CN108599950A - The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords - Google Patents
The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords Download PDFInfo
- Publication number
- CN108599950A CN108599950A CN201810312385.3A CN201810312385A CN108599950A CN 108599950 A CN108599950 A CN 108599950A CN 201810312385 A CN201810312385 A CN 201810312385A CN 108599950 A CN108599950 A CN 108599950A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- data
- pkg
- registration point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The present invention is the security protocol that a kind of user applies for SM9 keys by registration body to key generation centre (KGC/PKG).User submits application material to registration point first, registration point audits user's material, request for data is organized after the approval, ciphertext including the symmetric key that user's carrier generates, username, user identifier, terminals number etc., these data are signed and encrypted, it is sent to key generation centre, the data received are decrypted key generation centre and sign test, after being verified, private key is generated for user according to user identifier, user's symmetric key encryption is obtained into private key cryptographic ciphertext, it will be sent to registration point after private key ciphertext and attribute information signature and encryption, private key ciphertext and attribute information are imported into user's carrier after registration point decryption verification, the correctness of private key is decrypted and verified in carrier.The agreement ensure that the confidentiality of user information and user key, authenticity, integrality and can not tamper.
Description
Technical field
The present invention relates to information security fields, more particularly to the application and download of user key in SM9 id passwords.
Background technology
Id password is ID-ased cryptography technology, belongs to public key cryptography, is different from traditional public key cryptography, and mark is close
Client public key in code can be uniquely determined by User Identity such as address name, phone numbers, therefore User Identity
Client public key can be regarded as, the authenticity of client public key is proved without third party.This feature of id password makes
It has broad application prospects, such as safety E-mail, electronics license, Internet of Things.National secret algorithm SM9 is exactly a kind of mark
Cryptographic algorithm, and formally become ISO/IEC international standards.The client public key of SM9 is determined that user is private by User Identity
Key need to then be generated by private key generator PKG in key generation centre KGC, and how the private key for user that obtains of safety is that key is asked to user
Topic.
Invention content
The purpose of the invention is to the private key for user that user can apply for and obtain SM9 safely, for being identified based on SM9
The construction and system application of the infrastructure of password.
To achieve the goals above, the invention discloses following scheme, this programme is not related in registration point and key generation
Authentication between the heart:
1, the implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords, and feature exists
In:
S1, application for registration:User is to registration point application for registration user key;
S2, registration audit:Registration point audits the whether complete conjunction rule of user's application material registration point audit user's application material,
If not passing through audit, interrupt operation, by the further supplementary material of user;If by audit, continue;
S3, registration point generate and send request for data:According to user's application material application is sent to key generation centre KGC
Data packet;
S4, PKG are received, decryption, are verified request for data packet, obtain user information and registration point symmetric key;
S5, PKG generate and send user key;
S6, registration point receives and verify data, and obtains private key for user ciphertext.
Registration point described in above-mentioned steps S1 is to provide the place of registration and key application to the user;Wherein user submits Shen
Please material, registration table is filled according to data, user key is signed and issued in application.
The step S3 specifically includes following steps:
S31:Generate user's symmetric cryptographic key r1:Generate random number r1 using user's carrier, as symmetric key, with
Family carrier inside communicates public key P encryption r1 with PKG and obtains the ciphertext P (r1) of symmetric key, by P (r1) from user's carrier export to
Registration point.
User's carrier is the hardware device for having crypto-operation ability with memory space, such as intelligent cipher key
Spoon.
S32:Generate request for data Data1:Registration point extracts related item data in user's registration table, including user's registration
These data and P (r1) are formed Data1 by code, user identifier ID, terminals EID, and (username ‖ is used Data1=
Family identifies ID ‖ terminals EID ‖ P (r1)).
S33:Generate request for data Data2:Registration point is done digital signature to data Data1 with the signature private key of oneself and is obtained
Signature value sign=SIGN (Data1), and generate data packet Data2, Data2=(Data1 ‖ sign)=(username ‖ use
Family identifies ID ‖ terminals EID ‖ P (r1)) ‖ sign).
S34:Generate registration point symmetric key r2:Registration point generates symmetric keys of the random number r2 as registration point, uses PKG
It communicates public key P and encrypts r2, obtain the symmetric key ciphertext P (r2) of registration point.
