Summary of the invention
In view of this, present invention is primarily targeted at offer one need not at the bottom of any certificate and cost, form spirit
The file encryption transmission method of identity-based alive, efficiency is high and safety is good.
For reaching above-mentioned purpose, the present invention provides the file encryption transmission method of a kind of identity-based, its be applicable to based on
The system of the user terminal/server framework of File Transfer Protocol, based on Identity-based encryption algorithm, the method includes:
Client and server generate PKI and private key step, private key generator generate server and each client
PKI ID and the private key d corresponding with this PKI ID;
Authentication step, client and server carry out identity and verify mutually, use agreement based on " zero-knowledge proof "
Verify;
The negotiation step of symmetric key, client and server negotiation encryption key, this key is symmetric key;
Encryption file transmitting step, the file that client is encrypted with server transport;
Key updating and management process, private key generator is responsible for each ID and the renewal of private key and management;Ftp server is responsible for
The renewal of symmetric key and management.
Described client and server generate PKI and include with private key step:
On believable third-party server, being provided with the private key generator of Identity-based encryption, client/server is by ID
Generating interface by key, pay private key generator via trusted channel, private key generator, using this ID as PKI, generates private key
D, and pay interface by key, consign to client/server via trusted channel;Note client is A, and server is B,
Under Identity-based encryption system, the PKI of A is, corresponding private key is, and the PKI of B is, corresponding private key is;
Described client and server carry out mutually identity and verify mutually and include:
(1) 21 ports that client is used by server ip and File Transfer Protocol, send to server and represent conversation request
Message.The container cell of server receives in pending queue such as this message addition etc.;
(2) server from etc. pending queue obtains conversation request message after, routine call IBE deciphering module, deciphering
?, after the encryption of routine call IBE encrypting module, by messageBy 21 ports and
Client ip issues client, wherein;
(3) after client receives message, routine call IBE deciphering module, deciphering, obtain, program judgesWithThe most consistent.If it is inconsistent, authentification failure, conversation end;If one
Cause, then the authentication success to server;
(4) after the encryption of client program calls IBE encrypting module, by messagePass through server ip
And 21 port issue server, wherein;After server receives message, routine call IBE deciphering module,
Deciphering, obtain;Now program judgesWithThe most consistent, if unanimously, then to client
The authentication success of end, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end;
The negotiation step of described symmetric key includes:
(1) after server program calls the encryption of IBE encrypting module, by messagePass through client ip
And 21 port issue client, wherein, after client receives message, routine call IBE deciphers mould
Block, deciphers, now program judgesWithConcordance;Then routine call symmetric cryptographic algorithm
Module is encrypted, and by messageIssue server, wherein;
(2), after server receives message, routine call symmetric cryptographic algorithm is deciphered, and obtains, then journey
Sequence comparesWithIf, inconsistent, then key agreement failure;If consistent, then routine call symmetric cryptographic algorithm module, encryption
One section of arbitrary message R,, and by messageIssue client;
(3) after client receives message, the decryption portion of routine call symmetric cryptographic algorithm module,,
Program compare R andIf, inconsistent, then key agreement failure;If consistent, then key agreement success;
Described encryption file transmitting step is:
User end to server initiates connection request, and by IP and 20 port transmission data, before transmission, routine call
Symmetric cryptographic algorithm is encrypted, and after transmission, other end routine call symmetric cryptographic algorithm module is deciphered.
Key updating is included unsymmetrical key update mechanism and symmetric key update mechanism:
1) unsymmetrical key update mechanism, sender arranges a time limit T, the use in the only time time limit when encryption
Message can be deciphered in family, and in systems, new PKI can meet all time limits being suitable for old PKI, and old PKI cannot meet and can fit
Closing the time limit of new PKI, corresponding private key cannot be deciphered and add confidential information, thus declares expired;By the change to time limit T, reach
Change the purpose in key updating cycle;
2) symmetric key update mechanism, the update mode of symmetric key employing counting system, corresponding formula is:, wherein K is basic key, and IV is counting system, and basic key K sets, and receiving terminal only needs basis
Count value IV that transmitting terminal sends can realize synchronizing, and counting method also can synchronize without the information before preserving, and is simply
Preventing playback attack and save previous count value, it addition, for the shared key distributed unitedly by administrative center, management
Center uses clock counter to be updated periodically.
Key management is included, and symmetric key management manages with unsymmetrical key:
1) unsymmetrical key is responsible for by private key generator, generates for solving single private key in large scale system application
The bottleneck problem of private key distributed online by device, uses the HIBE public-key mechanism of identity-based hierarchy;HIBE is that identity-based adds
Close extension, each user obtains the private key of oneself, and a private key generator from the upper level private key generator of this HIBE
Node can only calculate the private key of its all descendant nodes;
2) symmetric key is responsible for by ftp server, and key storage uses threshold schemes, and key is divided into n
Part, wherein arbitrarily k part or the subset that constituted above can recover this key.
The method of Identity-based encryption of the present invention (IBE), IBE system is a kind of by character string disclosed in user
Information (such as addresses of items of mail etc.) is used as the cipher mode of PKI, it make between any pair of user can safety communication with
And in the case of need not exchange private key and PKI, verify everyone signature.In IBE system, the private key of user can be by one
The individual trust authority being referred to as PKG (Private Key Generator, private key generator) generates, it is also possible to by user
Oneself preserves private key, and PKG only does the work of regular update private key for user.Comparing tradition PKI technology, the present invention has following excellent
Point:
Need not any certificate, the public keys of recipient is derived from his identity information;
Key is provided with useful life, therefore need not be cancelled, and in conventional public-key system, key must be removed
Pin;
The attack of spam can be resisted;
Information deciphering can be postponed so that later deciphering;
Cease to be in force automatically after information can be set to certain disconnected specific date or cannot read.
The file encryption transmission method of the identity-based that the present invention proposes, inherits above advantage, for current interconnection
Under net environment, file transmission provides at the bottom of guarantee, and cost, flexible form, efficiency are high and safety is good.
Detailed description of the invention
For ease of the method for the present invention there being further understanding, develop simultaneously preferred embodiment detailed description such as in conjunction with accompanying drawing
Under.
The file encryption transmission method of the identity-based of the present invention is applicable to based on FTP(File Transfer
Protocol, file transfer protocol (FTP)) system of user terminal/server framework of agreement, with Identity-based encryption (IBE,
Identity Based Encryption) based on algorithm, propose for communicating pair safe transmission file under internet environment
A set of more complete implementation.The method includes auth method, the machinery of consultation of symmetric key, encryption file transmission side
Method, key updating method and key management method (as shown in Figure 1).
File secure transmission method proposed by the invention can be briefly described into:
In Identity-based encryption (IBE) system, server and each client have an ID of oneself, and using as
The PKI of oneself, and have respectively with the private key corresponding to oneself ID, ID and private key by private key generator (PKG, Private Key
Generator) generate.
Client and server carry out identity and verify mutually, use agreement based on " zero-knowledge proof " to verify;
Client consults encryption key with server, and this key is symmetric key;
The file that client is encrypted with server transport;
Private key generator (PKG) is responsible for each ID and the renewal of private key and management;
Ftp server is responsible for renewal and the management of symmetric key.
In the file encryption transmission method of identity-based proposed by the invention, the both sides carrying out file transmission are respectively
Server and client side.Under IBE system, PKI is identity ID, key generator (PKG) be that server and client side divides
Not Sheng Cheng ID and corresponding private key d, and pay private key.Then initiated a session request by client, now server and visitor
Family end carries out mutually authentication.After being verified, server and client side consults symmetric key.After having consulted, i.e. use
This symmetric key encryption file also transmits.Unsymmetrical key and symmetric key have effect duration, and can only just may be used in effect duration
To use.When effect duration by after, need to carry out key updating.Private key generator (PKG) be responsible for unsymmetrical key renewal and
Management, ftp server is responsible for renewal and the management of symmetric key.
The principle of each method introduced below and realize process:
(1) auth method
Private key generator (PKG) is that server/customer end generates ID and corresponding private key d respectively, and pays.
Note client is A, and server is B.Under IBE system, the PKI of A is, corresponding private key is, and the PKI of B is, right
The private key is answered to be。
Server and client side is the identity of the other side to be verified before carrying out file transmission, uses aforesaid authentication to assist
View.First initiated a session request by client, one section of random number of the public key encryption of client server, and by ciphertextIssue server.Server is deciphered with the private key of oneself after receiving ciphertext, obtains。
Server generates random number subsequently, and with the PKI pair of clientIt is encrypted, then by ciphertextIssue client.The ciphertext received is decrypted by client with the private key of oneself,
Arrive, and compareWithThe most consistent.If it is inconsistent, authentification failure, conversation end;If one
Cause, then the authentication success to server, now generates random number, and with the PKI pair of server
Encryption, and by ciphertextIssue server.Server is decrypted with the private key of oneself after receiving ciphertext, obtain.Now compareWithThe most consistent, if unanimously, then the identity to client
Certification success, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end.
(2) machinery of consultation of symmetric key
After authentication, server and client side consults the symmetric key of encrypted transmission file.In client and service end
After identity is proved to be successful mutually, now server generates transmission encryption key K and random number.The public affairs of server client
Key is encrypted, and by ciphertextIssue client.Client is deciphered after receiving ciphertext
Obtain, checkingWithConcordance.Then encrypt with K, obtain.And
WillIssue server.Server pairDeciphering, obtains.RelativelyWithIf, inconsistent, then
Key agreement failure;If consistent, then one section of arbitrary message R of encryption,, and willIssue client.
Client pairDeciphering, obtains.Relatively R andIf, inconsistent, then key agreement failure;If consistent, the closeest
Key is consulted successfully.
(3) document transmission method
After client and server consults symmetric key, both sides use the symmetric key encryption and decryption consulted, at channel
On with ciphertext form transmit.File transmits used File Transfer Protocol.FTP is the agreement of application layer, and it is based on transport layer, for
User services, and they are responsible for carrying out the transmission of file.
First FTP client is set up with TCP 21 port of ftp server and is connected, and sends order, visitor by this passage
On this passage, PORT order is sent the when that family end needing to receive data.PORT order contains what port of client
Receive data.Transmitting data when, server end is connected to the designated port of client by TCP 20 port of oneself
Send data.FTP server must set up a new connection for transmitting data (as shown in Figure 5) with client.
Ftp file transfer protocol is based on tcp(Transmission Control Protocol, transmission control protocol),
The transmitting of FTP to be ensured, tcp will accomplish to set up the bit stream of connection, user data will be divided into data segment, send
Arranging timer (for Retransmission timeout) during data, the data also transmitted the other side confirm that (confirmation can be carried
On packet), and the data rearrangement received, abandon the packet of repetition, it is provided that flow-control (tcp end to end
Sliding window protocol effectively to transmit batch data), calculate and check end to end verification and.
Agreement determines path (three kinds of paths: host paths, network path and default path) at IP layer, is determining path
Simultaneously by ICMP report error message and other it should be noted that situation.
In data link layer, find out the MAC Address of destination host by searching ARP table, as do not found, by ARP request/
Response message acquires destination host MAC Address.
Physical layer, transmits original bit stream over the communication channels.
(4) key updating method
(1) unsymmetrical key update mechanism
Sender arranges a time limit T when encryption, and the user in the only time time limit can decipher message.In system
In, new PKI can meet all time limits being suitable for old PKI, and old PKI cannot meet the time limit that can be suitable for new PKI, correspondence
Private key cannot be deciphered and add confidential information, thus declares expired;By the change to time limit T, reach to change the mesh in key updating cycle
's.
(2) symmetric key update mechanism
The update mode of symmetric key employing counting system, corresponding formula is:.Wherein K is basic
Key, IV is counting system, and basic key K sets, count value IV that receiving terminal only need to send according to transmitting terminal
Realizing synchronizing, counting method also can synchronize without the information before preserving, and is intended merely to preventing playback attack and saves previous
Count value, it addition, for the shared key distributed unitedly by administrative center, administrative center uses clock counter the most more
Newly.
(5) key management method
(1) unsymmetrical key management method
Unsymmetrical key is responsible for by PKG.The bottle of private key is distributed online for solving single PKG in large scale system application
Neck problem, uses HIBE (the Hierarchical Identity Based Encryption) PKI of identity-based hierarchy
Mechanism;HIBE is the extension of IBE, and each user obtains the private key of oneself from his upper level PKG, and a PKG node is only
The private key of its all descendant nodes can be calculated, and the private key of all its descendant nodes non-is to be difficult to calculate.
(2) symmetric key management method
Symmetric key is responsible for by ftp server.Key storage uses threshold schemes (also referred to as privacy share or secret point
Enjoy), key is divided into n part, wherein arbitrarily k part or the subset that constituted above can recover this key.
With reference to shown in Fig. 3, the file encryption transmission method of identity-based of the present invention is embodied as step and is:
The private key generator (PKG) utilizing IBE system generates PKI and the private key of client and server: believable the
On tripartite's server, there is the private key generator (PKG) of IBE.Client/server is by ID(the most hereinafter、General term)
Generate interface by key, via trusted channel payment PKG, PKG using this ID as PKI, generate private key d, and handed over by key
Pay interface, consign to client/server via trusted channel.Note client is A, and server is B.Under IBE system, A's
PKI is, corresponding private key is, and the PKI of B is, corresponding private key is;
Client and server carry out mutually authentication:
(1) 21 ports that client is used by server ip and File Transfer Protocol, send to server and represent conversation request
Message.The container cell of server receives in pending queue such as this message addition etc.;
(2) server from etc. pending queue obtains conversation request message after, routine call IBE deciphering module, deciphering
?, after the encryption of routine call IBE encrypting module, by messageBy 21 ports and
Client ip issues client, wherein;
(3) after client receives message, routine call IBE deciphering module, deciphering, obtain, program judgesWithThe most consistent.If it is inconsistent, authentification failure, conversation end;If it is consistent,
The then authentication success to server;
(4) after the encryption of client program calls IBE encrypting module, by messagePass through server ip
And 21 port issue server, wherein.After server receives message, routine call IBE deciphering module,
Deciphering, obtain.Now program judgesWithThe most consistent, if unanimously, then to client
The authentication success of end, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end;
Negotiation transmission encryption key:
(1) after server program calls the encryption of IBE encrypting module, by messagePass through client ip
And 21 port issue client, wherein.After client receives message, routine call IBE deciphers mould
Block, deciphers.Now program judgesWithConcordance.Then routine call symmetric cryptographic algorithm
Module is encrypted, and by messageIssue server, wherein;
(2), after server receives message, routine call symmetric cryptographic algorithm is deciphered, and obtains.Then journey
Sequence comparesWith.If inconsistent, then key agreement failure;If consistent, then routine call symmetric cryptographic algorithm module, encryption
One section of arbitrary message R,, and by messageIssue client;
(3) after client receives message, the decryption portion of routine call symmetric cryptographic algorithm module,。
Program compare R andIf, inconsistent, then key agreement failure;If consistent, then key agreement success;
Encryption file transmission:
User end to server initiates connection request, and by IP and 20 port transmission data, before transmission, routine call
Symmetric cryptographic algorithm is encrypted;After transmission, other end routine call symmetric cryptographic algorithm module is deciphered;
The renewal of key and management:
(1) specify the effect duration of private key during PKG routine call key schedule module, and remember accessing data base
Record, ended when effect duration, and this key can be added into the expired list of data base and can not be used again, and corresponding ID holder needs weight
New registration, obtains new private key;
(2) ftp server calls the effect duration of also regulation K when corresponding module generates symmetric key K, and is accessing data base
Carrying out record, end when effect duration, this key can be added into the expired list of data base and can not be used again, needing to renegotiate
Key.
Fig. 4 is a citing of the inventive method, Alice Yu Bob carries out mail delivery, Alice Bob PKI bob@
B.com encrypts mail, and Bob asks certification to private key generator, asks private key, and obtains Bob PKI bob@from private key generator
The private key that b.com adds, Bob private key deciphers mail.
The file secure transmission method that the present invention proposes, is based on Identity-based encryption algorithm (IBE), for the Internet
Under environment, communicating pair safe transmission file proposes a set of more complete implementation.Present invention is characterized in that (1) this
The method of bright proposition is identity-based, uses Identity-based encryption (IBE) so that can be safe between any pair of user
Communication and verify everyone signature in the case of need not exchange private key and PKI;(2) what the present invention proposed is one
Overlap complete file encryption transfer process, guarantee is provided for file transmission under current internet environment;(3) present invention is carried
Feature that the file secure transmission method gone out has at the bottom of cost, flexible form, efficiency are high and safety is good etc..
According to method proposed by the invention, the most successfully develop the encryption of a set of digital content based on File Transfer Protocol and pass
Communication system.Dividing according to functional module, this system can be divided into following several big module:
Asymmetric cryptography module
Authentication module
Symmetric cryptography module
Document transmission module
Wherein, asymmetric cryptography module can be divided into following several little module:
Private key generation module
Unsymmetrical key management module
Asymmetric cryptography encryption/decryption module
Symmetric cryptography module can also be divided into:
Symmetric key negotiation module
Symmetric key management module
Symmetric cryptography encryption/decryption module
The dependence of each intermodule is as shown in Figure 2.
Relation between modules is briefly described.In asymmetric cryptography module, private key generation module is responsible for raw
Become IBE(Identity-based encryption) public private key pair required in algorithm;Unsymmetrical key management module is responsible for and more new key
Right, depend on private key generation module;Asymmetric cryptography encryption/decryption module is responsible for using public private key pair to encrypt and decipher, and depends on
Private key generation module and unsymmetrical key management module.
Authentication module is responsible for before file transmits, and server and client side carries out the mutual certification of identity, and it is non-right to depend on
Claim crypto module.
Symmetric cryptography module only just can be used after authentication success, therefore depends on authentication module;And
And the agreement protocol that symmetric key negotiation module therein uses used asymmetric cryptography module, therefore also rely on asymmetric
Crypto module;Dependence between remaining submodule is similar to asymmetric cryptography module.
Document transmission module is for transmitting the digital content after symmetric key encryption and successful in authentication
After, therefore depend on authentication module and symmetric cryptography encryption/decryption module.
The above, only presently preferred embodiments of the present invention, it is not intended to limit protection scope of the present invention.