CN105025007A - A secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers - Google Patents
A secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers Download PDFInfo
- Publication number
- CN105025007A CN105025007A CN201510312418.0A CN201510312418A CN105025007A CN 105025007 A CN105025007 A CN 105025007A CN 201510312418 A CN201510312418 A CN 201510312418A CN 105025007 A CN105025007 A CN 105025007A
- Authority
- CN
- China
- Prior art keywords
- mobile phone
- application
- server
- cpk
- secure communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006854 communication Effects 0.000 title claims abstract description 45
- 238000004891 communication Methods 0.000 title claims abstract description 44
- 238000000034 method Methods 0.000 claims abstract description 14
- 238000012795 verification Methods 0.000 claims description 7
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000001629 sign test Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 13
- 238000007726 management method Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 238000013517 stratification Methods 0.000 description 3
- 238000009825 accumulation Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 239000006185 dispersion Substances 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers. The method comprises steps of user warrant application and safety communication. Through adoption of CPK authentication technology, safe encryption communication between the intelligent handset applications and between the intelligent handset applications and the servers can be carried out; databases with large amount of data do not need to be maintained; and the operation efficiency is substantially raised.
Description
Technical field
The present invention relates to information security technology, particularly relate between the smart mobile phone application based on CPK, mobile phone is applied to secure communication mode between server.
Background technology
Along with the development of the Internet, also more and more higher to the requirement of computer and network security, corresponding cryptographic algorithm and technology are also flourish.Current encryption technology can be divided into two classes, i.e. symmetric key technique and unsymmetrical key technology.Wherein unsymmetrical key technology is owing to can avoiding the needs by network delivery decruption key and private key and being widely used.
Unsymmetrical key at present technology the most known in those skilled in the art is PKI (Public KeyInfrastructure).The operation of PKI is by two large parts: CA (Certification Authority) mechanism of stratification and huge certificate repository LDAP.PKI solves the binding of mark and key by third party's notarization.Need the ca authentication mechanism setting up huge stratification for this reason.PKI also will lean on the support of the certificate repository of on-line operation, and the on-line operation of certificate repository has caused a large amount of network information flow volumes, and a such as side, in order to obtain the certificate of communication counterpart, just needs to CA certification layer by layer.Just because of the Verification System dependence database on-line operation realized based on PKI technology, its operational efficiency is very low, and disposal ability is little.According to U.S. Department of Defense's reflection, PKI will cause information explosion, and U.S. army's communication in the future is also difficult to meet PKI bandwidth demand, and cause mechanism to explode, for supporting 2,000,000 CAC cards, the entire PLA has increased 2500 CA work stations newly, and personal management and funds are to the degree that can't bear the heavy load.So current scholars, comprise part PKI company, find a kind of new outlet.
The another kind very promising confidential technique of tool is IBE (Identity Based Eneryption).1984, Shamir proposed the signature imagination based on mark, and inferred the existence of the cryptographic system (being called for short IBE:Identity BasedEneryption) based on mark, but never found concrete implementation method.
Calendar year 2001 Don Boneh and Matthew Franklin according to the idea of Shamir, propose from Weil pairing realize based on mark cryptographic system.Compared with PKI technology, although IBE algorithm eliminates huge stratification CA mechanism, need to retain user-dependent parameter.Verification System based on IBE algorithm realization relies on database on-line operation, and its operational efficiency is very low, and disposal ability is also little.Because parameter is relevant to each user, parameter amount is directly proportional to customer volume.As long as need to announce user related information, just need the support of the databases such as catalogue storehouse (LDAP), and then also have no idea to reduce dynamic on-line maintenance amount.
The development of public network and application, propose the new requirement of constructing trustable network system.Verification System is the core technology of trustable network system, is then cipher key technique in the core technology of Verification System.Two large difficult points are had: scale and the key distribution based on mark in cipher key technique.CPK cipher key technique just in time solves this two difficult points, creates condition for realizing that scale public network realizes trusted system.
CPK algorithm is the same with IBE algorithm, is also the public key algorithm based on mark.CPK does not need the online support of database, and an available chip realizes, and scale, economy, feasibility, operational efficiency have the advantage that aforementioned two kinds of systems are incomparable.
Along with popularizing of smart mobile phone, the trend of mobile office is irresistible all the more.But enterprise can be relieved the prerequisite of expansion mobile office, be that the server end of mobile phone terminal and corporate intranet can carry out safe coded communication.
Common secure communication mode is SSL/TLS, but it needs Third Party Authentication mechanism, must have the support of the certificate repository of on-line operation, and need to safeguard the database with big data quantity, take a large amount of memory spaces, efficiency during operation is not high yet, and processing speed is very slow.
Summary of the invention
The technical problem to be solved in the present invention overcomes existing defect, adopt CPK authentication techniques, provide the secure communication mode between the smart mobile phone application based on CPK, between mobile phone application and server, it does not need the database safeguarding big data quantity, and the efficiency of operation is greatly enhanced.
In order to solve the problems of the technologies described above, the invention provides following technical scheme:
Based on CPK mobile phone application between and and server between secure communication mode, comprise user certificate application and secure communication,
User certificate application comprises:
Plant subcard generating center KPC, according to elliptic curve parameter selected in CPK authentication techniques, generate public and private key matrix, and in the secret key card of the seed importing to KMC KMC;
KMC KMC, according to the secret key card of the seed of oneself, and the individual unique subscriber identification of user, generate user certificate;
Register Authority RMC, is responsible for carrying out identity examination & verification to user certificate application, by obtaining the user certificate generated afterwards from KMC KMC, is circulated into user mobile phone APP;
Mobile phone terminal APP, utilizes user certificate to carry out the negotiation of communication key;
Secure communication comprises the following steps:
(1) mobile phone application sends the symmetric encipherment algorithm list of oneself support to the application of another mobile phone or server, and brings a random number a;
(2), after the application of another mobile phone or server receive message, return the cryptographic algorithm that stage of communication will use, and bring a random number b;
(3) after mobile phone application receives message, produce random number c, generated the symmetric cryptographic key of stage of communication needs by a, b, c;
(4) mobile phone application CPK encrypted private key random number c, the individual unique subscriber identification enclosing oneself sends to another mobile phone to apply or server in the lump;
(5) the individual unique subscriber identification of the application of another mobile phone or the application of server mobile phone calculates the PKI of mobile phone application, and decrypted random number c, the symmetric key of stage of communication needs is generated equally by a, b, c;
(6) if mobile phone application need another mobile phone of certification apply or server, then another mobile phone application or server send CPK sign mobile phone application, and by mobile phone apply carry out sign test; If the application of another mobile phone or server need certification mobile phone apply, then mobile phone application sends CPK another mobile phone of signing and applies or server, and is applied by another mobile phone or server carries out sign test;
(7) mobile phone application and the application of another mobile phone or server use the cryptographic algorithm of consulting out to carry out formal communication with the secret key of encryption.
Further, individual unique subscriber identification mainly CPK ID.
Further, user certificate mainly a pair public and private key.
Further, Register Authority RMC also provides the condition managing of user certificate.
The present invention is based on CPK mobile phone application between and and server between secure communication mode, adopt CPK authentication techniques, make smart mobile phone apply between, smart mobile phone is applied between server and can carries out safe coded communication, and not needing the database safeguarding big data quantity, the efficiency of operation is greatly enhanced.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the overall sequential chart of user certificate application;
Fig. 2 is secure communication sequential chart.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
CPK is writing a Chinese character in simplified form of Conbined public or double key (Combined Public Key).CPK key management system be dispersed accumulation type based on the mark secret generating of (identity) and the system of management.It builds public-key cryptography and private cipher key matrix according to the mathematical principle of dispersed accumulation, the change commanders identity map of entity of hash function and cipher table is adopted to be row-coordinate and the row coordinate sequence of matrix, in order to choose and combination matrix element, generate the public affairs be made up of public-key cryptography and private cipher key, the private key pair of substantial amounts, thus realize producing and distribution based on the ultra-large key of mark.
CPK key algorithm utilizes that discrete logarithm, elliptic curve cipher are theoretical, structure is public, private key pair, with mapping algorithm by public, private key variable and user ID binding thus the key management solved based on mark.The key management of CPK adopts key centralized production, plans as a whole the Centralized Mode allotted, have can control, manageable advantage, be convenient to the network trust system built from top to bottom.The key management of CPK have employed the operational mode of key dispersion storage, static call, thus can realize third party and non-formerly certification.
Based on CPK mobile phone application between and and server between secure communication mode, comprise user certificate application and secure communication,
As shown in Figure 1, user certificate application comprises:
Plant subcard generating center KPC, according to elliptic curve parameter selected in CPK authentication techniques, generate public and private key matrix, and in the secret key card of the seed importing to KMC KMC;
KMC KMC, according to the secret key card of the seed of oneself, and the individual unique subscriber identification (mainly CPKID) of user, generate user certificate (mainly a pair public and private key);
Register Authority RMC, is responsible for carrying out identity examination & verification to user certificate application, by obtaining the user certificate generated afterwards from KMC KMC, is circulated into user mobile phone APP; Register Authority RMC also provides the condition managing of user certificate, such as reports the loss, locks, unblock etc.;
Mobile phone terminal APP, utilizes user certificate to carry out the negotiation of communication key;
As shown in Figure 2, the coded communication process between smart mobile phone application, between smart mobile phone application and service device is similar, below supposes to need secure communication between A and B, comprises the following steps:
(1) A sends the symmetric encipherment algorithm list of oneself support to B, and brings a random number a;
(2) after B receives message, return the cryptographic algorithm that stage of communication will use, and bring a random number b;
(3) after A receives message, produce random number c, generated the symmetric cryptographic key of stage of communication needs by a, b, c;
(4) A CPK encrypted private key random number c, the CPK ID enclosing oneself sends to B in the lump;
(5) the CPK ID of B A calculates the PKI of A, and decrypted random number c, the symmetric key of stage of communication needs is generated equally by a, b, c;
(6) if A (B) needs certification B (A), then B (A) sends CPK and to sign A (B), and carries out sign test by A (B);
(7) A and B uses the cryptographic algorithm of consulting out to carry out formal communication with the secret key of encryption.
The present invention is based on CPK mobile phone application between and and server between secure communication mode, adopt CPK authentication techniques, make smart mobile phone apply between, smart mobile phone is applied between server and can carries out safe coded communication, and not needing the database safeguarding big data quantity, the efficiency of operation is greatly enhanced.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (4)
1. based on CPK mobile phone application between and and server between secure communication mode, it is characterized in that: described secure communication mode comprises user certificate application and secure communication, described user certificate application comprises:
Plant subcard generating center KPC, according to elliptic curve parameter selected in CPK authentication techniques, generate public and private key matrix, and in the secret key card of the seed importing to KMC KMC;
KMC KMC, according to the secret key card of the seed of oneself, and the individual unique subscriber identification of user, generate user certificate;
Register Authority RMC, is responsible for carrying out identity examination & verification to user certificate application, by obtaining the user certificate generated afterwards from KMC KMC, is circulated into user mobile phone APP;
Mobile phone terminal APP, utilizes user certificate to carry out the negotiation of communication key;
Described secure communication comprises the following steps:
(1) mobile phone application sends the symmetric encipherment algorithm list of oneself support to the application of another mobile phone or server, and brings a random number a;
(2), after the application of another mobile phone or server receive message, return the cryptographic algorithm that stage of communication will use, and bring a random number b;
(3) after mobile phone application receives message, produce random number c, generated the symmetric cryptographic key of stage of communication needs by a, b, c;
(4) mobile phone application CPK encrypted private key random number c, the individual unique subscriber identification enclosing oneself sends to another mobile phone to apply or server in the lump;
(5) the individual unique subscriber identification of the application of another mobile phone or the application of server mobile phone calculates the PKI of mobile phone application, and decrypted random number c, the symmetric key of stage of communication needs is generated equally by a, b, c;
(6) if mobile phone application need another mobile phone of certification apply or server, then another mobile phone application or server send CPK sign mobile phone application, and by mobile phone apply carry out sign test; If the application of another mobile phone or server need certification mobile phone apply, then mobile phone application sends CPK another mobile phone of signing and applies or server, and is applied by another mobile phone or server carries out sign test;
(7) mobile phone application and the application of another mobile phone or server use the cryptographic algorithm of consulting out to carry out formal communication with the secret key of encryption.
2. between the mobile phone based on CPK according to claim 1 application and and server between secure communication mode, it is characterized in that: described individual unique subscriber identification mainly CPK ID.
3. between the mobile phone based on CPK according to claim 1 application and and server between secure communication mode, it is characterized in that: described user certificate is a pair public and private key mainly.
4. between the mobile phone based on CPK according to claim 1 application and and server between secure communication mode, it is characterized in that: described Register Authority RMC also provides the condition managing of user certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510312418.0A CN105025007A (en) | 2015-06-09 | 2015-06-09 | A secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510312418.0A CN105025007A (en) | 2015-06-09 | 2015-06-09 | A secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105025007A true CN105025007A (en) | 2015-11-04 |
Family
ID=54414712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510312418.0A Pending CN105025007A (en) | 2015-06-09 | 2015-06-09 | A secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105025007A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105282179A (en) * | 2015-11-27 | 2016-01-27 | 中国电子科技集团公司第五十四研究所 | Family Internet of things security control method based on CPK |
| CN106713236A (en) * | 2015-11-17 | 2017-05-24 | 成都腾甲数据服务有限公司 | End-to-end identity authentication and encryption method based on CPK identifier authentication |
| CN108012268A (en) * | 2017-12-08 | 2018-05-08 | 北京虎符信息技术有限公司 | A kind of mobile phone terminal SIM card and the method for safe handling App, medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859091A (en) * | 2006-06-06 | 2006-11-08 | 南相浩 | Credible link safety verifying system and method based on CPK |
| US20090097657A1 (en) * | 2007-10-05 | 2009-04-16 | Scheidt Edward M | Constructive Channel Key |
| CN101150399B (en) * | 2007-10-12 | 2011-01-19 | 四川长虹电器股份有限公司 | Generation method for share secret key |
| CN103618607A (en) * | 2013-11-29 | 2014-03-05 | 北京易国信科技发展有限公司 | Method for data security transmission and key exchange |
-
2015
- 2015-06-09 CN CN201510312418.0A patent/CN105025007A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859091A (en) * | 2006-06-06 | 2006-11-08 | 南相浩 | Credible link safety verifying system and method based on CPK |
| US20090097657A1 (en) * | 2007-10-05 | 2009-04-16 | Scheidt Edward M | Constructive Channel Key |
| CN101150399B (en) * | 2007-10-12 | 2011-01-19 | 四川长虹电器股份有限公司 | Generation method for share secret key |
| CN103618607A (en) * | 2013-11-29 | 2014-03-05 | 北京易国信科技发展有限公司 | Method for data security transmission and key exchange |
Non-Patent Citations (1)
| Title |
|---|
| 许照慧等: "基于CPK的终端软件安全管理系统的研究", 《计算机工程与设计》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106713236A (en) * | 2015-11-17 | 2017-05-24 | 成都腾甲数据服务有限公司 | End-to-end identity authentication and encryption method based on CPK identifier authentication |
| CN105282179A (en) * | 2015-11-27 | 2016-01-27 | 中国电子科技集团公司第五十四研究所 | Family Internet of things security control method based on CPK |
| CN105282179B (en) * | 2015-11-27 | 2018-12-25 | 中国电子科技集团公司第五十四研究所 | A method of family's Internet of Things security control based on CPK |
| CN108012268A (en) * | 2017-12-08 | 2018-05-08 | 北京虎符信息技术有限公司 | A kind of mobile phone terminal SIM card and the method for safe handling App, medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101039182B (en) | Authentication system and method for issuing user identification certificate | |
| Fan et al. | TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability | |
| CN113556363B (en) | Data sharing method and system based on decentralized and distributed proxy re-encryption | |
| Song et al. | Efficient Attribute‐Based Encryption with Privacy‐Preserving Key Generation and Its Application in Industrial Cloud | |
| CN102088349B (en) | Personalized method and system of intelligent card | |
| AU2006205987A1 (en) | Identifier-based private key generating method and device | |
| CN107733654B (en) | Intelligent equipment firmware updating and official user certificate distribution method based on combined key | |
| CN103618728A (en) | Attribute-based encryption method for multiple authority centers | |
| CN112966022B (en) | Information query method, device and system of data transaction platform | |
| CN113708917B (en) | APP user data access control system and method based on attribute encryption | |
| Balamurugan et al. | Extensive survey on usage of attribute based encryption in cloud | |
| Saxena et al. | Hybrid cloud computing for data security system | |
| CN114244502A (en) | Signature key generation method and device based on SM9 algorithm and computer equipment | |
| CN105025007A (en) | A secure communication mode based on a CPK and applied between handset applications and between the handset applications and servers | |
| CN116644479A (en) | A tamper-proof electronic contract signing method based on blockchain technology | |
| Li et al. | A privacy-preserving lightweight energy data sharing scheme based on blockchain for smart grid | |
| EP4008086A1 (en) | System and method of cryptographic key management in a plurality of blockchain based computer networks | |
| CN103490890A (en) | Combination public key authentication password method based on conic curves | |
| CN116707969A (en) | Ciphertext attribute-based proxy re-encryption method and computer-readable storage medium containing the program | |
| Jahan et al. | Method for providing secure and private fine-grained access to outsourced data | |
| Ramesh et al. | Comparative analysis of applications of identity-based cryptosystem in IoT | |
| Ding et al. | Secure Multi‐Keyword Search and Access Control over Electronic Health Records in Wireless Body Area Networks | |
| Silambarasan et al. | Attribute-based convergent encryption key management for secure deduplication in cloud | |
| Bai | Comparative research on two kinds of certification systems of the public key infrastructure (PKI) and the identity based encryption (IBE) | |
| Zhang et al. | Enabling efficient decentralized and privacy preserving data sharing in mobile cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Li Inventor after: Zong Xu Inventor after: Wang Yilei Inventor after: Ma Hong Inventor after: Shi Xiaobin Inventor after: Tang Lei Inventor before: Zong Xu Inventor before: Wang Yilei Inventor before: Shi Xiaobin Inventor before: Tang Lei |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170322 Address after: Kewei road Shenzhen city Guangdong province 518000 Nanshan District science and Technology Park No. 4 Room 102 Applicant after: Zhang Li Address before: 215000 Jiangsu, Suzhou high tech Zone, Chuk Yuen Road, No. 209 A5019 Applicant before: Wang Yilei |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20170517 Address after: Room 998, No. 5 building 401A Hangzhou city 311100 Zhejiang District of Yuhang province Wuchang Street West Applicant after: Hangzhou flash Mdt InfoTech Ltd Address before: Kewei road Shenzhen city Guangdong province 518000 Nanshan District science and Technology Park No. 4 Room 102 Applicant before: Zhang Li |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151104 |