CN110048843A - Session key transmission method, equipment and computer readable storage medium - Google Patents
Session key transmission method, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110048843A CN110048843A CN201910466910.1A CN201910466910A CN110048843A CN 110048843 A CN110048843 A CN 110048843A CN 201910466910 A CN201910466910 A CN 201910466910A CN 110048843 A CN110048843 A CN 110048843A
- Authority
- CN
- China
- Prior art keywords
- node
- isp
- information
- isp node
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Abstract
The embodiment of the present invention provides a kind of session key transmission method, equipment and computer readable storage medium.The embodiment of the present invention is when the user node generates the user node and communicates required session key with the first ISP node, the user node encrypts the session key using the public key of the first ISP node, and encrypted session key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that possessing identical session key between the user node and the first ISP node, and other nodes other than the user node and the first ISP node can not get the session key, to improve the safety communicated between the user node and the first ISP node.
Description
Technical field
The present embodiments relate to field of communication technology more particularly to a kind of session key transmission methods, equipment and calculating
Machine readable storage medium storing program for executing.
Background technique
With the development of intelligent terminal, user can install a variety of different application programs on intelligent terminal
(Application, APP), different APP may provide the user with different services.
But user needs Internet Service Provider corresponding in the APP when installing APP on intelligent terminal
It is registered on (Internet Service Provider, ISP) server, due to the Internet Service Provider of different APP
Difference, therefore, user need to register on different isp servers.The APP number installed on intelligent terminal with user
Amount is increasing, if the username and password that user registers on different isp servers is, it is easy to lead to user
Name and password leakage.If the username and password that user registers on different isp servers is different, and will lead to user
It is difficult to remember the corresponding username and password of each APP.In order to solve this problem, the prior art is proposed is saved by large-scale ISP
Point, for example, Facebook, Twiter, wechat, Alipay etc. construct alliance's block chain, when user is in some large size ISP node
In registered username and password after, large size ISP node can be alliance's block chain in other ISP nodes, for example, small
Type ISP node provides the query service of the username and password of the user.
In the prior art, when user node and small-sized ISP node are communicated, between user node and small-sized ISP node
A session key is needed, if the user node is the line node in block chain network, which is being generated
After session key, the public key of the small-sized ISP node can be inquired from the block chain account book of the block chain network, using the public affairs
Key encrypts the session key, and encrypted session key is sent to small-sized ISP node, will there was only the user in this way
Node and small-sized ISP node possess the session key.But if the user node does not have the ability of access block chain, i.e.,
When the user node is not the line node in the block chain network, which will be unable to get the small-sized ISP node
Public key, to not can guarantee the safe transmission of session key.If actively provided by the small-sized ISP node to the user node
The public key of the small-sized ISP node, and be possible to will lead to the public key and be distorted by the intermediate node of malice, so as to cause small-sized ISP
The safety communicated between node and the user node is lower.
Summary of the invention
The embodiment of the present invention provides a kind of session key transmission method, equipment and computer readable storage medium, to improve
The safety communicated between the user node and the first ISP node.
In a first aspect, the embodiment of the present invention provides a kind of session key transmission method, comprising:
First Internet Service Provider's ISP node receives the logging request that user node is sent, the logging request packet
The identification information of the user node is included, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to by the first ISP node
The 2nd ISP node in block chain network, the user node registered in the 2nd ISP node;
The first ISP node receives the first information that the 2nd ISP node is sent, and the first information is described the
Two ISP nodes are using the shared key between the 2nd ISP node and the user node to the public affairs of the first ISP node
Key is encrypted, and obtains the first encryption information, and carry out to first encryption information using the private key of the 2nd ISP node
The information obtained after signature;
The first ISP node is according to the public key of the 2nd ISP node, to the 2nd ISP described in the first information
The private key signature of node is verified;
After the first ISP node is verified the private key signature of the 2nd ISP node, described first is encrypted
Information is sent to the user node by the point-to-point P2P mode of short message mode or IP address;
The first ISP node receives the second information that the user node is sent, and second information is the user
The letter that node is obtained after being encrypted using the session key that the public key of the first ISP node generates the user node
Breath;
The first ISP node obtains the session key, the session key is for described according to second information
First ISP node and the user node are communicated.
Second aspect, the embodiment of the present invention provide a kind of session key transmission method, comprising:
2nd ISP node receives the identification information and the first ISP node for the user node that the first ISP node is sent
Public key, the user node registered in the 2nd ISP node;
The 2nd ISP node determines the 2nd ISP node and the use according to the identification information of the user node
Shared key between the node of family;
The 2nd ISP node encrypts the public key of the first ISP node using the shared key, obtains the
One encryption information, and first encryption information is signed to obtain the first information using the private key of the 2nd ISP node;
The first information is sent to the first ISP node by the 2nd ISP node.
The third aspect, the embodiment of the present invention provide a kind of session key transmission method, comprising:
User node sends logging request to the first ISP node, and the logging request includes the mark of the user node
Information, the user node registered not in the first ISP node;
The user node receives the first ISP node by the point-to-point P2P mode of short message mode or IP address
The first encryption information sent, first encryption information are using shared between the 2nd ISP node and the user node
The information that the public key of first ISP node described in key pair obtains after being encrypted, the user node is in the 2nd ISP node
In registered;
The user node is decrypted first encryption information using the shared key, obtains described first
The public key of ISP node;
The user node generates session key, and using the public key of the first ISP node to the session key into
Row encryption obtains the second information;
The user node sends second information to the first ISP node so that the first ISP node according to
Second information, obtains the session key, the session key for the first ISP node and the user node into
Row communication.
Fourth aspect, the embodiment of the present invention provide a kind of first Internet Service Provider's ISP node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
The logging request that user node is sent is received by the communication interface, the logging request includes user's section
The identification information of point, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to by the communication interface
The 2nd ISP node in block chain network, the user node registered in the 2nd ISP node;
The first information that the 2nd ISP node is sent is received by the communication interface, the first information is described
2nd ISP node is using the shared key between the 2nd ISP node and the user node to the first ISP node
Public key is encrypted, and obtains the first encryption information, and using the private key of the 2nd ISP node to first encryption information into
The information obtained after row signature;
According to the public key of the 2nd ISP node, to the private key signature of the 2nd ISP node described in the first information into
Row verifying;
After the first ISP node is verified the private key signature of the 2nd ISP node, connect by the communication
First encryption information is sent to the user node by the point-to-point P2P mode of short message mode or IP address by mouth;
The second information that the user node is sent is received by the communication interface, second information is the user
The letter that node is obtained after being encrypted using the session key that the public key of the first ISP node generates the user node
Breath;
According to second information, the session key is obtained, the session key is used for the first ISP node and institute
User node is stated to be communicated.
5th aspect, the embodiment of the present invention provide a kind of 2nd ISP node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
The identification information and the first ISP of the user node that the first ISP node is sent are received by the communication interface
The public key of node, the user node registered in the 2nd ISP node;
According to the identification information of the user node, being total between the 2nd ISP node and the user node is determined
Enjoy key;
It is encrypted using public key of the shared key to the first ISP node, obtains the first encryption information, and adopt
First encryption information is signed to obtain the first information with the private key of the 2nd ISP node;
The first information is sent to the first ISP node by the communication interface.
6th aspect, the embodiment of the present invention provide a kind of user node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
Logging request is sent to the first ISP node by the communication interface, the logging request includes user's section
The identification information of point, the user node registered not in the first ISP node;
Through the communication interface in a manner of short message or the point-to-point P2P mode of IP address receives the first ISP section
The first encryption information that point is sent, first encryption information are using being total between the 2nd ISP node and the user node
Enjoy the first ISP node described in key pair public key encrypted after obtained information, the user node saves in the 2nd ISP
It was registered in point;
First encryption information is decrypted using the shared key, obtains the public key of the first ISP node;
It generates session key, and is encrypted to obtain the to the session key using the public key of the first ISP node
Two information;
Second information is sent to the first ISP node by the communication interface, so that the first ISP node
According to second information, the session key is obtained, the session key is saved for the first ISP node and the user
Point is communicated.
7th aspect, the embodiment of the present invention provide a kind of session key Transmission system, the system comprises:
First ISP node described in fourth aspect, the 5th aspect described in the 2nd ISP node and the 6th aspect described in
User node.
Eighth aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program is executed by processor to realize first aspect, second aspect, method described in the third aspect.
Session key transmission method, equipment and computer readable storage medium provided in an embodiment of the present invention, pass through user
The identification information of the public key of first ISP node and the user node is sent to this by the first ISP node of the unregistered mistake of node
The 2nd registered ISP node of user node, so that identification information of the 2nd ISP node according to the user node, determining should
Shared key between 2nd ISP node and the user node, and using the shared key to the public key of the first ISP node into
Row encryption obtains the first encryption information, after the first ISP node gets first encryption information from the 2nd ISP node, leads to
First encryption information is sent to user node by the point-to-point P2P mode of too short information mode or IP address, so that the user
Node can be decrypted first encryption information according to the shared key, obtain the public key of the first ISP node.When the use
When family node generates the user node and communicates required session key with the first ISP node, the user node using this first
The public key of ISP node encrypts the session key, and encrypted session key is sent to the first ISP node, so that
First ISP node is available to arrive the session key, so that possessing phase between the user node and the first ISP node
With session key, and can not to get the session close for other nodes other than the user node and the first ISP node
Key, to improve the safety communicated between the user node and the first ISP node.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of application scenarios provided in an embodiment of the present invention;
Fig. 2 is session key transmission method flow chart provided in an embodiment of the present invention;
Fig. 3 be another embodiment of the present invention provides session key transmission method flow chart;
Fig. 4 be another embodiment of the present invention provides session key transmission method flow chart;
Fig. 5 be another embodiment of the present invention provides session key transmission method flow chart;
Fig. 6 is the structural schematic diagram of the first Internet Service Provider ISP node provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of the 2nd ISP node provided in an embodiment of the present invention;
Fig. 8 is the structural schematic diagram of user node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
Session key transmission method provided in an embodiment of the present invention, can be adapted for communication system shown in FIG. 1.Such as Fig. 1
Shown, which includes: node 1- Internet Service Provider, Internet Service Provider node 5 and user node,
Wherein, Internet Service Provider's node 1 can be small-sized ISP node, Internet Service Provider's node 2- Internet service
Provider's node 5 can be large-scale ISP node, for example, the Internet services such as Facebook, Twiter, wechat, Alipay provide
The node of quotient.User node specifically can be subscriber terminal equipment.Wherein, Internet Service Provider's node 2- Internet service
The large size ISP nodes such as provider's node 5 can construct alliance's block chain.Optionally, Internet Service Provider's node 2- is interconnected
Each node in net service provider node 5 accesses in alliance's block chain as a block chain service node, and is it
His ISP node or user node provide identity authentication service.Optionally, interconnection is stored in the wound generation block of alliance's block chain
The block chain mark of each node, public key, IP address etc. are believed in net service provider node 2- Internet Service Provider node 5
Breath.Node 2- Internet Service Provider, Internet Service Provider node 5 as alliance's block chain wound generation node to this
Alliance's block chain is managed.For example, node 2- Internet Service Provider, Internet Service Provider node 5 can determine be
No some ISP node of permission, for example, some small-sized ISP node is linked into alliance's block chain.For example, Internet service mentions
It can be for quotient's node 1 and user node and agree to by node 2- Internet Service Provider, Internet Service Provider node 5
The node being linked into alliance's block chain afterwards.
In this example, it is assumed that user node is in node 2- Internet Service Provider, Internet Service Provider node
Registration was carried out on any one alliance's block chain node in 5, that is to say, that the internet Internet Service Provider node 2-
The registration information of the user node was recorded on any one alliance's block chain node in service provider node 5, and will
The registration information has been stored in the account book of alliance's block chain.Possess between user node and alliance's block chain node share it is close
Key, i.e. user node are communicated with alliance's block chain node by the shared key.For example, user node takes in internet
Be engaged in provider's node 2 on registered user information, possess between user node and Internet Service Provider's node 2 share it is close
Key.The user node is not in small-sized ISP node, for example, carrying out registration on Internet Service Provider's node 1.
Session key transmission method provided in an embodiment of the present invention, it is intended to solve the technical problem as above of the prior art.
How to be solved with technical solution of the specifically embodiment to technical solution of the present invention and the application below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is session key transmission method flow chart provided in an embodiment of the present invention.The embodiment of the present invention is directed to existing skill
The technical problem as above of art provides session key transmission method, and specific step is as follows for this method:
Step 201, first Internet Service Provider's ISP node receive the logging request that user node is sent, described to step on
Record request includes the identification information of the user node, and the user node registered not in the first ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1
Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node
Volume crosses user information.When the user node needs to log in the small-sized ISP node, which can save to the small-sized ISP
Point sends logging request, which includes the identification information of the user node.Correspondingly, the small-sized ISP node is received and is somebody's turn to do
The logging request that user node is sent, and obtain from the logging request identification information of the user node.
Step 202, the first ISP node are by the public affairs of the identification information of the user node and the first ISP node
Key is sent to the 2nd ISP node in block chain network, and the user node registered in the 2nd ISP node.
The 2nd ISP node in the present embodiment specifically can be Internet Service Provider's node 2 as shown in Figure 1.It should
Small-sized ISP node after the identification information for obtaining the user node in the logging request, by the identification information of the user node and
Into the block chain network, which specifically can be including as described above the public key broadcasts of small-sized ISP node oneself
Alliance's block chain node network.Correspondingly, alliance's block chain node in the block chain network can receive the use
The public key of the identification information of family node and small-sized ISP node oneself.In other embodiments, which can also incite somebody to action
The public key one of block the chain mark and the small-sized ISP node oneself of the identification information of the user node, the small-sized ISP node oneself
It rises and is broadcast in the block chain network.
Step 203, the first ISP node receive the first information that the 2nd ISP node is sent, the first information
It is that the 2nd ISP node uses the shared key between the 2nd ISP node and the user node to the first ISP
The public key of node is encrypted, and obtains the first encryption information, and using the private key of the 2nd ISP node to first encryption
The information that information obtains after being signed.
When Internet Service Provider's node 2 in the block chain network receives the identification information of the user node and small
After the public key of type ISP node oneself, first according to the identification information of the user node, Internet Service Provider's node 2 is determined
Shared key between the user node, further, using the shared key and according to the first Encryption Algorithm made an appointment
The public key of the small-sized ISP node is encrypted, the first encryption information is obtained, further, Internet Service Provider's node 2
Private key signature is carried out to first encryption information using the private key of oneself, obtains the first information, and the first information is passed through extensively
The mode broadcast is broadcast in the block chain network so that the small-sized ISP node in the block chain network can receive this
One information.
Step 204, the first ISP node are according to the public key of the 2nd ISP node, to described in the first information
The private key signature of 2nd ISP node is verified.
After the small-sized ISP node receives the first information, the corresponding block chain account book of the block chain network is inquired first,
Inquiry gets the public key of Internet Service Provider's node 2 from the block chain account book, and is provided using Internet service
The public key of quotient's node 2 verifies the private key signature of Internet Service Provider's node 2 in the first information.
Step 205, after the first ISP node is verified the private key signature of the 2nd ISP node, will be described
First encryption information is sent to the user node by the point-to-point P2P mode of short message mode or IP address.
If the small-sized ISP node tests the private key signature of Internet Service Provider's node 2 in the first information
Card passes through, then first encryption information is sent to user node by the small-sized ISP node, which is institute as above
The public key using the shared key between Internet Service Provider's node 2 and the user node to the small-sized ISP node stated
The information obtained after being encrypted.
Specifically, since the user node may be intelligent terminal, the considerations of for power consumption, which is not suitable for
Line node is used as in the block chain network, that is to say, that the intelligent terminal is in off-line state in the block chain network.
At this point, the user node and the small-sized ISP node just need single-line link, for example, the user node and the small-sized ISP node can
Point-to-point (Peer-to-Peer, the P2P) mode of either IP address is led in a manner of the short message by mobile switch net
Letter.Therefore, which can be believed first encryption by the point-to-point P2P mode of short message mode or IP address
Breath is sent to user node.
Step 206, the first ISP node receive the second information that the user node is sent, and second information is
The user node is obtained after being encrypted using the session key that the public key of the first ISP node generates the user node
The information arrived.
After the user node receives first encryption information, the first encryption made an appointment as described above is calculated
Shared key between the corresponding decipherment algorithm of method and the user node and Internet Service Provider's node 2 to this
One encryption information is decrypted, and obtains the public key of the small-sized ISP node.Further, which can be generated the user
Required session key is communicated between node and the small-sized ISP node, and using according to the second Encryption Algorithm made an appointment should
The public key of small-sized ISP node encrypts the session key, obtains the second information, and it is small-sized that second information is sent to this
ISP node, specifically, the user node second can be believed this by the point-to-point P2P mode of short message mode or IP address
Breath is sent to the small-sized ISP node.Correspondingly, the point-to-point side P2P that the small-sized ISP node passes through short message mode or IP address
Formula receives second information.
