CN105406961A - key negotiation method, terminal and server - Google Patents
key negotiation method, terminal and server Download PDFInfo
- Publication number
- CN105406961A CN105406961A CN201510738170.4A CN201510738170A CN105406961A CN 105406961 A CN105406961 A CN 105406961A CN 201510738170 A CN201510738170 A CN 201510738170A CN 105406961 A CN105406961 A CN 105406961A
- Authority
- CN
- China
- Prior art keywords
- server
- terminal
- public key
- key
- coefficient
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 230000005540 biological transmission Effects 0.000 claims abstract description 18
- 238000013507 mapping Methods 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims description 23
- 238000004364 calculation method Methods 0.000 claims description 22
- 238000010200 validation analysis Methods 0.000 claims description 22
- 238000012795 verification Methods 0.000 abstract 3
- 238000004891 communication Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 10
- 238000009795 derivation Methods 0.000 description 3
- 230000000717 retained effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 239000012141 concentrate Substances 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a key negotiation method, a terminal and a server. The method comprises the following steps: sending the terminal identification code to a server; acquiring public parameters and a server identification code sent by the server; calculating a terminal private key according to the public parameters and the terminal identification code, calculating a server public key according to the public parameters and the server identification code, and sending the encrypted server public key to the server; acquiring an encrypted terminal public key sent by the server; calculating a terminal verification value according to the encrypted terminal public key and the terminal pseudo-random code through bilinear mapping; and judging the accuracy of key agreement by comparing the terminal verification value with the server verification value. The key negotiation method, the terminal and the server provided by the embodiment of the invention can instantly generate the key information used in the encryption transmission process.
Description
Technical field
The embodiment of the present invention relates to field of information security technology, particularly relates to a kind of cryptographic key negotiation method, terminal and server.
Background technology
Along with the progressively raising of people's awareness of safety, increasing household electrical appliance need when starting shooting first to provide startup password.In order to obtain startup password accurately, people often go for password management services and ask this password.But startup password is very crucial data for household electrical appliance, intercepted and captured once the communication data of request startup password does not send out molecule, consequence is hardly imaginable.
In order to ensure the information security of startup password acquisition process, in password acquisition process, the ciphertext through encryption is adopted to communicate.Rivest, shamir, adelman adopts different keys when information encryption and decrypts information, improves the level of security of information transmission.And adopt rivest, shamir, adelman to carry out secure communication, communicating pair does not need to realize exchanging key by cryptochannel.But in traditional asymmetrical encrypted transmission mechanism, PKI is generally specified by user.And public key information, once appointment, is no longer changed.This just means that user needs to open up independently space and manages the key used in encrypted transmission process, and this will expend certain computational resource.
Summary of the invention
For above-mentioned technical problem, the embodiment of the present invention proposes a kind of cryptographic key negotiation method, terminal and server, with the key information used in in-time generatin encrypted transmission process.
First aspect, embodiments provides a kind of cryptographic key negotiation method, is applied to terminal, and described method comprises:
Host ID is sent to server;
Obtain open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
According to described open parameter and described host ID computing terminal private key, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
Obtain the terminal public key after the encryption of described server transmission, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
Pass through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
By terminal authentication value described in comparison and server authentication value, judge the accuracy of key agreement.
Second aspect, the embodiment of the present invention additionally provides a kind of cryptographic key negotiation method, is applied to server, and described method comprises:
Obtain the host ID that terminal sends;
By the open parameter used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Obtain the server public key after the encryption of described terminal transmission, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Privacy key is calculated according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Pass through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
By comparison terminal authentication value and described server authentication value, judge the accuracy of key agreement.
The third aspect, the embodiment of the present invention additionally provides a kind of terminal, and described terminal comprises:
First sending module, for sending to server by host ID;
First acquisition module, for obtaining open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
First cipher key calculation module, for disclosing parameter and described host ID computing terminal private key according to described, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
First Key Acquisition Module, for obtain described server send encryption after terminal public key, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
First validation value computing module, for passing through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
First authentication module, for by terminal authentication value and server authentication value described in comparison, judges the accuracy of key agreement.