S35:Generate request for data Data3:Registration point encrypts Data2 with symmetric key algorithm E and symmetric key r2, raw
At data packet Data3, Data3=Er2 (Data2).
S36:It generates and sends request for data Data4:Registration point is by registration point symmetric key ciphertext P (r2) and data
Data3 forms request for data packet Data4 and is sent to PKG, Data4=(P (r2) ‖ Data3).
The step S4 specifically includes following steps:
S41:Decryption obtains registration point symmetric key r2:After PKG receives request for data Data4, data Data3 is therefrom extracted
With registration point symmetric key ciphertext P (r2) registration point symmetric key r2 is obtained with the communication private key d decryption P (r2) of PKG.
S42:Decryption obtains data Data2:PKG symmetric cryptographic algorithms and symmetric key r2 decrypted data packet Data3, obtain
To Dr2 (Data3)=Dr2 (Er2 (Data2))=Data2=(username ‖ user identifier ID ‖ terminals EID ‖ P
(r1)) ‖ sign)=(Data1 | | sign).
S43:Verification signature, PKG extract data Data1 and sign from Data2, the public signature key of registration point are used in combination to verify
Sign whether be Data1 signature, authentication failed then interrupts flow, and returns to error message to registration point.
S44:Decryption obtains user's symmetric key r1, PKG and extracts user symmetric key ciphertext P (r1) from Data1, uses
The communication private key d decryption P (r1) of PKG, obtain user's symmetric key r1.
The step S5 specifically includes following steps:
S51:Private key for user is generated, private key for user is generated for user according to User Identity ID and systematic parameter in PKG
dA。
S52:Private key for user is encrypted, PKG calculates the Hash Value H=Hash (dA) of dA with hash function, then uses symmetrical close
Code algorithm and user's symmetric key r1 encrypt dA and H, generate private key for user ciphertext Er1 (dA ‖ H).
S53:Data Data5 and signature value sign1, PKG are generated by user information and private key for user ciphertext, the private key term of validity
Composition data packet Data5=(username ‖ user identifiers ID ‖ terminals EID ‖ Er1 (dA ‖ H) the ‖ terms of validity), is used in combination
The signature private key of oneself does digital signature to Data5 and obtains signature value sign1.
S54:It generates PKG symmetric keys r3 and data Data6, PKG generates random number r3, as symmetric key, PKG use pair
Claim cryptographic algorithm and key r3 to data Data5, signature value sign1 and sign and issue the data such as time t and be encrypted, generates
Data6, Data6=Er3 (Data5 ‖ sign1 ‖ t).
S55:It generates and transmission data Data7, PKG encrypts r3 with the encrypted public key of registration point to obtain PKG symmetric keys
Ciphertext P (r3), composition data Data7=(P (r3) ‖ Data6), and Data7 is sent to registration point.
The step S6 specifically includes following steps:
S61:Decryption obtains PKG symmetric key r3, and registration point receives the data Data7 that PKG is sent, therefrom extracts PKG
Symmetric key ciphertext P (r3) and data Data6 is used in combination registration point decrypted private key to decrypt P (r3) and obtains PKG symmetric keys r3.
S62:Decryption obtains data Data5, registration point symmetric cryptographic algorithm and symmetric key r3 ciphertext data Data6,
Obtain D (Data6)=(Data5 ‖ sign1 ‖ t), wherein Data5=(username ‖ user identifier ID ‖ terminals number
EID ‖ Er1 (dA ‖ H) ‖ terms of validity).
S63:Verify data, registration point with the public signature key of PKG verification sign1 whether be Data5 signature value, if tested
Card failure then needs to initiate to generate key application to PKG again.
S64:User key is issued into user, for registration point according to user name, user identifier ID, terminals EID will be
Encryption data Er1 (dA ‖ H) ‖ terms of validity ‖ t) it is sent into user's carrier, with r1 decryption Er1 (dA ‖ H) in user's carrier, and verifies H and be
No is the Hash Value of dA.If passing through, private key and related data are stored in safety zone;Conversely, application failure, need to apply again.
It is specific as follows the invention further relates to a kind of system:A kind of user key application suitable for SM9 id passwords is downloaded
The system of security protocol includes:
Registering unit:User is to registration point application for registration user key;
Audit unit:Registration point audits the whether complete conjunction rule of user's application material registration point audit user's application material, if
Do not pass through audit, then interrupt operation, by the further supplementary material of user;If by audit, continue;
Transmission unit:Registration point generates and sends request for data:According to user's application material to key generation centre KGC/
PKG sends request for data packet;
Authentication unit:PKG is received, decryption, is verified request for data packet, obtains user information and registration point symmetric key;
Generation unit:PKG generates and sends user key;
Receiving unit:Registration point receives and verify data, and obtains private key for user ciphertext.
The implementation method of security protocol is downloaded in user key application provided by the invention suitable for SM9 id passwords, is used
Application material, registration point is submitted to audit user's material, organize request for data, including user after the approval to registration point first in family
Ciphertext, username, user identifier, the terminals number of symmetric key etc. that carrier generates, these data are signed
And encryption, it is sent to key generation centre, the data received are decrypted key generation centre and sign test, after being verified,
Private key is generated for user according to user identifier, user's symmetric key encryption is obtained into private key cryptographic ciphertext, by private key ciphertext and category
Property Information Signature and encryption after be sent to registration point, private key ciphertext and attribute information, which are imported user, after registration point decryption verification carries
Body, the interior correctness decrypted and verify private key of carrier.The agreement ensure that the confidentiality, true of user information and user key
Property, integrality and can not tamper.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention
Example, and be used to explain the principle of the present invention together with specification.
Fig. 1 is the security protocol outline flowchart of the present invention.
Fig. 2 is the security protocol flow chart of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the present invention will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of the inventive concept in any manner with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate idea of the invention.
Specific implementation mode
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent method and apparatus of some aspects be described in detail in claims, the disclosure.
Term " first " in description and claims of this specification and the attached drawing, second " etc. is for distinguishing
Different objects, rather than for describing particular order.In addition, term " comprising " and " having " and their any deformations, it is intended that
It is to cover and non-exclusive includes.Such as process, method, system, product or the equipment for containing series of steps or unit do not have
It is defined in the step of having listed or unit, but further includes the steps that optionally not listing or unit, or optionally also wrap
It includes for the intrinsic other steps of these processes, method, product or equipment or unit.
Below with reference to drawings and examples, the present invention is described further, but should not with this come limit the present invention
Protection domain.
It is explained with reference to according to the excellent of the technological thought of security protocol application process present invention as described above
Select embodiment.
Fig. 1 is security protocol outline flowchart, and Fig. 2 is security protocol flow chart.
The specific implementation flow that security protocol is downloaded in a kind of user key application suitable for SM9 id passwords is as follows:
S1, application for registration, user to registration point application for registration user key, registration point is to provide registration and key to the user
The place of application.User submits application material, fills in registration table according to data, user key is signed and issued in application.
S2, registration audit, registration point audit user's application material.Registration point audits the whether complete conjunction of user's application material
Rule, if not passing through audit, interrupt operation, by the further supplementary material of user;If by audit, continue to do following key
Application process.
S3, registration point generate and send request for data, are sent to key generation centre KGC/PKG according to user's application material
Request for data includes the following steps.
S31:Generate user symmetric cryptographic key r1, random number r1 generated using user's carrier, as symmetric key, with
Family carrier inside communicates public key P encryption r1 with PKG and obtains the ciphertext P (r1) of symmetric key, by P (r1) from user's carrier export to
Registration point.User's carrier is the hardware device for having crypto-operation ability with memory space, such as intelligent code key.
S32:Request for data Data1 is generated, registration point extracts related item data in user's registration table, including user's registration
These data and P (r1) are formed Data1 by code, user identifier ID, terminals EID, and (username ‖ is used Data1=
Family identifies ID ‖ terminals EID ‖ P (r1)).
S33:Request for data Data2 is generated, registration point is done digital signature to data Data1 with the signature private key of oneself and obtained
Signature value sign=SIGN (Data1), and generate data packet Data2, Data2=(Data1 ‖ sign)=(username ‖ use
Family identifies ID ‖ terminals EID ‖ P (r1)) ‖ sign).
S34:Registration point symmetric key r2 is generated, registration point generates symmetric keys of the random number r2 as registration point, uses PKG
It communicates public key P and encrypts r2, obtain the symmetric key ciphertext P (r2) of registration point.
S35:Request for data Data3 is generated, registration point encrypts Data2 with symmetric key algorithm E and symmetric key r2, raw
At data packet Data3, Data3=Er2 (Data2).
S36:Generate and send request for data Data4, registration point is by registration point symmetric key ciphertext P (r2) and data
Data3 forms request for data packet Data4 and is sent to PKG, Data4=(P (r2) ‖ Data3).
S4, PKG are received, decryption, are verified request for data packet, obtain user information and registration point symmetric key, steps are as follows:
S41:Decryption obtains registration point symmetric key r2.After PKG receives request for data Data4, data Data3 is therefrom extracted
With registration point symmetric key ciphertext P (r2) registration point symmetric key r2 is obtained with the communication private key d decryption P (r2) of PKG.
S42:Decryption obtains data Data2, PKG symmetric cryptographic algorithm and symmetric key r2 decrypted data packet Data3, obtains
To Dr2 (Data3)=Dr2 (Er2 (Data2))=Data2=(username ‖ user identifier ID ‖ terminals EID ‖ P
(r1)) ‖ sign)=(Data1 | | sign).
S43:Verification signature, PKG extract data Data1 and sign from Data2, the public signature key of registration point are used in combination to verify
Sign whether be Data1 signature, authentication failed then interrupts flow, and returns to error message to registration point.
S44:Decryption obtains user's symmetric key r1, PKG and extracts user symmetric key ciphertext P (r1) from Data1, uses
The communication private key d decryption P (r1) of PKG, obtain user's symmetric key r1.
S5, PKG generate and send user key, and steps are as follows
S51:Private key for user is generated, private key for user is generated for user according to User Identity ID and systematic parameter in PKG
dA。
S52:Private key for user is encrypted, PKG calculates the Hash Value H=Hash (dA) of dA with hash function, then uses symmetrical close
Code algorithm and user's symmetric key r1 encrypt dA and H, generate private key for user ciphertext Er1 (dA ‖ H).
S53:Data Data5 and signature value sign1, PKG are generated by user information and private key for user ciphertext, the private key term of validity
Composition data packet Data5=(username ‖ user identifiers ID ‖ terminals EID ‖ Er1 (dA ‖ H) the ‖ terms of validity), is used in combination
The signature private key of oneself does digital signature to Data5 and obtains signature value sign1.
S54:It generates PKG symmetric keys r3 and data Data6, PKG generates random number r3, as symmetric key, PKG use pair
Claim cryptographic algorithm and key r3 to data Data5, signature value sign1 and sign and issue the data such as time t and be encrypted, generates
Data6, Data6=Er3 (Data5 ‖ sign1 ‖ t).
S55:It generates and transmission data Data7, PKG encrypts r3 with the encrypted public key of registration point to obtain PKG symmetric keys
Ciphertext P (r3), composition data Data7=(P (r3) ‖ Data6), and Data7 is sent to registration point.
S6, registration point receives and verify data, and obtains private key for user ciphertext, and steps are as follows:
S61:Decryption obtains PKG symmetric key r3, and registration point receives the data Data7 that PKG is sent, therefrom extracts PKG
Symmetric key ciphertext P (r3) and data Data6 is used in combination registration point decrypted private key to decrypt P (r3) and obtains PKG symmetric keys r3.
S62:Decryption obtains data Data5, registration point symmetric cryptographic algorithm and symmetric key r3 ciphertext data Data6,
Obtain D (Data6)=(Data5 ‖ sign1 ‖ t), wherein Data5=(username ‖ user identifier ID ‖ terminals number
EID ‖ Er1 (dA ‖ H) ‖ terms of validity).
S63:Verify data, registration point with the public signature key of PKG verification sign1 whether be Data5 signature value, if tested
Card failure then needs to initiate to generate key application to PKG again.
S64:User key is issued into user, for registration point according to user name, user identifier ID, terminals EID will be
Encryption data Er1 (dA ‖ H) ‖ terms of validity ‖ t) it is sent into user's carrier, with r1 decryption Er1 (dA ‖ H) in user's carrier, and verifies H and be
No is the Hash Value of dA.If passing through, private key and related data are stored in safety zone;Conversely, application failure, need to apply again.
The system that security protocol is downloaded in a kind of user key application suitable for SM9 id passwords of the application, including:
Registering unit:User is to registration point application for registration user key;
Audit unit:Registration point audits the whether complete conjunction rule of user's application material registration point audit user's application material, if
Do not pass through audit, then interrupt operation, by the further supplementary material of user;If by audit, continue;
Transmission unit:Registration point generates and sends request for data:According to user's application material to key generation centre KGC/
PKG sends request for data packet;
Authentication unit:PKG is received, decryption, is verified request for data packet, obtains user information and registration point symmetric key;
Generation unit:PKG generates and sends user key;
Receiving unit:Registration point receives and verify data, and obtains private key for user ciphertext.
According to the disclosure and teachings of the above specification, those skilled in the art in the invention can also be to above-mentioned embodiment party
Formula is changed and is changed.Therefore, the invention is not limited in specific implementation modes disclosed and described above, to the present invention's
Some modifications and changes should also be as falling into the scope of the claims of the present invention.In addition, although being used in this specification
Some specific terms, these terms are merely for convenience of description, does not limit the present invention in any way.
Claims (7)
1. the implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords, it is characterised in that:Packet
It includes:
S1, application for registration:User is to registration point application for registration user key;
S2, registration audit:Registration point audits the whether complete conjunction rule of user's application material, if not by auditing, interrupt operation, by
The further supplementary material of user;If by audit, continue;
S3, registration point generate and send request for data:According to user's application material application is sent to key generation centre KGC/PKG
Data packet;
S4, PKG are received, decryption, are verified request for data packet, obtain user information and registration point symmetric key;
S5, PKG generate and send user key;
S6, registration point receives and verify data, and obtains private key for user ciphertext.
2. according to the method described in claim 1, it is characterized in that:Registration point described in the step S1 is to provide note to the user
The place of volume and key application;Wherein user submits application material, fills in registration table according to data, user key is signed and issued in application.
3. according to the method described in claim 1, it is characterized in that:The step S3 specifically includes following steps:
S31:Generate user's symmetric cryptographic key r1:Random number r1 is generated using user's carrier, as symmetric key, is carried in user
Internal portion communicates public key P encryptions r1 with PKG and obtains the ciphertext P (r1) of symmetric key, and P (r1) is exported from user's carrier to registration
Point;
User's carrier is the hardware device for having crypto-operation ability with memory space;
S32:Generate request for data Data1:Registration point extracts related item data in user's registration table, including user's registration code, use
Family identifies ID, terminals EID, these data and P (r1) are formed Data1, Data1=(username ‖ user identifiers
ID ‖ terminals EID ‖ P (r1));
S33:Generate request for data Data2:Registration point does digital signature to data Data1 with the signature private key of oneself and is signed
Value sign=SIGN (Data1), and generate data packet Data2, Data2=(Data1 ‖ sign)=(username ‖ user mark
Know ID ‖ terminals EID ‖ P (r1)) ‖ sign);
S34:Generate registration point symmetric key r2:Registration point generates symmetric keys of the random number r2 as registration point, is communicated with PKG
Public key P encrypts r2, obtains the symmetric key ciphertext P (r2) of registration point;
S35:Generate request for data Data3:Registration point encrypts Data2 with symmetric key algorithm E and symmetric key r2, generates number
According to packet Data3, Data3=Er2 (Data2);
S36:It generates and sends request for data Data4:Registration point is by registration point symmetric key ciphertext P (r2) and data Data3 groups
At request for data packet Data4 and it is sent to PKG, Data4=(P (r2) ‖ Data3).
4. according to the method described in claim 1, it is characterized in that:The step S4 specifically includes following steps:
S41:Decryption obtains registration point symmetric key r2:After PKG receives request for data Data4, data Data3 and note are therefrom extracted
Volume point symmetry key ciphertext P (r2) obtains registration point symmetric key r2 with the communication private key d decryption P (r2) of PKG;
S42:Decryption obtains data Data2:PKG symmetric cryptographic algorithms and symmetric key r2 decrypted data packet Data3, obtain
Dr2 (Data3)=Dr2 (Er2 (Data2))=Data2=(username ‖ user identifier ID ‖ terminals EID ‖ P
(r1)) ‖ sign)=(Data1 | | sign);
S43:Verification signature, PKG extract data Data1 and sign from Data2, and being used in combination the public signature key of registration point to verify sign is
No is the signature of Data1, and authentication failed then interrupts flow, and returns to error message to registration point;
S44:Decryption obtains user's symmetric key r1, PKG and extracts user symmetric key ciphertext P (r1) from Data1, with PKG's
Private key d decryption P (r1) are communicated, user's symmetric key r1 is obtained.
5. according to the method described in claim 1, it is characterized in that:The step S5 specifically includes following steps:
S51:Private key for user is generated, private key for user dA is generated for user according to User Identity ID and systematic parameter in PKG.
S52:Private key for user is encrypted, PKG calculates the Hash Value H=Hash (dA) of dA with hash function, then calculated with symmetric cryptography
Method and user's symmetric key r1 encrypt dA and H, generate private key for user ciphertext Er1 (dA ‖ H);
S53:Data Data5 and signature value sign1, PKG is generated to form user information and private key for user ciphertext, the private key term of validity
Data packet Data5=(username ‖ user identifiers ID ‖ terminals EID ‖ Er1 (dA ‖ H) the ‖ terms of validity), is used in combination oneself
Signature private key digital signature done to Data5 obtain signature value sign1;
S54:PKG symmetric keys r3 and data Data6 are generated, PKG generates random number r3, and as symmetric key, PKG uses symmetrical close
Code algorithm and key r3 to data Data5, signature value sign1 and sign and issue the data such as time t and are encrypted, and generate Data6,
Data6=Er3 (Data5 ‖ sign1 ‖ t);
S55:It generates and transmission data Data7, PKG encrypts r3 with the encrypted public key of registration point to obtain PKG symmetric key ciphertexts P
(r3), composition data Data7=(P (r3) ‖ Data6), and Data7 is sent to registration point.
6. according to the method described in claim 1, it is characterized in that:The step S6 specifically includes following steps:
S61:Decryption obtains PKG symmetric key r3, and registration point receives the data Data7 that PKG is sent, and it is symmetrical therefrom to extract PKG
Key ciphertext P (r3) and data Data6 is used in combination registration point decrypted private key to decrypt P (r3) and obtains PKG symmetric keys r3;
S62:Decryption obtains data Data5, registration point symmetric cryptographic algorithm and symmetric key r3 ciphertext data Data6, obtains D
(Data6)=(Data5 ‖ sign1 ‖ t), wherein Data5=(username ‖ user identifier ID ‖ terminals EID ‖ Er1
(dA ‖ H) ‖ terms of validity);
S63:Verify data, whether registration point is the signature value of Data5 with the public signature key verification sign1 of PKG, if verifying mistake
It loses, then needs to initiate to generate key application to PKG again;
S64:User key is issued into user, registration point will encrypt number according to user name, user identifier ID, terminals EID
According to Er1 (dA ‖ H) ‖ terms of validity ‖ t) it is sent into user's carrier, the interior r1 decryption Er1 (dA ‖ H) of user's carrier, and verify whether H is dA
Hash Value.If passing through, private key and related data are stored in safety zone;Conversely, application failure, need to apply again.
7. the system that security protocol is downloaded in a kind of user key application suitable for SM9 id passwords, it is characterised in that:Including
Registering unit:User is to registration point application for registration user key;
Audit unit:Registration point audits the whether complete conjunction rule of user's application material registration point audit user's application material, if not leading to
Audit is crossed, then interrupt operation, by the further supplementary material of user;If by audit, continue;
Transmission unit:Registration point generates and sends request for data:It is sent out to key generation centre KGC/PKG according to user's application material
Send request for data packet;
Authentication unit:PKG is received, decryption, is verified request for data packet, obtains user information and registration point symmetric key;
Generation unit:PKG generates and sends user key;
Receiving unit:Registration point receives and verify data, and obtains private key for user ciphertext.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810312385.3A CN108599950A (en) | 2018-04-09 | 2018-04-09 | The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810312385.3A CN108599950A (en) | 2018-04-09 | 2018-04-09 | The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108599950A true CN108599950A (en) | 2018-09-28 |
Family
ID=63621151
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810312385.3A Pending CN108599950A (en) | 2018-04-09 | 2018-04-09 | The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108599950A (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981665A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | Resource provider method and device, resource access method and device and system |
CN109981666A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | A kind of cut-in method, access system and access server |
CN109981667A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | A kind of user data transmission method and device |
CN110166239A (en) * | 2019-06-04 | 2019-08-23 | 成都卫士通信息产业股份有限公司 | Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment |
CN110519041A (en) * | 2019-07-29 | 2019-11-29 | 同济大学 | A kind of attribute base encryption method based on SM9 mark encryption |
CN111106936A (en) * | 2019-11-27 | 2020-05-05 | 国家电网有限公司 | SM 9-based attribute encryption method and system |
CN111262704A (en) * | 2020-01-15 | 2020-06-09 | 江苏芯盛智能科技有限公司 | SM9 digital signature generation method and device, computer equipment and storage medium |
CN111490871A (en) * | 2020-03-13 | 2020-08-04 | 南京南瑞国盾量子技术有限公司 | SM9 key authentication method and system based on quantum key cloud and storage medium |
CN112398652A (en) * | 2021-01-20 | 2021-02-23 | 北京信安世纪科技股份有限公司 | Method, device, equipment and storage medium for determining R-ate pair |
CN112787822A (en) * | 2021-01-05 | 2021-05-11 | 贵州大学 | SM 9-based attribute encryption method and system under large attribute set |
CN113067823A (en) * | 2021-03-22 | 2021-07-02 | 西安电子科技大学 | Mail user identity authentication and key distribution method, system, device and medium |
CN113572612A (en) * | 2021-06-22 | 2021-10-29 | 南京南瑞信息通信科技有限公司 | Private key distribution method for SM9 cryptographic algorithm, user terminal and key generation center |
CN114765534A (en) * | 2020-12-31 | 2022-07-19 | 天翼数字生活科技有限公司 | Private key distribution system based on national password identification cryptographic algorithm |
CN114928491A (en) * | 2022-05-20 | 2022-08-19 | 国网江苏省电力有限公司信息通信分公司 | Internet of things security authentication method, device and system based on identification cryptographic algorithm |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080045214A1 (en) * | 2005-04-30 | 2008-02-21 | Kai Wen | Method for authenticating user terminal in IP multimedia sub-system |
CN107438005A (en) * | 2017-06-21 | 2017-12-05 | 深圳奥联信息安全技术有限公司 | SM9 Combination with Digital endorsement method and device |
CN107809311A (en) * | 2017-09-30 | 2018-03-16 | 飞天诚信科技股份有限公司 | The method and system that a kind of unsymmetrical key based on mark is signed and issued |
-
2018
- 2018-04-09 CN CN201810312385.3A patent/CN108599950A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080045214A1 (en) * | 2005-04-30 | 2008-02-21 | Kai Wen | Method for authenticating user terminal in IP multimedia sub-system |
CN107438005A (en) * | 2017-06-21 | 2017-12-05 | 深圳奥联信息安全技术有限公司 | SM9 Combination with Digital endorsement method and device |
CN107809311A (en) * | 2017-09-30 | 2018-03-16 | 飞天诚信科技股份有限公司 | The method and system that a kind of unsymmetrical key based on mark is signed and issued |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981665A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | Resource provider method and device, resource access method and device and system |
CN109981666A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | A kind of cut-in method, access system and access server |
CN109981667A (en) * | 2019-04-01 | 2019-07-05 | 北京纬百科技有限公司 | A kind of user data transmission method and device |
CN109981667B (en) * | 2019-04-01 | 2020-07-03 | 北京纬百科技有限公司 | User data transmission method and device |
CN110166239A (en) * | 2019-06-04 | 2019-08-23 | 成都卫士通信息产业股份有限公司 | Private key for user generation method, system, readable storage medium storing program for executing and electronic equipment |
CN110166239B (en) * | 2019-06-04 | 2023-01-06 | 成都卫士通信息产业股份有限公司 | User private key generation method and system, readable storage medium and electronic device |
CN110519041A (en) * | 2019-07-29 | 2019-11-29 | 同济大学 | A kind of attribute base encryption method based on SM9 mark encryption |
CN110519041B (en) * | 2019-07-29 | 2021-09-03 | 同济大学 | Attribute-based encryption method based on SM9 identification encryption |
CN111106936A (en) * | 2019-11-27 | 2020-05-05 | 国家电网有限公司 | SM 9-based attribute encryption method and system |
CN111106936B (en) * | 2019-11-27 | 2023-04-21 | 国家电网有限公司 | SM 9-based attribute encryption method and system |
CN111262704A (en) * | 2020-01-15 | 2020-06-09 | 江苏芯盛智能科技有限公司 | SM9 digital signature generation method and device, computer equipment and storage medium |
CN111490871A (en) * | 2020-03-13 | 2020-08-04 | 南京南瑞国盾量子技术有限公司 | SM9 key authentication method and system based on quantum key cloud and storage medium |
CN114765534B (en) * | 2020-12-31 | 2023-09-19 | 天翼数字生活科技有限公司 | Private key distribution system and method based on national secret identification cryptographic algorithm |
CN114765534A (en) * | 2020-12-31 | 2022-07-19 | 天翼数字生活科技有限公司 | Private key distribution system based on national password identification cryptographic algorithm |
CN112787822A (en) * | 2021-01-05 | 2021-05-11 | 贵州大学 | SM 9-based attribute encryption method and system under large attribute set |
CN112787822B (en) * | 2021-01-05 | 2022-04-12 | 贵州大学 | SM 9-based attribute encryption method and system under large attribute set |
CN112398652A (en) * | 2021-01-20 | 2021-02-23 | 北京信安世纪科技股份有限公司 | Method, device, equipment and storage medium for determining R-ate pair |
CN113067823B (en) * | 2021-03-22 | 2021-11-23 | 西安电子科技大学 | Mail user identity authentication and key distribution method, system, device and medium |
CN113067823A (en) * | 2021-03-22 | 2021-07-02 | 西安电子科技大学 | Mail user identity authentication and key distribution method, system, device and medium |
CN113572612A (en) * | 2021-06-22 | 2021-10-29 | 南京南瑞信息通信科技有限公司 | Private key distribution method for SM9 cryptographic algorithm, user terminal and key generation center |
CN114928491A (en) * | 2022-05-20 | 2022-08-19 | 国网江苏省电力有限公司信息通信分公司 | Internet of things security authentication method, device and system based on identification cryptographic algorithm |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108599950A (en) | The implementation method of security protocol is downloaded in a kind of user key application suitable for SM9 id passwords | |
CN109672539B (en) | SM2 algorithm collaborative signature and decryption method, device and system | |
CN104579694B (en) | A kind of identity identifying method and system | |
CN103763631B (en) | Authentication method, server and television set | |
CN103699920B (en) | RF identification mutual authentication method based on elliptic curve | |
CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
CN111512608B (en) | Trusted execution environment based authentication protocol | |
CN107196966A (en) | The identity identifying method and system of multi-party trust based on block chain | |
US20100031051A1 (en) | Protocol And Method For Client-Server Mutual Authentication Using Event-Based OTP | |
JP4130653B2 (en) | Pseudo public key encryption method and system | |
CN102595213B (en) | Security certificate method and system of credible TV terminal | |
CN104796265A (en) | Internet-of-things identity authentication method based on Bluetooth communication access | |
CN106548353A (en) | A kind of commodity counterfeit prevention code is generated and verification method | |
CN101296083A (en) | Enciphered data transmission method and system | |
CN108199844A (en) | Method for supporting off-line SM9 algorithm key first application downloading | |
CN112165386B (en) | Data encryption method and system based on ECDSA | |
JP2017163612A (en) | Terminal authentication system, server device, and terminal authentication method | |
Niu et al. | A novel user authentication scheme with anonymity for wireless communications | |
CN114448641A (en) | Privacy encryption method, electronic equipment, storage medium and chip | |
CN109218251B (en) | Anti-replay authentication method and system | |
US20240106633A1 (en) | Account opening methods, systems, and apparatuses | |
CN114331456A (en) | Communication method, device, system and readable storage medium | |
CN115865520B (en) | Authentication and access control method with privacy protection in mobile cloud service environment | |
CN106788997A (en) | A kind of real-time multimedia encryption method based on id password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180928 |
|
RJ01 | Rejection of invention patent application after publication |