CN103618600B - A kind of hybrid cryptographic key processing method of rivest, shamir, adelman - Google Patents
A kind of hybrid cryptographic key processing method of rivest, shamir, adelman Download PDFInfo
- Publication number
- CN103618600B CN103618600B CN201310521990.9A CN201310521990A CN103618600B CN 103618600 B CN103618600 B CN 103618600B CN 201310521990 A CN201310521990 A CN 201310521990A CN 103618600 B CN103618600 B CN 103618600B
- Authority
- CN
- China
- Prior art keywords
- key
- access
- terminal
- trigger condition
- mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a kind of hybrid cryptographic key processing method and system of rivest, shamir, adelman, by adopting the processing method of hybrid cryptographic key, incoming end equipment to terminal and access point carries out different treating with a certain discrimination, use the key of rivest, shamir, adelman, and use different key storage modes, the key handling that can implement to terminal difference to access device, access device to terminal, can rationally meet the requirement in safety, efficiency and space; The key handling of distinguishing according to the difference of equipment form, can make under the weak terminal environments of limited calculating storage resources, realizes bidirectional safe certification and coded communication based on key handling, effectively ensures the information security in Internet of Things or ubiquitous network.
Description
Technical field
The invention belongs to Computer Applied Technology field, relate to a kind of processing method and system of hybrid cryptographic key, specifically a kind of hybrid cryptographic key processing method based on rivest, shamir, adelman under weak terminal environments and the design of system.
Background technology
Along with the development and application of Internet of Things and ubiquitous network technology, more and more based on limited calculating storage terminal equipment in each economic field extensive must using, as Industry Control, agricultural modernization, environmental monitoring, goods and materials monitoring etc. Internet of Things needs security in the application in most of fields, and as terminal payment, maintain secrecy monitoring, core industry control etc., the environment of safety can ensure that these application scenarios are not subject to external attack, as poisoning intrusion, certification invasion, spoof attack etc.
In prior art; the realization of security generally can realize by physical protection, two kinds of modes of message protection; but physical protection is a kind of foundation to protect of versatility; the main mode that still adopts message protection; its core that ensures information security is exactly the key management based on cryptosystem, and the safety certification and the coded communication system that form thus. In Internet of Things or ubiquitous network, the weak terminal environments of limited calculating storage resources is very general, wherein weak terminal environments refers to the relatively limited terminal environments of hardware resource such as calculating, storage and network, particularly important for the key management of cryptosystem under this environment. But the general key management based on symmetric encipherment algorithm, owing to using same encryption and decryption key, causes in business application widely and has very large risk.
Summary of the invention
Technical problem to be solved by this invention is hybrid cryptographic key processing method and the system that a kind of rivest, shamir, adelman is provided for the problem of the cipher key processing method existence under weak terminal environments in prior art, and it has safety, efficient feature.
The technical scheme that the present invention solves its technical problem employing is: a kind of hybrid cryptographic key processing method of rivest, shamir, adelman, specifically comprises:
According to equipment form distributed key to or key seed pond, and each trigger condition is set;
Trigger key updating strategy according to trigger condition, carry out key updating;
Trigger cipher key destruction strategy according to trigger condition, carry out cipher key destruction;
Trigger key recovery according to trigger condition, carry out key recovery.
Further, described according to equipment form distributed key to or the key step in key seed pond be:
S11, equipment form are terminal devices, the access device PKI kind subpool that the private key of key handling system terminal for distributing mark and terminal device need to access;
S12, equipment form are the access devices of access point, the private key kind subpool of the access device mark of key handling system distribution access point and the PKI of the Terminal Equipment Identifier that access point can be accessed;
S13, the trigger condition of each key handling system is set.
Further, the trigger condition of described key handling system comprises: the time trigger condition of key distribution trigger condition, key updating, the location triggered condition of key updating, cipher key destruction trigger condition, key recovery trigger condition.
Further, the key step of described key updating is:
S21, according to trigger condition initiate key updating;
S22, based on existing key to or key seed pond, carry out safety certification and session, then carry out online or off-line and upgrade;
S23, equipment form are terminal devices, upgrade the private key of its Terminal Equipment Identifier;
S24, equipment form are the access devices of access point, upgrade the PKI of the mark that the terminal device of its storage is corresponding.