Fourth aspect, the embodiment of the present invention additionally provides a kind of server, and described server comprises:
Second acquisition module, for obtaining the host ID that terminal sends;
Second sending module, for the open parameter will used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Second Key Acquisition Module, for obtain described terminal send encryption after server public key, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Second cipher key calculation module, for calculating privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Second validation value computing module, for passing through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
Second authentication module, for by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
The cryptographic key negotiation method that the embodiment of the present invention provides, terminal and server, by before carrying out secure communication, by the instant computing of key and immediately verify, the key needed in secure communication can be generated in real time, memory space need not be opened up separately to manage, save the memory space that the key used in secure communication is managed.
Accompanying drawing explanation
By reading the detailed description done non-limiting example done with reference to the following drawings, other features, objects and advantages of the present invention will become more obvious:
Fig. 1 is the flow chart of the cryptographic key negotiation method that first embodiment of the invention provides;
Fig. 2 is the flow chart of the cryptographic key negotiation method that second embodiment of the invention provides;
Fig. 3 is the interaction diagrams of the cryptographic key negotiation method that third embodiment of the invention provides;
Fig. 4 is the structure chart of the terminal that fourth embodiment of the invention provides;
Fig. 5 is the structure chart of the server that fifth embodiment of the invention provides.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, illustrate only part related to the present invention in accompanying drawing but not full content.
First embodiment
Present embodiments provide a kind of technical scheme of cryptographic key negotiation method.Described cryptographic key negotiation method has terminal to perform.Described terminal request startup password mutual in, be request startup password a side.
See Fig. 1, described cryptographic key negotiation method comprises:
S11, sends to server by host ID.
Described host ID ID
acan by terminal and the unique identity code distinguished of other-end.In the process of key agreement, be the relation of one-to-many between server and terminal.That is, a station server can carry out the negotiation of key simultaneously with multiple terminal.In order to the terminal that differentiation unique in the reciprocal process of described key agreement is different, in the incipient stage of cipher key agreement process, by the host ID ID of described terminal by self
asend to described server.
S12, obtains open parameter and the server identification code of the transmission of described server, and wherein, described open parameter comprises system features value.
Concrete, described open parameter comprises: system features value P, coefficient radix s and hash function H.
S13, according to described open parameter and described host ID computing terminal private key, calculates server public key according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server.
Described host ID ID is being sent to described server
aafterwards, described terminal can receive open parameter and the server identification code ID of described server feedback from described server
m.Described open parameter is in the process of key agreement, and described terminal and described server are all retained backup, and the parameter that in the two backup of retaining, value is identical.Concrete, described open parameter comprises: described open parameter comprises: system features value P, coefficient radix s and hash function H.
Concrete, described terminal calculates described terminal secret key according to as shown in the formula (1):
A
pri=[s+H(ID
a)]
-1×P(1)
Wherein, s is described coefficient radix, and P is described system features value, ID
adescribed host ID, A
pribe described terminal secret key, H is described hash function, and, [s+H (ID
a)]
-1it is described second terminal coefficient.Can find out, described second terminal coefficient can be calculated by described open parameter, host ID.
Further, described second terminal coefficient is definite value with the product of the first terminal coefficient mentioned hereinafter, and the value of this customization can not be 0.
It should be noted that, the account form of described second terminal coefficient is not fixed, and other modes beyond the present embodiment can be adopted to calculate, and the present invention does not limit this.But no matter adopt which kind of account form, the product of described second terminal coefficient and described first terminal coefficient must keep being definite value.
Because the account form of first terminal coefficient and the second terminal coefficient is not fixed, add the difficulty that third party attacks cipher key agreement process, thus improve the fail safe of cipher key agreement process.
Described terminal is next according to calculating described server public key as shown in the formula (2):
M
pub=[s+H(ID
m)]×P(2)
Wherein, s is described coefficient radix, and P is described system features value, ID
mdescribed server identification code, M
pubdescribed server public key, and, [s+H (ID
m)] be described first server coefficient.Visible, described first server coefficient can be calculated by described open parameter and server identification code.
Further, described first server coefficient is definite value with the product of the second server coefficient mentioned hereinafter.
Because described server public key has the parameter server identification code of backup, system features value and system radix to calculate according to server is retained, therefore, described server has self identity to the server public key calculated by terminal.
Terminal public key after described encryption provides by as shown in the formula (3):
M′
pub=r
a×M
pub(3)
Wherein, M '
pubthe server public key after encryption, r
athe terminal pseudo noise code generated by described terminal, M
pubit is described server public key.
Adopt terminal pseudo noise code to be encrypted described server public key, improve the robustness of cipher key agreement process, cipher key agreement process can be avoided further by third party's malicious attack.
S14, obtains the terminal public key after the encryption of described server transmission.
Described terminal public key is the product of described first terminal coefficient and system features value.Terminal public key after described encryption is the product of server pseudo noise code and described terminal public key.
S15, pass through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code.
Concrete, described terminal authentication value provides by as shown in the formula (4):
Ve
a=e(A′
pub,A
pri)r
a=e(r
m·[s+H(ID
a)]·P,[s+H(ID
a)]
-1·P)r
a=e(P,P)r
ar
m(4)
Wherein, Ve
adescribed terminal authentication value, A '
pubthe terminal public key after encryption, A
pribe terminal secret key, e is described bilinear map.Concrete, described bilinear map can be tate to or of weil centering.And the derivation of above-mentioned formula (4) make use of the bilinearity mapping e.
S16, by terminal authentication value described in comparison and server authentication value, judges the accuracy of key agreement.
The present embodiment, by before carrying out secure communication in end side, runs the instant computing of key, the key needed in secure communication can be generated in real time.
Second embodiment
The present embodiment provides the another kind of technical scheme of cryptographic key negotiation method.Described cryptographic key negotiation method is performed by server.Further, the cryptographic key negotiation method that the terminal being performed cryptographic key negotiation method and the first embodiment provided by server that the present embodiment provides performs is to supporting, and the two combines is a complete cipher key agreement process.
See Fig. 2, described cryptographic key negotiation method comprises:
S21, obtains the host ID that terminal sends.
S22, by the open parameter used in cipher key agreement process, and server identification code sends to terminal, and wherein, described open parameter comprises system features value.
Receiving the host ID ID of described terminal transmission
aafterwards, described server will disclose parameter, and server identification code ID
mbe sent to described terminal.
Concrete, as described in first embodiment of the invention, described open parameter comprises: system features value P, coefficient radix s and hash function H.
Described server identification code ID
mit is the unique identity number of described server.
S23, obtains the server public key after the encryption of described terminal transmission.
Described server public key is the product of first server coefficient and described system features value.Server public key after described encryption is the product of terminal pseudo noise code and described server public key.
S24, calculates privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal.
Concrete, described server is according to following formula (5) calculation server private key:
M
pri=[s+H(ID
m)]
-1×P(5)
Wherein, s is described coefficient radix, and P is described system features value, ID
mdescribed server identification code, M
pribe described privacy key, H is described hash function, [s+H (ID
m)]
-1it is described second server coefficient.Can find out, described second server coefficient can be calculated by described open parameter and described server identification code.
Further, the product between described second server coefficient and described first server coefficient is definite value.
It should be noted that, the account form of described second server coefficient is not fixed, and other modes beyond the present embodiment can be adopted to calculate, and the present invention does not limit this.But no matter adopt which kind of account form, the product of described second server coefficient and described first server coefficient must keep being definite value.
Because the account form of first server coefficient and second server coefficient is not fixed, add the difficulty that third party attacks cipher key agreement process, thus improve the fail safe of cipher key agreement process.
Described server calculates described terminal public key according to following formula (6):
A
pub=[s+H(ID
a)]×P(6)
Wherein, s is described coefficient radix, and P is described system features value, ID
adescribed host ID, A
pubbe described terminal public key, H is described hash function, [s+H (ID
a)] be first server coefficient.Can find out, described first terminal coefficient can be calculated by described open parameter and described host ID.
Further, the product between described first terminal coefficient and described second terminal coefficient is definite value, and the value of this definite value can not be 0.
Because described terminal public key has the parameter server identification code of backup, system features value and system radix to calculate according to terminal is retained, therefore, described terminal has self identity to the terminal public key calculated by server.
Terminal public key after described encryption provides by as shown in the formula (7):
A′
pub=r
m×A
pub(7)
Wherein, A '
pubthe terminal public key after encryption, r
mthe server pseudo noise code generated by described server, A
pubit is described terminal public key.
Adopt server pseudo noise code to be encrypted described terminal public key, improve the robustness of cipher key agreement process, can play and avoid cipher key agreement process by the effect of third party's malicious attack.
S25, pass through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code.
Described server authentication value is provided by following formula (8):
Ve
m=e(M′
pub,M
pri)r
m=e(r
a·[s+H(ID
m)]·P,[s+H(ID
m)]
-1·P)r
m=e(P,P)r
ar
m(8)
Wherein, Ve
mdescribed server authentication value, M '
pubthe server public key after encryption, M
pribe privacy key, e is described bilinear map.Concrete, described bilinear map can be tate to or of weil centering.And the derivation of above-mentioned formula (8) make use of the bilinearity mapping e.
S26, by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
According to the derivation of formula (4) and formula (8), described terminal authentication value should be identical with the value of described server authentication value.Therefore, described terminal by the value of both comparisons, can judge the accuracy of above-mentioned cipher key agreement process.
The present embodiment, by before carrying out secure communication at server side, runs the instant computing of key and immediately verifies, the key needed in secure communication can be generated in real time.
3rd embodiment
Present embodiments provide a kind of technical scheme of cryptographic key negotiation method.In this technical scheme, described cryptographic key negotiation method coordinates execution by end side and server side.
See Fig. 3, described cryptographic key negotiation method comprises:
S31, host ID is sent to server by terminal.
S32, the open parameter that described server will use in cipher key agreement process, and server identification code sends to terminal, wherein, described open parameter comprises system features value.
S33, described terminal, according to described open parameter and described host ID computing terminal private key, is calculated server public key according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server.
S34, described server calculates privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal.
S35, described terminal passes through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code.
S36, described server passes through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code.
S37, described terminal, by terminal authentication value and described server authentication value described in comparison, judges the accuracy of key agreement.
S38, described server, by terminal authentication value and described server authentication value described in comparison, judges the accuracy of key agreement.
The present embodiment, by before carrying out secure communication, runs the instant computing of key in end side and server side and immediately verifies, the key needed in secure communication can be generated in real time.
4th embodiment
Present embodiments provide a kind of technical scheme of terminal.See Fig. 4, described terminal comprises: the first sending module 41, first acquisition module 42, first cipher key calculation module 43, first Key Acquisition Module 44, first validation value computing module 45 and the first authentication module 46.
Described first sending module 41 is for sending to server by host ID.
Described first acquisition module 42 is for obtaining open parameter and the server identification code of the transmission of described server, and wherein, described open parameter comprises system features value.
Described first cipher key calculation module 43 is for disclosing parameter and described host ID computing terminal private key according to described, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value.
Described first Key Acquisition Module 44 for obtain described server send encryption after terminal public key, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key.
Described first validation value computing module 45 is for passing through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code.
Described first authentication module 46, for by terminal authentication value and server authentication value described in comparison, judges the accuracy of key agreement.
Further, described open parameter comprises: system features value P, coefficient radix s and hash function H.
Further, described first cipher key calculation module 42 specifically for:
Terminal secret key according to following formulae discovery;
A
pri=[s+H(ID
a)]
-1×P
Server public key according to following formulae discovery;
M
pub=[s+H(ID
m)]×P
According to following formula, described server public key is encrypted;
M′
pub=r
a×M
pub
Server public key after described encryption is sent to described server;
Wherein, s is described coefficient radix, and P is described system features value, ID
adescribed host ID, ID
mbe described server identification code, H is described hash function, A
pridescribed terminal secret key, M
pubdescribed server public key, M '
pubthe server public key after described encryption, r
adescribed terminal pseudo noise code, and, [s+H (ID
a)]
-1described second terminal coefficient, [s+H (ID
m)] be described first server coefficient.
5th embodiment
Present embodiments provide a kind of technical scheme of server.See Fig. 5, described server comprises: the second acquisition module 51, second sending module 52, second Key Acquisition Module 53, second cipher key calculation module 54, second validation value computing module 55 and the second authentication module 56.
The host ID that described second acquisition module 51 sends for obtaining terminal.
The open parameter of described second sending module 52 for using in cipher key agreement process, and server identification code sends to terminal, wherein, described open parameter comprises system features value.
Described second Key Acquisition Module 53 for obtain described terminal send encryption after server public key, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key.
Described second cipher key calculation module 54 is for calculating privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, host ID, one in server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value.
Described second validation value computing module 55 is for passing through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code.
Described second authentication module 56, for by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
Further, described open parameter comprises: system features value P, coefficient radix s and hash function H.
Further, described second cipher key calculation module 52 specifically for:
Privacy key according to following formulae discovery;
M
pri=[s+H(ID
m)]
-1×P
Terminal public key according to following formulae discovery;
A
pub=[s+H(ID
a)]×P
According to following formula, described terminal public key is encrypted;
A′
pub=r
m×A
pub
Terminal public key after described encryption is sent to described terminal;
Wherein, s is described coefficient radix, and P is described system features value, ID
adescribed host ID, ID
mbe described server identification code, H is described hash function, r
mdescribed server pseudo noise code, M
pridescribed privacy key, A
pubdescribed terminal public key, A '
pubthe terminal public key after described encryption, [s+H (ID
m)]
-1described second server coefficient, [s+H (ID
a)] be described first terminal coefficient.
Those of ordinary skill in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of computer installation, thus they storages can be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to the combination of any specific hardware and software.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, the same or analogous part between each embodiment mutually see.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, to those skilled in the art, the present invention can have various change and change.All do within spirit of the present invention and principle any amendment, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a cryptographic key negotiation method, is applied to terminal, it is characterized in that, comprising:
Host ID is sent to server;
Obtain open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
According to described open parameter and described host ID computing terminal private key, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
Obtain the terminal public key after the encryption of described server transmission, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
Pass through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
By terminal authentication value described in comparison and server authentication value, judge the accuracy of key agreement.
2. method according to claim 1, is characterized in that, described open parameter comprises: system features value P, coefficient radix s and hash function H.
3. method according to claim 2, it is characterized in that, according to described open parameter and described host ID computing terminal private key, calculate server public key according to described open parameter and described server identification yardage, and send to described server to comprise the server public key after encryption:
Terminal secret key according to following formulae discovery;
A
pri=[s+H(ID
a)]
-1×P
Server public key according to following formulae discovery;
M
pub=[s+H(ID
m)]×P
According to following formula, described server public key is encrypted;
M′
pub=r
a×M
pub
Server public key after described encryption is sent to described server;
Wherein, s is described coefficient radix, and P is described system features value, ID
adescribed host ID, ID
mbe described server identification code, H is described hash function, A
pridescribed terminal secret key, M
pubdescribed server public key, M '
pubthe server public key after described encryption, r
adescribed terminal pseudo noise code, and, [s+H (ID
a)]
-1described second terminal coefficient, [s+H (ID
m)] be described first server coefficient.
4. a cryptographic key negotiation method, is applied to server, it is characterized in that, comprising:
Obtain the host ID that terminal sends;
By the open parameter used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Obtain the server public key after the encryption of described terminal transmission, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Privacy key is calculated according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Pass through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
By comparison terminal authentication value and described server authentication value, judge the accuracy of key agreement.
5. method according to claim 4, is characterized in that, described open parameter also comprises: system features value P, coefficient radix s and hash function H.
6. method according to claim 5, it is characterized in that, calculate privacy key according to described open parameter and described server identification yardage, according to described open parameter and described host ID computing terminal PKI, and send to described terminal to comprise the terminal public key after encryption:
Privacy key according to following formulae discovery;
M
pri=[s+H(ID
m)]
-1×P
Terminal public key according to following formulae discovery;
A
pub=[s+H(ID
a)]×P
According to following formula, described terminal public key is encrypted;
A′
pub=r
m×A
pub
Terminal public key after described encryption is sent to described terminal;
Wherein, s is described coefficient radix, and P is described system features value, ID
adescribed host ID, ID
mbe described server identification code, H is described hash function, r
mdescribed server pseudo noise code, M
pridescribed privacy key, A
pubdescribed terminal public key, A '
pubthe terminal public key after described encryption, [s+H (ID
m)]
-1described second server coefficient, [s+H (ID
a)] be described first terminal coefficient.
