CN110149206A - Transmission method, equipment and the computer readable storage medium of session key - Google Patents
Transmission method, equipment and the computer readable storage medium of session key Download PDFInfo
- Publication number
- CN110149206A CN110149206A CN201910459797.4A CN201910459797A CN110149206A CN 110149206 A CN110149206 A CN 110149206A CN 201910459797 A CN201910459797 A CN 201910459797A CN 110149206 A CN110149206 A CN 110149206A
- Authority
- CN
- China
- Prior art keywords
- node
- message
- isp
- user
- isp node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
Abstract
The embodiment of the present invention provides transmission method, equipment and the computer readable storage medium of a kind of session key.The embodiment of the present invention sends message twice to user node by the first ISP node, that is first message and second message, since first message includes the cryptographic Hash of second message, it does not include the public key of the first ISP node, therefore, even if attacker has intercepted and captured first message, also the public key of the first ISP node can not be got, in addition, if attacker has intercepted and captured second message, and second message is distorted, since user node is according to the cryptographic Hash of the second message, it can easily judge whether received second message is tampered, improve the safety of the public key of the first ISP node, so that the user node encrypts the session key between the first ISP node and the user node using the public key of true first ISP node, to improve the first ISP node and user section The safety communicated between point.
Description
Technical field
The present embodiments relate to field of communication technology more particularly to a kind of transmission methods of session key, equipment and meter
Calculation machine readable storage medium storing program for executing.
Background technique
With the development of intelligent terminal, user can install a variety of different application programs on intelligent terminal
(Application, APP), different APP may provide the user with different services.
But user needs Internet Service Provider corresponding in the APP when installing APP on intelligent terminal
It is registered on (Internet Service Provider, ISP) server, due to the Internet Service Provider of different APP
Difference, therefore, user need to register on different isp servers.The APP number installed on intelligent terminal with user
Amount is increasing, if the username and password that user registers on different isp servers is, it is easy to lead to user
Name and password leakage.If the username and password that user registers on different isp servers is different, and will lead to user
It is difficult to remember the corresponding username and password of each APP.In order to solve this problem, the prior art is proposed is saved by large-scale ISP
Point, for example, Facebook, Twiter, wechat, Alipay etc. construct alliance's block chain, when user is in some large size ISP node
In registered username and password after, large size ISP node can be alliance's block chain in other ISP nodes, for example, small
Type ISP node provides the query service of the username and password of the user.
In the prior art, when user node and small-sized ISP node are communicated, between user node and small-sized ISP node
A session key is needed, if large size ISP node or other intermediate nodes malice forge the public key of the small-sized ISP node,
And the public key after forgery is sent to user node, when user node uses the public key encryption session key again, after will lead to encryption
Session key be cracked, cause the safety communicated between small-sized ISP node and the user node lower.
Summary of the invention
The embodiment of the present invention provides transmission method, equipment and the computer readable storage medium of a kind of session key, to mention
The safety communicated between high first ISP node and the user node.
In a first aspect, the embodiment of the present invention provides a kind of transmission method of session key, comprising:
User node sends access request to the first Internet Service Provider ISP, and the user node is not described the
It was registered in one ISP node;
The user node receives the first message that the first ISP node is sent;
The user node sends the confirmation message that confirmation receives the first message to the first ISP node;
The user node receives the second message that the first ISP node is sent, and the first message includes described the
The cryptographic Hash of two message, the second message include the public key of the first ISP node;
The user node calculates the cryptographic Hash of the second message;
If including in the cryptographic Hash for the second message that the user node is calculated and the first message
The cryptographic Hash of the second message is consistent, then the user node generates session key, and using the public affairs of the first ISP node
Key is encrypted to obtain encryption information to the session key;
The user node sends the encryption information to the first ISP node so that the first ISP node according to
The encryption information, obtains the session key, the session key for the first ISP node and the user node into
Row communication.
