CN106209360A - A kind of authentication identifying method of wildcard based on the close algorithm of state - Google Patents

A kind of authentication identifying method of wildcard based on the close algorithm of state Download PDF

Info

Publication number
CN106209360A
CN106209360A CN201610582210.5A CN201610582210A CN106209360A CN 106209360 A CN106209360 A CN 106209360A CN 201610582210 A CN201610582210 A CN 201610582210A CN 106209360 A CN106209360 A CN 106209360A
Authority
CN
China
Prior art keywords
skeyid
key
hash
cky
state
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610582210.5A
Other languages
Chinese (zh)
Inventor
林晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Province Postal Communication Electricity Ltd Co
Original Assignee
Anhui Province Postal Communication Electricity Ltd Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Province Postal Communication Electricity Ltd Co filed Critical Anhui Province Postal Communication Electricity Ltd Co
Priority to CN201610582210.5A priority Critical patent/CN106209360A/en
Publication of CN106209360A publication Critical patent/CN106209360A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a kind of encryption method, particularly relate to a kind of use state close algorithm when being IPSEC VPN, the method using wildcard based on the close algorithm of state.The present invention can realize a kind of identity of wildcard based on the close algorithm of state simple, that be prone to dispose in IPSEC VPN and differentiate, particularly in some do not possess the mininet disposing state's close CA system, can completely uses the close algorithm of state to dispose IPSEC VPN.

