CN110912686B - Method and system for negotiating secret key of security channel - Google Patents

Method and system for negotiating secret key of security channel Download PDF

Info

Publication number
CN110912686B
CN110912686B CN201910978196.4A CN201910978196A CN110912686B CN 110912686 B CN110912686 B CN 110912686B CN 201910978196 A CN201910978196 A CN 201910978196A CN 110912686 B CN110912686 B CN 110912686B
Authority
CN
China
Prior art keywords
terminal
key
authentication server
authentication code
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910978196.4A
Other languages
Chinese (zh)
Other versions
CN110912686A (en
Inventor
孟陆强
陈本耀
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujian Landi Commercial Equipment Co Ltd
Original Assignee
Fujian Landi Commercial Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujian Landi Commercial Equipment Co Ltd filed Critical Fujian Landi Commercial Equipment Co Ltd
Priority to CN201910978196.4A priority Critical patent/CN110912686B/en
Publication of CN110912686A publication Critical patent/CN110912686A/en
Application granted granted Critical
Publication of CN110912686B publication Critical patent/CN110912686B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved

Abstract

The invention discloses a method and a system for negotiating a secret key of a secure channel, wherein an authentication server generates a first random number and a corresponding first temporary public key, the first temporary public key is sent to a first terminal which trusts with the first random number, the first random number is sent to a second terminal which trusts with the first terminal, the first terminal is data security equipment, and the second terminal is non-data security equipment; the first terminal generates a second random number and a corresponding second temporary public key, and the second temporary public key is sent to the second terminal through the authentication server; the first terminal and the second terminal negotiate the secret key of the security channel between the first terminal and the second terminal according to the random number and the temporary public key of each terminal respectively; the first terminal and the second terminal negotiate together to obtain a key for realizing a highly reliable data security channel between the first terminal and the second terminal, thereby improving the security of communication between the first terminal (such as a payment terminal) and the second terminal (such as a mobile terminal).