It is appreciated that can using the second Encryption Algorithm that the public key of the small-sized ISP node encrypts the session key
With and the mentioned-above shared key using between Internet Service Provider's node 2 and the user node to the small-sized ISP
The first Encryption Algorithm that the public key of node is encrypted is identical, can also be different.
Step 207, the first ISP node obtain the session key, the session key according to second information
It is communicated for the first ISP node and the user node.
When the small-sized ISP node receives second information, session key is obtained from second information, it is subsequent small-sized
Communication between ISP node and user node will be carried out using the session key.
Optionally, the first ISP node obtains the session key according to second information, including;Described first
ISP node is decrypted second information using the private key of the first ISP node, obtains the session key.
For example, when the small-sized ISP node receives second information, it is corresponding according to the second Encryption Algorithm made an appointment
Decipherment algorithm and second information is decrypted using the private key of the small-sized ISP node, obtain the session key.In this way
Identical session key will be possessed between the user node and the small-sized ISP node.
The embodiment of the present invention by the first ISP node of the unregistered mistake of user node by the public key of the first ISP node and
The identification information of the user node is sent to the 2nd registered ISP node of the user node so that the 2nd ISP node according to
The identification information of the user node determines the shared key between the 2nd ISP node and the user node, and shared using this
The public key of the first ISP node of key pair is encrypted to obtain the first encryption information, and the first ISP node is saved from the 2nd ISP
After point gets first encryption information, first encryption is believed by the point-to-point P2P mode of short message mode or IP address
Breath is sent to user node, which is decrypted first encryption information according to the shared key, obtains
To the public key of the first ISP node.Required session is communicated with the first ISP node when the user node generates the user node
When key, which encrypts the session key using the public key of the first ISP node, and by encrypted session
Key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that the user saves
Possess identical session key between point and the first ISP node, and other than the user node and the first ISP node
Other nodes can not get the session key, to improve the peace communicated between the user node and the first ISP node
Quan Xing.
On the basis of the above embodiments, the first ISP node is by the identification information of the user node and described
The public key of one ISP node is sent to the 2nd ISP node in block chain network, including following steps as shown in Figure 3:
Step 301, the first ISP node are inquired from the corresponding block chain account book of the block chain network described in acquisition
The public key of 2nd ISP node.
For example, when small-sized ISP node receives the logging request of user node transmission, and obtaining from the logging request should
After the identification information of user node, which can inquire the corresponding block chain account book of the block chain network, the area Bing Conggai
Inquiry obtains the public key of Internet Service Provider's node 2 in block chain account book.
Step 302, the first ISP node use the public key of the 2nd ISP node to the mark of the user node
The public key of information and the first ISP node is encrypted, and the second encryption information is obtained.
The small-sized ISP node uses the public key of Internet Service Provider's node 2 to the identification information of the user node
It is encrypted with the public key of the small-sized ISP node oneself, obtains the second encryption information.
Step 303, the first ISP node using the first ISP node private key to second encryption information into
Row signature, obtains signing messages.
The small-sized ISP node signs to the second encryption information using the private key of the small-sized ISP node oneself, is signed
Name information.
The signing messages is sent to the 2nd ISP node by step 304, the first ISP node.
The signing messages is broadcast in the block chain network by the small-sized ISP node, so that mutual in the block chain network
The Internet services provider node 2 can receive the signing messages.
Correspondingly, after Internet Service Provider's node 2 receives the signing messages, first according to the small-sized ISP
The block chain of node identifies, and the public key of the small-sized ISP node is inquired in block chain account book.And according to the small-sized ISP node
Public key the private key signature of the small-sized ISP node in the signing messages is verified, if the verification passes, then the internet take
Be engaged in provider's node 2 obtain second encryption information, and according to the private key of Internet Service Provider's node 2 to this second plus
Confidential information is decrypted, and obtains the identification information of the user node and the public key of the small-sized ISP node oneself.
Fig. 4 be another embodiment of the present invention provides session key transmission method flow chart.Session provided in this embodiment
Cipher key transmission methods specifically comprise the following steps:
Step 401, the 2nd ISP node receive the identification information and described first for the user node that the first ISP node is sent
The public key of ISP node, the user node registered in the 2nd ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1
Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node
Volume crosses user information.When the user node needs to log in the small-sized ISP node, which can save to the small-sized ISP
Point sends logging request, which includes the identification information of the user node.Correspondingly, the small-sized ISP node is received and is somebody's turn to do
The logging request that user node is sent, and obtain from the logging request identification information of the user node.
The 2nd ISP node in the present embodiment specifically can be Internet Service Provider's node 2 as shown in Figure 1.It should
Small-sized ISP node after the identification information for obtaining the user node in the logging request, by the identification information of the user node and
Into the block chain network, which specifically can be including as described above the public key broadcasts of small-sized ISP node oneself
Alliance's block chain node network.Correspondingly, alliance's block chain node in the block chain network can receive the use
The public key of the identification information of family node and small-sized ISP node oneself.In other embodiments, which can also incite somebody to action
The public key one of block the chain mark and the small-sized ISP node oneself of the identification information of the user node, the small-sized ISP node oneself
It rises and is broadcast in the block chain network.Correspondingly, Internet Service Provider's node 2 receive the user node identification information and
The public key of the small-sized ISP node.
Step 402, the 2nd ISP node determine the 2nd ISP node according to the identification information of the user node
Shared key between the user node.
When Internet Service Provider's node 2 in the block chain network receives the identification information of the user node and small
After the public key of type ISP node oneself, first according to the identification information of the user node, Internet Service Provider's node 2 is determined
Shared key between the user node.
Step 403, the 2nd ISP node add the public key of the first ISP node using the shared key
It is close, the first encryption information is obtained, and signed to obtain to first encryption information using the private key of the 2nd ISP node
The first information.
Internet Service Provider's node 2 is further calculated using the shared key and according to the first encryption made an appointment
Method encrypts the public key of the small-sized ISP node, obtains the first encryption information, further, Internet Service Provider section
Point 2 carries out private key signature to first encryption information using the private key of oneself, obtains the first information.
The first information is sent to the first ISP node by step 404, the 2nd ISP node.
The first information is broadcast in the block chain network by Internet Service Provider's node 2 by way of broadcast,
So that the small-sized ISP node in the block chain network can receive the first information.
The embodiment of the present invention by the first ISP node of the unregistered mistake of user node by the public key of the first ISP node and
The identification information of the user node is sent to the 2nd registered ISP node of the user node so that the 2nd ISP node according to
The identification information of the user node determines the shared key between the 2nd ISP node and the user node, and shared using this
The public key of the first ISP node of key pair is encrypted to obtain the first encryption information, and the first ISP node is saved from the 2nd ISP
After point gets first encryption information, first encryption is believed by the point-to-point P2P mode of short message mode or IP address
Breath is sent to user node, which is decrypted first encryption information according to the shared key, obtains
To the public key of the first ISP node.Required session is communicated with the first ISP node when the user node generates the user node
When key, which encrypts the session key using the public key of the first ISP node, and by encrypted session
Key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that the user saves
Possess identical session key between point and the first ISP node, and other than the user node and the first ISP node
Other nodes can not get the session key, to improve the peace communicated between the user node and the first ISP node
Quan Xing.
Fig. 5 be another embodiment of the present invention provides session key transmission method flow chart.Session provided in this embodiment
Cipher key transmission methods specifically comprise the following steps:
Step 501, user node send logging request to the first ISP node, and the logging request includes user's section
The identification information of point, the user node registered not in the first ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1
Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node
Volume crosses user information.When the user node needs to log in the small-sized ISP node, which can save to the small-sized ISP
Point sends logging request, which includes the identification information of the user node.Correspondingly, the small-sized ISP node is received and is somebody's turn to do
The logging request that user node is sent, and obtain from the logging request identification information of the user node.
Step 502, the user node receive described first by the point-to-point P2P mode of short message mode or IP address
The first encryption information that ISP node is sent, first encryption information are using between the 2nd ISP node and the user node
Shared key the public key of the first ISP node is encrypted after obtained information, the user node is described second
It was registered in ISP node.
The step 202- step 204 through the foregoing embodiment, small-sized ISP node are available to the first encryption letter
Breath, first encryption information are to use being total between Internet Service Provider's node 2 and the user node as described above
Enjoy the key pair small-sized ISP node public key encrypted after obtained information.Specifically, since the user node may be intelligence
Can terminal, the considerations of for power consumption, which is not suitable in the block chain network as line node, that is,
It says, which is in off-line state in the block chain network.At this point, the user node and the small-sized ISP node just need
Single-line link is wanted, for example, the user node and the small-sized ISP node can be by the short message modes of mobile switch net either
The P2P mode of IP address is communicated.Therefore, which can pass through the point-to-point of short message mode or IP address
First encryption information is sent to user node by P2P mode.Correspondingly, the user node passes through short message mode or IP address
Point-to-point P2P mode receive the first encryption information that the small-sized ISP node is sent.
Step 503, the user node are decrypted first encryption information using the shared key, obtain institute
State the public key of the first ISP node.
After the user node receives first encryption information, the first encryption made an appointment as described above is calculated
Shared key between the corresponding decipherment algorithm of method and the user node and Internet Service Provider's node 2 to this
One encryption information is decrypted, and obtains the public key of the small-sized ISP node.
Step 504, the user node generate session key, and using the public key of the first ISP node to the meeting
Words key is encrypted to obtain the second information.
The user node can be generated and communicate required session key between the user node and the small-sized ISP node, and
The session key is encrypted using the public key of the small-sized ISP node according to the second Encryption Algorithm made an appointment, obtains the
Two information.
Step 505, the user node send second information to the first ISP node, so that the first ISP
Node obtains the session key according to second information, and the session key is used for the first ISP node and the use
Family node is communicated.
Second information is sent to the small-sized ISP node by the user node, specifically, the user node can be by short
Second information is sent to the small-sized ISP node by the point-to-point P2P mode of information mode or IP address.Correspondingly, this is small-sized
ISP node receives second information by the point-to-point P2P mode of short message mode or IP address.When the small-sized ISP node connects
When receiving second information, according to the corresponding decipherment algorithm of the second Encryption Algorithm made an appointment and the small-sized ISP node is used
Private key second information is decrypted, obtain the session key.It will in this way between the user node and the small-sized ISP node
Possess identical session key.
The embodiment of the present invention by the first ISP node of the unregistered mistake of user node by the public key of the first ISP node and
The identification information of the user node is sent to the 2nd registered ISP node of the user node so that the 2nd ISP node according to
The identification information of the user node determines the shared key between the 2nd ISP node and the user node, and shared using this
The public key of the first ISP node of key pair is encrypted to obtain the first encryption information, and the first ISP node is saved from the 2nd ISP
After point gets first encryption information, first encryption is believed by the point-to-point P2P mode of short message mode or IP address
Breath is sent to user node, which is decrypted first encryption information according to the shared key, obtains
To the public key of the first ISP node.Required session is communicated with the first ISP node when the user node generates the user node
When key, which encrypts the session key using the public key of the first ISP node, and by encrypted session
Key is sent to the first ISP node, so that the first ISP node is available to arrive the session key, so that the user saves
Possess identical session key between point and the first ISP node, and other than the user node and the first ISP node
Other nodes can not get the session key, to improve the peace communicated between the user node and the first ISP node
Quan Xing.
Fig. 6 is the structural schematic diagram of the first Internet Service Provider ISP node provided in an embodiment of the present invention.The present invention
First Internet Service Provider's ISP node that embodiment provides can execute the place of session key transmission method embodiment offer
Process is managed, as shown in fig. 6, first Internet Service Provider's ISP node 60 includes: memory 61, processor 62, computer journey
Sequence and communication interface 63;Wherein, computer program is stored in memory 61, and is configured as executing following behaviour by processor 62
Make: the logging request that user node is sent being received by communication interface 63, the logging request includes the mark of the user node
Know information, the user node registered not in the first ISP node;By communication interface 63 by the user node
The public key of identification information and the first ISP node is sent to the 2nd ISP node in block chain network, and the user node exists
It was registered in the 2nd ISP node;The first information that the 2nd ISP node is sent is received by communication interface 63, it is described
The first information is that the 2nd ISP node uses the shared key between the 2nd ISP node and the user node to institute
The public key for stating the first ISP node is encrypted, and obtains the first encryption information, and using the private key of the 2nd ISP node to institute
State the information obtained after the first encryption information is signed;According to the public key of the 2nd ISP node, in the first information
The private key signature of the 2nd ISP node is verified;When the first ISP node is to the private key label of the 2nd ISP node
After name is verified, first encryption information is passed through by the point-to-point of short message mode or IP address by communication interface 63
P2P mode is sent to the user node;The second information that the user node is sent is received by communication interface 63, described the
Two information are that the user node carries out the session key that the user node generates using the public key of the first ISP node
The information obtained after encryption;According to second information, the session key is obtained, the session key is used for described first
ISP node and the user node are communicated.
Optionally, processor 62 is saved the identification information of the user node and the first ISP by communication interface 63
When the public key of point is sent to the 2nd ISP node in block chain network, it is specifically used for: from the corresponding block of the block chain network
Inquiry obtains the public key of the 2nd ISP node in chain account book;Using the public key of the 2nd ISP node to the user node
Identification information and the public key of the first ISP node encrypted, obtain the second encryption information;It is saved using the first ISP
The private key of point signs to second encryption information, obtains signing messages;By communication interface 63 by the signing messages
It is sent to the 2nd ISP node.
Optionally, processor 62 when obtaining the session key, is specifically used for: described in use according to second information
Second information is decrypted in the private key of first ISP node, obtains the session key.
First Internet Service Provider's ISP node of embodiment illustrated in fig. 6 can be used for executing above method embodiment
Technical solution, it is similar that the realization principle and technical effect are similar, and details are not described herein again.
Fig. 7 is the structural schematic diagram of the 2nd ISP node provided in an embodiment of the present invention.Provided in an embodiment of the present invention second
ISP node can execute the process flow of session key transmission method embodiment offer, as shown in fig. 7, the 2nd ISP node 70 wraps
It includes: memory 71, processor 72, computer program and communication interface 73;Wherein, computer program is stored in memory 71,
And it is configured as executing following operation by processor 72: the user node that the first ISP node is sent is received by communication interface 73
Identification information and the first ISP node public key, the user node in the 2nd ISP node registered;According to
The identification information of the user node determines the shared key between the 2nd ISP node and the user node;Using institute
It states shared key to encrypt the public key of the first ISP node, obtains the first encryption information, and use the 2nd ISP
The private key of node is signed to obtain the first information to first encryption information;By communication interface 73 by the first information
It is sent to the first ISP node.
2nd ISP node of embodiment illustrated in fig. 7 can be used for executing the technical solution of above method embodiment, realize former
Reason is similar with technical effect, and details are not described herein again.
Fig. 8 is the structural schematic diagram of user node provided in an embodiment of the present invention.User's section provided in an embodiment of the present invention
Point can execute the process flow of session key transmission method embodiment offer, as shown in figure 8, user node 80 includes: storage
Device 81, processor 82, computer program and communication interface 83;Wherein, computer program is stored in memory 81, and is configured
To execute following operation from processor 82: sending logging request, the logging request to the first ISP node by communication interface 83
Identification information including the user node, the user node registered not in the first ISP node;It is connect by communication
Mouth 83 is in a manner of short message or the point-to-point P2P mode of IP address receives the first encryption information that the first ISP node is sent,
First encryption information is to be saved using the shared key between the 2nd ISP node and the user node to the first ISP
The information that the public key of point obtains after being encrypted, the user node registered in the 2nd ISP node;Using described total
It enjoys the first encryption information described in key pair to be decrypted, obtains the public key of the first ISP node;Session key is generated, and is adopted
The session key is encrypted to obtain the second information with the public key of the first ISP node;By communication interface 83 to institute
It states the first ISP node and sends second information, so that the first ISP node obtains the meeting according to second information
Key is talked about, the session key is communicated for the first ISP node and the user node.
The user node of embodiment illustrated in fig. 8 can be used for executing the technical solution of above method embodiment, realization principle
Similar with technical effect, details are not described herein again.
In addition, the embodiment of the present invention also provides a kind of session key Transmission system, which includes: as described above first
ISP node, the 2nd ISP node and user node.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute
Computer program is stated to be executed by processor to realize session key transmission method described in above-described embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module
Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules
At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On
The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (12)
1. a kind of session key transmission method characterized by comprising
First Internet Service Provider's ISP node receives the logging request that user node is sent, and the logging request includes institute
The identification information of user node is stated, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to block by the first ISP node
The 2nd ISP node in chain network, the user node registered in the 2nd ISP node;
The first ISP node receives the first information that the 2nd ISP node is sent, and the first information is described second
ISP node is using the shared key between the 2nd ISP node and the user node to the public key of the first ISP node
It is encrypted, obtains the first encryption information, and sign to first encryption information using the private key of the 2nd ISP node
The information obtained after name;
The first ISP node is according to the public key of the 2nd ISP node, to the 2nd ISP node described in the first information
Private key signature verified;
After the first ISP node is verified the private key signature of the 2nd ISP node, by first encryption information
The user node is sent to by the point-to-point P2P mode of short message mode or IP address;
The first ISP node receives the second information that the user node is sent, and second information is the user node
The information obtained after being encrypted using the session key that the public key of the first ISP node generates the user node;
The first ISP node obtains the session key according to second information, and the session key is used for described first
ISP node and the user node are communicated.
2. the method according to claim 1, wherein the first ISP node is by the mark of the user node
The public key of information and the first ISP node is sent to the 2nd ISP node in block chain network, comprising:
The first ISP node is inquired from the corresponding block chain account book of the block chain network obtains the 2nd ISP node
Public key;
The first ISP node is using the public key of the 2nd ISP node to the identification information of the user node and described the
The public key of one ISP node is encrypted, and the second encryption information is obtained;
The first ISP node signs to second encryption information using the private key of the first ISP node, is signed
Name information;
The signing messages is sent to the 2nd ISP node by the first ISP node.
3. method according to claim 1 or 2, which is characterized in that the first ISP node according to second information,
The session key is obtained, including;
The first ISP node is decrypted second information using the private key of the first ISP node, obtains the meeting
Talk about key.
4. a kind of session key transmission method characterized by comprising
2nd ISP node receives the identification information for the user node that the first ISP node is sent and the public affairs of the first ISP node
Key, the user node registered in the 2nd ISP node;
The 2nd ISP node determines the 2nd ISP node and user section according to the identification information of the user node
Shared key between point;
The 2nd ISP node encrypts the public key of the first ISP node using the shared key, obtains first and adds
Confidential information, and first encryption information is signed to obtain the first information using the private key of the 2nd ISP node;
The first information is sent to the first ISP node by the 2nd ISP node.
5. a kind of session key transmission method characterized by comprising
User node sends logging request to the first ISP node, and the logging request includes the identification information of the user node,
The user node registered not in the first ISP node;
The user node receives the first ISP node by the point-to-point P2P mode of short message mode or IP address and sends
The first encryption information, first encryption information is the shared key using between the 2nd ISP node and the user node
The information obtained after encrypting to the public key of the first ISP node, the user node are infused in the 2nd ISP node
Volume mistake;
The user node is decrypted first encryption information using the shared key, obtains the first ISP section
The public key of point;
The user node generates session key, and is added using the public key of the first ISP node to the session key
It is close to obtain the second information;
The user node sends second information to the first ISP node, so that the first ISP node is according to
Second information, obtains the session key, and the session key is led to for the first ISP node and the user node
Letter.
6. a kind of first Internet Service Provider's ISP node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
The logging request that user node is sent is received by the communication interface, the logging request includes the user node
Identification information, the user node registered not in the first ISP node;
The public key of the identification information of the user node and the first ISP node is sent to block by the communication interface
The 2nd ISP node in chain network, the user node registered in the 2nd ISP node;
The first information that the 2nd ISP node is sent is received by the communication interface, the first information is described second
ISP node is using the shared key between the 2nd ISP node and the user node to the public key of the first ISP node
It is encrypted, obtains the first encryption information, and sign to first encryption information using the private key of the 2nd ISP node
The information obtained after name;
According to the public key of the 2nd ISP node, the private key signature of the 2nd ISP node described in the first information is tested
Card;
It, will by the communication interface after the first ISP node is verified the private key signature of the 2nd ISP node
First encryption information is sent to the user node by the point-to-point P2P mode of short message mode or IP address;
The second information that the user node is sent is received by the communication interface, second information is the user node
The information obtained after being encrypted using the session key that the public key of the first ISP node generates the user node;
According to second information, the session key is obtained, the session key is used for the first ISP node and the use
Family node is communicated.
7. the first Internet Service Provider ISP node according to claim 6, which is characterized in that the processor is logical
It crosses the communication interface and the public key of the identification information of the user node and the first ISP node is sent to block chain network
In the 2nd ISP node when, be specifically used for:
Inquiry obtains the public key of the 2nd ISP node from the block chain network corresponding block chain account book:
Using the public key of the 2nd ISP node to the identification information of the user node and the public key of the first ISP node
It is encrypted, obtains the second encryption information;
It is signed using the private key of the first ISP node to second encryption information, obtains signing messages;
The signing messages is sent to the 2nd ISP node by the communication interface.
8. the first Internet Service Provider ISP node according to claim 6 or 7, which is characterized in that the processor
According to second information, when obtaining the session key, it is specifically used for:
Second information is decrypted using the private key of the first ISP node, obtains the session key.
9. a kind of 2nd ISP node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
The identification information and the first ISP node of the user node that the first ISP node is sent are received by the communication interface
Public key, the user node in the 2nd ISP node registered;
According to the identification information of the user node, determine between the 2nd ISP node and the user node share it is close
Key;
It is encrypted using public key of the shared key to the first ISP node, obtains the first encryption information, and use institute
The private key for stating the 2nd ISP node is signed to obtain the first information to first encryption information;
The first information is sent to the first ISP node by the communication interface.
10. a kind of user node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
Logging request is sent to the first ISP node by the communication interface, the logging request includes the user node
Identification information, the user node registered not in the first ISP node;
Through the communication interface in a manner of short message or the point-to-point P2P mode of IP address receives the first ISP node hair
The first encryption information sent, first encryption information are close using sharing between the 2nd ISP node and the user node
The information that key obtains after encrypting to the public key of the first ISP node, the user node is in the 2nd ISP node
It registered;
First encryption information is decrypted using the shared key, obtains the public key of the first ISP node;
Session key is generated, and the session key is encrypted to obtain the second letter using the public key of the first ISP node
Breath;
Send second information to the first ISP node by the communication interface so that the first ISP node according to
Second information, obtains the session key, the session key for the first ISP node and the user node into
Row communication.
11. a kind of session key Transmission system, which is characterized in that the system comprises:
The described in any item first ISP nodes of claim 6-8, the 2nd ISP node as claimed in claim 9 and right are wanted
User node described in asking 10.
12. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The method according to claim 1 to 5 is realized when being executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910466910.1A CN110048843B (en) | 2019-05-30 | 2019-05-30 | Session key transmission method, device and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910466910.1A CN110048843B (en) | 2019-05-30 | 2019-05-30 | Session key transmission method, device and computer readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110048843A true CN110048843A (en) | 2019-07-23 |
CN110048843B CN110048843B (en) | 2021-09-10 |
Family
ID=67284239
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910466910.1A Active CN110048843B (en) | 2019-05-30 | 2019-05-30 | Session key transmission method, device and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110048843B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143487A (en) * | 2010-02-03 | 2011-08-03 | 中兴通讯股份有限公司 | Negotiation method and negotiation system for end-to-end session key |
CN105337740A (en) * | 2014-07-31 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Identity verification method, client, relay device and server |
US20160337132A1 (en) * | 2014-01-15 | 2016-11-17 | Xorkey B.V. | Secure Login Without Passwords |
CN106535184A (en) * | 2016-10-18 | 2017-03-22 | 深圳市金立通信设备有限公司 | Key management method and system |
CN107809411A (en) * | 2016-09-09 | 2018-03-16 | 华为技术有限公司 | Authentication method, terminal device, server and the network authentication entity of mobile network |
CN108684041A (en) * | 2018-05-31 | 2018-10-19 | 上海邑游网络科技有限公司 | The system and method for login authentication |
CN108702622A (en) * | 2017-11-30 | 2018-10-23 | 深圳前海达闼云端智能科技有限公司 | Mobile network's access authentication method, device, storage medium and block chain node |
CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
CN109087100A (en) * | 2018-08-02 | 2018-12-25 | 中国联合网络通信集团有限公司 | Cryptographic key distribution method, device, equipment and storage medium |
US20190149325A1 (en) * | 2017-11-16 | 2019-05-16 | International Business Machines Corporation | Blockchain transaction privacy enhancement through broadcast encryption |
-
2019
- 2019-05-30 CN CN201910466910.1A patent/CN110048843B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143487A (en) * | 2010-02-03 | 2011-08-03 | 中兴通讯股份有限公司 | Negotiation method and negotiation system for end-to-end session key |
US20160337132A1 (en) * | 2014-01-15 | 2016-11-17 | Xorkey B.V. | Secure Login Without Passwords |
CN105337740A (en) * | 2014-07-31 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Identity verification method, client, relay device and server |
CN107809411A (en) * | 2016-09-09 | 2018-03-16 | 华为技术有限公司 | Authentication method, terminal device, server and the network authentication entity of mobile network |
CN106535184A (en) * | 2016-10-18 | 2017-03-22 | 深圳市金立通信设备有限公司 | Key management method and system |
US20190149325A1 (en) * | 2017-11-16 | 2019-05-16 | International Business Machines Corporation | Blockchain transaction privacy enhancement through broadcast encryption |
CN108702622A (en) * | 2017-11-30 | 2018-10-23 | 深圳前海达闼云端智能科技有限公司 | Mobile network's access authentication method, device, storage medium and block chain node |
CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
CN108684041A (en) * | 2018-05-31 | 2018-10-19 | 上海邑游网络科技有限公司 | The system and method for login authentication |
CN109087100A (en) * | 2018-08-02 | 2018-12-25 | 中国联合网络通信集团有限公司 | Cryptographic key distribution method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110048843B (en) | 2021-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Feng et al. | Blockchain-empowered decentralized horizontal federated learning for 5G-enabled UAVs | |
Aman et al. | Mutual authentication in IoT systems using physical unclonable functions | |
Shahidinejad et al. | Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloud environment | |
CN106357396B (en) | Digital signature method and system and quantum key card | |
Aman et al. | A light-weight mutual authentication protocol for IoT systems | |
CN105162772B (en) | A kind of internet of things equipment certifiede-mail protocol method and apparatus | |
CN106101068B (en) | Terminal communicating method and system | |
CN110311883A (en) | Identity management method, equipment, communication network and storage medium | |
CN105308897B (en) | Method and apparatus for anonymity and authentic authentication in infiltration type social networking | |
Tsai et al. | New dynamic ID authentication scheme using smart cards | |
CN109873815A (en) | Isomeric compound networking certification method based on edge calculations, Internet of Things security platform | |
Gaba et al. | Robust and lightweight mutual authentication scheme in distributed smart environments | |
CN105530253B (en) | Wireless sensor network access authentication method under Restful framework based on CA certificate | |
Kalra et al. | Advanced password based authentication scheme for wireless sensor networks | |
CN109639426A (en) | Bidirectional self-authentication method based on identification password | |
CN109981633A (en) | Access method, equipment and the computer readable storage medium of server | |
Sklavos et al. | Security & trusted devices in the context of internet of things (IoT) | |
CN110225017A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
CN108574571A (en) | Private key generation method, equipment and system | |
Srikanth et al. | An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems | |
CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
Indushree et al. | Mobile-Chain: Secure blockchain based decentralized authentication system for global roaming in mobility networks | |
CN110048842A (en) | Session key processing method, equipment and computer readable storage medium | |
CN102209066B (en) | Network authentication method and equipment | |
CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |