CN105406961A - key negotiation method, terminal and server - Google Patents

key negotiation method, terminal and server Download PDF

Info

Publication number
CN105406961A
CN105406961A CN201510738170.4A CN201510738170A CN105406961A CN 105406961 A CN105406961 A CN 105406961A CN 201510738170 A CN201510738170 A CN 201510738170A CN 105406961 A CN105406961 A CN 105406961A
Authority
CN
China
Prior art keywords
server
terminal
public key
key
coefficient
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510738170.4A
Other languages
Chinese (zh)
Other versions
CN105406961B (en
Inventor
罗宏波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gree Electric Appliances Inc of Zhuhai
Original Assignee
Gree Electric Appliances Inc of Zhuhai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gree Electric Appliances Inc of Zhuhai filed Critical Gree Electric Appliances Inc of Zhuhai
Priority to CN201510738170.4A priority Critical patent/CN105406961B/en
Publication of CN105406961A publication Critical patent/CN105406961A/en
Application granted granted Critical
Publication of CN105406961B publication Critical patent/CN105406961B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a key negotiation method, a terminal and a server. The method comprises the following steps: sending the terminal identification code to a server; acquiring public parameters and a server identification code sent by the server; calculating a terminal private key according to the public parameters and the terminal identification code, calculating a server public key according to the public parameters and the server identification code, and sending the encrypted server public key to the server; acquiring an encrypted terminal public key sent by the server; calculating a terminal verification value according to the encrypted terminal public key and the terminal pseudo-random code through bilinear mapping; and judging the accuracy of key agreement by comparing the terminal verification value with the server verification value. The key negotiation method, the terminal and the server provided by the embodiment of the invention can instantly generate the key information used in the encryption transmission process.

Description

Cryptographic key negotiation method, terminal and server
Technical field
The embodiment of the present invention relates to field of information security technology, particularly relates to a kind of cryptographic key negotiation method, terminal and server.
Background technology
Along with the progressively raising of people's awareness of safety, increasing household electrical appliance need when starting shooting first to provide startup password.In order to obtain startup password accurately, people often go for password management services and ask this password.But startup password is very crucial data for household electrical appliance, intercepted and captured once the communication data of request startup password does not send out molecule, consequence is hardly imaginable.
In order to ensure the information security of startup password acquisition process, in password acquisition process, the ciphertext through encryption is adopted to communicate.Rivest, shamir, adelman adopts different keys when information encryption and decrypts information, improves the level of security of information transmission.And adopt rivest, shamir, adelman to carry out secure communication, communicating pair does not need to realize exchanging key by cryptochannel.But in traditional asymmetrical encrypted transmission mechanism, PKI is generally specified by user.And public key information, once appointment, is no longer changed.This just means that user needs to open up independently space and manages the key used in encrypted transmission process, and this will expend certain computational resource.
Summary of the invention
For above-mentioned technical problem, the embodiment of the present invention proposes a kind of cryptographic key negotiation method, terminal and server, with the key information used in in-time generatin encrypted transmission process.
First aspect, embodiments provides a kind of cryptographic key negotiation method, is applied to terminal, and described method comprises:
Host ID is sent to server;
Obtain open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
According to described open parameter and described host ID computing terminal private key, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
Obtain the terminal public key after the encryption of described server transmission, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
Pass through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
By terminal authentication value described in comparison and server authentication value, judge the accuracy of key agreement.
Second aspect, the embodiment of the present invention additionally provides a kind of cryptographic key negotiation method, is applied to server, and described method comprises:
Obtain the host ID that terminal sends;
By the open parameter used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Obtain the server public key after the encryption of described terminal transmission, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Privacy key is calculated according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Pass through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
By comparison terminal authentication value and described server authentication value, judge the accuracy of key agreement.
The third aspect, the embodiment of the present invention additionally provides a kind of terminal, and described terminal comprises:
First sending module, for sending to server by host ID;
First acquisition module, for obtaining open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
First cipher key calculation module, for disclosing parameter and described host ID computing terminal private key according to described, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
First Key Acquisition Module, for obtain described server send encryption after terminal public key, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
First validation value computing module, for passing through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
First authentication module, for by terminal authentication value and server authentication value described in comparison, judges the accuracy of key agreement.
Fourth aspect, the embodiment of the present invention additionally provides a kind of server, and described server comprises:
Second acquisition module, for obtaining the host ID that terminal sends;
Second sending module, for the open parameter will used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Second Key Acquisition Module, for obtain described terminal send encryption after server public key, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Second cipher key calculation module, for calculating privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Second validation value computing module, for passing through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
Second authentication module, for by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
The cryptographic key negotiation method that the embodiment of the present invention provides, terminal and server, by before carrying out secure communication, by the instant computing of key and immediately verify, the key needed in secure communication can be generated in real time, memory space need not be opened up separately to manage, save the memory space that the key used in secure communication is managed.
Accompanying drawing explanation
By reading the detailed description done non-limiting example done with reference to the following drawings, other features, objects and advantages of the present invention will become more obvious:
Fig. 1 is the flow chart of the cryptographic key negotiation method that first embodiment of the invention provides;
Fig. 2 is the flow chart of the cryptographic key negotiation method that second embodiment of the invention provides;
Fig. 3 is the interaction diagrams of the cryptographic key negotiation method that third embodiment of the invention provides;
Fig. 4 is the structure chart of the terminal that fourth embodiment of the invention provides;
Fig. 5 is the structure chart of the server that fifth embodiment of the invention provides.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, illustrate only part related to the present invention in accompanying drawing but not full content.
First embodiment
Present embodiments provide a kind of technical scheme of cryptographic key negotiation method.Described cryptographic key negotiation method has terminal to perform.Described terminal request startup password mutual in, be request startup password a side.
See Fig. 1, described cryptographic key negotiation method comprises:
S11, sends to server by host ID.
Described host ID ID acan by terminal and the unique identity code distinguished of other-end.In the process of key agreement, be the relation of one-to-many between server and terminal.That is, a station server can carry out the negotiation of key simultaneously with multiple terminal.In order to the terminal that differentiation unique in the reciprocal process of described key agreement is different, in the incipient stage of cipher key agreement process, by the host ID ID of described terminal by self asend to described server.
S12, obtains open parameter and the server identification code of the transmission of described server, and wherein, described open parameter comprises system features value.
Concrete, described open parameter comprises: system features value P, coefficient radix s and hash function H.
S13, according to described open parameter and described host ID computing terminal private key, calculates server public key according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server.
Described host ID ID is being sent to described server aafterwards, described terminal can receive open parameter and the server identification code ID of described server feedback from described server m.Described open parameter is in the process of key agreement, and described terminal and described server are all retained backup, and the parameter that in the two backup of retaining, value is identical.Concrete, described open parameter comprises: described open parameter comprises: system features value P, coefficient radix s and hash function H.
Concrete, described terminal calculates described terminal secret key according to as shown in the formula (1):
A pri=[s+H(ID a)] -1×P(1)
Wherein, s is described coefficient radix, and P is described system features value, ID adescribed host ID, A pribe described terminal secret key, H is described hash function, and, [s+H (ID a)] -1it is described second terminal coefficient.Can find out, described second terminal coefficient can be calculated by described open parameter, host ID.
Further, described second terminal coefficient is definite value with the product of the first terminal coefficient mentioned hereinafter, and the value of this customization can not be 0.
It should be noted that, the account form of described second terminal coefficient is not fixed, and other modes beyond the present embodiment can be adopted to calculate, and the present invention does not limit this.But no matter adopt which kind of account form, the product of described second terminal coefficient and described first terminal coefficient must keep being definite value.
Because the account form of first terminal coefficient and the second terminal coefficient is not fixed, add the difficulty that third party attacks cipher key agreement process, thus improve the fail safe of cipher key agreement process.
Described terminal is next according to calculating described server public key as shown in the formula (2):
M pub=[s+H(ID m)]×P(2)
Wherein, s is described coefficient radix, and P is described system features value, ID mdescribed server identification code, M pubdescribed server public key, and, [s+H (ID m)] be described first server coefficient.Visible, described first server coefficient can be calculated by described open parameter and server identification code.
Further, described first server coefficient is definite value with the product of the second server coefficient mentioned hereinafter.
Because described server public key has the parameter server identification code of backup, system features value and system radix to calculate according to server is retained, therefore, described server has self identity to the server public key calculated by terminal.
Terminal public key after described encryption provides by as shown in the formula (3):
M′ pub=r a×M pub(3)
Wherein, M ' pubthe server public key after encryption, r athe terminal pseudo noise code generated by described terminal, M pubit is described server public key.
Adopt terminal pseudo noise code to be encrypted described server public key, improve the robustness of cipher key agreement process, cipher key agreement process can be avoided further by third party's malicious attack.
S14, obtains the terminal public key after the encryption of described server transmission.
Described terminal public key is the product of described first terminal coefficient and system features value.Terminal public key after described encryption is the product of server pseudo noise code and described terminal public key.
S15, pass through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code.
Concrete, described terminal authentication value provides by as shown in the formula (4):
Ve a=e(A′ pub,A pri)r a=e(r m·[s+H(ID a)]·P,[s+H(ID a)] -1·P)r a=e(P,P)r ar m(4)
Wherein, Ve adescribed terminal authentication value, A ' pubthe terminal public key after encryption, A pribe terminal secret key, e is described bilinear map.Concrete, described bilinear map can be tate to or of weil centering.And the derivation of above-mentioned formula (4) make use of the bilinearity mapping e.
S16, by terminal authentication value described in comparison and server authentication value, judges the accuracy of key agreement.
The present embodiment, by before carrying out secure communication in end side, runs the instant computing of key, the key needed in secure communication can be generated in real time.
Second embodiment
The present embodiment provides the another kind of technical scheme of cryptographic key negotiation method.Described cryptographic key negotiation method is performed by server.Further, the cryptographic key negotiation method that the terminal being performed cryptographic key negotiation method and the first embodiment provided by server that the present embodiment provides performs is to supporting, and the two combines is a complete cipher key agreement process.
See Fig. 2, described cryptographic key negotiation method comprises:
S21, obtains the host ID that terminal sends.
S22, by the open parameter used in cipher key agreement process, and server identification code sends to terminal, and wherein, described open parameter comprises system features value.
Receiving the host ID ID of described terminal transmission aafterwards, described server will disclose parameter, and server identification code ID mbe sent to described terminal.
Concrete, as described in first embodiment of the invention, described open parameter comprises: system features value P, coefficient radix s and hash function H.
Described server identification code ID mit is the unique identity number of described server.
S23, obtains the server public key after the encryption of described terminal transmission.
Described server public key is the product of first server coefficient and described system features value.Server public key after described encryption is the product of terminal pseudo noise code and described server public key.
S24, calculates privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal.
Concrete, described server is according to following formula (5) calculation server private key:
M pri=[s+H(ID m)] -1×P(5)
Wherein, s is described coefficient radix, and P is described system features value, ID mdescribed server identification code, M pribe described privacy key, H is described hash function, [s+H (ID m)] -1it is described second server coefficient.Can find out, described second server coefficient can be calculated by described open parameter and described server identification code.
Further, the product between described second server coefficient and described first server coefficient is definite value.
It should be noted that, the account form of described second server coefficient is not fixed, and other modes beyond the present embodiment can be adopted to calculate, and the present invention does not limit this.But no matter adopt which kind of account form, the product of described second server coefficient and described first server coefficient must keep being definite value.
Because the account form of first server coefficient and second server coefficient is not fixed, add the difficulty that third party attacks cipher key agreement process, thus improve the fail safe of cipher key agreement process.
Described server calculates described terminal public key according to following formula (6):
A pub=[s+H(ID a)]×P(6)
Wherein, s is described coefficient radix, and P is described system features value, ID adescribed host ID, A pubbe described terminal public key, H is described hash function, [s+H (ID a)] be first server coefficient.Can find out, described first terminal coefficient can be calculated by described open parameter and described host ID.
Further, the product between described first terminal coefficient and described second terminal coefficient is definite value, and the value of this definite value can not be 0.
Because described terminal public key has the parameter server identification code of backup, system features value and system radix to calculate according to terminal is retained, therefore, described terminal has self identity to the terminal public key calculated by server.
Terminal public key after described encryption provides by as shown in the formula (7):
A′ pub=r m×A pub(7)
Wherein, A ' pubthe terminal public key after encryption, r mthe server pseudo noise code generated by described server, A pubit is described terminal public key.
Adopt server pseudo noise code to be encrypted described terminal public key, improve the robustness of cipher key agreement process, can play and avoid cipher key agreement process by the effect of third party's malicious attack.
S25, pass through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code.
Described server authentication value is provided by following formula (8):
Ve m=e(M′ pub,M pri)r m=e(r a·[s+H(ID m)]·P,[s+H(ID m)] -1·P)r m=e(P,P)r ar m(8)
Wherein, Ve mdescribed server authentication value, M ' pubthe server public key after encryption, M pribe privacy key, e is described bilinear map.Concrete, described bilinear map can be tate to or of weil centering.And the derivation of above-mentioned formula (8) make use of the bilinearity mapping e.
S26, by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
According to the derivation of formula (4) and formula (8), described terminal authentication value should be identical with the value of described server authentication value.Therefore, described terminal by the value of both comparisons, can judge the accuracy of above-mentioned cipher key agreement process.
The present embodiment, by before carrying out secure communication at server side, runs the instant computing of key and immediately verifies, the key needed in secure communication can be generated in real time.
3rd embodiment
Present embodiments provide a kind of technical scheme of cryptographic key negotiation method.In this technical scheme, described cryptographic key negotiation method coordinates execution by end side and server side.
See Fig. 3, described cryptographic key negotiation method comprises:
S31, host ID is sent to server by terminal.
S32, the open parameter that described server will use in cipher key agreement process, and server identification code sends to terminal, wherein, described open parameter comprises system features value.
S33, described terminal, according to described open parameter and described host ID computing terminal private key, is calculated server public key according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server.
S34, described server calculates privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal.
S35, described terminal passes through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code.
S36, described server passes through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code.
S37, described terminal, by terminal authentication value and described server authentication value described in comparison, judges the accuracy of key agreement.
S38, described server, by terminal authentication value and described server authentication value described in comparison, judges the accuracy of key agreement.
The present embodiment, by before carrying out secure communication, runs the instant computing of key in end side and server side and immediately verifies, the key needed in secure communication can be generated in real time.
4th embodiment
Present embodiments provide a kind of technical scheme of terminal.See Fig. 4, described terminal comprises: the first sending module 41, first acquisition module 42, first cipher key calculation module 43, first Key Acquisition Module 44, first validation value computing module 45 and the first authentication module 46.
Described first sending module 41 is for sending to server by host ID.
Described first acquisition module 42 is for obtaining open parameter and the server identification code of the transmission of described server, and wherein, described open parameter comprises system features value.
Described first cipher key calculation module 43 is for disclosing parameter and described host ID computing terminal private key according to described, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value.
Described first Key Acquisition Module 44 for obtain described server send encryption after terminal public key, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key.
Described first validation value computing module 45 is for passing through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code.
Described first authentication module 46, for by terminal authentication value and server authentication value described in comparison, judges the accuracy of key agreement.
Further, described open parameter comprises: system features value P, coefficient radix s and hash function H.
Further, described first cipher key calculation module 42 specifically for:
Terminal secret key according to following formulae discovery;
A pri=[s+H(ID a)] -1×P
Server public key according to following formulae discovery;
M pub=[s+H(ID m)]×P
According to following formula, described server public key is encrypted;
M′ pub=r a×M pub
Server public key after described encryption is sent to described server;
Wherein, s is described coefficient radix, and P is described system features value, ID adescribed host ID, ID mbe described server identification code, H is described hash function, A pridescribed terminal secret key, M pubdescribed server public key, M ' pubthe server public key after described encryption, r adescribed terminal pseudo noise code, and, [s+H (ID a)] -1described second terminal coefficient, [s+H (ID m)] be described first server coefficient.
5th embodiment
Present embodiments provide a kind of technical scheme of server.See Fig. 5, described server comprises: the second acquisition module 51, second sending module 52, second Key Acquisition Module 53, second cipher key calculation module 54, second validation value computing module 55 and the second authentication module 56.
The host ID that described second acquisition module 51 sends for obtaining terminal.
The open parameter of described second sending module 52 for using in cipher key agreement process, and server identification code sends to terminal, wherein, described open parameter comprises system features value.
Described second Key Acquisition Module 53 for obtain described terminal send encryption after server public key, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key.
Described second cipher key calculation module 54 is for calculating privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, host ID, one in server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value.
Described second validation value computing module 55 is for passing through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code.
Described second authentication module 56, for by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
Further, described open parameter comprises: system features value P, coefficient radix s and hash function H.
Further, described second cipher key calculation module 52 specifically for:
Privacy key according to following formulae discovery;
M pri=[s+H(ID m)] -1×P
Terminal public key according to following formulae discovery;
A pub=[s+H(ID a)]×P
According to following formula, described terminal public key is encrypted;
A′ pub=r m×A pub
Terminal public key after described encryption is sent to described terminal;
Wherein, s is described coefficient radix, and P is described system features value, ID adescribed host ID, ID mbe described server identification code, H is described hash function, r mdescribed server pseudo noise code, M pridescribed privacy key, A pubdescribed terminal public key, A ' pubthe terminal public key after described encryption, [s+H (ID m)] -1described second server coefficient, [s+H (ID a)] be described first terminal coefficient.
Those of ordinary skill in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of computer installation, thus they storages can be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to the combination of any specific hardware and software.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, the same or analogous part between each embodiment mutually see.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, to those skilled in the art, the present invention can have various change and change.All do within spirit of the present invention and principle any amendment, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (8)

1. a cryptographic key negotiation method, is applied to terminal, it is characterized in that, comprising:
Host ID is sent to server;
Obtain open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
According to described open parameter and described host ID computing terminal private key, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
Obtain the terminal public key after the encryption of described server transmission, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
Pass through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
By terminal authentication value described in comparison and server authentication value, judge the accuracy of key agreement.
2. method according to claim 1, is characterized in that, described open parameter comprises: system features value P, coefficient radix s and hash function H.
3. method according to claim 2, it is characterized in that, according to described open parameter and described host ID computing terminal private key, calculate server public key according to described open parameter and described server identification yardage, and send to described server to comprise the server public key after encryption:
Terminal secret key according to following formulae discovery;
A pri=[s+H(ID a)] -1×P
Server public key according to following formulae discovery;
M pub=[s+H(ID m)]×P
According to following formula, described server public key is encrypted;
M′ pub=r a×M pub
Server public key after described encryption is sent to described server;
Wherein, s is described coefficient radix, and P is described system features value, ID adescribed host ID, ID mbe described server identification code, H is described hash function, A pridescribed terminal secret key, M pubdescribed server public key, M ' pubthe server public key after described encryption, r adescribed terminal pseudo noise code, and, [s+H (ID a)] -1described second terminal coefficient, [s+H (ID m)] be described first server coefficient.
4. a cryptographic key negotiation method, is applied to server, it is characterized in that, comprising:
Obtain the host ID that terminal sends;
By the open parameter used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Obtain the server public key after the encryption of described terminal transmission, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Privacy key is calculated according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Pass through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
By comparison terminal authentication value and described server authentication value, judge the accuracy of key agreement.
5. method according to claim 4, is characterized in that, described open parameter also comprises: system features value P, coefficient radix s and hash function H.
6. method according to claim 5, it is characterized in that, calculate privacy key according to described open parameter and described server identification yardage, according to described open parameter and described host ID computing terminal PKI, and send to described terminal to comprise the terminal public key after encryption:
Privacy key according to following formulae discovery;
M pri=[s+H(ID m)] -1×P
Terminal public key according to following formulae discovery;
A pub=[s+H(ID a)]×P
According to following formula, described terminal public key is encrypted;
A′ pub=r m×A pub
Terminal public key after described encryption is sent to described terminal;
Wherein, s is described coefficient radix, and P is described system features value, ID adescribed host ID, ID mbe described server identification code, H is described hash function, r mdescribed server pseudo noise code, M pridescribed privacy key, A pubdescribed terminal public key, A ' pubthe terminal public key after described encryption, [s+H (ID m)] -1described second server coefficient, [s+H (ID a)] be described first terminal coefficient.
7. a terminal, is characterized in that, comprising:
First sending module, for sending to server by host ID;
First acquisition module, for obtaining open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
First cipher key calculation module, for disclosing parameter and described host ID computing terminal private key according to described, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
First Key Acquisition Module, for obtain described server send encryption after terminal public key, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
First validation value computing module, for passing through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
First authentication module, for by terminal authentication value and server authentication value described in comparison, judges the accuracy of key agreement.
8. a server, is characterized in that, comprising:
Second acquisition module, for obtaining the host ID that terminal sends;
Second sending module, for the open parameter will used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Second Key Acquisition Module, for obtain described terminal send encryption after server public key, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Second cipher key calculation module, for calculating privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Second validation value computing module, for passing through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
Second authentication module, for by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
CN201510738170.4A 2015-11-02 2015-11-02 key negotiation method, terminal and server Expired - Fee Related CN105406961B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510738170.4A CN105406961B (en) 2015-11-02 2015-11-02 key negotiation method, terminal and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510738170.4A CN105406961B (en) 2015-11-02 2015-11-02 key negotiation method, terminal and server

Publications (2)

Publication Number Publication Date
CN105406961A true CN105406961A (en) 2016-03-16
CN105406961B CN105406961B (en) 2018-08-07

Family

ID=55472226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510738170.4A Expired - Fee Related CN105406961B (en) 2015-11-02 2015-11-02 key negotiation method, terminal and server

Country Status (1)

Country Link
CN (1) CN105406961B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110278080A (en) * 2019-07-11 2019-09-24 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
WO2020029498A1 (en) * 2018-08-07 2020-02-13 西安易朴通讯技术有限公司 Terminal verification method, and ap device, terminal and system
CN110868285A (en) * 2018-08-28 2020-03-06 中国电信股份有限公司 Authentication method, server, system, and computer-readable storage medium
WO2024012318A1 (en) * 2022-07-15 2024-01-18 京东方科技集团股份有限公司 Device access method and system and non-volatile computer storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050084114A1 (en) * 2003-10-20 2005-04-21 Jung Bae-Eun Conference session key distribution method in an ID-based cryptographic system
CN102232275A (en) * 2008-12-05 2011-11-02 松下电工株式会社 Key distribution system
CN103248488A (en) * 2013-05-14 2013-08-14 顾纯祥 Identity-based key generation method and identity-based authentication method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050084114A1 (en) * 2003-10-20 2005-04-21 Jung Bae-Eun Conference session key distribution method in an ID-based cryptographic system
CN102232275A (en) * 2008-12-05 2011-11-02 松下电工株式会社 Key distribution system
CN103248488A (en) * 2013-05-14 2013-08-14 顾纯祥 Identity-based key generation method and identity-based authentication method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
L. CHEN;C. KUDLA: "Identity based authenticated key agreement protocols from pairings", 《COMPUTER SECURITY FOUNDATIONS WORKSHOP, 2003. PROCEEDINGS. 16TH IEEE》 *
杨浩民; 张尧学; 周悦芝;: "基于双线性对的无证书两方认证密钥协商协议", 《清华大学学报(自然科学版)》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020029498A1 (en) * 2018-08-07 2020-02-13 西安易朴通讯技术有限公司 Terminal verification method, and ap device, terminal and system
US11582606B2 (en) 2018-08-07 2023-02-14 Xi'an Yep Telecommunication Technology, Ltd. Terminal verification method, and AP device, terminal and system
CN110868285A (en) * 2018-08-28 2020-03-06 中国电信股份有限公司 Authentication method, server, system, and computer-readable storage medium
CN110868285B (en) * 2018-08-28 2023-05-19 中国电信股份有限公司 Authentication method, server, system, and computer-readable storage medium
CN110278080A (en) * 2019-07-11 2019-09-24 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
CN110278080B (en) * 2019-07-11 2020-10-02 珠海格力电器股份有限公司 Method, system and computer readable storage medium for data transmission
WO2024012318A1 (en) * 2022-07-15 2024-01-18 京东方科技集团股份有限公司 Device access method and system and non-volatile computer storage medium

Also Published As

Publication number Publication date
CN105406961B (en) 2018-08-07

Similar Documents

Publication Publication Date Title
RU2715163C1 (en) Method, apparatus and system for transmitting data
CN103118027B (en) The method of TLS passage is set up based on the close algorithm of state
US20170214664A1 (en) Secure connections for low power devices
US10027481B2 (en) Management of cryptographic keys
CN105577384B (en) Method for protecting a network
CN104270249A (en) Signcryption method from certificateless environment to identity environment
CN101005357A (en) Method and system for updating certification key
CN105162772A (en) IoT equipment authentication and key agreement method and device
CN104641592A (en) Method and system for a certificate-less authentication encryption (CLAE)
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
CN103684766A (en) Private key protection method and system for terminal user
Wang et al. An efficient privacy‐preserving aggregation and billing protocol for smart grid
US20220021526A1 (en) Certificateless public key encryption using pairings
Obert et al. Recommendations for trust and encryption in DER interoperability standards
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
CN113411187B (en) Identity authentication method and system, storage medium and processor
CN105282179A (en) Family Internet of things security control method based on CPK
CN105406961A (en) key negotiation method, terminal and server
Vokorokos et al. Yet another attempt in user authentication
Niu et al. A novel user authentication scheme with anonymity for wireless communications
Luo et al. A security communication model based on certificateless online/offline signcryption for Internet of Things
Shen et al. A secure and practical RFID ownership transfer protocol based on Chebyshev polynomials
US8504832B2 (en) Mobile terminal for sharing resources, method of sharing resources within mobile terminal and method of sharing resources between web server and terminal
CN102739660B (en) Key exchange method for single sign on system
Kim et al. Secure and efficient anonymous authentication scheme in global mobility networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180807