CN101364866A - Entity secret talk establishing system based on multiple key distribution centers and method therefor - Google Patents

Entity secret talk establishing system based on multiple key distribution centers and method therefor Download PDF

Info

Publication number
CN101364866A
CN101364866A CNA2008101510858A CN200810151085A CN101364866A CN 101364866 A CN101364866 A CN 101364866A CN A2008101510858 A CNA2008101510858 A CN A2008101510858A CN 200810151085 A CN200810151085 A CN 200810151085A CN 101364866 A CN101364866 A CN 101364866A
Authority
CN
China
Prior art keywords
key distribution
key
distribution center
communication entity
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2008101510858A
Other languages
Chinese (zh)
Other versions
CN101364866B (en
Inventor
铁满霞
曹军
赖晓龙
黄振海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN2008101510858A priority Critical patent/CN101364866B/en
Publication of CN101364866A publication Critical patent/CN101364866A/en
Application granted granted Critical
Publication of CN101364866B publication Critical patent/CN101364866B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention relates to a system for establishing private communication of entities based on a plurality of key distribution centers and the method thereof. The system comprises a first network and a second network, wherein the first network includes first communication entities A1, A2, ellipsis, Am, a first load-bearing apparatus C1 and a first key distribution center KDC1; the second network includes second communication entities B1, B2, ellipsis, Bn, a second load-bearing apparatus KDC2, and a second key distribution center KDC1; the first key distribution center KDC1 is connected with the second key distribution center KDC2; the first key distribution center KDC1 is connected with the first communication entities A1, A2, ellipsis Am through the first load-bearing apparatus C1; and the second key distribution center KDC2 is connected with the second communication entities B1, B2, ellipsis, Bn through the second load-bearing apparatus. The system and the method thereof can achieve private communication between entities in different networks, and can distribute communication keys to each entity. Due to the PFS attribute of the keys, the complexity in managing the system keys is reduced.

Description

A kind of entity secret talk establishing system and method thereof based on a plurality of key distribution centers
Technical field
The present invention relates to a kind of entity secret talk establishing system and method thereof based on a plurality of key distribution centers.
Background technology
When needing to carry out secure communication between the communication network entity, key management is one of key technology wherein.Mininet can adopt the method for the shared key of every couple of user, but infeasible in catenet.System with N user for realizing the secure communication between any two users, then needs to generate and distributes N (N-1)/2 key could guarantee the secure communication between two users arbitrarily in the network.Along with the increase of system scale, complexity increases severely, for the network that N is 1000, with regard to about 500,000 keys of needs distribute, storage etc.In order to reduce complexity, usually adopt centralization key management mode, realize as key distribution center KDC (Key Distribution Center) or key transmission center KTC (Key Transportation Center) by a reliable online server, Fig. 1-4 provides common several fundamental modes, and wherein k is the communication session keys between the first communication entity A and the second communication entity B.
Among Fig. 1, the key that the first communication entity A uses to key distribution center request distribution and second communication entity B signal post, then key distribution center generates k and passes to the first communication entity A and second communication entity B respectively, and this transmittance process utilizes the wildcard of key distribution center and A and key distribution center and B to encrypt respectively and realizes; Among Fig. 2, the key that the first communication entity A uses to key distribution center request distribution and second communication entity B signal post, then key distribution center generates k and passes to the first communication entity A, and pass on to the second communication entity B by A, this biography (commentaries on classics) process of passing is utilized the wildcard of key distribution center and A and key distribution center and B to encrypt respectively and is realized.
Among Fig. 3, the first communication entity A will send key transmission center with the communication key k of second communication entity B to, key transmission center passes to the second communication entity B again, and this transmittance process utilizes the wildcard of key transmission center and A and key transmission center and B to encrypt respectively and realizes; Among Fig. 4, the first communication entity A will send key transmission center with the communication key k of second communication entity B to, pass on to the second communication entity B by A at key transmission center again, and this biography (commentaries on classics) process of passing is utilized the wildcard of key transmission center and A and key transmission center and B to encrypt respectively and realized.
Owing to have key distribution center or key transmission center to participate in, can realize using when every pair of entity is communicated by letter at every turn a fresh communication key, but each user need preserve the secret managing keys that a longer-term of sharing with key distribution center or key transmission center uses, and for key distribution center and key transmission center, not only need the huge secret managing keys of stored number, and bear bigger security risk, to directly threaten the safety of whole system because in a single day it go wrong, moreover above-mentioned these method for distributing key all do not have a key improve forward secrecy PFS (Perfect Forward Secrecy).
When particularly the entity of setting up confidential corespondence when two needs belongs to different KMCs, for example belong to different (China Mobile of operator, CHINAUNICOM, China Telecom etc.) and each operator has the KMC of oneself separately, or belong to different communication network (CDMA, GSM network etc.) and every kind of communication network has the KMC of oneself separately, although perhaps be in an a kind of/network together, but network size is deployed with a plurality of KMCs when big, also need to realize managing this moment to communication entity, can run etc., therefore be badly in need of a kind of based on the encrypted word method for building up between the entity of a plurality of KMCs.
Summary of the invention
The present invention is for solving the above-mentioned technical problem that exists in the background technology, differentiate TePA (Tri-element Peer Authentication) principle based on the ternary equity, utilize the dense sign indicating number of PKI technology, and a kind of secret talk establishing system and method are proposed, this system has not only realized the confidential corespondence between the entity in the heterogeneous networks, and be every pair of entity dispatch communication key safely, make key have the PFS attribute, reduce the system key management complexity.
Technical solution of the present invention is: the present invention is a kind of entity secret talk establishing system based on a plurality of key distribution centers, its special character is: this system comprises first network and second network, first network comprises the first communication entity A1, A2, ..., Am, the first load bearing equipment C1, the first key distribution center KDC1, second network comprises second communication entity B 1, B2 ..., Bn, the second load bearing equipment C2, the second key distribution center KDC2, the described first key distribution center KDC1 and the second key distribution center KDC2 join, and the first key distribution center KDC1 is by the first load bearing equipment C1 and the first communication entity A1, A2, ..., Am joins, and the second key distribution center KDC2 is by the second load bearing equipment C2 and second communication entity B 1, B2, ..., Bn joins.
This system also comprises database D B, and database D B joins with the first key distribution center KDC1 and the second key distribution center KDC2 respectively.
Above-mentioned database D B comprises the first database D B1 and the second database D B2, and the first database D B1 and the first key distribution center KDC1 join, and the second database D B2 and the second key distribution center KDC2 join.
The above-mentioned first load bearing equipment C1 and the second load bearing equipment C2 are that note system, global system for mobile communications GSM (Global System for Mobile), code division multiple access insert CDMA (Code Division MultipleAccess) system, common exchanging telephone network PSTN (Public Switched Telephone Network) or internet (internet).
A kind of entity secret talk method for building up of the entity secret talk establishing system based on above-mentioned a plurality of key distribution centers, its special character is: KDC2 has a pair of public private key pair x and Px respectively in the first key distribution center KDC1 and second encryption key distribution, y and Py, the first communication entity A1, A2, ..., Am should obtain the PKI Px of the first key distribution center KDC1 in advance before communication, second communication entity B 1, B2, ..., Bn should obtain the PKI Py of the second key distribution center KDC2 in advance before communication, and carry out this locality respectively and store, when arbitrary first communication entity Ai and arbitrary second communication entity B j need carry out secure communication, obtain communication session keys by following method for distributing key:
1) the first communication entity Ai produces a pair of interim public private key pair a and Pa, send secret key request message by the first load bearing equipment C1 to the first key distribution center KDC1, this secret key request message comprises the sign of interim PKI Pa and the second communication entity B j of the first communication entity Ai;
