CN105610579A - Data communication method for protecting both-party identity privacy of dynamic negotiation identity - Google Patents

Data communication method for protecting both-party identity privacy of dynamic negotiation identity Download PDF

Info

Publication number
CN105610579A
CN105610579A CN201610070409.XA CN201610070409A CN105610579A CN 105610579 A CN105610579 A CN 105610579A CN 201610070409 A CN201610070409 A CN 201610070409A CN 105610579 A CN105610579 A CN 105610579A
Authority
CN
China
Prior art keywords
identity
party
pki
lpy
lpx
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610070409.XA
Other languages
Chinese (zh)
Other versions
CN105610579B (en
Inventor
韩洪慧
杨茂江
吴一博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Pingan Network Technology Co Ltd
Original Assignee
Shanghai Pingan Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Pingan Network Technology Co Ltd filed Critical Shanghai Pingan Network Technology Co Ltd
Priority to CN201610070409.XA priority Critical patent/CN105610579B/en
Publication of CN105610579A publication Critical patent/CN105610579A/en
Application granted granted Critical
Publication of CN105610579B publication Critical patent/CN105610579B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a data communication method for protecting a both-party identity privacy of a dynamic negotiation identity. The data communication method comprises the following two steps: members initialization and communication among the members. The invention uses a public key and a private key to represent the identity of a virtual space, and uses a third party to prove the legality of the public key and the private key, so that direct verification of the identities of the two parties can be avoided; besides, the public key is generated temporarily for each communication between the members, that means communication between different members each time, so that the use of a unique private key can be avoided to expose the tracking of the identity.

Description

A kind of data communication method of protection both sides privacy of identities of dynamic negotiation identity
Technical field
The present invention relates to a kind of means of communication, specifically a kind of data communication of protection both sides privacy of identities of dynamic negotiation identityMethod.
Background technology
The mobile terminal with data-handling capacity, is widely used. User tends to store in mobile terminal a lotImportant data message, comprises that individual address, memorandum, photo, video, schedule, note etc. relate to the weight that user is a lotWant personal information. Mobile terminal has become the requisite instrument that people carry, and instant chat communication field is non-at presentNormalizing heat, but in existing instant messaging, be all the stranger that cannot screen, but do not wish the other side when sometimes both sides' communicationKnowing the identity of self, but wish it is communication between the member of particular range, is not complete strange user, current IMUNews software all cannot be accomplished this point.
Summary of the invention
The object of the present invention is to provide a kind of data communication method of protection both sides privacy of identities of dynamic negotiation identity, to separateThe problem certainly proposing in above-mentioned background technology.
For achieving the above object, the invention provides following technical scheme:
A data communication method for the protection both sides privacy of identities of dynamic negotiation identity, described data communication method is divided into two steps:Communication between member's initialization and member;
The initialized process of member: (1) identity third party generates the public private key pair (Pt, Kt) that represents own identity, by PKI to granddadCloth; (2) certain participant N adds system, both sides to confirm after identity to identity third party application, and participant generates representative oneselfThe public private key pair (Pn, Kn) of identity, sends to identity third party by PKI Pn, and identity third party is using Pn as participant NIdentify label;
Communication process between member: (1) member X is interim produces public and private key to (LPx, LKx), uses initialization procedure to produce memberPrivate key Kx to the interim PKI LPx SKx (LPx) that signs, generate temporary identity application to body with interim PKI and signaturePart third party sends; (2) identity third party receives temporary identity application, uses the PKI Px of member X to enter signing messagesRow checking; (3) private key that identity third party uses oneself is to the interim PKI of the member X SKt (LPx) that signs; (4) becomeMember X, initiates connection request to member Y, and third party's accreditation information is SKt (LPx); (5) member Y receives after request, makesWith the third-party PKI Pt of identity certifying signature SKt (LPx); (6) member Y is interim produces public and private key to (LPy, LKy),Use private key Ky that initialization procedure produces member to the interim PKI LPy SKy (LPy) that signs, with interim PKI and labelName generates temporary identity application and sends to identity third party, and content comprises: I am member Y, this time communication LPy that uses public-key,Signing messages is SKy (LPy); (7) identity third party receives temporary identity application, uses the PKI Py of member Y to signingName information is verified, if the verification passes, proves to ask to be sent by member Y; (8) identity third party uses oneselfPrivate key is to the interim PKI of the member Y SKt (LPy) that signs, the temporary identity of the member Y that expresses one's approval, and the transmission of signingGive member Y; (9) member Y, sends it back and answers to member X, and content is to comprise: I am one of member, and the PKI that I use isLPy, third party's accreditation information is SKt (LPy); (10) member X receives after request, uses the third-party PKI Pt of identityCertifying signature SKt (LPy), if the verification passes, that show to use public-key LPy is one of member; (11) both sides' subsequent communicationsAfter can encrypting with interim PKI LPx, the LPy of the other side, send to the other side, or both sides again consult communication key and carry out alternately.
As further scheme of the present invention: the interim PKI of described use and signature generate temporary identity application to identity third partySend, send content and comprise: I am member X, this time communication LPx that uses public-key, signing messages is SKx (LPx).
Compared with prior art, the invention has the beneficial effects as follows: the public and private key of the present invention represents Virtual Space identity, use theTripartite proves the legitimacy of public and private key, thereby has avoided the direct checking of both sides to identity, in addition, and each communication between memberThe interim PKI that produces, be equivalent to each all from different member's communication, avoided using unique key to expose the tracking to identity.
Brief description of the drawings
Fig. 1 is communication schematic diagram between member in the data communication method of protection both sides privacy of identities of dynamic negotiation identity.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly and completelyDescribe, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment. Based on thisEmbodiment in bright, those of ordinary skill in the art are not making the every other embodiment obtaining under creative work prerequisite,All belong to the scope of protection of the invention.
Refer to Fig. 1, in the embodiment of the present invention, a kind of data communication side of protection both sides privacy of identities of dynamic negotiation identityMethod, described data communication method is divided into two steps: communication between member's initialization and member;
The initialized process of member: (1) identity third party generates the public private key pair (Pt, Kt) that represents own identity, by PKI to granddadCloth; (2) certain participant N adds system, both sides to confirm after identity to identity third party application, and participant generates representative oneselfThe public private key pair (Pn, Kn) of identity, sends to identity third party by PKI Pn, and identity third party is using Pn as participant NIdentify label;
Communication process between member: (1) member X is interim produces public and private key to (LPx, LKx), uses initialization procedure to produce memberPrivate key Kx to the interim PKI LPx SKx (LPx) that signs, generate temporary identity application to body with interim PKI and signaturePart third party sends; (2) identity third party receives temporary identity application, uses the PKI Px of member X to enter signing messagesRow checking, if the verification passes, proves to ask to be sent by member X; (3) private key that identity third party uses oneself is to becomingThe interim PKI SKt (LPx) that signs of member X, the temporary identity of the member X that expresses one's approval, and signature is sent to member X;(4) member X, initiates connection request to member Y, and request content is to comprise: I am one of member, and the PKI that I use isLPx, third party's accreditation information is SKt (LPx); (5) member Y receives after request, uses the third-party PKI Pt of identity to testSigned certificate name SKt (LPx), if the verification passes, that show to use public-key LPx is one of member; (6) member Y produces temporarilyPublic and private key is to (LPy, LKy), uses private key Ky that initialization procedure produces member to the interim PKI LPy SKy that signs(LPy), generate temporary identity application send to identity third party with interim PKI and signature, content comprises: I am member Y,This time communication LPy that uses public-key, signing messages is SKy (LPy); (7) identity third party receives temporary identity application, makesSigning messages is verified with the PKI Py of member Y, if the verification passes, the request that proves is sent by member Y; (8)The private key that identity third party uses oneself is to the interim PKI of the member Y SKt (LPy) that signs, and the member Y that expresses one's approval facesTime identity, and signature is sent to member Y; (9) member Y, sends it back and answers to member X, and content is to comprise: I am memberOne of, the PKI that I use is LPy, third party's accreditation information is SKt (LPy); (10) member X receives after request, usesThe third-party PKI Pt of identity certifying signature SKt (LPy), if the verification passes, that show to use public-key LPy is one of member;(11) both sides' subsequent communications sends to the other side after can encrypting with the interim PKI LPx of the other side, LPy, or both sides consult againCommunication key carries out alternately.
To those skilled in the art, obviously the invention is not restricted to the details of above-mentioned example embodiment, and do not carrying on the backIn the situation of spirit of the present invention or essential characteristic, can realize the present invention with other concrete form. Therefore, no matter from whichA bit, all should regard embodiment as exemplary, and be nonrestrictive, and scope of the present invention is wanted by appended rightAsk instead of above-mentioned explanation limits, be therefore intended to all changes capsule dropping in the implication and the scope that are equal to important document of claimDraw together in the present invention. Any Reference numeral in claim should be considered as limiting related claim.
In addition although should be appreciated that this description is described according to embodiment, be not that each embodiment only comprises,A technical scheme independently, this narrating mode of description is only for clarity sake, those skilled in the art should will sayBright book is done as a whole, and the technical scheme in each embodiment also can be through appropriately combined, and forming those skilled in the art can manageOther embodiments of separating.

Claims (2)

1. a data communication method for the protection both sides privacy of identities of dynamic negotiation identity, is characterized in that described data communication methodBe divided into two steps: communication between member's initialization and member;
The initialized process of member: (1) identity third party generates the public private key pair (Pt, Kt) that represents own identity, by PKI to granddadCloth; (2) certain participant N adds system, both sides to confirm after identity to identity third party application, and participant generates representative oneselfThe public private key pair (Pn, Kn) of identity, sends to identity third party by PKI Pn, and identity third party is using Pn as participant NIdentify label;
Communication process between member: (1) member X is interim produces public and private key to (LPx, LKx), uses initialization procedure to produce memberPrivate key Kx to the interim PKI LPx SKx (LPx) that signs, generate temporary identity application to body with interim PKI and signaturePart third party sends; (2) identity third party receives temporary identity application, uses the PKI Px of member X to enter signing messagesRow checking; (3) private key that identity third party uses oneself is to the interim PKI of the member X SKt (LPx) that signs; (4) becomeMember X, initiates connection request to member Y, and third party's accreditation information is SKt (LPx); (5) member Y receives after request, makesWith the third-party PKI Pt of identity certifying signature SKt (LPx); (6) member Y is interim produces public and private key to (LPy, LKy),Use private key Ky that initialization procedure produces member to the interim PKI LPy SKy (LPy) that signs, with interim PKI and labelName generates temporary identity application and sends to identity third party, and content comprises: I am member Y, this time communication LPy that uses public-key,Signing messages is SKy (LPy); (7) identity third party receives temporary identity application, uses the PKI Py of member Y to signingName information is verified, if the verification passes, proves to ask to be sent by member Y; (8) identity third party uses oneselfPrivate key is to the interim PKI of the member Y SKt (LPy) that signs, the temporary identity of the member Y that expresses one's approval, and the transmission of signingGive member Y; (9) member Y, sends it back and answers to member X, and content is to comprise: I am one of member, and the PKI that I use isLPy, third party's accreditation information is SKt (LPy); (10) member X receives after request, uses the third-party PKI Pt of identityCertifying signature SKt (LPy), if the verification passes, that show to use public-key LPy is one of member; (11) both sides' subsequent communicationsCan be with sending to the other side after the other side's public key encryption, or both sides again consult communication key and carry out alternately.
2. the data communication method of the protection both sides privacy of identities of dynamic negotiation identity according to claim 1, is characterized in that,The interim PKI of described use and signature generate temporary identity application and send to identity third party, and send content and comprise: I am member X,This time communication LPx that uses public-key, signing messages is SKx (LPx).
CN201610070409.XA 2016-02-01 2016-02-01 A kind of data communication method of protection both sides' privacy of identities of dynamic negotiation identity Active CN105610579B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610070409.XA CN105610579B (en) 2016-02-01 2016-02-01 A kind of data communication method of protection both sides' privacy of identities of dynamic negotiation identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610070409.XA CN105610579B (en) 2016-02-01 2016-02-01 A kind of data communication method of protection both sides' privacy of identities of dynamic negotiation identity

Publications (2)

Publication Number Publication Date
CN105610579A true CN105610579A (en) 2016-05-25
CN105610579B CN105610579B (en) 2018-10-12

Family

ID=55990127

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610070409.XA Active CN105610579B (en) 2016-02-01 2016-02-01 A kind of data communication method of protection both sides' privacy of identities of dynamic negotiation identity

Country Status (1)

Country Link
CN (1) CN105610579B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768958A (en) * 2018-05-07 2018-11-06 上海海事大学 It is not revealed based on third party and is tested the data integrity of information and the verification method in source

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889433A (en) * 2006-07-20 2007-01-03 上海交通大学 Mutual identifying key consultation method and system based on hidden common key certificate
CN101908961A (en) * 2010-07-29 2010-12-08 北京交通大学 Multi-party secret handshaking method in short key environment
CN103297241A (en) * 2013-05-31 2013-09-11 中国人民武装警察部队工程大学 Construction method for one-time anonymous signcryption of public key
CN104660415A (en) * 2015-02-10 2015-05-27 郑州轻工业学院 Multi-inter-domain asymmetric group key agreement protocol method in mobile cloud computing environment
US20150381580A1 (en) * 2010-04-30 2015-12-31 Donald Houston Graham, III System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1889433A (en) * 2006-07-20 2007-01-03 上海交通大学 Mutual identifying key consultation method and system based on hidden common key certificate
US20150381580A1 (en) * 2010-04-30 2015-12-31 Donald Houston Graham, III System and method to use a cloud-based platform supported by an api to authenticate remote users and to provide pki- and pmi- based distributed locking of content and distributed unlocking of protected content
CN101908961A (en) * 2010-07-29 2010-12-08 北京交通大学 Multi-party secret handshaking method in short key environment
CN103297241A (en) * 2013-05-31 2013-09-11 中国人民武装警察部队工程大学 Construction method for one-time anonymous signcryption of public key
CN104660415A (en) * 2015-02-10 2015-05-27 郑州轻工业学院 Multi-inter-domain asymmetric group key agreement protocol method in mobile cloud computing environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768958A (en) * 2018-05-07 2018-11-06 上海海事大学 It is not revealed based on third party and is tested the data integrity of information and the verification method in source
CN108768958B (en) * 2018-05-07 2022-01-14 上海海事大学 Verification method for data integrity and source based on no leakage of verified information by third party

Also Published As

Publication number Publication date
CN105610579B (en) 2018-10-12

Similar Documents

Publication Publication Date Title
CN106506156B (en) A kind of distributed Threshold Signature method based on elliptic curve
US10122710B2 (en) Binding a data transaction to a person's identity using biometrics
CN110011802A (en) A kind of two side of efficient SM9 cooperates with the method and system of generation digital signature
CN105391676B (en) Instant communication information processing method and processing device and system
US9503462B2 (en) Authenticating security parameters
CN108924147A (en) Method, server and the communication terminal that communication terminal digital certificate is signed and issued
CN101764691A (en) Method, equipment and system for obtaining dynamic passwords to generate keys
US9438589B2 (en) Binding a digital file to a person's identity using biometrics
ES2174050T3 (en) ANONYMOUS EXCHANGE AND INFORMATION SECURITY IN A NETWORK.
CN111342955B (en) Communication method and device and computer storage medium
CN109067808B (en) Method and device for realizing block chain real-name system authentication based on social relationship guarantee
CN115567326B (en) Data transaction method and device based on block chain
CN104917807A (en) Resource transfer method, apparatus and system
CN108155987A (en) Group message sending method, method of reseptance and its system and communicating terminal
CN103297230B (en) Information encipher-decipher method, Apparatus and system
CN113824551B (en) Quantum key distribution method applied to secure storage system
CN111182497A (en) V2X anonymous authentication method, device and storage medium
CN111881486B (en) Multi-party data backup method, device and system based on block chain
CN110635912A (en) Data processing method and device
CN113468580B (en) Multi-party collaborative signature method and system
CN108390755A (en) The safe input method of SIM pasting cards based on built-in security chip
CN109818754B (en) Method and equipment for generating keys for multiple clients and single server by client
CN105610579A (en) Data communication method for protecting both-party identity privacy of dynamic negotiation identity
JP2021520586A (en) Systems, devices, and methods for explicitly and secretly exchanging messages / files and creating dynamic subgroups.
CN115632778B (en) Multi-terminal encryption and decryption intercommunication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant