WO2023103099A1 - Control method and system for message storage processing and security authentication, and medium - Google Patents

Control method and system for message storage processing and security authentication, and medium Download PDF

Info

Publication number
WO2023103099A1
WO2023103099A1 PCT/CN2021/140521 CN2021140521W WO2023103099A1 WO 2023103099 A1 WO2023103099 A1 WO 2023103099A1 CN 2021140521 W CN2021140521 W CN 2021140521W WO 2023103099 A1 WO2023103099 A1 WO 2023103099A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
key
encrypted
client
security
Prior art date
Application number
PCT/CN2021/140521
Other languages
French (fr)
Chinese (zh)
Inventor
陈志祥
朱明�
曾祥宇
丁霞
王世杰
Original Assignee
天翼物联科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天翼物联科技有限公司 filed Critical 天翼物联科技有限公司
Publication of WO2023103099A1 publication Critical patent/WO2023103099A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the invention relates to the technical field of communication security, in particular to a control method, system and medium for message storage processing and security authentication.
  • the MQTT protocol As a lightweight communication protocol, the MQTT protocol has a wide range of applications in today's Internet of Things due to its small communication overhead and adaptability to unreliable networks.
  • the current security scheme for the data transmission process can ensure the security of data in both transmission and storage processing, but the security of the key for encrypting and decrypting messages Sex is not guaranteed.
  • the present invention aims to solve at least one of the technical problems existing in the prior art. Therefore, the present invention proposes a control method, system and medium for message storage processing and security authentication, which can improve the security of keys.
  • an embodiment of the present invention provides a control method for message storage processing and security authentication, including the following steps:
  • the security certification center generates a process key according to the message key
  • the publisher client uses the message key to encrypt the original message to obtain a first encrypted message, and transmits the first encrypted message to the distribution agent;
  • the distributed agent obtains the process key from the security authentication center, and uses the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
  • the subscriber client receives the second encrypted message forwarded by the distribution agent, and uses the message key to decrypt the second encrypted message to obtain an original message.
  • a message key of a subject message is generated by the security authentication center, and the message key is managed.
  • the publisher client when encrypting or decrypting the message key according to the exclusive public and private key, the publisher client generates and manages the message key of the topic message on the publisher client, and the security authentication center generates the topic message on the The message key of the subscriber client.
  • the message key and the process key are both symmetric keys; the exclusive public and private keys are asymmetric keys.
  • the first encrypted message includes a message encrypted with a message key and a message key encrypted with an exclusive public key; the second encrypted message includes a message encrypted with a process key and the subscriber client's message key.
  • the distributed agent requests the process key from the security authentication center through the client information and the message key encrypted by the exclusive public key, and the client information includes the subscriber client information and the publisher client information.
  • the security authentication center decrypts the message key encrypted by the exclusive public key sent by the distribution agent with the exclusive private key to obtain the message key of the publisher client, and according to the issued
  • the message key of the subscriber client is randomly generated from the message key of the subscriber client, and the message key of the subscriber client is encrypted with the exclusive private key.
  • the subscriber client uses the exclusive public key to decrypt the message key encrypted by the exclusive private key, and uses the decrypted message key to encrypt the process key in the second encrypted message The message is decrypted to get the original message.
  • an embodiment of the present invention provides a control system for message storage processing and security authentication, including:
  • Security certification center used to generate process key according to message key
  • the publisher client is configured to use the message key to encrypt the original message to obtain a first encrypted message, and transmit the first encrypted message to the distribution agent;
  • a distributed agent configured to obtain the process key from the security certification center, and use the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
  • the subscriber client is configured to receive the second encrypted message forwarded by the distribution agent, and use the message key to decrypt the second encrypted message to obtain an original message.
  • an embodiment of the present invention provides a storage medium, in which a computer-executable program is stored, and when the computer-executable program is executed by a processor, it is used to implement the message storage processing and security authentication. control method.
  • the publisher client uses the message key to encrypt the original message
  • the subscriber client uses the message key to decrypt, so that the original message is in an encrypted state during transmission, thereby improving the security of the original message
  • the security authentication center generates the process key according to the message key, and after the distributed agent obtains the process key from the security authentication center, it uses the process key to encrypt the first encrypted message twice, so that the distributed agent only knows the process key
  • the message key cannot be deduced, so as to solve the security problem when the message is processed in plain text on the agent side and improve the security of the key.
  • Fig. 1 is a schematic diagram of the positional relationship of the SSL/TLS protocol scheme of an embodiment in the network model
  • FIG. 2 is a schematic diagram of interaction between a distribution agent, a security authentication center, a publisher client and a subscriber client according to an embodiment of the present invention
  • Fig. 3 is a flowchart of a control method for message storage processing and security authentication according to an embodiment of the present invention.
  • orientation descriptions such as up, down, front, back, left, right, etc. indicated orientations or positional relationships are based on the orientations or positional relationships shown in the drawings, and are only In order to facilitate the description of the present invention and simplify the description, it does not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
  • the MQTT protocol is a lightweight communication protocol, and its characteristics such as small communication overhead and adaptability to unreliable networks make it widely used in today's Internet of Things field.
  • the MQTT protocol was originally designed in a private network environment, the focus is more on the lightness of message publishing and distribution, rather than some message processing or security during transmission.
  • the embodiments of the present invention focus on data security in terms of transmission and storage processing, so the embodiments of the present invention do not consider analyzing some schemes that focus on subject authority control or schemes that focus on the performance of encryption and decryption algorithms.
  • the SSL/TLS protocol solution and the emerging AugPAKE protocol solution are more common.
  • the AugPAKE scheme is a simplified version of the SSL/TLS scheme, it actually puts the authentication steps of the SSL/TLS scheme offline: the client and the agent need to be authenticated offline to ensure security. It does not apply to scenarios where the terminal exists.
  • the subsequent online execution process is similar to that of the SSL/TLS scheme, which is essentially for negotiating a symmetric key that will be used to ensure the security of data transmission, so repeated analysis of the two schemes is unnecessary.
  • the SSL/TLS protocol solution is located between the application layer and the TCP/IP layer.
  • the SSL/TLS protocol scheme is mainly used to ensure the security of communication based on the TCP protocol.
  • the basic encryption idea adopts the combination of asymmetric encryption and symmetric encryption.
  • the encrypted communication process is as follows:
  • Step 1 The client initiates a request to the server for the public key of the server;
  • Step 2 The two parties negotiate the session key used in this session, which is a symmetric key;
  • Step 3 In the subsequent stage of this session, both parties use the negotiated session key to communicate.
  • the first two steps of communication are also called the handshake process, which is also the core part of the SSL/TLS protocol. It includes a series of negotiation of encryption-related information and determination of security parameters used in subsequent encryption.
  • the client when it requests encrypted communication for the first time, it sends a ClientHello request to the server, which mainly includes several fields: VersionNumber (the highest version of the TLS protocol currently supported), Randomly Generated Data (which will be used to generate session keys later) , Cipher Suite (cipher suite supported by the client), etc.;
  • ServerHello After the server receives the ClientHello request from the client, it needs to send a response to the client.
  • the fields contained in ServerHello correspond to the fields in the ClientHello request sent by the client;
  • ServerCertificate is a certificate provided by the server to the client for authenticating its own identity, which is used to prove the legitimacy of the server and pass the public key.
  • ServerHelloDone indicates that the server response is complete, waiting for the client's subsequent response;
  • the client After receiving the response from the server, the client first verifies the legitimacy of the server's certificate. After the certificate validity authentication of the server is passed, the information sent by the client to the server mainly includes: the encrypted last random number PreMasterKey, ChangeCipherSpec and ClientFinished. ChangeCipherSpec means to use the previously negotiated cipher suite for subsequent communication encryption. ClientFinished indicates that the handshake of the client is completed, and this item is also the Hash value of all the content sent before, which is used for verification by the server;
  • the server After receiving the response sent by the client, the server first uses the corresponding private key to decrypt the last random number PreMasterKey, then combines the two random numbers in the previous communication process to calculate the symmetric key used in the subsequent session, and finally sends the The client sends the following messages: ChangeCipherSpecMessage and ServerFinishedMessage.
  • the former is used to notify the client that it will use the previously negotiated symmetric key and encryption algorithm for communication in the future, and the latter indicates that the Hash value obtained by Hash calculation for the entire session is used for client authentication.
  • the subsequent negotiation will be passed A good symmetric key for encrypted communication.
  • the SSL/TLS protocol negotiates the subsequent symmetric key used to encrypt data through an additional handshake process, thereby solving the security problem in data transmission.
  • the solution based on the SSL/TLS protocol still has the following problems: First, it does not solve the possible security issues when messages are stored and processed on the agent side.
  • the SSL/TLS protocol adds an additional handshake process in order to negotiate the subsequent symmetric key, that is, increase In the case of relatively congested network conditions, it may cause a burden for the pursuit of light and fast IoT communication, especially for the client in communication.
  • the publisher client In order to have both the security of transmission and storage processing, especially to ensure the security of data storage and processing on the agent side, the most basic requirement is to ensure that the data is still encrypted when it is distributed and processed on the agent side. Then on the existing basis, the publisher client encrypts the original message part before publishing the message on a certain topic. In this way, as long as the selected encryption algorithm is appropriate and the key is not leaked, it can ensure that the message is maintained in an encrypted state during transmission and storage without revealing the original message content. And after the message agent forwards the message to the corresponding subscriber client, the subscriber client can use the key of the corresponding publisher to decrypt the ciphertext to obtain the original message.
  • each client has a pair of public and private keys: pubKey and privKey
  • the publisher only needs to encrypt the original message with the public key of the subscriber client when publishing a message.
  • the subscriber client After the subscriber client receives the encrypted message forwarded by the distribution agent, it can decrypt the original message with its own private key. Even if a client is hacked and its own private key is leaked, even if the distribution agent is hacked later, the attacker can only decrypt the message forwarded to the hacked client, because the public and private keys of each client are independent.
  • embodiments of the present invention provide a control method, system and medium for message storage processing and security authentication.
  • the message agent with the message storage and processing function can be distributed in the cloud, which is recorded as a distribution agent, and the part with the message security authentication function is deployed separately.
  • a security certification center Specifically, the interaction process of the distribution agent, the security authentication center, the publisher client and the subscriber client is shown in FIG. 2 .
  • the present invention provides a control method for message storage processing and security authentication, including the following steps:
  • the security authentication center generates a process key according to the message key.
  • the security certification center may be a trusted third-party organization, which is used to handle the following two items:
  • the publisher client uses the message key to encrypt the original message to obtain the first encrypted message, and transmits the first encrypted message to the distribution agent.
  • the publisher client uses the message key to encrypt the original message before publishing the message to the distribution agent. Since the message is already encrypted before transmission, it is difficult for the attacker to obtain the original text of the message without the message key being leaked, and there is no need to add an additional handshake process like the SSL/TLS scheme to negotiate the subsequent symmetry key.
  • the distributed agent obtains the process key from the security authentication center, and uses the process key to encrypt the first encrypted message twice to obtain a second encrypted message.
  • the distribution agent also needs to communicate with the security authentication center in order to obtain the process key for re-encrypting the message transmitted by the publisher.
  • the distribution agent uses the obtained process key to encrypt the message ciphertext transmitted by the publisher client twice to obtain a new ciphertext, and then forwards the processed result to the subscriber client.
  • the distribution agent cannot deduce the message key of the publisher or subscriber client, which also solves the problem of storing and processing messages in plain text on the agent side.
  • the subscriber client receives the second encrypted message forwarded by the distribution agent, and decrypts the second encrypted message by using the message key to obtain the original message.
  • a subscriber client is a client that receives messages on a subscribed topic.
  • the subscriber client After the subscriber client receives the ciphertext encrypted twice by the distribution agent, it will decrypt the ciphertext with its own message key to obtain the original message. Similar to the publisher client, the message is still encrypted before the distribution agent forwards the data, and it is difficult for an attacker to obtain the original text of the message if the message key is not leaked.
  • Message keys are symmetric keys used by publisher clients and subscriber clients to encrypt or decrypt messages.
  • the publisher client will use its message key to encrypt the original message before publishing the message, and the subscriber client will eventually use its message key to decrypt the encrypted message.
  • the message key is generated and controlled by the security certification center, and there is no encrypted message key when the publisher client sends a message or the distribution agent forwards the message;
  • the exclusive When public and private keys are used, the message key of the publisher client will be generated by the publisher client, and the message key of the subscriber client will be generated by the security certification center, wherein the first encrypted message includes the message encrypted by the message key and by The message key encrypted by the exclusive public key; the second encrypted message includes the message encrypted by the process key and the message key of the subscriber client.
  • the process key is a symmetric key, which is generated by the security certification center using the message keys of the relevant publisher client and subscriber client and delivered to the distribution agent for use.
  • the encrypted data is still a ciphertext message, which can be directly decrypted by the subscriber client using its message key to obtain the original message.
  • the distribution agent cannot deduce the message key of the publisher or subscriber client from the process key alone.
  • the process key is to solve the problem of storing and processing messages in clear text on the proxy side in the SSL/TLS scheme.
  • Exclusive public and private keys are mainly used to solve the problem of message key control and the security of message keys when there are a large number of clients in the scheme without security authentication.
  • the process key process key procKeysrc-dest-T is jointly generated by the message keys encKeysrc and encKeydest of the publisher client and the subscriber client, and is only used by the distribution agent for the publisher
  • the transmitted message ciphertext is encrypted twice, and the encrypted ciphertext is then decrypted by the subscriber client to obtain the original message content.
  • the message key is jointly determined by the publisher client, subscriber client, and topic, and varies with different clients or topics.
  • the generated process key is the result of the XOR of the two message keys : "00011110”.
  • the original text message to be encrypted is "abc”
  • the ciphertext generated by the publisher client after encrypting it with its message key is: " ⁇ xy”
  • the distribution agent uses the process key to encrypt the ciphertext.
  • the result after the second encryption is: "efg”
  • the subscriber client uses its message key to decrypt the ciphertext after the second encryption, and finally obtains the original text of the message: "abc”.
  • the publisher client uses the message key to encrypt the message to be published and sends the ciphertext to a node in the distribution agent cluster, and the subscriber client uses the message key to directly decrypt the received forwarded message to obtain the original message content.
  • the distribution agent uses the process key to re-encrypt the ciphertext generated by encrypting the plaintext with the message key, and also needs to ensure the result of the second encryption It can be directly decrypted by the subscriber client to obtain the original message.
  • the data is encrypted during the transmission process, and the plaintext and ciphertext can only be encrypted and decrypted by the relevant encryption and decryption message key, and the message key is not leaked Under the premise, the security of data transmission is guaranteed, and there is no need to add an additional handshake process to negotiate keys like the SSL/TLS scheme;
  • the distribution agent can only perform secondary The encryption process cannot independently derive the key information for decrypting the ciphertext, and the original message cannot be decrypted, which ensures the security of the message in storage and processing;
  • third, for any topic T different clients have different The encryption and decryption keys of this topic are independent and different, which ensures that even if a client and the distribution agent are invaded at the same time, it is impossible to leak and tamper with all the messages passing through the distribution agent on a large scale, which also ensures that the data
  • the management and control of a large number of message keys will bring an additional burden to the security authentication center, and further, may cause publisher clients, subscriber clients and
  • the network communication between the distribution agent and the security certification center has a large delay, which eventually leads to a delay or even paralysis of the message release and distribution process.
  • the security issue of the message key cannot be ignored either. If the client requests the message key and the security authentication center generates and returns the message key, the security of the message key in transmission cannot be guaranteed, and the attacker can skip the process key after intercepting the message key , easily obtain or tamper with the information that the publisher wants to publish, which will have a serious impact on the normal publishing and distribution process.
  • this embodiment enables the security authentication center to generate and control the number of message keys k*l*n, that is, it has nothing to do with the issuer, and the security of the message key is guaranteed.
  • the message key is encrypted and decrypted using the exclusive public and private key.
  • the processing content is also different:
  • the client has its own public and private keys, which are used to generate an exclusive public key for encrypting and decrypting the encrypted message key;
  • the message key of the publisher client is generated and managed by itself, while the message key of the subscriber client is generated by the security certification center;
  • the Security Certification Center manages public and private keys at the granularity of subjects, which are used to generate exclusive private keys for encrypting and decrypting message keys.
  • the publisher client no longer requests the message key from the certificate authority but generates it by itself.
  • the data sent to the distribution agent is divided into two parts: the message encrypted by the message key, and the message key encrypted by the exclusive public key;
  • the distribution agent When the distribution agent requests the process key, it not only needs to bring the corresponding client information, but also needs to bring the encrypted message key sent by the publisher.
  • forwarding data to the subscriber client not only need to forward the twice encrypted ciphertext, but also need to bring the message key of the subscriber client returned by the security authentication center;
  • the security certification center Before generating the process key, the security certification center first needs to use the exclusive private key to decrypt the encrypted message key transmitted by the distribution agent to obtain the publisher's message key, then randomly generate the message key of the subscriber client, and follow the above Request to generate a process key. After that, use the relevant exclusive private key to encrypt the message key of the subscriber client to prevent the distribution agent from obtaining the unencrypted message key. Finally, return the generated process key and encrypted subscriber client key to the distribution agent;
  • the message key used by the subscriber client to decrypt the message ciphertext is included in the data forwarded by the distribution agent.
  • the subscriber client first uses the exclusive public key to decrypt the message key, and then uses the message key to decrypt the ciphertext to obtain the original message.
  • the exclusive public key when an exclusive public and private key is used, for the publisher client, the exclusive public key is used to encrypt the message key; for the subscriber client, the exclusive private key is used to decrypt the message key.
  • the security authentication center uses the exclusive private key of the publisher client to decrypt the publisher's message key, and uses the exclusive public key of the subscriber client to encrypt the message key of the subscriber client.
  • a new exclusive public key pubKeysrc-T is generated by using the private key privKeysrc of the publisher client and the public key pubbKeyT of the corresponding topic, and the exclusive public key is used to encrypt messages on the publisher client.
  • the message key is encrypted.
  • the certification center uses the public key pubKeysrc of the publisher client and the private key privKeyT of the corresponding topic to generate an exclusive private key corresponding to the exclusive public key of the publisher client, so as to decrypt and obtain the encrypted message key of the publisher client .
  • the communication process between the publisher client and the distribution agent is one-way, that is, from the publisher client to the distribution agent, and the security of this communication process under various attack modes is analyzed.
  • Eavesdropping attack Since the message key is randomly generated by the publisher client, the attacker cannot steal the encryption key. During the transmission process, both the key and the message are encrypted. The attacker can only obtain the encrypted message and the message key, but cannot obtain the plaintext of the message, and cannot eavesdrop or leak the corresponding message. . This also ensures the security of data during transmission.
  • Man-in-the-middle attack After the corresponding ciphertext and encrypted message key are generated, the relevant message will be sent to the distribution agent. On the premise that the message key has not been leaked, if the man-in-the-middle wants to carry out an attack, it needs to first To decrypt the message key, two conditions need to be met: 1) steal or crack the publisher's private key; 2) generate the corresponding exclusive public key through the exclusive public and private key generation algorithm. It can be seen that under normal circumstances, these two points are difficult to obtain information for the attacker, so it is difficult for the middleman to carry out the attack.
  • the distribution agent is untrustworthy: Assume that a node in the distribution agent cluster is successfully invaded by an attacker through some means, because the messages transmitted from the publisher to the distribution agent are all encrypted: the message body is encrypted by a randomly generated message key , and the message key is encrypted with the exclusive public key.
  • the data encrypted by the exclusive public key can only be decrypted by the corresponding exclusive private key, and the corresponding exclusive private key can only be calculated and derived by the certification center.
  • the communication between the distribution agent and the certification center is two-way, and the process key request and response process is mainly carried out between the two. Since the distribution agent and the certification center do not have the hardware limitations of the client in the Internet of Things environment, such as memory and Computing capacity limitations and other issues, so the communication between the two can be solved through the existing solution, that is, the SSL/TLS protocol solution. Due to the use of the SSL/TLS protocol scheme, a series of attack methods such as corresponding eavesdropping attacks and man-in-the-middle attacks cannot take effect.
  • the attacker can only obtain the process key returned by the authentication center and the encrypted message key of the subscriber client: for the process key
  • the publisher cannot independently push out the encryption key of the publisher or subscriber client through the process key, so the attacker cannot decrypt the original message through the process key.
  • the encrypted message key of the subscriber client its decryption needs to obtain the exclusive public key generated by the subscriber client first, and this process needs to use the private key of the subscriber client, but the private key of the subscriber client The key is unique to it, which also ensures the security of data storage and processing.
  • the communication between the distribution agent and the subscriber client is also one-way, and the distribution agent forwards and pushes the ciphertext and the encrypted message key to the corresponding subscriber client.
  • Eavesdropping attack The message key and the corresponding ciphertext are encrypted during the transmission process.
  • the attacker cannot deduce the corresponding plaintext based on the ciphertext alone, but can only obtain the plaintext content indirectly by cracking the encryption key first.
  • the message key is encrypted by the relevant exclusive private key, and only the subscriber client can calculate and derive the corresponding exclusive public key. Therefore, the attacker cannot obtain the original plaintext message content, which also ensures the security of the data during transmission.
  • Man-in-the-middle attack Similar to the communication process from the publisher to the distribution agent, if the message key is not leaked, the man-in-the-middle needs to meet two conditions to carry out the attack: 1) steal or crack the publisher’s private key; 2) pass The exclusive public key generation algorithm generates the corresponding exclusive public key. These two points are difficult for an attacker to satisfy, so it is difficult for a man-in-the-middle to carry out an attack.
  • the distribution agent is untrustworthy: similar to the publisher, assuming that a node in the distribution agent cluster is successfully invaded by an attacker through some means, because the data that the distribution agent is going to forward to the subscriber client is in an encrypted state: the content of the message is encrypted through the process of encryption.
  • the key is encrypted twice, and the message key of the subscriber client is encrypted with the exclusive private key.
  • the data encrypted by the exclusive private key can only be decrypted by the corresponding exclusive public key, and the corresponding exclusive public key can only be calculated and derived by the subscriber client.
  • the message storage and security authentication separation scheme proposed by the embodiment of the present invention is both safe and effective in theory, and improves the security and management of message keys.
  • the overall performance of the MQTT protocol adopted is better than that of the MQTT protocol using the SSL/TLS solution.
  • the MQTT protocol based on the improved solution is better in both performance indicators and data security. A better compromise has been achieved.
  • An embodiment of the present invention provides a control system for message storage processing and security authentication, including:
  • Security certification center used to generate process key according to message key
  • the publisher client is used to encrypt the original message using the message key to obtain a first encrypted message, and transmit the first encrypted message to the distribution agent;
  • a distributed agent configured to obtain the process key from the security certification center, and use the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
  • the subscriber client is configured to receive the second encrypted message forwarded by the distribution agent, and use the message key to decrypt the second encrypted message to obtain an original message.
  • the content of the method embodiment of the present invention is applicable to the system embodiment.
  • the functions realized by the system embodiment are the same as those of the method embodiment above, and the beneficial effects achieved are also the same as those achieved by the above method.
  • An embodiment of the present invention provides a storage medium, in which a computer-executable program is stored, and when the computer-executable program is executed by a processor, it is used to implement the message storage processing and security authentication as shown in FIG. 3 Control Method.
  • the embodiment of the present invention also discloses a computer program product or computer program, where the computer program product or computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
  • the processor of the computer device can read the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the control method for message storage processing and security authentication shown in FIG. 3 .

Abstract

Disclosed in the present invention are a control method and system for message storage processing and security authentication, and a medium, which can be applied to the technical field of communication security. According to the present invention, an original message is encrypted at a publisher client by using a message key, and is decrypted at a subscriber client by using the message key, such that the original message is in an encrypted state in a transmission process, thereby improving the security of the original message; and a process key is generated at a security authentication center according to the message key, and after a distribution agent obtains the process key from the security authentication center, the process key is used to perform secondary encryption on a first encrypted message, such that the distribution agent cannot infer the message key when only knowing the process key, thereby solving the security problem when the message is processed in a plaintext form at an agent end, and improving the security of the key.

Description

用于消息存储处理和安全认证的控制方法、系统和介质Control method, system and medium for message storage processing and security authentication 技术领域technical field
本发明涉及通信安全技术领域,尤其是一种用于消息存储处理和安全认证的控制方法、系统和介质。The invention relates to the technical field of communication security, in particular to a control method, system and medium for message storage processing and security authentication.
背景技术Background technique
MQTT协议作为一种轻量级的通信协议,其较小的通信开销及对不可靠网络的适应性等特点,使得其在如今的物联网领域有着广泛的应用。相关技术中,基于MQTT协议进行数据传输的方案中,目前对数据传输过程的安全保障方案,可以保证数据在传输和存储处理两方面兼具安全性,但是对消息进行加解密的密钥的安全性不能保证。As a lightweight communication protocol, the MQTT protocol has a wide range of applications in today's Internet of Things due to its small communication overhead and adaptability to unreliable networks. In related technologies, in the scheme of data transmission based on the MQTT protocol, the current security scheme for the data transmission process can ensure the security of data in both transmission and storage processing, but the security of the key for encrypting and decrypting messages Sex is not guaranteed.
发明内容Contents of the invention
本发明旨在至少解决现有技术中存在的技术问题之一。为此,本发明提出一种用于消息存储处理和安全认证的控制方法、系统和介质,能够提高密钥的安全性。The present invention aims to solve at least one of the technical problems existing in the prior art. Therefore, the present invention proposes a control method, system and medium for message storage processing and security authentication, which can improve the security of keys.
一方面,本发明实施例提供了一种用于消息存储处理和安全认证的控制方法,包括以下步骤:On the one hand, an embodiment of the present invention provides a control method for message storage processing and security authentication, including the following steps:
安全认证中心根据消息密钥生成过程密钥;The security certification center generates a process key according to the message key;
发布者客户端采用所述消息密钥对原始消息进行加密,得到第一加密消息,将所述第一加密消息传输到分布代理;The publisher client uses the message key to encrypt the original message to obtain a first encrypted message, and transmits the first encrypted message to the distribution agent;
分布代理从所述安全认证中心获取所述过程密钥,采用所述过程密钥对所述第一加密消息进行二次加密,得到第二加密消息;The distributed agent obtains the process key from the security authentication center, and uses the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
订阅者客户端接收所述分布代理转发的所述第二加密消息,采用所述消息密钥对所述第二加密消息进行解密,得到原始消息。The subscriber client receives the second encrypted message forwarded by the distribution agent, and uses the message key to decrypt the second encrypted message to obtain an original message.
在一些实施例中,通过所述安全认证中心生成主题消息的消息密钥,并对所述消息密钥进行管控。In some embodiments, a message key of a subject message is generated by the security authentication center, and the message key is managed.
在一些实施例中,当根据独占公私钥对所述消息密钥进行加密或解密时,通过发布者客户端生成并管理主题消息在发布者客户端的消息密钥,通过安全认证中心生成主题消息在订 阅者客户端的消息密钥。In some embodiments, when encrypting or decrypting the message key according to the exclusive public and private key, the publisher client generates and manages the message key of the topic message on the publisher client, and the security authentication center generates the topic message on the The message key of the subscriber client.
在一些实施例中,所述消息密钥和所述过程密钥均为对称密钥;所述独占公私钥为非对称密钥。In some embodiments, the message key and the process key are both symmetric keys; the exclusive public and private keys are asymmetric keys.
在一些实施例中,所述第一加密消息包括通过消息密钥进行加密的消息和通过独占公钥加密的消息密钥;所述第二加密消息包括过程密钥加密的消息和订阅者客户端的消息密钥。In some embodiments, the first encrypted message includes a message encrypted with a message key and a message key encrypted with an exclusive public key; the second encrypted message includes a message encrypted with a process key and the subscriber client's message key.
在一些实施例中,所述分布代理通过客户端信息和独占公钥加密的消息密钥向所述安全认证中心请求过程密钥,所述客户端信息包括订阅者客户端信息和发布者客户端信息。In some embodiments, the distributed agent requests the process key from the security authentication center through the client information and the message key encrypted by the exclusive public key, and the client information includes the subscriber client information and the publisher client information.
在一些实施例中,所述安全认证中心在生成过程密钥前,通过独占私钥对分布代理发送的独占公钥加密后的消息密钥进行解密,得到发布者客户端的消息密钥,根据发布者客户端的消息密钥随机生成订阅者客户端的消息密钥,通过独占私钥对所述订阅者客户端的消息密钥进行加密。In some embodiments, before generating the process key, the security authentication center decrypts the message key encrypted by the exclusive public key sent by the distribution agent with the exclusive private key to obtain the message key of the publisher client, and according to the issued The message key of the subscriber client is randomly generated from the message key of the subscriber client, and the message key of the subscriber client is encrypted with the exclusive private key.
在一些实施例中,所述订阅者客户端通过独占公钥对通过独占私钥加密后的消息密钥进行解密,通过解密后的消息密钥对所述第二加密消息中的过程密钥加密的消息进行解密,得到原始消息。In some embodiments, the subscriber client uses the exclusive public key to decrypt the message key encrypted by the exclusive private key, and uses the decrypted message key to encrypt the process key in the second encrypted message The message is decrypted to get the original message.
另一方面,本发明实施例提供了一种用于消息存储处理和安全认证的控制系统,包括:On the other hand, an embodiment of the present invention provides a control system for message storage processing and security authentication, including:
安全认证中心,用于根据消息密钥生成过程密钥;Security certification center, used to generate process key according to message key;
发布者客户端,用于采用所述消息密钥对原始消息进行加密,得到第一加密消息,将所述第一加密消息传输到分布代理;The publisher client is configured to use the message key to encrypt the original message to obtain a first encrypted message, and transmit the first encrypted message to the distribution agent;
分布代理,用于从所述安全认证中心获取所述过程密钥,采用所述过程密钥对所述第一加密消息进行二次加密,得到第二加密消息;a distributed agent, configured to obtain the process key from the security certification center, and use the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
订阅者客户端,用于接收所述分布代理转发的所述第二加密消息,采用所述消息密钥对所述第二加密消息进行解密,得到原始消息。The subscriber client is configured to receive the second encrypted message forwarded by the distribution agent, and use the message key to decrypt the second encrypted message to obtain an original message.
另一方面,本发明实施例提供了一种存储介质,其中存储有计算机可执行的程序,所述计算机可执行的程序被处理器执行时用于实现所述的用于消息存储处理和安全认证的控制方法。On the other hand, an embodiment of the present invention provides a storage medium, in which a computer-executable program is stored, and when the computer-executable program is executed by a processor, it is used to implement the message storage processing and security authentication. control method.
本发明实施例提供的一种用于消息存储处理和安全认证的控制方法,具有如下有益效果:A control method for message storage processing and security authentication provided by an embodiment of the present invention has the following beneficial effects:
本实施例在发布者客户端采用消息密钥对原始消息进行加密,在订阅者客户端采用消息密钥进行解密,使得原始消息在传输过程中处于加密状态,从而提高原始消息的安全性,并且,在安全认证中心根据消息密钥生成过程密钥,使分布代理从安全认证中心获取过程密钥后,采用过程密钥对第一加密消息进行二次加密,使得分布代理在仅仅知道过程密钥时,无 法推出消息密钥,从而解决消息在代理端以明文形式进行处理时的安全问题,提高密钥安全性。In this embodiment, the publisher client uses the message key to encrypt the original message, and the subscriber client uses the message key to decrypt, so that the original message is in an encrypted state during transmission, thereby improving the security of the original message, and , the security authentication center generates the process key according to the message key, and after the distributed agent obtains the process key from the security authentication center, it uses the process key to encrypt the first encrypted message twice, so that the distributed agent only knows the process key When , the message key cannot be deduced, so as to solve the security problem when the message is processed in plain text on the agent side and improve the security of the key.
本发明的附加方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本发明的实践了解到。Additional aspects and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
附图说明Description of drawings
下面结合附图和实施例对本发明做进一步的说明,其中:The present invention will be further described below in conjunction with accompanying drawing and embodiment, wherein:
图1为一种实施例的SSL/TLS协议方案在网络模型中的位置关系示意图;Fig. 1 is a schematic diagram of the positional relationship of the SSL/TLS protocol scheme of an embodiment in the network model;
图2为本发明实施例的分发代理、安全认证中心、发布者客户端和订阅者客户端的交互示意图;FIG. 2 is a schematic diagram of interaction between a distribution agent, a security authentication center, a publisher client and a subscriber client according to an embodiment of the present invention;
图3为本发明实施例的一种用于消息存储处理和安全认证的控制方法的流程图。Fig. 3 is a flowchart of a control method for message storage processing and security authentication according to an embodiment of the present invention.
具体实施方式Detailed ways
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能理解为对本发明的限制。Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary only for explaining the present invention and should not be construed as limiting the present invention.
在本发明的描述中,需要理解的是,涉及到方位描述,例如上、下、前、后、左、右等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。In the description of the present invention, it should be understood that the orientation descriptions, such as up, down, front, back, left, right, etc. indicated orientations or positional relationships are based on the orientations or positional relationships shown in the drawings, and are only In order to facilitate the description of the present invention and simplify the description, it does not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
在本发明的描述中,若干的含义是一个以上,多个的含义是两个以上,大于、小于、超过等理解为不包括本数,以上、以下、以内等理解为包括本数。如果有描述到第一、第二只是用于区分技术特征为目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量或者隐含指明所指示的技术特征的先后关系。In the description of the present invention, several means more than one, and multiple means more than two. Greater than, less than, exceeding, etc. are understood as not including the original number, and above, below, within, etc. are understood as including the original number. If the description of the first and second is only for the purpose of distinguishing the technical features, it cannot be understood as indicating or implying the relative importance or implicitly indicating the number of the indicated technical features or implicitly indicating the order of the indicated technical features relation.
本发明的描述中,除非另有明确的限定,设置、安装、连接等词语应做广义理解,所属技术领域技术人员可以结合技术方案的具体内容合理确定上述词语在本发明中的具体含义。In the description of the present invention, unless otherwise clearly defined, words such as setting, installation, and connection should be understood in a broad sense, and those skilled in the art can reasonably determine the specific meanings of the above words in the present invention in combination with the specific content of the technical solution.
本发明的描述中,参考术语“一个实施例”、“一些实施例”、“示意性实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何 的一个或多个实施例或示例中以合适的方式结合。In the description of the present invention, reference to the terms "one embodiment," "some embodiments," "exemplary embodiments," "examples," "specific examples," or "some examples" is intended to mean that the embodiments are A specific feature, structure, material, or characteristic described by or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
相关技术中,MQTT协议作为一种轻量级的通信协议,其较小的通信开销及对不可靠网络的适应性等特点,使得其在如今的物联网领域有着广泛的应用。但是,由于MQTT协议在最初是在私人网络环境下进行设计的,关注的重点更多的在于消息的发布分发的轻量性,而非一些消息处理或者传输过程中的安全性,其本身除了通过用户名密码认证的方式之外,并未有其他的保证安全性的措施。在物联网领域飞速发展的今天,随着用户量的增长,相应的安全隐患和问题也日渐凸显。In related technologies, the MQTT protocol is a lightweight communication protocol, and its characteristics such as small communication overhead and adaptability to unreliable networks make it widely used in today's Internet of Things field. However, since the MQTT protocol was originally designed in a private network environment, the focus is more on the lightness of message publishing and distribution, rather than some message processing or security during transmission. There are no other security measures other than username and password authentication. Today, with the rapid development of the Internet of Things, with the increase in the number of users, the corresponding security risks and problems are becoming increasingly prominent.
在基于MQTT协议的物联网通信现状进行调查分析中发现,在公网条件下总共有78829台代理端使用MQTT协议进行通信,其中使用端口1883(MQTT协议的默认通信端口,不使用SSL/TLS进行安全认证)的服务器占比为99.69%,即当前公网环境下绝大多数的MQTT服务器均未对通信过程进行相关的安全加密措施。很多研究实践结果表明,60%以上的服务器未对客户端进行用户名密码验证,并且绝大多数代理端均可以使用任意客户端订阅所有的主题及收到相应的明文推送。In the investigation and analysis of the communication status of the Internet of Things based on the MQTT protocol, it was found that a total of 78,829 agents communicated using the MQTT protocol under public network conditions, and port 1883 (the default communication port of the MQTT protocol, not using SSL/TLS) was used for communication. security authentication) accounted for 99.69%, that is, the vast majority of MQTT servers in the current public network environment have not implemented relevant security encryption measures for the communication process. Many research and practice results show that more than 60% of the servers do not verify the username and password of the client, and the vast majority of agents can use any client to subscribe to all topics and receive corresponding plaintext pushes.
这也就从实际角度说明了当前基于MQTT协议的通信现状不容乐观。本发明实施例的侧重点在于数据在传输和存储处理两方面的安全性,所以本发明实施例不考虑分析一些侧重于主题权限控制的方案或是侧重于加解密算法性能的方案。侧重于保证数据在传输方面的安全性的方案中,比较常见的是SSL/TLS协议方案,以及新兴的AugPAKE协议方案。但是,由于AugPAKE方案就是SSL/TLS方案的简化版本,它其实就是将SSL/TLS方案的认证步骤放在了线下:客户端和代理端需要在线下进行认证,以保证安全,这对于大量客户端存在的场景并不适用。并且,其后的线上执行过程和SSL/TLS方案类似,本质上都是为了协商后续用于保证数据传输方面的安全性的对称密钥,所以对这两种方案进行重复分析没有必要。This also shows from a practical point of view that the current status of communication based on the MQTT protocol is not optimistic. The embodiments of the present invention focus on data security in terms of transmission and storage processing, so the embodiments of the present invention do not consider analyzing some schemes that focus on subject authority control or schemes that focus on the performance of encryption and decryption algorithms. Among the solutions that focus on ensuring the security of data transmission, the SSL/TLS protocol solution and the emerging AugPAKE protocol solution are more common. However, since the AugPAKE scheme is a simplified version of the SSL/TLS scheme, it actually puts the authentication steps of the SSL/TLS scheme offline: the client and the agent need to be authenticated offline to ensure security. It does not apply to scenarios where the terminal exists. Moreover, the subsequent online execution process is similar to that of the SSL/TLS scheme, which is essentially for negotiating a symmetric key that will be used to ensure the security of data transmission, so repeated analysis of the two schemes is unnecessary.
下面对SSL/TLS协议方案进行分析,总结其在本专利的研究侧重点下的不足之处,然后再介绍本发明实施例的具体内容。The following analyzes the SSL/TLS protocol scheme, summarizes its shortcomings under the research focus of this patent, and then introduces the specific content of the embodiment of the present invention.
如图1所示,SSL/TLS协议方案位于应用层和TCP/IP层之间。在图1所示的网络模型中,SSL/TLS协议方案主要用于保证基于TCP协议的通信的安全性,基本的加密思路采用的是非对称加密和对称加密结合的形式,其加密通信流程如下:As shown in Figure 1, the SSL/TLS protocol solution is located between the application layer and the TCP/IP layer. In the network model shown in Figure 1, the SSL/TLS protocol scheme is mainly used to ensure the security of communication based on the TCP protocol. The basic encryption idea adopts the combination of asymmetric encryption and symmetric encryption. The encrypted communication process is as follows:
步骤一、客户端向服务端发起请求索取服务端的公钥;Step 1. The client initiates a request to the server for the public key of the server;
步骤二、双方协商好本次会话使用的会话密钥,该密钥属于对称密钥;Step 2: The two parties negotiate the session key used in this session, which is a symmetric key;
步骤三、在本次会话的后续阶段双方都采用协商好的会话密钥进行通信。Step 3: In the subsequent stage of this session, both parties use the negotiated session key to communicate.
通信的前两步也被称为握手过程,这也是SSL/TLS协议最核心的部分,它包括了一系列 加密相关信息的协商以及后续加密所用到的安全参数的确定。The first two steps of communication are also called the handshake process, which is also the core part of the SSL/TLS protocol. It includes a series of negotiation of encryption-related information and determination of security parameters used in subsequent encryption.
具体地,客户端在首次请求加密通信时向服务端发送ClientHello请求,主要包括几个字段:VersionNumber(当前支持的TLS协议的最高版本)、Randomly Generated Data(后续将被用于生成会话密钥)、Cipher Suite(客户端支持的加密套件)等;Specifically, when the client requests encrypted communication for the first time, it sends a ClientHello request to the server, which mainly includes several fields: VersionNumber (the highest version of the TLS protocol currently supported), Randomly Generated Data (which will be used to generate session keys later) , Cipher Suite (cipher suite supported by the client), etc.;
服务端收到客户端的ClientHello请求之后,需要向客户端发送响应,其中最主要的字段有三个:ServerHello,ServerCertificate及ServerHelloDone。ServerHello中包含的字段和客户端发送的ClientHello请求中的字段一一对应;ServerCertificate为服务端提供给客户端用于认证自身身份的证书,该证书用于证明服务端的合法性及传递公钥。最后,ServerHelloDone表示服务端响应完成,等待客户端后续响应;After the server receives the ClientHello request from the client, it needs to send a response to the client. There are three main fields: ServerHello, ServerCertificate, and ServerHelloDone. The fields contained in ServerHello correspond to the fields in the ClientHello request sent by the client; ServerCertificate is a certificate provided by the server to the client for authenticating its own identity, which is used to prove the legitimacy of the server and pass the public key. Finally, ServerHelloDone indicates that the server response is complete, waiting for the client's subsequent response;
客户端在收到服务端的响应之后,首先认证服务端的证书的合法性。在服务端的证书合法性认证通过后,客户端向服务端再次发送的信息主要包括:加密后的最后一个随机数PreMasterKey,ChangeCipherSpec及ClientFinished。ChangeCipherSpec表示使用之前协商的加密套件进行后续的通信的加密。ClientFinished表示客户端的握手结束,这一项也是前面发送的所有内容的Hash值,用于供服务端进行校验;After receiving the response from the server, the client first verifies the legitimacy of the server's certificate. After the certificate validity authentication of the server is passed, the information sent by the client to the server mainly includes: the encrypted last random number PreMasterKey, ChangeCipherSpec and ClientFinished. ChangeCipherSpec means to use the previously negotiated cipher suite for subsequent communication encryption. ClientFinished indicates that the handshake of the client is completed, and this item is also the Hash value of all the content sent before, which is used for verification by the server;
服务端收到客户端发送的响应后,首先使用对应的私钥将最后一个随机数PreMasterKey解密,然后结合前面通信过程中的两个随机数计算本次会话后续使用的对称密钥,最后再向客户端发送以下信息:ChangeCipherSpecMessage及ServerFinishedMessage。前者用于通知客户端后续将使用前面协商好的对称密钥及加密算法进行通信,后者表示把整个会话进行Hash计算得到Hash值用于客户端认证,在客户端认证成功后后续就通过协商好的对称密钥进行加密通信。After receiving the response sent by the client, the server first uses the corresponding private key to decrypt the last random number PreMasterKey, then combines the two random numbers in the previous communication process to calculate the symmetric key used in the subsequent session, and finally sends the The client sends the following messages: ChangeCipherSpecMessage and ServerFinishedMessage. The former is used to notify the client that it will use the previously negotiated symmetric key and encryption algorithm for communication in the future, and the latter indicates that the Hash value obtained by Hash calculation for the entire session is used for client authentication. After the client authentication is successful, the subsequent negotiation will be passed A good symmetric key for encrypted communication.
通过上述流程可以看到,SSL/TLS协议通过额外的握手过程来协商后续用于加密数据的对称密钥,从而解决了数据传输方面的安全性问题。但是基于SSL/TLS协议的方案还是存在以下问题:第一、未解决消息在代理端存储处理时可能存在的安全问题,例如,由于越来越多的消息代理被部署到云端,假设消息代理被入侵了,由于消息在代理端是以明文存储的,那么大量明文消息就很有可能被泄露和篡改;第二、SSL/TLS协议为了协商后续的对称密钥而额外增加了握手流程,即增加了信息的额外两次往返,在网络状况比较拥堵的情况下,对于追求轻便和快速的物联网通信,尤其是通信中的客户端而言有可能会造成负担。It can be seen from the above process that the SSL/TLS protocol negotiates the subsequent symmetric key used to encrypt data through an additional handshake process, thereby solving the security problem in data transmission. However, the solution based on the SSL/TLS protocol still has the following problems: First, it does not solve the possible security issues when messages are stored and processed on the agent side. For example, since more and more message agents are deployed to the cloud, assuming that the Intrusion, because the message is stored in plain text on the agent side, a large number of plain text messages are likely to be leaked and tampered with; second, the SSL/TLS protocol adds an additional handshake process in order to negotiate the subsequent symmetric key, that is, increase In the case of relatively congested network conditions, it may cause a burden for the pursuit of light and fast IoT communication, especially for the client in communication.
为了同时兼具传输和存储处理两方面的安全性,尤其是保证数据在代理端存储处理方面的安全性,最基本的一个要求就是保证数据在代理端进行分发处理时依旧是加密状态。那么在现有的基础上,就是发布者客户端在某个主题上进行消息的发布前先对原始消息部分进行 加密处理。这样一来只要选用的加密算法恰当并且密钥未被泄露的话,可以保证消息在传输和存储处理时均维持在加密状态而不暴露原始的消息内容。并且消息代理将消息转发给相应的订阅者客户端之后,订阅者客户端可以使用对应发布者的密钥对密文进行解密得到原始消息。In order to have both the security of transmission and storage processing, especially to ensure the security of data storage and processing on the agent side, the most basic requirement is to ensure that the data is still encrypted when it is distributed and processed on the agent side. Then on the existing basis, the publisher client encrypts the original message part before publishing the message on a certain topic. In this way, as long as the selected encryption algorithm is appropriate and the key is not leaked, it can ensure that the message is maintained in an encrypted state during transmission and storage without revealing the original message content. And after the message agent forwards the message to the corresponding subscriber client, the subscriber client can use the key of the corresponding publisher to decrypt the ciphertext to obtain the original message.
但是,假设采取的是对称加密的方式,也就是说密钥k会存在于多个客户端手中,这增加了密钥被泄露的风险。只要某个客户端被侵入导致密钥k被获取了,再加之某个分发代理也被入侵,那么后续的所有消息加密形同虚设,攻击者可以将分发代理收到的所有消息进行解密并随意篡改转发。假设订阅者客户端本身可能是由某个攻击者伪装而成的,那么这个攻击者可以直接获取到密钥k,进一步地,分发代理再被入侵之后,加密的消息也就可以被攻击者轻松解密。采用非对称加密的方式可以解决前面对称加密所面临的密钥容易被泄露的问题。假设每个客户端本身都有一对公私钥:pubKey、privKey,那么发布者需要发布消息时只需将原始消息使用订阅者客户端的公钥进行加密即可。订阅者客户端收到了分发代理转发的加密消息之后使用自己的私钥就可以解密得到原始消息。即使某个客户端被入侵导致自身的私钥泄露了,后续就算分发代理被入侵,攻击者也只能解密得到转发给被入侵的客户端的消息,因为每个客户端的公私钥是独立的。但是此方案也存在缺陷:首先,从MQTT协议通信模型中可以看到,发布者本身并不知晓某个主题上的订阅者客户端的信息,那么也就无法知道发布的消息到底会被分发代理转发给哪些订阅者客户端,发布者也就不知道该使用哪个订阅者客户端的公钥对消息进行加密;其次,假设通过对原始的MQTT协议进行修改使得发布者可以知道当前要发布消息的主题上存在的订阅者客户端相关信息。但由于订阅者客户端可能存在多个,而发布者客户端发布消息时单次只能采用一个订阅者客户端的公钥对原始消息进行加密。由于订阅者客户端的公钥信息都是独立不相关的,那么该方案就无法满足存在多个订阅者客户端时的要求;再次,假设通过某种方式修改了原始的MQTT协议使得发布者客户端单次可以传输多个通过不同订阅者公钥进行加密的消息的组合,并且分发代理能够将报文中属于不同订阅者客户端的加密消息正确分割开来并转发到不同的订阅者客户端。那么当某个主题的订阅者客户端数目很大时,发布者客户端发布的PUBLISH报文的长度会很长,并且客户端作为发布者时需要存储大量的订阅者的公钥等信息。而实际场景中客户端往往是硬件资源如内存、CPU受限的终端设备,该方案对于这些终端设备而言难以承受。However, assuming a symmetric encryption method is adopted, that is to say, the key k will exist in the hands of multiple clients, which increases the risk of the key being leaked. As long as a client is hacked and the key k is obtained, and a distribution agent is also hacked, then all subsequent message encryption is useless, and the attacker can decrypt all messages received by the distribution agent and tamper with them at will. . Assuming that the subscriber client itself may be disguised by an attacker, then the attacker can directly obtain the key k. Further, after the distribution agent is invaded, the encrypted message can be easily obtained by the attacker. decrypt. The use of asymmetric encryption can solve the problem that the key is easily leaked in the previous symmetric encryption. Assuming that each client has a pair of public and private keys: pubKey and privKey, then the publisher only needs to encrypt the original message with the public key of the subscriber client when publishing a message. After the subscriber client receives the encrypted message forwarded by the distribution agent, it can decrypt the original message with its own private key. Even if a client is hacked and its own private key is leaked, even if the distribution agent is hacked later, the attacker can only decrypt the message forwarded to the hacked client, because the public and private keys of each client are independent. However, this solution also has flaws: First, from the MQTT protocol communication model, it can be seen that the publisher itself does not know the information of the subscriber client on a certain topic, so it is impossible to know whether the published message will be forwarded by the distribution agent For which subscriber clients, the publisher does not know which subscriber client’s public key to use to encrypt the message; secondly, assuming that the publisher can know the topic of the current message to be published by modifying the original MQTT protocol Information about existing subscriber clients. However, since there may be multiple subscriber clients, the publisher client can only use the public key of one subscriber client to encrypt the original message when publishing a message. Since the public key information of the subscriber client is independent and irrelevant, this scheme cannot meet the requirements when there are multiple subscriber clients; again, suppose that the original MQTT protocol is modified in some way to make the publisher client A combination of multiple messages encrypted by different subscriber public keys can be transmitted at a time, and the distribution agent can correctly separate the encrypted messages belonging to different subscriber clients in the message and forward them to different subscriber clients. Then when the number of subscriber clients of a topic is large, the length of the PUBLISH message issued by the publisher client will be very long, and the client needs to store a large number of subscriber public keys and other information when it acts as a publisher. However, in actual scenarios, clients are often terminal devices with limited hardware resources such as memory and CPU. This solution is unbearable for these terminal devices.
综上所述,虽然上述这种方案可以保证数据在传输和存储处理两方面兼具安全性,但是,对消息进行加解密的密钥的安全性不能保证,并且,在存在大量客户端时无法有效地对密钥进行管控。To sum up, although the above scheme can guarantee the security of data in both transmission and storage processing, the security of the key for encrypting and decrypting messages cannot be guaranteed, and it cannot be guaranteed when there are a large number of clients. Effectively manage and control keys.
基于此,本发明实施例提供了一种用于消息存储处理和安全认证的控制方法、系统和介质。本实施例通过将MQTT协议的安全认证与消息存储处理分离,拥有消息存储处理功能的消息代理可以在云端进行分布式部署,记为分发代理,而具有消息安全认证功能的部分则进行单独部署,记为安全认证中心。具体地,分发代理、安全认证中心、发布者客户端和订阅者客户端的交互过程如图2所示。在图2所示的交互系统中,如图3所示,本发明实施了提供了一种用于消息存储处理和安全认证的控制方法,包括以下步骤:Based on this, embodiments of the present invention provide a control method, system and medium for message storage processing and security authentication. In this embodiment, by separating the security authentication of the MQTT protocol from the message storage and processing, the message agent with the message storage and processing function can be distributed in the cloud, which is recorded as a distribution agent, and the part with the message security authentication function is deployed separately. Denote it as a security certification center. Specifically, the interaction process of the distribution agent, the security authentication center, the publisher client and the subscriber client is shown in FIG. 2 . In the interactive system shown in Figure 2, as shown in Figure 3, the present invention provides a control method for message storage processing and security authentication, including the following steps:
S31、安全认证中心根据消息密钥生成过程密钥。S31. The security authentication center generates a process key according to the message key.
在本实施例中,安全认证中心可以是可信的第三方机构,其用于处理以下两项内容:In this embodiment, the security certification center may be a trusted third-party organization, which is used to handle the following two items:
第一、根据分发代理的请求,使用相关发布者客户端及订阅者客户端的消息密钥生成过程密钥,以便后续分发代理使用过程密钥对消息密文进行二次加密处理;First, according to the request of the distribution agent, use the message key of the relevant publisher client and subscriber client to generate a process key, so that the subsequent distribution agent can use the process key to perform secondary encryption on the message ciphertext;
第二、使用生成的独占公私钥对客户端的消息密钥进行加解密处理,通过过程密钥来解决消息在分布代理端以明文形式进行存储处理时,由于分布代理端不可信而导致的消息被大量泄漏和篡改的问题,同时,通过独占公私钥来改进存在大量客户端时的消息密钥的安全性问题及管控问题。Second, use the generated exclusive public and private keys to encrypt and decrypt the message key of the client, and use the process key to solve the problem that the message is blocked due to the untrustworthiness of the distributed agent when the message is stored and processed in plain text on the distributed agent. A large number of leaks and tampering problems. At the same time, the security and control problems of the message key when there are a large number of clients are improved by monopolizing the public and private keys.
S32、发布者客户端采用消息密钥对原始消息进行加密,得到第一加密消息,将第一加密消息传输到分布代理。S32. The publisher client uses the message key to encrypt the original message to obtain the first encrypted message, and transmits the first encrypted message to the distribution agent.
在本实施例中,发布者客户端在向分发代理发布消息前,使用消息密钥对原始消息进行加密处理。由于消息在传输前己经处于加密的状态,在消息密钥未被泄露的前提下,攻击者难以获取到消息的原文,不需要类似SSL/TLS方案那样增加额外的握手流程来协商后续的对称密钥。In this embodiment, the publisher client uses the message key to encrypt the original message before publishing the message to the distribution agent. Since the message is already encrypted before transmission, it is difficult for the attacker to obtain the original text of the message without the message key being leaked, and there is no need to add an additional handshake process like the SSL/TLS scheme to negotiate the subsequent symmetry key.
S33、分布代理从安全认证中心获取所述过程密钥,采用过程密钥对所述第一加密消息进行二次加密,得到第二加密消息。S33. The distributed agent obtains the process key from the security authentication center, and uses the process key to encrypt the first encrypted message twice to obtain a second encrypted message.
在本实施例中,分发代理还需要与安全认证中心进行通信,以便获取到对发布者传输的消息进行二次加密的过程密钥。在每次向订阅者转发消息时,分发代理使用获取到的过程密钥对发布者客户端传输的消息密文进行二次加密得到新的密文,之后再将处理后的结果转发给订阅者客户端。在仅仅知道过程密钥的前提下,分发代理无法推出发布者或订阅者客户端的消息密钥,这也就解决了消息在代理端以明文形式进行存储处理时的问题。In this embodiment, the distribution agent also needs to communicate with the security authentication center in order to obtain the process key for re-encrypting the message transmitted by the publisher. Each time a message is forwarded to a subscriber, the distribution agent uses the obtained process key to encrypt the message ciphertext transmitted by the publisher client twice to obtain a new ciphertext, and then forwards the processed result to the subscriber client. On the premise of only knowing the process key, the distribution agent cannot deduce the message key of the publisher or subscriber client, which also solves the problem of storing and processing messages in plain text on the agent side.
S34、订阅者客户端接收分布代理转发的第二加密消息,采用消息密钥对第二加密消息进行解密,得到原始消息。S34. The subscriber client receives the second encrypted message forwarded by the distribution agent, and decrypts the second encrypted message by using the message key to obtain the original message.
在本实施例中,订阅者客户端是接收己订阅的主题上的消息的客户端。在本方案中,订 阅者客户端在收到分发代理二次加密后的密文之后,会通过自己的消息密钥对密文进行解密处理从而得到消息原文。和发布者客户端类似的是,在分发代理转发数据前,消息仍处于加密状态,在消息密钥未被泄露的前提下,攻击者难以获取到消息的原文。In this embodiment, a subscriber client is a client that receives messages on a subscribed topic. In this scheme, after the subscriber client receives the ciphertext encrypted twice by the distribution agent, it will decrypt the ciphertext with its own message key to obtain the original message. Similar to the publisher client, the message is still encrypted before the distribution agent forwards the data, and it is difficult for an attacker to obtain the original text of the message if the message key is not leaked.
在本发明实施中,主要使用以下三种密钥:In the implementation of the present invention, mainly use following three kinds of keys:
第一、消息密钥。消息密钥属于对称密钥,由发布者客户端和订阅者客户端使用,用于对消息进行加密或解密。发布者客户端在发布消息之前会使用它的消息密钥对原始消息进行加密处理,而订阅者客户端最终也会使用它的消息密钥对加密的消息进行解密处理。需要特别说明的是,当不使用独占公私钥时,消息密钥是由安全认证中心所生成并管控的,发布者客户端发送消息或者分发代理转发消息时不存在加密的消息密钥;当独占公私钥时,发布者客户端的消息密钥将由发布者客户端生成,而订阅者客户端的消息密钥则由安全认证中心生成,其中,第一加密消息包括通过消息密钥进行加密的消息和通过独占公钥加密的消息密钥;第二加密消息包括过程密钥加密的消息和订阅者客户端的消息密钥。可以看到,由于消息在传输转发前就己经进行了加密处理,所以不需要像SSL/TLS方案一样执行额外的握手流程来协商后续的对称密钥,从而解决SSL/TLS方案需要额外的网络往返可能造成的开销问题。First, the message key. Message keys are symmetric keys used by publisher clients and subscriber clients to encrypt or decrypt messages. The publisher client will use its message key to encrypt the original message before publishing the message, and the subscriber client will eventually use its message key to decrypt the encrypted message. It should be noted that when the exclusive public and private keys are not used, the message key is generated and controlled by the security certification center, and there is no encrypted message key when the publisher client sends a message or the distribution agent forwards the message; when the exclusive When public and private keys are used, the message key of the publisher client will be generated by the publisher client, and the message key of the subscriber client will be generated by the security certification center, wherein the first encrypted message includes the message encrypted by the message key and by The message key encrypted by the exclusive public key; the second encrypted message includes the message encrypted by the process key and the message key of the subscriber client. It can be seen that since the message has been encrypted before transmission and forwarding, there is no need to perform an additional handshake process to negotiate a subsequent symmetric key like the SSL/TLS scheme, thus solving the need for an additional network for the SSL/TLS scheme The overhead that a round trip might cause.
第二、过程密钥。过程密钥属于对称密钥,由安全认证中心使用相关发布者客户端和订阅者客户端的消息密钥进行生成并交付给分发代理进行使用,用于对发布者客户端传输的密文消息进行二次加密,加密后的数据仍然为密文消息,最终可以由订阅者客户端使用其消息密钥直接进行解密得到原始消息。并且,分发代理无法仅从过程密钥反推出发布者或订阅者客户端的消息密钥。过程密钥是为了解决SSL/TLS方案中消息在代理端以明文形式进行存储处理的问题。Second, the process key. The process key is a symmetric key, which is generated by the security certification center using the message keys of the relevant publisher client and subscriber client and delivered to the distribution agent for use. Once encrypted, the encrypted data is still a ciphertext message, which can be directly decrypted by the subscriber client using its message key to obtain the original message. Also, the distribution agent cannot deduce the message key of the publisher or subscriber client from the process key alone. The process key is to solve the problem of storing and processing messages in clear text on the proxy side in the SSL/TLS scheme.
第三、独占公私钥。属于非对称密钥,由发布者客户端、订阅者客户端及安全认证中心生成,用于对发布者客户端、订阅者客户端使用的消息密钥进行加解密。独占公私钥主要用于解决无安全认证的方案在大量客户端存在时的消息密钥管控问题以及消息密钥的安全问题。Third, monopolize public and private keys. It belongs to an asymmetric key, which is generated by the publisher client, subscriber client and security certification center, and is used to encrypt and decrypt the message key used by the publisher client and subscriber client. Exclusive public and private keys are mainly used to solve the problem of message key control and the security of message keys when there are a large number of clients in the scheme without security authentication.
在本实施例中,过程密钥过程密钥procKeysrc-dest-T是通过发布者客户端和订阅者客户端的消息密钥encKeysrc、encKeydest共同生成,并且仅由分发代理进行使用,用于对发布者传输的消息密文进行二次加密,加密后的密文再由订阅者客户端进行解密即可得到原始消息内容。而消息密钥由发布者客户端、订阅者客户端及主题共同决定,随着客户端或主题的不同而不同。In this embodiment, the process key process key procKeysrc-dest-T is jointly generated by the message keys encKeysrc and encKeydest of the publisher client and the subscriber client, and is only used by the distribution agent for the publisher The transmitted message ciphertext is encrypted twice, and the encrypted ciphertext is then decrypted by the subscriber client to obtain the original message content. The message key is jointly determined by the publisher client, subscriber client, and topic, and varies with different clients or topics.
以异或加密为例,假设发布者客户端的消息密钥为“00011010”,订阅者客户端的消息 密钥为"00000100",那么生成的过程密钥即为两个消息密钥异或后的结果:"00011110"。假设需要加密的原文消息为“abc",那么发布者客户端在使用其消息密钥对其进行加密后产生的密文为:“{xy”,分发代理使用过程密钥对该密文进行二次加密后的结果为:“efg”,订阅者客户端使用其消息密钥对二次加密后的密文进行解密,最终得到消息原文:“abc”。Taking XOR encryption as an example, assuming that the message key of the publisher client is "00011010" and the message key of the subscriber client is "00000100", then the generated process key is the result of the XOR of the two message keys : "00011110". Assuming that the original text message to be encrypted is "abc", the ciphertext generated by the publisher client after encrypting it with its message key is: "{xy", and the distribution agent uses the process key to encrypt the ciphertext. The result after the second encryption is: "efg", the subscriber client uses its message key to decrypt the ciphertext after the second encryption, and finally obtains the original text of the message: "abc".
发布者客户端使用消息密钥对想要发布的消息进行加密并将密文发送给分发代理集群中的某个节点,订阅者客户端使用消息密钥对收到的转发消息直接进行解密得到原始的消息内容。而与客户端使用消息密钥对数据进行加解密这一点不同的是,分发代理使用过程密钥对消息密钥加密明文后生成的密文进行再次加密,并且还需要保证二次加密后的结果能够直接被订阅者客户端所解密得到原始消息,同时还需要保证分发代理无法仅通过过程密钥推导出明文,而一般的加解密密钥及对应加解密算法不能满足上述条件,故对过程密钥的生成及加密需要有一定的限制和要求。具体地,针对过程密钥的应用,具有以下优点:The publisher client uses the message key to encrypt the message to be published and sends the ciphertext to a node in the distribution agent cluster, and the subscriber client uses the message key to directly decrypt the received forwarded message to obtain the original message content. Unlike the client using the message key to encrypt and decrypt data, the distribution agent uses the process key to re-encrypt the ciphertext generated by encrypting the plaintext with the message key, and also needs to ensure the result of the second encryption It can be directly decrypted by the subscriber client to obtain the original message. At the same time, it is necessary to ensure that the distribution agent cannot derive the plaintext only through the process key, and the general encryption and decryption keys and corresponding encryption and decryption algorithms cannot meet the above conditions. Therefore, the process encryption The generation and encryption of the key need to have certain restrictions and requirements. Specifically, for the application of the process key, it has the following advantages:
从上述过程密钥的应用可知,数据在传输及存储处理两方面均具有安全性,并且不需要像SSL/TLS方案一样通过额外的握手流程来协商后续用于加密的对称密钥,客户端也不需要对大量的密钥进行管控。其具体可以理解为医学几点:第一,数据在传输的过程中都是加密的,并且明文和密文只能通过相关的加解密消息密钥才能进行加解密,在消息密钥未被泄露的前提下,数据传输的安全性得到了保证,也就不需要像SSL/TLS方案一样增加额外的握手流程以协商密钥;第二,分发代理只能对收到的密文消息进行二次加密处理而无法独立推导出解密密文的密钥信息,也就无法解密得到原始的消息,这保证了消息在存储处理方面的安全性;第三,对于任意主题T而言,不同客户端关于该主题的加解密密钥是独立且不同的,这也就保证了即使某个客户端和分发代理同时被入侵时也无法大规模泄露篡改所有的经过该分发代理的消息,也就保证了数据的安全性;第四,每个客户端需要发布或者解密某个主题上的消息时,使用的密钥由认证中心生成并管理,这也就解决了前面所提到的客户端管理密钥问题。最后,订阅者客户端收到二次加密的消息后能够对其进行解密得到原始消息,这也就保证了整个发布转发流程的完整性。From the application of the above-mentioned process key, it can be seen that the data is secure in both transmission and storage processing, and does not need to negotiate the subsequent symmetric key for encryption through an additional handshake process like the SSL/TLS scheme. There is no need to manage and control a large number of keys. Specifically, it can be understood as medical points: First, the data is encrypted during the transmission process, and the plaintext and ciphertext can only be encrypted and decrypted by the relevant encryption and decryption message key, and the message key is not leaked Under the premise, the security of data transmission is guaranteed, and there is no need to add an additional handshake process to negotiate keys like the SSL/TLS scheme; second, the distribution agent can only perform secondary The encryption process cannot independently derive the key information for decrypting the ciphertext, and the original message cannot be decrypted, which ensures the security of the message in storage and processing; third, for any topic T, different clients have different The encryption and decryption keys of this topic are independent and different, which ensures that even if a client and the distribution agent are invaded at the same time, it is impossible to leak and tamper with all the messages passing through the distribution agent on a large scale, which also ensures that the data Fourth, when each client needs to publish or decrypt a message on a certain topic, the key used is generated and managed by the certification center, which also solves the client management key problem mentioned above . Finally, after receiving the twice-encrypted message, the subscriber client can decrypt it to obtain the original message, which also ensures the integrity of the entire publishing and forwarding process.
在本实施例中,在使用了过程密钥进行二次加密后,可以解决在分发代理不可信的情况下可存在的大量明文消息泄露、被篡改等问题。但是还存在两个问题:第一个为安全认证中心的消息密钥管控的问题,第二个为消息密钥的安全问题。具体地,安全认证中心需要管控的消息密钥个数与发布者客户端、订阅者客户端数量成正比。在发布者客户端和订阅者客户端的数目较多的情况下,大量消息密钥的管控会对安全认证中心带来额外的负担,进一步地,可能会导致发布者客户端、订阅者客户端及分发代理和安全认证中心的网络通信产生较大的 延迟,最终导致消息的发布分发流程被滞后甚至瘫痪。消息密钥的安全问题同样不可忽略。若采用客户端请求消息密钥、安全认证中心生成并返回消息密钥的形式,那么消息密钥在传输方面的安全性就无法得到保证,攻击者在截获消息密钥之后可以跳过过程密钥,轻松地获取或篡改发布者想要发布的信息,这对于正常的发布分发流程会产生严重的影响。In this embodiment, after the process key is used for secondary encryption, problems such as leakage and tampering of a large number of plaintext messages that may exist in the case of an untrustworthy distribution agent can be solved. But there are still two problems: the first is the issue of the message key control of the security certification center, and the second is the security issue of the message key. Specifically, the number of message keys that the security authentication center needs to control is proportional to the number of publisher clients and subscriber clients. In the case of a large number of publisher clients and subscriber clients, the management and control of a large number of message keys will bring an additional burden to the security authentication center, and further, may cause publisher clients, subscriber clients and The network communication between the distribution agent and the security certification center has a large delay, which eventually leads to a delay or even paralysis of the message release and distribution process. The security issue of the message key cannot be ignored either. If the client requests the message key and the security authentication center generates and returns the message key, the security of the message key in transmission cannot be guaranteed, and the attacker can skip the process key after intercepting the message key , easily obtain or tamper with the information that the publisher wants to publish, which will have a serious impact on the normal publishing and distribution process.
因此,为了解决上述问题,本实施例通过使安全认证中心需要生成管控的消息密钥数目k*l*n,即与发布者无关,并且消息密钥的安全性得到了保证。在应用过程密钥的基础上,使用独占公私钥对消息密钥进行加解密。在引入独占公私钥后,处理内容也有所不同:Therefore, in order to solve the above-mentioned problem, this embodiment enables the security authentication center to generate and control the number of message keys k*l*n, that is, it has nothing to do with the issuer, and the security of the message key is guaranteed. On the basis of the application process key, the message key is encrypted and decrypted using the exclusive public and private key. After the introduction of exclusive public and private keys, the processing content is also different:
客户端拥有自己的公私钥,用于生成对加密的消息密钥进行加解密的独占公钥;The client has its own public and private keys, which are used to generate an exclusive public key for encrypting and decrypting the encrypted message key;
发布者客户端的消息密钥由自己生成并管理,而订阅者客户端的消息密钥则由安全认证中心生成;The message key of the publisher client is generated and managed by itself, while the message key of the subscriber client is generated by the security certification center;
安全认证中心管控以主题为粒度的公私钥,该公私钥用于生成对消息密钥进行加解密的独占私钥。The Security Certification Center manages public and private keys at the granularity of subjects, which are used to generate exclusive private keys for encrypting and decrypting message keys.
对于图2所示交互系统中每个终端,在工作也发生了一些变化:For each terminal in the interactive system shown in Figure 2, some changes have also taken place in the work:
发布者客户端不再向认证中心请求消息密钥而是自己生成。在给分发代理发送的数据分为两部分:通过消息密钥加密的消息,以及通过独占公钥加密的消息密钥;The publisher client no longer requests the message key from the certificate authority but generates it by itself. The data sent to the distribution agent is divided into two parts: the message encrypted by the message key, and the message key encrypted by the exclusive public key;
分发代理在请求过程密钥时,不仅需要带上相应的客户端信息,还需要带上发布者所发送的加密消息密钥。在转发数据给订阅者客户端时,不仅需要转发二次加密的密文,还需要带上安全认证中心返回的订阅者客户端的消息密钥;When the distribution agent requests the process key, it not only needs to bring the corresponding client information, but also needs to bring the encrypted message key sent by the publisher. When forwarding data to the subscriber client, not only need to forward the twice encrypted ciphertext, but also need to bring the message key of the subscriber client returned by the security authentication center;
安全认证中心在生成过程密钥前,首先需要使用独占私钥对分发代理传输过来的加密消息密钥进行解密得到发布者的消息密钥,然后随机生成订阅者客户端的消息密钥,并按照前述要求生成过程密钥。之后,使用相关的独占私钥进行对订阅者客户端的消息密钥进行加密,以防止分发代理得到未加密的消息密钥。最后将生成的过程密钥及加密的订阅者客户端密钥返回给分发代理;Before generating the process key, the security certification center first needs to use the exclusive private key to decrypt the encrypted message key transmitted by the distribution agent to obtain the publisher's message key, then randomly generate the message key of the subscriber client, and follow the above Request to generate a process key. After that, use the relevant exclusive private key to encrypt the message key of the subscriber client to prevent the distribution agent from obtaining the unencrypted message key. Finally, return the generated process key and encrypted subscriber client key to the distribution agent;
订阅者客户端用于对消息密文进行解密的消息密钥包含在分发代理转发而来的数据中。订阅者客户端首先使用独占公钥对消息密钥进行解密,然后再通过消息密钥解密密文得到原始消息。The message key used by the subscriber client to decrypt the message ciphertext is included in the data forwarded by the distribution agent. The subscriber client first uses the exclusive public key to decrypt the message key, and then uses the message key to decrypt the ciphertext to obtain the original message.
在本实施例中,在使用独占公私钥时,对于发布者客户端,独占公钥用于对消息密钥进行加密;对于订阅者客户端,独占私钥用于对消息密钥进行解密。其中,安全认证中心使用发布者客户端的独占私钥对发布者的消息密钥进行解密,以及使用订阅者客户端的独占公钥对订阅者客户端的消息密钥进行加密。具体地,在发布者客户端,通过使用发布者客户端的 私钥privKeysrc和对应主题的公钥pubbKeyT生成一个新的独占公钥pubKeysrc-T,该独占公钥用于对发布者客户端加密消息的消息密钥进行加密。认证中心生成过程密钥时,使用发布者客户端的公钥pubKeysrc及对应主题的私钥privKeyT生成与发布者客户端的独占公钥相对应的独占私钥,从而解密得到发布者客户端的加密消息密钥。In this embodiment, when an exclusive public and private key is used, for the publisher client, the exclusive public key is used to encrypt the message key; for the subscriber client, the exclusive private key is used to decrypt the message key. Wherein, the security authentication center uses the exclusive private key of the publisher client to decrypt the publisher's message key, and uses the exclusive public key of the subscriber client to encrypt the message key of the subscriber client. Specifically, on the publisher client, a new exclusive public key pubKeysrc-T is generated by using the private key privKeysrc of the publisher client and the public key pubbKeyT of the corresponding topic, and the exclusive public key is used to encrypt messages on the publisher client. The message key is encrypted. When the certification center generates the process key, it uses the public key pubKeysrc of the publisher client and the private key privKeyT of the corresponding topic to generate an exclusive private key corresponding to the exclusive public key of the publisher client, so as to decrypt and obtain the encrypted message key of the publisher client .
下面根据各个部分的通信流程来分析优化后的本发明实施例的安全性。The security of the optimized embodiment of the present invention is analyzed below according to the communication flow of each part.
第一、发布者客户端和分发代理之间的通信:First, the communication between the publisher client and the distribution agent:
发布者客户端和分发代理之间的通信流程是单向的,即从发布者客户端到分发代理,分析在各种攻击模式下此通信流程的安全性。The communication process between the publisher client and the distribution agent is one-way, that is, from the publisher client to the distribution agent, and the security of this communication process under various attack modes is analyzed.
窃听攻击:由于消息密钥由发布者客户端随机生成,故攻击者无法窃取加密密钥。传输过程中,密钥和消息都是经过加密处理的,攻击者只能获取到加密后的消息及消息密钥,无法得到消息的明文,也就无法对相应的消息进行窃听及外泄等操作。这也就保证了数据在传输时的安全性。Eavesdropping attack: Since the message key is randomly generated by the publisher client, the attacker cannot steal the encryption key. During the transmission process, both the key and the message are encrypted. The attacker can only obtain the encrypted message and the message key, but cannot obtain the plaintext of the message, and cannot eavesdrop or leak the corresponding message. . This also ensures the security of data during transmission.
中间人攻击:在生成了对应的密文及加密后的消息密钥之后相关的报文才会被发送到分发代理,在消息密钥未被泄露的前提下,中间人若想要实施攻击,需要先对消息密钥进行解密,这需要满足两个条件:1)窃取或破解得到发布者的私钥;2)通过独占公私钥的生成算法生成对应的独占公钥。可以看到,正常情况下这两点对于攻击者来说都是难以获取到的信息,故中间人难以实施攻击。Man-in-the-middle attack: After the corresponding ciphertext and encrypted message key are generated, the relevant message will be sent to the distribution agent. On the premise that the message key has not been leaked, if the man-in-the-middle wants to carry out an attack, it needs to first To decrypt the message key, two conditions need to be met: 1) steal or crack the publisher's private key; 2) generate the corresponding exclusive public key through the exclusive public and private key generation algorithm. It can be seen that under normal circumstances, these two points are difficult to obtain information for the attacker, so it is difficult for the middleman to carry out the attack.
分发代理不可信:假设分发代理集群中的某个节点被攻击者通过某种手段成功入侵,由于发布者传输到分发代理的消息都是经过加密的:消息体通过随机生成的消息密钥进行加密,并且该消息密钥会通过独占公钥进行加密。独占公钥加密后的数据只能由对应的独占私钥才能解密,而对应的独占私钥只有认证中心才能够计算推导而得到。故攻击者即使成功入侵了某个分发代理节点也无法获取相关消息的明文内容,这也就解决了分发代理不可信时可能出现的大量明文消息被泄露及篡改的问题,从而保证了数据在存储处理方面的安全性。The distribution agent is untrustworthy: Assume that a node in the distribution agent cluster is successfully invaded by an attacker through some means, because the messages transmitted from the publisher to the distribution agent are all encrypted: the message body is encrypted by a randomly generated message key , and the message key is encrypted with the exclusive public key. The data encrypted by the exclusive public key can only be decrypted by the corresponding exclusive private key, and the corresponding exclusive private key can only be calculated and derived by the certification center. Therefore, even if an attacker successfully invades a distribution agent node, he will not be able to obtain the plaintext content of the relevant messages, which solves the problem of leaking and tampering of a large number of plaintext messages that may occur when the distribution agent is untrustworthy, thereby ensuring that the data is stored Security in Handling.
第二、分发代理和认证中心之间的通信:Second, the communication between the distribution agent and the certification authority:
分发代理和认证中心之间的通信是双向的,两者之间主要是进行过程密钥的请求和响应过程,由于分发代理和认证中心并不存在物联网环境下的客户端的硬件限制如内存及计算能力限制等问题,故两者之间的通信完全可以通过现有的方案,即SSL/TLS协议方案来进行解决。由于使用了SSL/TLS协议方案,相应的窃听攻击、中间人攻击等一系列攻击手段也就无法生效了。另外,即使分发代理被入侵,由于整个通信过程中传输的数据都是加密的,攻击者也只能获取认证中心所返回的过程密钥及加密后的订阅者客户端的消息密钥:对于过程密 钥而言,发布者无法通过过程密钥单独推出发布者或者是订阅者客户端的加密密钥,故攻击者无法通过过程密钥来解密得到原始消息。而对于加密后的订阅者客户端的消息密钥而言,对其解密需要先得到订阅者客户端所生成的独占公钥,而该过程需要使用订阅者客户端的私钥,但订阅者客户端的私钥是其所独有的,这也就保证了数据在存储处理方面的安全性。The communication between the distribution agent and the certification center is two-way, and the process key request and response process is mainly carried out between the two. Since the distribution agent and the certification center do not have the hardware limitations of the client in the Internet of Things environment, such as memory and Computing capacity limitations and other issues, so the communication between the two can be solved through the existing solution, that is, the SSL/TLS protocol solution. Due to the use of the SSL/TLS protocol scheme, a series of attack methods such as corresponding eavesdropping attacks and man-in-the-middle attacks cannot take effect. In addition, even if the distribution agent is invaded, since the data transmitted during the entire communication process is encrypted, the attacker can only obtain the process key returned by the authentication center and the encrypted message key of the subscriber client: for the process key As far as the encryption key is concerned, the publisher cannot independently push out the encryption key of the publisher or subscriber client through the process key, so the attacker cannot decrypt the original message through the process key. For the encrypted message key of the subscriber client, its decryption needs to obtain the exclusive public key generated by the subscriber client first, and this process needs to use the private key of the subscriber client, but the private key of the subscriber client The key is unique to it, which also ensures the security of data storage and processing.
第三、分发代理和订阅者客户端之间的通信:Third, the communication between the distribution agent and the subscriber client:
分发代理和订阅者客户端之间的通信也是单向的,分发代理将密文及加密的消息密钥向相应订阅者客户端进行转发推送。The communication between the distribution agent and the subscriber client is also one-way, and the distribution agent forwards and pushes the ciphertext and the encrypted message key to the corresponding subscriber client.
下面分析该通信过程的安全性:The following analyzes the security of the communication process:
窃听攻击:传输过程中消息密钥和对应的密文都处于加密状态,攻击者无法单独根据密文反推出对应的明文,而只能先通过破解加密密钥的方式来间接得到明文内容。而消息密钥又通过相关的独占私钥进行加密,只有订阅者客户端才能计算推导得到对应的独占公钥。故攻击者无法在获取原始的明文消息内容,这也就保证了数据在传输时的安全性。Eavesdropping attack: The message key and the corresponding ciphertext are encrypted during the transmission process. The attacker cannot deduce the corresponding plaintext based on the ciphertext alone, but can only obtain the plaintext content indirectly by cracking the encryption key first. The message key is encrypted by the relevant exclusive private key, and only the subscriber client can calculate and derive the corresponding exclusive public key. Therefore, the attacker cannot obtain the original plaintext message content, which also ensures the security of the data during transmission.
中间人攻击:和发布者到分发代理的通信过程类似,在消息密钥未被泄露的情况下,中间人欲实施攻击需要满足两个条件:1)窃取或破解得到发布者的私钥;2)通过独占公钥的生成算法生成对应的独占公钥。这两点对于攻击者来说都是难以满足的,故中间人难以实施攻击。Man-in-the-middle attack: Similar to the communication process from the publisher to the distribution agent, if the message key is not leaked, the man-in-the-middle needs to meet two conditions to carry out the attack: 1) steal or crack the publisher’s private key; 2) pass The exclusive public key generation algorithm generates the corresponding exclusive public key. These two points are difficult for an attacker to satisfy, so it is difficult for a man-in-the-middle to carry out an attack.
分发代理不可信:和发布者类似,假设分发代理集群中的某个节点被攻击者通过某种手段成功入侵,由于分发代理准备转发到订阅者客户端的数据都处于加密状态:消息内容通过过程密钥进行了二次加密,订阅者客户端的消息密钥则通过独占私钥进行加密。该独占私钥加密后的数据只能由对应的独占公钥才能解密,而对应的独占公钥只有订阅者客户端才能够计算推导而得到。故攻击者即使成功入侵了某个分发代理节点也无法获取相关消息的明文内容,这也就解决了分发代理不可信时可能出现的大量明文消息被泄露及篡改的问题,从而保证了数据在存储处理方面的安全性。The distribution agent is untrustworthy: similar to the publisher, assuming that a node in the distribution agent cluster is successfully invaded by an attacker through some means, because the data that the distribution agent is going to forward to the subscriber client is in an encrypted state: the content of the message is encrypted through the process of encryption. The key is encrypted twice, and the message key of the subscriber client is encrypted with the exclusive private key. The data encrypted by the exclusive private key can only be decrypted by the corresponding exclusive public key, and the corresponding exclusive public key can only be calculated and derived by the subscriber client. Therefore, even if an attacker successfully invades a distribution agent node, he will not be able to obtain the plaintext content of the relevant messages, which solves the problem of leaking and tampering of a large number of plaintext messages that may occur when the distribution agent is untrustworthy, thereby ensuring that the data is stored Security in Handling.
综上所述,本发明实施例所提出的消息存储和安全认证分离式方案在理论上兼具安全性和有效性,并且改进了消息密钥的安全问题及管控问题。同时,所采用的MQTT协议在整体性能上要优于采用SSL/TLS的方案的MQTT协议,而相对于原始的MQTT协议而言,基于该改进方案的MQTT协议在性能指标与数据安全性两者间取得了较好的折中效果。In summary, the message storage and security authentication separation scheme proposed by the embodiment of the present invention is both safe and effective in theory, and improves the security and management of message keys. At the same time, the overall performance of the MQTT protocol adopted is better than that of the MQTT protocol using the SSL/TLS solution. Compared with the original MQTT protocol, the MQTT protocol based on the improved solution is better in both performance indicators and data security. A better compromise has been achieved.
本发明实施例提供了一种用于消息存储处理和安全认证的控制系统,包括:An embodiment of the present invention provides a control system for message storage processing and security authentication, including:
安全认证中心,用于根据消息密钥生成过程密钥;Security certification center, used to generate process key according to message key;
发布者客户端,用于采用所述消息密钥对原始消息进行加密,得到第一加密消息,将所 述第一加密消息传输到分布代理;The publisher client is used to encrypt the original message using the message key to obtain a first encrypted message, and transmit the first encrypted message to the distribution agent;
分布代理,用于从所述安全认证中心获取所述过程密钥,采用所述过程密钥对所述第一加密消息进行二次加密,得到第二加密消息;a distributed agent, configured to obtain the process key from the security certification center, and use the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
订阅者客户端,用于接收所述分布代理转发的所述第二加密消息,采用所述消息密钥对所述第二加密消息进行解密,得到原始消息。The subscriber client is configured to receive the second encrypted message forwarded by the distribution agent, and use the message key to decrypt the second encrypted message to obtain an original message.
本发明方法实施例的内容均适用于本系统实施例,本系统实施例所具体实现的功能与上述方法实施例相同,并且达到的有益效果与上述方法达到的有益效果也相同。The content of the method embodiment of the present invention is applicable to the system embodiment. The functions realized by the system embodiment are the same as those of the method embodiment above, and the beneficial effects achieved are also the same as those achieved by the above method.
本发明实施例提供了一种存储介质,其中存储有计算机可执行的程序,所述计算机可执行的程序被处理器执行时用于实现如图3所示的用于消息存储处理和安全认证的控制方法。An embodiment of the present invention provides a storage medium, in which a computer-executable program is stored, and when the computer-executable program is executed by a processor, it is used to implement the message storage processing and security authentication as shown in FIG. 3 Control Method.
本发明实施例还公开了一种计算机程序产品或计算机程序,该计算机程序产品或计算机程序包括计算机指令,该计算机指令存储在计算机可读存介质中。计算机设备的处理器可以从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该计算机设备执行图3所示的用于消息存储处理和安全认证的控制方法。The embodiment of the present invention also discloses a computer program product or computer program, where the computer program product or computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the computer device can read the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the control method for message storage processing and security authentication shown in FIG. 3 .
上面结合附图对本发明实施例作了详细说明,但是本发明不限于上述实施例,在所属技术领域普通技术人员所具备的知识范围内,还可以在不脱离本发明宗旨的前提下作出各种变化。此外,在不冲突的情况下,本发明的实施例及实施例中的特征可以相互组合。The embodiments of the present invention have been described in detail above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned embodiments, and within the scope of knowledge of those of ordinary skill in the art, various modifications can be made without departing from the spirit of the present invention. Variety. In addition, the embodiments of the present invention and the features in the embodiments can be combined with each other if there is no conflict.

Claims (10)

  1. 一种用于消息存储处理和安全认证的控制方法,其特征在于,包括以下步骤:A control method for message storage processing and security authentication, characterized in that it includes the following steps:
    安全认证中心根据消息密钥生成过程密钥;The security certification center generates a process key according to the message key;
    发布者客户端采用所述消息密钥对原始消息进行加密,得到第一加密消息,将所述第一加密消息传输到分布代理;The publisher client uses the message key to encrypt the original message to obtain a first encrypted message, and transmits the first encrypted message to the distribution agent;
    分布代理从所述安全认证中心获取所述过程密钥,采用所述过程密钥对所述第一加密消息进行二次加密,得到第二加密消息;The distributed agent obtains the process key from the security authentication center, and uses the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
    订阅者客户端接收所述分布代理转发的所述第二加密消息,采用所述消息密钥对所述第二加密消息进行解密,得到原始消息。The subscriber client receives the second encrypted message forwarded by the distribution agent, and uses the message key to decrypt the second encrypted message to obtain an original message.
  2. 根据权利要求1所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,通过所述安全认证中心生成主题消息的消息密钥,并对所述消息密钥进行管控。A control method for message storage processing and security authentication according to claim 1, characterized in that, the security authentication center generates a message key of a topic message, and manages and controls the message key.
  3. 根据权利要求1所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,当根据独占公私钥对所述消息密钥进行加密或解密时,通过发布者客户端生成并管理主题消息在发布者客户端的消息密钥,通过安全认证中心生成主题消息在订阅者客户端的消息密钥。A control method for message storage processing and security authentication according to claim 1, characterized in that, when the message key is encrypted or decrypted according to the exclusive public and private key, it is generated and managed by the publisher client The message key of the topic message in the publisher client, and the message key of the topic message in the subscriber client is generated by the security certification center.
  4. 根据权利要求3所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,所述消息密钥和所述过程密钥均为对称密钥;所述独占公私钥为非对称密钥。A control method for message storage processing and security authentication according to claim 3, wherein the message key and the process key are both symmetric keys; the exclusive public-private key is asymmetric key.
  5. 根据权利要求3所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,所述第一加密消息包括通过消息密钥进行加密的消息和通过独占公钥加密的消息密钥;所述第二加密消息包括过程密钥加密的消息和订阅者客户端的消息密钥。A control method for message storage processing and security authentication according to claim 3, wherein the first encrypted message includes a message encrypted by a message key and a message key encrypted by an exclusive public key ; The second encrypted message includes the message encrypted by the process key and the message key of the subscriber client.
  6. 根据权利要求5所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,所述分布代理通过客户端信息和独占公钥加密的消息密钥向所述安全认证中心请求过程密钥,所述客户端信息包括订阅者客户端信息和发布者客户端信息。A control method for message storage processing and security authentication according to claim 5, characterized in that, the distributed agent requests a process from the security authentication center through the message key encrypted by the client information and the exclusive public key Key, the client information includes subscriber client information and publisher client information.
  7. 根据权利要求6所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,所述安全认证中心在生成过程密钥前,通过独占私钥对分布代理发送的独占公钥加密后的消息密钥进行解密,得到发布者客户端的消息密钥,根据发布者客户端的消息密钥随机生成订阅者客户端的消息密钥,通过独占私钥对所述订阅者客户端的消息密钥进行加密。A control method for message storage processing and security authentication according to claim 6, wherein the security authentication center encrypts the exclusive public key sent by the distributed agent with the exclusive private key before generating the process key The final message key is decrypted to obtain the message key of the publisher client, and the message key of the subscriber client is randomly generated according to the message key of the publisher client, and the message key of the subscriber client is encrypted by the exclusive private key. encryption.
  8. 根据权利要求7所述的一种用于消息存储处理和安全认证的控制方法,其特征在于,所述订阅者客户端通过独占公钥对通过独占私钥加密后的消息密钥进行解密,通过解密后的消息密钥对所述第二加密消息中的过程密钥加密的消息进行解密,得到原始消息。A control method for message storage processing and security authentication according to claim 7, wherein the subscriber client uses the exclusive public key to decrypt the message key encrypted by the exclusive private key, and The decrypted message key decrypts the message encrypted by the process key in the second encrypted message to obtain the original message.
  9. 一种用于消息存储处理和安全认证的控制系统,其特征在于,包括:A control system for message storage processing and security authentication, characterized in that it includes:
    安全认证中心,用于根据消息密钥生成过程密钥;Security certification center, used to generate process key according to message key;
    发布者客户端,用于采用所述消息密钥对原始消息进行加密,得到第一加密消息,将所述第一加密消息传输到分布代理;The publisher client is configured to use the message key to encrypt the original message to obtain a first encrypted message, and transmit the first encrypted message to the distribution agent;
    分布代理,用于从所述安全认证中心获取所述过程密钥,采用所述过程密钥对所述第一加密消息进行二次加密,得到第二加密消息;a distributed agent, configured to obtain the process key from the security certification center, and use the process key to encrypt the first encrypted message twice to obtain a second encrypted message;
    订阅者客户端,用于接收所述分布代理转发的所述第二加密消息,采用所述消息密钥对所述第二加密消息进行解密,得到原始消息。The subscriber client is configured to receive the second encrypted message forwarded by the distribution agent, and use the message key to decrypt the second encrypted message to obtain an original message.
  10. 一种存储介质,其特征在于,其中存储有计算机可执行的程序,所述计算机可执行的程序被处理器执行时用于实现如权利要求1-8任一项所述的用于消息存储处理和安全认证的控制方法。A storage medium, characterized in that a computer-executable program is stored therein, and when the computer-executable program is executed by a processor, it is used to implement the message storage process according to any one of claims 1-8 and security authentication control methods.
PCT/CN2021/140521 2021-12-08 2021-12-22 Control method and system for message storage processing and security authentication, and medium WO2023103099A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111492414.7A CN114386054A (en) 2021-12-08 2021-12-08 Control method, system and medium for message storage processing and security authentication
CN202111492414.7 2021-12-08

Publications (1)

Publication Number Publication Date
WO2023103099A1 true WO2023103099A1 (en) 2023-06-15

Family

ID=81195867

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/140521 WO2023103099A1 (en) 2021-12-08 2021-12-22 Control method and system for message storage processing and security authentication, and medium

Country Status (2)

Country Link
CN (1) CN114386054A (en)
WO (1) WO2023103099A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140372748A1 (en) * 2013-06-18 2014-12-18 International Business Machines Corporation Topic protection policy for publish-subscribe messaging system
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
US20150271153A1 (en) * 2012-07-10 2015-09-24 Kurt Ryan Rohloff Information management using proxy re-encryption
CN106790259A (en) * 2017-01-25 2017-05-31 国家电网公司 A kind of asymmetric across cryptographic system re-encryption, decryption method and system
CN108259169A (en) * 2018-01-09 2018-07-06 北京大学深圳研究生院 A kind of file security sharing method and system based on block chain cloud storage
CN110572370A (en) * 2019-08-16 2019-12-13 湖北工业大学 Agent re-encryption system and method for resisting quantum attack

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150271153A1 (en) * 2012-07-10 2015-09-24 Kurt Ryan Rohloff Information management using proxy re-encryption
US20140372748A1 (en) * 2013-06-18 2014-12-18 International Business Machines Corporation Topic protection policy for publish-subscribe messaging system
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN106790259A (en) * 2017-01-25 2017-05-31 国家电网公司 A kind of asymmetric across cryptographic system re-encryption, decryption method and system
CN108259169A (en) * 2018-01-09 2018-07-06 北京大学深圳研究生院 A kind of file security sharing method and system based on block chain cloud storage
CN110572370A (en) * 2019-08-16 2019-12-13 湖北工业大学 Agent re-encryption system and method for resisting quantum attack

Also Published As

Publication number Publication date
CN114386054A (en) 2022-04-22

Similar Documents

Publication Publication Date Title
US11044083B2 (en) Secure session capability using public-key cryptography without access to the private key
US10594496B2 (en) Secure session capability using public-key cryptography without access to the private key
US11483292B2 (en) Engagement and disengagement of transport layer security proxy services with encrypted handshaking
US9680807B2 (en) Secure session capability using public-key cryptography without access to the private key
Li et al. iTLS: Lightweight transport-layer security protocol for IoT with minimal latency and perfect forward secrecy
US20070074282A1 (en) Distributed SSL processing
US11595203B2 (en) Systems and methods for encrypted content management
CN111756529B (en) Quantum session key distribution method and system
US11218317B1 (en) Secure enclave implementation of proxied cryptographic keys
JP2020532177A (en) Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission
EP4096160A1 (en) Shared secret implementation of proxied cryptographic keys
CN115766066A (en) Data transmission method, device, safety communication system and storage medium
Alwazzeh et al. Man in The Middle Attacks Against SSL/TLS: Mitigation and Defeat.
Lee et al. Authentication system for stateless RESTful Web service
CN115766119A (en) Communication method, communication apparatus, communication system, and storage medium
WO2023103099A1 (en) Control method and system for message storage processing and security authentication, and medium
US20230041783A1 (en) Provision of digital content via a communication network
CN116668184A (en) Message storage processing and security authentication separated MQTT protocol improvement scheme
Alwazzeh et al. 1.1 Open system interconnection (OSI) reference model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21967011

Country of ref document: EP

Kind code of ref document: A1