Description

Method and system for negotiating secret key of security channel
Technical Field
The present invention relates to the field of data secure communications, and in particular, to a method and a system for negotiating a secret key of a secure channel.
Background
In the prior art, in order to achieve secure communication between two terminals, a data security channel is usually established between the two terminals. In the typical process of establishing the secure channel, that is, the two parties of the communication (assumed to be the a party and the B party) respectively store a root public key certificate capable of authenticating the public key certificate of the other party, the two parties of the communication also respectively store a pair of public and private key pair keys representing the respective identities in a secure manner. The two parties send the public key certificate to the other party, and the other party verifies the identity of the public key certificate by using the root public key certificate stored in advance. After passing the verification, if the RSA key negotiation scheme is adopted, the following principle is adopted: if the a party passes the certificate verification operation on the B party, the a party uses its own private key and the public key provided by the B party to transmit a set of random numbers (for example, three random numbers, each of which is 16 bytes and is denoted as RNDA1, RNDA2, and RNDA 3) to the B party, and the B party uses the received public key of the a party and its own private key to securely decrypt to obtain the plaintext of RNDA1, RNDA2, and RNDA 3. In a similar manner, party B then also generates a set of random numbers RNDB1, RNDB2, RNDB3, which are securely passed to party a. Party a and party B Fang Li use the two sets of random numbers, exclusive or, to synchronize three keys: one data encryption key for message transmission, one MAC key for generating the MAC check code of the message transmitted from the A side to the B side, and one MAC key for generating the MAC check code of the message transmitted from the B side to the A side. Wherein the purposes of the three keys are: if the A party transmits the message to the B party, the whole message can be encrypted by using the data encryption key, then the MAC code of the encrypted message is calculated by using the MAC keys from the A party to the B party, and the encrypted message is transmitted to the B party together. B Fang Xian uses the MAC key to verify the MAC code, and after the verification is correct, the message is decrypted by using the data encryption key to obtain the plaintext.
In the key negotiation scheme, the key point of the negotiation scheme is that the communication parties respectively and safely store a pair of public and private key pairs representing respective identities in advance, and the public key certificate is required to be issued and approved by a third-party trust authority, and the private keys of the public key certificates are also stored in the respective terminals for a long time.
However, many existing usage scenarios involve communication between a secure payment terminal and a common mobile terminal, where the secure payment terminal (Security Payment Terminal, SPT) side has a security module, so that a key required for identity authentication can be securely stored; but the other party of the communication is a common mobile terminal, and a trusted security module is not necessarily required to store the key for identity authentication. This key for authentication on the ordinary mobile terminal side can only be stored in the ordinary area (non-secure area) of the mobile terminal. In this case, the trust mechanism of the secure channel is destroyed once such a key is compromised or attacked. Therefore, the payment security terminal may not trust the mobile terminal because the general mobile terminal does not have a security module. Of course, third party trust authorities or paymate platforms are also reluctant to issue such certificates to common mobile terminals that do not have a secure trusted environment. Therefore, under the application scene, only one safety channel for one-way authentication of the payment terminal side by the common mobile terminal can be established, and the safety intensity is not high.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the key negotiation method and the system for the secure channel can improve the security of communication between the payment terminal and the mobile terminal.
In order to solve the technical problems, the invention adopts a technical scheme that:
a method of negotiating a key of a secure channel, comprising:
s1, an authentication server generates a first random number and a corresponding first temporary public key, the first temporary public key is sent to a first terminal which is mutually trusted with the first random number, the first random number is sent to a second terminal which is mutually trusted with the first terminal, the first terminal is data security equipment, and the second terminal is non-data security equipment;
s2, the first terminal generates a second random number and a corresponding second temporary public key, and the second temporary public key is sent to the second terminal through the authentication server;
s3, the first terminal and the second terminal negotiate the secret key of the secure channel between the first terminal and the second terminal according to the random number and the temporary public key of each terminal respectively.
In order to solve the technical problems, the invention adopts another technical scheme that:
the key negotiation system of the security channel comprises a first terminal, a second terminal and an authentication server, wherein the first terminal is data security equipment, and the second terminal is non-data security equipment;
The first terminal comprises a first memory, a first processor and a first computer program stored on the first memory and capable of running on the first processor, the second terminal comprises a second memory, a second processor and a second computer program stored on the second memory and capable of running on the second processor, the authentication server comprises a third memory, a third processor and a third computer program stored on the third memory and capable of running on the third processor, and the first processor realizes the following steps when executing the first computer program:
s1, receiving a first temporary public key sent by the authentication server;
s2, generating a second random number and a corresponding second temporary public key, and transmitting the second temporary public key to the second terminal through the authentication server;
s3, negotiating a secret key of a secure channel between the second random number and the first temporary public key and the second terminal according to the second random number and the first temporary public key;
the second processor, when executing the second computer program, performs the steps of:
s1, receiving a first random number sent by the authentication server;
S2, receiving a second temporary public key sent by the authentication server;
s3, negotiating a secret key of a secure channel between the first random number and the second temporary public key and the first terminal according to the first random number and the second temporary public key;
the third processor, when executing the third computer program, performs the steps of:
s1, generating a first random number and a corresponding first temporary public key, sending the first temporary public key to a first terminal which trusts the first random number, and sending the first random number to a second terminal which trusts the first terminal;
s2, the second temporary public key generated by the first terminal is sent to the second terminal.
The invention has the beneficial effects that: introducing an authentication server except a first terminal and a second terminal of both communication parties as a trust party, wherein the first terminal and the authentication server are mutually trusted, and the second terminal and the authentication server are mutually trusted; the first random number and the corresponding first temporary public key are generated through the authentication server, the first random number is sent to the first terminal, the first temporary public key is sent to the second terminal, the second random number and the corresponding second temporary public key are generated through the second terminal, the second temporary public key is forwarded to the first terminal through the authentication server, the first terminal and the second terminal can mutually trust the identity of each other through the authentication server, the exchange of the temporary public keys is achieved, the secret keys for achieving a high-reliability data security channel between the first terminal and the second terminal are obtained through mutual negotiation according to the random numbers and the temporary public keys, and although the second terminal does not have a physical security protection mechanism, the trust server is used as a trust intermediary on one hand, and the first random number and the corresponding first temporary public key for secret key negotiation between the first terminal and the second terminal are generated through the authentication server on the other hand, so that the security of communication between the first terminal (such as a payment terminal) and the second terminal (such as a mobile terminal) is improved.
Drawings
FIG. 1 is a flowchart illustrating a negotiation method of a secure channel according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a negotiation system of a secure channel according to an embodiment of the present invention;
FIG. 3 is a system architecture diagram of an application scenario according to an embodiment of the present invention;
description of the reference numerals:
1. a first terminal; 2. a first memory; 3. a first processor; 4. a second terminal; 5. a second memory; 6. a second processor; 7. an authentication server; 8. a third memory; 9. a third processor; 10. a system for negotiating a key of a secure channel.
Detailed Description
In order to describe the technical contents, the achieved objects and effects of the present invention in detail, the following description will be made with reference to the embodiments in conjunction with the accompanying drawings.
Referring to fig. 1, a method for negotiating a key of a secure channel includes:
s1, an authentication server generates a first random number and a corresponding first temporary public key, the first temporary public key is sent to a first terminal which is mutually trusted with the first random number, the first random number is sent to a second terminal which is mutually trusted with the first terminal, the first terminal is data security equipment, and the second terminal is non-data security equipment;
s2, the first terminal generates a second random number and a corresponding second temporary public key, and the second temporary public key is sent to the second terminal through the authentication server;
S3, the first terminal and the second terminal negotiate the secret key of the secure channel between the first terminal and the second terminal according to the random number and the temporary public key of each terminal respectively.
From the above description, the beneficial effects of the invention are as follows: introducing an authentication server except a first terminal and a second terminal of both communication parties as a trust party, wherein the first terminal and the authentication server are mutually trusted, and the second terminal and the authentication server are mutually trusted; the first random number and the corresponding first temporary public key are generated through the authentication server, the first random number is sent to the first terminal, the first temporary public key is sent to the second terminal, the second random number and the corresponding second temporary public key are generated through the second terminal, the second temporary public key is forwarded to the first terminal through the authentication server, the first terminal and the second terminal can mutually trust the identity of each other through the authentication server, the exchange of the temporary public keys is achieved, the secret keys for achieving a high-reliability data security channel between the first terminal and the second terminal are obtained through mutual negotiation according to the random numbers and the temporary public keys, and although the second terminal does not have a physical security protection mechanism, the trust server is used as a trust intermediary on one hand, and the first random number and the corresponding first temporary public key for secret key negotiation between the first terminal and the second terminal are generated through the authentication server on the other hand, so that the security of communication between the first terminal (such as a payment terminal) and the second terminal (such as a mobile terminal) is improved.
Further, the first terminal and the second terminal respectively establish a secure channel with the authentication server to realize mutual trust with the authentication server.
As can be seen from the above description, the authentication server performs a secure channel with the first terminal and the second terminal respectively, so as to ensure the security of the data interacted between the first terminal and the second terminal, thereby realizing mutual trust and improving the security of communication.
Further, the establishing a secure channel between the first terminal and the second terminal and the authentication server includes:
the first terminal and the authentication server share a first key set, and different first terminals have different first key sets;
the second terminal shares a second key set with the authentication server, and a different second terminal has a different second key set.
As can be seen from the above description, the authentication server is ensured to establish a point-to-point secure channel with the first terminal and the second terminal respectively through the shared key group, and different terminals share different key groups with the authentication server, so that the security of communication between the authentication server and the first terminal and the second terminal respectively is further improved.
Further, the first key set and the second key set are derived based on DUKPT key derivation protocol.
As is apparent from the above description, the security of communication between the authentication server and the first terminal and the second terminal can be further improved and divulging of secret can be prevented based on the key set derived by the DUKPT key derivation protocol, since the key used by the DUKPT per transaction is not used any more in the subsequent transaction, and the transaction terminal does not contain any related information of the transaction key used before the transaction terminal, nor any transaction password already used by other transaction terminals or to be used in the future.
Further, the step S1 includes the following steps:
s01, the first terminal and the second terminal respectively generate a current first key group and a current second key group according to the sequence numbers of the first terminal and the second terminal;
s02, the second terminal forwards a request sent by the authentication server and used for uploading a first terminal serial number to the first terminal;
the second terminal receives a first terminal serial number sent by the first terminal, and sends a request for obtaining a first random number to the authentication server, wherein the request comprises the first terminal serial number and the second terminal serial number;
S03, the authentication server respectively determines a current first key group of the first terminal and a current second key group of the second terminal according to the first terminal serial number and the second terminal serial number;
the step S1 of sending the first temporary public key to a first terminal trusted with the first temporary public key, and the step of sending the first random number to a second terminal trusted with the first temporary public key includes:
the authentication server and the first terminal mutually verify through the first key group to realize that the first temporary public key is sent to the first terminal;
and the authentication server and the second terminal realize mutual authentication through the second key group, so as to send the first random number to the second terminal.
As can be seen from the above description, the first terminal and the second terminal determine the current first key set and the current second key set according to the respective terminal serial numbers, the second terminal is used as a relay, the serial numbers of the first terminal and the second terminal are sent to the authentication server, and the authentication server obtains the corresponding first key set and second key set according to the serial numbers of the terminals and performs mutual authentication according to the key sets shared by the authentication server and the first terminal and the second terminal, so that the safety of communication between the authentication server and the second terminal is ensured, and the reliability and safety of data transmission are improved.
Further, the second key group includes a second data encryption key, a second terminal authentication code key, and a second authentication server authentication code key;
the request for obtaining the first random number further includes:
generating a second terminal authentication code according to the message of the request for acquiring the first random number and the second terminal authentication code key;
the second terminal authentication code is contained in the request for acquiring the first random number;
the authentication server and the second terminal mutually verify through the second key set, and the sending of the first random number to the second terminal comprises the following steps:
the authentication server verifies the second terminal authentication code using the second terminal authentication code key;
the authentication server encrypts the first random number by adopting the second data encryption key, generates a second authentication server authentication code according to the encrypted first random number and the second authentication server authentication code key, and sends the encrypted first random number and the second authentication server authentication code to the second terminal;
the second terminal verifies the second authentication server authentication code by adopting the second authentication server authentication code key, decrypts the encrypted first random number by adopting the second data encryption key, and acquires and stores the first random number;
The first key set comprises a first authentication server authentication code key;
the authentication server and the first terminal mutually authenticate through the first key group, and the sending of the first temporary public key to the first terminal comprises the following steps:
the authentication server generates a first authentication server authentication code according to the first temporary public key and the first authentication server authentication code key, and sends the first temporary public key and the first authentication server authentication code to the first terminal through the second terminal;
and the first terminal verifies the first authentication server authentication code by adopting the first authentication server authentication code key, and acquires and stores the first temporary public key.
Further, the first key group further comprises a first terminal authentication code key;
the step S2 includes:
the first terminal generates a second random number and a corresponding second temporary public key, generates a first terminal authentication code according to the second temporary public key and a first terminal authentication code key, and sends the second temporary public key and the first terminal authentication code to the authentication server through the second terminal;
the authentication server verifies the first terminal authentication code through the first terminal authentication code key to acquire the second temporary public key;
The authentication server generates a third authentication server authentication code according to the second temporary public key and the second authentication server authentication code key, and sends the second temporary public key and the third authentication server authentication code to the second terminal;
and the second terminal verifies the third authentication server authentication code by adopting the second authentication server authentication code key, and acquires and stores the second temporary public key.
As is apparent from the above description, the key group shared between the authentication server and the first terminal and the second terminal includes two-way authentication code keys to achieve authentication of the identity of the other party, and the key group shared between the server and the first terminal further includes an encryption key for encrypting data transmitted therebetween, ensuring security of the transmitted data.
Further, in the step S3, the first terminal and the second terminal each negotiate a key of a secure channel between them using an ECDH key negotiation protocol.
As can be seen from the above description, the key negotiation protocol through the ECDH key negotiation protocol can negotiate a key without the first terminal and the second terminal sharing any key, and the mutual trust problem of the first terminal and the second terminal of the two communication parties is guaranteed by introducing the authentication server which respectively trust with the first terminal and the second terminal, so that the authentication server is used as an authentication intermediary, the problem that the key negotiation protocol of the ECDH cannot solve the mutual trust problem of the two communication parties is solved, and the security of the negotiated key is guaranteed.
Further, the step S3 further includes:
the first terminal and the second terminal respectively adopt a KDF key derivation algorithm to generate a third data encryption key, a first terminal-to-second terminal direction authentication code key and a second terminal-to-first terminal direction authentication code key according to the negotiated keys, and the third data encryption key, the first terminal-to-second terminal direction authentication code key and the second terminal-to-first terminal direction authentication code key are used as a third key group of a secure channel between the first terminal and the second terminal.
As can be seen from the above description, after the two communication parties negotiate the secret key of the secure channel between them, the two communication parties can further adopt a KDF secret key derivation algorithm to generate the secret key of the required number according to the negotiated secret key, and the secret key is used as the secret key set required for communication between them, so that not only is the flexibility of generating the secret key set improved, but also the security of communication between them is improved.
Further, the second key group is hidden in the application program of the second terminal by adopting a key white-box technology.
As can be seen from the above description, since the second terminal is a non-data secure device, there is no secure physical environment that can secure data, and the key stored in the code can be encrypted by the key white-box technology, so as to enhance the security protection of the key in the program under the non-secure environment.
Further, the second key set is updated periodically.
From the above description, since the key white-box technology cannot guarantee the long-term security of the key, the security of the key is further guaranteed through regular updating.
Further, the step S3 further includes:
the authentication server respectively sends inquiry commands to the first terminal and the second terminal at regular intervals and receives terminal unique identification information sent by the first terminal and the second terminal at regular intervals;
and respectively determining the legitimacy of the first terminal and the second terminal according to the terminal unique identification information of each of the first terminal and the second terminal.
As can be seen from the above description, after the first terminal and the second terminal establish the secure channel, the authentication server periodically queries the first terminal and the second terminal to determine the legitimacy of the first terminal and the second terminal, so that the legitimacy of the first terminal and the second terminal can be tracked, and the security of communication is further ensured.
Further, a validity period is set for the third key group;
and when the establishment time of the third key group exceeds the validity period or the disconnection physical connection of the first terminal and the second terminal, the first terminal and the second terminal renegotiate the third key group.
As is apparent from the above description, by setting the validity period for the third key set, negotiation of the key set is resumed when the validity period expires or both communication parties are disconnected physically.
Referring to fig. 2, a system for negotiating a secret key of a secure channel includes a first terminal, a second terminal and an authentication server, wherein the first terminal is a data security device, and the second terminal is a non-data security device;
the first terminal comprises a first memory, a first processor and a first computer program stored on the first memory and capable of running on the first processor, the second terminal comprises a second memory, a second processor and a second computer program stored on the second memory and capable of running on the second processor, the authentication server comprises a third memory, a third processor and a third computer program stored on the third memory and capable of running on the third processor, and the first processor realizes the following steps when executing the first computer program:
s1, receiving a first temporary public key sent by the authentication server;
s2, generating a second random number and a corresponding second temporary public key, and transmitting the second temporary public key to the second terminal through the authentication server;
S3, negotiating a secret key of a secure channel between the second random number and the first temporary public key and the second terminal according to the second random number and the first temporary public key;
the second processor, when executing the second computer program, performs the steps of:
s1, receiving a first random number sent by the authentication server;
s2, receiving a second temporary public key sent by the authentication server;
s3, negotiating a secret key of a secure channel between the first random number and the second temporary public key and the first terminal according to the first random number and the second temporary public key;
the third processor, when executing the third computer program, performs the steps of:
s1, generating a first random number and a corresponding first temporary public key, sending the first temporary public key to a first terminal which trusts the first random number, and sending the first random number to a second terminal which trusts the first terminal;
s2, the second temporary public key generated by the first terminal is sent to the second terminal.