Description

A kind of authentication identifying method of wildcard based on the close algorithm of state
Technical field
The present invention relates to a kind of encryption method, particularly relate to the identity mirror of a kind of wildcard based on the close algorithm of state Other method.
Technical background
National Administration for the Protection of State Secrets is in the consideration to communication security at present, has issued the close algorithm of a series of state, including symmetry algorithm SM1 and SM4, asymmetric arithmetic SM2, cryptographic Hash algorithm SM3, it is respectively used to substitute the AES/ that in international standard, the U.S. proposes 3DES, RSA, SHA-1/MD5 scheduling algorithm.Close office of state also proposed and supports the digital certificate of the close algorithm of state, CA system, IPSec The Chinese password industry standard of VPN etc..
In international standard ipsec protocol, use IKE protocol negotiation, support wildcard and two kinds of identity of digital certificate Identification method.Wildcard identity identification method uses fairly simple, and both sides each arrange a same challenge conduct Wildcard, is used for characterizing both sides' identity;Digital certificate mode needs to rely on CA system, makes both sides and characterizes the numeral of identity Certificate.
In the IPSec VPN China-styled Certain Industry Field standard of the close algorithm of state, only describe and use digital certificate to differentiate as identity Method, and digital certificate identity identification method depends on state's close algorithm CA system.Do not possess at some and dispose the small-sized of CA system In network, then when can only use wildcard mode.And wildcard mode is built upon Diffie-Hellman key On the basis of exchange algorithm, this algorithm is not belonging to the close algorithm of state, and then the IPSEC VPN under the system of the close algorithm of state realizes In mode, lack a kind of wildcard authentication identifying method.
Summary of the invention
The purpose of the present invention be exactly realize a kind of simple, be prone to the body of the wildcard based on the close algorithm of state disposed Part discrimination method.
In order to solve above-mentioned technical problem, the present invention is addressed by following technical proposals:
The authentication identifying method of a kind of wildcard based on the close algorithm of state, comprises the following steps:
Step 1: what a wildcard PSK communicating pair promoter A and respondent B arranges in advance;
Step 2: communicating pair uses IKE agreement to carry out security negotiation, key exchange, and algorithm uses the close algorithm of state;
Step 3: use holotype to consult in the ike negotiation first stage, in interaction message 1 and message 2, promoter A and respondent B Consult mutually Security Association load SA;
Step 4: promoter A and respondent B respectively produces the random number r of a 128-bitAAnd rB
Step 5: calculate the point on elliptic curve according to SM2 ellipse curve public key cipher algorithm, promoter A and respondent B respectively RA=[rA] G, RB=[rB]G;
Step 6: in ike negotiation first stage interaction message 3 and message 4, by RAAnd RBAs cipher key exchange payload KE_I and KE_R intercourses, and intercourses Nonce load Ni and Nr;
Step 7: promoter A calculates KA=[rA]RB, respondent B calculates KB=[rB]RA, according to elliptic curve calculations rule: KA= [rA]RB=[rA∙ rB]G=[rB∙ rA]G =[rB]RA=KB, so KA、KBIdentical, as the public keys K(K=K of first stageA =KB);
Step 8: use wildcard PSK, derive derivative key SKEYID, be used for exchanging authentication data, it is achieved identity is recognized Card:
SKEYID = prf(PSK, Ni_b | Nr_b)
Prf (key, msg) is the hash function that the pseudo-random function of key is typically key, and hash algorithm uses SM3 to calculate Method;
Step 9: calculated for subsequent key as follows:
Derivative key SKEYID_d=prf (SKEYID, K | CKY-I | CKY-R | 0)
Certification key SK EYID_a=prf (SKEYID, SKEYID_d | K | CKY-I | CKY-R | 1)
Encryption key SKEYID_e=prf (SKEYID, SKEYID_a | K | CKY-I | CKY-R | 2)
Step 10: in ike negotiation first stage interaction message 5 and message 6, communicating pair differentiates interaction above, hands over Change authentication data HASH_I and HASH_R.This message use SKEYID_e as symmetric password encryption, algorithm use SM1 or SM4, pattern uses CBC pattern, IV=HASH (rA | rB)
HASH_I = prf(SKEYID, CKY-I | CKY-R | SAi_b | IDii_b )
HASH_R = prf(SKEYID, CKY-R | CKY-I | SAi_b | IDir_b )
Step 11: so far, the IKE first stage consults, uses and differentiate based on state's close algorithm wildcard identity, follow-up according to state The step that close algorithm standard rules specifies carries out the negotiation of second stage.
Due to the fact that and have employed above technical scheme that there is significant technique effect:
The present invention is based on this method, it is possible to realize in IPSEC VPN a kind of simple, be prone to dispose based on the close algorithm of state The authentication identifying method of wildcard, particularly in some do not possess the mininet disposing state's close CA system, can be complete The whole close algorithm of use state disposes IPSEC VPN.
Accompanying drawing illustrates:
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing skill During art describes, required accompanying drawing is briefly described.
Fig. 1 is the network topological diagram of the present invention;
