CN108155991A - A kind of generation system of trusted key - Google Patents

A kind of generation system of trusted key Download PDF

Info

Publication number
CN108155991A
CN108155991A CN201810241949.9A CN201810241949A CN108155991A CN 108155991 A CN108155991 A CN 108155991A CN 201810241949 A CN201810241949 A CN 201810241949A CN 108155991 A CN108155991 A CN 108155991A
Authority
CN
China
Prior art keywords
key
server
secret information
request side
key request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810241949.9A
Other languages
Chinese (zh)
Other versions
CN108155991B (en
Inventor
田健生
杨秩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Believable Huatai Technology Co Ltd
Original Assignee
Beijing Believable Huatai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Believable Huatai Technology Co Ltd filed Critical Beijing Believable Huatai Technology Co Ltd
Priority to CN201810241949.9A priority Critical patent/CN108155991B/en
Publication of CN108155991A publication Critical patent/CN108155991A/en
Application granted granted Critical
Publication of CN108155991B publication Critical patent/CN108155991B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of generation system of trusted key, including key request side, key reception side and server, wherein:The key request side is the side for initiating the coded communication, and the generating process of key is initiated by the key request side;The key reception method is to receive a side of coded communication, and the key generation process that the key request side is coordinated to initiate;The server is used to be registered in each side in advance to need to generate key, and provides a secret information generated at random respectively for each side;In key generation process, the relevant information that server is sent based on key request side and key reception side is verified both sides based on the secret information, if the verification passes, random generation key, and it is sent to both sides after the key is encrypted based on the secret information.

Description

A kind of generation system of trusted key
【Technical field】
The invention belongs to computer safety field more particularly to a kind of generation systems of trusted key.
【Background technology】
In recent years, with the development of computer technology, people’s lives start largely to rely on computer, use various calculating Machine program is handled and is communicated, therefore computer security is also increasingly close with the relationship of people.In computer security, key It is an important secure data, key and user password is different, is typically that computer-internal is safe for ensureing, is used for Encrypted core data, therefore how to generate believable key is the most important ring of computer security.
【Invention content】
The present invention provides a kind of generation system of simple and reliable trusted key, the technical solution of use is specific as follows:
A kind of generation system of trusted key, which is characterized in that including key request side, key reception side and server, Wherein:
The key request side is the side for initiating the coded communication, and the life of key is initiated by the key request side Into process;
The key reception method is to receive a side of coded communication, and the key life that the key request side is coordinated to initiate Into process;
The server is used to be registered in each side in advance to need to generate key, and provides one respectively for each side The secret information generated at random;
In key generation process, relevant information that server is sent based on key request side and key reception side, base Both sides are verified in the secret information, if the verification passes, generate key at random, and be based on the secret information by institute Both sides are sent to after stating key encryption.
Further, the server, which will be based on the secret information, to be sent to both sides after key encryption and specifically wrap It includes:After key and corresponding secret information exclusive or, it is sent to a corresponding side.
Further, the key request side or key reception side are PC machine.
Further, the key request side or key reception side are smart mobile phones.
Further, the key request side or key reception side are smart cards.
Beneficial effects of the present invention are:In the case where not reducing safety, compared with the prior art, method of the invention is more Add simple and reliable, reduce the complexity of realization, low, the equipment that can be applied to different computing capabilitys is required to computing capability.
【Description of the drawings】
Attached drawing described herein is to be used to provide further understanding of the present invention, and forms the part of the application, but It does not constitute improper limitations of the present invention, in the accompanying drawings:
Fig. 1 is the building-block of logic of trusted key generation system of the present invention.
【Specific embodiment】
Come that the present invention will be described in detail below in conjunction with attached drawing and specific embodiment, illustrative examples therein and say It is bright to be only used for explaining the present invention, but not as a limitation of the invention.
The trusted key generation system of the present invention includes:Key request side, key reception side and server.The key please The side of asking and recipient are to need that the both sides of communication are encrypted on network.The key request side is to initiate the coded communication One side, and by the generating process of key request side initiation key.The key reception method is receive coded communication one Side, and the key generation process that the key request side is coordinated to initiate.Specifically, key request side and key reception side can be The various types such as PC machine, smart mobile phone, smart card, the equipment of different computing capabilitys.
The server is a neutral trusted third party, is used in advance for each side for generating key is needed to carry out Registration, and a secret information generated at random is provided respectively for each side.For example, A is registered to the server, server After being authenticated to the identity of A, a secret information Secret is generated at random, it is preferred that in order to ensure enough safety, Secret is the binary number of no less than 1024.The secret information is supplied to A, is preserved respectively by A and server.
Based on above-mentioned trigonal crystal structure, the process of present invention generation key is described in detail below:
(1) key request direction key reception side initiates the connection request, carries a connection code LA in a connection request With request code ID;The connection code LA and request code ID is the number generated at random by key request side.
For security consideration, the digit of the connection code should long enough, it is preferred that connection code secret should be believed with above-mentioned It is the same to cease Secret, no less than 1024.
(2) key reception side is after connection request is received, and also random generation one connects code LB, then to key request side Send a response message.
As connection code LA, the digit of connection code LB should also be as long enough, under preferable case, the digit phase of LB and LA Together.But LB is not included in response message, which only informs key request side, and key reception side has received Request, and get out generation key.
(3) key request side sends a secret key request message after response message is received to server KeyRequestA, the KeyRequestA include connecting code LA, request code ID and Hash result HA, wherein HA=Hash (SecretA⊕LA)}。
Key reception side sends another secret key request message KeyRequestB to server simultaneously, described KeyRequestB includes request code ID, LC and Hash result HB.
Wherein LC=LA ⊕ LB, HB=Hash (SecretB ⊕ LA ⊕ LB).
Wherein, SecretA is the secret information that key request side is obtained in server registration, and SecretB is that key connects The secret information that debit obtains in server registration.Hash is a hash function, can be used any one in this field Hash algorithm well known to kind.
All include its own number generated at random in the Hash calculation of key request side and key reception side, in this way may be used To avoid the Hash result specified by go-between's acquisition, safety ensure that.
(4) server is primarily based on request code ID and determines that the two are close after above-mentioned two secret key request message is received Key request message is from a pair of secret keys requesting party and recipient;Then respectively to the Hash result in two secret key request messages It is verified, not to be passed through if there are one verifications, server ignores the two secret key request messages, and method terminates;If it tests Card all passes through, then continues subsequent step.
Specifically verification process is:
For KeyRequestA, server voluntarily calculates Hash (SecretA ⊕ LA) (since server saves in advance SerectA, so server can calculate the Hash), judge whether result of calculation is equal with HA, if unequal, verify Do not pass through, be otherwise verified.
For KeyRequestB, server voluntarily calculates Hash (SecretB ⊕ LA ⊕ LB), judges result of calculation and HB It is whether equal, if unequal, verify and do not pass through, be otherwise verified.
(5) server generates a key Key at random, calculates KA and KB respectively, i.e.,:
KA=Key ⊕ SecretA, KB=Key ⊕ SecretB
Then KA is sent to key request side by server, and KB is sent to key reception side.
(6) after key request side receives KA, Key=KA ⊕ SecretA are calculated;After key reception side receives KB, Calculate Key=KB ⊕ SecretB.
So far, key request side and key reception side all respectively obtain common key Key, close so as to be based on this The operations such as communication are encrypted in key.
From above procedure as can be seen that an entire key generation process pertains only to exclusive or calculating, calculating process is simple, therefore It is very low to the computing capability requirement of key request side and key reception side, therefore even if this two side is that computer capacity is relatively low Equipment can also complete key generation process.Also, key generation process each time all relies on the connection of both sides' generation Code, and believable server is needed to verify between two parties, after server has separately verified the identity of both sides, key is generated, therefore whole A process has enough safeties, and both sides' identity of generation key can be traced in the later stage.
The above is only the better embodiment of the present invention, therefore all constructions according to described in present patent application range, The equivalent change or modification that feature and principle are done, is included in the range of present patent application.

Claims (5)

1. a kind of generation system of trusted key, which is characterized in that including key request side, key reception side and server, In:
The key request side is the side for initiating the coded communication, and the generation of key is initiated by the key request side Journey;
The key reception method is to receive a side of coded communication, and the key that the key request side is coordinated to initiate generated Journey;
The server provides one at random respectively for being registered in each side in advance to need to generate key for each side The secret information of generation;
In key generation process, relevant information that server is sent based on key request side and key reception side, based on institute It states secret information to verify both sides, if the verification passes, generates key at random, and will be described close based on the secret information Both sides are sent to after key encryption.
2. system according to claim 1, which is characterized in that the server is based on the secret information by the key Both sides are sent to after encryption to specifically include:After key and corresponding secret information exclusive or, it is sent to a corresponding side.
3. according to the system described in claim 1-2 any one, which is characterized in that the key request side or key reception side It is PC machine.
4. according to the system described in claim 1-2 any one, which is characterized in that the key request side or key reception side It is smart mobile phone.
5. according to the system described in claim 1-2 any one, which is characterized in that the key request side or key reception side It is smart card.
CN201810241949.9A 2018-03-22 2018-03-22 Generation system of trusted key Active CN108155991B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810241949.9A CN108155991B (en) 2018-03-22 2018-03-22 Generation system of trusted key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810241949.9A CN108155991B (en) 2018-03-22 2018-03-22 Generation system of trusted key

Publications (2)

Publication Number Publication Date
CN108155991A true CN108155991A (en) 2018-06-12
CN108155991B CN108155991B (en) 2022-01-04

Family

ID=62456246

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810241949.9A Active CN108155991B (en) 2018-03-22 2018-03-22 Generation system of trusted key

Country Status (1)

Country Link
CN (1) CN108155991B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1679103A (en) * 2002-08-28 2005-10-05 松下电器产业株式会社 Content-duplication management system, apparatus and method, playback apparatus and method, and computer program
US20070064936A1 (en) * 2005-08-23 2007-03-22 Kabushiki Kaisha Toshiba Content data delivery method and content data delivery system and handheld device for use therein
CN101707770A (en) * 2009-11-12 2010-05-12 浙江大学 Key exchange authentication method capable of guaranteeing system security
CN104683304A (en) * 2013-11-29 2015-06-03 中国移动通信集团公司 Processing method, equipment and system of secure communication service
CN107154849A (en) * 2017-05-09 2017-09-12 哈尔滨工业大学深圳研究生院 Three-side password authentication and key agreement protocol based on highly reliable smart card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1679103A (en) * 2002-08-28 2005-10-05 松下电器产业株式会社 Content-duplication management system, apparatus and method, playback apparatus and method, and computer program
US20070064936A1 (en) * 2005-08-23 2007-03-22 Kabushiki Kaisha Toshiba Content data delivery method and content data delivery system and handheld device for use therein
CN101707770A (en) * 2009-11-12 2010-05-12 浙江大学 Key exchange authentication method capable of guaranteeing system security
CN104683304A (en) * 2013-11-29 2015-06-03 中国移动通信集团公司 Processing method, equipment and system of secure communication service
CN107154849A (en) * 2017-05-09 2017-09-12 哈尔滨工业大学深圳研究生院 Three-side password authentication and key agreement protocol based on highly reliable smart card

Also Published As

Publication number Publication date
CN108155991B (en) 2022-01-04

Similar Documents

Publication Publication Date Title
US20170353442A1 (en) Proximity-based authentication
CN106533687B (en) A kind of identity identifying method and equipment
CN104065653B (en) A kind of interactive auth method, device, system and relevant device
CN103139200B (en) A kind of method of Web service single-sign-on
CN109983466A (en) A kind of account management system and management method, storage medium based on block chain
CN101317359A (en) Method and device for generating local interface cryptographic key
CN107612889B (en) Method for preventing user information leakage
CN109818741B (en) Decryption calculation method and device based on elliptic curve
CN102868531B (en) Networked transaction certification system and method
CN104579649A (en) Identity recognition method and system
CN104821941B (en) Smart card password authentication and Modify password method
CN105391734A (en) Secure login system, secure login method, login server and authentication server
CN103152732B (en) Cloud password system and operation method thereof
CN109981576B (en) Key migration method and device
CN107454035A (en) A kind of identity authentication method and device
CN113132363B (en) Front-end and back-end security verification method and equipment
CN110166453A (en) A kind of interface authentication method, system and storage medium based on SE chip
CN113507372A (en) Bidirectional authentication method for interface request
CN105553667A (en) Dynamic password generating method
CN105553942A (en) Method and system of applying jump
CN108768650B (en) Short message verification system based on biological characteristics
KR102616751B1 (en) Communications security systems and methods
CN110999215A (en) Secure device access token
CN115767538A (en) Information verification method, information processing method, device and equipment
CN108155991A (en) A kind of generation system of trusted key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant