116510 CN200310116510A CN1617484A CN 1617484 A CN1617484 A CN 1617484A CN 200310116510 CN200310116510 CN 200310116510 CN 200310116510 A CN200310116510 A CN 200310116510A CN 1617484 A CN1617484 A CN 1617484A
- Authority
- CN
- China
- Prior art keywords
- key
- recipient
- transmit leg
- encryption
- secret data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
A communication ciphered cryptographic key exchange method includes: at the sending part utilizing shared secret data to cipher the generatech a cryptographic key plugging the ciphered key into the beginning ciphered signal, sending the beginning signal to the receiving end, at the receiving part, receiving the ciphered key, utilizing the shared secret data to generate cryptographic key, utilizing the shared secret data to decipher the cryptographic key and comparing the generated cryptographic key with the deciphered one.
Description
Technical field
The present invention relates to a kind of method at the key (secret key) that the exchange encrypt two-way communication is used between transmit leg and the recipient arbitrarily.More specifically, relate to a kind of like this method, promptly beginning two-way communication arbitrarily between transmit leg and the recipient or under the state of two-way communication well afoot, when preparing to begin to encrypt in order to carry out coded communication, be used to notify the encryption commencing signal of encrypting beginning by transmission primaries, safely the key used of exchange encrypt two-way communication.
Background technology
Generally speaking, in order to encrypt, the key that needs transmit leg and recipient to know jointly uses such key, carries out the information that will communicate by letter or the encryption and the deciphering of data.
Fig. 1 illustrates the formation that has common key generating device now.As shown in Figure 1, existing key generating device is by randomizer 101 with use the one time key maker 102 that generates one time key from the random number x of this randomizer 101 outputs to constitute.Utilize this key generating device, generate one time key and carry out coded communication, in each connection of removing this communication, and carry out new connection the time, can generate new key and carry out coded communication.
The randomizer 101 of Fig. 1 produces random number x randomly, and the random number x that is produced according to the linearity or the nonlinear function of one time key maker 102, generates key K (x).The confidence level of the key K (x) that is generated by one time key maker 102 or stability are mainly by the randomness decision of random number x.That is, as long as be designed at moment t
1The key K that generates
1(x) with at moment t
2The key K that generates
2(x) do not have correlation between fully, its stability just can be trusted.
High under can the situation of safing degree in the randomness of the random number that randomizer 101 produces, one time key maker 102 can be omitted, the output x former state of randomizer 101 is used for encrypting.
Generally in order between a plurality of users, to carry out coded communication, before carrying out coded communication, must (1) have safely in advance with " master key " (master secret key), " one time key " that will use this " master key " to encrypt exchanges between two users, perhaps (2) utilize as public-key cryptography (public key) cryptographic algorithm (perhaps asymmetric key algorithm), the 3rd certification authority that utilization is taken care of and authenticated key, exchange encrypt needed " key ".
That is, before exchange of encryption information, the exchange of must going ahead of the rest between the user is used for the key used of information encryption with exchange.
The one time key K (x) that is generated by key generator shown in Figure 1 102 uses like this: utilizing total master key to encrypt the back transmission in advance; Perhaps as DH (Diffie-Hellman), SSL (Secure Socket Layer) agreement, transmit in the public-key cryptography mode; Perhaps as Kerberos, help to carry out the mode of cipher key change by central office; Perhaps the security protocol by other exchanges between the user, to the information encryption that will exchange, thereby can communicate by safety belt.
But, under the situation of above-mentioned (1), there is such problem, promptly under the situation that the equipment of built-in " master key " is stolen, perhaps one of them people of user divulges master key mala fide under the situation as the third party's robber hearer, from stealing the information of listening the communication between the user (A, B) and obtaining, can find out " one time key " total between the user, enciphered message can be deciphered with it.
Same under the situation of above-mentioned (2), the cipher mode that uses is the public-key cryptography mode (unsymmetrical key mode) that differs from one another if not encryption key and decruption key, then can not use, even suppose to use the public-key cryptography mode, certification authority the third party does not constitute under the situation of foundation structure (infrastructure), can not use, even under situation about can use, also exist the certification authority that comprises the third party to be attacked (hacking), the perhaps problem of the possibility of key being leaked because the internal staff's of the third party's certification authority malice is assisted.
No. the 6th, 215,878, U.S. Patent bulletin and the 6th, 038, No. 322 (applicant: Cisco Technology Inc, denomination of invention: disclose such method the group key distribution method), promptly the key holder will be used for the group member that encrypted secret key is distributed to hope.Such method is disclosed in these U.S. Patent bulletins: as the key holder of the main body of distributing key and the group member that receives key with secret key encryption and exchange, at this moment, exchange comprises about the special information of self information, temporal information, mixing (mixing) function or digital sine (digitalSin) separately determines the other side, by confirming that this other side is group member or the key holder who wishes, thus interchange key that can safety.
But, even adopt invention disclosed in the above-mentioned U.S. Patent bulletin the 6th, 215, No. 878 and the 6th, 038, No. 322, under the situation of people's malice in the group member with the leakage of information of self, still there is the possibility of leaking key, if steal the communication of listening between key holder and the group member, then use the key that leaks, enciphered message can be deciphered, so still exist the problem of fail safe.
Summary of the invention
The key exchange method that the object of the present invention is to provide a kind of coded communication to use between a plurality of users of built-in one time key or master key generating apparatus, can safingly be communicated by letter.
The key exchange method that provides a kind of coded communication to use is provided another object of the present invention, by the total secret data of a plurality of users, in the environment of these user's communications, even " one time key " that the third party's robber hearer can not predict under the situation of or inner person's stolen at generation equipment in the exchange of safety between two the user assistance, thereby carry out coded communication.
Key exchange method of the present invention is characterized in that, comprises the following step:
At transmit leg, utilize total secret data to generate the step of key;
At described transmit leg, with the step of the secret key encryption of described generation;
At described transmit leg, the described key of having encrypted is inserted into the step of encrypting in the commencing signal;
At described transmit leg, the encryption commencing signal that has inserted the described key of having encrypted is sent to recipient's step;
Described recipient, receive the step of the described key of having encrypted;
Described recipient, utilize the total secret data identical to generate the step of key with described transmit leg;
Described recipient, utilize described total secret data, with the step of secret key decryption described reception, that encrypted; And
Described recipient, the step of the key of more described generation and the described key of having deciphered.
In addition, according to key exchange method of the present invention, be with transmit leg and recipient in advance secure exchange be prerequisite based on the total secret data of user's environment and the generation method of the outside key that can't find.At transmit leg and reciever not under the situation at same environment, even the third party's robber hearer can know the total secret data that aforesaid transmit leg and recipient are total in advance and the generation method of key, steal to listen or receive " the encryption commencing signal " of transmit leg, the identical key of key that the third party's robber hearer also can't generation exchanges with transmit leg and recipient.
Description of drawings
Fig. 1 is the pie graph that expression has the device of common generation key now;
Fig. 2 is the pie graph of the key generating device of expression one embodiment of the invention;
Fig. 3 is the frame assumption diagram of the encryption commencing signal of expression one embodiment of the invention;
Fig. 4 a and Fig. 4 b are the flow charts that is used to illustrate the one time key generation method of one embodiment of the invention;
Fig. 5 is the flow chart that is used to illustrate key exchange method of the present invention.
Embodiment
Further describe embodiments of the invention with reference to the accompanying drawings.
Fig. 2 represents the formation of the key generating device of one embodiment of the invention.
In order to utilize key exchange method interchange key of the present invention, replace the randomizer 101 of existing general generation random number x so shown in Figure 1, input is generated key by the random number x of these randomizer 101 generations one time key maker 102, with transmit leg and recipient whether total in advance or make an appointment, the inscrutable characteristic information of the third party such as variation in time, the total secret data z that promptly total secret data maker 201 produces uses as input, thereby generates one time key.
The total secret data z that total secret data maker 201 produces is under the situation that begins to encrypt between transmit leg and the recipient, and only transmit leg and recipient know, based on user's environment, the inscrutable information of the third party of variation in time etc. constitutes.As the feature of so total secret data indispensability, even user's environment of transmit leg and recipient's mutual both sides is different slightly, these data also must change.
As the total secret data z that total secret data maker 201 produces, for example use special time data (Timestamp), transmit leg or recipient's that only transmit leg and recipient understand telephone number or IP address etc.
If the total secret data that user's environment difference then can be not identical, can not steal as the third party's robber hearer and to listen an one time key of between transmit leg and recipient, encrypting, stealing the encryption one time key of having listened can be not decrypted yet.
This total secret data z offers as input and generates one time key K
T(z) one time key maker 202.One time key maker 202 comprises the generation one time key K by the total secret data z distortion that will import
T(z) linearity of usefulness or nonlinear function or generating one time key K from total secret data z
TThe means that the data manipulation of a plurality of steps that the arbitrary function of making an appointment between transmit leg (z) and the recipient, displacement (substitution) or the exchange third parties such as (permutation) can not easily predict constitutes.
Utilize this key generator of the present invention 202, even transmit leg and recipient can not have one time key encrypted in employed master key, the foundation structure (infrastructure) of public-key cryptography mode perhaps can not be set, perhaps can not use under the environment of other security protocol, as long as only total safely in advance key generation method of transmit leg and recipient or algorithm just can be communicated by letter between two people's the user arbitrarily safely.
Arbitrarily between transmit leg and the recipient, under the situation of beginning two-way communication or two-way communication well afoot,, to encrypt the moment that will begin in order to carry out coded communication, exchange is used for notifying " the encryption commencing signal " of encrypting beginning to the other side., it is encrypted and be inserted in this encryption commencing signal to encrypt needed one time key later on.
When after cutting off communication, connecting once more, generate new one time key and between transmit leg and recipient, exchange, afterwards, carry out the communication of information or data by above-mentioned process.
Fig. 3 is the frame structure of the encryption commencing signal 300 of expression one embodiment of the invention.
The encryption commencing signal of Fig. 3 comprises: the frame head 301 of the essential information of record frame, the notice of making an appointment are encrypted the encryption that begins usefulness and are begun pattern (pattern) 302, utilize one time key 303, the postamble 304 self encrypted.
The information that it will be appreciated by those skilled in the art that in above-mentioned frame head 301, the postamble 304 record may be according to the kind of respective communication such as cdma communication, the Internet and difference, frame structure as shown in Figure 3 also according to the kind of communicating by letter with agreement and different.
Transmit leg and recipient only total in advance about use what data as total secret data, the information that whether constitutes the algorithm of function, displacement or the exchange etc. that contain one time key maker 202 etc. gets final product.
The total secret data of making an appointment in utilization, by the algorithm or the such one time key generation method of function of making an appointment, generate in the process of one time key, aforementioned total secret data is according to user's environment and difference, so even the third party's robber hearer knows the generation method and the total secret data of one time key, perhaps the generation method of one time key and total secret data are leaked into the outside by malice, in fact also can't find the one time key that is used to encrypt that is generated by the user.
That is, the one time key that is used to encrypt, only communicating by letter now or prepares communication the other side and with the condition of the same environment of this adversary's environment facies under can generate.
Fig. 4 a and Fig. 4 b are the views that is used to illustrate the one time key generation method of one embodiment of the invention.
With reference to Fig. 4 a, in (1), the sender-selected basic schema that generates as key and 16 bit patterns arbitrarily that use.
This basic schema can be exchanged in advance, be taken care of respectively according to embodiment by transmit leg and recipient, also can determine to generate the program and the algorithm of this pattern, also can arrange with the form in date or year.That is,,, can use any method as long as both know it is identical pattern as the basic schema that is used to generate key.The size of pattern also can be out of shape arbitrarily according to kind of communicating by letter and needs with kind.
In this embodiment, as total secret data, use special time (timestamp) and recipient's 4 of telephone number end.
(2) in, 4 of the telephone number of selective reception side end position.
(3) in, 4 of recipient's telephone numbers are carried out the XOR computing to initial 4 and last 4 of the pattern of (1).
(4) in, suppose that time that will begin to encrypt is " 02: 13: 05 ", then utilize " 02 " of temporal information wherein and be shifted 2 to the right that the position of vacating adds 1.
(5) in, utilize " 05 second " in the temporal information, playing the 5th 0 with the left side of the pattern 1101010101001111 of (4) is the center, and 4 1101 of left side are carried out convolution (folding) with the right side.That is, 4 1101 of left side and 4 1101 of right side are carried out the XOR computing, replace 4 1101 of right side with its result 0111.
(6) in, utilize " 13 minutes (1101) " in the temporal information, with 1101 with the pattern addition of (5).
(7) in, with the result of addition as one time key.
(8) in, utilize known self, by the whole bag of tricks such as known data manipulation, displacement, exchanges, the one time key of (7) is encrypted, wherein, can be used as method that decruption key uses, be that key mode (symmetric-key mode) is encrypted with one time key self.
Afterwards, be inserted into encryption commencing signal shown in Figure 3 and be transferred to the recipient.
The method of using the total secret data shown in Fig. 4 a to generate one time key only is an embodiment, uses any means of the numerical data method of operation that comprises suitable function, displacement (substitution), exchange (permutation) etc. and can carry out various distortion in each step.
The recipient, by having utilized the same procedure with the same total secret data of transmit leg, generate one time key 1101001110011100, after the one time key that will receive from transmit leg, encrypted is deciphered, compare with the one time key that self generates, whether identically confirm.Result relatively as long as the one time key that self generates is identical with the one time key of the deciphering that receives from the recipient, just can exchange one time key safely.
In this key exchange method of the present invention, even time data 1 second difference only, then the one time key of (7) that generate among Fig. 4 b generates as the one time key different with the one time key of (7) that generate among Fig. 4 a.
Promptly, even under the situation that the same recipient of same sending direction sends, because generate because time and different one time keys, so even the third party's robber hearer knows total secret data and one time key generation method, but because in fact can not know the one time key that is used to encrypt by transmit leg and recipient, even so steal to listen a ciphered data, can not know the one time key of the coded communication that is used for transmit leg and recipient, the data of having encrypted can not deciphered yet yet.
Fig. 5 is the flow chart of explanation key exchange method of the present invention.Step S501 is undertaken by transmit leg to step S504, and step S505 is undertaken by the recipient to step S511.
In step S501, sender-selectedly generate the data of usefulness and the total secret data that uses as one time key.As total secret data, as previously mentioned, can use transmit leg or recipient telephone number, encrypt such special time data (Timestamp) such as time started, in addition can also use data arbitrarily that transmit leg and recipient make an appointment or the data that generate with the arbitrary method of making an appointment.Among total secret data, preferably comprise data with features such as being difficult to any operation, the third party can not be predicted, time to time change.
At step S502, the method for making an appointment with transmit leg and recipient, for example use total secret data flexibly with reference to the method for Fig. 4 a explanation, generate one time key K
T(z).
As previously mentioned, total secret data and one time key generating algorithm are used any means of the numerical data method of operation that comprises suitable function, displacement (substitution), exchange (permutation) etc. and can be carried out various distortion in each step.
At step S503, with the one time key K that generates
T(z) encrypt.At this moment be to utilize self to encrypt.Encryption can be undertaken by the known arbitrarily cryptographic algorithm such as data bit of replacing, rearranging ad-hoc location.At this moment, the one time key K that has encrypted
E(z) can be by self deciphering.That is one time key K,
T(z) be encryption key, and also be decruption key simultaneously.
At step S504, with the one time key K that has encrypted
E(z) be inserted in the encryption commencing signal, be transferred to the recipient.
At step S505, the recipient receives the one time key K that has encrypted
E(z).
At step S506, the recipient utilizes the method for making an appointment with transmit leg to select same total secret data, at step S507, generates one time key K with the method identical with the method for transmit leg use
o(z).At this moment, as total secret data,, under the situation that employed time data comprises second, the one time key K that step S505 has encrypted should be received in as method data service time of Fig. 4 a
E(z) time, generate one time key.In this case, ignore signal is transferred to the required time delay of recipient from transmit leg.
At step S508, the recipient utilizes the one time key K that generates in step S507
o(z), the encryption that will in step S505, receive one time key K
E(z) deciphering.
At step S509, the one time key K that has relatively deciphered
T(z) and the one time key K that generates
o(z).If comparative result is the one time key K that has received and decipher
T(z) and the one time key K that generates
o(z) identical, then confirm successfully to have exchanged one time key at step S510, if inequality, then at step S511 to transmit leg loading error occurring message.
Afterwards, transmit leg and recipient utilize the key K that has exchanged
T(z) with the information encryption of exchange, carry out coded communication.
Afterwards, at sign off, carry out under the situation of new connection, reuse identical method and generate one time key, information encryption is communicated by this one time key.
Key exchange method of the present invention, by make master key total or with the use that combines of existing known security protocol, thereby safe communication method more can be provided.
Key exchange method of the present invention; the environment that not only can be used for carrying out the coded communication between not specific a plurality of users effectively is two users' of protection privacy down, the exchange of " master key " between two users that can also be used for carrying out not needing the third party's help between two users.
As previously discussed, existing trial will utilize the one time key that generates with the random number of usual way generation to send safely and receive by means of security protocol.Key exchange method according to the present invention is different with existing trial, have total secret data and one time key generation method based on transmit leg and recipient's environment for use, situation difference slightly just generates diverse one time key, even listen communication data (traffic data) so the third party's robber hearer steals, can be with secret key decryption, so can keep the safety of communication yet.
In addition, according to key exchange method of the present invention, even stealing, the third party's robber hearer listens communication data, know the generation method of total secret data and one time key simultaneously, but because can not know the characteristic and the one time key based on user's environment of total secret data, so can keep the safety of communication.
According to key exchange method of the present invention, only transmission primaries is encrypted commencing signal, just can interchange key.
Claims (5)
1. a key exchange method is characterized in that, comprises the following step:
At transmit leg, utilize total secret data to generate the step of key;
At described transmit leg, with the step of the secret key encryption of described generation;
At described transmit leg, the described key of having encrypted is inserted into the step of encrypting in the commencing signal;
At described transmit leg, the encryption commencing signal that has inserted the described key of having encrypted is sent to recipient's step;
Described recipient, receive the step of the described key of having encrypted;
Described recipient, utilize the total secret data identical to generate the step of key with described transmit leg;
Described recipient, utilize described total secret data, with the step of secret key decryption described reception, that encrypted; And
Described recipient, the step of the key of more described generation and the described key of having deciphered.
2. key exchange method as claimed in claim 1, it is characterized in that, generate in the step of key at described transmit leg and recipient, utilize described total secret data, part or all of basis for establishing pattern total in advance between transmit leg and recipient replaced (substitution), exchange (permutation).
3. key exchange method as claimed in claim 1 is characterized in that, in the step of the secret key encryption that described recipient is generated, also comprises and uses key self to encrypt as encryption key, and key self is as the decruption key of the signal of having encrypted simultaneously.
4. key exchange method as claimed in claim 1 is characterized in that, described total secret data comprises any one in special time data (timestamp) and transmit leg or recipient's the telephone number.
5. key exchange method as claimed in claim 1 is characterized in that, described encryption commencing signal is to constitute by comprising the frame that frame head, postamble, encryption begin pattern and described encryption key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200310116510 CN1617484A (en) | 2003-11-14 | 2003-11-14 | Two-way communication method using secrete key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200310116510 CN1617484A (en) | 2003-11-14 | 2003-11-14 | Two-way communication method using secrete key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1617484A true CN1617484A (en) | 2005-05-18 |
Family
ID=34760664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200310116510 Pending CN1617484A (en) | 2003-11-14 | 2003-11-14 | Two-way communication method using secrete key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1617484A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102404119A (en) * | 2011-10-27 | 2012-04-04 | 深圳市文鼎创数据科技有限公司 | Setting method of dynamic token secret key factors, dynamic token and server |
| CN103561024A (en) * | 2013-10-31 | 2014-02-05 | 大连金马衡器有限公司 | Data transmission method based on weighing instrument and remote server |
| CN107181594A (en) * | 2005-07-13 | 2017-09-19 | 瑞萨电子株式会社 | Encryption, decryption circuit |
| CN107707518A (en) * | 2016-08-09 | 2018-02-16 | 联想(新加坡)私人有限公司 | Device and method for the information security based on affairs |
-
2003
- 2003-11-14 CN CN 200310116510 patent/CN1617484A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107181594A (en) * | 2005-07-13 | 2017-09-19 | 瑞萨电子株式会社 | Encryption, decryption circuit |
| CN102404119A (en) * | 2011-10-27 | 2012-04-04 | 深圳市文鼎创数据科技有限公司 | Setting method of dynamic token secret key factors, dynamic token and server |
| CN102404119B (en) * | 2011-10-27 | 2016-03-16 | 深圳市文鼎创数据科技有限公司 | The method to set up of cryptographic key factors of dynamic tokens, dynamic token and server |
| CN103561024A (en) * | 2013-10-31 | 2014-02-05 | 大连金马衡器有限公司 | Data transmission method based on weighing instrument and remote server |
| CN107707518A (en) * | 2016-08-09 | 2018-02-16 | 联想(新加坡)私人有限公司 | Device and method for the information security based on affairs |
| CN107707518B (en) * | 2016-08-09 | 2020-12-08 | 联想(新加坡)私人有限公司 | Apparatus and method for transaction-based message security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5179591A (en) | Method for algorithm independent cryptographic key management | |
| CN1324502C (en) | Method for discriminating invited latent member to take part in group | |
| CN113259329B (en) | Method and device for data careless transmission, electronic equipment and storage medium | |
| AU2010266760B2 (en) | Method for generating an encryption/decryption key | |
| CN1659821A (en) | Method for secure data exchange between two devices | |
| CN101262341A (en) | A mixed encryption method in session system | |
| EP1080558A1 (en) | Multi-node encryption and key delivery | |
| CN101651539A (en) | updating and distributing encryption keys | |
| US6640303B1 (en) | System and method for encryption using transparent keys | |
| CN100350816C (en) | Method for implementing wireless authentication and data safety transmission based on GSM network | |
| CN113065155A (en) | Privacy set intersection method based on trusted execution environment assistance | |
| CN113285959A (en) | Mail encryption method, decryption method and encryption and decryption system | |
| CN1423451A (en) | Enciphered key based on time | |
| CN110611572A (en) | Asymmetric password terminal based on quantum random number, communication system and method | |
| US10601586B2 (en) | Method and apparatus for key management of end encrypted transmission | |
| CN109462471A (en) | The method of information transmission encryption based on national secret algorithm in conjunction with Technique on Quantum Communication | |
| CN101057446A (en) | Method and apparatus for receiving broadcast content | |
| CN1534936A (en) | Key distribution method in radio local network based on public key certificate mechanism | |
| CN107682158B (en) | Trusteeship authentication encryption method | |
| CN1688171A (en) | Apparatus and method for implementing data safety transmission of mobile communication apparatus | |
| CN1617484A (en) | Two-way communication method using secrete key | |
| JP4615128B2 (en) | Voice and data encryption method using encryption key split combiner | |
| CN109981294A (en) | Electronic communication methods and system | |
| CN114499862A (en) | Symmetric key pool encryption and transmission method based on quantum key distribution | |
| EP1456997A1 (en) | System and method for symmetrical cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |