CN110048843A - Session key transmission method, equipment and computer readable storage medium - Google Patents

Session key transmission method, equipment and computer readable storage medium Download PDF

Info

Publication number
CN110048843A
CN110048843A CN201910466910.1A CN201910466910A CN110048843A CN 110048843 A CN110048843 A CN 110048843A CN 201910466910 A CN201910466910 A CN 201910466910A CN 110048843 A CN110048843 A CN 110048843A
Authority
CN
China
Prior art keywords
node
isp
information
isp node
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910466910.1A
Other languages
Chinese (zh)
Other versions
CN110048843B (en
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201910466910.1A priority Critical patent/CN110048843B/en
Publication of CN110048843A publication Critical patent/CN110048843A/en
Application granted granted Critical
Publication of CN110048843B publication Critical patent/CN110048843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Abstract

The embodiment of the present invention provides a kind of session key transmission method, equipment and computer readable storage medium.The embodiment of the present invention is when the user node generates the user node and communicates required session key with the first ISP node, the user node encrypts the session key using the public key of the first ISP node, and encrypted session key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that possessing identical session key between the user node and the first ISP node, and other nodes other than the user node and the first ISP node can not get the session key, to improve the safety communicated between the user node and the first ISP node.

Description

Session key transmission method, equipment and computer readable storage medium
Technical field
The present embodiments relate to field of communication technology more particularly to a kind of session key transmission methods, equipment and calculating Machine readable storage medium storing program for executing.
Background technique
With the development of intelligent terminal, user can install a variety of different application programs on intelligent terminal (Application, APP), different APP may provide the user with different services.
But user needs Internet Service Provider corresponding in the APP when installing APP on intelligent terminal It is registered on (Internet Service Provider, ISP) server, due to the Internet Service Provider of different APP Difference, therefore, user need to register on different isp servers.The APP number installed on intelligent terminal with user Amount is increasing, if the username and password that user registers on different isp servers is, it is easy to lead to user Name and password leakage.If the username and password that user registers on different isp servers is different, and will lead to user It is difficult to remember the corresponding username and password of each APP.In order to solve this problem, the prior art is proposed is saved by large-scale ISP Point, for example, Facebook, Twiter, wechat, Alipay etc. construct alliance's block chain, when user is in some large size ISP node In registered username and password after, large size ISP node can be alliance's block chain in other ISP nodes, for example, small Type ISP node provides the query service of the username and password of the user.
In the prior art, when user node and small-sized ISP node are communicated, between user node and small-sized ISP node A session key is needed, if the user node is the line node in block chain network, which is being generated After session key, the public key of the small-sized ISP node can be inquired from the block chain account book of the block chain network, using the public affairs Key encrypts the session key, and encrypted session key is sent to small-sized ISP node, will there was only the user in this way Node and small-sized ISP node possess the session key.But if the user node does not have the ability of access block chain, i.e., When the user node is not the line node in the block chain network, which will be unable to get the small-sized ISP node Public key, to not can guarantee the safe transmission of session key.If actively provided by the small-sized ISP node to the user node The public key of the small-sized ISP node, and be possible to will lead to the public key and be distorted by the intermediate node of malice, so as to cause small-sized ISP The safety communicated between node and the user node is lower.
Summary of the invention
The embodiment of the present invention provides a kind of session key transmission method, equipment and computer readable storage medium, to improve The safety communicated between the user node and the first ISP node.
In a first aspect, the embodiment of the present invention provides a kind of session key transmission method, comprising:
First Internet Service Provider's ISP node receives the logging request that user node is sent, the logging request packet The identification information of the user node is included, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to by the first ISP node The 2nd ISP node in block chain network, the user node registered in the 2nd ISP node;
The first ISP node receives the first information that the 2nd ISP node is sent, and the first information is described the Two ISP nodes are using the shared key between the 2nd ISP node and the user node to the public affairs of the first ISP node Key is encrypted, and obtains the first encryption information, and carry out to first encryption information using the private key of the 2nd ISP node The information obtained after signature;
The first ISP node is according to the public key of the 2nd ISP node, to the 2nd ISP described in the first information The private key signature of node is verified;
After the first ISP node is verified the private key signature of the 2nd ISP node, described first is encrypted Information is sent to the user node by the point-to-point P2P mode of short message mode or IP address;
The first ISP node receives the second information that the user node is sent, and second information is the user The letter that node is obtained after being encrypted using the session key that the public key of the first ISP node generates the user node Breath;
The first ISP node obtains the session key, the session key is for described according to second information First ISP node and the user node are communicated.
Second aspect, the embodiment of the present invention provide a kind of session key transmission method, comprising:
2nd ISP node receives the identification information and the first ISP node for the user node that the first ISP node is sent Public key, the user node registered in the 2nd ISP node;
The 2nd ISP node determines the 2nd ISP node and the use according to the identification information of the user node Shared key between the node of family;
The 2nd ISP node encrypts the public key of the first ISP node using the shared key, obtains the One encryption information, and first encryption information is signed to obtain the first information using the private key of the 2nd ISP node;
The first information is sent to the first ISP node by the 2nd ISP node.
The third aspect, the embodiment of the present invention provide a kind of session key transmission method, comprising:
User node sends logging request to the first ISP node, and the logging request includes the mark of the user node Information, the user node registered not in the first ISP node;
The user node receives the first ISP node by the point-to-point P2P mode of short message mode or IP address The first encryption information sent, first encryption information are using shared between the 2nd ISP node and the user node The information that the public key of first ISP node described in key pair obtains after being encrypted, the user node is in the 2nd ISP node In registered;
The user node is decrypted first encryption information using the shared key, obtains described first The public key of ISP node;
The user node generates session key, and using the public key of the first ISP node to the session key into Row encryption obtains the second information;
The user node sends second information to the first ISP node so that the first ISP node according to Second information, obtains the session key, the session key for the first ISP node and the user node into Row communication.
Fourth aspect, the embodiment of the present invention provide a kind of first Internet Service Provider's ISP node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following Operation:
The logging request that user node is sent is received by the communication interface, the logging request includes user's section The identification information of point, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to by the communication interface The 2nd ISP node in block chain network, the user node registered in the 2nd ISP node;
The first information that the 2nd ISP node is sent is received by the communication interface, the first information is described 2nd ISP node is using the shared key between the 2nd ISP node and the user node to the first ISP node Public key is encrypted, and obtains the first encryption information, and using the private key of the 2nd ISP node to first encryption information into The information obtained after row signature;
According to the public key of the 2nd ISP node, to the private key signature of the 2nd ISP node described in the first information into Row verifying;
After the first ISP node is verified the private key signature of the 2nd ISP node, connect by the communication First encryption information is sent to the user node by the point-to-point P2P mode of short message mode or IP address by mouth;
The second information that the user node is sent is received by the communication interface, second information is the user The letter that node is obtained after being encrypted using the session key that the public key of the first ISP node generates the user node Breath;
According to second information, the session key is obtained, the session key is used for the first ISP node and institute User node is stated to be communicated.
5th aspect, the embodiment of the present invention provide a kind of 2nd ISP node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following Operation:
The identification information and the first ISP of the user node that the first ISP node is sent are received by the communication interface The public key of node, the user node registered in the 2nd ISP node;
According to the identification information of the user node, being total between the 2nd ISP node and the user node is determined Enjoy key;
It is encrypted using public key of the shared key to the first ISP node, obtains the first encryption information, and adopt First encryption information is signed to obtain the first information with the private key of the 2nd ISP node;
The first information is sent to the first ISP node by the communication interface.
6th aspect, the embodiment of the present invention provide a kind of user node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following Operation:
Logging request is sent to the first ISP node by the communication interface, the logging request includes user's section The identification information of point, the user node registered not in the first ISP node;
Through the communication interface in a manner of short message or the point-to-point P2P mode of IP address receives the first ISP section The first encryption information that point is sent, first encryption information are using being total between the 2nd ISP node and the user node Enjoy the first ISP node described in key pair public key encrypted after obtained information, the user node saves in the 2nd ISP It was registered in point;
First encryption information is decrypted using the shared key, obtains the public key of the first ISP node;
It generates session key, and is encrypted to obtain the to the session key using the public key of the first ISP node Two information;
Second information is sent to the first ISP node by the communication interface, so that the first ISP node According to second information, the session key is obtained, the session key is saved for the first ISP node and the user Point is communicated.
7th aspect, the embodiment of the present invention provide a kind of session key Transmission system, the system comprises:
First ISP node described in fourth aspect, the 5th aspect described in the 2nd ISP node and the 6th aspect described in User node.
Eighth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program, The computer program is executed by processor to realize first aspect, second aspect, method described in the third aspect.
Session key transmission method, equipment and computer readable storage medium provided in an embodiment of the present invention, pass through user The identification information of the public key of first ISP node and the user node is sent to this by the first ISP node of the unregistered mistake of node The 2nd registered ISP node of user node, so that identification information of the 2nd ISP node according to the user node, determining should Shared key between 2nd ISP node and the user node, and using the shared key to the public key of the first ISP node into Row encryption obtains the first encryption information, after the first ISP node gets first encryption information from the 2nd ISP node, leads to First encryption information is sent to user node by the point-to-point P2P mode of too short information mode or IP address, so that the user Node can be decrypted first encryption information according to the shared key, obtain the public key of the first ISP node.When the use When family node generates the user node and communicates required session key with the first ISP node, the user node using this first The public key of ISP node encrypts the session key, and encrypted session key is sent to the first ISP node, so that First ISP node is available to arrive the session key, so that possessing phase between the user node and the first ISP node With session key, and can not to get the session close for other nodes other than the user node and the first ISP node Key, to improve the safety communicated between the user node and the first ISP node.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of application scenarios provided in an embodiment of the present invention;
Fig. 2 is session key transmission method flow chart provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides session key transmission method flow chart;
Fig. 4 be another embodiment of the present invention provides session key transmission method flow chart;
Fig. 5 be another embodiment of the present invention provides session key transmission method flow chart;
Fig. 6 is the structural schematic diagram of the first Internet Service Provider ISP node provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of the 2nd ISP node provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram of user node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Session key transmission method provided in an embodiment of the present invention, can be adapted for communication system shown in FIG. 1.Such as Fig. 1 Shown, which includes: node 1- Internet Service Provider, Internet Service Provider node 5 and user node, Wherein, Internet Service Provider's node 1 can be small-sized ISP node, Internet Service Provider's node 2- Internet service Provider's node 5 can be large-scale ISP node, for example, the Internet services such as Facebook, Twiter, wechat, Alipay provide The node of quotient.User node specifically can be subscriber terminal equipment.Wherein, Internet Service Provider's node 2- Internet service The large size ISP nodes such as provider's node 5 can construct alliance's block chain.Optionally, Internet Service Provider's node 2- is interconnected Each node in net service provider node 5 accesses in alliance's block chain as a block chain service node, and is it His ISP node or user node provide identity authentication service.Optionally, interconnection is stored in the wound generation block of alliance's block chain The block chain mark of each node, public key, IP address etc. are believed in net service provider node 2- Internet Service Provider node 5 Breath.Node 2- Internet Service Provider, Internet Service Provider node 5 as alliance's block chain wound generation node to this Alliance's block chain is managed.For example, node 2- Internet Service Provider, Internet Service Provider node 5 can determine be No some ISP node of permission, for example, some small-sized ISP node is linked into alliance's block chain.For example, Internet service mentions It can be for quotient's node 1 and user node and agree to by node 2- Internet Service Provider, Internet Service Provider node 5 The node being linked into alliance's block chain afterwards.
In this example, it is assumed that user node is in node 2- Internet Service Provider, Internet Service Provider node Registration was carried out on any one alliance's block chain node in 5, that is to say, that the internet Internet Service Provider node 2- The registration information of the user node was recorded on any one alliance's block chain node in service provider node 5, and will The registration information has been stored in the account book of alliance's block chain.Possess between user node and alliance's block chain node share it is close Key, i.e. user node are communicated with alliance's block chain node by the shared key.For example, user node takes in internet Be engaged in provider's node 2 on registered user information, possess between user node and Internet Service Provider's node 2 share it is close Key.The user node is not in small-sized ISP node, for example, carrying out registration on Internet Service Provider's node 1.
Session key transmission method provided in an embodiment of the present invention, it is intended to solve the technical problem as above of the prior art.
How to be solved with technical solution of the specifically embodiment to technical solution of the present invention and the application below above-mentioned Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is session key transmission method flow chart provided in an embodiment of the present invention.The embodiment of the present invention is directed to existing skill The technical problem as above of art provides session key transmission method, and specific step is as follows for this method:
Step 201, first Internet Service Provider's ISP node receive the logging request that user node is sent, described to step on Record request includes the identification information of the user node, and the user node registered not in the first ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1 Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node Volume crosses user information.When the user node needs to log in the small-sized ISP node, which can save to the small-sized ISP Point sends logging request, which includes the identification information of the user node.Correspondingly, the small-sized ISP node is received and is somebody's turn to do The logging request that user node is sent, and obtain from the logging request identification information of the user node.
Step 202, the first ISP node are by the public affairs of the identification information of the user node and the first ISP node Key is sent to the 2nd ISP node in block chain network, and the user node registered in the 2nd ISP node.
The 2nd ISP node in the present embodiment specifically can be Internet Service Provider's node 2 as shown in Figure 1.It should Small-sized ISP node after the identification information for obtaining the user node in the logging request, by the identification information of the user node and Into the block chain network, which specifically can be including as described above the public key broadcasts of small-sized ISP node oneself Alliance's block chain node network.Correspondingly, alliance's block chain node in the block chain network can receive the use The public key of the identification information of family node and small-sized ISP node oneself.In other embodiments, which can also incite somebody to action The public key one of block the chain mark and the small-sized ISP node oneself of the identification information of the user node, the small-sized ISP node oneself It rises and is broadcast in the block chain network.
Step 203, the first ISP node receive the first information that the 2nd ISP node is sent, the first information It is that the 2nd ISP node uses the shared key between the 2nd ISP node and the user node to the first ISP The public key of node is encrypted, and obtains the first encryption information, and using the private key of the 2nd ISP node to first encryption The information that information obtains after being signed.
When Internet Service Provider's node 2 in the block chain network receives the identification information of the user node and small After the public key of type ISP node oneself, first according to the identification information of the user node, Internet Service Provider's node 2 is determined Shared key between the user node, further, using the shared key and according to the first Encryption Algorithm made an appointment The public key of the small-sized ISP node is encrypted, the first encryption information is obtained, further, Internet Service Provider's node 2 Private key signature is carried out to first encryption information using the private key of oneself, obtains the first information, and the first information is passed through extensively The mode broadcast is broadcast in the block chain network so that the small-sized ISP node in the block chain network can receive this One information.
Step 204, the first ISP node are according to the public key of the 2nd ISP node, to described in the first information The private key signature of 2nd ISP node is verified.
After the small-sized ISP node receives the first information, the corresponding block chain account book of the block chain network is inquired first, Inquiry gets the public key of Internet Service Provider's node 2 from the block chain account book, and is provided using Internet service The public key of quotient's node 2 verifies the private key signature of Internet Service Provider's node 2 in the first information.
Step 205, after the first ISP node is verified the private key signature of the 2nd ISP node, will be described First encryption information is sent to the user node by the point-to-point P2P mode of short message mode or IP address.
If the small-sized ISP node tests the private key signature of Internet Service Provider's node 2 in the first information Card passes through, then first encryption information is sent to user node by the small-sized ISP node, which is institute as above The public key using the shared key between Internet Service Provider's node 2 and the user node to the small-sized ISP node stated The information obtained after being encrypted.
Specifically, since the user node may be intelligent terminal, the considerations of for power consumption, which is not suitable for Line node is used as in the block chain network, that is to say, that the intelligent terminal is in off-line state in the block chain network. At this point, the user node and the small-sized ISP node just need single-line link, for example, the user node and the small-sized ISP node can Point-to-point (Peer-to-Peer, the P2P) mode of either IP address is led in a manner of the short message by mobile switch net Letter.Therefore, which can be believed first encryption by the point-to-point P2P mode of short message mode or IP address Breath is sent to user node.
Step 206, the first ISP node receive the second information that the user node is sent, and second information is The user node is obtained after being encrypted using the session key that the public key of the first ISP node generates the user node The information arrived.
After the user node receives first encryption information, the first encryption made an appointment as described above is calculated Shared key between the corresponding decipherment algorithm of method and the user node and Internet Service Provider's node 2 to this One encryption information is decrypted, and obtains the public key of the small-sized ISP node.Further, which can be generated the user Required session key is communicated between node and the small-sized ISP node, and using according to the second Encryption Algorithm made an appointment should The public key of small-sized ISP node encrypts the session key, obtains the second information, and it is small-sized that second information is sent to this ISP node, specifically, the user node second can be believed this by the point-to-point P2P mode of short message mode or IP address Breath is sent to the small-sized ISP node.Correspondingly, the point-to-point side P2P that the small-sized ISP node passes through short message mode or IP address Formula receives second information.
It is appreciated that can using the second Encryption Algorithm that the public key of the small-sized ISP node encrypts the session key With and the mentioned-above shared key using between Internet Service Provider's node 2 and the user node to the small-sized ISP The first Encryption Algorithm that the public key of node is encrypted is identical, can also be different.
Step 207, the first ISP node obtain the session key, the session key according to second information It is communicated for the first ISP node and the user node.
When the small-sized ISP node receives second information, session key is obtained from second information, it is subsequent small-sized Communication between ISP node and user node will be carried out using the session key.
Optionally, the first ISP node obtains the session key according to second information, including;Described first ISP node is decrypted second information using the private key of the first ISP node, obtains the session key.
For example, when the small-sized ISP node receives second information, it is corresponding according to the second Encryption Algorithm made an appointment Decipherment algorithm and second information is decrypted using the private key of the small-sized ISP node, obtain the session key.In this way Identical session key will be possessed between the user node and the small-sized ISP node.
The embodiment of the present invention by the first ISP node of the unregistered mistake of user node by the public key of the first ISP node and The identification information of the user node is sent to the 2nd registered ISP node of the user node so that the 2nd ISP node according to The identification information of the user node determines the shared key between the 2nd ISP node and the user node, and shared using this The public key of the first ISP node of key pair is encrypted to obtain the first encryption information, and the first ISP node is saved from the 2nd ISP After point gets first encryption information, first encryption is believed by the point-to-point P2P mode of short message mode or IP address Breath is sent to user node, which is decrypted first encryption information according to the shared key, obtains To the public key of the first ISP node.Required session is communicated with the first ISP node when the user node generates the user node When key, which encrypts the session key using the public key of the first ISP node, and by encrypted session Key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that the user saves Possess identical session key between point and the first ISP node, and other than the user node and the first ISP node Other nodes can not get the session key, to improve the peace communicated between the user node and the first ISP node Quan Xing.
On the basis of the above embodiments, the first ISP node is by the identification information of the user node and described The public key of one ISP node is sent to the 2nd ISP node in block chain network, including following steps as shown in Figure 3:
Step 301, the first ISP node are inquired from the corresponding block chain account book of the block chain network described in acquisition The public key of 2nd ISP node.
For example, when small-sized ISP node receives the logging request of user node transmission, and obtaining from the logging request should After the identification information of user node, which can inquire the corresponding block chain account book of the block chain network, the area Bing Conggai Inquiry obtains the public key of Internet Service Provider's node 2 in block chain account book.
Step 302, the first ISP node use the public key of the 2nd ISP node to the mark of the user node The public key of information and the first ISP node is encrypted, and the second encryption information is obtained.
The small-sized ISP node uses the public key of Internet Service Provider's node 2 to the identification information of the user node It is encrypted with the public key of the small-sized ISP node oneself, obtains the second encryption information.
Step 303, the first ISP node using the first ISP node private key to second encryption information into Row signature, obtains signing messages.
The small-sized ISP node signs to the second encryption information using the private key of the small-sized ISP node oneself, is signed Name information.
The signing messages is sent to the 2nd ISP node by step 304, the first ISP node.
The signing messages is broadcast in the block chain network by the small-sized ISP node, so that mutual in the block chain network The Internet services provider node 2 can receive the signing messages.
Correspondingly, after Internet Service Provider's node 2 receives the signing messages, first according to the small-sized ISP The block chain of node identifies, and the public key of the small-sized ISP node is inquired in block chain account book.And according to the small-sized ISP node Public key the private key signature of the small-sized ISP node in the signing messages is verified, if the verification passes, then the internet take Be engaged in provider's node 2 obtain second encryption information, and according to the private key of Internet Service Provider's node 2 to this second plus Confidential information is decrypted, and obtains the identification information of the user node and the public key of the small-sized ISP node oneself.
Fig. 4 be another embodiment of the present invention provides session key transmission method flow chart.Session provided in this embodiment Cipher key transmission methods specifically comprise the following steps:
Step 401, the 2nd ISP node receive the identification information and described first for the user node that the first ISP node is sent The public key of ISP node, the user node registered in the 2nd ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1 Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node Volume crosses user information.When the user node needs to log in the small-sized ISP node, which can save to the small-sized ISP Point sends logging request, which includes the identification information of the user node.Correspondingly, the small-sized ISP node is received and is somebody's turn to do The logging request that user node is sent, and obtain from the logging request identification information of the user node.
The 2nd ISP node in the present embodiment specifically can be Internet Service Provider's node 2 as shown in Figure 1.It should Small-sized ISP node after the identification information for obtaining the user node in the logging request, by the identification information of the user node and Into the block chain network, which specifically can be including as described above the public key broadcasts of small-sized ISP node oneself Alliance's block chain node network.Correspondingly, alliance's block chain node in the block chain network can receive the use The public key of the identification information of family node and small-sized ISP node oneself.In other embodiments, which can also incite somebody to action The public key one of block the chain mark and the small-sized ISP node oneself of the identification information of the user node, the small-sized ISP node oneself It rises and is broadcast in the block chain network.Correspondingly, Internet Service Provider's node 2 receive the user node identification information and The public key of the small-sized ISP node.
Step 402, the 2nd ISP node determine the 2nd ISP node according to the identification information of the user node Shared key between the user node.
When Internet Service Provider's node 2 in the block chain network receives the identification information of the user node and small After the public key of type ISP node oneself, first according to the identification information of the user node, Internet Service Provider's node 2 is determined Shared key between the user node.
Step 403, the 2nd ISP node add the public key of the first ISP node using the shared key It is close, the first encryption information is obtained, and signed to obtain to first encryption information using the private key of the 2nd ISP node The first information.
Internet Service Provider's node 2 is further calculated using the shared key and according to the first encryption made an appointment Method encrypts the public key of the small-sized ISP node, obtains the first encryption information, further, Internet Service Provider section Point 2 carries out private key signature to first encryption information using the private key of oneself, obtains the first information.
The first information is sent to the first ISP node by step 404, the 2nd ISP node.
The first information is broadcast in the block chain network by Internet Service Provider's node 2 by way of broadcast, So that the small-sized ISP node in the block chain network can receive the first information.
The embodiment of the present invention by the first ISP node of the unregistered mistake of user node by the public key of the first ISP node and The identification information of the user node is sent to the 2nd registered ISP node of the user node so that the 2nd ISP node according to The identification information of the user node determines the shared key between the 2nd ISP node and the user node, and shared using this The public key of the first ISP node of key pair is encrypted to obtain the first encryption information, and the first ISP node is saved from the 2nd ISP After point gets first encryption information, first encryption is believed by the point-to-point P2P mode of short message mode or IP address Breath is sent to user node, which is decrypted first encryption information according to the shared key, obtains To the public key of the first ISP node.Required session is communicated with the first ISP node when the user node generates the user node When key, which encrypts the session key using the public key of the first ISP node, and by encrypted session Key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that the user saves Possess identical session key between point and the first ISP node, and other than the user node and the first ISP node Other nodes can not get the session key, to improve the peace communicated between the user node and the first ISP node Quan Xing.
Fig. 5 be another embodiment of the present invention provides session key transmission method flow chart.Session provided in this embodiment Cipher key transmission methods specifically comprise the following steps:
Step 501, user node send logging request to the first ISP node, and the logging request includes user's section The identification information of point, the user node registered not in the first ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1 Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node Volume crosses user information.When the user node needs to log in the small-sized ISP node, which can save to the small-sized ISP Point sends logging request, which includes the identification information of the user node.Correspondingly, the small-sized ISP node is received and is somebody's turn to do The logging request that user node is sent, and obtain from the logging request identification information of the user node.
Step 502, the user node receive described first by the point-to-point P2P mode of short message mode or IP address The first encryption information that ISP node is sent, first encryption information are using between the 2nd ISP node and the user node Shared key the public key of the first ISP node is encrypted after obtained information, the user node is described second It was registered in ISP node.
The step 202- step 204 through the foregoing embodiment, small-sized ISP node are available to the first encryption letter Breath, first encryption information are to use being total between Internet Service Provider's node 2 and the user node as described above Enjoy the key pair small-sized ISP node public key encrypted after obtained information.Specifically, since the user node may be intelligence Can terminal, the considerations of for power consumption, which is not suitable in the block chain network as line node, that is, It says, which is in off-line state in the block chain network.At this point, the user node and the small-sized ISP node just need Single-line link is wanted, for example, the user node and the small-sized ISP node can be by the short message modes of mobile switch net either The P2P mode of IP address is communicated.Therefore, which can pass through the point-to-point of short message mode or IP address First encryption information is sent to user node by P2P mode.Correspondingly, the user node passes through short message mode or IP address Point-to-point P2P mode receive the first encryption information that the small-sized ISP node is sent.
Step 503, the user node are decrypted first encryption information using the shared key, obtain institute State the public key of the first ISP node.
After the user node receives first encryption information, the first encryption made an appointment as described above is calculated Shared key between the corresponding decipherment algorithm of method and the user node and Internet Service Provider's node 2 to this One encryption information is decrypted, and obtains the public key of the small-sized ISP node.
Step 504, the user node generate session key, and using the public key of the first ISP node to the meeting Words key is encrypted to obtain the second information.
The user node can be generated and communicate required session key between the user node and the small-sized ISP node, and The session key is encrypted using the public key of the small-sized ISP node according to the second Encryption Algorithm made an appointment, obtains the Two information.
Step 505, the user node send second information to the first ISP node, so that the first ISP Node obtains the session key according to second information, and the session key is used for the first ISP node and the use Family node is communicated.
Second information is sent to the small-sized ISP node by the user node, specifically, the user node can be by short Second information is sent to the small-sized ISP node by the point-to-point P2P mode of information mode or IP address.Correspondingly, this is small-sized ISP node receives second information by the point-to-point P2P mode of short message mode or IP address.When the small-sized ISP node connects When receiving second information, according to the corresponding decipherment algorithm of the second Encryption Algorithm made an appointment and the small-sized ISP node is used Private key second information is decrypted, obtain the session key.It will in this way between the user node and the small-sized ISP node Possess identical session key.
The embodiment of the present invention by the first ISP node of the unregistered mistake of user node by the public key of the first ISP node and The identification information of the user node is sent to the 2nd registered ISP node of the user node so that the 2nd ISP node according to The identification information of the user node determines the shared key between the 2nd ISP node and the user node, and shared using this The public key of the first ISP node of key pair is encrypted to obtain the first encryption information, and the first ISP node is saved from the 2nd ISP After point gets first encryption information, first encryption is believed by the point-to-point P2P mode of short message mode or IP address Breath is sent to user node, which is decrypted first encryption information according to the shared key, obtains To the public key of the first ISP node.Required session is communicated with the first ISP node when the user node generates the user node When key, which encrypts the session key using the public key of the first ISP node, and by encrypted session Key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that the user saves Possess identical session key between point and the first ISP node, and other than the user node and the first ISP node Other nodes can not get the session key, to improve the peace communicated between the user node and the first ISP node Quan Xing.
Fig. 6 is the structural schematic diagram of the first Internet Service Provider ISP node provided in an embodiment of the present invention.The present invention First Internet Service Provider's ISP node that embodiment provides can execute the place of session key transmission method embodiment offer Process is managed, as shown in fig. 6, first Internet Service Provider's ISP node 60 includes: memory 61, processor 62, computer journey Sequence and communication interface 63;Wherein, computer program is stored in memory 61, and is configured as executing following behaviour by processor 62 Make: the logging request that user node is sent being received by communication interface 63, the logging request includes the mark of the user node Know information, the user node registered not in the first ISP node;By communication interface 63 by the user node The public key of identification information and the first ISP node is sent to the 2nd ISP node in block chain network, and the user node exists It was registered in the 2nd ISP node;The first information that the 2nd ISP node is sent is received by communication interface 63, it is described The first information is that the 2nd ISP node uses the shared key between the 2nd ISP node and the user node to institute The public key for stating the first ISP node is encrypted, and obtains the first encryption information, and using the private key of the 2nd ISP node to institute State the information obtained after the first encryption information is signed;According to the public key of the 2nd ISP node, in the first information The private key signature of the 2nd ISP node is verified;When the first ISP node is to the private key label of the 2nd ISP node After name is verified, first encryption information is passed through by the point-to-point of short message mode or IP address by communication interface 63 P2P mode is sent to the user node;The second information that the user node is sent is received by communication interface 63, described the Two information are that the user node carries out the session key that the user node generates using the public key of the first ISP node The information obtained after encryption;According to second information, the session key is obtained, the session key is used for described first ISP node and the user node are communicated.
Optionally, processor 62 is saved the identification information of the user node and the first ISP by communication interface 63 When the public key of point is sent to the 2nd ISP node in block chain network, it is specifically used for: from the corresponding block of the block chain network Inquiry obtains the public key of the 2nd ISP node in chain account book;Using the public key of the 2nd ISP node to the user node Identification information and the public key of the first ISP node encrypted, obtain the second encryption information;It is saved using the first ISP The private key of point signs to second encryption information, obtains signing messages;By communication interface 63 by the signing messages It is sent to the 2nd ISP node.
Optionally, processor 62 when obtaining the session key, is specifically used for: described in use according to second information Second information is decrypted in the private key of first ISP node, obtains the session key.
First Internet Service Provider's ISP node of embodiment illustrated in fig. 6 can be used for executing above method embodiment Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Fig. 7 is the structural schematic diagram of the 2nd ISP node provided in an embodiment of the present invention.Provided in an embodiment of the present invention second ISP node can execute the process flow of session key transmission method embodiment offer, as shown in fig. 7, the 2nd ISP node 70 wraps It includes: memory 71, processor 72, computer program and communication interface 73;Wherein, computer program is stored in memory 71, And it is configured as executing following operation by processor 72: the user node that the first ISP node is sent is received by communication interface 73 Identification information and the first ISP node public key, the user node in the 2nd ISP node registered;According to The identification information of the user node determines the shared key between the 2nd ISP node and the user node;Using institute It states shared key to encrypt the public key of the first ISP node, obtains the first encryption information, and use the 2nd ISP The private key of node is signed to obtain the first information to first encryption information;By communication interface 73 by the first information It is sent to the first ISP node.
2nd ISP node of embodiment illustrated in fig. 7 can be used for executing the technical solution of above method embodiment, realize former Reason is similar with technical effect, and details are not described herein again.
Fig. 8 is the structural schematic diagram of user node provided in an embodiment of the present invention.User's section provided in an embodiment of the present invention Point can execute the process flow of session key transmission method embodiment offer, as shown in figure 8, user node 80 includes: storage Device 81, processor 82, computer program and communication interface 83;Wherein, computer program is stored in memory 81, and is configured To execute following operation from processor 82: sending logging request, the logging request to the first ISP node by communication interface 83 Identification information including the user node, the user node registered not in the first ISP node;It is connect by communication Mouth 83 is in a manner of short message or the point-to-point P2P mode of IP address receives the first encryption information that the first ISP node is sent, First encryption information is to be saved using the shared key between the 2nd ISP node and the user node to the first ISP The information that the public key of point obtains after being encrypted, the user node registered in the 2nd ISP node;Using described total It enjoys the first encryption information described in key pair to be decrypted, obtains the public key of the first ISP node;Session key is generated, and is adopted The session key is encrypted to obtain the second information with the public key of the first ISP node;By communication interface 83 to institute It states the first ISP node and sends second information, so that the first ISP node obtains the meeting according to second information Key is talked about, the session key is communicated for the first ISP node and the user node.
The user node of embodiment illustrated in fig. 8 can be used for executing the technical solution of above method embodiment, realization principle Similar with technical effect, details are not described herein again.
In addition, the embodiment of the present invention also provides a kind of session key Transmission system, which includes: as described above first ISP node, the 2nd ISP node and user node.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute Computer program is stated to be executed by processor to realize session key transmission method described in above-described embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read- Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution The range of scheme.

Claims (12)

1. a kind of session key transmission method characterized by comprising
First Internet Service Provider's ISP node receives the logging request that user node is sent, and the logging request includes institute The identification information of user node is stated, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to block by the first ISP node The 2nd ISP node in chain network, the user node registered in the 2nd ISP node;
The first ISP node receives the first information that the 2nd ISP node is sent, and the first information is described second ISP node is using the shared key between the 2nd ISP node and the user node to the public key of the first ISP node It is encrypted, obtains the first encryption information, and sign to first encryption information using the private key of the 2nd ISP node The information obtained after name;
The first ISP node is according to the public key of the 2nd ISP node, to the 2nd ISP node described in the first information Private key signature verified;
After the first ISP node is verified the private key signature of the 2nd ISP node, by first encryption information The user node is sent to by the point-to-point P2P mode of short message mode or IP address;
The first ISP node receives the second information that the user node is sent, and second information is the user node The information obtained after being encrypted using the session key that the public key of the first ISP node generates the user node;
The first ISP node obtains the session key according to second information, and the session key is used for described first ISP node and the user node are communicated.
2. the method according to claim 1, wherein the first ISP node is by the mark of the user node The public key of information and the first ISP node is sent to the 2nd ISP node in block chain network, comprising:
The first ISP node is inquired from the corresponding block chain account book of the block chain network obtains the 2nd ISP node Public key;
The first ISP node is using the public key of the 2nd ISP node to the identification information of the user node and described the The public key of one ISP node is encrypted, and the second encryption information is obtained;
The first ISP node signs to second encryption information using the private key of the first ISP node, is signed Name information;
The signing messages is sent to the 2nd ISP node by the first ISP node.
3. method according to claim 1 or 2, which is characterized in that the first ISP node according to second information, The session key is obtained, including;
The first ISP node is decrypted second information using the private key of the first ISP node, obtains the meeting Talk about key.
4. a kind of session key transmission method characterized by comprising
2nd ISP node receives the identification information for the user node that the first ISP node is sent and the public affairs of the first ISP node Key, the user node registered in the 2nd ISP node;
The 2nd ISP node determines the 2nd ISP node and user section according to the identification information of the user node Shared key between point;
The 2nd ISP node encrypts the public key of the first ISP node using the shared key, obtains first and adds Confidential information, and first encryption information is signed to obtain the first information using the private key of the 2nd ISP node;
The first information is sent to the first ISP node by the 2nd ISP node.
5. a kind of session key transmission method characterized by comprising
User node sends logging request to the first ISP node, and the logging request includes the identification information of the user node, The user node registered not in the first ISP node;
The user node receives the first ISP node by the point-to-point P2P mode of short message mode or IP address and sends The first encryption information, first encryption information is the shared key using between the 2nd ISP node and the user node The information obtained after encrypting to the public key of the first ISP node, the user node are infused in the 2nd ISP node Volume mistake;
The user node is decrypted first encryption information using the shared key, obtains the first ISP section The public key of point;
The user node generates session key, and is added using the public key of the first ISP node to the session key It is close to obtain the second information;
The user node sends second information to the first ISP node, so that the first ISP node is according to Second information, obtains the session key, and the session key is led to for the first ISP node and the user node Letter.
6. a kind of first Internet Service Provider's ISP node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
The logging request that user node is sent is received by the communication interface, the logging request includes the user node Identification information, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to block by the communication interface The 2nd ISP node in chain network, the user node registered in the 2nd ISP node;
The first information that the 2nd ISP node is sent is received by the communication interface, the first information is described second ISP node is using the shared key between the 2nd ISP node and the user node to the public key of the first ISP node It is encrypted, obtains the first encryption information, and sign to first encryption information using the private key of the 2nd ISP node The information obtained after name;
According to the public key of the 2nd ISP node, the private key signature of the 2nd ISP node described in the first information is tested Card;
It, will by the communication interface after the first ISP node is verified the private key signature of the 2nd ISP node First encryption information is sent to the user node by the point-to-point P2P mode of short message mode or IP address;
The second information that the user node is sent is received by the communication interface, second information is the user node The information obtained after being encrypted using the session key that the public key of the first ISP node generates the user node;
According to second information, the session key is obtained, the session key is used for the first ISP node and the use Family node is communicated.
7. the first Internet Service Provider ISP node according to claim 6, which is characterized in that the processor is logical It crosses the communication interface and the public key of the identification information of the user node and the first ISP node is sent to block chain network In the 2nd ISP node when, be specifically used for:
Inquiry obtains the public key of the 2nd ISP node from the block chain network corresponding block chain account book:
Using the public key of the 2nd ISP node to the identification information of the user node and the public key of the first ISP node It is encrypted, obtains the second encryption information;
It is signed using the private key of the first ISP node to second encryption information, obtains signing messages;
The signing messages is sent to the 2nd ISP node by the communication interface.
8. the first Internet Service Provider ISP node according to claim 6 or 7, which is characterized in that the processor According to second information, when obtaining the session key, it is specifically used for:
Second information is decrypted using the private key of the first ISP node, obtains the session key.
9. a kind of 2nd ISP node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
The identification information and the first ISP node of the user node that the first ISP node is sent are received by the communication interface Public key, the user node in the 2nd ISP node registered;
According to the identification information of the user node, determine between the 2nd ISP node and the user node share it is close Key;
It is encrypted using public key of the shared key to the first ISP node, obtains the first encryption information, and use institute The private key for stating the 2nd ISP node is signed to obtain the first information to first encryption information;
The first information is sent to the first ISP node by the communication interface.
10. a kind of user node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
Logging request is sent to the first ISP node by the communication interface, the logging request includes the user node Identification information, the user node registered not in the first ISP node;
Through the communication interface in a manner of short message or the point-to-point P2P mode of IP address receives the first ISP node hair The first encryption information sent, first encryption information are close using sharing between the 2nd ISP node and the user node The information that key obtains after encrypting to the public key of the first ISP node, the user node is in the 2nd ISP node It registered;
First encryption information is decrypted using the shared key, obtains the public key of the first ISP node;
Session key is generated, and the session key is encrypted to obtain the second letter using the public key of the first ISP node Breath;
Send second information to the first ISP node by the communication interface so that the first ISP node according to Second information, obtains the session key, the session key for the first ISP node and the user node into Row communication.
11. a kind of session key Transmission system, which is characterized in that the system comprises:
The described in any item first ISP nodes of claim 6-8, the 2nd ISP node as claimed in claim 9 and right are wanted User node described in asking 10.
12. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The method according to claim 1 to 5 is realized when being executed by processor.
CN201910466910.1A 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium Active CN110048843B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910466910.1A CN110048843B (en) 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910466910.1A CN110048843B (en) 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110048843A true CN110048843A (en) 2019-07-23
CN110048843B CN110048843B (en) 2021-09-10

Family

ID=67284239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910466910.1A Active CN110048843B (en) 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110048843B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143487A (en) * 2010-02-03 2011-08-03 中兴通讯股份有限公司 Negotiation method and negotiation system for end-to-end session key
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 Identity verification method, client, relay device and server
US20160337132A1 (en) * 2014-01-15 2016-11-17 Xorkey B.V. Secure Login Without Passwords
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN109087100A (en) * 2018-08-02 2018-12-25 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium
US20190149325A1 (en) * 2017-11-16 2019-05-16 International Business Machines Corporation Blockchain transaction privacy enhancement through broadcast encryption

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143487A (en) * 2010-02-03 2011-08-03 中兴通讯股份有限公司 Negotiation method and negotiation system for end-to-end session key
US20160337132A1 (en) * 2014-01-15 2016-11-17 Xorkey B.V. Secure Login Without Passwords
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 Identity verification method, client, relay device and server
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
US20190149325A1 (en) * 2017-11-16 2019-05-16 International Business Machines Corporation Blockchain transaction privacy enhancement through broadcast encryption
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN109087100A (en) * 2018-08-02 2018-12-25 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110048843B (en) 2021-09-10

Similar Documents

Publication Publication Date Title
Feng et al. Blockchain-empowered decentralized horizontal federated learning for 5G-enabled UAVs
Aman et al. Mutual authentication in IoT systems using physical unclonable functions
Shahidinejad et al. Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloud environment
CN106357396B (en) Digital signature method and system and quantum key card
Aman et al. A light-weight mutual authentication protocol for IoT systems
CN105162772B (en) A kind of internet of things equipment certifiede-mail protocol method and apparatus
CN106101068B (en) Terminal communicating method and system
CN110311883A (en) Identity management method, equipment, communication network and storage medium
CN105308897B (en) Method and apparatus for anonymity and authentic authentication in infiltration type social networking
Tsai et al. New dynamic ID authentication scheme using smart cards
CN109873815A (en) Isomeric compound networking certification method based on edge calculations, Internet of Things security platform
Gaba et al. Robust and lightweight mutual authentication scheme in distributed smart environments
CN105530253B (en) Wireless sensor network access authentication method under Restful framework based on CA certificate
Kalra et al. Advanced password based authentication scheme for wireless sensor networks
CN109639426A (en) Bidirectional self-authentication method based on identification password
CN109981633A (en) Access method, equipment and the computer readable storage medium of server
Sklavos et al. Security & trusted devices in the context of internet of things (IoT)
CN110225017A (en) Auth method, equipment and storage medium based on alliance's block chain
CN108574571A (en) Private key generation method, equipment and system
Srikanth et al. An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems
CN110138558A (en) Transmission method, equipment and the computer readable storage medium of session key
Indushree et al. Mobile-Chain: Secure blockchain based decentralized authentication system for global roaming in mobility networks
CN110048842A (en) Session key processing method, equipment and computer readable storage medium
CN102209066B (en) Network authentication method and equipment
CN105577606B (en) A kind of method and apparatus for realizing authenticator registration

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant