CN103118009A - Authentication key exchange method and system - Google Patents

Abstract

The invention belongs to the technical field of network safety and provides an authentication key exchange method and a system. According to the authentication key exchange method, a first authentication key exchanging part exchanges information according to public parameters, a service authentication request and an authentication key, confirms corresponding threshold access structure and calculation ciphertext, and calculates a first sharing session key by combining with an identity private key, and a second authentication key exchanging part calculates a second sharing session key according to the sherohold access structure, an identity public key, an identity ciphering public key, the ciphertex and an attribute set private key. According to the authentication key exchange method and the system, no complex management and identification of a public key certificate are needed, implicit key authentication is achieved, requirement of privacy safe application is satisfied, anonymous communication and anonymous access of a receiving part and a sending part are achieved, and executing time and the cost of communication are reduced by the adoption of one round of interaction.

Description

A kind of authenticate key switching method and system

Technical field

The invention belongs to network safety filed, relate in particular to a kind of authenticate key switching method and system.

Background technology

Authenticate and key exchange protocol is a kind of in order to guaranteeing the important protocol of Network Communicate Security, and it will authenticate and cipher key change combines, and guarantee the secure communication of open network environment, is the basic module of structure safety, complexity and upper-layer protocol.

Along with the proposition based on the identification cipher system, the ID-based cryptography IKE has appearred.This agreement need not complicated public key certificate management and differentiates, but the each side that requires to participate in the authenticate key exchange all need have definite identity information, is unfavorable for realizing the personal secrets services such as anonymous communication and the control of information anonymous access.

Summary of the invention

The object of the present invention is to provide a kind of authenticate key switching method, be intended to solve existing ID-based cryptography IKE requirement and participate in each side and have definite identity information, be unfavorable for realizing the problem of personal secrets service.

The present invention is achieved in that a kind of authenticate key switching method, and described method comprises:

Step S1: calculate the property set private key of the identity public key of identity ciphering public keys, the first authenticate key exchange side and identity private key, the second authenticate key exchange side, and set up common parameter;

Step S2: service authentication request and authenticate key exchange message that described the first authenticate key exchange root sends according to described common parameter and described the second authenticate key exchange side, determine corresponding thresholding access structure, calculate ciphertext, and calculate first in conjunction with described identity private key and share session key, described the second authenticate key exchange root calculates second according to described thresholding access structure, described identity public key, described identity ciphering public keys, described ciphertext, described property set private key and shares session key.

Another object of the present invention is to provide a kind of authenticate key switching system, described system comprises:

Initialization unit, the identity public key and identity private key, the authenticate key that are used for calculating identity ciphering public keys, authenticate key exchange one side exchange the opposing party's property set private key, and set up common parameter;

The first authenticate key exchange side as described authenticate key exchange one side, be used for service authentication request and authenticate key exchange message according to described common parameter and described authenticate key exchange the opposing party transmission, determine corresponding thresholding access structure, calculate ciphertext, and calculate first in conjunction with identity private key and share session key;

The second authenticate key exchange side as described authenticate key exchange the opposing party, be used for sending described service authentication request and described authenticate key exchange message to described the first authenticate key exchange side, and according to described thresholding access structure, described identity public key, described identity ciphering public keys, described ciphertext, the shared session key of described property set private key calculating second.

Authenticate key switching method provided by the invention and system are integrated with encryption attribute and identity ciphering, have following advantage: 1, relatively traditional public key cryptography, and the method and system need not complicated public key certificate management and differentiate; 2, owing to only having the user who satisfies corresponding authentication access structure could set up consistent session key with the user with identity, thereby realized the implicit expression key authentication, and realized to the side's real name of communicating by letter, to authentication and the session key exchange mode of communication the opposing party anonymity, satisfied growing personal secrets application demand, as transmit leg/recipient's anonymous communication and anonymous access control etc.; 3, owing to being to adopt one to take turns alternately, thereby greatly reduced the expense of time of implementation and the traffic.

Description of drawings

Fig. 1 is the flow chart of authenticate key switching method provided by the invention;

Fig. 2 is in the present invention, the interaction figure of the first authenticate key exchange side and the second authenticate key exchange side;

Fig. 3 is the structure chart of authenticate key switching system provided by the invention;

Fig. 4 is in Fig. 3, the structure chart of initialization unit;

Fig. 5 is in Fig. 3, the structure chart of the first authenticate key exchange side and the second authenticate key exchange side;

Fig. 6 is in the present invention's one example, the structure chart of Internet of Things Mobile RFID system.

Embodiment

In order to make purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.

Problem for prior art exists the present invention proposes a kind of authenticate key switching method, and the method is integrated with encryption attribute and identity ciphering, and adopts one to take turns interactive mode.

Fig. 1 shows the flow process of authenticate key switching method provided by the invention, comprising:

Step S1: calculate the property set private key of the identity public key of identity ciphering public keys, the first authenticate key exchange side and identity private key, the second authenticate key exchange side, and set up common parameter.Step S1 further comprises:

Step S11: utilize given security parameter λ, setting up rank is the first Bilinear Groups G of prime number p ₀, the second double line group G ₁With the 3rd Bilinear Groups G ₂, and the bilinear map e:G that sets up non degenerate and can effectively calculate ₀* G ₁→ G ₂Afterwards, from the first Bilinear Groups G ₀Generator in choose at random the first generator g and the second generator P, and satisfy g ≠ P; From the second double line group G ₁Generator in choose at random the 3rd generator h.Wherein, the position of prime number p is long is the λ bit.

Step S12: choose the first hash function

The second hash function H ₁: { 0,1} ^*→ G ₁ ^*With the 3rd hash function H ₂: G ₂→ { 0,1} ^λChoose at random afterwards

And α ≠ γ, wherein,

The multiplication of integers group of expression mould p.

Step S13: calculate identity ciphering public keys P _pub=P ^α

Step S14: utilize given required attribute space U={a ₁..., a _MAnd the maximum authorization set attribute of given access structure number m(2≤m≤M), set up common parameter $\mathrm{params}=(p,G_0,G_1,G_2,e,P,P_{\mathrm{pub}},U,m,u,v,{\left\{h^{{\mathrm{\α\γ}}^i}\right\}}_{i=0}^{2m-1},D,H_0,H_1,H_2).$ Wherein, u=g ^{α γ}, v=e (g ^α, h), set And in D, element is unequal mutually, and note set D _i={ d ₁..., d _i(1≤i≤m-1),

And $d_i\∉X,$ Set $X={\left\{H_0\left(a_i\right)\right\}}_{i=1}^M.$

Step S15: the identity public key that calculates the first authenticate key exchange side

And identity private key

Wherein, the open identity ID of the first authenticate key exchange side _S∈ { 0,1} ^*

Step S16: the property set private key that calculates the second authenticate key exchange side

Wherein, A _CBe the property set of the second authenticate key exchange side, and have $A_C\⋐U;$ $k_C\∈Z_p^{*}.$

Step S2: service authentication request and authenticate key exchange message that the first authenticate key exchange root sends according to common parameter and the second authenticate key exchange side, determine corresponding thresholding access structure, calculate ciphertext, and calculate first in conjunction with identity private key and share session key, the second authenticate key exchange root calculates second according to thresholding access structure, identity public key, identity ciphering public keys, ciphertext, property set private key and shares session key.As shown in Figure 2, step S2 further comprises:

Step S21: the second authenticate key exchange side chooses the first temporary private Calculate the authenticate key exchange message according to the first temporary private

And send service authentication request and authenticate key exchange message to described the first authenticate key exchange side.

Step S22: the first authenticate key exchange root is determined corresponding thresholding access structure (A according to the service authentication request _S, t) as certification policy.Wherein,

And 1≤t≤s=|A _S|≤m.

Step S23: the first authenticate key exchange side chooses the second temporary private

According to thresholding access structure, the second temporary private and common parameter, calculate ciphertext.

In the present invention, ciphertext comprises the first ciphertext C ₁With the second ciphertext C ₂, and

Wherein, calculating the second ciphertext C ₂The time, need index is launched, utilize afterwards common parameter

In

Calculate.

Step S24: fit part of private key of the first authenticate key exchange reef knot calculates first and shares session key $k_{\mathrm{SC}}=H_2\left(e(P^{r_C},d_{{\mathrm{ID}}_S})\right)\⊕H_2\left(v^{r_S}\right).$

Step S25: first authenticate key change of direction the second authenticate key exchange side sends ciphertext and thresholding access structure.

Step S26: the second authenticate key exchange root judges that according to the thresholding access structure whether property set AC satisfies access structure, namely judges A _CWhether satisfy | A _C∩ A _S| 〉=t is execution in step S27, otherwise stops authentication.

Step S27: the second authenticate key exchange root calculates second and shares session key according to identity public key, identity ciphering public keys, ciphertext, property set private key.

In the present invention, step S27 comprises again following substep:

Step S271: choose set C _S, satisfy And | C _S|=t.

Step S272: according to aggregating algorithm, calculate

Wherein, W is

The array that set element forms, B is

The array that set element forms.The following a kind of optimal way that shows aggregating algorithm:

Step S273: calculate $L=e(g^{\frac{k_C}{{\mathrm{\Π}}_{a_i\∈C_S}(\mathrm{\γ}+H_0\left(a_i\right))}},C_2)={e(g,h)}^{k_C\·r_S\·\mathrm{\α}\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}(\mathrm{\γ}+H_0\left(a_i\right))\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}(\mathrm{\γ}+d)}.$

Step S274: definition $P_{(C_S,A_S)}\left(\mathrm{\γ}\right)=\frac{1}{\mathrm{\γ}}(\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}(\mathrm{\γ}+H_0\left(a_i\right))\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}(\mathrm{\γ}+d)-\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d),$ By in the property set private key of the second authenticate key exchange side

The private key composition calculates

Step S275: calculate $e(C_1,h^{k_C{P}_{(C_S,A_S)}\left(\mathrm{\γ}\right)})\·L=e{(g,h)}^{r_S\·k_C\·\mathrm{\α}\·\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d},$ $e{(g,h)}^{r_S\·k_C\·\mathrm{\α}}={(e(C_1,h^{k_C{P}_{(C_S,A_S)}\left(\mathrm{\γ}\right)})\·L)}^{1/\left(\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d\right)}.$

Step S276: calculate $e(C_1,h^{\frac{k_C-1}{\mathrm{\γ}}})=e{(g,h)}^{-r_S\·\mathrm{\α}\·k_C}\·e{(g,h)}^{r_S\·\mathrm{\α}}.$

Step S277: calculate $e{(g,h)}^{r_S\·\mathrm{\α}}=e(C_1,h^{\frac{k_C-1}{\mathrm{\γ}}})\·{(e(C_1,h^{k_C{P}_{(C_S,A_S)}\left(\mathrm{\γ}\right)})\·L)}^{1/\left(\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d\right)}.$

Step S278: calculate second and share session key

Further, after step S2, the present invention can also comprise:

In the present invention, it is identical that the first shared session key and second is shared session key, and its consistency is described as follows:

$k_{\mathrm{CS}}=H_2\left(e({P_{\mathrm{pub}}}^{r_C},Q_{{\mathrm{ID}}_S})\right)\⊕H_2\left(e{(g,h)}^{r_S\·\mathrm{\α}}\right)$

$=H_2\left(e(P^{r_C},{Q_{{\mathrm{ID}}_S}}^{\mathrm{\α}})\right)\⊕H_2\left(e{(g^{\mathrm{\α}},h)}^{r_S}\right)$

$=H_2\left(e(P^{r_C},d_{{\mathrm{ID}}_S})\right)\⊕H_2\left(v^{r_S}\right)$

$=k_{\mathrm{SC}}$

Fig. 3 shows the structure of authenticate key switching system provided by the invention, for convenience of explanation, only shows part related to the present invention.

Specifically, authenticate key switching system provided by the invention comprises: initialization unit 11, the identity public key and identity private key, the authenticate key that are used for calculating identity ciphering public keys, authenticate key exchange one side exchange the opposing party's property set private key, and set up common parameter; The first authenticate key exchange side 12 as authenticate key exchange one side, be used for service authentication request and authenticate key exchange message according to common parameter and authenticate key exchange the opposing party transmission, determine corresponding thresholding access structure, calculate ciphertext, and calculate first in conjunction with identity private key and share session key; The second authenticate key exchange side 13 as authenticate key exchange the opposing party, be used for sending service authentication request and authenticate key exchange message to the first authenticate key exchange side 12, and according to thresholding access structure, identity public key, identity ciphering public keys, ciphertext, the shared session key of property set private key calculating second.

As shown in Figure 4, initialization unit 11 can comprise: first chooses module 111, is used for utilizing given security parameter λ, and setting up rank is the first Bilinear Groups G of prime number p ₀, the second double line group G ₁With the 3rd Bilinear Groups G ₂, and the bilinear map e:G that sets up non degenerate and can effectively calculate ₀* G ₁→ G ₂, afterwards, from the first Bilinear Groups G ₀Generator in choose at random the first generator g and the second generator P, and satisfy g ≠ P; From the second double line group G ₁Generator in choose at random the 3rd generator h, wherein, prime number p the position long be the λ bit; Second chooses module 112, is used for choosing the first hash function The second hash function H ₁: { 0,1} ^*→ G ₁ ^*With the 3rd hash function H ₂: G ₂→ { 0,1} ^λ, choose at random afterwards

And α ≠ γ; The first computing module 113 is used for calculating identity ciphering public keys P _pub=P ^αSet up module 114, be used for utilizing given required attribute space U={a ₁..., a _MAnd the maximum authorization set attribute of given access structure number m(2≤m≤M), set up common parameter $\mathrm{params}=(p,G_0,G_1,G_2,e,P,P_{\mathrm{pub}},U,m,u,v,{\left\{h^{{\mathrm{\α\γ}}^i}\right\}}_{i=0}^{2m-1},D,H_0,H_1,H_2),$ Wherein, u=g ^{α γ}, v=e (g ^α, h), set

And in D, element is unequal mutually, and is designated as D _i={ d ₁..., d _i(1≤i≤m-1),

And

Set

The second computing module 115 be used for to calculate the identity public key of the first authenticate key exchange side

And identity private key

Wherein, the open identity ID of the first authenticate key exchange side _S∈ { 0,1} ^*The 3rd computing module 116 be used for to calculate the property set private key of the second authenticate key exchange side Wherein, A _CBe the property set of the second authenticate key exchange side, and have $A_C\⋐U;$ $k_C\∈Z_p^{*}.$

As shown in Figure 5, the first authenticate key exchange side 12 can comprise: the thresholding access structure is confirmed module 121, is used for according to the service authentication request, determines corresponding thresholding access structure (A _S, t) as certification policy, wherein,

And 1≤t≤s=|A _S|≤m; The 4th computing module 122 is used for according to thresholding access structure and common parameter, calculates ciphertext, to the description of this ciphertext and computational methods as mentioned above, is not repeated herein; The 5th computing module 123 is used for calculating first in conjunction with identity private key and shares session key

The first sending module 124 is used for sending ciphertext and thresholding access structure to the second authenticate key exchange side.

As shown in Figure 5, the second authenticate key exchange side 13 can comprise: the second sending module 131, be used for sending service authentication request and authenticate key exchange message to the first authenticate key exchange side, the description of this authenticate key exchange message is not repeated herein as mentioned above; Judge module 133 is used for according to the thresholding access structure, judgement property set A _CWhether satisfy access structure, namely judge A _CWhether satisfy | A _C∩ A _S| 〉=t; The 6th computing module 132 is used for as judge module 133 judgement property set A _CWhen satisfying access structure, according to identity public key, identity ciphering public keys, ciphertext, property set private key, calculate second and share session key.Wherein, as above step S271 is described to step S278 for the process of the 6th computing module 132 calculating the second shared session keys, is not repeated herein.

Due in the prior art, Internet of Things Mobile RFID system is widely applied in fields such as identification automatically, mobile payment, information inquiries, also brought serious personal secrets problem in the user friendly while, for example, the information of RFID tag is maliciously followed the tracks of and is monitored etc. by information service provider by mobile communication terminal in unauthorized access, system, therefore, be necessary application authorization key exchange method and system in Internet of Things Mobile RFID system, to set up safe communication link.The below is the above-mentioned authenticate key switching method of explanation and system as an example of Internet of Things Mobile RFID system example just:

As shown in Figure 6, this Internet of Things Mobile RFID system comprises at least: mobile communication terminal, privacy management service system and information service system, realize interconnected by mobile network or other wireless network between the three.Wherein, mobile communication terminal is equivalent to the second authenticate key exchange side, and it has been embedded in the radio-frequency identification reader/writer chip; Information service system as the service background of mobile communication terminal, can be for example electronic product code information service system (Electronic Product Code Information Services, EPCIS), and it is equivalent to the first authenticate key exchange side; Be integrated with above-mentioned initialization unit 11 in the privacy management service system.

At first, the initialization unit 11 in the privacy management service system is carried out above-mentioned steps S1, realizes system initialization, is not repeated herein.Wherein, in initialization unit 11 processes, thresholding access structure (A _S, be t) that the owner of electronic product code label is according to label information COS S _TYPEThe access control policy of customization.

Afterwards, before carrying out reliable communication, mobile communication terminal sends service authentication request and authenticate key exchange message to information service system, and this service authentication request comprises electronic product code and label information thereof.Information service system is determined the thresholding access structure after receiving service authentication request and authenticate key exchange message, calculate ciphertext, and calculates first and share session key, its computational process as above step S23 and step S24 described, be not repeated herein.

Afterwards, information service system sends to mobile communication terminal with thresholding access structure, ciphertext, and mobile communication terminal is according to as above step S26 is to step S27, and session key is shared in calculating second.

In this example, only have the mobile communication terminal user that satisfies corresponding access control policy and the real information service system of the required access of user, could set up consistent session key, thereby realized the implicit expression key authentication between mobile communication terminal user and information service system, both sides use session key to carry out corresponding information service subsequently, thereby have guaranteed information integrity and confidentiality; In addition, mobile communication terminal user registers and obtains its property set private key with true identity in the privacy management service system, carry out attribute deciphering and session key according to access structure in the authenticate key exchange process, thereby gain access, therefore, assailant and information service system can't be obtained personal part really of mobile communication terminal user, can only obtain the fuzzy identity (being the part property set) of mobile communication terminal user from access structure, realize the anonymity of mobile communication terminal user.

In sum, authenticate key switching method provided by the invention and system are integrated with encryption attribute and identity ciphering, have following advantage: 1, relatively traditional public key cryptography, and the method and system need not complicated public key certificate management and differentiate; 2, owing to only having the user who satisfies corresponding authentication access structure could set up consistent session key with the user with identity, thereby realized the implicit expression key authentication, and realized to the side's real name of communicating by letter, to authentication and the session key exchange mode of communication the opposing party anonymity, satisfied growing personal secrets application demand, as transmit leg/recipient's anonymous communication and anonymous access control etc.; 3, owing to being to adopt one to take turns alternately, thereby greatly reduced the expense of time of implementation and the traffic; 4, there is certain deviation in the property set that uses due to the ciphertext policy attribute cryptographic algorithm Password-Enabled side of thresholding access structure and deciphering side, thereby easily realizes access control policy flexibly, more can effectively protect deciphering person's privacy of identities.

One of ordinary skill in the art will appreciate that all or part of step that realizes in above-described embodiment method is can control relevant hardware by program to complete, described program can be in being stored in a computer read/write memory medium, described storage medium is as ROM/RAM, disk, CD etc.

The above is only preferred embodiment of the present invention, not in order to limiting the present invention, all any modifications of doing within the spirit and principles in the present invention, is equal to and replaces and improvement etc., within all should being included in protection scope of the present invention.

Claims (9)

1. an authenticate key switching method, is characterized in that, described method comprises:

Step S1: calculate the property set private key of the identity public key of identity ciphering public keys, the first authenticate key exchange side and identity private key, the second authenticate key exchange side, and set up common parameter;

Step S2: service authentication request and authenticate key exchange message that described the first authenticate key exchange root sends according to described common parameter and described the second authenticate key exchange side, determine corresponding thresholding access structure, calculate ciphertext, and calculate first in conjunction with described identity private key and share session key, described the second authenticate key exchange root calculates second according to described thresholding access structure, described identity public key, described identity ciphering public keys, described ciphertext, described property set private key and shares session key.

2. authenticate key switching method as claimed in claim 1, is characterized in that, described step S1 comprises:

Step S11: utilize given security parameter λ, setting up rank is the first Bilinear Groups G of prime number p ₀, the second double line group G ₁With the 3rd Bilinear Groups G ₂, and the bilinear map e:G that sets up non degenerate and can effectively calculate ₀* G ₁→ G ₂, afterwards, from described the first Bilinear Groups G ₀Generator in choose at random the first generator g and the second generator P, and satisfy g ≠ P, from described the second double line group G ₁Generator in choose at random the 3rd generator h, described prime number p the position long be the λ bit;

Step S12: choose the first hash function

The second hash function H ₁: { 0,1} ^*→ G ₁ ^*With the 3rd hash function H ₂: G ₂→ { 0,1} ^λ, choose at random afterwards

And α ≠ γ, wherein,

The multiplication of integers group of expression mould p;

Step S13: calculate identity ciphering public keys P _pub=P ^α

Step S14: utilize given required attribute space U={a ₁..., a _MAnd the maximum authorization set attribute of given access structure number m(2≤m≤M), set up common parameter $\mathrm{params}=(p,G_0,G_1,G_2,e,P,P_{\mathrm{pub}},U,m,u,v,{\left\{h^{{\mathrm{\α\γ}}^i}\right\}}_{i=0}^{2m-1},D,H_0,H_1,H_2),$ Wherein, u=g ^{α γ}, v=e (g ^α, h), set And in D, element is unequal mutually, and note set D _i={ d ₁..., d _i(1≤i≤m-1),

And $d_i\∉X,$ Set $X={\left\{H_0\left(a_i\right)\right\}}_{i=1}^M;$

Step S15: the identity public key that calculates described the first authenticate key exchange side

And identity private key

Wherein, the open identity ID of described the first authenticate key exchange side _S∈ { 0,1} ^*

Step S16: the property set private key that calculates described the second authenticate key exchange side

Wherein, A _CBe the property set of described the second authenticate key exchange side, and have

3. authenticate key switching method as claimed in claim 2, is characterized in that, described step S2 comprises:

Step S21: described the second authenticate key exchange side chooses the first temporary private, calculates the authenticate key exchange message according to described the first temporary private, and sends service authentication request and authenticate key exchange message to described the first authenticate key exchange side;

Step S22: described the first authenticate key exchange root is determined corresponding thresholding access structure (A according to described service authentication request _S, t), wherein,

And 1≤t≤s=|A _S|≤m;

Step S23: described the first authenticate key exchange side chooses the second temporary private, and according to described thresholding access structure, the second temporary private and described common parameter, calculates ciphertext;

Step S24: described the first authenticate key exchange reef knot closes described identity private key and calculates the first shared session key $k_{\mathrm{SC}}=H_2\left(e(P^{r_C},d_{{\mathrm{ID}}_S})\right)\⊕H_2\left(v^{r_S}\right);$

Step S25: described the first authenticate key change of direction described the second authenticate key exchange side sends described ciphertext and described thresholding access structure;

Step S26: described the second authenticate key exchange root is according to described thresholding access structure, judges the property set A of described the second authenticate key exchange side _CWhether satisfy | A _C∩ A _S| 〉=t;

Step S27: the property set A when described the second authenticate key exchange side of judgement _CSatisfy | A _C∩ A _S| during 〉=t, described the second authenticate key exchange root calculates second and shares session key according to described identity public key, described identity ciphering public keys, described ciphertext, described property set private key.

4. authenticate key switching method as claimed in claim 3, is characterized in that, described step S21 comprises:

Described the second authenticate key exchange side chooses temporary private at random

Calculate

Described Be described authenticate key exchange message.

5. authenticate key switching method as claimed in claim 3, is characterized in that, described ciphertext comprises the first ciphertext C ₁With the second ciphertext C ₂, and

Wherein, the temporary private of choosing at random

6. authenticate key switching method as claimed in claim 3, is characterized in that, described step S27 comprises:

Step S271: choose set C _S, satisfy

And | CS|=t;

Step S272: according to aggregating algorithm, calculate

Wherein, W is

The array that set element forms, B is

The array that set element forms;

Step S273: calculate $L=e(g^{\frac{k_C}{{\mathrm{\Π}}_{a_i\∈C_S}(\mathrm{\γ}+H_0\left(a_i\right))}},C_2)={e(g,h)}^{k_C\·r_S\·\mathrm{\α}\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}(\mathrm{\γ}+H_0\left(a_i\right))\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}(\mathrm{\γ}+d)};$

Step S274: definition $P_{(C_S,A_S)}\left(\mathrm{\γ}\right)=\frac{1}{\mathrm{\γ}}(\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}(\mathrm{\γ}+H_0\left(a_i\right))\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}(\mathrm{\γ}+d)-\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d),$ By in the described property set private key of described the second authenticate key exchange side

The private key composition calculates

Step S275: calculate

$e{(g,h)}^{r_S\·k_C\·\mathrm{\α}}={(e(C_1,h^{k_C{P}_{(C_S,A_S)}\left(\mathrm{\γ}\right)})\·L)}^{1/\left(\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d\right)};$

Step S276: calculate $e(C_1,h^{\frac{k_C-1}{\mathrm{\γ}}})=e{(g,h)}^{-r_S\·\mathrm{\α}\·k_C}\·e{(g,h)}^{r_S\·\mathrm{\α}};$

Step S277: calculate $e{(g,h)}^{r_S\·\mathrm{\α}}=e(C_1,h^{\frac{k_C-1}{\mathrm{\γ}}})\·{(e(C_1,h^{k_C{P}_{(C_S,A_S)}\left(\mathrm{\γ}\right)})\·L)}^{1/\left(\underset{a_i\∈A_S\backslash C_S}{\mathrm{\Π}}{H}_0\left(a_i\right)\underset{d\∈D_{m+t-1-s}}{\mathrm{\Π}}d\right)};$

Step S278: calculate second and share session key

7. an authenticate key switching system, is characterized in that, described system comprises:

Initialization unit, the identity public key and identity private key, the authenticate key that are used for calculating identity ciphering public keys, authenticate key exchange one side exchange the opposing party's property set private key, and set up common parameter;

The first authenticate key exchange side as described authenticate key exchange one side, be used for service authentication request and authenticate key exchange message according to described common parameter and described authenticate key exchange the opposing party transmission, determine corresponding thresholding access structure, calculate ciphertext, and calculate first in conjunction with identity private key and share session key;

The second authenticate key exchange side as described authenticate key exchange the opposing party, be used for sending described service authentication request and described authenticate key exchange message to described the first authenticate key exchange side, and according to described thresholding access structure, described identity public key, described identity ciphering public keys, described ciphertext, the shared session key of described property set private key calculating second.

8. authenticate key switching system as claimed in claim 7, is characterized in that, described the first authenticate key exchange side comprises:

The thresholding access structure is confirmed module, is used for according to described service authentication request, determines corresponding thresholding access structure;

The 4th computing module is used for choosing the second temporary private, and according to described thresholding access structure, the second described common parameter of temporary private, calculates ciphertext;

The 5th computing module is used for calculating first in conjunction with described identity private key and shares session key;

The first sending module is used for sending described ciphertext and described thresholding access structure to described the second authenticate key exchange side;

Described the second authenticate key exchange side comprises:

The second sending module is used for sending described service authentication request and described authenticate key exchange message to described the first authenticate key exchange side;

Judge module is used for according to described thresholding access structure, judges whether the property set of described the second authenticate key exchange side satisfies access structure;

The 6th computing module, be used for when described judge module judges that the property set of described the second authenticate key exchange side satisfies access structure, according to described identity public key, described identity ciphering public keys, described ciphertext, described property set private key, calculate second and share session key.

9. authenticate key switching system as claimed in claim 7 or 8, it is characterized in that, described the second authenticate key exchange side is in Internet of Things Mobile RFID system, be embedded with the mobile communication terminal of radio-frequency identification reader/writer chip, described the first authenticate key exchange side is the information service system in described Internet of Things Mobile RFID system, and described initialization unit is built in privacy management service system in described Internet of Things Mobile RFID system.

Images