Fig. 2 is the ike negotiation first stage, when using holotype, and the negotiation of wildcard authentication based on the close algorithm of state Process;
Fig. 3 is the ike negotiation first stage, when using aggressive mode, and the association of wildcard authentication based on the close algorithm of state Business's process.
Detailed description of the invention:
Below in conjunction with embodiment, the present invention is described in further detail, and following example are explanation of the invention and this Bright it is not limited to following example.
Embodiment 1:
Present system form, as it is shown in figure 1, the network being made up of with router B router A, router A and router B it Between set up IPSEC tunnel, use the exchange of IKE protocol negotiation Security Association, key, algorithm uses the close algorithm of state, IKE first stage Use holotype.
The authentication identifying method of a kind of wildcard based on the close algorithm of state, comprises the following steps:
Step 1: what a wildcard PSK communicating pair promoter A and respondent B arranges in advance;
Step 2: communicating pair uses IKE agreement to carry out security negotiation, key exchange, and algorithm uses the close algorithm of state;
Step 3: in the interaction message 1 and message 2 of ike negotiation first stage, promoter A and respondent B consults mutually one Security Association load SA;
Step 4: promoter A and respondent B respectively produces the random number r of a 128-bitAAnd rB, such as
rA = 3945208F 7B2144B1 3F36E38A C6D39F95 88939369 2860B51A 42FB81EF 4DF7C5B8
rB= 59276E27 D506861A 16680F3A D9C02DCC EF3CC1FA 3CDBE4CE 6D54B80D EAC1BC21
Step 5: calculate the point on elliptic curve according to SM2 ellipse curve public key cipher algorithm, promoter A and respondent B respectively RA=[rA] G, RB=[rB] G, such as
RA = 09F9DF31 1E5421A1 50DD7D16 1E4BC5C6 72179FAD 1833FC07 6BB08FF3 56F35020
CCEA490C E26775A5 2DC6EA71 8CC1AA60 0AED05FB F35E084A 6632F607 2DA9AD13
RB = 04EBFC71 8E8D1798 62043226 8E77FEB6 415E2EDE 0E073C0F 4F640ECD 2E149A73
E858F9D8 1E5430A5 7B36DAAB 8F950A3C 64E6EE6A 63094D99 283AFF76 7E124DF0
Step 6: in ike negotiation first stage interaction message 3 and message 4, by RAAnd RBAs cipher key exchange payload KE_I and KE_R intercourses, and intercourses Nonce load Ni and Nr;
Step 7: promoter A calculates KA=[rA]RB, respondent B calculates KB=[rB]RA, according to elliptic curve calculations rule: KA= [rA]RB=[rA∙ rB]G=[rB∙ rA]G =[rB]RA=KB, so KA、KBIdentical, as the public keys K(K=K of first stageA =KB), such as
KA = 335E18D7 51E51F04 0E27D468 138B7AB1 DC86AD7F 981D7D41 6222FD6A B3ED230D
AB743EBC FB22D64F 7B6AB791 F70658F2 5B48FA93 E54064FD BFBED3F0 BD847AC9
KB = 335E18D7 51E51F04 0E27D468 138B7AB1 DC86AD7F 981D7D41 6222FD6A B3ED230D
AB743EBC FB22D64F 7B6AB791 F70658F2 5B48FA93 E54064FD BFBED3F0 BD847AC9
Result of calculation also demonstrates KA=KB
Step 8: use wildcard PSK, derive derivative key SKEYID, be used for exchanging authentication data, it is achieved identity is recognized Card:
SKEYID = prf(PSK, Ni_b | Nr_b)
Prf (key, msg) is the hash function that the pseudo-random function of key is typically key, and hash algorithm uses SM3 to calculate Method;
Step 9: calculated for subsequent key as follows:
Derivative key SKEYID_d=prf (SKEYID, K | CKY-I | CKY-R | 0)
Certification key SK EYID_a=prf (SKEYID, SKEYID_d | K | CKY-I | CKY-R | 1)
Encryption key SKEYID_e=prf (SKEYID, SKEYID_a | K | CKY-I | CKY-R | 2)
Step 10: in ike negotiation first stage interaction message 5 and message 6, communicating pair differentiates interaction above, hands over Change authentication data HASH_I and HASH_R.This message use SKEYID_e as symmetric password encryption, algorithm use SM1 or SM4, pattern uses CBC pattern, IV=HASH (rA | rB)
HASH_I = prf(SKEYID, CKY-I | CKY-R | SAi_b | IDii_b )
HASH_R = prf(SKEYID, CKY-R | CKY-I | SAi_b | IDir_b )
Step 11: so far, the IKE first stage consults, uses and differentiate based on state's close algorithm wildcard identity, follow-up according to state The step that close algorithm standard rules specifies carries out the negotiation of second stage.
Use after the inventive method, it is possible to realize in IPSEC VPN a kind of simple, be prone to dispose based on the close calculation of state The authentication identifying method of the wildcard of method, particularly in some do not possess the mininet disposing state's close CA system, energy The complete close algorithm of use state disposes IPSEC VPN.
Embodiment 2:
Present system form, as it is shown in figure 1, the network being made up of with router B router A, router A and router B it Between set up IPSEC tunnel, use the exchange of IKE protocol negotiation Security Association, key, algorithm uses the close algorithm of state, with embodiment 1 base This is identical, except that the IKE first stage uses aggressive mode.
When using aggressive mode to consult, it is characterised in that comprise the following steps::
Step 1: promoter A sends SA, KE, Ni load, and wherein KE generates method with the generation method in embodiment 1;
Step 2: respondent B sends SA, KE, Nr, HASH_R load, and wherein KE generates method, wildcard PSK derives and spreads out The method of raw key SK EYID, and HASH_R computational methods are with the generation method in embodiment 1;
Step 3: promoter A sends HASH_I load, the method that wherein wildcard PSK derives derivative key SKEYID, And HASH_I computational methods are with the generation method in embodiment 1.

Claims (4)

1. the authentication identifying method of a wildcard based on the close algorithm of state, it is characterised in that comprise the following steps:
Step 1: what a wildcard PSK communicating pair promoter A and respondent B arranges in advance;
Step 2: communicating pair uses IKE agreement to carry out security negotiation, key exchange, and algorithm uses the close algorithm of state;
Step 3: use holotype to consult in the ike negotiation first stage, in interaction message 1 and message 2, promoter A and respondent B Consult mutually Security Association load SA;
Step 4: promoter A and respondent B respectively produces the random number r of a 128-bitAAnd rB
Step 5: calculate the some R on elliptic curve according to SM2 ellipse curve public key cipher algorithm, promoter A and respondent B respectivelyA =[rA] G, RB=[rB]G;
Step 6: in ike negotiation first stage interaction message 3 and message 4, by RAAnd RBAs cipher key exchange payload KE_I and KE_R intercourses, and intercourses Nonce load Ni and Nr;
Step 7: promoter A calculates KA=[rA]RB, respondent B calculates KB=[rB]RA, according to elliptic curve calculations rule: KA=[rA] RB=[rA∙ rB]G=[rB∙ rA]G =[rB]RA=KB, so KA、KBIdentical, as the public keys K(K=K of first stageA= KB);
Step 8: use wildcard PSK, derive derivative key SKEYID, be used for exchanging authentication data, it is achieved identity is recognized Card:
SKEYID = prf(PSK, Ni_b | Nr_b)
Prf (key, msg) is the hash function that the pseudo-random function of key is typically key, and hash algorithm uses SM3 to calculate Method;
Step 9: calculated for subsequent key as follows:
Derivative key SKEYID_d=prf (SKEYID, K | CKY-I | CKY-R | 0)
Certification key SK EYID_a=prf (SKEYID, SKEYID_d | K | CKY-I | CKY-R | 1)
Encryption key SKEYID_e=prf (SKEYID, SKEYID_a | K | CKY-I | CKY-R | 2)
Step 10: in ike negotiation first stage interaction message 5 and message 6, communicating pair differentiates interaction above, hands over Change authentication data HASH_I and HASH_R.
2. this message uses SKEYID_e to use SM1 or SM4 as symmetric password encryption, algorithm, and pattern uses CBC pattern, IV=HASH(rA | rB)
HASH_I = prf(SKEYID, CKY-I | CKY-R | SAi_b | IDii_b )
HASH_R = prf(SKEYID, CKY-R | CKY-I | SAi_b | IDir_b )
Step 11: so far, the IKE first stage consults, uses and differentiate based on state's close algorithm wildcard identity, follow-up according to state The step that close algorithm standard rules specifies carries out the negotiation of second stage.
A kind of authentication identifying method of wildcard based on the close algorithm of state, first stage IKE Consult to use holotype, need mutual 6 interaction messages to complete, it is characterised in that: aggressive mode can also be used to consult, 3 interaction messages are needed to complete.
4., when using aggressive mode to consult, comprise the following steps::
Step 1: promoter A sends SA, KE, Ni load, and wherein KE generates method with the generation method in claim 1;
Step 2: respondent B sends SA, KE, Nr, HASH_R load, and wherein KE generates method, wildcard PSK derives and spreads out The method of raw key SK EYID, and HASH_R computational methods are with the generation method in claim 1;
Step 3: promoter A sends HASH_I load, the method that wherein wildcard PSK derives derivative key SKEYID, And HASH_I computational methods are with the generation method in claim 1.
CN201610582210.5A 2016-07-22 2016-07-22 A kind of authentication identifying method of wildcard based on the close algorithm of state Pending CN106209360A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610582210.5A CN106209360A (en) 2016-07-22 2016-07-22 A kind of authentication identifying method of wildcard based on the close algorithm of state

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610582210.5A CN106209360A (en) 2016-07-22 2016-07-22 A kind of authentication identifying method of wildcard based on the close algorithm of state

Publications (1)

Publication Number Publication Date
CN106209360A true CN106209360A (en) 2016-12-07

Family

ID=57492196

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610582210.5A Pending CN106209360A (en) 2016-07-22 2016-07-22 A kind of authentication identifying method of wildcard based on the close algorithm of state

Country Status (1)