2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, inquire about the first communication entity Ai to the first database D B1 and whether registered security services, if, then the first key distribution center KDC1 produces a random number, communication session keys k as the first communication entity Ai and second communication entity B j, send the encrypted word notification request message to the second key distribution center KDC2, this encrypted word notification request message comprises the sign of communication session keys k and second communication entity B j; If not then the first key distribution center KDC1 returns the encrypted word failed message to the first communication entity Ai;
3) after the second key distribution center KDC2 receives the encrypted word notification request message, whether j has registered security services to second database D B2 inquiry second communication entity B, if then the second key distribution center KDC2 sends the encrypted word request message by the second load bearing equipment C2 to second communication entity B j; If not then the second key distribution center KDC2 returns the encrypted word failed message to the first key distribution center KDC1, the first key distribution center KDC1 returns to this message the first communication entity Ai again;
4) after second communication entity B j receives the encrypted word request message, produce a pair of interim public private key pair b and Pb, send secret key request message by the second load bearing equipment C2 to the second key distribution center KDC2, this secret key request message comprises the interim PKI Pb of second communication entity B j;
5) after the second key distribution center KDC2 receives the secret key request message of the second communication entity B j that second load bearing equipment C2 transmission comes, utilize behind the interim PKI Pb encrypted communication session key k of second communication entity B j and utilize the private key y of the second key distribution center KDC2 to calculate its signature, constitute key response message and return to second communication entity B j by the second load bearing equipment C2; The second key distribution center KDC2 returns encrypted word push-notification-answer message to the first key distribution center KDC1 simultaneously;
6) after the first key distribution center KDC1 receives encrypted word push-notification-answer message, utilize behind the interim PKI Pa encrypted communication session key k of the first communication entity Ai and utilize the private key x of the first key distribution center KDC1 to calculate its signature, constitute key response message and return to the first communication entity Ai by the first load bearing equipment C1;
7) after the first communication entity Ai receives the next key response message of first load bearing equipment C1 transmission, utilize the PKI Px of the first key distribution center KDC1 of local storage to carry out signature verification, after checking is passed through, utilize the private key a deciphering of the first communication entity Ai to obtain communication session keys k again; If the first communication entity Ai receives the encrypted word failed message that the next key distribution center KDC1 of first load bearing equipment C1 transmission sends, then this secure communication failure;
8) after second communication entity B j receives the next key response message of second load bearing equipment C2 transmission, utilize the PKI Py of the second key distribution center KDC2 of local storage to carry out signature verification, after checking is passed through, utilize the private key b deciphering of second communication entity B j to obtain communication session keys k again;
9) the first communication entity Ai and second communication entity B j use communication session keys k to carry out secure communication as session key then.
A kind of entity secret talk method for building up of the entity secret talk establishing system based on above-mentioned a plurality of key distribution centers, its special character is: KDC2 has a pair of public private key pair x and Px respectively in the first key distribution center KDC1 and second encryption key distribution, y and Py, the first communication entity A1, A2, ..., Am should obtain the PKI Px of the first key distribution center KDC1 in advance before communication, second communication entity B 1, B2, ..., Bn should obtain the PKI Py of the second key distribution center KDC2 in advance before communication, and carry out this locality respectively and store, when arbitrary first communication entity Ai and arbitrary second communication entity B j need carry out secure communication, obtain communication session keys by following method for distributing key:
1) the first communication entity Ai produces a pair of interim public private key pair a and Pa, send secret key request message by the first load bearing equipment C1 to the first key distribution center KDC1, this secret key request message comprises the sign of interim PKI Pa and the second communication entity B j of the first communication entity Ai;
2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, inquire about the first communication entity Ai to the first database D B1 and whether registered security services, if, then the first key distribution center KDC1 produces a random number, part information data k1 as the communication session keys k of the first communication entity Ai and second communication entity B j, send the encrypted word notification request message to the second key distribution center KDC2, this encrypted word notification request message comprises the sign of data k1 and second communication entity B j; If not then the first key distribution center KDC1 returns the encrypted word failed message to the first communication entity Ai;
3) after the second key distribution center KDC2 receives the encrypted word notification request message, whether j has registered security services to second database D B2 inquiry second communication entity B, if then the second key distribution center KDC2 sends the encrypted word request message by the second load bearing equipment C2 to second communication entity B j; If not then the second key distribution center KDC2 returns the encrypted word failed message to the first key distribution center KDC1, the first key distribution center KDC1 returns to this message the first communication entity Ai again;
4) after second communication entity B j receives the encrypted word request message, produce a pair of interim public private key pair b and Pb, send secret key request message by the second load bearing equipment C2 to the second key distribution center KDC2, this secret key request message comprises the interim PKI Pb of second communication entity B j;
5) after the second key distribution center KDC2 receives the secret key request message of the second communication entity B j that second load bearing equipment C2 transmission comes, produce a random number, another part data k2 as the communication session keys k of the first communication entity Ai and second communication entity B j, k1 and k2 are calculated the communication session keys k of the first communication entity Ai and second communication entity B j, utilize behind the interim PKI Pb encrypted communication session key k of second communication entity B j and utilize the private key y of the second key distribution center KDC2 to calculate its signature, constitute key response message and return to second communication entity B j by the second load bearing equipment C2; The second key distribution center KDC2 returns encrypted word push-notification-answer message to the first key distribution center KDC1 simultaneously, and this encrypted word notification response message contains data k2;
6) after the first key distribution center KDC1 receives encrypted word push-notification-answer message, k1 and k2 are calculated the communication session keys k of the first communication entity Ai and second communication entity B j, utilize behind the interim PKI Pa encrypted communication session key k of the first communication entity Ai and utilize the private key x of the first key distribution center KDC1 to calculate its signature, constitute key response message and return to the first communication entity Ai by the first load bearing equipment C1;
7) after the first communication entity Ai receives the next key response message of first load bearing equipment C1 transmission, utilize the PKI Px of the first key distribution center KDC1 of local storage to carry out signature verification, after checking is passed through, utilize the private key a deciphering of the first communication entity Ai to obtain communication session keys k again; If the first communication entity Ai receives the encrypted word failed message that the next key distribution center KDC1 of first load bearing equipment C1 transmission sends, then this secure communication failure;
8) after second communication entity B j receives the next key response message of second load bearing equipment C2 transmission, utilize the PKI Py of the second key distribution center KDC2 of local storage to carry out signature verification, after checking is passed through, utilize the private key b deciphering of second communication entity B j to obtain communication session keys k again;
9) the first communication entity Ai and second communication entity B j use communication session keys k to carry out secure communication as session key then.
When the first key distribution center KDC1 and the second key distribution center KDC2 share same database D B, promptly the first database D B1 and the second database D B2 unite two into one or the two between have communications conduit, in the entity secret talk method for building up of then above-mentioned entity secret talk establishing system based on a plurality of key distribution centers, above-mentioned steps 2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes in, to database D B inquiry or to the first database D B1 with the second database D B2 inquires about the first communication entity Ai and whether second communication entity B j has all registered security services, if, then send the encrypted word notification request message, otherwise return the encrypted word failed message to the first communication entity Ai to the second key distribution center KDC2; While above-mentioned steps 3) saves the second key distribution center KDC2 and whether registered security services to second database D B2 inquiry second communication entity B j, after promptly the second key distribution center KDC2 receives the encrypted word notification request message, directly send the encrypted word request message to second communication entity B j by the second load bearing equipment C1.
Above-mentioned first communication entity Ai and second communication entity B j all need not store interim public private key pair separately, it can be deleted in good time, when treating next time beginning secure communication or when needing to upgrade communication session keys in the secure communication process, the interim public private key pair of regeneration obtains new session key again.
Above-mentioned secret key request message and key response message parameter safe to carry are finished the negotiation and the announcement of cryptographic algorithm, mode of operation, running parameter.
The present invention is based on the ternary equity and differentiate (TePA) principle, adopt public key cryptography technology, based on the entity distributed key of a plurality of key distribution center KDC for needing to communicate by letter, realized communication key secure distribution, dynamically update, and has a perfect forward secrecy PFS, solved that conventional method key distribution center KDC need manage a large amount of keys, the user need store long-term secret keys and communication key does not possess problems such as forward secrecy, ensured in heterogeneous networks based on the confidential corespondence between the entity of a plurality of key distribution centers.The present invention can be applicable to mobile communication network, also can be applicable to other communication systems.
Description of drawings
Fig. 1-4 is traditional method for distributing key schematic diagram based on key distribution center or key transmission center;
Fig. 5 is entity secret talk establishing system embodiment one schematic diagram based on a plurality of key distribution centers of the present invention;
Fig. 6 is the entity secret talk method for building up schematic diagram based on a plurality of key distribution centers of the present invention;
Fig. 7 is entity secret talk establishing system embodiment two schematic diagrames based on a plurality of key distribution centers of the present invention.
Embodiment
Referring to Fig. 5, entity secret talk establishing system based on a plurality of key distribution centers of the present invention comprises first network and second network, first network can be two kinds of different networks with second network, as China Mobile network and CHINAUNICOM's network, also can be with two networks under a kind of network, as two subnets under the China Mobile network, wherein comprise the first communication entity A1 in first network, A2, ..., Am, the first load bearing equipment C1, the first key distribution center KDC1, the first database D B (Data Base) 1, comprise second communication entity B 1 in second network, B2 ..., Bn, the second load bearing equipment C2, the second key distribution center KDC2, the second database D B (Data Base) 2.Wherein the first load bearing equipment C1 and the second load bearing equipment C2 are used for carrying or passing on the message of encryption key distribution process, it can be a note system, global system for mobile communications GSM (Global System for Mobile), code division multiple access inserts CDMA (Code Division MultipleAccess) system, common exchanging telephone network PSTN (Public Switched Telephone Network) or internet (internet) etc., whether communication entity has registered security services in the network of the first database D B1 and second database D B2 storage correspondence, the first communication entity Ai (i=1,2, ..., m) and second communication entity B j (j=1,2, ..., n) might register security services, might not have.
Referring to Fig. 6, based on this system, the entity secret talk method for building up based on a plurality of key distribution centers of the present invention, step is as follows:
KDC2 has a pair of public private key pair x and Px, y and Py respectively in the first key distribution center KDC1 and second encryption key distribution, the first communication entity A1, A2, ..., Am should obtain the PKI Px of the first key distribution center KDC1 in advance before communication, second communication entity B 1, B2, ..., Bn should obtain the PKI Py of the second key distribution center KDC2 in advance before communication, and carry out this locality storage respectively, when arbitrary first communication entity Ai and arbitrary second communication entity B j need carry out secure communication, obtain communication session keys by following method for distributing key:
1) the first communication entity Ai produces a pair of interim public private key pair a and Pa, send secret key request message by the first load bearing equipment C1 to the first key distribution center KDC1, this secret key request message comprises the sign of interim PKI Pa and the second communication entity B j of the first communication entity Ai;
2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, inquire about the first communication entity Ai to the first database D B1 and whether registered security services, if, then the first key distribution center KDC1 produces a random number, communication session keys k as the first communication entity Ai and second communication entity B j, send the encrypted word notification request message to the second key distribution center KDC2, this encrypted word notification request message comprises the sign of communication session keys k and second communication entity B j; If not then the first key distribution center KDC1 returns the encrypted word failed message to the first communication entity Ai;
3) after the second key distribution center KDC2 receives the encrypted word notification request message, whether j has registered security services to second database D B2 inquiry second communication entity B, if then the second key distribution center KDC2 sends the encrypted word request message by the second load bearing equipment C2 to second communication entity B j; If not then the second key distribution center KDC2 returns the encrypted word failed message to the first key distribution center KDC1, the first key distribution center KDC1 returns to this message the first communication entity Ai again;
4) after second communication entity B j receives the encrypted word request message, produce a pair of interim public private key pair b and Pb, send secret key request message by the second load bearing equipment C2 to the second key distribution center KDC2, this secret key request message comprises the interim PKI Pb of second communication entity B j;
5) after the second key distribution center KDC2 receives the secret key request message of the second communication entity B j that second load bearing equipment C2 transmission comes, utilize behind the interim PKI Pb encrypted communication session key k of second communication entity B j and utilize the private key y of the second key distribution center KDC2 to calculate its signature, constitute key response message and return to second communication entity B j by the second load bearing equipment C2; The second key distribution center KDC2 returns encrypted word push-notification-answer message to the first key distribution center KDC1 simultaneously;
6) after the first key distribution center KDC1 receives encrypted word push-notification-answer message, utilize behind the interim PKI Pa encrypted communication session key k of the first communication entity Ai and utilize the private key x of the first key distribution center KDC1 to calculate its signature, constitute key response message and return to the first communication entity Ai by the first load bearing equipment C1;
7) after the first communication entity Ai receives the next key response message of first load bearing equipment C1 transmission, utilize the PKI Px of the first key distribution center KDC1 of local storage to carry out signature verification, after checking is passed through, utilize the private key a deciphering of the first communication entity Ai to obtain communication session keys k again; If the first communication entity Ai receives the encrypted word failed message that the next key distribution center KDC1 of first load bearing equipment C1 transmission sends, then this secure communication failure;
8) after second communication entity B j receives the next key response message of second load bearing equipment C2 transmission, utilize the PKI Py of the second key distribution center KDC2 of local storage to carry out signature verification, after checking is passed through, utilize the private key b deciphering of second communication entity B j to obtain communication session keys k again;
9) the first communication entity Ai and second communication entity B j use communication session keys k to carry out secure communication as session key then.
Wherein, the first communication entity Ai and second communication entity B j all need not store interim public private key pair separately, it can be deleted in good time, when treating next time beginning secure communication or when in the secure communication process, needing to upgrade communication session keys, again the interim public private key pair of regeneration, KDC sends secret key request message to key distribution center, repeats above-mentioned steps, obtains new session key.
Secret key request message and key response message portability security parameter are finished the negotiation and the announcement of cryptographic algorithm, mode of operation, running parameter etc.
Should passage safe in utilization between key distribution center KDC1 and the KDC2 transmit encrypted word notification request message and encrypted word push-notification-answer message, the foundation of this escape way or be deployed in this and do not define.
Communication session keys k can also be produced jointly by the first key distribution center KDC1 and the second key distribution center KDC2, is about to above-mentioned steps 2), 5) and 6) be adjusted into respectively:
2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, inquire about the first communication entity Ai to the first database D B1 and whether registered security services, if, then the first key distribution center KDC1 produces a random number, part information data k1 as the communication session keys k of the first communication entity Ai and second communication entity B j, send the encrypted word notification request message to the second key distribution center KDC2, this encrypted word notification request message comprises the sign of data k1 and second communication entity B j; If not then the first key distribution center KDC1 returns the encrypted word failed message to the first communication entity Ai;
5) after the second key distribution center KDC2 receives the secret key request message of the second communication entity B j that second load bearing equipment C2 transmission comes, produce a random number, another part data k2 as the communication session keys k of the first communication entity Ai and second communication entity B j, k1 and k2 are calculated the communication session keys k of the first communication entity Ai and second communication entity B j, utilize behind the interim PKI Pb encrypted communication session key k of second communication entity B j and utilize the private key y of the second key distribution center KDC2 to calculate its signature, constitute key response message and return to second communication entity B j by the second load bearing equipment C2; The second key distribution center KDC2 returns encrypted word push-notification-answer message to the first key distribution center KDC1 simultaneously, and this encrypted word notification response message contains data k2;
6) after the first key distribution center KDC1 receives encrypted word push-notification-answer message, k1 and k2 are calculated the communication session keys k of the first communication entity Ai and second communication entity B j, utilize behind the interim PKI Pa encrypted communication session key k of the first communication entity Ai and utilize the private key x of the first key distribution center KDC1 to calculate its signature, constitute key response message and return to the first communication entity Ai by the first load bearing equipment C1.
Referring to Fig. 7, when the first key distribution center KDC1 and the second key distribution center KDC2 share same database D B, promptly the first database D B1 and the second database D B2 unite two into one or the two between have communications conduit, then above-mentioned steps 2) in after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, to database D B inquiry or to the first database D B1 with the second database D B2 inquires about the first communication entity Ai and whether second communication entity B j has all registered security services, if, then send the encrypted word notification request message, otherwise return the encrypted word failed message to the first communication entity Ai to the second key distribution center KDC2; Step 3) is saved the second key distribution center KDC2 and whether has been registered security services to second database D B2 inquiry second communication entity B j simultaneously, after promptly the second key distribution center KDC2 receives the encrypted word notification request message, directly send the encrypted word request message to second communication entity B j by the second load bearing equipment C1.

Claims (9)

1. entity secret talk establishing system based on a plurality of key distribution centers, it is characterized in that: this system comprises first network and second network, described first network comprises the first communication entity A1, A2, ..., Am, the first load bearing equipment C1, the first key distribution center KDC1, described second network comprises second communication entity B 1, B2 ..., Bn, the second load bearing equipment C2, the second key distribution center KDC2, the described first key distribution center KDC1 and the second key distribution center KDC2 join, and the described first key distribution center KDC1 is by the first load bearing equipment C1 and the first communication entity A1, A2, ..., Am joins, and the described second key distribution center KDC2 is by the second load bearing equipment C2 and second communication entity B 1, B2, ..., Bn joins.
2. the entity secret talk establishing system based on a plurality of key distribution centers according to claim 1 is characterized in that: this system also comprises database D B, and described database D B joins with the first key distribution center KDC1 and the second key distribution center KDC2 respectively.
3. the entity secret talk establishing system based on a plurality of key distribution centers according to claim 2, it is characterized in that: described database D B comprises the first database D B1 and the second database D B2, the described first database D B1 and the first key distribution center KDC1 join, and the described second database D B2 and the second key distribution center KDC2 join.
4. according to claim 1 or 2 or 3 described entity secret talk establishing systems based on a plurality of key distribution centers, it is characterized in that: the described first load bearing equipment C1 and the second load bearing equipment C2 are note system, global system for mobile communications GSM, code division multiple access access cdma system, common exchanging telephone network PSTN or internet.
5. entity secret talk method for building up based on the entity secret talk establishing system of the described a plurality of key distribution centers of claim 1, it is characterized in that: KDC2 has a pair of public private key pair x and Px respectively in the first key distribution center KDC1 and second encryption key distribution, y and Py, the first communication entity A1, A2, ..., Am should obtain the PKI Px of the first key distribution center KDC1 in advance before communication, second communication entity B 1, B2, ..., Bn should obtain the PKI Py of the second key distribution center KDC2 in advance before communication, and carry out this locality respectively and store, when arbitrary first communication entity Ai and arbitrary second communication entity B j need carry out secure communication, obtain communication session keys by following method for distributing key:
1) the first communication entity Ai produces a pair of interim public private key pair a and Pa, send secret key request message by the first load bearing equipment C1 to the first key distribution center KDC1, this secret key request message comprises the sign of interim PKI Pa and the second communication entity B j of the first communication entity Ai;
2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, inquire about the first communication entity Ai to the first database D B1 and whether registered security services, if, then the first key distribution center KDC1 produces a random number, communication session keys k as the first communication entity Ai and second communication entity B j, send the encrypted word notification request message to the second key distribution center KDC2, this encrypted word notification request message comprises the sign of communication session keys k and second communication entity B j; If not then the first key distribution center KDC1 returns the encrypted word failed message to the first communication entity Ai;
3) after the second key distribution center KDC2 receives the encrypted word notification request message, whether j has registered security services to second database D B2 inquiry second communication entity B, if then the second key distribution center KDC2 sends the encrypted word request message by the second load bearing equipment C2 to second communication entity B j; If not then the second key distribution center KDC2 returns the encrypted word failed message to the first key distribution center KDC1, the first key distribution center KDC1 returns to this message the first communication entity Ai again;
4) after second communication entity B j receives the encrypted word request message, produce a pair of interim public private key pair b and Pb, send secret key request message by the second load bearing equipment C2 to the second key distribution center KDC2, this secret key request message comprises the interim PKI Pb of second communication entity B j;
5) after the second key distribution center KDC2 receives the secret key request message of the second communication entity B j that second load bearing equipment C2 transmission comes, utilize behind the interim PKI Pb encrypted communication session key k of second communication entity B j and utilize the private key y of the second key distribution center KDC2 to calculate its signature, constitute key response message and return to second communication entity B j by the second load bearing equipment C2; The second key distribution center KDC2 returns encrypted word push-notification-answer message to the first key distribution center KDC1 simultaneously;
6) after the first key distribution center KDC1 receives encrypted word push-notification-answer message, utilize behind the interim PKI Pa encrypted communication session key k of the first communication entity Ai and utilize the private key x of the first key distribution center KDC1 to calculate its signature, constitute key response message and return to the first communication entity Ai by the first load bearing equipment C1;
7) after the first communication entity Ai receives the next key response message of first load bearing equipment C1 transmission, utilize the PKI Px of the first key distribution center KDC1 of local storage to carry out signature verification, after checking is passed through, utilize the private key a deciphering of the first communication entity Ai to obtain communication session keys k again; If the first communication entity Ai receives the encrypted word failed message that the next key distribution center KDC1 of first load bearing equipment C1 transmission sends, then this secure communication failure;
8) after second communication entity B j receives the next key response message of second load bearing equipment C2 transmission, utilize the PKI Py of the second key distribution center KDC2 of local storage to carry out signature verification, after checking is passed through, utilize the private key b deciphering of second communication entity B j to obtain communication session keys k again;
9) the first communication entity Ai and second communication entity B j use communication session keys k to carry out secure communication as session key then.
6. entity secret talk method for building up based on the entity secret talk establishing system of the described a plurality of key distribution centers of claim 1, it is characterized in that: KDC2 has a pair of public private key pair x and Px respectively in the first key distribution center KDC1 and second encryption key distribution, y and Py, the first communication entity A1, A2, ..., Am should obtain the PKI Px of the first key distribution center KDC1 in advance before communication, second communication entity B 1, B2, ..., Bn should obtain the PKI Py of the second key distribution center KDC2 in advance before communication, and carry out this locality respectively and store, when arbitrary first communication entity Ai and arbitrary second communication entity B j need carry out secure communication, obtain communication session keys by following method for distributing key:
1) the first communication entity Ai produces a pair of interim public private key pair a and Pa, send secret key request message by the first load bearing equipment C1 to the first key distribution center KDC1, this secret key request message comprises the sign of interim PKI Pa and the second communication entity B j of the first communication entity Ai;
2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes, inquire about the first communication entity Ai to the first database D B1 and whether registered security services, if, then the first key distribution center KDC1 produces a random number, part information data k1 as the communication session keys k of the first communication entity Ai and second communication entity B j, send the encrypted word notification request message to the second key distribution center KDC2, this encrypted word notification request message comprises the sign of data k1 and second communication entity B j; If not then the first key distribution center KDC1 returns the encrypted word failed message to the first communication entity Ai;
3) after the second key distribution center KDC2 receives the encrypted word notification request message, whether j has registered security services to second database D B2 inquiry second communication entity B, if then the second key distribution center KDC2 sends the encrypted word request message by the second load bearing equipment C2 to second communication entity B j; If not then the second key distribution center KDC2 returns the encrypted word failed message to the first key distribution center KDC1, the first key distribution center KDC1 returns to this message the first communication entity Ai again;
4) after second communication entity B j receives the encrypted word request message, produce a pair of interim public private key pair b and Pb, send secret key request message by the second load bearing equipment C2 to the second key distribution center KDC2, this secret key request message comprises the interim PKI Pb of second communication entity B j;
5) after the second key distribution center KDC2 receives the secret key request message of the second communication entity B j that second load bearing equipment C2 transmission comes, produce a random number, another part data k2 as the communication session keys k of the first communication entity Ai and second communication entity B j, k1 and k2 are calculated the communication session keys k of the first communication entity Ai and second communication entity B j, utilize behind the interim PKI Pb encrypted communication session key k of second communication entity B j and utilize the private key y of the second key distribution center KDC2 to calculate its signature, constitute key response message and return to second communication entity B j by the second load bearing equipment C2; The second key distribution center KDC2 returns encrypted word push-notification-answer message to the first key distribution center KDC1 simultaneously, and this encrypted word notification response message contains data k2;
6) after the first key distribution center KDC1 receives encrypted word push-notification-answer message, k1 and k2 are calculated the communication session keys k of the first communication entity Ai and second communication entity B j, utilize behind the interim PKI Pa encrypted communication session key k of the first communication entity Ai and utilize the private key x of the first key distribution center KDC1 to calculate its signature, constitute key response message and return to the first communication entity Ai by the first load bearing equipment C1;
7) after the first communication entity Ai receives the next key response message of first load bearing equipment C1 transmission, utilize the PKI Px of the first key distribution center KDC1 of local storage to carry out signature verification, after checking is passed through, utilize the private key a deciphering of the first communication entity Ai to obtain communication session keys k again; If the first communication entity Ai receives the encrypted word failed message that the next key distribution center KDC1 of first load bearing equipment C1 transmission sends, then this secure communication failure;
8) after second communication entity B j receives the next key response message of second load bearing equipment C2 transmission, utilize the PKI Py of the second key distribution center KDC2 of local storage to carry out signature verification, after checking is passed through, utilize the private key b deciphering of second communication entity B j to obtain communication session keys k again;
9) the first communication entity Ai and second communication entity B j use communication session keys k to carry out secure communication as session key then.
7. according to the entity secret talk method for building up of claim 5 or 6 described a plurality of key distribution centers, it is characterized in that: when the first key distribution center KDC1 and the second key distribution center KDC2 share same database D B, promptly the first database D B1 and the second database D B2 unite two into one or the two between have communications conduit, then described step 2) after the first key distribution center KDC1 receives the secret key request message of the first communication entity Ai that first load bearing equipment C1 transmission comes in, to database D B inquiry or to the first database D B1 with the second database D B2 inquires about the first communication entity Ai and whether second communication entity B j has all registered security services, if, then send the encrypted word notification request message, otherwise return the encrypted word failed message to the first communication entity Ai to the second key distribution center KDC2; Described step 3) is saved the second key distribution center KDC2 and whether has been registered security services to second database D B2 inquiry second communication entity B j simultaneously, after promptly the second key distribution center KDC2 receives the encrypted word notification request message, directly send the encrypted word request message to second communication entity B j by the second load bearing equipment C1.
8. according to the entity secret talk method for building up of claim 5 or 6 described a plurality of key distribution centers, it is characterized in that: described first communication entity Ai and second communication entity B j all need not store interim public private key pair separately, it can be deleted in good time, when treating next time beginning secure communication or when in the secure communication process, needing to upgrade communication session keys, again the interim public private key pair of regeneration obtains new session key.
9. the entity secret talk method for building up of a plurality of key distribution centers according to claim 8 is characterized in that: described secret key request message and key response message parameter safe to carry, finish the negotiation and the announcement of cryptographic algorithm, mode of operation, running parameter.
CN2008101510858A 2008-09-24 2008-09-24 Entity secret talk establishing system based on multiple key distribution centers and method therefor Active CN101364866B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008101510858A CN101364866B (en) 2008-09-24 2008-09-24 Entity secret talk establishing system based on multiple key distribution centers and method therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008101510858A CN101364866B (en) 2008-09-24 2008-09-24 Entity secret talk establishing system based on multiple key distribution centers and method therefor

Publications (2)

Publication Number Publication Date
CN101364866A true CN101364866A (en) 2009-02-11
CN101364866B CN101364866B (en) 2010-11-10

Family

ID=40391046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008101510858A Active CN101364866B (en) 2008-09-24 2008-09-24 Entity secret talk establishing system based on multiple key distribution centers and method therefor

Country Status (1)

Country Link
CN (1) CN101364866B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011063566A1 (en) * 2009-11-27 2011-06-03 西安西电捷通无线网络通信股份有限公司 System for establishing secret session between entities based on multiple key distribution centers and method thereof
CN102281136A (en) * 2011-07-28 2011-12-14 中国电力科学研究院 Quantum key distribution system for safety communication of electric vehicle intelligent charging network
WO2012055173A1 (en) * 2010-10-25 2012-05-03 西安西电捷通无线网络通信股份有限公司 System, method and apparatus for establishing session key between nodes
CN104333860A (en) * 2014-10-31 2015-02-04 成都卫士通信息产业股份有限公司 ZigBee security network with public key cryptography system NTRU (number theory research unit)
CN108156112A (en) * 2016-12-02 2018-06-12 成都鼎桥通信技术有限公司 Data ciphering method, electronic equipment and network side equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100539537C (en) * 2007-05-22 2009-09-09 网御神州科技(北京)有限公司 A kind of IPSec of utilization expands to the network route in the method and the device of telecommunication network
CN101217362B (en) * 2007-12-29 2010-04-21 中山大学 RFID communication security mechanism established based on dynamic randomization DRNTRU public key encryption system

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011063566A1 (en) * 2009-11-27 2011-06-03 西安西电捷通无线网络通信股份有限公司 System for establishing secret session between entities based on multiple key distribution centers and method thereof
WO2012055173A1 (en) * 2010-10-25 2012-05-03 西安西电捷通无线网络通信股份有限公司 System, method and apparatus for establishing session key between nodes
CN102281136A (en) * 2011-07-28 2011-12-14 中国电力科学研究院 Quantum key distribution system for safety communication of electric vehicle intelligent charging network
CN102281136B (en) * 2011-07-28 2015-04-29 中国电力科学研究院 Quantum key distribution system for safety communication of electric vehicle intelligent charging network
CN104333860A (en) * 2014-10-31 2015-02-04 成都卫士通信息产业股份有限公司 ZigBee security network with public key cryptography system NTRU (number theory research unit)
CN108156112A (en) * 2016-12-02 2018-06-12 成都鼎桥通信技术有限公司 Data ciphering method, electronic equipment and network side equipment
CN108156112B (en) * 2016-12-02 2021-06-22 成都鼎桥通信技术有限公司 Data encryption method, electronic equipment and network side equipment

Also Published As

Publication number Publication date
CN101364866B (en) 2010-11-10

Similar Documents

Publication Publication Date Title
CN101286840B (en) Key distributing method and system using public key cryptographic technique
CN101286842B (en) Method for distributing key using public key cryptographic technique and on-line updating of the public key
Guo et al. Blockchain meets edge computing: A distributed and trusted authentication system
CN101282211B (en) Method for distributing key
CN109918878B (en) Industrial Internet of things equipment identity authentication and safe interaction method based on block chain
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
CN110071969B (en) Data security sharing method based on multi-chain architecture
CN101317359B (en) Method and device for generating local interface cryptographic key
CN101222325B (en) Wireless multi-hop network key management method based on ID
CN108847928B (en) Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card
EP3813298B1 (en) Method and apparatus for establishing trusted channel between user and trusted computing cluster
CN108540436B (en) Communication system and communication method for realizing information encryption and decryption transmission based on quantum network
CN109936509B (en) Equipment group authentication method and system based on multi-identity
CN106452741A (en) Communication system for realizing information encryption/decryption transmission based on quantum network and communication method
CN112217793B (en) Cross-system trust management system suitable for power Internet of things
CN102754386A (en) Hierarchical key management for secure communications in multimedia communication system
CN101364866B (en) Entity secret talk establishing system based on multiple key distribution centers and method therefor
CN113922957B (en) Virtual cloud wallet system based on privacy protection calculation
CN111988260B (en) Symmetric key management system, transmission method and device
Lin et al. Secure deduplication schemes for content delivery in mobile edge computing
CN110610418A (en) Transaction state query method, system, device and storage medium based on block chain
CN104065479A (en) Key generation method and system and key distribution method and system based on group
CN1929377B (en) Method and system for communication identification query
CN112765665A (en) Data source management method and management platform
CN113449312A (en) User communication platform based on alliance block chain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BEIJING ZHIXIANG TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2016610000049

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20161117

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BEIJING FENGHUO LIANTUO TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000001

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20170106

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHANGHAI YU FLY MILKY WAY SCIENCE AND TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000005

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20170317

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing next Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000014

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20170601

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HYTERA COMMUNICATIONS Corp.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000015

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20170602

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing Hua Xinaotian network technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000028

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20171122

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: ALPINE ELECTRONICS, Inc.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017990000497

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20171222

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN RAKWIRELESS TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000006

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20180226

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: BLACKSHARK TECHNOLOGIES (NANCHANG) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000012

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20180404

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Sony Mobile Communications AB

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018990000306

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20181123

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN UCLOUDLINK NEW TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2019610000002

Denomination of invention: Entity secret talk establishing system based on multiple key distribution centers and method therefor

Granted publication date: 20101110

License type: Common License

Record date: 20191010

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HANGZHOU STRONG EDUCATION TECHNOLOGY Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000001

Denomination of invention: An entity secret call establishment system based on multiple key distribution centers and its method

Granted publication date: 20101110

License type: Common License

Record date: 20210125

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: EKC communication technology (Shenzhen) Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000008

Denomination of invention: An entity secret call establishment system based on multiple key distribution centers and its method

Granted publication date: 20101110

License type: Common License

Record date: 20210705

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Guangzhou nengchuang Information Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000011

Denomination of invention: An entity secret call establishment system based on multiple key distribution centers and its method

Granted publication date: 20101110

License type: Common License

Record date: 20211104

Application publication date: 20090211

Assignee: Xinruiya Technology (Beijing) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000012

Denomination of invention: An entity secret call establishment system based on multiple key distribution centers and its method

Granted publication date: 20101110

License type: Common License

Record date: 20211104

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: SHENZHEN ZHIKAI TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2022610000005

Denomination of invention: An entity secret call establishment system based on multiple key distribution centers and its method

Granted publication date: 20101110

License type: Common License

Record date: 20220531

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: HISCENE INFORMATION TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000003

Denomination of invention: A system and method for establishing entity secret conversation based on multiple key distribution centers

Granted publication date: 20101110

License type: Common License

Record date: 20230207

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing baicaibang Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000005

Denomination of invention: A System and Method for Establishing Entity Secret Calls Based on Multiple Key Distribution Centers

Granted publication date: 20101110

License type: Common License

Record date: 20230329

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Shenzhen wisky Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000008

Denomination of invention: A System and Method for Establishing Entity Secret Calls Based on Multiple Key Distribution Centers

Granted publication date: 20101110

License type: Common License

Record date: 20230522

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20090211

Assignee: Beijing Digital Technology (Shanghai) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000012

Denomination of invention: A system and method for establishing entity ciphertext based on multiple key distribution centers

Granted publication date: 20101110

License type: Common License

Record date: 20231114