7. a terminal, is characterized in that, comprising:
First sending module, for sending to server by host ID;
First acquisition module, for obtaining open parameter and the server identification code of the transmission of described server, wherein, described open parameter comprises system features value;
First cipher key calculation module, for disclosing parameter and described host ID computing terminal private key according to described, server public key is calculated according to described open parameter and server identification yardage, and the server public key after encryption is sent to described server, wherein, described terminal secret key is the product of the second terminal coefficient and described system features value, described server public key is the product of first server coefficient and described system features value, server public key after described encryption is the product of terminal pseudo noise code and described server public key, described second terminal coefficient and described first server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second terminal coefficient and first terminal coefficient is non-zero definite value,
First Key Acquisition Module, for obtain described server send encryption after terminal public key, wherein, terminal public key is the product of described first terminal coefficient and system features value, and the terminal public key after described encryption is the product of server pseudo noise code and described terminal public key;
First validation value computing module, for passing through bilinear map, according to the terminal public key after described encryption, and described terminal pseudo noise code computing terminal validation value, described terminal authentication value equals the product that the terminal public key after to described encryption and described terminal secret key carry out mapping value that bilinear map obtains and described terminal pseudo noise code;
First authentication module, for by terminal authentication value and server authentication value described in comparison, judges the accuracy of key agreement.
8. a server, is characterized in that, comprising:
Second acquisition module, for obtaining the host ID that terminal sends;
Second sending module, for the open parameter will used in cipher key agreement process, and server identification code sends to described terminal, and wherein, described open parameter comprises system features value;
Second Key Acquisition Module, for obtain described terminal send encryption after server public key, wherein, server public key is the product of first server coefficient and described system features value, and the server public key after described encryption is the product of terminal pseudo noise code and described server public key;
Second cipher key calculation module, for calculating privacy key according to described open parameter and described server identification yardage, according to described open parameter and host ID computing terminal PKI, and the terminal public key after encryption is sent to described terminal, wherein, described privacy key is the product of described second server coefficient and described system features value, described terminal public key is the product of described first terminal coefficient and described system features value, terminal public key after described encryption is the product of server pseudo noise code and described terminal public key, described first terminal coefficient and described second server coefficient are included in described open parameter, or can by described open parameter, described host ID, one in described server identification code or several calculates, the product of described second server coefficient and first server coefficient is non-zero definite value,
Second validation value computing module, for passing through bilinear map, according to the server public key after described encryption, and described server pseudo noise code calculation server validation value, described server authentication value equals the product that the server public key after to described encryption and described privacy key carry out mapping value that bilinear map obtains and described server pseudo noise code;
Second authentication module, for by comparison terminal authentication value and described server authentication value, judges the accuracy of key agreement.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510738170.4A CN105406961B (en) | 2015-11-02 | 2015-11-02 | key negotiation method, terminal and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510738170.4A CN105406961B (en) | 2015-11-02 | 2015-11-02 | key negotiation method, terminal and server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105406961A true CN105406961A (en) | 2016-03-16 |
CN105406961B CN105406961B (en) | 2018-08-07 |
Family
ID=55472226
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510738170.4A Expired - Fee Related CN105406961B (en) | 2015-11-02 | 2015-11-02 | key negotiation method, terminal and server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105406961B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110278080A (en) * | 2019-07-11 | 2019-09-24 | 珠海格力电器股份有限公司 | Method, system and computer readable storage medium for data transmission |
WO2020029498A1 (en) * | 2018-08-07 | 2020-02-13 | 西安易朴通讯技术有限公司 | Terminal verification method, and ap device, terminal and system |
CN110868285A (en) * | 2018-08-28 | 2020-03-06 | 中国电信股份有限公司 | Authentication method, server, system, and computer-readable storage medium |
WO2024012318A1 (en) * | 2022-07-15 | 2024-01-18 | 京东方科技集团股份有限公司 | Device access method and system and non-volatile computer storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050084114A1 (en) * | 2003-10-20 | 2005-04-21 | Jung Bae-Eun | Conference session key distribution method in an ID-based cryptographic system |
CN102232275A (en) * | 2008-12-05 | 2011-11-02 | 松下电工株式会社 | Key distribution system |
CN103248488A (en) * | 2013-05-14 | 2013-08-14 | 顾纯祥 | Identity-based key generation method and identity-based authentication method |
-
2015
- 2015-11-02 CN CN201510738170.4A patent/CN105406961B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050084114A1 (en) * | 2003-10-20 | 2005-04-21 | Jung Bae-Eun | Conference session key distribution method in an ID-based cryptographic system |
CN102232275A (en) * | 2008-12-05 | 2011-11-02 | 松下电工株式会社 | Key distribution system |
CN103248488A (en) * | 2013-05-14 | 2013-08-14 | 顾纯祥 | Identity-based key generation method and identity-based authentication method |
Non-Patent Citations (2)
Title |
---|
L. CHEN;C. KUDLA: "Identity based authenticated key agreement protocols from pairings", 《COMPUTER SECURITY FOUNDATIONS WORKSHOP, 2003. PROCEEDINGS. 16TH IEEE》 * |
杨浩民; 张尧学; 周悦芝;: "基于双线性对的无证书两方认证密钥协商协议", 《清华大学学报(自然科学版)》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020029498A1 (en) * | 2018-08-07 | 2020-02-13 | 西安易朴通讯技术有限公司 | Terminal verification method, and ap device, terminal and system |
US11582606B2 (en) | 2018-08-07 | 2023-02-14 | Xi'an Yep Telecommunication Technology, Ltd. | Terminal verification method, and AP device, terminal and system |
CN110868285A (en) * | 2018-08-28 | 2020-03-06 | 中国电信股份有限公司 | Authentication method, server, system, and computer-readable storage medium |
CN110868285B (en) * | 2018-08-28 | 2023-05-19 | 中国电信股份有限公司 | Authentication method, server, system, and computer-readable storage medium |
CN110278080A (en) * | 2019-07-11 | 2019-09-24 | 珠海格力电器股份有限公司 | Method, system and computer readable storage medium for data transmission |
CN110278080B (en) * | 2019-07-11 | 2020-10-02 | 珠海格力电器股份有限公司 | Method, system and computer readable storage medium for data transmission |
WO2024012318A1 (en) * | 2022-07-15 | 2024-01-18 | 京东方科技集团股份有限公司 | Device access method and system and non-volatile computer storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105406961B (en) | 2018-08-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2715163C1 (en) | Method, apparatus and system for transmitting data | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
US20170214664A1 (en) | Secure connections for low power devices | |
US10027481B2 (en) | Management of cryptographic keys | |
CN105577384B (en) | Method for protecting a network | |
CN104270249A (en) | Signcryption method from certificateless environment to identity environment | |
CN101005357A (en) | Method and system for updating certification key | |
CN105162772A (en) | IoT equipment authentication and key agreement method and device | |
CN104641592A (en) | Method and system for a certificate-less authentication encryption (CLAE) | |
CN103763356A (en) | Establishment method, device and system for connection of secure sockets layers | |
CN103684766A (en) | Private key protection method and system for terminal user | |
Wang et al. | An efficient privacy‐preserving aggregation and billing protocol for smart grid | |
US20220021526A1 (en) | Certificateless public key encryption using pairings | |
Obert et al. | Recommendations for trust and encryption in DER interoperability standards | |
CN104301108A (en) | Signcryption method based from identity environment to certificateless environment | |
CN113411187B (en) | Identity authentication method and system, storage medium and processor | |
CN105282179A (en) | Family Internet of things security control method based on CPK | |
CN105406961A (en) | key negotiation method, terminal and server | |
Vokorokos et al. | Yet another attempt in user authentication | |
Niu et al. | A novel user authentication scheme with anonymity for wireless communications | |
Luo et al. | A security communication model based on certificateless online/offline signcryption for Internet of Things | |
Shen et al. | A secure and practical RFID ownership transfer protocol based on Chebyshev polynomials | |
US8504832B2 (en) | Mobile terminal for sharing resources, method of sharing resources within mobile terminal and method of sharing resources between web server and terminal | |
CN102739660B (en) | Key exchange method for single sign on system | |
Kim et al. | Secure and efficient anonymous authentication scheme in global mobility networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180807 |