Country Link
CN (1) CN106209360A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171786A (en) * 2017-05-19 2017-09-15 成都极玩网络技术有限公司 Network agent account control method
CN107493169A (en) * 2017-09-26 2017-12-19 安徽皖通邮电股份有限公司 A kind of authentication identifying method based on quantum key and national secret algorithm
CN108696518A (en) * 2018-05-09 2018-10-23 深圳壹账通智能科技有限公司 User's communication encrypting method, device, terminal device and storage medium on block chain
CN108829725A (en) * 2018-05-09 2018-11-16 深圳壹账通智能科技有限公司 User communication method, device, terminal device and storage medium on block chain
CN109274663A (en) * 2018-09-07 2019-01-25 西安莫贝克半导体科技有限公司 Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN109547209A (en) * 2018-11-19 2019-03-29 北京大学 A kind of two side's SM2 digital signature generation methods
WO2019214070A1 (en) * 2018-05-09 2019-11-14 深圳壹账通智能科技有限公司 Encryption method for user communication on block chain, apparatus, terminal device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7269730B2 (en) * 2002-04-18 2007-09-11 Nokia Corporation Method and apparatus for providing peer authentication for an internet key exchange
CN101296072A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Sharing cryptographic key generation method of elliptic curve
CN102104481A (en) * 2010-12-17 2011-06-22 中国科学院数据与通信保护研究教育中心 Elliptic curve-based key exchange method
CN102469173A (en) * 2010-11-15 2012-05-23 中国人民解放军总参谋部第六十一研究所 IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm
CN104468125A (en) * 2014-12-24 2015-03-25 江西倍康信息技术有限公司 Mobile Internet information communication encryption method based on GMB algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7269730B2 (en) * 2002-04-18 2007-09-11 Nokia Corporation Method and apparatus for providing peer authentication for an internet key exchange
CN101296072A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Sharing cryptographic key generation method of elliptic curve
CN102469173A (en) * 2010-11-15 2012-05-23 中国人民解放军总参谋部第六十一研究所 IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm
CN102104481A (en) * 2010-12-17 2011-06-22 中国科学院数据与通信保护研究教育中心 Elliptic curve-based key exchange method
CN104468125A (en) * 2014-12-24 2015-03-25 江西倍康信息技术有限公司 Mobile Internet information communication encryption method based on GMB algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
D.HARKINS: "《RFC 2409-The Internet Key Exchange(IKE)》", 30 November 1998, IETF *
国家密码管理局: "《GM/T 0022-2014 IPSec VPN技术规范》", 13 February 2014 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171786A (en) * 2017-05-19 2017-09-15 成都极玩网络技术有限公司 Network agent account control method
CN107493169A (en) * 2017-09-26 2017-12-19 安徽皖通邮电股份有限公司 A kind of authentication identifying method based on quantum key and national secret algorithm
CN108696518A (en) * 2018-05-09 2018-10-23 深圳壹账通智能科技有限公司 User's communication encrypting method, device, terminal device and storage medium on block chain
CN108829725A (en) * 2018-05-09 2018-11-16 深圳壹账通智能科技有限公司 User communication method, device, terminal device and storage medium on block chain
WO2019214069A1 (en) * 2018-05-09 2019-11-14 深圳壹账通智能科技有限公司 Method and apparatus for encrypted user communication on blockchain, and terminal device and storage medium
WO2019214070A1 (en) * 2018-05-09 2019-11-14 深圳壹账通智能科技有限公司 Encryption method for user communication on block chain, apparatus, terminal device and storage medium
CN108696518B (en) * 2018-05-09 2020-12-04 深圳壹账通智能科技有限公司 Block chain user communication encryption method and device, terminal equipment and storage medium
CN108829725B (en) * 2018-05-09 2021-06-25 深圳壹账通智能科技有限公司 Block chain user communication method, block chain user communication device, terminal equipment and storage medium
CN109274663A (en) * 2018-09-07 2019-01-25 西安莫贝克半导体科技有限公司 Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN109547209A (en) * 2018-11-19 2019-03-29 北京大学 A kind of two side's SM2 digital signature generation methods

Similar Documents

Publication Publication Date Title
CN106209360A (en) A kind of authentication identifying method of wildcard based on the close algorithm of state
US9794249B1 (en) Using a digital certificate with multiple cryptosystems
EP3350958B1 (en) Method and system for session key generation with diffie-hellman procedure
CN104158653B (en) A kind of safety communicating method based on the close algorithm of business
CN109104727A (en) One kind is based on authorizing procedure safety Enhancement Method between the core network element of EAP-AKA '
US20070189528A1 (en) Wireless LAN transmitting and receiving apparatus and key distribution method
CN101420694A (en) WAPI-XG1 access and fast switch authentication method
WO2016058404A1 (en) Entity authentication method and device based on pre-shared key
CN104468126B (en) A kind of safe communication system and method
CN101600204A (en) A kind of document transmission method and system
CN107493169A (en) A kind of authentication identifying method based on quantum key and national secret algorithm
WO2015144041A1 (en) Network authentication method and device
Noh et al. Secure authentication and four-way handshake scheme for protected individual communication in public wi-fi networks
Zhang et al. Formal verification of 5G-EAP-TLS authentication protocol
TWI568234B (en) Anonymity authentication method for global mobility networks
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
Noh et al. Secure key exchange scheme for WPA/WPA2-PSK using public key cryptography
CN106992866A (en) It is a kind of based on wireless network access methods of the NFC without certificate verification
CN106209384A (en) Use the client terminal of security mechanism and the communication authentication method of charging device
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN105245532B (en) WLAN cut-in methods based on NFC certifications
Dey et al. An efficient dynamic key based EAP authentication framework for future IEEE 802.1 x Wireless LANs
CN104902467A (en) Access method for wireless local area network (WLAN) based on near field communication (NFC)
CN114386020A (en) Quick secondary identity authentication method and system based on quantum security
Guo et al. A secure session key negotiation scheme in wpa2-psk networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20161207