Second aspect, the embodiment of the present invention provide a kind of user node, comprising:
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as being executed by the processor following
Operation:
Access request is sent to the first Internet Service Provider ISP by the communication interface, the user node is not
It was registered in the first ISP node;
The first message that the first ISP node is sent is received by the communication interface;
The confirmation message that confirmation receives the first message is sent to the first ISP node by the communication interface;
The second message that the first ISP node is sent is received by the communication interface, the first message includes institute
The cryptographic Hash of second message is stated, the second message includes the public key of the first ISP node;
Calculate the cryptographic Hash of the second message;
If including in the cryptographic Hash for the second message that the user node is calculated and the first message
The cryptographic Hash of the second message is consistent, then generates session key, and using the public key of the first ISP node to the session
Key is encrypted to obtain encryption information;
The encryption information is sent to the first ISP node by the communication interface, so that the first ISP node
According to the encryption information, the session key is obtained, the session key is saved for the first ISP node and the user
Point is communicated.
The third aspect, the embodiment of the present invention provide a kind of computer readable storage medium, are stored thereon with computer program,
The computer program is executed by processor to realize method described in first aspect.
Transmission method, equipment and the computer readable storage medium of session key provided in an embodiment of the present invention pass through
To user node transmission, message, i.e. first message and second message, first message include the Kazakhstan of second message to one ISP node twice
Uncommon value, second message includes that the public key of the first ISP node is not wrapped since first message includes the cryptographic Hash of second message
The public key of the first ISP node is included, therefore, even if attacker has intercepted and captured first message, can not also get the first ISP node
Public key, in addition, if attacker has intercepted and captured second message, and second message is distorted, since user node has connect
The cryptographic Hash of second message is had received, therefore, user node can easily be judged according to the cryptographic Hash of the second message
Whether received second message is tampered, and this improves the safeties of the public key of the first ISP node, so that the user
Node can be used the public key of true first ISP node to the session key between the first ISP node and the user node into
Row encryption, improves the transmission security of the session key, communicates between the first ISP node and the user node to improve
Safety.
Detailed description of the invention
Fig. 1 is a kind of schematic diagram of application scenarios provided in an embodiment of the present invention;
Fig. 2 is the transmission method flow chart of session key provided in an embodiment of the present invention;
Fig. 3 is the structural schematic diagram of user node provided in an embodiment of the present invention.
Through the above attached drawings, it has been shown that the specific embodiment of the disclosure will be hereinafter described in more detail.These attached drawings
It is not intended to limit the scope of this disclosure concept by any means with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the disclosure.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
The transmission method of session key provided in an embodiment of the present invention can be adapted for communication system shown in FIG. 1.Such as figure
Shown in 1, which includes: node 1- Internet Service Provider, Internet Service Provider node 5 and user's section
Point, wherein Internet Service Provider's node 1 can be small-sized ISP node, the internet Internet Service Provider node 2- clothes
Business provider's node 5 can be large-scale ISP node, for example, the Internet services such as Facebook, Twiter, wechat, Alipay mention
For the node of quotient.User node specifically can be subscriber terminal equipment.Wherein, the internet Internet Service Provider's node 2- takes
The large size ISP nodes such as business provider's node 5 can construct alliance's block chain.Optionally, Internet Service Provider's node 2- is mutual
Each node in the Internet services provider node 5 accesses in alliance's block chain as a block chain service node, and is
Other ISP nodes or user node provide identity authentication service.Optionally, it is stored in the wound generation block of alliance's block chain mutually
The block chain mark of each node, public key, IP address etc. in node 2- Internet Service Provider, the Internet services provider node 5
Information.Wound generation node pair of node 2- Internet Service Provider, the Internet Service Provider node 5 as alliance's block chain
Alliance's block chain is managed.For example, node 2- Internet Service Provider, Internet Service Provider node 5 can determine
Whether some ISP node is allowed, for example, some small-sized ISP node is linked into alliance's block chain.For example, Internet service
Provider's node 1 and user node can be same by node 2- Internet Service Provider, Internet Service Provider node 5
The node being linked into after meaning in alliance's block chain.
In this example, it is assumed that user node is in node 2- Internet Service Provider, Internet Service Provider node
Registration was carried out on any one alliance's block chain node in 5, that is to say, that the internet Internet Service Provider node 2-
The registration information of the user node was recorded on any one alliance's block chain node in service provider node 5, and will
The registration information has been stored in the account book of alliance's block chain.Possess between user node and alliance's block chain node share it is close
Key, i.e. user node are communicated with alliance's block chain node by the shared key.For example, user node takes in internet
Be engaged in provider's node 2 on registered user information, possess between user node and Internet Service Provider's node 2 share it is close
Key.The user node is not in small-sized ISP node, for example, carrying out registration on Internet Service Provider's node 1.
The transmission method of session key provided in an embodiment of the present invention, it is intended to solve the technical problem as above of the prior art.
How to be solved with technical solution of the specifically embodiment to technical solution of the present invention and the application below above-mentioned
Technical problem is described in detail.These specific embodiments can be combined with each other below, for the same or similar concept
Or process may repeat no more in certain embodiments.Below in conjunction with attached drawing, the embodiment of the present invention is described.
Fig. 2 is the transmission method flow chart of session key provided in an embodiment of the present invention.The embodiment of the present invention is for existing
The technical problem as above of technology provides the transmission method of session key, and specific step is as follows for this method:
Step 201, user node send access request to the first Internet Service Provider ISP, and the user node is not
It was registered in the first ISP node.
In the present embodiment, first Internet Service Provider's ISP node specifically can be internet clothes as shown in Figure 1
Business provider's node 1, Internet Service Provider's node 1 are small-sized ISP node, and user node is not infused on small-sized ISP node
Volume crosses user information.The 2nd ISP node in the present embodiment specifically can be Internet Service Provider's node as shown in Figure 1
2.User node registered user information on Internet Service Provider's node 2.Block chain network described in the present embodiment
It specifically can be the network including alliance's block chain node as described above.
For example, the user node can be saved to the small-sized ISP when the user node needs to log in the small-sized ISP node
Point sends logging request or access request.But any of the small-sized ISP node in the logging request or access request is not included
Information, for example, not including the identification information and public key of the small-sized ISP node in the logging request or access request.Wherein, this is small
The identification information of type ISP node specifically can be the block chain mark of the small-sized ISP node.
After the small-sized ISP node receives the logging request or access request of the user node, first message is generated, it should
First message may include the identification information for the small-sized ISP node that the small-sized ISP node calculates and the public affairs of the small-sized ISP node
The cryptographic Hash of key.That is, the small-sized ISP node is given after the logging request or access request for receiving the user node
It does not include public key of the identification information with the small-sized ISP node of the small-sized ISP node in the first message of user node feedback,
But the cryptographic Hash of the public key of the identification information including the small-sized ISP node and the small-sized ISP node.
Step 202, the user node receive the first message that the first ISP node is sent.
Correspondingly, the user node receives the first message that the small-sized ISP node is sent, it include that this is small in the first message
The cryptographic Hash of the public key of the identification information of type ISP node and the small-sized ISP node, that is to say, that in addition to packet in the first message
It includes outside the cryptographic Hash, can also include other information, the other information that can also include in the first message is explained below.
Step 203, the user node send the confirmation letter that confirmation receives the first message to the first ISP node
Breath.
After the user node receives the first message that the small-sized ISP node is sent, the user node is to the small-sized ISP
Node sends confirmation message, which indicates that the user node has been successfully received the first message.
Step 204, the user node receive the second message that the first ISP node is sent, the first message packet
The cryptographic Hash of the second message is included, the second message includes the public key of the first ISP node.
Optionally, the second message further includes the identification information of the first ISP node;The first message includes
The cryptographic Hash of the second message is the Hash of the identification information of the first ISP node and the public key of the first ISP node
Value.
In the present embodiment, after the small-sized ISP node receives the confirmation message of user node transmission, this is small-sized
ISP node can send second message to the user node, which may include the identification information of the small-sized ISP node
With the public key of the small-sized ISP node.
Step 205, the user node calculate the cryptographic Hash of the second message.
After the user node receives the second message, the mark letter of the small-sized ISP node in the second message is extracted
The public key of breath and the small-sized ISP node, and calculate the identification information of the small-sized ISP node and the public key of the small-sized ISP node
Cryptographic Hash.Herein, the cryptographic Hash of the public key of the identification information of the small-sized ISP node and the small-sized ISP node refers to, this is small-sized
The public key of the identification information of ISP node and the small-sized ISP node as a whole, the whole corresponding cryptographic Hash.
If the cryptographic Hash for the second message that step 206, the user node are calculated and the first message
In include the second message cryptographic Hash it is consistent, then the user node generates session key, and uses the first ISP
The public key of node is encrypted to obtain encryption information to the session key.
The user node calculates the cryptographic Hash of the identification information of the small-sized ISP node and the public key of the small-sized ISP node
Afterwards, further compare the Kazakhstan for including in first message received by the calculated cryptographic Hash of the user node and the user node
Uncommon value, if the two is consistent, illustrates that the second message is not tampered with, if the two is inconsistent, illustrate this second
Message may be tampered.
Include when the user node determines in first message received by its calculated cryptographic Hash and the user node
Cryptographic Hash it is consistent when, session key needed for which can be generated the user node and small-sized ISP node communication,
And the session key is encrypted to obtain encryption information using the public key of the small-sized ISP node, according to the algorithm made an appointment.
Step 207, the user node send the encryption information to the first ISP node, so that the first ISP
Node obtains the session key according to the encryption information, and the session key is used for the first ISP node and the use
Family node is communicated.
The user node can also send the encryption information to the small-sized ISP node, for example, the user node can pass through
The point-to-point P2P mode of short message mode or IP address sends the encryption information to the small-sized ISP node.The small-sized ISP node
After receiving the encryption information, according to the private of the corresponding decipherment algorithm of the algorithm made an appointment and the small-sized ISP node
The encryption information is decrypted in key, obtains the session key.So that the user node and the small-sized ISP node both sides obtain
Identical session key is obtained, in the user node and the small-sized subsequent communication process of ISP node, the user node is small with this
Type ISP node is using the respective information to be sent of session key encryption.
By the first ISP node, to user node transmission, message, i.e. first message and second disappear the embodiment of the present invention twice
Breath, first message includes the cryptographic Hash of second message, and second message includes the public key of the first ISP node, is disappeared due to first
Breath includes the cryptographic Hash of second message, does not include the public key of the first ISP node, therefore, even if attacker has intercepted and captured first message,
Also the public key of the first ISP node can not be got, in addition, if attacker has intercepted and captured second message, and to second message into
It has gone and has distorted, since user node has been received that the cryptographic Hash of second message, user node is according to the second message
Cryptographic Hash, can easily judge whether received second message is tampered, this improves the first ISP sections
The safety of the public key of point so that the user node can be used the public key of true first ISP node to the first ISP node and
Session key between the user node is encrypted, and the transmission security of the session key is improved, to improve first
The safety communicated between ISP node and the user node.
On the basis of the above embodiments, after receiving first message in order to avoid go-between i.e. attacker, should not
First message is transmitted to user node, but wait receive second message and the second message distorted after again in two times by this
The cryptographic Hash of two message and the second message are sent to user node.When user node can set the waiting for receiving first message
Between and receive second message waiting time, optionally, the user node can set receive first message waiting time compared with
It is short, so effectively go-between i.e. attacker the first message can not be forwarded.
Optionally, the second message is the identification information and the first ISP node for including the first ISP node
The block or class block of public key;The first message further includes the random number in the block or the class block.
In the present embodiment, which can also pre-generate a block or class block, by taking block as an example,
The small-sized ISP node can find a random number in advance, so that including identification information, the small-sized ISP of the small-sized ISP node
The public key of node and the block of the random number meet block proof rule.In addition, can also include finding this at random in the block
Transaction Information during number in the block chain network.Wherein, it is small-sized specifically to can be this for the identification information of the small-sized ISP node
The block chain identification information of ISP node.Furthermore it is possible to which this random number searched out is denoted as target random number.The block is tested
First 72 of the cryptographic Hash that card rule specifically can be the block are 0.Alternatively, the block proof rule specifically can be the area
The cryptographic Hash of block is less than difficulty value required in the block chain.The first message that small-sized ISP node is sent to the user node
It may include the cryptographic Hash of the block, the second message which sends to the user node specifically can be the area
The particular content of the block body of block.In addition, the first message that small-sized ISP node is sent to the user node can also include simultaneously
The cryptographic Hash of random number and the block in the block.
By taking class block as an example, which can find a random number in advance, so that including the small-sized ISP section
Identification information, the public key of the small-sized ISP node and the class block of the random number of point meet block proof rule.Compared to area
Block, class block described in the present embodiment refers to, only includes the identification information, public key and target random number of the small-sized ISP node, no
Including finding the Transaction Information during the random number in such block chain network, and such block meets the area of the block chain
Block proof rule.Wherein, the identification information of the small-sized ISP node specifically can be the block chain mark letter of the small-sized ISP node
Breath.Furthermore it is possible to which this random number searched out is denoted as target random number.The block proof rule specifically can be such area
First 72 of the cryptographic Hash of block are 0.Alternatively, the cryptographic Hash that the block proof rule specifically can be such block is less than the area
Required difficulty value in block chain.Small-sized ISP node to the first message that the user node is sent may include such block
Cryptographic Hash, the second message which sends to the user node specifically can be the tool of the block body of such block
Hold in vivo.In addition, small-sized ISP node to the first message that the user node is sent can also simultaneously include such block in
The cryptographic Hash of machine number and such block.
Optionally, the first message further includes the identification information of the first ISP node.For example, the small-sized ISP node
The first message sent to user node not only may include the cryptographic Hash of the second message, can also include in the first message
The identification information of the small-sized ISP node, still, the first message cannot simultaneously including the small-sized ISP node identification information and
The public key of the small-sized ISP node.Because the cryptographic Hash of the second message may be the identification information of the small-sized ISP node and be somebody's turn to do
The cryptographic Hash of the public key of small-sized ISP node.If in the first message simultaneously include the small-sized ISP node identification information and should
The public key of small-sized ISP node, then go-between, that is, attacker is possible to calculate the identification information of the small-sized ISP node and this is small-sized
The cryptographic Hash of the public key of ISP node, and the cryptographic Hash in the first message is distorted.
Alternatively, the first message further includes the public key of the first ISP node.For example, the small-sized ISP node is to user
The first message that node is sent not only may include the cryptographic Hash of the second message, can also include that this is small-sized in the first message
The public key of ISP node, still, the first message identification information including the small-sized ISP node and the small-sized ISP cannot save simultaneously
The public key of point.Because the cryptographic Hash of the second message may be the identification information and the small-sized ISP node of the small-sized ISP node
Public key cryptographic Hash.If in the first message simultaneously including the identification information and the small-sized ISP node of the small-sized ISP node
Public key, then go-between, that is, attacker is possible to calculate the identification information of the small-sized ISP node and the public affairs of the small-sized ISP node
The cryptographic Hash of key, and the cryptographic Hash in the first message is distorted.
The embodiment of the present invention pre-generates a block or class block and the block or class area by small-sized ISP node
The cryptographic Hash of block, and the part messages in the first message that the cryptographic Hash is sent as small-sized ISP node to the user node,
The user node is accelerated to the response time of the first message, attacker can be increased by the way of block or class block and wanted
Distort the time of first message or second message.The ID that attacker parses small-sized ISP by IP address is also avoided simultaneously.
Fig. 3 is the structural schematic diagram of user node provided in an embodiment of the present invention.User's section provided in an embodiment of the present invention
Point can execute the process flow that the transmission method embodiment of session key provides, as shown in figure 3, user node 30 includes: to deposit
Reservoir 31, processor 32, computer program and communication interface 33;Wherein, computer program is stored in memory 31, and is matched
It is set to from processor 32 and executes following operation: access being sent to the first Internet Service Provider ISP by communication interface 33 and is asked
It asks, the user node registered not in the first ISP node;The first ISP node is received by communication interface 33
The first message of transmission;The confirmation that confirmation receives the first message is sent to the first ISP node by communication interface 33
Information;The second message that the first ISP node is sent is received by communication interface 33, the first message includes described second
The cryptographic Hash of message, the second message include the public key of the first ISP node;Calculate the cryptographic Hash of the second message;
If include in the cryptographic Hash for the second message that the user node is calculated and the first message described second
The cryptographic Hash of message is consistent, then generates session key, and carry out to the session key using the public key of the first ISP node
Encryption obtains encryption information;The encryption information is sent to the first ISP node by communication interface 33, so that described first
ISP node obtains the session key according to the encryption information, and the session key is used for the first ISP node and institute
User node is stated to be communicated.
Optionally, the second message further includes the identification information of the first ISP node;The first message includes
The cryptographic Hash of the second message is the Hash of the identification information of the first ISP node and the public key of the first ISP node
Value.
Optionally, the second message is the identification information and the first ISP node for including the first ISP node
The block or class block of public key;The first message further includes the random number in the block or the class block.
Optionally, the first message further includes the identification information of the first ISP node.
Optionally, the first message further includes the public key of the first ISP node.
The user node of embodiment illustrated in fig. 3 can be used for executing the technical solution of above method embodiment, realization principle
Similar with technical effect, details are not described herein again.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer program, institute
It states computer program and is executed by processor transmission method to realize session key described in above-described embodiment.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
It is each that equipment (can be personal computer, server or the network equipment etc.) or processor (processor) execute the present invention
The part steps of embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-
Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. it is various
It can store the medium of program code.
Those skilled in the art can be understood that, for convenience and simplicity of description, only with above-mentioned each functional module
Division progress for example, in practical application, can according to need and above-mentioned function distribution is complete by different functional modules
At the internal structure of device being divided into different functional modules, to complete all or part of the functions described above.On
The specific work process for stating the device of description, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (11)
1. a kind of transmission method of session key characterized by comprising
User node sends access request to the first Internet Service Provider ISP, and the user node is not in the first ISP
It was registered in node;
The user node receives the first message that the first ISP node is sent;
The user node sends the confirmation message that confirmation receives the first message to the first ISP node;
The user node receives the second message that the first ISP node is sent, and the first message includes described second disappearing
The cryptographic Hash of breath, the second message include the public key of the first ISP node;
The user node calculates the cryptographic Hash of the second message;
If include in the cryptographic Hash for the second message that the user node is calculated and the first message is described
The cryptographic Hash of second message is consistent, then the user node generates session key, and using the public key pair of the first ISP node
The session key is encrypted to obtain encryption information;
The user node sends the encryption information to the first ISP node, so that the first ISP node is according to
Encryption information, obtains the session key, and the session key is led to for the first ISP node and the user node
Letter.
2. the method according to claim 1, wherein the second message further includes the first ISP node
Identification information;
The cryptographic Hash for the second message that the first message includes is the identification information and described of the first ISP node
The cryptographic Hash of the public key of one ISP node.
3. the method according to claim 1, wherein the second message includes the first ISP node
The block or class block of the public key of identification information and the first ISP node;
The first message further includes the random number in the block or the class block.
4. method according to claim 1-3, which is characterized in that the first message further includes described first
The identification information of ISP node.
5. method according to claim 1-3, which is characterized in that the first message further includes described first
The public key of ISP node.
6. a kind of user node characterized by comprising
Memory;
Processor;
Communication interface;And
Computer program;
Wherein, the computer program stores in the memory, and is configured as executing following operation by the processor:
Access request is sent to the first Internet Service Provider ISP by the communication interface, the user node is not in institute
It states in the first ISP node and registered;
The first message that the first ISP node is sent is received by the communication interface;
The confirmation message that confirmation receives the first message is sent to the first ISP node by the communication interface;
The second message that the first ISP node is sent is received by the communication interface, and the first message includes described the
The cryptographic Hash of two message, the second message include the public key of the first ISP node;
Calculate the cryptographic Hash of the second message;
If include in the cryptographic Hash for the second message that the user node is calculated and the first message is described
The cryptographic Hash of second message is consistent, then generates session key, and using the public key of the first ISP node to the session key
It is encrypted to obtain encryption information;
Send the encryption information to the first ISP node by the communication interface so that the first ISP node according to
The encryption information, obtains the session key, the session key for the first ISP node and the user node into
Row communication.
7. user node according to claim 6, which is characterized in that the second message further includes the first ISP section
The identification information of point;
The cryptographic Hash for the second message that the first message includes is the identification information and described of the first ISP node
The cryptographic Hash of the public key of one ISP node.
8. user node according to claim 6, which is characterized in that the second message be include the first ISP section
The block or class block of the public key of the identification information and the first ISP node of point;
The first message further includes the random number in the block or the class block.
9. according to the described in any item user nodes of claim 6-8, which is characterized in that the first message further includes described
The identification information of one ISP node.
10. according to the described in any item user nodes of claim 6-8, which is characterized in that the first message further includes described
The public key of first ISP node.
11. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program
The method according to claim 1 to 5 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910459797.4A CN110149206A (en) | 2019-05-30 | 2019-05-30 | Transmission method, equipment and the computer readable storage medium of session key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910459797.4A CN110149206A (en) | 2019-05-30 | 2019-05-30 | Transmission method, equipment and the computer readable storage medium of session key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110149206A true CN110149206A (en) | 2019-08-20 |
Family
ID=67593451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910459797.4A Pending CN110149206A (en) | 2019-05-30 | 2019-05-30 | Transmission method, equipment and the computer readable storage medium of session key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110149206A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637160A (en) * | 2020-12-14 | 2021-04-09 | 杭州趣链科技有限公司 | Login verification method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090024845A1 (en) * | 2007-07-19 | 2009-01-22 | Benshetler Jeffery E | Method and system for encryption of messages in land mobile radio systems |
| CN106941404A (en) * | 2017-04-25 | 2017-07-11 | 中国联合网络通信集团有限公司 | Cryptographic key protection method and device |
| CN107026727A (en) * | 2016-02-02 | 2017-08-08 | 阿里巴巴集团控股有限公司 | A kind of methods, devices and systems for setting up communication between devices |
| CN109039657A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
| CN109150526A (en) * | 2018-11-02 | 2019-01-04 | 美的集团股份有限公司 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
| CN109245886A (en) * | 2018-11-02 | 2019-01-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, equipment, storage medium and system |
-
2019
- 2019-05-30 CN CN201910459797.4A patent/CN110149206A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090024845A1 (en) * | 2007-07-19 | 2009-01-22 | Benshetler Jeffery E | Method and system for encryption of messages in land mobile radio systems |
| CN107026727A (en) * | 2016-02-02 | 2017-08-08 | 阿里巴巴集团控股有限公司 | A kind of methods, devices and systems for setting up communication between devices |
| CN106941404A (en) * | 2017-04-25 | 2017-07-11 | 中国联合网络通信集团有限公司 | Cryptographic key protection method and device |
| CN109039657A (en) * | 2018-11-02 | 2018-12-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
| CN109150526A (en) * | 2018-11-02 | 2019-01-04 | 美的集团股份有限公司 | Cryptographic key negotiation method, equipment, terminal, storage medium and system |
| CN109245886A (en) * | 2018-11-02 | 2019-01-18 | 美的集团股份有限公司 | Cryptographic key negotiation method, equipment, storage medium and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637160A (en) * | 2020-12-14 | 2021-04-09 | 杭州趣链科技有限公司 | Login verification method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Shahidinejad et al. | Light-edge: A lightweight authentication protocol for IoT devices in an edge-cloud environment | |
| Chatterjee et al. | Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment | |
| Li et al. | An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards | |
| US11270303B2 (en) | Cryptocurrency-based event participation verification | |
| KR20210008516A (en) | Computer-implemented system and method for performing atomic swaps using blockchain | |
| Amin et al. | CFSec: Password based secure communication protocol in cloud-fog environment | |
| CN105119722B (en) | A kind of auth method, equipment and system | |
| CN101873331B (en) | Safety authentication method and system | |
| CN109325342A (en) | Identity information management method, apparatus, computer equipment and storage medium | |
| CN112202705A (en) | Digital signature verification generation and verification method and system | |
| Kalra et al. | Advanced password based authentication scheme for wireless sensor networks | |
| CN110096894B (en) | Data anonymous sharing system and method based on block chain | |
| US20160241536A1 (en) | System and methods for user authentication across multiple domains | |
| CN109981633A (en) | Access method, equipment and the computer readable storage medium of server | |
| CN110166255A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
| CN110198316A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
| CN110213263A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
| CN110213264A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
| CN110138558A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
| CN110225017A (en) | Auth method, equipment and storage medium based on alliance's block chain | |
| Srikanth et al. | An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems | |
| CN103368918A (en) | Method, device and system for dynamic password authentication | |
| CN110213047A (en) | Transmission method, equipment and the computer readable storage medium of session key | |
| CN116170144B (en) | Smart power grid anonymous authentication method, electronic equipment and storage medium | |
| CN110149206A (en) | Transmission method, equipment and the computer readable storage medium of session key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190820 |