From the above description, the beneficial effects of the invention are as follows: introducing an authentication server except a first terminal and a second terminal of both communication parties as a trust party, wherein the first terminal and the authentication server are mutually trusted, and the second terminal and the authentication server are mutually trusted; the first random number and the corresponding first temporary public key are generated through the authentication server, the first random number is sent to the first terminal, the first temporary public key is sent to the second terminal, the second random number and the corresponding second temporary public key are generated through the second terminal, the second temporary public key is forwarded to the first terminal through the authentication server, the first terminal and the second terminal can mutually trust the identity of each other through the authentication server, the exchange of the temporary public keys is achieved, the secret keys for achieving a high-reliability data security channel between the first terminal and the second terminal are obtained through mutual negotiation according to the random numbers and the temporary public keys, and although the second terminal does not have a physical security protection mechanism, the trust server is used as a trust intermediary on one hand, and the first random number and the corresponding first temporary public key for secret key negotiation between the first terminal and the second terminal are generated through the authentication server on the other hand, so that the security of communication between the first terminal (such as a payment terminal) and the second terminal (such as a mobile terminal) is improved.
Further, the first terminal and the second terminal respectively establish a secure channel with the authentication server to realize mutual trust with the authentication server.
As can be seen from the above description, the authentication server performs a secure channel with the first terminal and the second terminal respectively, so as to ensure the security of the data interacted between the first terminal and the second terminal, thereby realizing mutual trust and improving the security of communication.
Further, the establishing a secure channel between the first terminal and the second terminal and the authentication server includes:
the first terminal and the authentication server share a first key set, and different first terminals have different first key sets;
the second terminal shares a second key set with the authentication server, and a different second terminal has a different second key set.
As can be seen from the above description, the authentication server is ensured to establish a point-to-point secure channel with the first terminal and the second terminal respectively through the shared key group, and different terminals share different key groups with the authentication server, so that the security of communication between the authentication server and the first terminal and the second terminal respectively is further improved.
Further, the first key set and the second key set are derived based on DUKPT key derivation protocol.
As is apparent from the above description, the security of communication between the authentication server and the first terminal and the second terminal can be further improved and divulging of secret can be prevented based on the key set derived by the DUKPT key derivation protocol, since the key used by the DUKPT per transaction is not used any more in the subsequent transaction, and the transaction terminal does not contain any related information of the transaction key used before the transaction terminal, nor any transaction password already used by other transaction terminals or to be used in the future.
Further, the first processor, when executing the first computer program, performs the steps of:
the step S1 is preceded by the steps of:
s01, generating a current first key group according to a serial number of a first terminal;
the second processor, when executing the second computer program, performs the steps of:
the step S1 is preceded by the steps of:
s01, generating a current second key group according to the serial number of the second terminal;
s02, forwarding a request for uploading a first terminal serial number sent by the authentication server to the first terminal;
receiving a first terminal serial number sent by the first terminal, and sending a request for acquiring a first random number to the authentication server, wherein the request comprises the first terminal serial number and a second terminal serial number;
The third processor, when executing the third computer program, performs the steps of:
the step S1 is preceded by the steps of:
s01, receiving a request for acquiring a first random number sent by the second terminal;
s02, determining a current first key group of the first terminal and a current second key group of the second terminal according to the first terminal serial number and the second terminal serial number respectively;
the step S1 of sending the first temporary public key to a first terminal trusted with the first temporary public key, and the step of sending the first random number to a second terminal trusted with the first temporary public key includes:
the first terminal mutually verifies the first key group to send the first temporary public key to the first terminal;
and the second terminal mutually verifies the second key group to realize that the first random number is sent to the second terminal.
As can be seen from the above description, the first terminal and the second terminal determine the current first key set and the current second key set according to the respective terminal serial numbers, the second terminal is used as a relay, the serial numbers of the first terminal and the second terminal are sent to the authentication server, and the authentication server obtains the corresponding first key set and second key set according to the serial numbers of the terminals and performs mutual authentication according to the key sets shared by the authentication server and the first terminal and the second terminal, so that the safety of communication between the authentication server and the second terminal is ensured, and the reliability and safety of data transmission are improved.
Further, the second key group includes a second data encryption key, a second terminal authentication code key, and a second authentication server authentication code key;
the request for obtaining the first random number further includes:
generating a second terminal authentication code according to the message of the request for acquiring the first random number and the second terminal authentication code key;
the second terminal authentication code is contained in the request for acquiring the first random number;
the mutual authentication between the first terminal and the second terminal through the second key group, and the implementation of sending the first random number to the second terminal comprises the following steps:
the third processor, when executing the third computer program, performs the steps of:
verifying the second terminal authentication code using the second terminal authentication code key;
encrypting the first random number by adopting the second data encryption key, generating a second authentication server authentication code according to the encrypted first random number and the second authentication server authentication code key, and transmitting the encrypted first random number and the second authentication server authentication code to the second terminal;
the second processor, when executing the second computer program, performs the steps of:
Verifying the second authentication server authentication code by adopting the second authentication server authentication code key, decrypting the encrypted first random number by adopting the second data encryption key, and acquiring and storing the first random number;
the first key set comprises a first authentication server authentication code key;
the mutual authentication between the first terminal and the first terminal through the first key group, and the implementation of sending the first temporary public key to the first terminal comprises the following steps:
the third processor, when executing the third computer program, performs the steps of:
generating a first authentication server authentication code according to the first temporary public key and the first authentication server authentication code key, and sending the first temporary public key and the first authentication server authentication code to the first terminal through the second terminal;
the first processor, when executing the first computer program, performs the steps of:
and verifying the first authentication server authentication code by adopting the first authentication server authentication code key, and acquiring and storing the first temporary public key.
Further, the first key group further comprises a first terminal authentication code key;
the generating the second random number and the corresponding second temporary public key, and the transmitting the second temporary public key to the second terminal through the authentication server includes:
Generating a second random number and a corresponding second temporary public key, generating a first terminal authentication code according to the second temporary public key and a first terminal authentication code key, and transmitting the second temporary public key and the first terminal authentication code to the authentication server through the second terminal;
the third processor, when executing the third computer program, performs the steps of:
verifying the first terminal authentication code by the first terminal authentication code key to acquire the second temporary public key;
generating a third authentication server authentication code according to the second temporary public key and the second authentication server authentication code key, and sending the second temporary public key and the third authentication server authentication code to the second terminal;
the second processor, when executing the second computer program, performs the steps of:
and verifying the third authentication server authentication code by adopting the second authentication server authentication code key, and acquiring and storing the second temporary public key.
As is apparent from the above description, the key group shared between the authentication server and the first terminal and the second terminal includes two-way authentication code keys to achieve authentication of the identity of the other party, and the key group shared between the server and the first terminal further includes an encryption key for encrypting data transmitted therebetween, ensuring security of the transmitted data.
Further, the first terminal and the second terminal both adopt an ECDH key negotiation protocol to negotiate the key of the secure channel between them.
As can be seen from the above description, the key negotiation protocol through the ECDH key negotiation protocol can negotiate a key without the first terminal and the second terminal sharing any key, and the mutual trust problem of the first terminal and the second terminal of the two communication parties is guaranteed by introducing the authentication server which respectively trust with the first terminal and the second terminal, so that the authentication server is used as an authentication intermediary, the problem that the key negotiation protocol of the ECDH cannot solve the mutual trust problem of the two communication parties is solved, and the security of the negotiated key is guaranteed.
Further, after negotiating the key of the secure channel between the first terminal and the second terminal, the method further comprises:
the first terminal and the second terminal respectively adopt a KDF key derivation algorithm to generate a third data encryption key, a first terminal-to-second terminal direction authentication code key and a second terminal-to-first terminal direction authentication code key according to the negotiated keys, and the third data encryption key, the first terminal-to-second terminal direction authentication code key and the second terminal-to-first terminal direction authentication code key are used as a third key group of a secure channel between the first terminal and the second terminal.
As can be seen from the above description, after the two communication parties negotiate the secret key of the secure channel between them, the two communication parties can further adopt a KDF secret key derivation algorithm to generate the secret key of the required number according to the negotiated secret key, and the secret key is used as the secret key set required for communication between them, so that not only is the flexibility of generating the secret key set improved, but also the security of communication between them is improved.
Further, the second key group is hidden in the application program of the second terminal by adopting a key white-box technology.
As can be seen from the above description, since the second terminal is a non-data secure device, there is no secure physical environment that can secure data, and the key stored in the code can be encrypted by the key white-box technology, so as to enhance the security protection of the key in the program under the non-secure environment.
Further, the second key set is updated periodically.
From the above description, since the key white-box technology cannot guarantee the long-term security of the key, the security of the key is further guaranteed through regular updating.
Further, the third processor, when executing the third computer program, performs the steps of:
after negotiating the secret key of the security channel between the first terminal and the second terminal, periodically sending inquiry commands to the first terminal and the second terminal respectively, and periodically receiving terminal unique identification information sent by the first terminal and the second terminal;
And respectively determining the legitimacy of the first terminal and the second terminal according to the terminal unique identification information of each of the first terminal and the second terminal.
As can be seen from the above description, after the first terminal and the second terminal establish the secure channel, the authentication server periodically queries the first terminal and the second terminal to determine the legitimacy of the first terminal and the second terminal, so that the legitimacy of the first terminal and the second terminal can be tracked, and the security of communication is further ensured.
Further, a validity period is set for the third key group;
and when the establishment time of the third key group exceeds the validity period or the disconnection physical connection of the first terminal and the second terminal, the first terminal and the second terminal renegotiate the third key group.
As is apparent from the above description, by setting the validity period for the third key set, negotiation of the key set is resumed when the validity period expires or both communication parties are disconnected physically.
The method and the system for negotiating the secret key of the security channel can be applied to all scenes of which one party is data security equipment, such as a security payment terminal with a security module for storing the security secret key, and the other party is non-data security equipment, such as a common mobile terminal, and a third party trust center, such as an authentication server, can be introduced, and the following description is made with reference to specific application scenes:
Example 1
Referring to fig. 1, a method for negotiating a key of a secure channel includes:
s1, an authentication server generates a first random number and a corresponding first temporary public key, the first temporary public key is sent to a first terminal which is mutually trusted with the first random number, the first random number is sent to a second terminal which is mutually trusted with the first terminal, the first terminal is data security equipment, and the second terminal is non-data security equipment;
s2, the first terminal generates a second random number and a corresponding second temporary public key, and the second temporary public key is sent to the second terminal through the authentication server;
s3, the first terminal and the second terminal negotiate the secret key of the security channel between the first terminal and the second terminal according to the random number and the temporary public key of each terminal respectively;
the first terminal and the second terminal respectively establish a secure channel with the authentication server to realize mutual trust with the authentication server;
specifically, the establishing, by the first terminal and the second terminal, a secure channel with the authentication server includes:
the first terminal and the authentication server share a first key set, and different first terminals have different first key sets;
The second terminal shares a second key set with the authentication server, and different second terminals have different second key sets;
the first key group and the second key group are derived based on a DUKPT key derivation protocol;
where DUKPT is Derived Unique Key Per Transaction, chinese translation, is a unique derivative key per transaction, which is a special key management scheme defined in accordance with ANSI X9.24. The key which is actually used can be realized, and the key is forbidden to be used again after being used up; this approach differs from the general sense of UKPT (one-time pad) in that the implementation principle is relatively complex with respect to MK/SK; a transaction terminal using this technique, which uses a key for each transaction, and which is not used in the subsequent transactions; the transaction terminal does not contain any related information of the transaction key used before the transaction terminal, and does not contain any transaction key used by other transaction terminals or to be used in the future, so that the disclosure of the transaction key used before can be greatly reduced; furthermore, by using the DUKPT method, the encrypted new transaction key does not need to be downloaded from the communication network frequently like the MK/SK method, so the possibility of obtaining the new key through eavesdropping is greatly reduced;
The key of the system has the following characteristics:
firstly, the terminal downloads an initial key IK in advance and distributes the initial key IK to a terminal key serial number KSN, when in communication, the terminal needs to upload the KSN, and the server side can synchronize an IK identical to the terminal according to the KSN;
secondly, the terminal sends a KEY transaction count TC, the server can calculate an actual KEY used by the current terminal according to the TC, after the TC is used up, the terminal can change the TC according to rules, and the actual KEY corresponding to the previous TC can be discarded, so that the security of the KEY is greatly improved; .
In the step S3, the first terminal and the second terminal both adopt an ECDH key agreement protocol to negotiate the key of the secure channel between them;
the working principle of ECDH is as follows:
it is used in combination with the ECC algorithm and DH for key negotiation, this key exchange algorithm is called ECDH, and the exchange parties can negotiate a key without sharing any secret;
ECC is a cryptosystem built on a discrete logarithm problem based on elliptic curves, given a point P on the elliptic curve, an integer k, it is easy to solve q=kp; given a point P, Q, knowing q=kp, integer k is indeed a problem, and ECDH builds on this mathematical problem. Key negotiation process:
It is assumed that both key exchanges are Alice, bob, which have shared curve parameters (elliptic curve E, order N, base point G).
1) Alice generates a random integer a, calculates a=a×g, and generates a temporary public key a of Alice, where a is a transformation of the random number a, and is not an authentication key of a.
2) Bob generates a random integer B, calculates b=b×g, generates a Bob temporary public key B, is a transformation of the random number B, and is not an identity authentication key of B;
3) Alice transmits a to Bob, and the transmission of a can be disclosed, i.e. an attacker can acquire a;
since the discrete logarithm problem of elliptic curves is a problem, an attacker cannot calculate a through A, G.
4) Bob transmits B to Alice, and similarly, B may be disclosed;
5) Bob receives a transmitted by Alice and calculates q=b×a, i.e., bob obtains a symmetric key Q through its private key and Alice's public key;
6) Alice receives B transmitted by Bob, calculates Q ' =a×b, i.e., alice obtains a symmetric key Q ' by its private key and Bob's public key;
alice and Bob obtain q=b=b (a×g) = (b×a) = (a×b) = g=a (b×g) = a×b=q' (exchange and combination laws), i.e. both obtain a consistent key Q;
the key negotiation protocol of the ECDH can not solve the mutual trust problem of the two communication parties, but the technical scheme of the invention introduces an authentication server trusted by the two communication parties, and solves the mutual trust problem of the two communication parties in the key negotiation protocol of the ECDH by taking the authentication server as a trust intermediary.
Example two
Based on the first embodiment, the second embodiment further describes how the authentication server realizes mutual authentication with the first terminal and the second terminal based on the shared password group, so as to solve the mutual trust problem of the two communication parties:
the step S1 is preceded by the steps of:
s01, the first terminal and the second terminal respectively generate a current first key group and a current second key group according to the sequence numbers of the first terminal and the second terminal;
specifically, the embodiment describes with the interaction between the secure payment terminal SPT and the common mobile terminal, and an application scenario of a background authentication Server (background Server) that is mutually trusted with the secure payment terminal SPT and the common mobile terminal, respectively, where the background authentication Server (background Server) is used to prove the identity of the payment terminal to the mobile terminal during the data secure channel establishment process, prove the identity of the mobile terminal to the payment terminal, and an application program (mp_app) on the mobile terminal is used to interact specific protocol data with the payment terminal and the background authentication Server during the data secure channel establishment process, and finally establish a secure channel between the payment terminal and the secure payment terminal, and a trusted Secure Payment Terminal (SPT) is used to interact specific protocol data with the mobile terminal during the data secure channel establishment process, and finally establish a secure channel between the secure terminal and the mobile terminal, where the background authentication Server is connected with an encryptor device HSM, and the system architecture is shown in fig. 3:
The background authentication server downloads different KEYserver-SPT KEY groups, namely a first KEY group, respectively aiming at each SPT device, wherein the KEY groups are derived based on DUKPT KEY derivation protocol, the group KEYs are symmetric KEYs, each group KEY group is actually composed of a data encryption KEY and two authentication KEYs (MAC KEYs) representing different communication directions, namely an authentication KEY from the background authentication server to the SPT device communication direction, an authentication KEY from the SPT device to the background authentication server communication direction, and different SPT devices, KEYs server-SPT The key sets are different;
backgroundThe authentication server side will index to the corresponding KEY according to the KSN_SPT serial number sent by the SPT device server-SPT A key group; the time for downloading the group key is generally the production stage; because the background authentication server and the SPT equipment share the group of keys, a point-to-point secure channel can be established between the background authentication server and the SPT equipment to come out;
background authentication server generation KEY server-MP_APP The key group, namely the second key group, wherein the keys in the key group are symmetric keys, are maintained by a background authentication server and are derived based on a DUKPT key derivation protocol; each group of keys actually consists of a data encryption key and two authentication keys (MAC keys) representing different communication directions, namely an authentication key from a background authentication server to a common mobile terminal communication direction and an authentication key from the common mobile terminal to the background authentication server communication direction, wherein the group of keys are hidden in an application program of the common mobile terminal by adopting a key white box scheme;
The application program (MP_APP) on the common mobile terminal is updated periodically by the operator server, and the group key can ensure the security of the key in a relatively long time (such as 1 month) due to the adoption of a key white-box technology, which is a technical means for encrypting the key stored in the code, so that the security protection of the key in the program under the unsafe environment can be enhanced in theory, but long-term security cannot be ensured, and periodic replacement is required; therefore, the background authentication server can periodically upgrade the program and change the group key in the key security period;
the KEY in each common mobile terminal MP_APP has a corresponding KSN_MP_APP index number, and the background authentication server finds a corresponding KEY according to the KSN_MP_APP number uploaded by the common mobile terminal server-MP_APP A key group; because the background authentication server and the MP_APP software share the group of key sets, a point-to-point security channel can be established between the background authentication server and the MP_APP software;
s02, the second terminal forwards a request sent by the authentication server and used for uploading a first terminal serial number to the first terminal;
the second terminal receives a first terminal serial number sent by the first terminal, and sends a request for obtaining a first random number to the authentication server, wherein the request comprises the first terminal serial number and the second terminal serial number;
Specifically, the MP_APP receives a command of 'requesting SPT to send KSN_SPT' sent by a background authentication server;
MP_APP forwards the command to SPT;
the SPT acquires the current KSN_SPT and sends the KSN_SPT to the MP_APP;
the MP_APP acquires KSN_SPT, acquires current KSN_MP_APP, and sends a request for acquiring a first random number to a background authentication server, wherein the request comprises KSN_SPT and KSN_MP_APP;
s03, the authentication server respectively determines a current first key group of the first terminal and a current second key group of the second terminal according to the first terminal serial number and the second terminal serial number;
wherein, in the step S1, the sending the first temporary public key to the first terminal trusted mutually therewith, and the sending the first random number to the second terminal trusted mutually therewith includes:
the authentication server and the first terminal mutually verify through the first key group to realize that the first temporary public key is sent to the first terminal;
the authentication server and the second terminal mutually verify through the second key group to realize that the first random number is sent to the second terminal;
The mutual authentication between the authentication server and the first terminal, and between the authentication server and the second terminal is specifically as follows:
the second KEY group is KEY server-MP_APP Key set comprising a second data encryption key TK MP_APPdata Second terminal authentication code key TK MacReqMP_APP And a second authentication server authentication code key TK MacRespMP_APP
The request for obtaining the first random number further includes:
generating a second terminal authentication code according to the message of the request for acquiring the first random number and the second terminal authentication code key;
the second terminal authentication code is contained in the request for acquiring the first random number;
specifically, the message of the request for obtaining the first random number includes data:
DATA=KSN_SPT||KSN_MP_APP||GetRandom_a_TAG;
by TK MacReqMP_APP Calculating a second terminal authentication code for said DATA:
{DATA}TK MacReqMP_APP wherein, in the embodiment of the invention:
{ data } k means an authentication code of data (typically MAC (generated with 'k' key));
the data sent by the mp_app to the backend authentication server is:
MAG=DATA||{DATA}TK MacReqMP_APP
the authentication server and the second terminal mutually verify through the second key set, and the sending of the first random number to the second terminal comprises the following steps:
the authentication server obtains the KEY currently actually used by the MP_APP according to the KSN_MP_AP contained in the data sent by the MP_APP to the back-end authentication server server-MP_APP A key set, a second terminal authentication code key TK in the key set is used MacReqMP_APP Verifying the second terminal authentication code { DATA } TK MacReqMP_APP
If the authentication is passed, the authentication server generates a random number a and aG for a random number for ECDH key exchange protocol and adopts the second data encryption key TK MP_APPdata Encrypting the first random number a, generating a second authentication server authentication code according to the encrypted first random number and the second authentication server authentication code key, and transmitting the encrypted first random number and the second authentication server authentication code to the second terminal;
specifically, an encrypted first random number is generated:
DATA=[Random ECDH'a']TK MP_APP data wherein, in the embodiment of the invention:
[ data ] k means ciphertext in which data is encrypted with key k;
and transmits msg=data|| { DATA } TK MacRespMP_APP Giving MP_APP;
the MP_APP adopts the authentication code key TK of the second authentication server MacRespMP_APP Verifying the second authentication server authentication code { DATA } TK MacRespMP_APP If the verification is passed, the second data encryption key TK is adopted MP_APP data Decrypting the encrypted first random number, and acquiring and storing the first random number a;
the first KEY group, i.e. KEY server-SPT Key set comprising a first authentication server authentication code key TK MacRespSPT
The authentication server and the first terminal mutually authenticate through the first key group, and the sending of the first temporary public key to the first terminal comprises the following steps:
the authentication server generates a first authentication server authentication code according to the first temporary public key and the first authentication server authentication code key, and sends the first temporary public key and the first authentication server authentication code to the first terminal through the second terminal;
specifically, the background authentication server obtains the KEY using ksn_spt server-SPT Key set, using TK in the key set MacRespSPT Calculating a first authentication server authentication code of a first temporary public key aG, and deleting a; and sends msg=ag|| { aG } TK to mp_app MACSPT MP_APP forwards MSG to SPT;
the first terminal verifies the first authentication server authentication code by adopting the first authentication server authentication code key, and acquires and stores the first temporary public key;
specifically, SPT calculates the current KEY based on KSN_SPT server-SPT Key set, TK MacRespSPT Validating { aG } TK MACSPT If the verification is passed, the first temporary public key aG is kept;
the first KEY group KEY server-SPT The key set further comprises a first terminal authentication code key TK MacReqSPT
The step S2 includes:
The first terminal generates a second random number and a corresponding second temporary public key, generates a first terminal authentication code according to the second temporary public key and a first terminal authentication code key, and sends the second temporary public key and the first terminal authentication code to the authentication server through the second terminal;
the authentication server verifies the first terminal authentication code through the first terminal authentication code key to acquire the second temporary public key;
the authentication server generates a third authentication server authentication code according to the second temporary public key and the second authentication server authentication code key, and sends the second temporary public key and the third authentication server authentication code to the second terminal;
the second terminal verifies the third authentication server authentication code by adopting the second authentication server authentication code key, and acquires and stores the second temporary public key;
specifically, the SPT generates a second random number b and a corresponding second temporary public key bG for the ECDH key exchange protocol, and uses the bG with the first terminal authentication code key TK MacReqSPT After calculating MAC, sending the MAC to a background authentication server through a common mobile terminal MP_APP, and sending data:
MSG=bG||{bG}TK MacReqSPT
the background authentication server uses TK MacReqSPT Validating { bG } TK MacReqSPT After passing the verification, obtaining a second temporary public key bG;
the background authentication server sends data MSG=bG|| { bG } TK to the MP_APP MacRespMP_APP
MP_APP Using TK MacRespMP_APP Validating { bG } TK MacRespMP_APP Acquiring and storing a second temporary public key bG;
through the verification, the identity of the opposite party is authenticated by utilizing two secure channels between the server and the MP_APP as well as between the server and the SPT and on the basis of a background authentication server as a trusted party, and a temporary secret key of the secure channel between the two is generated based on the principle of an ECDH secret key negotiation protocol;
in the interaction process, the SPT and the background authentication server are not in direct physical contact, and communication between the SPT and the background authentication server is transferred through the mp_app, but the SPT is preloaded with the first key set managed by the background authentication server in the production stage, so that the communication between the SPT and the background authentication server is also point-to-point secure communication, the mp_app is used as a data transfer person, and the data which need to be kept secret by both parties cannot be obtained.
Example III
The present embodiment further includes, based on the first embodiment or the second embodiment, step S3:
the first terminal and the second terminal respectively adopt a KDF key derivation algorithm to generate a third data encryption key, a first terminal-to-second terminal direction authentication code key and a second terminal-to-first terminal direction authentication code key according to the negotiated keys, and the third data encryption key, the first terminal-to-second terminal direction authentication code key and the second terminal-to-first terminal direction authentication code key are used as a third key group of a secure channel between the first terminal and the second terminal;
Specifically, a key abG of a temporary secure channel between the SPT and the mp_app is generated based on the ECDH key agreement protocol principle;
generating a third key set using a KDF key derivation algorithm according to abG;
the specific settings of the KDF algorithm are as follows:
key derivation is performed following the key derivation approach described in < NIST Special Publication 800-108>, alternatively specific parameters may be as follows:
the function functions are as follows: HMAC-SHA 256;
mode: counter mode;
context: (aG) x (aG) y (bG) x (bG) y, wherein || refers to splicing the front and rear two contents;
L=256;
Counter=0;
third data encryption key K MP_APP-SPT data =KDF[0-15]MP_APP to SPT authentication code key K MacReqMP_APP-SPT =KDF[16-31]The method comprises the steps of carrying out a first treatment on the surface of the SPT to mp_app authentication code key: counter=1, which is the same as the above setting, K MacRespMP_APP-SPT =KDF[0-15];
The step S3 further includes:
the authentication server respectively sends query commands to the first terminal and the second terminal at regular intervals (for example, 8 minutes is not longer than 10 minutes), and periodically receives terminal unique identification information sent by the first terminal and the second terminal, wherein the terminal unique information comprises software and hardware information;
determining the legitimacy of a first terminal and a second terminal according to the unique terminal identification information of the first terminal and the second terminal respectively;
Wherein a validity period is set for the third key group, and preferably the validity period is 24 hours;
when the establishment time of the third key group exceeds the validity period or the disconnection of the first terminal and the second terminal, the first terminal and the second terminal renegotiate the third key group, namely renegotiate according to the steps to obtain a key abG for establishing the two-party security channel, and generate the third key group by adopting a KDF algorithm;
the number of specific keys can be set according to actual situation requirements, and a plurality of keys can be negotiated;
the method for negotiating the secret key of the security channel can be applied to a mobile sales terminal scene, merchants can input PIN on own common mobile equipment, transmit the PIN to the security payment terminal through the security data channel established by negotiating, realize the packing encryption operation of the whole transaction message on the security payment terminal, and then safely transmit the transaction message to a background server through the mobile terminal, thereby increasing popularization of electronic payment transaction.
Example IV
Referring to fig. 2, a system 10 for negotiating a secret key of a secure channel includes a first terminal 1, a second terminal 4 and an authentication server 7, wherein the first terminal 1 is a data security device, and the second terminal 4 is a non-data security device;
The first terminal 1 comprises a first memory 2, a first processor 3 and a first computer program stored on the first memory 2 and executable on the first processor 3, the second terminal 4 comprises a second memory 5, a second processor 6 and a second computer program stored on the second memory 5 and executable on the second processor 6, the authentication server 7 comprises a third memory 8, a third processor 9 and a third computer program stored on the third memory 8 and executable on the third processor 9, the steps performed by the first terminal 1 in any of the first to third embodiments are realized when the first processor 3 executes the first computer program, the steps performed by the second terminal 4 in any of the first to third embodiments are realized when the second processor 6 executes the second computer program, and the steps performed by the authentication server 7 in any of the first to third embodiments are realized when the third processor 9 executes the third computer program.
In summary, the third-party background server outside the communication parties is introduced as the trusted party, the first terminal and the background server trust each other, the second terminal has a physical security protection mechanism, but on the one hand, the background server is used as a trust medium, on the other hand, the key random numbers used by the first terminal and the second terminal are also generated by the background server, the possibility of forgery does not exist, the key group of the direct mutual authentication between the background server and the first terminal and the second terminal is derived based on the DUKPT key derivation protocol, the key group of the secure channel between the first terminal and the second terminal is negotiated by adopting the ECDH key negotiation protocol, the key group of the secure communication between the first terminal and the second terminal is generated according to the negotiated key after the key negotiation is completed, the validity period of the key group is set, and the first terminal and the second terminal are tracked regularly through the background server, thereby greatly improving the security of the first terminal and the second terminal, and the security of the first terminal.
The foregoing description is only illustrative of the present invention and is not intended to limit the scope of the invention, and all equivalent changes made by the specification and drawings of the present invention, or direct or indirect application in the relevant art, are included in the scope of the present invention.

Claims (24)

1. A method for negotiating a key of a secure tunnel, comprising:
s1, an authentication server generates a first random number and a corresponding first temporary public key, the first temporary public key is sent to a first terminal which is mutually trusted with the first random number, the first random number is sent to a second terminal which is mutually trusted with the first terminal, the first terminal is data security equipment, and the second terminal is non-data security equipment;
s2, the first terminal generates a second random number and a corresponding second temporary public key, and the second temporary public key is sent to the second terminal through the authentication server;
s3, the first terminal and the second terminal negotiate the secret key of the security channel between the first terminal and the second terminal according to the random number and the temporary public key of each terminal respectively;
in the step S3, the first terminal and the second terminal both adopt ECDH key negotiation protocol to negotiate the key of the secure channel between them.
2. The method according to claim 1, wherein the first terminal and the second terminal establish a secure channel with the authentication server to achieve mutual trust with the authentication server, respectively.
3. The method for negotiating the key of a secure tunnel according to claim 2, wherein said first terminal and said second terminal respectively establish a secure tunnel with said authentication server comprises:
the first terminal and the authentication server share a first key set, and different first terminals have different first key sets;
the second terminal shares a second key set with the authentication server, and a different second terminal has a different second key set.
4. A method of negotiating keys for a secure channel according to claim 3, characterized in that said first and second key sets are derived based on DUKPT key derivation protocol.
5. The method for negotiating the key of a secure tunnel according to claim 3 or 4, characterized in that said step S1 is preceded by the step of:
s01, the first terminal and the second terminal respectively generate a current first key group and a current second key group according to the sequence numbers of the first terminal and the second terminal;
S02, the second terminal forwards a request sent by the authentication server and used for uploading a first terminal serial number to the first terminal;
the second terminal receives a first terminal serial number sent by the first terminal, and sends a request for obtaining a first random number to the authentication server, wherein the request comprises the first terminal serial number and the second terminal serial number;
s03, the authentication server respectively determines a current first key group of the first terminal and a current second key group of the second terminal according to the first terminal serial number and the second terminal serial number;
the step S1 of sending the first temporary public key to a first terminal trusted with the first temporary public key, and the step of sending the first random number to a second terminal trusted with the first temporary public key includes:
the authentication server and the first terminal mutually verify through the first key group to realize that the first temporary public key is sent to the first terminal;
and the authentication server and the second terminal realize mutual authentication through the second key group, so as to send the first random number to the second terminal.
6. The method for negotiating the keys of a secure tunnel according to claim 5, wherein,
The second key group comprises a second data encryption key, a second terminal authentication code key and a second authentication server authentication code key;
the request for obtaining the first random number further includes:
generating a second terminal authentication code according to the message of the request for acquiring the first random number and the second terminal authentication code key;
the second terminal authentication code is contained in the request for acquiring the first random number;
the authentication server and the second terminal mutually verify through the second key set, and the sending of the first random number to the second terminal comprises the following steps:
the authentication server verifies the second terminal authentication code using the second terminal authentication code key;
the authentication server encrypts the first random number by adopting the second data encryption key, generates a second authentication server authentication code according to the encrypted first random number and the second authentication server authentication code key, and sends the encrypted first random number and the second authentication server authentication code to the second terminal;
the second terminal verifies the second authentication server authentication code by adopting the second authentication server authentication code key, decrypts the encrypted first random number by adopting the second data encryption key, and acquires and stores the first random number;
The first key set comprises a first authentication server authentication code key;
the authentication server and the first terminal mutually authenticate through the first key group, and the sending of the first temporary public key to the first terminal comprises the following steps:
the authentication server generates a first authentication server authentication code according to the first temporary public key and the first authentication server authentication code key, and sends the first temporary public key and the first authentication server authentication code to the first terminal through the second terminal;
and the first terminal verifies the first authentication server authentication code by adopting the first authentication server authentication code key, and acquires and stores the first temporary public key.
7. The method of key agreement for a secure channel according to claim 6, wherein the first key set further includes a first terminal authentication code key;
the step S2 includes:
the first terminal generates a second random number and a corresponding second temporary public key, generates a first terminal authentication code according to the second temporary public key and a first terminal authentication code key, and sends the second temporary public key and the first terminal authentication code to the authentication server through the second terminal;
The authentication server verifies the first terminal authentication code through the first terminal authentication code key to acquire the second temporary public key;
the authentication server generates a third authentication server authentication code according to the second temporary public key and the second authentication server authentication code key, and sends the second temporary public key and the third authentication server authentication code to the second terminal;
and the second terminal verifies the third authentication server authentication code by adopting the second authentication server authentication code key, and acquires and stores the second temporary public key.
8. The method for negotiating the key of a security channel according to claim 1 or 7, wherein said step S3 further comprises:
the first terminal and the second terminal respectively adopt a KDF key derivation algorithm to generate a third data encryption key, a first terminal-to-second terminal direction authentication code key and a second terminal-to-first terminal direction authentication code key according to the negotiated keys, and the third data encryption key, the first terminal-to-second terminal direction authentication code key and the second terminal-to-first terminal direction authentication code key are used as a third key group of a secure channel between the first terminal and the second terminal.
9. The method according to claim 5, wherein the second key set is hidden in the application of the second terminal by using a key white-box technique.
10. The method of claim 9, wherein the second key set is updated periodically.
11. The method for negotiating the key of a security channel according to claim 1, wherein said step S3 further comprises:
the authentication server respectively sends inquiry commands to the first terminal and the second terminal at regular intervals and receives terminal unique identification information sent by the first terminal and the second terminal at regular intervals;
and respectively determining the legitimacy of the first terminal and the second terminal according to the terminal unique identification information of each of the first terminal and the second terminal.
12. The method of claim 8, wherein a validity period is set for the third key group;
and when the establishment time of the third key group exceeds the validity period or the disconnection physical connection of the first terminal and the second terminal, the first terminal and the second terminal renegotiate the third key group.
13. The key negotiation system of the security channel comprises a first terminal, a second terminal and an authentication server, wherein the first terminal is data security equipment, and the second terminal is non-data security equipment;
The first terminal comprises a first memory, a first processor and a first computer program stored on the first memory and capable of running on the first processor, the second terminal comprises a second memory, a second processor and a second computer program stored on the second memory and capable of running on the second processor, and the authentication server comprises a third memory, a third processor and a third computer program stored on the third memory and capable of running on the third processor, and the steps are realized when the first processor executes the first computer program:
s1, receiving a first temporary public key sent by the authentication server;
s2, generating a second random number and a corresponding second temporary public key, and transmitting the second temporary public key to the second terminal through the authentication server;
s3, negotiating a secret key of a secure channel between the second random number and the first temporary public key and the second terminal according to the second random number and the first temporary public key;
the second processor, when executing the second computer program, performs the steps of:
s1, receiving a first random number sent by the authentication server;
S2, receiving a second temporary public key sent by the authentication server;
s3, negotiating a secret key of a secure channel between the first random number and the second temporary public key and the first terminal according to the first random number and the second temporary public key;
the third processor, when executing the third computer program, performs the steps of:
s1, generating a first random number and a corresponding first temporary public key, sending the first temporary public key to a first terminal which trusts the first random number, and sending the first random number to a second terminal which trusts the first terminal;
s2, the second temporary public key generated by the first terminal is sent to the second terminal;
the first terminal and the second terminal both negotiate the key of the secure channel between them using an ECDH key negotiation protocol.
14. The system according to claim 13, wherein the first terminal and the second terminal establish a secure channel with the authentication server to achieve mutual trust with the authentication server, respectively.
15. The system for negotiating the keys of a secure tunnel according to claim 14, wherein said first and second terminals respectively establish a secure tunnel with said authentication server comprises:
The first terminal and the authentication server share a first key set, and different first terminals have different first key sets;
the second terminal shares a second key set with the authentication server, and a different second terminal has a different second key set.
16. The secure tunnel key agreement system according to claim 15, wherein the first key set and the second key set are both derived based on DUKPT key derivation protocol.
17. A system for negotiating the keys of a secure tunnel according to claim 15 or 16, characterized in that said first processor, when executing said first computer program, implements the steps of:
the step S1 is preceded by the steps of:
s01, generating a current first key group according to a serial number of a first terminal;
the second processor, when executing the second computer program, performs the steps of:
the step S1 is preceded by the steps of:
s01, generating a current second key group according to the serial number of the second terminal;
s02, forwarding a request for uploading a first terminal serial number sent by the authentication server to the first terminal;
receiving a first terminal serial number sent by the first terminal, and sending a request for acquiring a first random number to the authentication server, wherein the request comprises the first terminal serial number and a second terminal serial number;
The third processor, when executing the third computer program, performs the steps of:
the step S1 is preceded by the steps of:
s01, receiving a request for acquiring a first random number sent by the second terminal;
s02, determining a current first key group of the first terminal and a current second key group of the second terminal according to the first terminal serial number and the second terminal serial number respectively;
the step S1 of sending the first temporary public key to a first terminal trusted with the first temporary public key, and the step of sending the first random number to a second terminal trusted with the first temporary public key includes:
the first terminal mutually verifies the first key group to send the first temporary public key to the first terminal;
and the second terminal mutually verifies the second key group to realize that the first random number is sent to the second terminal.
18. The secure tunnel key agreement system of claim 17, wherein the second key set includes a second data encryption key, a second terminal authentication code key, and a second authentication server authentication code key;
the request for obtaining the first random number further includes:
Generating a second terminal authentication code according to the message of the request for acquiring the first random number and the second terminal authentication code key;
the second terminal authentication code is contained in the request for acquiring the first random number;
the mutual authentication between the first terminal and the second terminal through the second key group, and the implementation of sending the first random number to the second terminal comprises the following steps:
the third processor, when executing the third computer program, performs the steps of:
verifying the second terminal authentication code using the second terminal authentication code key;
encrypting the first random number by adopting the second data encryption key, generating a second authentication server authentication code according to the encrypted first random number and the second authentication server authentication code key, and transmitting the encrypted first random number and the second authentication server authentication code to the second terminal;
the second processor, when executing the second computer program, performs the steps of:
verifying the second authentication server authentication code by adopting the second authentication server authentication code key, decrypting the encrypted first random number by adopting the second data encryption key, and acquiring and storing the first random number;
The first key set comprises a first authentication server authentication code key;
the mutual authentication between the first terminal and the first terminal through the first key group, and the implementation of sending the first temporary public key to the first terminal comprises the following steps:
the third processor, when executing the third computer program, performs the steps of:
generating a first authentication server authentication code according to the first temporary public key and the first authentication server authentication code key, and sending the first temporary public key and the first authentication server authentication code to the first terminal through the second terminal;
the first processor, when executing the first computer program, performs the steps of:
and verifying the first authentication server authentication code by adopting the first authentication server authentication code key, and acquiring and storing the first temporary public key.
19. The secure tunnel key negotiation system of claim 18, wherein said first key set further comprises a first terminal authentication code key;
the generating the second random number and the corresponding second temporary public key, and the transmitting the second temporary public key to the second terminal through the authentication server includes:
Generating a second random number and a corresponding second temporary public key, generating a first terminal authentication code according to the second temporary public key and a first terminal authentication code key, and transmitting the second temporary public key and the first terminal authentication code to the authentication server through the second terminal;
the third processor, when executing the third computer program, performs the steps of:
verifying the first terminal authentication code by the first terminal authentication code key to acquire the second temporary public key;
generating a third authentication server authentication code according to the second temporary public key and the second authentication server authentication code key, and sending the second temporary public key and the third authentication server authentication code to the second terminal;
the second processor, when executing the second computer program, performs the steps of:
and verifying the third authentication server authentication code by adopting the second authentication server authentication code key, and acquiring and storing the second temporary public key.
20. The system for negotiating the keys of a secure tunnel according to claim 13, wherein said first terminal and said second terminal after negotiating the keys of the secure tunnel therebetween further comprises:
The first terminal and the second terminal respectively adopt a KDF key derivation algorithm to generate a third data encryption key, a first terminal-to-second terminal direction authentication code key and a second terminal-to-first terminal direction authentication code key according to the negotiated keys, and the third data encryption key, the first terminal-to-second terminal direction authentication code key and the second terminal-to-first terminal direction authentication code key are used as a third key group of a secure channel between the first terminal and the second terminal.
21. The system for negotiating the keys of a secure tunnel according to claim 17, characterized in that said second key set is hidden in the application of said second terminal by means of a key white-box technique.
22. The secure tunnel key negotiation system of claim 21, wherein said second key set is updated periodically.
23. A secure channel key agreement system according to claim 13 or 21, wherein the third processor when executing the third computer program performs the steps of:
after negotiating the secret key of the security channel between the first terminal and the second terminal, periodically sending inquiry commands to the first terminal and the second terminal respectively, and periodically receiving terminal unique identification information sent by the first terminal and the second terminal;
And respectively determining the legitimacy of the first terminal and the second terminal according to the terminal unique identification information of each of the first terminal and the second terminal.
24. The system for negotiating the keys of a secure tunnel according to claim 20, wherein a validity period is set for said third key set;
and when the establishment time of the third key group exceeds the validity period or the disconnection physical connection of the first terminal and the second terminal, the first terminal and the second terminal renegotiate the third key group.
CN201910978196.4A 2019-10-15 2019-10-15 Method and system for negotiating secret key of security channel Active CN110912686B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910978196.4A CN110912686B (en) 2019-10-15 2019-10-15 Method and system for negotiating secret key of security channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910978196.4A CN110912686B (en) 2019-10-15 2019-10-15 Method and system for negotiating secret key of security channel

Publications (2)

Publication Number Publication Date
CN110912686A CN110912686A (en) 2020-03-24
CN110912686B true CN110912686B (en) 2023-05-05

Family

ID=69815442

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910978196.4A Active CN110912686B (en) 2019-10-15 2019-10-15 Method and system for negotiating secret key of security channel

Country Status (1)

Country Link
CN (1) CN110912686B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112291190B (en) * 2020-07-28 2022-10-14 国网思极网安科技(北京)有限公司 Identity authentication method, terminal and server
CN112055019B (en) * 2020-09-03 2022-09-27 深圳市百富智能新技术有限公司 Method for establishing communication channel and user terminal
CN112153583B (en) * 2020-09-28 2022-04-01 中国电子科技集团公司第五十四研究所 Multi-key negotiation method for encryption and decryption services
WO2022088094A1 (en) * 2020-10-30 2022-05-05 华为技术有限公司 Secure communication method and apparatus
CN112332978B (en) * 2020-11-10 2022-09-20 上海商米科技集团股份有限公司 Remote key injection method based on key agreement
CN113810382B (en) * 2021-08-24 2023-07-11 东北大学秦皇岛分校 Ciphertext loading method for resisting SGX side channel attack

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719825A (en) * 2009-04-30 2010-06-02 中兴通讯股份有限公司 Method and system for realizing safe bifurcation call session in IP multimedia subsystem
CN102034321A (en) * 2009-09-25 2011-04-27 国民技术股份有限公司 Authentication method and system used for wireless payment
CN105897416A (en) * 2016-06-29 2016-08-24 邓月霞 Forward end-to-end safe instant communication method based on identity-based password system
CN106411528A (en) * 2016-10-17 2017-02-15 重庆邮电大学 Lightweight authentication key negotiation method based on implicit certificate
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI20001837A (en) * 2000-08-18 2002-02-19 Nokia Corp authentication.pm:
EP1865656A1 (en) * 2006-06-08 2007-12-12 BRITISH TELECOMMUNICATIONS public limited company Provision of secure communications connection using third party authentication
CN101616410B (en) * 2009-06-25 2011-08-10 中兴通讯股份有限公司 Access method and access system for cellular mobile communication network
SG11201608945WA (en) * 2014-04-25 2016-12-29 Tendyron Corp Secure data interaction method and system
WO2017129089A1 (en) * 2016-01-29 2017-08-03 腾讯科技(深圳)有限公司 Wireless network connecting method and apparatus, and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101719825A (en) * 2009-04-30 2010-06-02 中兴通讯股份有限公司 Method and system for realizing safe bifurcation call session in IP multimedia subsystem
CN102034321A (en) * 2009-09-25 2011-04-27 国民技术股份有限公司 Authentication method and system used for wireless payment
CN105897416A (en) * 2016-06-29 2016-08-24 邓月霞 Forward end-to-end safe instant communication method based on identity-based password system
CN106411528A (en) * 2016-10-17 2017-02-15 重庆邮电大学 Lightweight authentication key negotiation method based on implicit certificate
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"Key Escrow Protocol Based on a Tripartite Authenticated Key Agreement and Threshold Cryptography";Zhen Wang et al.;《IEEE Access》;20191010;第7卷;全文 *
"LTKA-AC: Lightweight and Trusted Key Agreement Based on IBE with Anonymous Communication";Sarra Jebri et al.;《2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA)》;20180312;全文 *
基于移动网络的端到端密钥协商协议;徐平等;《东北石油大学学报》;20120815(第04期);全文 *
移动智能终端安全即时通信方法;张帆等;《计算机应用》;20170210(第02期);全文 *

Also Published As

Publication number Publication date
CN110912686A (en) 2020-03-24

Similar Documents

Publication Publication Date Title
CN110912686B (en) Method and system for negotiating secret key of security channel
CN110380852B (en) Bidirectional authentication method and communication system
EP2320621B1 (en) Method for establishing cryptographic communications between a remote device and a medical device and system for carrying out the method
CN111052672B (en) Secure key transfer protocol without certificate or pre-shared symmetric key
JP2019533384A (en) Data transmission method, apparatus and system
US20070083766A1 (en) Data transmission links
US20030210789A1 (en) Data transmission links
CN113612605B (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
KR102469979B1 (en) Method for mutually symmetric authentication between a first application and a second application
JP2005515701A6 (en) Data transmission link
CN108886468A (en) System and method for distributing the keying material and certificate of identity-based
CN111756529B (en) Quantum session key distribution method and system
CN111404950B (en) Information sharing method and device based on block chain network and related equipment
CN110020524B (en) Bidirectional authentication method based on smart card
CN104683359A (en) Safety channel establishment method, and data protection method and safety channel key updating method thereof
CN114172745A (en) Internet of things security protocol system
CN108259486B (en) End-to-end key exchange method based on certificate
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
US10630466B1 (en) Apparatus and method for exchanging cryptographic information with reduced overhead and latency
CN116886288A (en) Quantum session key distribution method and device
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
US20240113885A1 (en) Hub-based token generation and endpoint selection for secure channel establishment
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
CN103856463A (en) Lightweight directory access protocol realizing method and device based on key exchange protocol
CN113014376B (en) Method for safety authentication between user and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant