CN111787537A - Distributed key generation and authentication method and communication device for executing the method - Google Patents

Distributed key generation and authentication method and communication device for executing the method Download PDF

Info

Publication number
CN111787537A
CN111787537A CN202010789612.9A CN202010789612A CN111787537A CN 111787537 A CN111787537 A CN 111787537A CN 202010789612 A CN202010789612 A CN 202010789612A CN 111787537 A CN111787537 A CN 111787537A
Authority
CN
China
Prior art keywords
communication device
key
authentication
wireless network
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010789612.9A
Other languages
Chinese (zh)
Inventor
徐俊俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Espressif Systems Shanghai Co Ltd
Original Assignee
Espressif Systems Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Espressif Systems Shanghai Co Ltd filed Critical Espressif Systems Shanghai Co Ltd
Priority to CN202010789612.9A priority Critical patent/CN111787537A/en
Publication of CN111787537A publication Critical patent/CN111787537A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention discloses a distributed key generation and authentication method of a wireless network, which is used for generating and authenticating an application key between two communication devices in the same wireless network for subsequent encrypted data transmission between the two communication devices, wherein the two communication devices are both provided with trigger switches, and the two communication devices are triggered to generate the application key and authenticate the application key by operating the trigger switches from the outside. The invention also provides a communication device for executing the distributed key generation and authentication method of the wireless network. The communication equipment enters an authentication interaction state by a user operating a trigger key from the outside, and additionally, the transmission power of broadcasting and sending information when the communication equipment executes the distributed key generation and authentication method of the wireless network is limited.

Description

Distributed key generation and authentication method and communication device for executing the method
Technical Field
The present invention relates to the field of wireless communication technologies, and in particular, to a distributed key generation and authentication method for a wireless network and a communication device for performing the method.
Background
Since the construction of a wireless communication network (i.e., a wireless network) is not limited by geographical environments like a wired network, it is widely used and enables wireless communication users to communicate on the move. These advantages of wireless networks result from the wireless communication channel that they employ, which is an open channel that gives the wireless communication user freedom of communication while also introducing some insecurity factors into the wireless network, such as the ease of eavesdropping of communication content between devices communicating in the network, the possibility of alteration of communication content, and the possibility of impersonation of the identities of the two parties.
Privacy traffic is an effective way to prevent wireless eavesdropping. Depending on the requirements of a specific application, privacy in a wireless communication system can be defined as the following four levels:
level 0 — no privacy. The wireless communication device does not employ any encryption measures and anyone in possession of the spectrum scanner may intercept the content of the wireless communication.
Level 1-equivalent to the privacy of wired communications. This level of security is primarily used to protect people's ordinary personal communications, and this level of security requires the use of cryptographic algorithms to protect the security of personal communications for at least a year.
Level 2-business level security. The method is mainly used for protecting some conversation contents related to private property, such as stock trading, contract negotiation between companies and the like. Cryptographic algorithms that provide this level of security need to ensure that the commercial content is secure for at least 10-25 years.
Level 3-military and government level security. The level cipher algorithm is mainly used for protecting communication contents between military activities of a country and government departments of non-military affairs, and the specific requirements of the level cipher algorithm are set by government bodies.
For example, in the current ZigBee and ZigBee Pro standard networks, devices use the same TC _ LK (ZigBee alliance distribution) for network entry verification, network key, and packet encryption of application key in the standard security mode for all network-entering devices. The security information of the whole network can be easily acquired by the aid of the packet grabber, and then attack is carried out and sensitive application data are acquired. That is, the security level of the current ZigBee and ZigBee Pro standard network does not meet the requirements of some special data transmission (e.g. data transmission of devices such as electric meters and water meters, i.e. the confidentiality requirement of the level 2), and data are easily revealed and attacked.
In contrast, the latest ZigBee 3.0 standard introduces a concept of device installation codes to improve the security encryption level of the ZigBee network, the device installation codes require that devices are pre-burned in a secure storage area of the devices when leaving a factory, the installation codes of the devices entering the network need to be transmitted to the network management device by means of other means (common two-dimensional codes of scanning devices) when entering the network, the network management device and the devices entering the network use the same algorithm to convert the installation codes into a unique link key, and the generated link key is used for network entry verification and data packet encryption of the network key and the application key.
The latest ZigBee 3.0 standard method improves the security level to some extent, but faces several problems as follows:
1. the equipment installation code is fixed, the life cycle of the whole product is not changed generally, and the equipment installation code cannot be transformed according to different networks, so that the equipment installation code can be recorded by malicious network control equipment, and the conversion from the equipment installation code to the link key is a public algorithm, namely, the link key can be calculated and used for attacks of other networks as long as the equipment installation code is obtained;
2. the device installation code needs to be burned in a safe storage area, and a common flash storage area cannot meet corresponding requirements, so that the cost is increased;
3. other safe transmission channels are needed in the process of transmitting the equipment installation codes to the network control equipment, and the transmission channel has the possibility of being cracked;
4. in the process of distributing the application key, the intervention of intermediate equipment is needed, so that the network data volume is increased on one hand, and the risk of key leakage is increased on the other hand;
5. the method for enhancing the security level by the device installation code has the problem of standard compatibility, and the method cannot be applied to ZigBee and ZigBee Pro type networks; and
6. the method of enhancing the security level by the device installation code requires that two devices communicating must use the device installation code at the same time, and if one of the devices does not use the device installation code, the application data is exposed and does not meet the security requirements.
Therefore, it is necessary to design a distributed key generation and authentication method for a wireless network (especially, a ZigBee network) and a communication device performing the method to solve the above technical problems.
Disclosure of Invention
To achieve the above object, the present invention provides, in one aspect, a distributed key generation and authentication method for a wireless network, for generating and authenticating an application key between two communication devices in the same wireless network for subsequent encrypted data transmission between the two communication devices, wherein both communication devices have a trigger switch, and the trigger switch is operated from the outside so that the two communication devices are triggered to generate the application key and authenticate the application key.
Wherein the step of generating the application key by the two communication devices comprises: after being triggered, the two communication devices generate pairs of public keys and private keys thereof and broadcast authentication request information in a wireless network; each of the two communication devices receives authentication request information from an opposite side and sends key exchange information including a public key of the communication device to the opposite side after receiving the authentication request information, wherein one of the two communication devices receives the authentication request information from the opposite side first and sends the public key of the communication device first serves as a master communication device, and the other communication device serves as a slave communication device; after receiving the public key from the slave communication equipment, the master communication equipment calculates an intermediate key based on the own private key and the received public key by using an asymmetric encryption algorithm, and calculates an application key based on the calculated intermediate key; the slave communication device, upon receiving the public key from the master communication device, calculates an intermediate key using an asymmetric encryption algorithm based on its own private key and the received public key, and calculates an application key based on the calculated intermediate key.
Wherein the step of the two communication devices authenticating the application key comprises: the master communication equipment randomly generates a first character string, encrypts the first character string by using an application key calculated by the master communication equipment to obtain a second character string, and sends key authentication information comprising the first character string and the second character string to the slave communication equipment; after receiving the key authentication information from the master communication device from the communication device, decrypting the second character string using the application key calculated by the communication device, and comparing the decrypted second character string with the first character string; when the decrypted second character string is the same as the first character string, randomly generating a third character string by the slave communication device, encrypting the third character string by using the application key calculated by the slave communication device to obtain a fourth character string, and transmitting key authentication information including the third character string and the fourth character string to the master communication device by the slave communication device; after receiving the key authentication information from the slave communication device, the master communication device decrypts the fourth character string by using the calculated application key thereof, and compares the decrypted fourth character string with the third character string; when the decrypted fourth string is the same as the third string, the master communication device adds its calculated application key to its application key list for subsequent encrypted data transmission, and sends key confirmation information to the slave communication device; after receiving the key confirmation information from the master communication device, the slave communication device adds the application key it calculated to its application key list for subsequent encrypted data transmission.
Preferably, the trigger switch is a physical or virtual button, key, knob or lever provided on the first communication device and/or the second communication device. Preferably, before or during or after the trigger switch is operated from the outside, the distance between the first communication device and the second communication device should be made not more than 1 meter, more preferably not more than 0.5 meter, and accordingly the transmission power of the two communication devices at the time of their broadcast authentication request information should be set so that the communication distance is not more than 1 meter, and the transmission power of one of the two communication devices at the time of its transmission of the key exchange information, the key authentication message, and the key confirmation message to the other should be set so that the communication distance is not more than 1 meter.
In a preferred embodiment, the asymmetric encryption algorithm used is the ECDH algorithm, but in other embodiments, the RSA algorithm, the DSA algorithm, or the PKCS algorithm may be used.
In a preferred embodiment, the algorithm used by the first communication device and the second communication device in calculating the application key based on the intermediate key they calculate is the AES-128 algorithm, in other embodiments the MD5 algorithm, the SHA-256 algorithm, the AES-256 algorithm or the CBC-MAC algorithm may be used.
The present invention provides in another aspect a communication device for performing the distributed key generation and authentication method of a wireless network of the present invention, the communication device acting as a first and/or second communication device therein.
Wherein the communication device has a trigger switch that is operated from the outside by a user to cause the communication device to be triggered to generate an application key and authenticate the application key; and, the communication device has its own network address and has: the key authentication system comprises a key request module for generating authentication request information, a key exchange module for generating key exchange information, a key authentication module for generating key authentication information and a key confirmation module for generating key confirmation information.
Preferably, the communication device has an adjustable transmission power, wherein the transmission power is set such that the communication distance is not more than 1 meter at the time of its authentication request information broadcast by the communication device; and when the communication device transmits the key exchange information, the key authentication message, and the key confirmation message, the transmission power is set so that the communication distance is not more than 1 meter.
Therefore, the communication equipment enters an authentication interactive state by a user operating a trigger key from the outside, and additionally, the transmission power of broadcasting and sending information when the communication equipment executes the distributed key generation and authentication method of the wireless network is limited. Wherein, the key generation process only needs two communication devices to participate, and is not dependent on any other devices in the wireless network. And, the generated application key does not need to be transmitted, thereby avoiding the leakage risk to a certain extent.
In addition, the communication device of the present invention can generate different application keys to encrypt different communication links by performing the distributed key generation and authentication method of the wireless network of the present invention. For example, generating the application key APPKEY1 between the communication device a and the communication device B, then generating the application key APPKEY2 between the communication device a and the communication device C, and so on can prevent the key between the communication devices a and B from being known by the communication device C, which is higher security.
In the invention, both sides of the authentication interaction process can complete the whole authentication process by broadcasting or sending 6 data packets (information) at least, the realization complexity is low, the authentication success rate is high, and the invention is very suitable for the application of a low-speed wireless network, and has good success rate and authentication speed in practical use.
In a preferred embodiment of the present invention, it is presented that the distributed key generation and authentication method of the wireless network of the present invention is used for two communication devices of the present invention in the same ZigBee wireless network to generate and authenticate an application key between the two communication devices for subsequent encrypted data transmission between the two communication devices. Compared with other existing methods for generating the key in the ZigBee wireless network and methods for authenticating the key, the method has the following advantages:
1. the system for transmitting the high-level security requirement data based on the ZigBee wireless network is realized, and the security problem of the ZigBee network is solved. Compared with the equipment installation code method provided by ZigBee 3.0, the method can provide higher security level and can completely prevent man-in-the-middle attack.
2. The configuration file ID module based on the communication module realizes the compatibility of the distributed key generation and authentication method of the wireless network of the invention and the ZigBee protocol stack, so that the distributed key generation and authentication method can be realized completely on the basis of software and is easy to integrate into the existing equipment. For example, the distributed key generation and authentication method of the wireless network can be used as an application program of ZigBee, does not have the problem of version compatibility, and can be transplanted to ZigBee, ZigBee Pro and ZigBee 3.0. Therefore, the hardware cost of using the safe storage area is saved compared with the installation code method adopted in the prior art.
3. An asymmetric encryption algorithm is used so that only the participating parties can compute the application key and the entire authentication interaction process interacts the public key only over the air, without any effect even if it is heard by a potentially threatening device. And preferably, a core ECDH algorithm is adopted, so that a plurality of MCUs provide hardware acceleration support, and can be realized by software even if the hardware is not supported, and the dependence on the hardware is not strong compared with other asymmetric encryption algorithms.
The conception, the specific structure and the technical effects of the present invention will be further described with reference to the accompanying drawings to fully understand the objects, the features and the effects of the present invention.
Drawings
Fig. 1 schematically shows a flow chart of a distributed key generation and authentication method for a wireless network of the present invention in a preferred embodiment.
Fig. 2 schematically shows an application layer architecture of a communication device for performing the method of fig. 1 in a preferred embodiment.
Fig. 3 schematically shows a flow chart for confirming whether two communication devices intended to perform the distributed key generation and authentication method of a wireless network of the present invention are in the same wireless network in a preferred embodiment.
Fig. 4 is a flow chart schematically illustrating a communication device being triggered to enter an authentication interaction state in the distributed key generation and authentication method of a wireless network according to a preferred embodiment of the present invention.
Fig. 5 is a flow chart schematically illustrating the authentication interaction state of the master communication device in the distributed key generation and authentication method of the wireless network according to the present invention in a preferred embodiment.
Fig. 6 is a flow chart schematically illustrating the authentication interaction state of the slave communication device in the distributed key generation and authentication method of the wireless network according to the present invention in a preferred embodiment.
Detailed Description
As shown in fig. 1 and 2, in a preferred embodiment of the present invention, a distributed key generation and authentication method of a wireless network of the present invention implemented in a ZigBee wireless network, and an application layer architecture of a communication device performing the method in the ZigBee wireless network are provided. Based on the method depicted in fig. 1, an application key may be generated and authenticated between two communication devices (i.e., a first communication device and a second communication device) as depicted in fig. 2 in a ZigBee wireless network for subsequent encrypted data transmission between the two communication devices. Where the confidentiality of the encrypted data can refer to level 2 of the aforementioned levels, i.e. business level confidentiality.
In the present embodiment, the two communication devices are, for example, a water meter and a meter reader, or a water meter and a meter reader, respectively. Through the distributed key generation and authentication method of the wireless network, the table look-up device in the same ZigBee wireless network can be allowed to safely acquire the information (such as reading) of the electric meter or the water meter, and the information cannot be maliciously stolen or even modified.
Specifically, it is necessary to have a trigger switch on the two communication devices to allow the user to operate the trigger switch from the outside so that the communication device is triggered to generate and authenticate the application key (referred to as an authentication interaction process in the following description).
The trigger switch on the communication device is preferably arranged on its housing to facilitate operation by the user from the outside. The trigger switch may be a power switch of the communication device, which is triggered to enter the authentication interaction process by a user operating the power switch, such as when the number of times the power switch is switched reaches a preset threshold within a certain time, for example, the communication device is switched twice in a rapid manner (with an interval not greater than 0.5 seconds). Typically, the communication device has software to detect the operation of the power switch, such as "two-tap-in-two-tap", "three-tap-in-three-tap", and so on. A communication device having such a power switch can be selected as a trigger switch for the communication device, and the communication device is triggered by operating the power switch.
Alternatively, the trigger switch is a button, key, knob or lever provided outside the power switch of the communication device, including a virtual button, key, knob or lever on the display screen of the communication device. When the user presses a physical or virtual button, key, knob or lever, the communication device is triggered to enter an authentication interaction process.
For example, the table look-up device is provided with a trigger switch, the electric meter or the water meter is provided with a trigger switch, and when a user wants to use the distributed key generation and authentication method of the wireless network of the invention to read the reading of the electric meter or the water meter through the table look-up device, the user needs to operate the table look-up device and the trigger switch on the electric meter or the water meter. The same user can operate the trigger switches on the two communication devices simultaneously, or the two users can operate the two trigger switches respectively. The two trigger switches may be operated simultaneously or not simultaneously. When the two trigger switches are not operated simultaneously, one of the trigger switches may be operated first.
It should be noted that, in the implementation of the distributed key generation and authentication method for a wireless network of the present invention, such artificial participation (i.e., the user operates the trigger button from the outside to make the communication device enter the authentication interaction state) can effectively avoid the possibility that the authentication interaction is triggered at an unsafe time point and then attacked, thereby effectively improving the security of the encrypted data transmission implemented by the present invention.
As shown in fig. 2, the communication device has its own custom endpoint number, which in this example is stored in the endpoint number module EP _ S, which may be any one of values between 1 and 241. And the user-defined endpoint number of the communication equipment is used as an application inlet. In a specific implementation, the communication device may run a plurality of applications in an application layer, and the customized endpoint number corresponds to an application for distinguishing different applications run by the communication device.
The communication apparatus further has: a key request module for generating authentication request information, a key exchange module for generating key exchange information, a key authentication module for generating key authentication information, and a key confirmation module for generating key confirmation information, and specific descriptions of the above information are given below. In the present example, the above four modules are implemented as four cluster IDs in the PROFILE ID module PROFILE _ S of the communication device: CID _ AUTH _ REQ, CID _ KEY _ EXCHANGE, CID _ VERIFY _ MSG, and CID _ AUTH _ RESULT. Specifically, the cluster ID CID _ AUTH _ REQ is used to generate the authentication request information, the cluster ID CID _ KEY _ EXCHANGE is used to generate the KEY EXCHANGE information, the cluster ID CID _ VERIFY _ MSG is used to generate the KEY authentication information, and the cluster ID CID _ AUTH _ RESULT is used to generate the KEY confirmation information. Therein, the PROFILE ID module PROFILE _ S is designed to be any 2-byte length value (except for the PROFILE ID assigned by the ZigBee alliance such as zll/zdo/zha, etc.).
It should be noted that, in the present embodiment, the above modules of the communication device are implemented on the application layer of the communication device, but in other embodiments of the present invention, the above modules may also be implemented on, for example, the physical layer of the communication device.
Preferably, the communication device may have an adjustable transmission power, whereby it may be possible to limit its transmission power to make a communication distance not greater than 1 meter when broadcasting or sending a message outwards during its inventive distributed key generation and authentication method of a wireless network. Such reduced transmission power may further prevent interaction data between the two communication devices during the authentication interaction from being received by an attacker (e.g., man-in-the-middle attack).
In particular, in such a preferred embodiment, the user is required to make the distance between the two communication devices not more than 1 meter, preferably not more than 0.5 meter, before or during or after operating the two trigger switches from the outside. For example, when a user reads the reading of an electric meter or a water meter by using the distributed key generation and authentication method of the wireless network, the user firstly moves the table look-up device close to the electric meter or the water meter to enable the distance between the electric meter and the water meter to be not more than 0.5 meter, and then triggers the table look-up device and a trigger switch on the electric meter or the water meter; or after the user triggers one or both of the two trigger switches, the meter look-up device is moved to be close to the electric meter or the water meter; or the user can move the table look-up device close to the electric meter or the water meter while triggering one or both of the two trigger switches.
And accordingly, the communication distance of the information broadcast or transmitted by the two communication devices during the authentication interaction process may not be more than 1 meter, for example, the transmission radius in the information is set to 0 (i.e., the forwarding function is turned off). Whereby the information cannot be forwarded, thereby further reducing the possibility of attacks.
It should be noted that, as described above, the distributed key generation and authentication method for a wireless network of the present invention is used for generating and authenticating an application key between two communication devices in the same wireless network for subsequent encrypted data transmission between the two communication devices. Therefore, before two communication devices enter the above-mentioned authentication interaction state, it is necessary to confirm whether the two communication devices are in the same wireless network. This may be done before, during or after the user operates the trigger switches of both communication devices from the outside, but only after confirming that both communication devices are in the same wireless network, the two communication devices enter the authentication interaction state described above.
Specifically, as shown in fig. 3, for example, after the meter lookup device and the electric meter or the water meter are turned on (or the sleep state is released), it is automatically determined whether the meter lookup device itself has already accessed the network, and if not, the meter lookup device waits for accessing the network. After the device is connected to the network, it waits for the start of the authentication interaction state, i.e. for the signal generated by the trigger switch operated from the outside as described above. The device can only enter the authentication interaction state described above when such a signal (i.e., authentication signal) is received.
Returning to fig. 1, a first communication device, such as a meter lookup device, and a second communication device, such as an electric meter or a water meter, both of which are powered on or are released from a sleep state, determine that they are connected to the network, and can determine that they are connected to the same wireless network (in this case, the same ZigBee wireless network) by the user. The user moves the meter lookup device close to the electric meter or the water meter, and for example, a trigger switch on the meter lookup device is operated first, the meter lookup device confirms that the meter lookup device enters an authentication interactive state (namely, is triggered to authenticate), namely, a pair PKA/SKA of a public key PKA and a private key SKA of the meter lookup device is generated, and authentication request information is broadcast in the ZigBee wireless network. In this case, the authentication request message is a data packet AUTH _ REQ including the network address of the communication device (in this case, the table lookup device) generated by the cluster ID CID _ AUTH _ REQ in the PROFILE ID module PROFILE _ S of the communication device. The table lookup unit broadcasts the data packet AUTH REQ at regular intervals, e.g. 500 ms.
The user operates a trigger switch on the electric meter or the water meter, the electric meter or the water meter confirms that the electric meter or the water meter enters an authentication interaction state (namely, is triggered to authenticate), namely, a public key PKB/private key SKB pair PKB/SKB of the electric meter or the water meter is generated, and authentication request information is broadcasted in the ZigBee wireless network. In this example, the authentication request message is a data packet AUTH _ REQ, which includes the network address of the communication device (in this example, the electric meter or the water meter), i.e., the address of the communication device in the ZigBee wireless network, and is generated by the cluster ID CID _ AUTH _ REQ in the PROFILE ID module PROFILE _ S of the communication device. The table lookup unit broadcasts the data packet AUTH REQ at regular intervals, e.g. 500 ms.
Specifically, referring to fig. 1 and 4, after the table look-up device and the electric meter or the water meter are triggered to authenticate, and thus authentication starts, the data packet AUTH _ REQ is broadcast in the ZigBee wireless network, and then the receiving mode is entered to wait for receiving the data packet AUTH _ REQ from the other party. Here, a repetition time interval may be preset, and if a data packet AUTH _ REQ (authentication request information) from the other party or KEY EXCHANGE information KEY _ EXCHANGE from the other party is not received within a time interval (for example, 500ms) after the data packet AUTH _ REQ is broadcast (this is a case where the communication device enters authentication interaction after comparing with the communication device of the other party, that is, the communication device of the other party has broadcast its data packet AUTH _ REQ, and the communication device has not broadcast its data packet AUTH _ REQ, and receives the KEY EXCHANGE information KEY _ EXCHANGE from the other party before receiving the data packet AUTH _ REQ repeatedly broadcast from the other party after the communication device broadcasts its data packet AUTH _ REQ, specifically, see below), the communication device broadcasts the data packet AUTH _ REQ again in the ZigBee wireless network. Here, it is also possible to preset an authentication waiting time (for example, 5 minutes), and if the preset authentication waiting time elapses since the data packet AUTH _ REQ is broadcast for the first time, the data packet AUTH _ REQ from the opposite side or the KEY EXCHANGE information KEY _ EXCHANGE from the opposite side is still not received, and the communication device will exit its authentication interaction state. If the user needs the communication device to continue to execute the distributed key generation and authentication method of the wireless network of the present invention, the trigger switch of the communication device needs to be operated from the outside again, so that the communication device enters the authentication interaction state again according to the above-mentioned flow.
When the table look-up device and the electric meter or the water meter of the embodiment receive the data packet AUTH _ REQ from the opposite party, the key exchange information including the public key of the table look-up device and the electric meter or the water meter is sent to the opposite party. Specifically, after receiving the data packet AUTH _ REQ from the electric meter or the water meter, the table look-up device sends KEY _ EXCHANGE information including the public KEY PKA thereof (i.e., KEY _ EXCHANGE a in fig. 1) to the electric meter or the water meter. The table look-up device can obtain the network address of the electric meter or the water meter from the data packet AUTH _ REQ received from the electric meter or the water meter, so as to send the public key PKA of the table look-up device to the electric meter or the water meter. Similarly, after receiving the data packet AUTH _ REQ from the table lookup device, the electric meter or the water meter learns the network address of the table lookup device, and then sends KEY _ EXCHANGE information including the public KEY PKB thereof (i.e., KEY _ EXCHANGE B in fig. 1) to the table lookup device.
In addition, as described above, the communication device entering authentication interaction later may receive the KEY EXCHANGE information KEY _ EXCHANGE from the other party before receiving the data packet AUTH _ REQ repeatedly broadcasted from the other party after broadcasting the data packet AUTH _ REQ thereof, and therefore, it is preferable that the communication device entering authentication interaction later should further include its own address in the wireless network in the KEY EXCHANGE information including its own public KEY transmitted by the communication device, so that the communication device entering authentication interaction later can also immediately obtain the address of the other party in the wireless network after receiving the KEY EXCHANGE information KEY _ EXCHANGE from the other party, thereby transmitting its own KEY EXCHANGE information KEY _ EXCHANGE thereto without waiting for the authentication request information repeatedly broadcasted by the other party. For example, the table lookup device and the electric meter or the water meter of the embodiment include their network addresses in the KEY EXCHANGE information KEY _ EXCHANGE that they send to the other party.
The distributed KEY generation and authentication method of the wireless network of the invention takes one of the two communication devices which firstly sends the own public KEY (namely the KEY EXCHANGE information KEY _ EXCHANGE including the public KEY) as the master communication device before receiving the public KEY (namely the KEY EXCHANGE information KEY _ EXCHANGE including the public KEY) from the other communication device as the slave communication device. In this embodiment, the table look-up unit receives the data packet AUTH _ REQ from the opposite party first, and sends its KEY EXCHANGE information KEY _ EXCHANGE before receiving the KEY EXCHANGE information KEY _ EXCHANGE of the electric meter or the water meter, as the master communication device, and the electric meter or the water meter as the slave communication device. In the distributed key generation and authentication method for a wireless network of the present invention, the master communication device and the slave communication device have a slight difference in authentication interaction status, which is described in detail below.
Referring to fig. 1 and 5, the table look-up device, which is identified as the master communication device in this embodiment, obtains the public KEY PKB of the electric meter or the water meter upon receiving the KEY EXCHANGE information KEY _ EXCHANGE from the slave communication device (i.e., the electric meter or the water meter), so that the intermediate KEY DHKEY can be calculated using an asymmetric encryption algorithm based on its own private KEY SKA and the received public KEY PKB. Wherein, a waiting time (for example, 1 minute) for receiving the KEY EXCHANGE information may be preset, and if the preset waiting time (during which other data packets such as the data packet AUTH _ REQ need to be ignored) passes after the KEY EXCHANGE information KEY _ EXCHANGE is sent from the communication device to the electric meter or the water meter, and the KEY EXCHANGE information KEY _ EXCHANGE is still not received from the other party, the communication device will exit its authentication interaction state. If the user needs the communication device to continue to execute the distributed key generation and authentication method of the wireless network of the present invention, the trigger switch of the communication device needs to be operated from the outside again, so that the communication device enters the authentication interaction state again according to the above-mentioned flow.
In this embodiment, the table look-up device calculates the intermediate key DHKEY (SKA, PKB) based on its own private key SKA and the received public key PKB using the ECDH algorithm. In other embodiments of the present invention, the primary communication device may also employ an asymmetric encryption algorithm such as the RSA algorithm, the DSA algorithm, or the PKCS algorithm. The table look-up unit then calculates its application key APPKEY ═ AES128(DHKEY) based on its calculated intermediate key DHKEY using the AES _128 algorithm, resulting in a 16-bit application key APPKEY. In other embodiments of the present invention, the primary communication device may also employ a HASH algorithm such as the MD5 algorithm, the SHA-256 algorithm, the AES-256 algorithm, or the CBC-MAC algorithm.
Described above is the process by which the master communication device generates its application key. The process of generating its application key from the communication device is similar. Referring to fig. 1 and 6, it is confirmed that, in the present embodiment, after receiving KEY EXCHANGE information KEY _ EXCHANGE from the host communication device (i.e., table look-up device), the electric meter and the water meter of the slave communication device obtain a public KEY PKA of the table look-up device, so that the intermediate KEY DHKEY can be calculated using an asymmetric encryption algorithm based on the own private KEY SKB and the received public KEY PKA. In this embodiment, the electric meter or the water meter calculates an intermediate key DHKEY (SKB, PKA) based on its own private key SKB and the received public key PKA by using an ECDH algorithm. In other embodiments of the present invention, the slave communication device may also employ an asymmetric encryption algorithm such as an RSA algorithm, a DSA algorithm, or a PKCS algorithm. The electric meter or the water meter then calculates an application key APPKEY ═ AES128(DHKEY) based on the intermediate key DHKEY calculated by the electric meter or the water meter using the AES _128 algorithm, so as to obtain a 16-bit application key APPKEY. In other embodiments of the present invention, the slave communication device may also employ a HASH algorithm such as the MD5 algorithm, the SHA-256 algorithm, the AES-256 algorithm, or the CBC-MAC algorithm.
The process of the master and slave communication devices authenticating the application key is described below with reference to fig. 1, 5 and 6.
As shown in fig. 1 and 5, the table look-up device identified as the master communication device in this embodiment randomly generates a 16-bit first character string sa16 (as plaintext) after calculating its application key APPKEY, encrypts the first character string sa16 using its calculated application key APPKEY to obtain a second character string ca16 (as ciphertext), and then transmits key authentication information including the first character string sa16 and the second character string ca16 to the electric meter or the water meter as the slave communication device. In the present embodiment, the KEY authentication information is a packet VERIFY _ KEY (i.e., VERIFY _ MSG a in fig. 1) in which the above-described first character string sa16 and second character string ca16 are placed. The master communications device meter look-up table then waits for a reply from the slave communications device meter or water meter, i.e., for a key identification message from the slave communications device meter or water meter.
As shown in fig. 1 and 6, after the electric meter or the water meter confirmed as the slave communication device calculates the application KEY APPKEY thereof, the electric meter or the water meter starts to wait for the KEY authentication information from the master communication device (i.e., the data packet VERIFY _ KEY from the master communication device). Wherein, a waiting time (for example, 1 minute) for receiving the KEY authentication information may be preset, and if the preset waiting time elapses since it finishes calculating its application KEY APPKEY, the communication device will exit its authentication interaction state if it still does not receive the data packet VERIFY _ KEY from the other party. If the user needs the communication device to continue to execute the distributed key generation and authentication method of the wireless network of the present invention, the trigger switch of the communication device needs to be operated from the outside again, so that the communication device enters the authentication interaction state again according to the above-mentioned flow.
And when the slave communication equipment ammeter or the water meter receives the data packet VERIFY _ KEY from the master communication equipment meter look-up device within the preset waiting time, starting decryption and judging whether the information is decrypted correctly. Specifically, the electric meter or the water meter obtains a first character string sa16 and a second character string ca16 from a data packet VERIFY _ KEY from a meter look-up device, then decrypts the second character string ca16 by using an application KEY APPKEY calculated by the electric meter or the water meter, compares the decrypted second character string ca16 with the first character string sa16, and if the two are the same, considers that the information decryption is correct, so that KEY authentication information is ready to be sent to a master communication device meter look-up device; if the two are different, the information decryption is not correct, so that error reporting information AUTH _ RESULT is sent as an error code, and the authentication interaction state is exited. If the user needs the communication device to continue to execute the distributed key generation and authentication method of the wireless network of the present invention, the trigger switch of the communication device needs to be operated from the outside again, so that the communication device enters the authentication interaction state again according to the above-mentioned flow. In addition, the error code may be displayed as a screen display graphic and/or text on a display screen of the slave communication device electricity meter or water meter, or as an optical signal on a light emitting element such as an LED lamp of a housing of the slave communication device electricity meter or water meter, or as an acoustic signal on a sound emitting element such as a speaker of the slave communication device electricity meter or water meter to prompt the user.
The sending of the key authentication information to the master communication device table look-up device after the slave communication device electric meter or the water meter confirms that the decryption of the information is correct specifically is: a 16-bit third string sb16 (as plaintext) is randomly generated from the communication device electricity meter or water meter, and the third string sb16 is encrypted using the application key APPKEY calculated by the same to obtain a fourth string cb16 (as ciphertext), and then key authentication information including the third string sb16 and the fourth string cd16 is transmitted to the table look-up device as the master communication device. In this embodiment, the KEY authentication information is a packet VERIFY _ KEY (i.e., VERIFY _ KEY B in fig. 1) in which the third string sb16 and the fourth string cb16 are placed. The slave communications device meter or water meter then waits for a reply from the master communications device meter lookup table, i.e., for a key confirmation message from the master communications device meter lookup table (see below for details). Wherein, a waiting time (for example, 1 minute) for receiving the KEY confirmation information may be preset, and if the preset waiting time elapses after the data packet VERIFY _ KEY is sent, the KEY confirmation information from the other party is still not received, the communication device will exit its authentication interaction state. If the user needs the communication device to continue to execute the distributed key generation and authentication method of the wireless network of the present invention, the trigger switch of the communication device needs to be operated from the outside again, so that the communication device enters the authentication interaction state again according to the above-mentioned flow.
As shown in fig. 1 and 5, after the master communication device lookup table receives the KEY authentication information from the slave communication device electric meter or water meter (i.e. the data packet VERIFY _ KEY from the slave communication device electric meter or water meter), it starts to decrypt and determines whether the information is decrypted correctly. Specifically, the table look-up device obtains the third string sb16 and the fourth string cb16 from the data packet VERIFY _ KEY from the electric meter or the water meter, then decrypts the fourth string cb16 by using the application KEY APPKEY calculated by the table look-up device, compares the decrypted fourth string cb16 with the second string sb16, and if the decrypted fourth string cb16 and the second string sb16 are the same, the information decryption is considered to be correct, so that the KEY confirmation information AUTH _ RESULT ═ 0 is ready to be sent to the slave communication equipment electric meter or the water meter; if the two are different, the information decryption is not correct, so that error reporting information AUTH _ RESULT is sent as an error code, and the authentication interaction state is exited. If the user needs the communication device to continue to execute the distributed key generation and authentication method of the wireless network of the present invention, the trigger switch of the communication device needs to be operated from the outside again, so that the communication device enters the authentication interaction state again according to the above-mentioned flow. In addition, the error message AUTH _ RESULT may be displayed as a screen display pattern and/or text on a display screen of the main communication questionnaire, or as an optical signal on a light emitting element such as an LED lamp of the main communication questionnaire housing, or as an audio signal on a sound emitting element such as a speaker of the main communication questionnaire, to prompt the user. In addition, the error message AUTH _ RESULT may be sent to the slave electric meter or the water meter, indicating that the other party fails to verify the application key, so that the distributed key generation and authentication method of the wireless network of the present invention needs to be executed again, so as to trigger the two again to generate the application key and authenticate the application key.
After confirming that the decryption of the information is correct and sending the key confirmation information AUTH _ RESULT ═ 0 to the slave communication equipment electric meter or water meter, the master communication equipment table look-up device adds the application key APPKEY calculated by the master communication equipment table look-up device to the application key list thereof for subsequent encrypted data transmission between the master communication equipment table look-up device and the slave communication equipment electric meter or water meter. Therefore, the table look-up device of the main communication equipment successfully completes the authentication interactive process and exits the authentication interactive state.
As shown in fig. 1 and 6, while the slave communication device electric meter or the water meter waits for receiving the key confirmation information from the master communication device table look-up device, as described above, the key confirmation information AUTH _ RESULT from the master communication device table look-up device may be received as 0, the error report information AUTH _ RESULT from the master communication device table look-up device may be received as an error code, and the received key confirmation information AUTH _ RESULT may be corrupted as 0 during transmission, so that the slave communication device electric meter or the water meter needs to verify a priori whether the received information is the correct key confirmation information AUTH _ RESULT as 0.
In the present embodiment, this is performed by determining whether the received information is the key confirmation information AUTH _ RESULT ═ 0. If not, for example, the electric meter or the water meter receives the error report information AUTH _ RESULT from the table look-up device as described above, it is confirmed that the opposite party fails to successfully verify the application key, and thus the distributed key generation and authentication method of the wireless network of the present invention needs to be performed again to trigger the two again to generate the application key and authenticate the application key. If so, the slave communications device electricity or water meter adds its calculated application key APPKEY to its application key list for subsequent encrypted data transmission between it and the master communications device table look-up. Therefore, the communication equipment ammeter or water meter successfully completes the authentication interaction process and exits the authentication interaction state.
The communication equipment table look-up device and the communication equipment electric meter or water meter obtain the application key used between the communication equipment table look-up device and the communication equipment electric meter or water meter based on the distributed key generation and authentication method of the wireless network, and the application key is kept in the application key list of the communication equipment table look-up device and the communication equipment electric meter or water meter and used for subsequent encrypted data transmission between the communication equipment table look-up device and.
In addition, any one of the two communication devices (for example, the first communication device table look-up device) that completes the authentication interaction process may further obtain, with a communication device other than the two communication devices (the third communication device electric meter or the water meter), an application key used between the first and third communication devices based on the distributed key generation and authentication method of the wireless network of the present invention, and keep the application key in the application key list of the two devices for subsequent encrypted data transmission between the two devices. The application key between this first and third communication device, herein referred to as the second application key, will be different from the application key between the first and second communication device, herein referred to as the first application key. Therefore, if a first communication device in the same ZigBee wireless network needs to acquire encrypted data from a second communication device and a third communication device, the second communication device can encrypt the data with a first application key and send the encrypted data to the first communication device, the third communication device can encrypt the data with a second application key and send the encrypted data to the first communication device, and after receiving the encrypted data, the first communication device decrypts the encrypted data from the second communication device with the first application key and decrypts the encrypted data from the third communication device with the second application key. Based on the above, those skilled in the art can understand that the method can be applied between any two nodes in the same wireless network that need to perform encrypted data transmission, so that any number of nodes in the wireless network that need to perform encrypted data transmission can perform encrypted data transmission to their target nodes with sufficient security level, and are not affected by other nodes.
In addition, after the authentication interaction process is successfully completed, the two communication devices exiting the authentication interaction state can adjust the transmission power thereof to be normal for subsequent encrypted data transmission between the two communication devices, namely, the transmission power which is reduced in the execution process of the distributed key generation and authentication method of the wireless network of the invention, so that the communication distance of the communication device is not more than 1 meter (preferably not more than 0.5 meter) is adjusted to be normal for wireless communication in the ZigBee wireless network.
Accordingly, it is possible to increase two communication devices, which are moved apart, i.e., moved close so that the distance between them is not more than 0.5 m during the execution of the distributed key generation and authentication method of the wireless network of the present invention as described above, to their normal positions for wireless communication in the ZigBee wireless network. For example, if the table look-up device is designed to be disposed at an entrance of a building for obtaining readings of a plurality of electric meters or water meters in the building, the table look-up device may be moved close to each of the plurality of electric meters or water meters as described above, the distributed key generation and authentication method of the wireless network of the present invention may be performed separately for each electric meter or water meter, an application key may be obtained between the table look-up device and each electric meter or water meter, and then the table look-up device may be disposed back to the designed disposition location (i.e., the entrance). The meter look-up unit can then receive at the location, at normal transmission power, the encrypted readings of the plurality of electric or water meters of the building with their respective application keys, and the meter look-up unit can then decrypt the encrypted readings with the corresponding application keys to obtain the readings of the electric or water meters.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.

Claims (18)

1. A distributed key generation and authentication method of a wireless network for generating and authenticating an application key between a first communication device and a second communication device in the wireless network for subsequent encrypted data transmission between the first communication device and the second communication device, characterized in that the first communication device and the second communication device have a trigger switch that is activated by operating the trigger switch from the outside to generate an application key and authenticate the application key.
2. The distributed key generation and authentication method of a wireless network of claim 1, wherein the step of the first communication device and the second communication device generating an application key comprises:
after each of the first communication device and the second communication device is triggered, generating a pair of a public key and a private key of each communication device, and broadcasting authentication request information including an address of each communication device in the wireless network so as to wait for receiving information including the address of each communication device in the wireless network from the other communication device so as to send key exchange information including the public key of each communication device to the other communication device; wherein the other party is the other of the first communication device and the second communication device, and the information from the other party is authentication request information from the other party or key exchange information including a public key of the other party from the other party;
after each of the first communication device and the second communication device receives the authentication request information or the key exchange information from the other party, sending the key exchange information of the first communication device and the second communication device to the other party; wherein one of the first communication apparatus and the second communication apparatus that transmits the key exchange information of itself first before receiving the key exchange information from the other one serves as a master communication apparatus, and the other serves as a slave communication apparatus;
after receiving the public key in the key exchange information from the slave communication equipment, the master communication equipment calculates an intermediate key by using an asymmetric encryption algorithm based on the own private key and the received public key, and calculates an application key based on the calculated intermediate key; after receiving the public key from the master communication device, the slave communication device calculates an intermediate key based on its own private key and the received public key by using an asymmetric encryption algorithm, and calculates an application key based on the calculated intermediate key.
3. The distributed key generation and authentication method of a wireless network of claim 2, wherein the step of the first communication device and the second communication device authenticating the application key comprises:
the master communication device randomly generates a first character string and encrypts the first character string by using an application key calculated by the master communication device to obtain a second character string, and the master communication device sends key authentication information comprising the first character string and the second character string to the slave communication device;
after the slave communication device receives the key authentication information from the master communication device, decrypting the second character string by using the application key calculated by the slave communication device, and comparing the decrypted second character string with the first character string; when the decrypted second character string is the same as the first character string, the slave communication device randomly generates a third character string and encrypts the third character string by using an application key calculated by the slave communication device to obtain a fourth character string, and the slave communication device transmits key authentication information including the third character string and the fourth character string to the master communication device;
after receiving the key authentication information from the slave communication device, the master communication device decrypts the fourth character string by using the application key calculated by the master communication device, and compares the decrypted fourth character string with the third character string; when the decrypted fourth string is the same as the third string, the master communication device adding the application key it calculated to its application key list for subsequent transmission of the encrypted data, and sending key confirmation information to the slave communication device;
and after receiving the key confirmation information from the master communication device, the slave communication device adds the calculated application key to an application key list thereof for subsequent encrypted data transmission.
4. A method for distributed key generation and authentication of a wireless network according to any of claims 1-3, wherein the trigger switch is a power switch of the first communication device and/or the second communication device, the first communication device and/or the second communication device being triggered when the number of times the power switch is operated reaches a preset threshold.
5. A distributed key generation and authentication method for a wireless network according to any of claims 1-3, wherein the trigger switch is a button, key, knob or lever provided outside a power switch of the first communication device and/or the second communication device.
6. The distributed key generation and authentication method of a wireless network according to claim 3, wherein the first communication device and the second communication device have their own network addresses, the first communication device and the second communication device include their network addresses of bytes in the authentication request information broadcasted by them, and one of the first communication device and the second communication device sends the key exchange information, the key authentication message, and the key confirmation message to the other based on the network address in which it received the authentication request information.
7. The distributed key generation and authentication method for a wireless network of claim 6, wherein the first communication device and the second communication device each have: a key request module for generating the authentication request information, a key exchange module for generating the key exchange information, a key authentication module for generating the key authentication information, and a key confirmation module for generating the key confirmation information.
8. The distributed key generation and authentication method of a wireless network according to claim 3, wherein in the step of generating the application key by the first communication device and the second communication device and in the step of authenticating the application key by the first communication device and the second communication device, a distance between the first communication device and the second communication device is maintained not more than 1 meter.
9. The distributed key generation and authentication method for a wireless network according to claim 8, wherein transmission power of the first communication device and the second communication device when broadcasting their authentication request information is set so that their communication distance is not more than 1 meter.
10. The distributed key generation and authentication method for a wireless network according to claim 9, wherein transmission power of one of the first communication device and the second communication device when it transmits the key exchange information, the key authentication message, and the key confirmation message to the other is set so that its communication distance is not more than 1 meter.
11. The distributed key generation and authentication method of a wireless network according to claim 8, wherein in the authentication request information broadcast by the first communication device and the second communication device, a transmission radius is set to 0.
12. The distributed key generation and authentication method of a wireless network according to claim 11, wherein in the key exchange information, the key authentication message, and the key confirmation message transmitted by the first communication device and the second communication device, an information transmission radius is set to 0.
13. The distributed key generation and authentication method for a wireless network of claim 2 or 3, wherein the authentication request message is broadcast at regular intervals in the wireless network after the first communication device and the second communication device are triggered.
14. The distributed key generation and authentication method for a wireless network according to claim 2 or 3, wherein the asymmetric encryption algorithm is an ECDH algorithm, an RSA algorithm, a DSA algorithm, or a PKCS algorithm.
15. The distributed key generation and authentication method for a wireless network of claim 3, wherein an algorithm employed by the first communication device and the second communication device in calculating an application key based on the intermediate key they calculate is an AES-128 algorithm, an MD5 algorithm, a SHA-256 algorithm, an AES-256 algorithm, or a CBC-MAC algorithm.
16. A communication device for performing the distributed key generation and authentication method of the wireless network of any one of claims 1-15, the communication device being the first communication device or the second communication device;
the communication device has a trigger switch that is operated from the outside by a user so that the communication device is triggered to generate an application key and authenticate the application key;
the communication device has its own network address and has: the key authentication system comprises a key request module for generating authentication request information, a key exchange module for generating key exchange information, a key authentication module for generating key authentication information and a key confirmation module for generating key confirmation information;
the wireless network is a ZigBee wireless network, and the user-defined endpoint number of the communication equipment is used as an application entrance.
17. The communication device of claim 16, wherein the communication device has an adjustable transmit power, wherein
The transmission power is set so that the communication distance is not more than 1 meter at the time of its authentication request information broadcast by the communication device.
18. The communication device of claim 16, wherein the communication device has an adjustable transmit power, wherein
The transmission power is set so that a communication distance is not more than 1 meter when the communication device transmits the key exchange information, the key authentication message, and the key confirmation message.
CN202010789612.9A 2020-08-07 2020-08-07 Distributed key generation and authentication method and communication device for executing the method Pending CN111787537A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010789612.9A CN111787537A (en) 2020-08-07 2020-08-07 Distributed key generation and authentication method and communication device for executing the method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010789612.9A CN111787537A (en) 2020-08-07 2020-08-07 Distributed key generation and authentication method and communication device for executing the method

Publications (1)

Publication Number Publication Date
CN111787537A true CN111787537A (en) 2020-10-16

Family

ID=72761776

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010789612.9A Pending CN111787537A (en) 2020-08-07 2020-08-07 Distributed key generation and authentication method and communication device for executing the method

Country Status (1)

Country Link
CN (1) CN111787537A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572885A (en) * 2008-05-01 2009-11-04 三星电子株式会社 Method and apparatus for setting wireless local area network by using button
US20150229473A1 (en) * 2014-02-10 2015-08-13 Broadcom Corporation Push button configuration pairing
CN107852404A (en) * 2015-06-30 2018-03-27 维萨国际服务协会 Secret communication is mutually authenticated
US10129223B1 (en) * 2016-11-23 2018-11-13 Amazon Technologies, Inc. Lightweight encrypted communication protocol

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101572885A (en) * 2008-05-01 2009-11-04 三星电子株式会社 Method and apparatus for setting wireless local area network by using button
US20150229473A1 (en) * 2014-02-10 2015-08-13 Broadcom Corporation Push button configuration pairing
CN107852404A (en) * 2015-06-30 2018-03-27 维萨国际服务协会 Secret communication is mutually authenticated
US10129223B1 (en) * 2016-11-23 2018-11-13 Amazon Technologies, Inc. Lightweight encrypted communication protocol

Similar Documents

Publication Publication Date Title
Nyangaresi et al. Trusted authority based session key agreement and authentication algorithm for smart grid networks
CN1964258B (en) Method for secure device discovery and introduction
US8600063B2 (en) Key distribution system
CN101238677B (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved safety
CN101473668B (en) Method and apparatus for security protection of an original user identity in an initial signaling message
ES2250771T3 (en) PROCEDURES TO CHANGE A REMOTE COMMUNICATIONS PASSWORD.
JP4002035B2 (en) A method for transmitting sensitive information using unsecured communications
Cheikhrouhou et al. A lightweight user authentication scheme for wireless sensor networks
CN105577680A (en) Key generation method, encrypted data analyzing method, devices and key managing center
KR20000012131A (en) Method for establishing a key using over-the-air communication and password protocol and password protocol
WO2004071006A1 (en) Broadcast encryption key distribution system
CN104754581A (en) Public key password system based LTE wireless network security certification system
CN103354543A (en) Secure proximity verification of a node on a network
CN102547688A (en) Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel
CN107682152B (en) Group key negotiation method based on symmetric cipher
CN109075973A (en) A kind of method that use is carried out network and serviced unified certification based on the cryptography of ID
CN109951513A (en) Anti- quantum calculation wired home quantum cloud storage method and system based on quantum key card
Sekhar et al. Security in wireless sensor networks with public key techniques
US11019037B2 (en) Security improvements in a wireless data exchange protocol
CN106992866A (en) It is a kind of based on wireless network access methods of the NFC without certificate verification
Saxena et al. BVPSMS: A batch verification protocol for end-to-end secure SMS for mobile users
CN101437228B (en) Method, apparatus and system for implementing wireless business based on smart card
KR101517909B1 (en) Session Key Cross Certification Method
CN111787537A (en) Distributed key generation and authentication method and communication device for executing the method
KR101451163B1 (en) System and method for access authentication for wireless network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination