CN103354498B - A kind of file encryption transmission method of identity-based - Google Patents
A kind of file encryption transmission method of identity-based Download PDFInfo
- Publication number
- CN103354498B CN103354498B CN201310212203.2A CN201310212203A CN103354498B CN 103354498 B CN103354498 B CN 103354498B CN 201310212203 A CN201310212203 A CN 201310212203A CN 103354498 B CN103354498 B CN 103354498B
- Authority
- CN
- China
- Prior art keywords
- key
- server
- client
- encryption
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses the file encryption transmission method of a kind of identity-based, it is applicable to the system of user terminal/server framework based on File Transfer Protocol, based on Identity-based encryption algorithm, the method includes: client and server generate PKI and private key step, authentication step, the negotiation step of symmetric key, encryption file transmitting step and key updating and management process.The method of the present invention is identity-based, use Identity-based encryption (IBE), make between any pair of user can the communication of safety and verify everyone signature in the case of need not exchange private key and PKI, file secure transmission method proposed by the invention has that low cost, flexible form, efficiency is high and the effect such as safety is good.
Description
Technical field
The relevant a kind of file encryption transmission method of the present invention, particularly relates to one and realizes communicating pair peace under internet environment
The file encryption transmission method of the identity-based of full transmission file.
Background technology
Since entering 21st century, information technology is just flourish with unprecedented speed.In recent years, along with interconnection
Developing rapidly of network technology, the file transmission under internet environment also becomes more and more conventional technology.Accordingly, file transmission
Safety and produced problem the most increasingly paid close attention to by people.In file transmits the application of this technology, have perhaps
Many problems merit attention, and such as, how to verify the identity of transmission the other side, obtain the most safely and be encrypted transmission with the other side
This how management etc. of key and these keys.
Currently, a kind of technology being universally accepted and being widely used is referred to as " PKIX " (Public Key
Infrastructure, PKI), PKI is a kind of comprehensive safety platform grown up on the basis of PKI theory and technology, energy
Enough key and certificate managements necessary to the cryptographic service such as all-network application offer employing encrypted and digitally signed pellucidly,
Thus reach to ensure to transmit the safe, true, complete of information and the purpose of non-repudiation on the net.The private key of user in PKI system
Can be generated by user oneself, it is possible to by trusted authority mechanism CA (Certification Authority, authentication center) on behalf of
Generating, the PKI of user is the random number calculating and generating, and PKI and subscriber identity information are formed number by after CA authentication signature
Word certificate, certificate is stored in catalogue on the disclosure for retrieval.CA is the core of PKI, and communication two party must utilize number by CA
Word certificate carries out identity validation, i.e. the process of PKI identity validation must be set up to third-party common trust and dependence
On basis.Owing to each user needs to apply for that digital certificate, user use complexity in advance, back-stage management is also abnormal loaded down with trivial details.
Summary of the invention
In view of this, present invention is primarily targeted at offer one need not at the bottom of any certificate and cost, form spirit
The file encryption transmission method of identity-based alive, efficiency is high and safety is good.
For reaching above-mentioned purpose, the present invention provides the file encryption transmission method of a kind of identity-based, its be applicable to based on
The system of the user terminal/server framework of File Transfer Protocol, based on Identity-based encryption algorithm, the method includes:
Client and server generate PKI and private key step, private key generator generate server and each client
PKI ID and the private key d corresponding with this PKI ID;
Authentication step, client and server carry out identity and verify mutually, use agreement based on " zero-knowledge proof "
Verify;
The negotiation step of symmetric key, client and server negotiation encryption key, this key is symmetric key;
Encryption file transmitting step, the file that client is encrypted with server transport;
Key updating and management process, private key generator is responsible for each ID and the renewal of private key and management;Ftp server is responsible for
The renewal of symmetric key and management.
Described client and server generate PKI and include with private key step:
On believable third-party server, being provided with the private key generator of Identity-based encryption, client/server is by ID
Generating interface by key, pay private key generator via trusted channel, private key generator, using this ID as PKI, generates private key
D, and pay interface by key, consign to client/server via trusted channel;Note client is A, and server is B,
Under Identity-based encryption system, the PKI of A is, corresponding private key is, and the PKI of B is, corresponding private key is;
Described client and server carry out mutually identity and verify mutually and include:
(1) 21 ports that client is used by server ip and File Transfer Protocol, send to server and represent conversation request
Message.The container cell of server receives in pending queue such as this message addition etc.;
(2) server from etc. pending queue obtains conversation request message after, routine call IBE deciphering module, deciphering
?, after the encryption of routine call IBE encrypting module, by messageBy 21 ports and
Client ip issues client, wherein;
(3) after client receives message, routine call IBE deciphering module, deciphering, obtain, program judgesWithThe most consistent.If it is inconsistent, authentification failure, conversation end;If one
Cause, then the authentication success to server;
(4) after the encryption of client program calls IBE encrypting module, by messagePass through server ip
And 21 port issue server, wherein;After server receives message, routine call IBE deciphering module,
Deciphering, obtain;Now program judgesWithThe most consistent, if unanimously, then to client
The authentication success of end, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end;
The negotiation step of described symmetric key includes:
(1) after server program calls the encryption of IBE encrypting module, by messagePass through client ip
And 21 port issue client, wherein, after client receives message, routine call IBE deciphers mould
Block, deciphers, now program judgesWithConcordance;Then routine call symmetric cryptographic algorithm
Module is encrypted, and by messageIssue server, wherein;
(2), after server receives message, routine call symmetric cryptographic algorithm is deciphered, and obtains, then journey
Sequence comparesWithIf, inconsistent, then key agreement failure;If consistent, then routine call symmetric cryptographic algorithm module, encryption
One section of arbitrary message R,, and by messageIssue client;
(3) after client receives message, the decryption portion of routine call symmetric cryptographic algorithm module,,
Program compare R andIf, inconsistent, then key agreement failure;If consistent, then key agreement success;
Described encryption file transmitting step is:
User end to server initiates connection request, and by IP and 20 port transmission data, before transmission, routine call
Symmetric cryptographic algorithm is encrypted, and after transmission, other end routine call symmetric cryptographic algorithm module is deciphered.
Key updating is included unsymmetrical key update mechanism and symmetric key update mechanism:
1) unsymmetrical key update mechanism, sender arranges a time limit T, the use in the only time time limit when encryption
Message can be deciphered in family, and in systems, new PKI can meet all time limits being suitable for old PKI, and old PKI cannot meet and can fit
Closing the time limit of new PKI, corresponding private key cannot be deciphered and add confidential information, thus declares expired;By the change to time limit T, reach
Change the purpose in key updating cycle;
2) symmetric key update mechanism, the update mode of symmetric key employing counting system, corresponding formula is:, wherein K is basic key, and IV is counting system, and basic key K sets, and receiving terminal only needs basis
Count value IV that transmitting terminal sends can realize synchronizing, and counting method also can synchronize without the information before preserving, and is simply
Preventing playback attack and save previous count value, it addition, for the shared key distributed unitedly by administrative center, management
Center uses clock counter to be updated periodically.
Key management is included, and symmetric key management manages with unsymmetrical key:
1) unsymmetrical key is responsible for by private key generator, generates for solving single private key in large scale system application
The bottleneck problem of private key distributed online by device, uses the HIBE public-key mechanism of identity-based hierarchy;HIBE is that identity-based adds
Close extension, each user obtains the private key of oneself, and a private key generator from the upper level private key generator of this HIBE
Node can only calculate the private key of its all descendant nodes;
2) symmetric key is responsible for by ftp server, and key storage uses threshold schemes, and key is divided into n
Part, wherein arbitrarily k part or the subset that constituted above can recover this key.
The method of Identity-based encryption of the present invention (IBE), IBE system is a kind of by character string disclosed in user
Information (such as addresses of items of mail etc.) is used as the cipher mode of PKI, it make between any pair of user can safety communication with
And in the case of need not exchange private key and PKI, verify everyone signature.In IBE system, the private key of user can be by one
The individual trust authority being referred to as PKG (Private Key Generator, private key generator) generates, it is also possible to by user
Oneself preserves private key, and PKG only does the work of regular update private key for user.Comparing tradition PKI technology, the present invention has following excellent
Point:
Need not any certificate, the public keys of recipient is derived from his identity information;
Key is provided with useful life, therefore need not be cancelled, and in conventional public-key system, key must be removed
Pin;
The attack of spam can be resisted;
Information deciphering can be postponed so that later deciphering;
Cease to be in force automatically after information can be set to certain disconnected specific date or cannot read.
The file encryption transmission method of the identity-based that the present invention proposes, inherits above advantage, for current interconnection
Under net environment, file transmission provides at the bottom of guarantee, and cost, flexible form, efficiency are high and safety is good.
Accompanying drawing explanation
Fig. 1 is the step schematic diagram of the file encryption transmission method of identity-based of the present invention;
Fig. 2 is the component drawings of the system in the present invention;
Fig. 3 is the flow chart of the file encryption transmission method of identity-based of the present invention;
Fig. 4 is the embodiment flow chart of Identity-based encryption (IBE) in the present invention;
Fig. 5 is the flow chart of file transfer protocol (FTP) FTP in the present invention.
Detailed description of the invention
For ease of the method for the present invention there being further understanding, develop simultaneously preferred embodiment detailed description such as in conjunction with accompanying drawing
Under.
The file encryption transmission method of the identity-based of the present invention is applicable to based on FTP(File Transfer
Protocol, file transfer protocol (FTP)) system of user terminal/server framework of agreement, with Identity-based encryption (IBE,
Identity Based Encryption) based on algorithm, propose for communicating pair safe transmission file under internet environment
A set of more complete implementation.The method includes auth method, the machinery of consultation of symmetric key, encryption file transmission side
Method, key updating method and key management method (as shown in Figure 1).
File secure transmission method proposed by the invention can be briefly described into:
In Identity-based encryption (IBE) system, server and each client have an ID of oneself, and using as
The PKI of oneself, and have respectively with the private key corresponding to oneself ID, ID and private key by private key generator (PKG, Private Key
Generator) generate.
Client and server carry out identity and verify mutually, use agreement based on " zero-knowledge proof " to verify;
Client consults encryption key with server, and this key is symmetric key;
The file that client is encrypted with server transport;
Private key generator (PKG) is responsible for each ID and the renewal of private key and management;
Ftp server is responsible for renewal and the management of symmetric key.
In the file encryption transmission method of identity-based proposed by the invention, the both sides carrying out file transmission are respectively
Server and client side.Under IBE system, PKI is identity ID, key generator (PKG) be that server and client side divides
Not Sheng Cheng ID and corresponding private key d, and pay private key.Then initiated a session request by client, now server and visitor
Family end carries out mutually authentication.After being verified, server and client side consults symmetric key.After having consulted, i.e. use
This symmetric key encryption file also transmits.Unsymmetrical key and symmetric key have effect duration, and can only just may be used in effect duration
To use.When effect duration by after, need to carry out key updating.Private key generator (PKG) be responsible for unsymmetrical key renewal and
Management, ftp server is responsible for renewal and the management of symmetric key.
The principle of each method introduced below and realize process:
(1) auth method
Private key generator (PKG) is that server/customer end generates ID and corresponding private key d respectively, and pays.
Note client is A, and server is B.Under IBE system, the PKI of A is, corresponding private key is, and the PKI of B is, right
The private key is answered to be。
Server and client side is the identity of the other side to be verified before carrying out file transmission, uses aforesaid authentication to assist
View.First initiated a session request by client, one section of random number of the public key encryption of client server, and by ciphertextIssue server.Server is deciphered with the private key of oneself after receiving ciphertext, obtains。
Server generates random number subsequently, and with the PKI pair of clientIt is encrypted, then by ciphertextIssue client.The ciphertext received is decrypted by client with the private key of oneself,
Arrive, and compareWithThe most consistent.If it is inconsistent, authentification failure, conversation end;If one
Cause, then the authentication success to server, now generates random number, and with the PKI pair of server
Encryption, and by ciphertextIssue server.Server is decrypted with the private key of oneself after receiving ciphertext, obtain.Now compareWithThe most consistent, if unanimously, then the identity to client
Certification success, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end.
(2) machinery of consultation of symmetric key
After authentication, server and client side consults the symmetric key of encrypted transmission file.In client and service end
After identity is proved to be successful mutually, now server generates transmission encryption key K and random number.The public affairs of server client
Key is encrypted, and by ciphertextIssue client.Client is deciphered after receiving ciphertext
Obtain, checkingWithConcordance.Then encrypt with K, obtain.And
WillIssue server.Server pairDeciphering, obtains.RelativelyWithIf, inconsistent, then
Key agreement failure;If consistent, then one section of arbitrary message R of encryption,, and willIssue client.
Client pairDeciphering, obtains.Relatively R andIf, inconsistent, then key agreement failure;If consistent, the closeest
Key is consulted successfully.
(3) document transmission method
After client and server consults symmetric key, both sides use the symmetric key encryption and decryption consulted, at channel
On with ciphertext form transmit.File transmits used File Transfer Protocol.FTP is the agreement of application layer, and it is based on transport layer, for
User services, and they are responsible for carrying out the transmission of file.
First FTP client is set up with TCP 21 port of ftp server and is connected, and sends order, visitor by this passage
On this passage, PORT order is sent the when that family end needing to receive data.PORT order contains what port of client
Receive data.Transmitting data when, server end is connected to the designated port of client by TCP 20 port of oneself
Send data.FTP server must set up a new connection for transmitting data (as shown in Figure 5) with client.
Ftp file transfer protocol is based on tcp(Transmission Control Protocol, transmission control protocol),
The transmitting of FTP to be ensured, tcp will accomplish to set up the bit stream of connection, user data will be divided into data segment, send
Arranging timer (for Retransmission timeout) during data, the data also transmitted the other side confirm that (confirmation can be carried
On packet), and the data rearrangement received, abandon the packet of repetition, it is provided that flow-control (tcp end to end
Sliding window protocol effectively to transmit batch data), calculate and check end to end verification and.
Agreement determines path (three kinds of paths: host paths, network path and default path) at IP layer, is determining path
Simultaneously by ICMP report error message and other it should be noted that situation.
In data link layer, find out the MAC Address of destination host by searching ARP table, as do not found, by ARP request/
Response message acquires destination host MAC Address.
Physical layer, transmits original bit stream over the communication channels.
(4) key updating method
(1) unsymmetrical key update mechanism
Sender arranges a time limit T when encryption, and the user in the only time time limit can decipher message.In system
In, new PKI can meet all time limits being suitable for old PKI, and old PKI cannot meet the time limit that can be suitable for new PKI, correspondence
Private key cannot be deciphered and add confidential information, thus declares expired;By the change to time limit T, reach to change the mesh in key updating cycle
's.
(2) symmetric key update mechanism
The update mode of symmetric key employing counting system, corresponding formula is:.Wherein K is basic
Key, IV is counting system, and basic key K sets, count value IV that receiving terminal only need to send according to transmitting terminal
Realizing synchronizing, counting method also can synchronize without the information before preserving, and is intended merely to preventing playback attack and saves previous
Count value, it addition, for the shared key distributed unitedly by administrative center, administrative center uses clock counter the most more
Newly.
(5) key management method
(1) unsymmetrical key management method
Unsymmetrical key is responsible for by PKG.The bottle of private key is distributed online for solving single PKG in large scale system application
Neck problem, uses HIBE (the Hierarchical Identity Based Encryption) PKI of identity-based hierarchy
Mechanism;HIBE is the extension of IBE, and each user obtains the private key of oneself from his upper level PKG, and a PKG node is only
The private key of its all descendant nodes can be calculated, and the private key of all its descendant nodes non-is to be difficult to calculate.
(2) symmetric key management method
Symmetric key is responsible for by ftp server.Key storage uses threshold schemes (also referred to as privacy share or secret point
Enjoy), key is divided into n part, wherein arbitrarily k part or the subset that constituted above can recover this key.
With reference to shown in Fig. 3, the file encryption transmission method of identity-based of the present invention is embodied as step and is:
The private key generator (PKG) utilizing IBE system generates PKI and the private key of client and server: believable the
On tripartite's server, there is the private key generator (PKG) of IBE.Client/server is by ID(the most hereinafter、General term)
Generate interface by key, via trusted channel payment PKG, PKG using this ID as PKI, generate private key d, and handed over by key
Pay interface, consign to client/server via trusted channel.Note client is A, and server is B.Under IBE system, A's
PKI is, corresponding private key is, and the PKI of B is, corresponding private key is;
Client and server carry out mutually authentication:
(1) 21 ports that client is used by server ip and File Transfer Protocol, send to server and represent conversation request
Message.The container cell of server receives in pending queue such as this message addition etc.;
(2) server from etc. pending queue obtains conversation request message after, routine call IBE deciphering module, deciphering
?, after the encryption of routine call IBE encrypting module, by messageBy 21 ports and
Client ip issues client, wherein;
(3) after client receives message, routine call IBE deciphering module, deciphering, obtain, program judgesWithThe most consistent.If it is inconsistent, authentification failure, conversation end;If it is consistent,
The then authentication success to server;
(4) after the encryption of client program calls IBE encrypting module, by messagePass through server ip
And 21 port issue server, wherein.After server receives message, routine call IBE deciphering module,
Deciphering, obtain.Now program judgesWithThe most consistent, if unanimously, then to client
The authentication success of end, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end;
Negotiation transmission encryption key:
(1) after server program calls the encryption of IBE encrypting module, by messagePass through client ip
And 21 port issue client, wherein.After client receives message, routine call IBE deciphers mould
Block, deciphers.Now program judgesWithConcordance.Then routine call symmetric cryptographic algorithm
Module is encrypted, and by messageIssue server, wherein;
(2), after server receives message, routine call symmetric cryptographic algorithm is deciphered, and obtains.Then journey
Sequence comparesWith.If inconsistent, then key agreement failure;If consistent, then routine call symmetric cryptographic algorithm module, encryption
One section of arbitrary message R,, and by messageIssue client;
(3) after client receives message, the decryption portion of routine call symmetric cryptographic algorithm module,。
Program compare R andIf, inconsistent, then key agreement failure;If consistent, then key agreement success;
Encryption file transmission:
User end to server initiates connection request, and by IP and 20 port transmission data, before transmission, routine call
Symmetric cryptographic algorithm is encrypted;After transmission, other end routine call symmetric cryptographic algorithm module is deciphered;
The renewal of key and management:
(1) specify the effect duration of private key during PKG routine call key schedule module, and remember accessing data base
Record, ended when effect duration, and this key can be added into the expired list of data base and can not be used again, and corresponding ID holder needs weight
New registration, obtains new private key;
(2) ftp server calls the effect duration of also regulation K when corresponding module generates symmetric key K, and is accessing data base
Carrying out record, end when effect duration, this key can be added into the expired list of data base and can not be used again, needing to renegotiate
Key.
Fig. 4 is a citing of the inventive method, Alice Yu Bob carries out mail delivery, Alice Bob PKI bob@
B.com encrypts mail, and Bob asks certification to private key generator, asks private key, and obtains Bob PKI bob@from private key generator
The private key that b.com adds, Bob private key deciphers mail.
The file secure transmission method that the present invention proposes, is based on Identity-based encryption algorithm (IBE), for the Internet
Under environment, communicating pair safe transmission file proposes a set of more complete implementation.Present invention is characterized in that (1) this
The method of bright proposition is identity-based, uses Identity-based encryption (IBE) so that can be safe between any pair of user
Communication and verify everyone signature in the case of need not exchange private key and PKI;(2) what the present invention proposed is one
Overlap complete file encryption transfer process, guarantee is provided for file transmission under current internet environment;(3) present invention is carried
Feature that the file secure transmission method gone out has at the bottom of cost, flexible form, efficiency are high and safety is good etc..
According to method proposed by the invention, the most successfully develop the encryption of a set of digital content based on File Transfer Protocol and pass
Communication system.Dividing according to functional module, this system can be divided into following several big module:
Asymmetric cryptography module
Authentication module
Symmetric cryptography module
Document transmission module
Wherein, asymmetric cryptography module can be divided into following several little module:
Private key generation module
Unsymmetrical key management module
Asymmetric cryptography encryption/decryption module
Symmetric cryptography module can also be divided into:
Symmetric key negotiation module
Symmetric key management module
Symmetric cryptography encryption/decryption module
The dependence of each intermodule is as shown in Figure 2.
Relation between modules is briefly described.In asymmetric cryptography module, private key generation module is responsible for raw
Become IBE(Identity-based encryption) public private key pair required in algorithm;Unsymmetrical key management module is responsible for and more new key
Right, depend on private key generation module;Asymmetric cryptography encryption/decryption module is responsible for using public private key pair to encrypt and decipher, and depends on
Private key generation module and unsymmetrical key management module.
Authentication module is responsible for before file transmits, and server and client side carries out the mutual certification of identity, and it is non-right to depend on
Claim crypto module.
Symmetric cryptography module only just can be used after authentication success, therefore depends on authentication module;And
And the agreement protocol that symmetric key negotiation module therein uses used asymmetric cryptography module, therefore also rely on asymmetric
Crypto module;Dependence between remaining submodule is similar to asymmetric cryptography module.
Document transmission module is for transmitting the digital content after symmetric key encryption and successful in authentication
After, therefore depend on authentication module and symmetric cryptography encryption/decryption module.
The above, only presently preferred embodiments of the present invention, it is not intended to limit protection scope of the present invention.
Claims (3)
1. the file encryption transmission method of an identity-based, it is characterised in that its be applicable to client based on File Transfer Protocol/
The system of server architecture, based on Identity-based encryption algorithm, the method includes:
Client generates PKI and private key step with server, private key generator generate server and the PKI of each client
ID and the private key d corresponding with this PKI ID;
Authentication step, client and server carry out identity and verify mutually, use agreement based on zero-knowledge proof to test
Card;
The negotiation step of symmetric key, client and server negotiation encryption key, this key is symmetric key;
Encryption file transmitting step, the file that client is encrypted with server transport;
Key updating and management process, private key generator is responsible for each ID and the renewal of private key and management;Ftp server is responsible for symmetry
The renewal of key and management;
Described client and server generate PKI and include with private key step:
On believable third-party server, being provided with the described private key generator of Identity-based encryption, client/server is by ID
Generating interface by key, pay private key generator via trusted channel, private key generator, using this ID as PKI, generates private key
D, and pay interface by key, consign to client/server via trusted channel;Note client is A, and server is B,
Under Identity-based encryption system, the PKI of A is, corresponding private key is, and the PKI of B is, corresponding private key is;
Described client and server carry out identity and verify mutually and include:
(1) 21 ports that client is used by server ip and File Transfer Protocol, send the message representing conversation request to server, the container cell of server receives in pending queue such as this message addition etc., R1Service for client
One section of random number of the public key encryption of device;
(2) server from etc. pending queue obtains conversation request message after, routine call IBE deciphering module, decipher, after the encryption of routine call IBE encrypting module, by messageBy 21 ports and visitor
Family end IP issues client, wherein, R2The random number generated for server;
(3) after client receives message, routine call IBE deciphering module, deciphering, obtain, journey
Sequence judgesWithThe most consistent, if it is inconsistent, authentification failure, conversation end;If consistent, then the body to server
Part certification success;
(4) after the encryption of client program calls IBE encrypting module, by messageBy server ip and
21 ports issue server, wherein;After server receives message, routine call IBE deciphering module, deciphering, obtain;Now program judgesWithThe most consistent, if unanimously, then to client
Authentication success, recognizes each other QED one-tenth;Otherwise then authentification failure, conversation end;R3For generating after server identity certification success
Random number;
The negotiation step of described symmetric key includes:
(1) after server program calls the encryption of IBE encrypting module, by messageBy client ip and 21
Port issues client, wherein, after client receives message, routine call IBE deciphering module, deciphering
?, now program judgesWithConcordance;Then routine call symmetric cryptographic algorithm module adds
Close, and by messageIssue server, wherein;Wherein R4Mutual with service end identity for client
After being proved to be successful, the random number that server generates, K is that after client is proved to be successful mutually with service end identity, server generates
Transmission encryption key;
(2), after server receives message, routine call symmetric cryptographic algorithm module is deciphered, and obtains, then journey
Sequence comparesWithIf, inconsistent, then key agreement failure;If consistent, then routine call symmetric cryptographic algorithm module, encryption
One section of arbitrary message R,, and by messageIssue client;
(3) after client receives message, the decryption portion of routine call symmetric cryptographic algorithm module,, program
Relatively R andIf, inconsistent, then key agreement failure;If consistent, then key agreement success;
Described encryption file transmitting step is:
User end to server initiates connection request, and by IP and 20 port transmission data, before transmission, routine call is symmetrical
Cryptographic algorithm module is encrypted, and after transmission, other end routine call symmetric cryptographic algorithm module is deciphered.
2. the file encryption transmission method of identity-based as claimed in claim 1, it is characterised in that key updating is included non-
Symmetric key update mechanism and symmetric key update mechanism:
1) unsymmetrical key update mechanism, sender arranges a time limit T when encryption, and the user in the only time time limit is permissible
Deciphering message, in systems, new PKI can meet all time limits being suitable for old PKI, and old PKI cannot meet and can be suitable for newly public affairs
In the time limit of key, corresponding private key cannot be deciphered and add confidential information, thus declare expired;By the change to time limit T, reach to change close
The purpose of key update cycle;
2) symmetric key update mechanism, the update mode of symmetric key employing counting system, corresponding formula is:, wherein K is basic key, and IV is count value, and basic key K sets, and receiving terminal only needs basis
Count value IV that transmitting terminal sends can realize synchronizing, and counting system also can synchronize without the information before preserving, and is simply
Preventing playback attack and save previous count value, it addition, for the symmetric key distributed unitedly by administrative center, management
Center uses clock counter to be updated periodically.
3. the file encryption transmission method of identity-based as claimed in claim 1, it is characterised in that it is right to include key management
Key management is claimed to manage with unsymmetrical key:
1) unsymmetrical key is responsible for by private key generator, online for solving single private key generator in large scale system application
The bottleneck problem of distribution private key, uses the HIBE public-key mechanism of identity-based hierarchy;HIBE is the expansion of Identity-based encryption
Exhibition, each user obtains the private key of oneself from the upper level private key generator of this HIBE, and a private key generator node is only
The private key of its all descendant nodes can be calculated;
2) symmetric key is responsible for by ftp server, and symmetric key storage uses threshold schemes, is divided into by symmetric key
N part, the subset that wherein arbitrarily k part is constituted can recover this symmetric key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310212203.2A CN103354498B (en) | 2013-05-31 | 2013-05-31 | A kind of file encryption transmission method of identity-based |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310212203.2A CN103354498B (en) | 2013-05-31 | 2013-05-31 | A kind of file encryption transmission method of identity-based |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103354498A CN103354498A (en) | 2013-10-16 |
| CN103354498B true CN103354498B (en) | 2016-09-28 |
Family
ID=49310814
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310212203.2A Active CN103354498B (en) | 2013-05-31 | 2013-05-31 | A kind of file encryption transmission method of identity-based |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103354498B (en) |
Families Citing this family (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734843A (en) * | 2013-12-19 | 2015-06-24 | 江苏吉美思物联网产业股份有限公司 | Synchronous 3DES secret communication method |
| CN104023013B (en) * | 2014-05-30 | 2017-04-12 | 上海帝联信息科技股份有限公司 | Data transmission method, server side and client |
| CN104134286B (en) * | 2014-07-29 | 2017-02-15 | 深圳华越南方电子技术有限公司 | Remote prepayment electricity vending system and method |
| CN105469510B (en) * | 2014-10-12 | 2018-01-09 | 吴思进 | The encryption currency wallet that delay pays or given for change can be predicted |
| CN104410612A (en) * | 2014-11-14 | 2015-03-11 | 青岛龙泰天翔通信科技有限公司 | A simple identity authentication method for a file transfer protocol |
| CN105391549B (en) * | 2015-12-10 | 2018-10-12 | 四川长虹电器股份有限公司 | Communication dynamics key implementation method between client and server |
| CN105959281B (en) * | 2016-04-29 | 2020-12-22 | 腾讯科技(深圳)有限公司 | File encryption transmission method and device |
| CN105978690B (en) * | 2016-07-03 | 2019-03-26 | 恒宝股份有限公司 | A kind of safety method and system based on asymmetric key pair |
| CN107465671A (en) * | 2017-07-28 | 2017-12-12 | 杭州绿湾网络科技有限公司 | Data transmission method and system |
| CN107547570B (en) * | 2017-09-30 | 2023-12-05 | 国信优易数据股份有限公司 | Data security service platform and data security transmission method |
| WO2019105571A1 (en) * | 2017-12-01 | 2019-06-06 | Huawei Technologies Co., Ltd. | Secure provisioning of data to client device |
| CN108768958B (en) * | 2018-05-07 | 2022-01-14 | 上海海事大学 | Verification method for data integrity and source based on no leakage of verified information by third party |
| CN109040041B (en) * | 2018-07-23 | 2021-04-06 | 深圳职业技术学院 | Data layered encryption device and related electronic device and storage medium |
| CN109040109B (en) * | 2018-08-31 | 2022-01-21 | 国鼎网络空间安全技术有限公司 | Data transaction method and system based on key management mechanism |
| US11316668B2 (en) * | 2018-11-16 | 2022-04-26 | Safetech Bv | Methods and systems for cryptographic private key management for secure multiparty storage and transfer of information |
| CN109587149A (en) * | 2018-12-11 | 2019-04-05 | 许昌许继软件技术有限公司 | A kind of safety communicating method and device of data |
| CN109922047B (en) * | 2019-01-31 | 2021-11-19 | 武汉天喻聚联网络有限公司 | Image transmission system and method |
| CN109996095B (en) * | 2019-03-28 | 2023-02-24 | 湖南快乐阳光互动娱乐传媒有限公司 | Method, system and medium for preventing stealing link playing in network video on demand |
| CN111431853A (en) * | 2020-02-21 | 2020-07-17 | 北京邮电大学 | Centerless instant network identity authentication method and client |
| CN111818196B (en) * | 2020-07-22 | 2023-04-07 | 深圳市有方科技股份有限公司 | Domain name resolution method and device, computer equipment and storage medium |
| CN112291060A (en) * | 2020-08-08 | 2021-01-29 | 北京天润海图科技有限公司 | Secure communication method, sending end and receiving end |
| CN111970114B (en) * | 2020-08-31 | 2023-08-18 | 中移(杭州)信息技术有限公司 | File encryption method, system, server and storage medium |
| CN112637128B (en) * | 2020-11-25 | 2022-07-08 | 四川新网银行股份有限公司 | Identity mutual trust method and system for data center host |
| CN113259093B (en) * | 2021-04-21 | 2022-03-25 | 山东大学 | Hierarchical signature encryption system based on identity-based encryption and construction method |
| CN113556355B (en) * | 2021-07-30 | 2023-04-28 | 广东电网有限责任公司 | Key processing system and method for intelligent equipment of power distribution network |
| CN114095254B (en) * | 2021-11-22 | 2024-04-12 | 中国建设银行股份有限公司 | Message encryption method, server device, client device and storage medium |
| CN114389803A (en) * | 2021-12-24 | 2022-04-22 | 奇安信科技集团股份有限公司 | SPA key distribution method and device |
| CN114338201B (en) * | 2021-12-30 | 2024-04-02 | 北京可信华泰信息技术有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN114826614B (en) * | 2022-04-22 | 2024-02-23 | 安天科技集团股份有限公司 | Distributed storage method and device for authenticatable password library file and electronic equipment |
| CN115277200B (en) * | 2022-07-27 | 2023-08-15 | 北京国领科技有限公司 | Multi-node key auto-negotiation management method for link layer transparent encryption system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| GB2462012A (en) * | 2008-09-05 | 2010-01-27 | Ibm | Authenticating an entity and/or a transaction with the entity to a service provider |
| CN102318258A (en) * | 2009-02-17 | 2012-01-11 | 阿尔卡特朗讯公司 | Identity based authenticated key agreement protocol |
| CN102594570A (en) * | 2012-04-11 | 2012-07-18 | 福建师范大学 | Key threshold algorithm based on level identity encryption |
| CN102624526A (en) * | 2011-11-28 | 2012-08-01 | 苏州奇可思信息科技有限公司 | Simple identity authentication method for file transfer protocol (FTP) |
-
2013
- 2013-05-31 CN CN201310212203.2A patent/CN103354498B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| GB2462012A (en) * | 2008-09-05 | 2010-01-27 | Ibm | Authenticating an entity and/or a transaction with the entity to a service provider |
| CN102318258A (en) * | 2009-02-17 | 2012-01-11 | 阿尔卡特朗讯公司 | Identity based authenticated key agreement protocol |
| CN102624526A (en) * | 2011-11-28 | 2012-08-01 | 苏州奇可思信息科技有限公司 | Simple identity authentication method for file transfer protocol (FTP) |
| CN102594570A (en) * | 2012-04-11 | 2012-07-18 | 福建师范大学 | Key threshold algorithm based on level identity encryption |
Non-Patent Citations (1)
| Title |
|---|
| 两方交集保密计算协议的设计和实现;陈治宇;《中国优秀硕士学位论文全文数据库信息科技辑》;20091015(第10期);I138-31第18页,第2.3节第1段 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103354498A (en) | 2013-10-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103354498B (en) | A kind of file encryption transmission method of identity-based | |
| US10985910B2 (en) | Method for exchanging keys authenticated by blockchain | |
| CN104270249B (en) | It is a kind of from the label decryption method without certificate environment to identity-based environment | |
| JP3816337B2 (en) | Security methods for transmission in telecommunications networks | |
| Asokan et al. | Applicability of identity-based cryptography for disruption-tolerant networking | |
| CN105743646B (en) | A kind of Identity based encryption method and system | |
| CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
| JP2003298568A (en) | Authenticated identification-based cryptosystem with no key escrow | |
| CA2949847A1 (en) | System and method for secure deposit and recovery of secret data | |
| WO2010078755A1 (en) | Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof | |
| BRPI0300875B1 (en) | METHODS FOR AUTHENTICATING POTENTIAL MEMBERS INVITED TO JOIN A GROUP | |
| US20170279807A1 (en) | Safe method to share data and control the access to these in the cloud | |
| Asokan | Anonymity in a mobile computing environment | |
| CN108011885B (en) | E-mail encryption method and system based on group cryptosystem | |
| CN109951513A (en) | Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card | |
| US11722466B2 (en) | Methods for communicating data utilizing sessionless dynamic encryption | |
| CN103297230B (en) | Information encipher-decipher method, Apparatus and system | |
| GB2543359A (en) | Methods and apparatus for secure communication | |
| CN116668167A (en) | Intelligent contract method for data communication based on block chain | |
| CN112019553B (en) | Data sharing method based on IBE/IBBE | |
| Li et al. | Blockchain-Based Portable Authenticated Data Transmission for Mobile Edge Computing: A Universally Composable Secure Solution | |
| Prabhu et al. | Security in computer networks and distributed systems | |
| Banoth et al. | Asymmetric Key Cryptography | |
| KR20070026285A (en) | Electronic signature identification trnasfer method that uses cellular phone channel(sms) in p2p network | |
| Dugardin et al. | A New Fair Identity Based Encryption Scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING CHUANGSHI TAIKE TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: BEIJING PENGYUCHENG SOFTWARE TECHNOLOGY CO., LTD. Effective date: 20150113 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150113 Address after: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building No. 6 A block 1602 Applicant after: Beijing Genesis Technology Co., Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building No. 6 A block 1602 Applicant before: Beijing PYC Software Co., Ltd. |
|
| CB02 | Change of applicant information |
Address after: 100088 Beijing City, Haidian District Zhichun Road No. 6 (Jinqiu International Building) A District 1309, 1310, 1601. Applicant after: Beijing Transtec Technology Co., Ltd. Address before: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building No. 6 A block 1602 Applicant before: Beijing Genesis Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |