CN101917270A - Weak authentication and key agreement method based on symmetrical password - Google Patents
Weak authentication and key agreement method based on symmetrical password Download PDFInfo
- Publication number
- CN101917270A CN101917270A CN 201010243957 CN201010243957A CN101917270A CN 101917270 A CN101917270 A CN 101917270A CN 201010243957 CN201010243957 CN 201010243957 CN 201010243957 A CN201010243957 A CN 201010243957A CN 101917270 A CN101917270 A CN 101917270A
- Authority
- CN
- China
- Prior art keywords
- node
- authentication
- key
- session key
- cryptographic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a weak authentication and key agreement method based on a symmetrical password, comprising the following steps: 1) presetting a long-term shared secret key k between any two network node equipment A and B; 2) respectively arranging a clock on a node A and a node B, wherein, the error between each clock and standard time does not exceed T0 second; 3) internally installing an encryption algorithm E between the node A and the node B; and 4) building an authentication and session key between the node A and the node B by utilizing the encryption algorithm E and the long-term shared secret key k. The method of the invention has low energy-consumption computation and communication, rapid execution speed and high authentication efficiency, and is suitable for resource-restricted communication environments. As the invention uses a symmetric cryptographic algorithm DES or AES, the difficult degree that opponents capture authentication message to obtain the long-term shared key or a ciphertext is relative to the difficult degree of decoding the DES or AES algorithm, thus ensuring the safety of the ciphertext and the key.
Description
Technical field
The invention belongs to the identity identifying technology field, relate in particular to identity Weak authentication and cryptographic key negotiation method based on symmetric cryptography, this method is applicable to that internodal rapid authentication reaches the foundation of sharing key in the resource-constrained network environment.
Technical background
Under network environment, communication is the necessary condition that connects network node, and communication process is the easiest dangerous approach that causes information leakage.Therefore communicate by certain protocol rule in network, it is an important research content that standard user's network behavior is protected the safety of information.
The basic fundamental means that protected data is not stolen are to use encryption measures; and before implementing encryption measures; to prove their identity to the identity of communicating pair by certain ID authentication mechanism; the identity of promptly verifying the user with declared whether consistent; and consult the encryption and decryption that a session key is used for message; crucial authentication and key agreement (Authentication and Key Agreement, AKA) process that Here it is.The basic step of AKA process is to finish authentication earlier, carries out key agreement then.Authentication sometimes combines with cipher key agreement process and carries out.
Traditional network authentication technology comprises digital signature technology, challenge response technology etc., but these technology all need to consume the bigger calculating and the communication resource.These consumption are nothing concerning resourceful network element, but then may can't afford concerning ad hoc network, and are just very limited such as the ability of the computational resource of resource-constrained wireless sensor network node and communication aspects.Therefore it is unaccommodated traditional AKA technology being used for resource-constrained communication environment, needs AKA method more efficiently.
Along with the quick propelling of technology of Internet of things and industry, will there be the limited sensing net of ample resources to be connected on the Internet or the mobile network, and be connected with remote terminal and controls.Demand for security to sensing net itself also can improve like this, and therefore using efficiently, the AKA method is an inevitable choice.
Summary of the invention
The network authentication technology that the present invention is directed to prior art is not suitable for the problem of resource-constrained communication environment, and an authentication and a cryptographic key negotiation method based on symmetric cryptography is provided, and can be used to have the Internet of Things of ample resources constrained nodes efficiently and safely.
Technical scheme of the present invention is: a kind of Weak authentication and cryptographic key negotiation method based on symmetric cryptography comprise the steps:
1) between any two apparatus for network node A and B, presets a long-term shared secret key k.How presetting so shared key is not content of the present invention, there have been many prior aries to finish, such as make each node all have the long term keys with other nodes sharing by methods such as cipher key pre-distribution and pool of keys, these long term keys leave in certain database of user, storage mode is (key is shared in node name).
2) on any two apparatus for network node A and B a clock is set separately, described each clock and the error of standard time are no more than T0 second, and T0 can be 2 to 3 seconds second, so the clock setting of node device A and B is for almost synchronous.
3) built-in encryption algorithm E and hash function H (x) between node device A and B.
4) utilize cryptographic algorithm E to set up authentication and session key between node device A and B, concrete grammar is:
Node device A sends relevant information through cryptographic algorithm E and long-term shared secret key k encrypted ciphertext and node device A to node device B, node A session key; Node device B utilizes decipherment algorithm and long-term shared secret key k to decrypt ciphertext, the information after node device B will decipher and the relevant information of device A contrast authentication, authentication is passed through, if information is legal, then share session key between node device A and the node device B, session key is hash function H (x).When not depositing long-term shared secret key between device A and the B, then authentication can't be passed through, and session key can't be shared.
The detailed process of setting up authentication and session key between node device A and the B is as follows:
(1) the node device A data that will include at least through the identity information of cryptographic algorithm E encrypted ciphertext and node device A send to node device B, are specially (ID
A, C), Id wherein
ABe the identity information of node device A, ciphertext C=E
k(ID
A, T), k is a key, E is a cryptographic algorithm, the current time when T sends message for node device A;
(2) node device B receives the data that node device A sends, and ciphertext is decrypted, the ID after obtaining to decipher
A' and T; Authenticate, judge ID '
A=ID
AAnd whether T '-T≤Δ T set up, and the current time when wherein T ' receives ciphertext for Node B stabs, and Δ T is predefined time delay scope, if the both sets up, authentication is passed through;
(3) after authentication was passed through, Node B and node device A shared session key, and its shared session key is sk=H (ID
A, ID
B, k, T) or sk=H (k, T).Session key calculates respectively at A node device and B node device, but the calculating of session key and authentication can be carried out simultaneously, after for example node device A sends data, just can session key in the time of authentication, do not need authentication by the time to finish session key again.When authentication was passed through, then node device A and node device B just can share this session key.
Described node device A sends to the identity information ID that also comprises node device B in the information of node device B
B
After preceding 3 steps of above-mentioned agreement had been performed, if node device A carries out according to step, then B one found long-term shared secret key k according to the identity of A surely, thereby correctly deciphers, and authenticates.If authentication is passed through, then B has reason to believe the other side's A really, and this is because k is A and B cipher key shared, has only A can produce effective ciphertext E
k(ID
A, T), the B deciphering obtains (ID
A', T) after, just can determine the other side A really whether.
For correctness and the fail safe that further improves the Authentication and Key Agreement method, behind Node B and the shared session key of node device A foundation, also can increase the anti-authentication of node device A to Node B, its step is as follows:
Node device B is after the authentication success to node device A, and echo reply information is given node device A, and response message is the ciphertext E ' after cryptographic algorithm E ' encrypts
Sk(X), wherein X is ID
B, ID
AWith or their combination in any among the T, sk is for sharing session key, the current time when T is Node B transmission response message; Node device A receives the information that is decrypted and authenticates behind the response message after the deciphering, deciphering is identical to deciphering and the authentication method of node device A with the middle Node B of authentication method and step (2), all be by judging identity information after the deciphering, and the scope whether delay of time exceeds setting determine whether authentication can be passed through with whether identical with the identity information that sends.
E '
Sk(X) specifically can be E '
Sk(ID
A, ID
B, T), E '
Sk(ID
A, T), E '
Sk(ID
B, T), E '
Sk(ID
A, ID
B), E '
Sk(ID
A), E '
Sk(ID
B), E '
Sk(T).Cryptographic algorithm E ' can be same algorithm or another algorithm with E.
Node device A is as follows to another authentication method of node device B:
Node device B is after the authentication success to node device A, and echo reply information is given node device A, and response message is the ciphertext E ' after cryptographic algorithm E ' encrypts
Sk(X, M), wherein X is ID
B, ID
AWith or their combination in any among the T, sk is for sharing session key, the current time when T is Node B transmission response message; Node device A receives the information that is decrypted and authenticates behind the response message after the deciphering, and Node B is identical to deciphering and the authentication method of node device A in deciphering and authentication method and the step (2).In this authentication method, in the identity of determining B, also obtain the data of B transmission.
E '
Sk(X m) specifically can be E '
Sk(ID
A, ID
B, T, M), E '
Sk(ID
A, T, M), E '
Sk(ID
B, T, M), E '
Sk(ID
A, ID
B, M), E '
Sk(ID
A, M), E '
Sk(ID
B, M), E '
Sk(T, M).
In above-mentioned two kinds of methods, Node B can authenticate node device A is counter, node device A at first calculates session key sk, just can determine through data contrasts whether the other side is B after the deciphering then, because have only B just may produce correct session key and produce correct ciphertext, no matter whether ciphertext comprises real communication data M.
Described cryptographic algorithm E and E ' are symmetric key encryption algorithm.
Described cryptographic algorithm E and E ' can be symmetric cryptographic algorithms such as AES or DES.
Beneficial effect of the present invention:
Efficiency analysis: compared with prior art, verification process of the present invention only needs the encryption and decryption computing of symmetric key cipher algorithm aspect calculating, only needs folk prescription to transmission identity information and ciphertext aspect communication cost.If identity information is 32 bit strings, ciphertext is 128 bit strings, and the data that will transmit only are 160 bits so.The calculating of session key also is the execution of a hash function, and its speed is very fast.
Safety analysis: because employed symmetric cryptographic algorithm E is DES or AES, opponent's degree of difficulty that will obtain long-term shared secret key or ciphertext from the authentication message of intercepting and capturing also is equivalent to decode the degree of difficulty of DES or aes algorithm so.The chance of opponent's Replay Attack is also very little, only is only in the scope that time delay allowed effectively.Even the Replay Attack success transmits because message all is ciphertext, the opponent can not obtain valuable information.Therefore, only have the user who shares key and just can decrypt message, carry out authentication, set up session key at last.Though message might be intercepted and captured or distort in transmission by the opponent, hinder internodal authentication and session key to set up, and can initiate Replay Attack.But the opponent can't palm off certain node carries out authentication, thereby reaches the purpose of setting up session key.That is to say, not necessarily can complete successfully authentication between the node and set up session key, just can complete successfully this process but have only between the legal node.In authentication information, added current time information, and temporal information is embedded in the session key, make each authentication information all can be different, like this, even certain authentication information that the user sends on certain terminal is leaked, the also not later authentication of entail dangers to user and the safety of session key.
On the whole, the calculating of method needs of the present invention is low with the energy consumption of communicating by letter.Symmetric cryptographic algorithm is only used in authentication, and the key length that symmetric cryptographic algorithm needs is shorter, and encryption/decryption speed is fast.The data volume that is used to authenticate is little, and the communication bandwidth that needs is also little.Behind authentication success, session key can form at once.And two-way authentication can be replied by simple message and be realized, or finishes the raising on the implementation efficiency together in conjunction with the message that actual encrypted is used.
Particularly, communication party A calculates by simple encryption just can produce verify data, this transfer of data is used for authentication to B, B can generate a session key when finishing the authentication of A, A just can set up session key after sending message, the foundation of session key and authentication almost can be carried out simultaneously.Setting up in the process of session key, only need to calculate a hash function, efficient is very high.B can reply a message and be used for the authentication of A to B, also verify data can be fused in the message after the encryption, so more can save the communication resource, is highly suitable in the resource-constrained communication environment.
Description of drawings
Fig. 1 sets up authentication and session key FB(flow block) between node device A and the B among the embodiment 1;
Fig. 2 sets up authentication and session key FB(flow block) between node device A and the B among the embodiment 2.
Embodiment
The present invention is in specific implementation process, because use symmetric encipherment algorithm, communicating pair requires to have the shared key that presets.The method of the cipher key pre-distribution of preset shared key must be efficiently on each node, because be very limited at the energy of each node.Secondly, the fail safe of key also is a very important factor, requires each node safe storage to share key.If long-term shared key is in case leakage will bring very big potential safety hazard, the opponent can fake user carry out the authentication of identity and the foundation of session key, therefore must guarantee that the long-term shared secret key of each node is unreadable.A captive node, in case be opened, some data that comprise long-term shared secret key of this node will disappear, and are not stolen to guarantee long term keys.When the user carries out authentication, require clock almost synchronous, therefore, if two nodes not in a time zone, can pass through the time of a clock server periodic adjustment node.The user is at message (ID
A, E
k(ID
A, T)) in all to have added time stamp T be the freshness that is used for guaranteeing message, and after receiving message, postpone the review time whether in the scope of regulation.The setting of the time delay of this permission will be of moderate size, if the time delay that allows is less than normal, then can cause the poor availability of agreement because of reasons such as network transfer speeds.If the time delay that allows is bigger than normal, then can create conditions to Replay Attack.Under the thing networked environment, the time delay of permission is less relatively, because the life cycle of node is less relatively in the thing networking, time delay is bigger than normal might be in the life cycle of node, and the traffic carried amount is less, makes network impracticable.After authentication is finished, contain timestamp in the session key that both sides set up, because timestamp is an in season value, can the last session key of randomization, the fail safe of raising session key.Need to prove that the foundation of long-term shared secret key can be by some cipher key pre-distribution scheme realizations safely and effectively between node, concrete implementation is not in limit of consideration of the present invention.
Embodiment 1: the unilateral authentication that uses symmetric key encryption algorithm DES
As mentioned above, the present invention is based on symmetric cryptography, has set up shared key between any two nodes, and carries out authentication and set up session key under the almost synchronous prerequisite of clock.Its concrete steps are as follows:
1) between any two apparatus for network node A and B, presets a long-term shared secret key k.
In the cipher key pre-distribution stage, at first produce a big pool of keys G and key identification; Randomly draw unduplicated several key then and form key chain; At last different key chains is loaded into the different sensors node.The node that shared key is arranged with it around each node all will be found only just is considered to connect between the node of the shared key of existence.All have under the situation of shared key at any two nodes, if user A will initiate authentication and set up session key to user B, user A finds the shared key k with user B, and key length is 64.
2) on any two apparatus for network node A and B a clock is set separately, the error of described clock and standard time is no more than T0 second, and T0 second is 2-3 second, and the clock setting of node device A and Node B is for almost synchronous.
3) built-in symmetric key encryption algorithm E between node device A and B point, E is the DES algorithm.
The DES algorithm uses one 56 key and 8 additional bit parity check positions, produces maximum 64 grouping size.This is the block cipher of an iteration, uses the technology be called Feistel, wherein with the text block of encrypting in two.Use sub-key to half application cycle function wherein, will export then with second half and carry out nonequivalence operation; Then exchange these two halves, this process can continue, but last circulation does not exchange.DES uses 16 circulations.
4) between node device A and B, set up authentication and session key.
(1) node device A encrypts message, obtains ciphertext C=DES
k(ID
A, T), the identity information of ciphertext and node device A is sent to Node B, be specially (ID
A, DES
k(ID
A, T)), ID wherein
ABe the identity information of node device A, k is a key, and cryptographic algorithm E is the DES algorithm, current time when T sends for node device A; While node device A session key sk=H (ID
A, ID
B, k, T);
(2) Node B is received the information that node device A sends, and finds the shared key k with node device A, does decrypt operation
Obtain (ID '
A, T), check ID ' then
A=ID
AAnd whether T '-T≤Δ T all set up, and wherein T ' time of receiving message for B, Δ T is predefined time delay scope, can be set at for 3 to 5 seconds.If these two have one to be false, abandon ciphertext.If the both sets up, then authentication is passed through.
(3) after authentication was passed through, Node B and node device A shared session key, and shared session key is sk=H (ID
A, ID
B, k, T) or sk=H (k, T).
Embodiment 2: use the two-way authentication of symmetric key encryption algorithm AES
1) between any two apparatus for network node A and B, presets a long-term shared secret key k.Long-term shared secret key k produces by a server, 128 of key lengths.
Along with the development of symmetric cryptography, the DES data encryption standard algorithm is owing to key length less (56), and incompatible current distributed type open network is to the requirement of data cryptographic security, and therefore NIST in 1997 openly collects new data encryption standard, i.e. AES.AES is a packet key, and algorithm is imported 128 bit data, and key length also is 128.Each is taken turns all needs one to have the participation of the expanded keys Expandedkey of equal length with input grouping.Since the encryption key K limited length of outside input, thus in algorithm, to be extended to longer Bit String to external key K with a cipher key spreading program (Keyexpansion), to generate the encryption and decryption key of each wheel.
2) on any two apparatus for network node A and B a clock is set separately, the error of described clock and standard time is no more than T0 second, and the scope of T0 second is 2-3 second, and the clock setting of node device A and Node B is for almost synchronous.
3) built-in symmetric key encryption algorithm E between node device A and B point, E is an aes algorithm.
4) between node device A and B, set up authentication and session key.
(1) node device A encrypts message, obtains ciphertext C=AES
k(ID
A, T), the identity information of ciphertext and node device A is sent to Node B, be specially (ID
A, AES
k(ID
A, T)), k is a key, cryptographic algorithm E is an aes algorithm, current time when T sends for node device A;
(2) Node B is received the enciphered message that node device A sends, and finds the shared key k with node device A, does decrypt operation
Obtain (ID '
A, T), check ID ' then
A=ID
AAnd whether T '-T≤Δ T all set up, and wherein T ' time of receiving message for B, Δ T is predefined time delay scope, can be set at for 3 to 5 seconds.If these two have one to be false, abandon ciphertext.If the both sets up, then authentication is passed through.
(3) after authentication was passed through, Node B and node device A shared session key, and shared session key is sk=H (ID
A, ID
B, k, T) or sk=H (k, T).
(4) after Node B is passed through the authentication of node device A, if also need return data to be used for the authentication of A to B, at this moment can carry out with the encryption of data M, the encryption ciphertext is E '
Sk(ID
B, M), send response message AES
Sk(ID
A, ID
B, T M) gives A.A can successfully decipher and obtain (ID by session key sk
A, ID
B, T, M), wherein the partial data of front is used for the authentication of A to B, and whether the identity of authentication authorization and accounting Node B is correct; The aft section data are to intend the message M of reception.
It should be noted that in the present embodiment Node B gives in the response message of node device A, used same aes algorithm, but different encryption keys, this is in practice in order to economize on resources, particularly resource limited system method commonly used.Certainly, under resource was not very limited situation, B can use different aes algorithms to replying of A.
Simultaneously B also can send verify data separately to A, does not comprise data M, and this does not have essential distinction with encrypting with data M, is necessary but at first send under the data conditions to B at A.
Claims (10)
1. Weak authentication and cryptographic key negotiation method based on a symmetric cryptography comprise the steps:
1) between any two apparatus for network node A and B, presets a long-term shared secret key k;
2) clock is set separately on node A and B;
3) built-in encryption algorithm E and hash function H (x) between node A and B point;
4) set up authentication and session key between node A and B, method is:
Node A sends relevant information through cryptographic algorithm E and long-term shared secret key k encrypted ciphertext and A to Node B, node A session key; Node B utilizes decipherment algorithm and long-term shared secret key k to decrypt ciphertext, and information after Node B will be deciphered and the relevant information of node A contrast, if information is legal, authentication is passed through, and then shares session key between node A and the B; Session key is hash function H (x).
2. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 1, the detailed process that it is characterized in that between described node A and the B setting up authentication and session key is as follows:
(1) node A will include the data (ID through cryptographic algorithm E encrypted ciphertext and node A identity information at least
A, C) send to Node B, wherein ID
ABe the identity information of node A, ciphertext C=E
k(ID
A, T), k is a key, E is a cryptographic algorithm, current time when T sends for node A;
(2) Node B is received the information that node A sends, and ciphertext is decrypted, the ID after obtaining to decipher
A' and T; Authenticate, judge ID '
A=ID
AAnd whether T '-T≤Δ T set up, and the current time when wherein T ' receives ciphertext for Node B, Δ T is predefined time delay scope, if the both sets up, authentication is passed through;
(3) after authentication was passed through, Node B and node A shared session key, and its session key is sk=H (ID
A, ID
B, k, T) or sk=H (k, T).
3. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 2, it is characterized in that node A sends data after, session key in authentication.
4. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 3 is characterized in that described node A sends to the identity information ID that also comprises Node B in the information of Node B
B
5. as claim 3 or 4 described Weak authentication and cryptographic key negotiation methods based on symmetric cryptography, it is characterized in that also increasing the authentication of node A to Node B behind Node B and the shared session key of node A foundation, its step is as follows:
Node B is after the authentication success to node A, and echo reply information is given node A, and response message is the ciphertext E ' after cryptographic algorithm E ' encrypts
Sk(X), wherein, X is ID
B, ID
AWith or their combination in any among the T, sk is for sharing session key, the current time when T is Node B transmission response message; Node A is decrypted and checks the legitimacy of deciphering back information after receiving response message.
6. as claim 3 or 4 described Weak authentication and cryptographic key negotiation methods based on symmetric cryptography, it is characterized in that also increasing the authentication of node A to Node B behind Node B and the shared session key of node A foundation, its step is as follows:
Node B is after the authentication success to node A, and echo reply information is given node A, and response message is the ciphertext E ' after cryptographic algorithm E ' encrypts
Sk(X, M), wherein X is ID
B, ID
AWith or their combination in any among the T, sk is for sharing session key, the current time when T is Node B transmission response message; Node A receives the information that is decrypted and authenticates behind the response message after the deciphering.
7. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 5 is characterized in that described cryptographic algorithm E and E ' are symmetric key encryption algorithm.
8. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 7 is characterized in that described cryptographic algorithm E and E ' are AES or DES cryptographic algorithm.
9. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 6 is characterized in that described cryptographic algorithm E and E ' are symmetric key encryption algorithm.
10. Weak authentication and cryptographic key negotiation method based on symmetric cryptography as claimed in claim 9 is characterized in that described cryptographic algorithm E and E ' are AES or DES cryptographic algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102439570A CN101917270B (en) | 2010-08-03 | 2010-08-03 | Weak authentication and key agreement method based on symmetrical password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102439570A CN101917270B (en) | 2010-08-03 | 2010-08-03 | Weak authentication and key agreement method based on symmetrical password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101917270A true CN101917270A (en) | 2010-12-15 |
| CN101917270B CN101917270B (en) | 2012-08-22 |
Family
ID=43324668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102439570A Active CN101917270B (en) | 2010-08-03 | 2010-08-03 | Weak authentication and key agreement method based on symmetrical password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101917270B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694652A (en) * | 2012-01-13 | 2012-09-26 | 武传坤 | Method for realizing lightweight authenticated encryption by using symmetric cryptographic algorithm |
| CN102710421A (en) * | 2012-06-14 | 2012-10-03 | 深圳市中联创新自控系统有限公司 | Matched communication method |
| CN103118363A (en) * | 2011-11-17 | 2013-05-22 | 中国电信股份有限公司 | Method, system, terminal device and platform device of secret information transmission |
| CN103581900A (en) * | 2012-08-01 | 2014-02-12 | 中国移动通信集团公司 | Communication safety control method and device, first mobile terminal and mobile health device |
| CN104243493A (en) * | 2014-10-11 | 2014-12-24 | 上海众人科技有限公司 | Network identity authentication method and system |
| CN104243494A (en) * | 2014-10-11 | 2014-12-24 | 上海众人科技有限公司 | Data processing method |
| CN104579657A (en) * | 2013-10-11 | 2015-04-29 | 北大方正集团有限公司 | Method and device for identity authentication |
| CN104700137A (en) * | 2015-04-01 | 2015-06-10 | 成都艺辰德迅科技有限公司 | Information processing method based on Internet of Things |
| CN105049274A (en) * | 2014-04-29 | 2015-11-11 | Ls产电株式会社 | Power system |
| CN105409157A (en) * | 2013-07-29 | 2016-03-16 | 阿尔卡特朗讯 | Adaptive traffic encryption for optical networks |
| CN105591740A (en) * | 2014-10-20 | 2016-05-18 | 中国电信股份有限公司 | Information sending device and method, information receiving device and method, information transmission device and method |
| CN106850508A (en) * | 2015-12-07 | 2017-06-13 | 中国电信股份有限公司 | Secure Group Communication method and system and relevant device |
| CN107682152A (en) * | 2017-10-31 | 2018-02-09 | 洛阳师范学院 | A kind of group key agreement method based on symmetric cryptography |
| CN108712252A (en) * | 2018-05-29 | 2018-10-26 | 如般量子科技有限公司 | It is a kind of based on pool of symmetric keys and span centre after AKA identity authorization systems and method |
| CN108718302A (en) * | 2018-05-09 | 2018-10-30 | 北京邦邦共赢网络科技有限公司 | A kind of synchronous method of Message Record, device and equipment |
| CN108737091A (en) * | 2018-05-29 | 2018-11-02 | 如般量子科技有限公司 | A kind of class AKA identity authorization systems and method based on pool of symmetric keys and trunking traffic |
| CN108886466A (en) * | 2016-01-18 | 2018-11-23 | 牛津大学创新有限公司 | Improve security protocol |
| CN110383755A (en) * | 2017-01-05 | 2019-10-25 | 皇家飞利浦有限公司 | The network equipment and trusted third party's equipment |
| CN111740819A (en) * | 2020-07-01 | 2020-10-02 | 重庆理工大学 | Time-based one-time password method and system suitable for PLC |
| CN112713987A (en) * | 2020-12-10 | 2021-04-27 | 北京握奇数据股份有限公司 | System and method for establishing session key between CA and TA |
| CN113676448A (en) * | 2021-07-13 | 2021-11-19 | 上海瓶钵信息科技有限公司 | Off-line equipment bidirectional authentication method and system based on symmetric key |
| CN107872450B (en) * | 2016-09-22 | 2021-12-31 | Abb瑞士股份有限公司 | Secure communication method and system |
| US11288346B1 (en) * | 2014-03-03 | 2022-03-29 | Charles Schwab & Co., Inc. | System and method for authenticating users using weak authentication techniques, with differences for different features |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004102918A2 (en) * | 2003-05-16 | 2004-11-25 | Certicom Corp. | Key agreement and transport protocol |
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| CN101262333A (en) * | 2008-04-21 | 2008-09-10 | 上海大学 | A secure communication method between nodes in vehicular network |
| CN101442403A (en) * | 2008-12-25 | 2009-05-27 | 中国电子科技集团公司第五十四研究所 | Self-adapting method for exchanging composite cipher key and managing session cipher key |
| CN101702804A (en) * | 2009-11-23 | 2010-05-05 | 西安电子科技大学 | Two-party key agreement method based on self-certified public key |
-
2010
- 2010-08-03 CN CN2010102439570A patent/CN101917270B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004102918A2 (en) * | 2003-05-16 | 2004-11-25 | Certicom Corp. | Key agreement and transport protocol |
| CN101159556A (en) * | 2007-11-09 | 2008-04-09 | 清华大学 | Group key server based key management method in sharing encryption file system |
| CN101262333A (en) * | 2008-04-21 | 2008-09-10 | 上海大学 | A secure communication method between nodes in vehicular network |
| CN101442403A (en) * | 2008-12-25 | 2009-05-27 | 中国电子科技集团公司第五十四研究所 | Self-adapting method for exchanging composite cipher key and managing session cipher key |
| CN101702804A (en) * | 2009-11-23 | 2010-05-05 | 西安电子科技大学 | Two-party key agreement method based on self-certified public key |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118363A (en) * | 2011-11-17 | 2013-05-22 | 中国电信股份有限公司 | Method, system, terminal device and platform device of secret information transmission |
| CN103118363B (en) * | 2011-11-17 | 2016-07-27 | 中国电信股份有限公司 | A kind of method of mutual biography secret information, system, terminal unit and platform device |
| CN102694652B (en) * | 2012-01-13 | 2016-09-21 | 武传坤 | A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption |
| CN102694652A (en) * | 2012-01-13 | 2012-09-26 | 武传坤 | Method for realizing lightweight authenticated encryption by using symmetric cryptographic algorithm |
| CN102710421A (en) * | 2012-06-14 | 2012-10-03 | 深圳市中联创新自控系统有限公司 | Matched communication method |
| CN103581900A (en) * | 2012-08-01 | 2014-02-12 | 中国移动通信集团公司 | Communication safety control method and device, first mobile terminal and mobile health device |
| CN103581900B (en) * | 2012-08-01 | 2016-12-21 | 中国移动通信集团公司 | Communication safety control method, device, the first mobile terminal and mobile healthy equipment |
| CN105409157A (en) * | 2013-07-29 | 2016-03-16 | 阿尔卡特朗讯 | Adaptive traffic encryption for optical networks |
| CN104579657A (en) * | 2013-10-11 | 2015-04-29 | 北大方正集团有限公司 | Method and device for identity authentication |
| US11288346B1 (en) * | 2014-03-03 | 2022-03-29 | Charles Schwab & Co., Inc. | System and method for authenticating users using weak authentication techniques, with differences for different features |
| CN105049274B (en) * | 2014-04-29 | 2019-03-05 | Ls产电株式会社 | Electric system |
| CN105049274A (en) * | 2014-04-29 | 2015-11-11 | Ls产电株式会社 | Power system |
| CN104243494B (en) * | 2014-10-11 | 2018-01-23 | 上海众人网络安全技术有限公司 | A kind of data processing method |
| CN104243494A (en) * | 2014-10-11 | 2014-12-24 | 上海众人科技有限公司 | Data processing method |
| CN104243493A (en) * | 2014-10-11 | 2014-12-24 | 上海众人科技有限公司 | Network identity authentication method and system |
| CN105591740A (en) * | 2014-10-20 | 2016-05-18 | 中国电信股份有限公司 | Information sending device and method, information receiving device and method, information transmission device and method |
| CN104700137A (en) * | 2015-04-01 | 2015-06-10 | 成都艺辰德迅科技有限公司 | Information processing method based on Internet of Things |
| CN104700137B (en) * | 2015-04-01 | 2017-11-07 | 福州环亚众志计算机有限公司 | A kind of information processing method based on Internet of Things |
| CN106850508A (en) * | 2015-12-07 | 2017-06-13 | 中国电信股份有限公司 | Secure Group Communication method and system and relevant device |
| CN106850508B (en) * | 2015-12-07 | 2020-04-17 | 中国电信股份有限公司 | Security group communication method and system and related device |
| CN108886466A (en) * | 2016-01-18 | 2018-11-23 | 牛津大学创新有限公司 | Improve security protocol |
| CN107872450B (en) * | 2016-09-22 | 2021-12-31 | Abb瑞士股份有限公司 | Secure communication method and system |
| CN110383755A (en) * | 2017-01-05 | 2019-10-25 | 皇家飞利浦有限公司 | The network equipment and trusted third party's equipment |
| CN107682152A (en) * | 2017-10-31 | 2018-02-09 | 洛阳师范学院 | A kind of group key agreement method based on symmetric cryptography |
| CN107682152B (en) * | 2017-10-31 | 2020-12-22 | 洛阳师范学院 | Group key negotiation method based on symmetric cipher |
| CN108718302A (en) * | 2018-05-09 | 2018-10-30 | 北京邦邦共赢网络科技有限公司 | A kind of synchronous method of Message Record, device and equipment |
| CN108712252A (en) * | 2018-05-29 | 2018-10-26 | 如般量子科技有限公司 | It is a kind of based on pool of symmetric keys and span centre after AKA identity authorization systems and method |
| CN108712252B (en) * | 2018-05-29 | 2021-01-05 | 如般量子科技有限公司 | Symmetric key pool and relay-crossing based AKA identity authentication system and method |
| CN108737091B (en) * | 2018-05-29 | 2021-03-02 | 如般量子科技有限公司 | AKA-like identity authentication system and method based on symmetric key pool and relay communication |
| CN108737091A (en) * | 2018-05-29 | 2018-11-02 | 如般量子科技有限公司 | A kind of class AKA identity authorization systems and method based on pool of symmetric keys and trunking traffic |
| CN111740819A (en) * | 2020-07-01 | 2020-10-02 | 重庆理工大学 | Time-based one-time password method and system suitable for PLC |
| CN111740819B (en) * | 2020-07-01 | 2022-10-25 | 重庆理工大学 | Time-based one-time password method and system suitable for PLC |
| CN112713987A (en) * | 2020-12-10 | 2021-04-27 | 北京握奇数据股份有限公司 | System and method for establishing session key between CA and TA |
| CN112713987B (en) * | 2020-12-10 | 2022-07-26 | 北京握奇数据股份有限公司 | System and method for establishing session key between CA and TA |
| CN113676448A (en) * | 2021-07-13 | 2021-11-19 | 上海瓶钵信息科技有限公司 | Off-line equipment bidirectional authentication method and system based on symmetric key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101917270B (en) | 2012-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101917270B (en) | Weak authentication and key agreement method based on symmetrical password | |
| US11818681B2 (en) | Methods and architectures for secure ranging | |
| CN109600350B (en) | System and method for secure communication between controllers in a vehicle network | |
| Aman et al. | Low power data integrity in IoT systems | |
| CN104735068B (en) | Method based on the close SIP safety certification of state | |
| CN101005361B (en) | Server and software protection method and system | |
| CN111147225A (en) | Credible measurement and control network authentication method based on double secret values and chaotic encryption | |
| CN105162599B (en) | A kind of data transmission system and its transmission method | |
| CN103338448A (en) | Wireless local area network security communication method based on quantum key distribution | |
| CN108768930A (en) | A kind of encrypted transmission method of data | |
| CN104796265A (en) | Internet-of-things identity authentication method based on Bluetooth communication access | |
| CN103560879A (en) | Method for achieving lightweight authentication and key agreement | |
| CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
| CN106850207B (en) | Identity identifying method and system without CA | |
| CN100421372C (en) | Method of safety transmitting key | |
| CN103581173A (en) | Safe data transmission method, system and device based on industrial Ethernet | |
| CN105049401A (en) | Secure communication method based on intelligent vehicle | |
| WO2016058404A1 (en) | Entity authentication method and device based on pre-shared key | |
| KR101608815B1 (en) | Method and system for providing service encryption in closed type network | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN109309566B (en) | Authentication method, device, system, equipment and storage medium | |
| CN107682152B (en) | Group key negotiation method based on symmetric cipher | |
| CN104468126A (en) | Safety communication system and method | |
| CN113312608B (en) | Electric power metering terminal identity authentication method and system based on time stamp | |
| RU2645597C2 (en) | Method of authentication in data hidden terminal transmission channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |