CN101820345A - Multi-key based communication encryption method - Google Patents
Multi-key based communication encryption method Download PDFInfo
- Publication number
- CN101820345A CN101820345A CN 201010134930 CN201010134930A CN101820345A CN 101820345 A CN101820345 A CN 101820345A CN 201010134930 CN201010134930 CN 201010134930 CN 201010134930 A CN201010134930 A CN 201010134930A CN 101820345 A CN101820345 A CN 101820345A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- server
- unique identifier
- encryption method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention relates to a multi-key based communication encryption method which comprises the steps of: before using a client, generating a key Ka used for encrypting registration information transmitted in a network, a key Kb used by the client for deciphering the registration information transmitted in the network and a unique identifier of the client and saving the key Ka, the key Kb and the unique identifier on the client and saving the key Ka and the identifier in a server; sending the unique identifier of the client to a server in a plaintext way by the client; using the identifier to query a database by the server; after receiving the key Ka of the client, generating a key Kc aiming at a current session and then transmitting an encrypted ciphertext back to the client by the server; after the client receives the ciphertext, deciphering by using the key Kb and saving the key Kc; and using the key Kc for encrypting and deciphering in each interaction between the server and the client in subsequent message transmission. The multi-key based communication encryption method ensures the robustness of an encryption algorithm and fully eliminates the leakage of a single key.
Description
Technical field
The present invention relates to communication encryption method based on a plurality of keys.
Background technology
Two-dimension code is the barcode technology of new generation of the chequered with black and white rectangle square formation recorded information that (on the two-dimensional directional) distributes on the plane according to certain rules.Two-dimension code is in stored information and read and all have simple characteristic aspect the information two.On the one hand, the information capacity of two-dimension code is that tens of one dimension sign indicating number arrives hundred times, therefore can be stored in the full detail of article in the two-dimension code, checks that relevant information only needs get final product with recognizing apparatus scanning, does not need to set up in advance database; On the other hand, the user is as long as the free recognition software of installing by simply sweeping code operations, just can be enjoyed abundant the application.
RFID is a kind of contactless technology, by radiofrequency signal recognition objective object and obtain related data information, and has following advantage: first, RFID has the not available waterproof of bar code, antimagnetic, high temperature resistant, long service life, reads the big characteristics of distance, can work among the adverse circumstances, break the specific geographic restrictions of message identification.The second, RFID is more how message identification has added intelligence, have and encrypt, provide bigger information storage capacity the data message on the label, and advantage such as reading writing information repeatedly.Wherein, the RFID label can be stored the data that do not wait to the 4M byte from 512 bytes, and production, transportation, storage condition can be provided, and also can distinguish the identity of machine, animal and individuality etc.The 3rd, the identification work of RFID need not manual intervention, reduces cost of labor greatly; Operate also more conveniently, can discern high-speed moving object and can discern a plurality of labels (i.e. batch read) simultaneously.Based on above-mentioned advantage, any needs such as RFID can be widely used in producing, logistics, traffic, transportation, medical treatment, false proof, tracking, equipment and asset management are collected and the field of process information, production, transportation, storage condition can be provided, also can distinguish the identity of machine, animal and individuality etc.
Because two-dimension code and RFID technology have above characteristics; two-dimension code and RFID technology all are widely used in the various information ciphering methods; be used for protecting at preservation and the sensitive information in transmission, and be used to the participant of a transaction is carried out authentication.In these information ciphering methods, there are two classes comparatively widely-used, be respectively secret key encryption method and key encrypt method.Key encrypt method also is known as asymmet-ric encryption method, has used pair of secret keys to come message carried out encryption and decryption alternately.
Chinese invention patent application CN 1358377A (number of patent application CN 00809473.X) discloses interactive device network registration protocol, provide a kind of network of being connected with an interactive device and a registrar at one of being used for, interactive device is registered to the agreement of server, this agreement may further comprise the steps: before interactive device is connected to network, at the nonvolatile memory of this interactive device, and a key and an open unique identifier are installed in the database of a registrar; Then, after this interactive device was connected to network, by the encryption of verification interactive device, the key of using apply for information was at this interactive device of server authentication; At last, if authentication success then is registered to this interactive device in the database of registrar.From above-mentioned description about application for a patent for invention CN 00809473.X as can be seen, its mode that provides a kind of public-key cryptographic keys has been carried out anti-fake encrpted to equipment, but it still exists following shortcoming:
1, in whole registration encrypted process, even is included in the encryption key that transmits in the follow-up session of encryption, all has only a key.So,, for this cover communications protocol, all be catastrophic in case this key is cracked or divulged a secret with nonviolent means at server end.
2, in whole part application documents, and if not mentioned printed interactive equipment when being duplicated totally, how the disclosed communications protocol of this patent application resists this pseudo-the access.
Summary of the invention
The shortcoming that the objective of the invention is to overcome prior art provides a kind of communication encryption method based on a plurality of keys with not enough, has guaranteed the robustness of cryptographic algorithm, and the single key of fully having eliminated available technology adopting is by the serious consequence after revealing.
Purpose of the present invention is achieved through the following technical solutions: the communication encryption method based on a plurality of keys may further comprise the steps:
Steps A, before using client, generate the unique identifier of key K a, key K b, this client, and the unique identifier of key K a, key K b, this client is stored on the client, also the unique identifier with key K a and this client is stored in the server; Wherein key K a only is used to be encrypted in the log-on message of transmission over networks, and key K b only is used for the log-on message of client deciphering transmission over networks;
Step B, user end to server send to server to the unique identifier of oneself with clear-text way, to finish register requirement;
Step C: after receiving the register requirement of step B, server is with received unique identifier Query Database, obtain the key K a of this client after, server generates the key K c at current sessions, then the ciphertext after encrypting is returned to client;
Step D: after client obtains ciphertext that service end passes back, with key K b deciphering; And the key K c that obtains stored, be used for follow-up transmission of messages;
Step e: in follow-up transmission of messages, the mutual key K c that adopts step C to generate of each server and this client comes encryption and decryption.
In above-mentioned communication encryption method based on a plurality of keys, the unique identifier of the described key K a of steps A, key K b, this client be stored in the nonvolatile memory of client or the erasable chip encrypted on.
In above-mentioned communication encryption method based on a plurality of keys, the key K c that step C generates is only effective in the time to live of a session.
The length of described key K a, Kb, Kc is 128.
The present invention has following advantage and effect with respect to prior art:
1, the present invention uses three keys to carry out altogether in whole registration encrypted process.And each key all can use in the different stages according to the difference of using, and this has just guaranteed the robustness of cryptographic algorithm of the present invention, and the single key of fully having eliminated available technology adopting is by the serious consequence after revealing.
If when 2 terminal wireless identification equipments were duplicated totally, the present invention can resist the attack of this overall copy type.The present invention is mainly used in the logistics field, is used for the mutual of the terminal wireless equipment of object identification and server end.
Description of drawings
Fig. 1 is encryption flow figure of the present invention.
Embodiment
The present invention is described in further detail below in conjunction with embodiment and accompanying drawing, but embodiments of the present invention are not limited thereto.
Embodiment
As shown in Figure 1, the communication encryption algorithm that the present invention is based on a plurality of keys may further comprise the steps:
Steps A: initialization.Before using client, at first generate the unique identifier of key K EY-public (Ka), key K EY-private (Kb), this client, and the unique identifier of key K a, key K b, this client is stored in the nonvolatile memory of client or the erasable chip encrypted on, also the unique identifier with key K a and this client is stored in the data in server storehouse; Wherein key K a only is used to be encrypted in the log-on message of transmission over networks, and key K b only is used for the log-on message of client deciphering transmission over networks.Described client is a wireless access identification equipment client.
In order to guarantee the anti-cracking of key, key K a and Kb have adopted 128 key, and this length in the industry cycle is commonly considered as cracking, and the time of cracking the key cost of this units in other words is considerably beyond the life cycle of product.
Step B: user end to server sends to server to the unique identifier of oneself with clear-text way, to finish register requirement.
Step C: the registration of server is responded.After receiving the register requirement of step B, server is with received unique identifier Query Database, obtain the key K a of this client after, server generates the key K c at current sessions, then the ciphertext after encrypting is returned to client.Key K c also is used for the encryption of follow-up communication message.
In order to guarantee the safety of communication, the length of key K c also is 128.Simultaneously, the use of this key K c only is in a session, and is promptly only effective in the time to live of a session; And will generating different keys, next session finishes.In addition, the time to live of session is not fixed, but variable, different sessions, and its time to live is also different; Generally speaking, session stops in both cases: 1, client initiatively initiates to nullify the message of session; 2, client error, service end are initiatively nullified session.
Step D: the feedback that client is responded registration.After client obtains ciphertext that service end passes back, with key K b deciphering; And the key K c that obtains stored, be used for follow-up transmission of messages.
Step e: follow-up transmission of messages.In follow-up transmission of messages, the mutual key K c that adopts step C to generate of each server and this client comes encryption and decryption.
Guarantee that encryption communication agreement of the present invention is truly feasible, done the robustness analysis of agreement and the complementary processing in the communications protocol here.As a part of the present invention, complementary processing also is the part of claim in this communication encryption agreement.
Scenario A: fake equipment can connect and enters network, but does not know the existence of this communications protocol, so can't carry out the register requirement of equipment.Therefore attack failure.
Scenario B: fake equipment has been understood this communications protocol on the basis of scenario A, but does not know the unique identifier of connection device, so can't carry out the register requirement of equipment in service end.Therefore attack failure.
Scene C: fake equipment has also found the unique identifier of connection device on the basis of scenario B, but does not know the key of this identifier correspondence, so can't be at the client decrypting ciphertext.Therefore attack failure.
Scene D: fake equipment has been duplicated client totally on the basis of scene C.But the communications protocol among the present invention can write down time, the corresponding address of the historical visit of client in service end.And, all can only initiate a session at same equipment at every turn, the initiation meeting of a plurality of dialogues is made alarming processing on the supervision of server is attended a banquet.Attack failure.
The foregoing description is a preferred implementation of the present invention; but embodiments of the present invention are not restricted to the described embodiments; other any do not deviate from change, the modification done under spirit of the present invention and the principle, substitutes, combination, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.
Claims (4)
1. based on the communication encryption method of a plurality of keys, it is characterized in that may further comprise the steps:
Steps A, before using client, generate the unique identifier of key K a, key K b, this client, and the unique identifier of key K a, key K b, this client is stored on the client, also the unique identifier with key K a and this client is stored in the server; Wherein key K a only is used to be encrypted in the log-on message of transmission over networks, and key K b only is used for the log-on message of client deciphering transmission over networks;
Step B, user end to server send to server to the unique identifier of oneself with clear-text way, to finish register requirement;
Step C: after receiving the register requirement of step B, server is with received unique identifier Query Database, obtain the key K a of this client after, server generates the key K c at current sessions, then the ciphertext after encrypting is returned to client;
Step D: after client obtains ciphertext that service end passes back, with key K b deciphering; And the key K c that obtains stored, be used for follow-up transmission of messages;
Step e: in follow-up transmission of messages, the mutual key K c that adopts step C to generate of each server and this client comes encryption and decryption.
2. the communication encryption method based on a plurality of keys according to claim 1 is characterized in that: the unique identifier of the described key K a of steps A, key K b, this client be stored in the nonvolatile memory of client or the erasable chip encrypted on.
3. the communication encryption method based on a plurality of keys according to claim 1 is characterized in that: the key K c that step C generates is only effective in the time to live of a session.
4. the communication encryption method based on a plurality of keys according to claim 1 is characterized in that: the length of described key K a, Kb, Kc is 128.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010134930 CN101820345A (en) | 2010-03-25 | 2010-03-25 | Multi-key based communication encryption method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010134930 CN101820345A (en) | 2010-03-25 | 2010-03-25 | Multi-key based communication encryption method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101820345A true CN101820345A (en) | 2010-09-01 |
Family
ID=42655301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010134930 Pending CN101820345A (en) | 2010-03-25 | 2010-03-25 | Multi-key based communication encryption method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101820345A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888565A (en) * | 2017-10-19 | 2018-04-06 | 厦门集微科技有限公司 | The method and apparatus of safe handling and the method and apparatus of encryption |
| CN108259621A (en) * | 2018-02-02 | 2018-07-06 | 任子行网络技术股份有限公司 | The auditing method and device of a kind of HTTPS contents for Internet bar |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1813440A (en) * | 2003-07-04 | 2006-08-02 | 汤姆森许可贸易公司 | Method for encoding/decoding a message and associated device |
| CN1938983A (en) * | 2004-03-30 | 2007-03-28 | 松下电器产业株式会社 | Update system for cipher system |
| CN101527818A (en) * | 2009-04-23 | 2009-09-09 | 天柏宽带网络科技(北京)有限公司 | Licence managing method of internet protocol television copyright management system |
-
2010
- 2010-03-25 CN CN 201010134930 patent/CN101820345A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1813440A (en) * | 2003-07-04 | 2006-08-02 | 汤姆森许可贸易公司 | Method for encoding/decoding a message and associated device |
| CN1938983A (en) * | 2004-03-30 | 2007-03-28 | 松下电器产业株式会社 | Update system for cipher system |
| CN101527818A (en) * | 2009-04-23 | 2009-09-09 | 天柏宽带网络科技(北京)有限公司 | Licence managing method of internet protocol television copyright management system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888565A (en) * | 2017-10-19 | 2018-04-06 | 厦门集微科技有限公司 | The method and apparatus of safe handling and the method and apparatus of encryption |
| CN108259621A (en) * | 2018-02-02 | 2018-07-06 | 任子行网络技术股份有限公司 | The auditing method and device of a kind of HTTPS contents for Internet bar |
| CN108259621B (en) * | 2018-02-02 | 2021-04-09 | 任子行网络技术股份有限公司 | Method and device for auditing HTTPS (hypertext transfer protocol secure) content of Internet bar |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Toiruul et al. | An advanced mutual-authentication algorithm using AES for RFID systems | |
| EP1806869A1 (en) | Communication device, and communication method | |
| CN107231231B (en) | Method and system for terminal equipment to safely access Internet of things | |
| CN110381055B (en) | RFID system privacy protection authentication protocol method in medical supply chain | |
| CN101847199A (en) | Security authentication method for radio frequency recognition system | |
| CN103281189A (en) | Light weight class safe protocol certification system and method for radio frequency identification equipment | |
| CN104115442A (en) | RFID bidirectional authentication method based on asymmetric secret key and Hash function | |
| KR101284155B1 (en) | authentication process using of one time password | |
| CN113365270A (en) | RFID multi-label joint authentication system and method based on application of Internet of things | |
| KR100968494B1 (en) | Tag security processing method using One Time Password | |
| CN105847009A (en) | RFID bidirectional authentication method meeting requirement on backward security | |
| CN106027237B (en) | Cipher key matrix safety certifying method based on group in a kind of RFID system | |
| CN105357015B (en) | A kind of Internet of Things safety certifying method | |
| CN101820345A (en) | Multi-key based communication encryption method | |
| CN110492992A (en) | A kind of data encryption and transmission method based on radio RF recognition technology | |
| CN108600230A (en) | A kind of radio-frequency identification method and system | |
| CN111046413B (en) | RFID communication method and system | |
| CN104683108B (en) | Cancel the safety certifying method of one card for multiple uses RFID tag application | |
| CN114745123A (en) | Industrial RFID (radio frequency identification) safety communication method | |
| CN105406971B (en) | RFID (radio frequency identification) safety authentication method for intelligent power consumption information acquisition system terminal | |
| CN1286050C (en) | Encipher / decipher method for identity information and recognition system | |
| Abyaneh | On the privacy of two tag ownership transfer protocols for RFIDs | |
| Sadighian et al. | FLMAP: A fast lightweight mutual authentication protocol for RFID systems | |
| CN112417424A (en) | Authentication method and system for power terminal | |
| CN106682557B (en) | RFID safety authentication based on variable linear feedback shift register |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100901 |