Further, the key step of described cipher key destruction is:
S31, according to trigger condition initiate cipher key destruction;
S32, equipment form are terminal devices, and key handling system is revoked the private key of Terminal Equipment Identifier, and in the access device of access point, remove the mark PKI that terminal device is corresponding;
S33, equipment form are the access devices of access point, key handling system is revoked access device, whether effectively remove this access device and be identified at the equipment that the identifying record in key handling system, private key kind subpool and this access device of removing access device mark allow the mark PKI corresponding to all terminal devices of accessing simultaneously.
Further, the key step of described key recovery is:
S41, according to trigger condition initiate key recovery;
S42, equipment form are terminal devices, and key handling system is recovered the private key of Terminal Equipment Identifier and the access point apparatus PKI kind subpool that terminal device need to access;
S43, equipment form are access point access devices, and key handling system is recovered the private key kind subpool of access device mark and allowed the mark PKI corresponding to terminal device of access.
For technical solution problem, the present invention also provides a kind of hybrid cryptographic key treatment system of rivest, shamir, adelman, specifically comprise key handling system, key distribution module, key updating module, cipher key destruction module and key recovery module, described key handling system is for arranging the trigger condition of other modules, described key distribution module for according to equipment form distributed key to or key seed pond, described key updating module is for initiating key updating according to trigger condition, described cipher key destruction module is for initiating cipher key destruction according to trigger condition, described key recovery module is for initiating key recovery according to trigger condition.
The invention has the beneficial effects as follows: hybrid cryptographic key processing method and the system of a kind of rivest, shamir, adelman of the present invention, by adopting the processing method of hybrid cryptographic key, incoming end equipment to terminal and access point carries out different treating with a certain discrimination, use the key of rivest, shamir, adelman, and use different key storage modes, the key handling that can implement to terminal difference to access device, access device to terminal, can rationally meet the requirement in safety, efficiency and space; The key handling of distinguishing according to the difference of equipment form, can make under the weak terminal environments of limited calculating storage resources, realizes bidirectional safe certification and coded communication based on key handling, effectively ensures the information security in Internet of Things or ubiquitous network.
Brief description of the drawings
Fig. 1 is a kind of hybrid cryptographic key processing method of rivest, shamir, adelman of the embodiment of the present invention network topology schematic diagram under weak terminal environments;
Fig. 2 is the module diagram of the hybrid cryptographic key treatment system of a kind of rivest, shamir, adelman of the embodiment of the present invention;
Fig. 3 is device storage district key and key seed pond schematic diagram in a kind of hybrid cryptographic key processing method of rivest, shamir, adelman of the embodiment of the present invention;
Fig. 4 is location triggered key new schematic diagram more in a kind of hybrid cryptographic key processing method of rivest, shamir, adelman of the embodiment of the present invention.
Detailed description of the invention
The network topology schematic diagram of the hybrid cryptographic key processing method that is illustrated in figure 1 a kind of rivest, shamir, adelman of the present invention under weak terminal environments, the method specifically comprises:
According to equipment form distributed key to or key seed pond, and each trigger condition is set;
Wherein, be illustrated in figure 3 device storage district key and key seed pond schematic diagram, described according to equipment form distributed key to or the key step in key seed pond be:
S11, equipment form are terminal devices, the access device PKI kind subpool that the private key of key handling system terminal for distributing mark and terminal device need to access;
S12, equipment form are the access devices of access point, the private key kind subpool of the access device mark of key handling system distribution access point and the PKI of the Terminal Equipment Identifier that access point can be accessed;
S13, the trigger condition of each key handling system is set.
Trigger key updating strategy according to trigger condition, carry out key updating;
Wherein, the key step of described key updating is:
S21, according to trigger condition initiate key updating;
S22, based on existing key to or key seed pond, carry out safety certification and session, then carry out online or off-line and upgrade;
S23, equipment form are terminal devices, upgrade the private key of its Terminal Equipment Identifier;
S24, equipment form are the access devices of access point, upgrade the PKI of the mark that the terminal device of its storage is corresponding.
Trigger cipher key destruction strategy according to trigger condition, carry out cipher key destruction;
Wherein, the key step of described cipher key destruction is:
S31, according to trigger condition initiate cipher key destruction;
S32, equipment form are terminal devices, and key handling system is revoked the private key of Terminal Equipment Identifier, and in the access device of access point, remove the mark PKI that terminal device is corresponding;
S33, equipment form are the access devices of access point, key handling system is revoked access device, whether effectively remove this access device and be identified at the equipment that the identifying record in key handling system, private key kind subpool and this access device of removing access device mark allow the mark PKI corresponding to all terminal devices of accessing simultaneously;
Trigger key recovery according to trigger condition, carry out key recovery.
Wherein, the key step of described key recovery is:
S41, according to trigger condition initiate key recovery;
S42, equipment form are terminal devices, and key handling system is recovered the private key of Terminal Equipment Identifier and the access point apparatus PKI kind subpool that terminal device need to access;
S43, equipment form are access point access devices, and key handling system is recovered the private key kind subpool of access device mark and allowed the mark PKI corresponding to terminal device of access.
Simultaneously, the present invention also provides a kind of hybrid cryptographic key treatment system of rivest, shamir, adelman, be illustrated in figure 2 its system block diagram, specifically comprise key handling system, key distribution module, key updating module, cipher key destruction module and key recovery module, described key handling system is for arranging the trigger condition of other modules, described key distribution module for according to equipment form distributed key to or key seed pond, described key updating module is for initiating key updating according to trigger condition, described cipher key destruction module is for initiating cipher key destruction according to trigger condition, described key recovery module is for initiating key recovery according to trigger condition.
For those skilled in the art can understand and implement technical solution of the present invention, be that example is elaborated below in conjunction with the read write line-tag environment of active RFID:
By key handling system, each trigger condition is set, key distribution module according to equipment form distributed key to or key seed pond. In embodiments of the present invention, key handling system is that key modules is unified to the center of processing, it is new equipment application key that key distribution trigger condition is wherein set, and the time trigger condition that key updating is set is that the mark PKI of Terminal Equipment Identifier private key and correspondence thereof and private key kind subpool and the corresponding PKI kind subpool update cycle thereof of access point access device mark are 1 year; The location triggered condition that key updating is set is simultaneously that Terminal Equipment Identifier enters new access point access device scope, is illustrated in figure 4 location triggered key new schematic diagram more, now upgrades terminal iidentification private key and corresponding PKI thereof. It is that system is received key revocation request that cipher key destruction trigger condition is set. It is that key is lost and initiates key recovery request to system that key recovery trigger condition is set.
Wherein, key distribution module can be processed respectively according to the difference of equipment form, for read write line equipment, be designated as R, label is designated as Ti, distributes the mark PKI set of all labels of this read write line read-write scope, be designated as QR, wherein the mark PKI of Qi corresponding label Ti, wherein Qi ∈ QR; Distribute the mark private key kind subpool SA of read write line simultaneously. For labeling apparatus, distribute the mark private key of this label; Distribute the mark PKI kind subpool SB of label simultaneously.
Wherein, key updating step is initiated key updating according to condition, based on existing key to or key seed pond, carry out safety certification and session, then carry out online or off-line and upgrade; When label enters after new reader read-write scope, reader is found new label, carries out key updating. Reader is initiated step of updating, all carries out safety certification and secured session in reader step of updating simultaneously.
According to 1 year key updating cycle be example, if arrive update time, label or reader are initiated step of updating, all carry out safety certification and secured session in step of updating.
Due to " equipment form is terminal device, upgrades the private key of Terminal Equipment Identifier ", relate to the key updating on label, by secured session, obtain new mark private key; Or by secured session, obtain new mark PKI kind subpool SA.
Due to " equipment form is the access device of access point; pass through secured session; upgrade the PKI of the mark that the terminal device of access device storage is corresponding ", relate to the key updating of reader, upgrade and newly enter mark PKI corresponding to reader read-write range tag, and obtain the mark PKI set QR of new read-write scope interior label; Or by secured session, obtain new mark private key kind subpool SB.
In cipher key destruction step, initiate cipher key destruction according to condition; The embodiment of the present invention is to initiate cipher key destruction flow process according to the cipher key destruction request in system.
If equipment form is terminal device, in key handling system, revokes the private key of its device identification, and in the access device of related access point, remove the mark PKI that terminal device is corresponding; Be specially the cipher key destruction of label, key handling system is revoked the mark private key of label, by with the reader secured session that reads this label, reader is removed mark PKI corresponding to this label on storage area.
If equipment form is the access device of access point, in key handling system, revoke the corresponding record of its device identification, in removing equipment, private key kind subpool and this access device allow the mark PKI corresponding to all terminal devices of accessing simultaneously; Be specially reader cipher key destruction, key handling system is revoked the mark of reader, removes the private key kind subpool stored in reader and the mark PKI set of label by secured session simultaneously.
In key recovery step, initiate key recovery according to condition; In the embodiment of the present invention, be by losing because of key, system is initiated the key recovery flow process taking key recovery request as triggering.
If equipment form is terminal device, in key handling system, recover private key and the PKI kind subpool of its device identification; Be specially, the key recovery of label by security means, as serial ports writes etc., returns to the mark private key of this label of system backup and PKI kind subpool the storage area of label by system.
If equipment form is access point access device, in key handling system, recover the private key kind subpool of its device identification and the mark PKI corresponding to terminal device of permission access; Be specially, the key recovery of read write line is returned to the tag identifier PKI set of this reader of system backup and private key kind subpool by security means the storage area of reader by system.
The above embodiment has only been expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but can not therefore be interpreted as the restriction to the scope of the claims of the present invention. It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.
Claims (5)
1. a hybrid cryptographic key processing method for rivest, shamir, adelman, is characterized in that, specifically comprises:
According to equipment form distributed key to or key seed pond, and each trigger condition is set;
Trigger key updating strategy according to trigger condition, carry out key updating;
Trigger cipher key destruction strategy according to trigger condition, carry out cipher key destruction;
Trigger key recovery according to trigger condition, carry out key recovery;
Described according to equipment form distributed key to or the key step in key seed pond be:
S11, equipment form are terminal devices, and private key and the terminal device of key handling system terminal for distributing mark need to connectThe access device PKI kind subpool entering;
S12, equipment form are the access devices of access point, the private key kind of the access device mark of key handling system distribution access pointThe PKI of the Terminal Equipment Identifier that subpool and access point can be accessed;
S13, the trigger condition of each key handling system is set.
2. the hybrid cryptographic key processing method of a kind of rivest, shamir, adelman as claimed in claim 1, is characterized in that, described closeThe trigger condition of key treatment system comprises: the time trigger condition of key distribution trigger condition, key updating, the position of key updatingPut trigger condition, cipher key destruction trigger condition, key recovery trigger condition.
3. the hybrid cryptographic key processing method of a kind of rivest, shamir, adelman of stating as claim 1 or 2 offices, is characterized in that,The key step of described key updating is:
S21, according to trigger condition initiate key updating;
S22, based on existing key to or key seed pond, carry out safety certification and session, then carry out online or off-line and upgrade;
S23, equipment form are terminal devices, upgrade the private key of its Terminal Equipment Identifier;
S24, equipment form are the access devices of access point, upgrade the PKI of the mark that the terminal device of its storage is corresponding.
4. the hybrid cryptographic key processing method of a kind of rivest, shamir, adelman as claimed in claim 3, is characterized in that, described closeThe key step that key is destroyed is:
S31, according to trigger condition initiate cipher key destruction;
S32, equipment form are terminal devices, and key handling system is revoked the private key of Terminal Equipment Identifier, and in the access of access pointIn equipment, remove the mark PKI that terminal device is corresponding;
S33, equipment form are the access devices of access point, and key handling system is revoked access device, remove this access device markKnow whether effectively record of the equipment that identifying in key handling system, remove simultaneously access device mark private key kind subpool andThis access device allows the mark PKI corresponding to all terminal devices of access.
5. the hybrid cryptographic key processing method of a kind of rivest, shamir, adelman as claimed in claim 3, is characterized in that, described closeThe key step that key recovers is:
S41, according to trigger condition initiate key recovery;
S42, equipment form are terminal devices, and private key and terminal device that key handling system is recovered Terminal Equipment Identifier need accessAccess point apparatus PKI kind subpool;
S43, equipment form are access point access devices, and key handling system is recovered private key kind subpool and the permission of access device markThe mark PKI corresponding to terminal device of access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310521990.9A CN103618600B (en) | 2013-10-29 | 2013-10-29 | A kind of hybrid cryptographic key processing method of rivest, shamir, adelman |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310521990.9A CN103618600B (en) | 2013-10-29 | 2013-10-29 | A kind of hybrid cryptographic key processing method of rivest, shamir, adelman |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103618600A CN103618600A (en) | 2014-03-05 |
| CN103618600B true CN103618600B (en) | 2016-05-25 |
Family
ID=50169304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310521990.9A Expired - Fee Related CN103618600B (en) | 2013-10-29 | 2013-10-29 | A kind of hybrid cryptographic key processing method of rivest, shamir, adelman |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103618600B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2017521934A (en) * | 2014-06-27 | 2017-08-03 | ジェラード リンGerard Lin | Method of mutual verification between client and server |
| CN109756329B (en) * | 2019-01-15 | 2021-08-31 | 如般量子科技有限公司 | Anti-quantum computing shared key negotiation method and system based on private key pool |
| CN110430044A (en) * | 2019-07-10 | 2019-11-08 | 南京工业大学 | A kind of double layer encryption method based on ElGamal encryption |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101873588A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Method and system for realizing service application safety |
| CN102111761A (en) * | 2009-12-28 | 2011-06-29 | 深圳华为通信技术有限公司 | Secrete key management method and equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1249964A3 (en) * | 2001-04-12 | 2004-01-07 | Matsushita Electric Industrial Co., Ltd. | Reception terminal, key management apparatus, and key updating method for public key cryptosystem |
| KR100523357B1 (en) * | 2003-07-09 | 2005-10-25 | 한국전자통신연구원 | Key management device and method for providing security service in epon |
-
2013
- 2013-10-29 CN CN201310521990.9A patent/CN103618600B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102111761A (en) * | 2009-12-28 | 2011-06-29 | 深圳华为通信技术有限公司 | Secrete key management method and equipment |
| CN101873588A (en) * | 2010-05-27 | 2010-10-27 | 大唐微电子技术有限公司 | Method and system for realizing service application safety |
Non-Patent Citations (5)
| Title |
|---|
| "分簇无线传感器网络的动态混合密钥管理策略";李兰英等;《计算机应用研究》;20090315;第26卷(第3期);第1112-1118页 * |
| "基于密钥的RFID双向认证安全协议";李仲阳等;《计算机安全》;20110715;第20-23页 * |
| "基于组合公钥的WSN认证协议的设计及分析";李林等;《信息安全与通信保密》;20090710;第93-95页 * |
| "物联网隐私保护及密钥管理机制中若干关键技术研究";闫韬;《中国博士学位论文全文数据库信息科技辑》;20130115;第I136-32页 * |
| "组合公钥密码体制密钥管理中心的研究与实现";庄育涵;《中国优秀硕士学位论文全文数据库信息科技辑》;20110315;第I139-243页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103618600A (en) | 2014-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Xiaohui | Study on security problems and key technologies of the internet of things | |
| CN103001773B (en) | Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC) | |
| CN104115442B (en) | RFID bidirectional authentication method based on asymmetric secret key and Hash function | |
| Bhabad et al. | Internet of things: architecture, security issues and countermeasures | |
| CN106656999A (en) | Secure transmission authentication method and device of IoT (Internet of Things) terminal equipment | |
| CN101847199A (en) | Security authentication method for radio frequency recognition system | |
| CN103618600B (en) | A kind of hybrid cryptographic key processing method of rivest, shamir, adelman | |
| CN103532718A (en) | Authentication method and authentication system | |
| CN103020542B (en) | Store the technology of the secret information being used for global data center | |
| CN105515757B (en) | Security information exchange device based on credible performing environment | |
| CN102984125A (en) | System and method of isolating mobile data | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| CN102752307B (en) | Based on transmission method and the system of the video monitoring data of mark | |
| CN102456119A (en) | One-time key scheme used for RFID digital certificate | |
| CN102611991A (en) | Internet/Internet of things computer intelligent module based on Beidou satellite navigation system | |
| CN207475576U (en) | A kind of safety mobile terminal system based on safety chip | |
| CN109726584A (en) | Cloud database key management system | |
| CN101719228B (en) | Method and device for data management of intelligent card | |
| CN105205405A (en) | Novel electronic file safe management system | |
| Mani Sekhar et al. | Security and privacy in 5G-enabled internet of things: a data analysis perspective | |
| CN206364833U (en) | One kind is based on large scale network key management system under GDOI agreements | |
| CN104601334B (en) | It is a kind of to resist the stolen RFID mutual authentication methods of identification table | |
| CN104468118A (en) | Communication safety method and system based on Hash function | |
| Sun et al. | A security scheme research of the Internet of Things based on the SA/NIA architecture | |
| Lawu et al. | A systematic literature review of internet of things cybersecurity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160525 Termination date: 20161029 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |