CN101977198A - Inter-domain authentication and key negotiation method - Google Patents
Inter-domain authentication and key negotiation method Download PDFInfo
- Publication number
- CN101977198A CN101977198A CN2010105280123A CN201010528012A CN101977198A CN 101977198 A CN101977198 A CN 101977198A CN 2010105280123 A CN2010105280123 A CN 2010105280123A CN 201010528012 A CN201010528012 A CN 201010528012A CN 101977198 A CN101977198 A CN 101977198A
- Authority
- CN
- China
- Prior art keywords
- territory
- key
- node
- message
- shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to an inter-domain authentication and key negotiation method, which aims to solve the problems that the reliability of representative nodes of domains cannot be guaranteed and the efficiency of the key negotiation is low during the negotiation of a shared key in the prior art. A physical network for communication among nodes is converted into a logic network for inter-domain communication, and a shared key negotiation mechanism which takes the representative nodes in the domains as a center and in which ordinary nodes participate. The method comprises the following four steps of: a registering process, a communication process, a calculation process and the distribution of an intra-domain shared key, wherein in the register process, all nodes for the communication in the two domains register with a credible third party to acquire system public parameters and a node private key; in the communication process, the representative nodes of the domains calculate a temporary public key set of the domains by using the public parameters and send the temporary public key set to the opposite domain; in the calculation process, the representative nodes of the domains receive the temporary public key set sent by the opposite domain, and perform information interaction with all intra-domain ordinary nodes to calculate an inter-domain shared key; and in the distribution process of the intra-domain shared key, after acquiring the inter-domain shared key through calculation, the representative nodes distribute the inter-domain shared key to all intra-domain nodes, so that all nodes, which need to perform the communication, of the two domains acquire the shared key K.
Description
Technical field
The invention belongs to the network security technology field, relate in the network service the not mutual authentication between the same area and the safe practice of negotiating about cipher key shared.Based on encryption mechanism, proposed to authenticate and set up the method for sharing key between two territories based on attribute.
Background technology
In network service, the user between the same area often need not communicate.For guaranteeing between the user can secure exchange information, need between communicating pair, carry out authentication and set up shared session key, except cipher key interaction agreement based on PKIX PKI (Public Key Infrastructure), two side's IKEs based on identity also are the methods that often adopts, and can realize this demand for security.
Document " Two-Party Attribute-based Key Agreement Protocol in the Standard Model.International Symposium on Information Processing; August 21-23; 2009; 325-328 " has proposed a kind of two side's IKEs based on attribute, the main thought of this method is: read two sides' attribute information from trusted third party after, picked at random satisfies the polynomial computation of certain condition and the initial parameter of system is set, and utilizes this multinomial and user property collection can calculate user's sets of private keys.In cipher key agreement process, A selects a random number and utilizes the property set of open parameter of set system and B to calculate, but obtain a public information and send to B, B uses the sets of private keys of oneself and shines upon computation key by bilinearity after receiving this public information, in like manner A side utilizes public information that B side sends and the sets of private keys computation key of oneself, thereby both sides can successfully obtain a shared key.This method is directly used in authentication and key agreement existing problems between the territory, two territories of negotiating about cipher key shared just authenticate negotiation between the representation node in two territories, do not consider the integrity problem of representation node, so just give assailant's opportunity, can not effectively guarantee the fail safe of system; If will realize the Authentication and Key Agreement of all nodes in two territories, just need carry out in two territories the node number secondary key that multiplies each other consults, obviously reduced entire system efficient, especially when in the territory great deal of nodes being arranged, this can greatly increase the amount of calculation of key agreement.
Summary of the invention
Purpose of the present invention: in order to overcome reliability and the inefficient technical problem of key agreement that prior art can not ensure the representation node in territory when the negotiating about cipher key shared, the present invention proposes between a kind of territory authentication and cryptographic key negotiation method, allow in the arranging key process ordinary node also participates in negotiations process in the territory.The representation node in territory will carry out information interaction with the territory interior nodes in negotiations process, thereby makes territory interior nodes fellowship consult effectively to have ensured between the territory key agreement between authentication and reliable territory; After sharing the key agreement success, carry out secure distribution by representation node ordinary node in the territory, thereby all nodes have all obtained shared session key in the territory.This has not only guaranteed the fail safe of network service, and has improved the network service whole efficiency.
Authentication and cryptographic key negotiation method between the territory that the present invention proposes are converted to the logical network of communicating by letter between territory and the territory with the physical network of communicating by letter between the node, and setting up with representation node in the territory is the key agreement mechanism of center, ordinary node fellowship.So-called " territory " is exactly the set that all nodes in the representation node compass of competency form, and comprises representation node and ordinary node in the territory.Described representation node, the node of electing out by the territory interior nodes has only a representation node in each territory exactly, be mainly used between the territory and the territory in the forwarding of network data, realization network service.
For basic principle of the present invention is described, any two territory D1 and D2 that the present invention chooses in the network narrate its process.Authentication and cryptographic key negotiation method comprise shared key distribution process in registration process, communication process, computational process and the territory between the territory that the present invention proposes:
1) registration process
Territory D
1In all nodes register to the TTP of trusted third party, concrete steps are as follows:
The first step: territory D
1In all nodes node A that elects a deputy at random
0, A then
0Collect territory D
1In the information of all nodes, the set of structure key application information
Gather with identity information
And transmission message
Give TTP;
Second step: TTP receives territory D
1The message of sending
After, one group of random number t of picked at random
0, t
1..., t
i..., t
n∈ Z
* qWith satisfy f
1(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y
1And calculate open parameter (x),
Y=e (g, g)
yThe private key of (y is the private key of TTP) and each node
Send message by safe lane then
Give territory D
1Middle corresponding node A
i(i=0,1 ..., n);
Territory D
2In all nodes register to the TTP of trusted third party, concrete steps are as follows:
The first step: territory D
2In all nodes Node B that elects a deputy at random
0, B then
0Collect territory D
2In the information of all nodes, the set of structure key application information
Gather with identity information
And transmission message
Give TTP;
Second step: TTP receives territory D
2The information of sending
After, one group of random number l of picked at random
0, l
1..., l
j..., l
m∈ Z
* qWith satisfy f
2(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y
2And calculate open parameter (x),
Y=e (g, g)
yThe private key of (y is the private key of TTP) and each node
Send message by safe lane then
Give territory D
2Middle corresponding Node B
j(j=0,1 ..., m);
2) communication process
2.1) territory D
1In representation node A
0Random number x of picked at random
a∈ Z
* q, computational fields D
1Interim public key sets
Then with territory D
1Interim public key sets
Send to territory D
2In representation node B
0
2.2) territory D
2In representation node B
0Random number x of picked at random
b∈ Z
* q, computational fields D
2Interim public key sets
Then with territory D
2Interim public key sets
Send to territory D
2Representation node A
0
3) computational process
Territory D
1Other node is carried out following process in interior representation node and the territory:
The first step: territory D
1In representation node A
0Receive territory D
2In representation node B
0The interim public key sets of sending
After, the interim public key sets of other node broadcasts in the territory
Second step: territory D
1Interior i (i=1,2 ..., n) individual node A
iReceive representation node A
0The territory D that sends
2Interim public key sets
After, utilize oneself private key
Calculate the shared Sub key
And from node A
iWith node A
0Shared key
Derived cipher key
With the completeness check key
The 3rd step: node A
iUse encryption key
Encrypt the shared Sub key
Obtain ciphertext
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to representation node A
0
The 4th step: representation node A
0Receive node A
iThe message of sending
After, from node A
0With node A
iShared key
Derive decruption key
With the completeness check key
The 5th step: representation node A
0Use the integrality check key
To the message that receives
Recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use decruption key
To cipher-text information
Be decrypted and obtain node A
iThe shared Sub key that calculates
The 6th step: representation node A
0Receive that the message that each node is sent in the territory successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key
Then by this d shared Sub cipher key calculation territory D
1With territory D
2Shared key
Territory D
2Other node is carried out following process in interior representation node and the territory:
The first step: territory D
2In representation node B
0Receive territory D
1In representation node A
0The interim public key sets of sending
After, the interim public key sets of other node broadcasts in the territory
Second step: territory D
2Interior j (j=1,2 ..., m) individual Node B
jReceive representation node B
0The territory D that sends
1Public key sets
After, utilize oneself private key
Calculate the shared Sub key
And from Node B
jWith Node B
0Shared key
Derived cipher key
With the completeness check key
The 3rd step: Node B
jUse encryption key
Encrypt the shared Sub key
Obtain ciphertext
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to representation node B
0
The 4th step: representation node B
0Receive Node B
jThe message of sending
After, from Node B
0With Node B
jShared key
Derive decruption key
With the completeness check key
The 5th step: representation node B
0Use the integrality check key
To the message that receives
Recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use decruption key
To cipher-text information
Be decrypted and obtain Node B
jThe shared Sub key that calculates
The 6th step: representation node B
0Receive that the message that the territory interior nodes is sent successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key
Then by this d shared Sub cipher key calculation territory D
1With territory D
2Shared key
4) share the key distribution process in the territory
Territory D
1Representation node A
0Calculate and obtain territory D
1With territory D
2Shared key
After, carry out following steps:
The first step: territory D
1Representation node A
0Utilize and node A
i(i=1,2 ..., the n) encryption key that goes out of the shared key derivation between
Encrypt and share key
Obtain cipher-text message
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to i node A in the territory
i
Second step: territory interior nodes A
iReceive message
After recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use node A
iWith representation node A
0Between the decruption key that goes out of shared key derivation
Deciphering
Obtain territory D
1With territory D
2Shared key
Territory D
2Representation node B
0Calculate and obtain territory D
2With territory D
1Shared key
After, carry out following steps:
The first step: representation node B
0Utilize and Node B
j(j=1,2 ..., the n) encryption key that goes out of the shared key derivation between
Encrypt and share key
Obtain cipher-text message
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to j Node B in the territory
j
Second step: territory interior nodes B
jReceive message
After recomputate the message integrity check sign indicating number
And the message integrity check code that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use Node B
jWith representation node B
0Between the decruption key that goes out of shared key derivation
Deciphering
Obtain territory D
1With territory D
2Shared key
The beneficial effect that the present invention compared with prior art has:, ensured effectively between the territory that the safety of authentication and key agreement realizes by authentication and cryptographic key negotiation method between the territory.The territory interior nodes participates in consulting having overcome that traditional two sides authentication and key agreement carry out and the shortcoming that can not ensure the reliability of representation node between two representation nodes.Feasible authentication of the information interaction of ordinary node and key agreement are safe and reliable in representation node that this method proposes and the territory, between the territory after the representation node negotiating about cipher key shared success, transmit by representation node ordinary node in the territory, thereby all nodes have all obtained shared session key in the territory, and this has improved the fail safe and the communication efficiency of the whole system of network service effectively.
Description of drawings
Fig. 1. the flow chart of authentication and cryptographic key negotiation method between the territory
Explanation of nouns:
TTP: trusted third party;
Q: the big prime number that trusted third party chooses;
Y: the private key that trusted third party chooses;
G
1: the q rank module that TTP chooses;
G
2: the q rank multiplicative group that TTP chooses;
G: the G that trusted third party chooses
1Generator;
E: trusted third party chooses G
1And G
2On bilinear transformation, i.e. e:G
1* G
1→ G
2
Territory D
2In the identity information set of all nodes;
D: the threshold value of calculating the shared Sub key number of sharing the required territory interior nodes calculating of key;
f
1(x): satisfy f
1(0)=the d-1 order polynomial of y;
f
2(x): satisfy f
2(0)=the d-1 order polynomial of y;
x
a: representation node A
0A selected random number;
x
b: representation node B
0A selected random number;
Territory D
1In the interim PKI of i node;
K
A, b: the shared key in the territory between node a and the b;
KE
A, b: the encryption key that the shared key in the territory between node a and the b is derived;
KI
A, b: the completeness check key that the shared key in the territory between node a and the b is derived;
Node A in the computational process
iSend to representation node A
0The completeness check code of message;
Representation node A in the computational process
0Checking node A
iThe completeness check code that the message of sending is calculated;
Node B in the computational process
jSend to representation node B
0The completeness check code of message;
Representation node B in the computational process
0The checking Node B
jThe completeness check code that the message of sending is calculated;
Share representation node A in the key distribution in the territory
0Send to node A
iThe completeness check code of message;
Share node A in the key distribution in the territory
iChecking representation node A
0The completeness check code that the message of sending is calculated;
Share representation node B in the key distribution in the territory
0Send to Node B
jThe completeness check code of message;
Share Node B in the key distribution in the territory
jChecking representation node B
0The completeness check code that the message of sending is calculated;
E
x(s): plaintext s is encrypted with key x;
D
y(c): ciphertext c is deciphered with key y;
Embodiment
Authentication and cryptographic key negotiation method between the territory that the present invention proposes, the physical network of communicating by letter between the node is converted to the logical network of communicating by letter between territory and the territory, in the territory of wanting to communicate after trusted third party registration, only do not need once communication between same area negotiating about cipher key shared territory, just can make in the territory the required shared key of secure communication between all nodes acquisition territories by the information interaction between representation node in the territory and the ordinary node then.
Accompanying drawing 1 has provided between territory of the present invention the flow chart of authentication and cryptographic key negotiation method, territory D
1Xuan Ju representation node is A at random
0, territory D
2Xuan Ju representation node is B at random
0, a complete procedure of the Authentication and Key Agreement that carries out between them will be described below.
1) trusted third party sets up system parameters:
Trusted third party chooses the cyclic group (G on two q rank
1,+) and (G
2), wherein q is big prime number; G is G
1Generator; Make that e is G
1And G
2On bilinear transformation, i.e. e:G
1* G
1→ G
2
2) want the territory D that communicates
1With territory D
2Carry out following registration process with the TTP of trusted third party:
The territory
DAll nodes in 1 are as follows to the concrete steps that the TTP of trusted third party registers:
The first step: territory D
1In all nodes (supposing to have n+1 node) node A at random elects a deputy
0, representation node A
0To territory D
1In all nodes send the information of inquiring after, and collect territory D
1In the information of all nodes, the set of structure key application information
Gather with identity information
Send message then
Give TTP;
Second step: TTP receives territory D
1The message of sending
And after this message verified, one group of random number t of picked at random
0, t
1..., t
i..., t
n∈ Z
* qWith satisfy f
1(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y
1And calculate open parameter (x),
Y=e (g, g)
yThe private key of (y is the private key of TTP) and each node
Send message by safe lane then
Give territory D
1Middle corresponding node A
i(i=0,1 ..., n);
Territory D
2In all nodes as follows to the concrete steps that the TTP of trusted third party registers:
The first step: territory D
2In all nodes (supposing to have m+1 node) Node B at random elects a deputy
0, representation node B
0To territory D
2In all nodes send the information of inquiring after, and collect territory D
2In the information of all nodes, the set of structure key application information
Gather with identity information
Send message then
Second step: TTP receives territory D
2The information of sending and this information verified after, one group of random number l of picked at random
0, l
1..., l
j..., l
m∈ Z
* qWith satisfy f
2(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y
2And calculate open parameter (x),
Y=e (g, g)
yThe private key of (y is the private key of TTP) and each node
Send message by safe lane then
Give territory D
2Middle corresponding Node B
j(j=0,1 ..., m);
3) territory D
1With territory D
2After succeeding in registration, the TTP of trusted third party carries out following communication process:
3.1) territory D
1In representation node A
0Random number x of picked at random
a∈ Z
* q, computational fields D
1Interim public key sets
Then with territory D
1Interim public key sets
Send to territory D
2In representation node B
0
3.2) territory D
2In representation node B
0Random number x of picked at random
b∈ Z
* q, computational fields D
2Interim public key sets
Then with territory D
2Interim public key sets
Send to territory D
2Representation node A
0
4) territory D
1With territory D
2In representation node receive and carry out following computational process after the public key sets that the other side's representation node sends:
Territory D
1Ordinary node is carried out following process in interior representation node and the territory:
The first step: territory D
1In representation node A
0Receive territory D
2In representation node B
0The interim public key sets of sending
After, the interim public key sets of other node broadcasts in the territory
Second step: territory D
1Interior i (i=1,2 ..., n) individual node A
iReceive representation node A
0The territory D that sends
2Interim public key sets
After, utilize oneself private key
Calculate the shared Sub key
And from node A
iWith node A
0Shared key
Derived cipher key
With the completeness check key
The 3rd step: node A
iUse encryption key
Encrypt the shared Sub key
Obtain ciphertext
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to representation node A
0
The 4th step: representation node A
0Receive node A
iThe message of sending
After, from node A
0With node A
iShared key
Derive decruption key
With the completeness check key
The 5th step: representation node A
0Use the integrality check key
To the message that receives
Recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use decruption key
To cipher-text information
Be decrypted and obtain node A
iThe shared Sub key that calculates
The 6th step: representation node A
0Receive that the message that each node is sent in the territory successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key
Then by this d shared Sub cipher key calculation territory D
1With territory D
2Shared key
Territory D
2Ordinary node is carried out following process in interior representation node and the territory:
The first step: territory D
2In representation node B
0Receive territory D
1In representation node A
0The interim public key sets of sending
After, the interim public key sets of other node broadcasts in the territory
Second step: territory D
2Interior j (j=1,2 ..., m) individual Node B
jReceive representation node B
0The territory D that sends
1Public key sets
After, utilize oneself private key
Calculate the shared Sub key
And from Node B
jWith Node B
0Shared key
Derived cipher key
With the completeness check key
The 3rd step: Node B
jUse encryption key
Encrypt the shared Sub key
Obtain ciphertext
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to representation node B
0
The 4th step: representation node B
0Receive Node B
jThe message of sending
After, from Node B
0With Node B
jShared key
Derive decruption key
With the completeness check key
The 5th step: representation node B
0Use the integrality check key
To the message that receives
Recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use decruption key
To cipher-text information
Be decrypted and obtain Node B
jThe shared Sub key that calculates
The 6th step: representation node B
0Receive that the message that the territory interior nodes is sent successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key
Then by this d shared Sub cipher key calculation territory D
1With territory D
2Shared key
5) territory D
1With territory D
2The process of the shared key of all node distributions is as follows in the territory:
Territory D
1Representation node A
0Calculate and obtain territory D
1With territory D
2Shared key
Afterwards, carry out following steps:
The first step: territory D
1Representation node A
0Utilize and node A
i(i=1,2 ..., the n) encryption key that goes out of the shared key derivation between
Encrypt and share key
Obtain cipher-text message
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to i node A in the territory
i
Second step: territory interior nodes A
iReceive message
After recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use node A
iWith representation node A
0Between the decruption key that goes out of shared key derivation
Deciphering
Obtain territory D
1With territory D
2Shared key
Territory D
2Representation node B
0Calculate and obtain territory D
2With territory D
1Shared key
Afterwards, carry out following steps:
The first step: representation node B
0Utilize and Node B
j(j=1,2 ..., the n) encryption key that goes out of the shared key derivation between
Encrypt and share key
Obtain cipher-text message
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to j Node B in the territory
j
Second step: territory interior nodes B
jReceive message
After recomputate the message integrity check sign indicating number
And the message integrity check code that relatively receives
With calculate
Whether equate.If unequal, then abandon this message; If equate, then use Node B
jWith representation node B
0Between the decruption key that goes out of shared key derivation
Deciphering
Obtain territory D
1With territory D
2Shared key
By authentication and cryptographic key negotiation method between the territory of carrying out the present invention's proposition, want the territory D that communicates by letter
1With territory D
2In all nodes all obtained shared key K.
Claims (5)
1. authenticate and cryptographic key negotiation method between the territory, authentication and negotiating about cipher key shared between the territory that is used to want to communicate, it is characterized in that: the physical network of communicating by letter between the node is converted to the logical network of communicating by letter between territory and the territory, foundation is the shared key agreement mechanism of center, ordinary node fellowship with representation node in the territory, and this method comprises four steps:
1.1) registration process: two territory D that communicate
1And D
2, all nodes are registered to trusted third party in the territory, open parameter of acquisition system and node private key;
1.2) communication process: after registration is passed through, the interim public key sets in the open calculation of parameter territory of the representation node utilization in territory, and send to the other side territory;
1.3) computational process: the representation node in territory carries out information interaction with ordinary node in the territory after receiving the interim public key sets that the representation node in the other side territory sends, and calculates the inter-domain sharing key;
1.4) share key distribution in the territory: after representation node calculated and obtains the inter-domain sharing key, all nodes were distributed in the territory, made that all nodes all obtain to share session key in the territory.
2. authentication and cryptographic key negotiation method is characterized in that: two territory D that communicate between territory according to claim 1
1And D
2The registration process step as follows:
2.1 territory D
1In all nodes register to the TTP of trusted third party, concrete steps are as follows:
The first step: territory D
1In all nodes node A that elects a deputy at random
0, A then
0Collect territory D
1In the information of all nodes, the set of structure key application information
Gather with identity information
And transmission message
Give the TTP of trusted third party;
Second step: the TTP of trusted third party receives territory D
1The message of sending
After, one group of random number t of picked at random
0, t
1.., t
i..., t
n∈ Z
* qWith satisfy f
1(0)=the d-1 order polynomial f of y
1(x), " d is an integer, is the security parameter that sets in advance " calculates open parameter
Y=e (g, g)
yThe private key of " y is the private key of TTP " and each node
Send message by safe lane then
Give territory D
1Middle corresponding node A
i, i=0,1 ..., n;
2.2 territory D
2In all nodes register to the TTP of trusted third party, concrete steps are as follows:
The first step: territory D
2In all nodes Node B that elects a deputy at random
0, B then
0Collect territory D
2In the information of all nodes, the set of structure key application information
Gather with identity information
And transmission message
Give the TTP of trusted third party;
Second step: the TTP of trusted third party receives territory D
2The information of sending
After, one group of random number l of picked at random
0, l
1..., l
j..., l
m∈ Z
* qWith satisfy f
2(0)=the d-1 order polynomial f of y
2(x), " d is an integer, is the security parameter that sets in advance ", and calculate open parameter
Y=e (g, g)
yThe private key of " y is the private key of TTP " and each node
Send message by safe lane then
Give territory D
2Middle corresponding Node B
j, " j=0,1 ..., m ".
3. authentication and cryptographic key negotiation method is characterized in that: territory D between territory according to claim 1
1With territory D
2Between the communication process step as follows:
3.1 territory D
1In representation node A
0Random number x of picked at random
a∈ Z
* q, computational fields D
1Interim public key sets
Then with territory D
1Interim public key sets
Send to territory D
2In representation node B
0
4. authentication and cryptographic key negotiation method between territory according to claim 1, it is characterized in that: ordinary node carries out information interaction in the representation node in territory and the territory, and the process steps of calculating the inter-domain sharing key is as follows:
4.1 territory D
1Other node is carried out following steps in interior representation node and the territory:
The first step: territory D
1In representation node A
0Receive territory D
2In representation node B
0The interim public key sets of sending
After, the interim public key sets of other node broadcasts in the territory
Second step: territory D
1Interior i node A
i, " i=1,2 ..., n ", receive representation node A
0The territory D that sends
2Interim public key sets
After, utilize oneself private key
Calculate the shared Sub key
And from node A
iWith representation node A
0Shared key
Derived cipher key
With the completeness check key
The 3rd step: node A
iUse encryption key
Encrypt the shared Sub key
Obtain ciphertext
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to representation node A
0
The 4th step: representation node A
0Receive node A
iThe message of sending
After, from representation node A
0With node A
iShared key
Derive decruption key
With the completeness check key
The 5th step: representation node A
0Use the integrality check key
To the message that receives
Recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate,, then abandon this message if unequal; If equate, then use decruption key
To cipher-text information
Be decrypted and obtain node A
iThe shared Sub key that calculates
The 6th step: representation node A
0Receive that the message that each node is sent in the territory successfully obtains d-1 shared Sub key, and calculate the shared Sub key
Then by this d shared Sub cipher key calculation territory D
1With territory D
2Shared key
4.2 territory D
2Other node is carried out following steps in interior representation node and the territory:
The first step: territory D
2In representation node B
0Receive territory D
1In representation node A
0The interim public key sets of sending
After, the interim public key sets of other node broadcasts in the territory
Second step: territory D
2Interior j Node B
j, " j=1,2 ..., m ", receive representation node B
0The territory D that sends
1Public key sets
After, utilize oneself private key
Calculate the shared Sub key
And from Node B
jWith representation node B
0Shared key
Derived cipher key
With the completeness check key
The 3rd step: Node B
jUse encryption key
Encrypt the shared Sub key
Obtain ciphertext
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to representation node B
0
The 4th step: representation node B
0Receive Node B
jThe message of sending
After, from representation node B
0With Node B
jShared key
Derive decruption key
With the completeness check key
The 5th step: representation node B
0Use the integrality check key
To the message that receives
Recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate,, then abandon this message if unequal; If equate, then use decruption key
To cipher-text information
Be decrypted and obtain Node B
jThe shared Sub key that calculates
5. authentication and cryptographic key negotiation method between territory according to claim 1 is characterized in that: after representation node calculated and obtains the inter-domain sharing key in the territory, the step of carrying out shared key distribution in the territory was as follows:
5.1 territory D
1Representation node A
0Calculate and obtain territory D
1With territory D
2Shared key
After, carry out following steps:
The first step: territory D
1Representation node A
0Utilize and node A
i" i=1,2 ..., n " between the encryption key that goes out of shared key derivation
Encrypt and share key
Obtain cipher-text message
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to i node A in the territory
i
Second step: territory interior nodes A
iReceive message
After recomputate the message integrity check sign indicating number
And the message integrity check sign indicating number that relatively receives
With calculate
Whether equate,, then abandon this message if unequal; If equate, then use node A
iWith representation node A
0Between the decruption key that goes out of shared key derivation
Deciphering
Obtain territory D
1With territory D
2Shared key
5.2 territory D
2Representation node B
0Calculate and obtain territory D
2With territory D
1Shared key
After, carry out following steps:
The first step: representation node B
0Utilize and Node B
j" j=1,2 ..., n " between the encryption key that goes out of shared key derivation
Encrypt and share key
Obtain cipher-text message
And use the integrality check key
Calculate message
Completeness check code
Then with message
Send to j Node B in the territory
j
Second step: territory interior nodes B
jReceive message
After recomputate the message integrity check sign indicating number
And the message integrity check code that relatively receives
With calculate
Whether equate,, then abandon this message if unequal; If equate, then use Node B
jWith representation node B
0Between the decruption key that goes out of shared key derivation
Deciphering
Obtain territory D
1With territory D
2Shared key
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010528012 CN101977198B (en) | 2010-10-29 | 2010-10-29 | Inter-domain authentication and key negotiation method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 201010528012 CN101977198B (en) | 2010-10-29 | 2010-10-29 | Inter-domain authentication and key negotiation method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101977198A true CN101977198A (en) | 2011-02-16 |
CN101977198B CN101977198B (en) | 2013-09-25 |
Family
ID=43577043
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 201010528012 Expired - Fee Related CN101977198B (en) | 2010-10-29 | 2010-10-29 | Inter-domain authentication and key negotiation method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101977198B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107888A (en) * | 2013-01-24 | 2013-05-15 | 贵州大学 | Dynamic multi-attribute multilevel identity authentication method for mobile terminal (MT) |
CN104303450A (en) * | 2012-05-21 | 2015-01-21 | 皇家飞利浦有限公司 | Determination of cryptographic keys |
CN104363208A (en) * | 2014-10-29 | 2015-02-18 | 中国建设银行股份有限公司 | Computer intercluster key management method and system |
CN104917604A (en) * | 2014-03-12 | 2015-09-16 | 北京信威通信技术股份有限公司 | Key distribution method |
CN108347330A (en) * | 2017-01-24 | 2018-07-31 | 北京百度网讯科技有限公司 | A kind of method and apparatus of secure communication |
CN108847928A (en) * | 2018-04-26 | 2018-11-20 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on group's type quantum key card |
CN109257173A (en) * | 2018-11-21 | 2019-01-22 | 郑州轻工业学院 | Asymmetric group key agreement method based on authority information exchange |
CN112654042A (en) * | 2020-12-24 | 2021-04-13 | 中国电子科技集团公司第三十研究所 | Bidirectional identity authentication method based on lightweight CA, computer program and storage medium |
CN116962079A (en) * | 2023-09-19 | 2023-10-27 | 浙江大华技术股份有限公司 | Internet of things authentication method, device, internet of things authentication system and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004336363A (en) * | 2003-05-07 | 2004-11-25 | Sharp Corp | Data communication apparatus and data communication method |
CN1801696A (en) * | 2006-01-13 | 2006-07-12 | 南京邮电大学 | Key managing project for virtual organization under gridding computer environment |
WO2008061344A1 (en) * | 2006-11-20 | 2008-05-29 | Tet Hin Yeap | System and method for secure electronic communication services |
CN101715186A (en) * | 2009-11-20 | 2010-05-26 | 西安电子科技大学 | Secret sharing based safety communication method of wireless sensor network |
-
2010
- 2010-10-29 CN CN 201010528012 patent/CN101977198B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004336363A (en) * | 2003-05-07 | 2004-11-25 | Sharp Corp | Data communication apparatus and data communication method |
CN1801696A (en) * | 2006-01-13 | 2006-07-12 | 南京邮电大学 | Key managing project for virtual organization under gridding computer environment |
WO2008061344A1 (en) * | 2006-11-20 | 2008-05-29 | Tet Hin Yeap | System and method for secure electronic communication services |
CN101715186A (en) * | 2009-11-20 | 2010-05-26 | 西安电子科技大学 | Secret sharing based safety communication method of wireless sensor network |
Non-Patent Citations (3)
Title |
---|
侯孟波: "《基于无证书的两方认证密钥协商协议》", 《中国博士学位论文全文数据库》 * |
侯孟波等: "《基于无证书的两方认证密钥协商协议》", 《软件学报》 * |
汪小芬等: "《认证群密钥协商协议的安全性分析与改进》", 《电子科技大学学报》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104303450A (en) * | 2012-05-21 | 2015-01-21 | 皇家飞利浦有限公司 | Determination of cryptographic keys |
CN103107888B (en) * | 2013-01-24 | 2015-11-18 | 贵州大学 | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level |
CN103107888A (en) * | 2013-01-24 | 2013-05-15 | 贵州大学 | Dynamic multi-attribute multilevel identity authentication method for mobile terminal (MT) |
CN104917604A (en) * | 2014-03-12 | 2015-09-16 | 北京信威通信技术股份有限公司 | Key distribution method |
CN104917604B (en) * | 2014-03-12 | 2018-05-11 | 北京信威通信技术股份有限公司 | A kind of method for distributing key |
CN104363208B (en) * | 2014-10-29 | 2018-08-07 | 中国建设银行股份有限公司 | Key management method and system between a kind of computer cluster |
CN104363208A (en) * | 2014-10-29 | 2015-02-18 | 中国建设银行股份有限公司 | Computer intercluster key management method and system |
CN108347330A (en) * | 2017-01-24 | 2018-07-31 | 北京百度网讯科技有限公司 | A kind of method and apparatus of secure communication |
CN108847928A (en) * | 2018-04-26 | 2018-11-20 | 如般量子科技有限公司 | The communication system and communication means of the transmission of information encryption and decryption are realized based on group's type quantum key card |
CN108847928B (en) * | 2018-04-26 | 2021-04-06 | 如般量子科技有限公司 | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card |
CN109257173A (en) * | 2018-11-21 | 2019-01-22 | 郑州轻工业学院 | Asymmetric group key agreement method based on authority information exchange |
CN109257173B (en) * | 2018-11-21 | 2020-02-07 | 郑州轻工业学院 | Asymmetric group key negotiation method based on authority information exchange |
CN112654042A (en) * | 2020-12-24 | 2021-04-13 | 中国电子科技集团公司第三十研究所 | Bidirectional identity authentication method based on lightweight CA, computer program and storage medium |
CN116962079A (en) * | 2023-09-19 | 2023-10-27 | 浙江大华技术股份有限公司 | Internet of things authentication method, device, internet of things authentication system and storage medium |
CN116962079B (en) * | 2023-09-19 | 2023-12-15 | 浙江大华技术股份有限公司 | Internet of things authentication method, device, internet of things authentication system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN101977198B (en) | 2013-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101977198B (en) | Inter-domain authentication and key negotiation method | |
CN106302406B (en) | Close car networking condition method for secret protection and system are signed based on the polymerization of no certificate | |
Wang | An identity-based data aggregation protocol for the smart grid | |
Zhao et al. | An efficient certificateless aggregate signature scheme for the Internet of Vehicles | |
CN107707360B (en) | Heterogeneous polymerization signcryption method in Internet of things environment | |
CN103731261B (en) | Secret key distribution method under encrypted repeating data deleted scene | |
CN106131059B (en) | A kind of car networking condition method for secret protection and system based on no certificate aggregate signature | |
CN104038341B (en) | A kind of cross-system of identity-based acts on behalf of re-encryption method | |
Wei et al. | A privacy-preserving fog computing framework for vehicular crowdsensing networks | |
CN102523093B (en) | Encapsulation method and encapsulation system for certificate-based key with label | |
CN103702326B (en) | A kind of Certificateless key agreement method based on mobile Ad Hoc network | |
CN108667616A (en) | Across cloud security Verification System based on mark and method | |
CN104219056A (en) | Privacy protection type real-time electric charge collecting method for intelligent power grid | |
CN104052608A (en) | Certificate-free remote anonymous authentication method based on third party in cloud application | |
CN105141425A (en) | Bidirectional authentication method capable of protecting identity based on chaotic mapping | |
CN104363218A (en) | Proxy re-encryption method and system on basis of certificate conditions | |
CN105610773A (en) | Communication encryption method of electric energy meter remote meter reading | |
CN102223629B (en) | Distribution method of threshold keys of mobile Ad hoc network | |
CN104767612A (en) | Signcryption method from certificateless environment to public key infrastructure environment | |
CN104767611B (en) | It is a kind of from PKIX environment to the label decryption method without certificate environment | |
CN104967517A (en) | Network data aggregation method for wireless sensor | |
CN104821880A (en) | Certificate-free generalized proxy signcryption method | |
CN101267301A (en) | Identity authentication and secret key negotiation method and device in communication network | |
Zhang et al. | Identity-based authenticated asymmetric group key agreement protocol | |
CN105450623A (en) | Access authentication method of electric automobile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130925 Termination date: 20181029 |