CN108155991A - A kind of generation system of trusted key - Google Patents
A kind of generation system of trusted key Download PDFInfo
- Publication number
- CN108155991A CN108155991A CN201810241949.9A CN201810241949A CN108155991A CN 108155991 A CN108155991 A CN 108155991A CN 201810241949 A CN201810241949 A CN 201810241949A CN 108155991 A CN108155991 A CN 108155991A
- Authority
- CN
- China
- Prior art keywords
- key
- server
- secret information
- request side
- key request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of generation system of trusted key, including key request side, key reception side and server, wherein:The key request side is the side for initiating the coded communication, and the generating process of key is initiated by the key request side;The key reception method is to receive a side of coded communication, and the key generation process that the key request side is coordinated to initiate;The server is used to be registered in each side in advance to need to generate key, and provides a secret information generated at random respectively for each side;In key generation process, the relevant information that server is sent based on key request side and key reception side is verified both sides based on the secret information, if the verification passes, random generation key, and it is sent to both sides after the key is encrypted based on the secret information.
Description
【Technical field】
The invention belongs to computer safety field more particularly to a kind of generation systems of trusted key.
【Background technology】
In recent years, with the development of computer technology, people’s lives start largely to rely on computer, use various calculating
Machine program is handled and is communicated, therefore computer security is also increasingly close with the relationship of people.In computer security, key
It is an important secure data, key and user password is different, is typically that computer-internal is safe for ensureing, is used for
Encrypted core data, therefore how to generate believable key is the most important ring of computer security.
【Invention content】
The present invention provides a kind of generation system of simple and reliable trusted key, the technical solution of use is specific as follows:
A kind of generation system of trusted key, which is characterized in that including key request side, key reception side and server,
Wherein:
The key request side is the side for initiating the coded communication, and the life of key is initiated by the key request side
Into process;
The key reception method is to receive a side of coded communication, and the key life that the key request side is coordinated to initiate
Into process;
The server is used to be registered in each side in advance to need to generate key, and provides one respectively for each side
The secret information generated at random;
In key generation process, relevant information that server is sent based on key request side and key reception side, base
Both sides are verified in the secret information, if the verification passes, generate key at random, and be based on the secret information by institute
Both sides are sent to after stating key encryption.
Further, the server, which will be based on the secret information, to be sent to both sides after key encryption and specifically wrap
It includes:After key and corresponding secret information exclusive or, it is sent to a corresponding side.
Further, the key request side or key reception side are PC machine.
Further, the key request side or key reception side are smart mobile phones.
Further, the key request side or key reception side are smart cards.
Beneficial effects of the present invention are:In the case where not reducing safety, compared with the prior art, method of the invention is more
Add simple and reliable, reduce the complexity of realization, low, the equipment that can be applied to different computing capabilitys is required to computing capability.
【Description of the drawings】
Attached drawing described herein is to be used to provide further understanding of the present invention, and forms the part of the application, but
It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the building-block of logic of trusted key generation system of the present invention.
【Specific embodiment】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and say
It is bright to be only used for explaining the present invention, but not as a limitation of the invention.
The trusted key generation system of the present invention includes:Key request side, key reception side and server.The key please
The side of asking and recipient are to need that the both sides of communication are encrypted on network.The key request side is to initiate the coded communication
One side, and by the generating process of key request side initiation key.The key reception method is receive coded communication one
Side, and the key generation process that the key request side is coordinated to initiate.Specifically, key request side and key reception side can be
The various types such as PC machine, smart mobile phone, smart card, the equipment of different computing capabilitys.
The server is a neutral trusted third party, is used in advance for each side for generating key is needed to carry out
Registration, and a secret information generated at random is provided respectively for each side.For example, A is registered to the server, server
After being authenticated to the identity of A, a secret information Secret is generated at random, it is preferred that in order to ensure enough safety,
Secret is the binary number of no less than 1024.The secret information is supplied to A, is preserved respectively by A and server.
Based on above-mentioned trigonal crystal structure, the process of present invention generation key is described in detail below:
(1) key request direction key reception side initiates the connection request, carries a connection code LA in a connection request
With request code ID;The connection code LA and request code ID is the number generated at random by key request side.
For security consideration, the digit of the connection code should long enough, it is preferred that connection code secret should be believed with above-mentioned
It is the same to cease Secret, no less than 1024.
(2) key reception side is after connection request is received, and also random generation one connects code LB, then to key request side
Send a response message.
As connection code LA, the digit of connection code LB should also be as long enough, under preferable case, the digit phase of LB and LA
Together.But LB is not included in response message, which only informs key request side, and key reception side has received
Request, and get out generation key.
(3) key request side sends a secret key request message after response message is received to server
KeyRequestA, the KeyRequestA include connecting code LA, request code ID and Hash result HA, wherein HA=Hash
(SecretA⊕LA)}。
Key reception side sends another secret key request message KeyRequestB to server simultaneously, described
KeyRequestB includes request code ID, LC and Hash result HB.
Wherein LC=LA ⊕ LB, HB=Hash (SecretB ⊕ LA ⊕ LB).
Wherein, SecretA is the secret information that key request side is obtained in server registration, and SecretB is that key connects
The secret information that debit obtains in server registration.Hash is a hash function, can be used any one in this field
Hash algorithm well known to kind.
All include its own number generated at random in the Hash calculation of key request side and key reception side, in this way may be used
To avoid the Hash result specified by go-between's acquisition, safety ensure that.
(4) server is primarily based on request code ID and determines that the two are close after above-mentioned two secret key request message is received
Key request message is from a pair of secret keys requesting party and recipient;Then respectively to the Hash result in two secret key request messages
It is verified, not to be passed through if there are one verifications, server ignores the two secret key request messages, and method terminates;If it tests
Card all passes through, then continues subsequent step.
Specifically verification process is:
For KeyRequestA, server voluntarily calculates Hash (SecretA ⊕ LA) (since server saves in advance
SerectA, so server can calculate the Hash), judge whether result of calculation is equal with HA, if unequal, verify
Do not pass through, be otherwise verified.
For KeyRequestB, server voluntarily calculates Hash (SecretB ⊕ LA ⊕ LB), judges result of calculation and HB
It is whether equal, if unequal, verify and do not pass through, be otherwise verified.
(5) server generates a key Key at random, calculates KA and KB respectively, i.e.,:
KA=Key ⊕ SecretA, KB=Key ⊕ SecretB
Then KA is sent to key request side by server, and KB is sent to key reception side.
(6) after key request side receives KA, Key=KA ⊕ SecretA are calculated;After key reception side receives KB,
Calculate Key=KB ⊕ SecretB.
So far, key request side and key reception side all respectively obtain common key Key, close so as to be based on this
The operations such as communication are encrypted in key.
From above procedure as can be seen that an entire key generation process pertains only to exclusive or calculating, calculating process is simple, therefore
It is very low to the computing capability requirement of key request side and key reception side, therefore even if this two side is that computer capacity is relatively low
Equipment can also complete key generation process.Also, key generation process each time all relies on the connection of both sides' generation
Code, and believable server is needed to verify between two parties, after server has separately verified the identity of both sides, key is generated, therefore whole
A process has enough safeties, and both sides' identity of generation key can be traced in the later stage.
The above is only the better embodiment of the present invention, therefore all constructions according to described in present patent application range,
The equivalent change or modification that feature and principle are done, is included in the range of present patent application.
Claims (5)
1. a kind of generation system of trusted key, which is characterized in that including key request side, key reception side and server,
In:
The key request side is the side for initiating the coded communication, and the generation of key is initiated by the key request side
Journey;
The key reception method is to receive a side of coded communication, and the key that the key request side is coordinated to initiate generated
Journey;
The server provides one at random respectively for being registered in each side in advance to need to generate key for each side
The secret information of generation;
In key generation process, relevant information that server is sent based on key request side and key reception side, based on institute
It states secret information to verify both sides, if the verification passes, generates key at random, and will be described close based on the secret information
Both sides are sent to after key encryption.
2. system according to claim 1, which is characterized in that the server is based on the secret information by the key
Both sides are sent to after encryption to specifically include:After key and corresponding secret information exclusive or, it is sent to a corresponding side.
3. according to the system described in claim 1-2 any one, which is characterized in that the key request side or key reception side
It is PC machine.
4. according to the system described in claim 1-2 any one, which is characterized in that the key request side or key reception side
It is smart mobile phone.
5. according to the system described in claim 1-2 any one, which is characterized in that the key request side or key reception side
It is smart card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810241949.9A CN108155991B (en) | 2018-03-22 | 2018-03-22 | Generation system of trusted key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810241949.9A CN108155991B (en) | 2018-03-22 | 2018-03-22 | Generation system of trusted key |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108155991A true CN108155991A (en) | 2018-06-12 |
CN108155991B CN108155991B (en) | 2022-01-04 |
Family
ID=62456246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810241949.9A Active CN108155991B (en) | 2018-03-22 | 2018-03-22 | Generation system of trusted key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108155991B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1679103A (en) * | 2002-08-28 | 2005-10-05 | 松下电器产业株式会社 | Content-duplication management system, apparatus and method, playback apparatus and method, and computer program |
US20070064936A1 (en) * | 2005-08-23 | 2007-03-22 | Kabushiki Kaisha Toshiba | Content data delivery method and content data delivery system and handheld device for use therein |
CN101707770A (en) * | 2009-11-12 | 2010-05-12 | 浙江大学 | Key exchange authentication method capable of guaranteeing system security |
CN104683304A (en) * | 2013-11-29 | 2015-06-03 | 中国移动通信集团公司 | Processing method, equipment and system of secure communication service |
CN107154849A (en) * | 2017-05-09 | 2017-09-12 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on highly reliable smart card |
-
2018
- 2018-03-22 CN CN201810241949.9A patent/CN108155991B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1679103A (en) * | 2002-08-28 | 2005-10-05 | 松下电器产业株式会社 | Content-duplication management system, apparatus and method, playback apparatus and method, and computer program |
US20070064936A1 (en) * | 2005-08-23 | 2007-03-22 | Kabushiki Kaisha Toshiba | Content data delivery method and content data delivery system and handheld device for use therein |
CN101707770A (en) * | 2009-11-12 | 2010-05-12 | 浙江大学 | Key exchange authentication method capable of guaranteeing system security |
CN104683304A (en) * | 2013-11-29 | 2015-06-03 | 中国移动通信集团公司 | Processing method, equipment and system of secure communication service |
CN107154849A (en) * | 2017-05-09 | 2017-09-12 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on highly reliable smart card |
Also Published As
Publication number | Publication date |
---|---|
CN108155991B (en) | 2022-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20170353442A1 (en) | Proximity-based authentication | |
CN106533687B (en) | A kind of identity identifying method and equipment | |
CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
CN103139200B (en) | A kind of method of Web service single-sign-on | |
CN109983466A (en) | A kind of account management system and management method, storage medium based on block chain | |
CN101317359A (en) | Method and device for generating local interface cryptographic key | |
CN107612889B (en) | Method for preventing user information leakage | |
CN109818741B (en) | Decryption calculation method and device based on elliptic curve | |
CN102868531B (en) | Networked transaction certification system and method | |
CN104579649A (en) | Identity recognition method and system | |
CN104821941B (en) | Smart card password authentication and Modify password method | |
CN105391734A (en) | Secure login system, secure login method, login server and authentication server | |
CN103152732B (en) | Cloud password system and operation method thereof | |
CN109981576B (en) | Key migration method and device | |
CN107454035A (en) | A kind of identity authentication method and device | |
CN113132363B (en) | Front-end and back-end security verification method and equipment | |
CN110166453A (en) | A kind of interface authentication method, system and storage medium based on SE chip | |
CN113507372A (en) | Bidirectional authentication method for interface request | |
CN105553667A (en) | Dynamic password generating method | |
CN105553942A (en) | Method and system of applying jump | |
CN108768650B (en) | Short message verification system based on biological characteristics | |
KR102616751B1 (en) | Communications security systems and methods | |
CN110999215A (en) | Secure device access token | |
CN115767538A (en) | Information verification method, information processing method, device and equipment | |
CN108155991A (en) | A kind of generation system of trusted key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |