CN111817846A - Lightweight key negotiation communication protocol - Google Patents

Lightweight key negotiation communication protocol Download PDF

Info

Publication number
CN111817846A
CN111817846A CN202010551918.0A CN202010551918A CN111817846A CN 111817846 A CN111817846 A CN 111817846A CN 202010551918 A CN202010551918 A CN 202010551918A CN 111817846 A CN111817846 A CN 111817846A
Authority
CN
China
Prior art keywords
msg
key
platform
terminal
skey2
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010551918.0A
Other languages
Chinese (zh)
Inventor
秦熠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Ruilang Information Technology Co ltd
Original Assignee
Zhejiang Ruilang Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Ruilang Information Technology Co ltd filed Critical Zhejiang Ruilang Information Technology Co ltd
Priority to CN202010551918.0A priority Critical patent/CN111817846A/en
Publication of CN111817846A publication Critical patent/CN111817846A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a lightweight key negotiation communication protocol.A security platform comprises a platform public key, a platform private key, a terminal public key and a master key; the gas terminal comprises a terminal public key, a terminal private key, a platform public key and a master key; the communication protocol flow comprises the following steps: the gas terminal generates a dispersion factor, generates a session key by combining a master key and the dispersion factor, and sends a ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))) to the secure platform; after the security platform receives the ciphertext, the platform private key is used for decrypting the ciphertext to obtain msg and N, and the terminal public key is used for verifying the signature value ESkey2(H (msg | | N)) to ensure authenticity and integrity of msg and N; generating a session key by using the master key in combination with the dispersion factor; encrypted communication is performed by using the session key; the invention simplifies the key negotiation communication flowAnd the safety and integrity of communication can be ensured.

Description

Lightweight key negotiation communication protocol
Technical Field
The invention relates to a communication protocol, in particular to a lightweight key agreement communication protocol.
Background
TLS, a secure transport layer protocol, is used to provide privacy and data integrity between two communicating applications. The standard TLS comprises four handshaking for carrying out key agreement, and subsequent normal and safe communication is carried out only after the handshaking is completed, and the high-complexity key agreement mode is completely not suitable for the Internet of things gas industry with low power consumption requirements.
Therefore, a lightweight key agreement communication protocol with simple flow, low power consumption and no reduction in security becomes an urgent problem to be solved.
Disclosure of Invention
The invention aims to solve the technical problems of complex flow, high power consumption and the like in the prior art.
In order to solve the technical problems, the technical scheme provided by the invention is as follows: a light-weight key agreement communication protocol, the security platform comprises a platform public key cert1, a platform private key skey1, a terminal public key cert2 and a master key Mk; the gas terminal comprises a terminal public key cert2, a terminal private key skey2, a platform public key cert1 and a master key Mk;
the communication protocol flow comprises the following steps:
the method comprises the following steps: the gas terminal generates a dispersion factor N, generates a session key Sk by combining a master key Mk and the dispersion factor N, and sends a ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))) to the secure platform;
step two: the secure platform receives ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))), decrypting the signature with a platform private key skey1 to obtain msg and N, and verifying a signature value E with a terminal public key cert2Skey2(H (msg | | N)), and ensuring the authenticity and integrity of msg and N after verification is error-free; generating a session key Sk by using Mk and a dispersion factor N;
step three: encrypted communication is carried out by using a session key Sk, the msg' is encrypted by using the Sk and sent to the gas terminal by the security platform; and the gas terminal decrypts the data by Sk to obtain msg'.
Further, the msg is a service message sent to the security platform by the gas terminal.
Further, the msg' is a service message sent by the security platform to the gas terminal.
Further, said Ecert1(msg||N||ESkey2(H (msg N))) is the platform public key cert for msg N ESkey2(H (msg | | N)) is encrypted.
Further, the H (msg | | | N) is a hash operation on msg | | | N.
Compared with the prior art, the invention has the advantages that: in the prior art, key agreement communication can be carried out after key agreement is carried out through at least 4 handshakes, so that the service information can be safely transmitted, the process is complex, and the power consumption is high; although the safety requirement is met, the low power consumption requirement of the gas Internet of things industry cannot be met; in the invention, the service information is synchronously transmitted during the key agreement, thereby simplifying the key agreement communication process, ensuring the safety and the integrity of the communication, completing the key agreement function once and for all and simultaneously transmitting the service information once and for all; the invention has reasonable design and is worth popularizing.
Drawings
FIG. 1 is a flow diagram of a lightweight key agreement communication protocol;
as shown in the figure: n is a dispersion factor, msg is a service message sent to the gas terminal by the security platform, msg' is a service message sent to the security platform by the gas terminal, and Ecert1(msg||N||ESkey2(H (msg | | N))) is ciphertext, ESkey2(H (msg | | N)) is the signature value, Sk is the session key.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
The present invention will be described in detail with reference to fig. 1.
The invention provides a lightweight key negotiation communication protocol in specific implementation, which comprises a security platform, a gas terminal and a communication protocol, wherein the security platform comprises a platform public key cert1, a platform private key skey1, a terminal public key cert2 and a master key Mk; the gas terminal comprises a terminal public key cert2, a terminal private key skey2, a platform public key cert1 and a master key Mk;
the communication protocol flow comprises the following steps:
the method comprises the following steps: the gas terminal generates a dispersion factor N, generates a session key Sk by combining a master key Mk and the dispersion factor N, and sends a ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))) to the secure platform;
step two: the secure platform receives ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))), decrypting the signature with a platform private key skey1 to obtain msg and N, and verifying a signature value E with a terminal public key cert2Skey2(H (msg | | N)), and ensuring the authenticity and integrity of msg and N after verification is error-free; generating a session key Sk by using Mk and a dispersion factor N;
step three: encrypted communication is carried out by using a session key Sk, the msg' is encrypted by using the Sk and sent to the gas terminal by the security platform; and the gas terminal decrypts the data by Sk to obtain msg'.
And the msg is a service message sent to the safety platform by the gas terminal.
The msg' is a service message sent to the gas terminal by the security platform.
Said Ecert1(msg||N||ESkey2(H (msg. N))) is the platform public key cert1 for msg. N. ESkey2(H (msg | | N)) is encrypted.
And H (msg | N) is used for carrying out hash operation on the msg | N.
The specific implementation process of the lightweight key agreement communication protocol of the invention is as follows: the invention uses a standard national cryptographic algorithm: an SM2 asymmetric encryption algorithm, an SM3 hash digest algorithm and an SM4 symmetric encryption algorithm; the security chip of the gas terminal supporting the national cryptographic algorithm generates a dispersion factor N, wherein N is a 16-bit random number, a standard key dispersion function is called, a parameter master key Mk and the dispersion factor N are input, and a session key Sk is generated. Signing the service message msg and the dispersion factor N by using a terminal private key skey2 to obtain a signature value ESkey2(H(msg||N));
Calling SM2 encryption function, inputting parameter platform public key cert1, service message msg, dispersion factor N and signature value ESkey2(H (msg | | N)), the platform public key cert1 is used for matching the service message msg, the dispersion factor N and the signature value ESkey2(H (msg | | N)) is encrypted to obtain a ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))), and sending to a security platform;
after receiving the encrypted message, the security platform calls an SM2 decryption function, and inputs a parameter platform private key skey1 and a ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))), decrypting the ciphertext by using a platform private key skey1 to obtain a service message msg, a dispersion factor N and a signature value ESkey2(H (msg | | N)), then calling an SM2 signature verification function, and inputting a parameter terminal public key cert2, a service message msg, a dispersion factor N and a signature value ESkey2(H (msg | | N)), the signature value E is signed with the terminal public key cert2Skey2(H (msg | | N)) is checked, and the authenticity and integrity of msg and N can be ensured after the check is correct;
the security platform calls a standard key distributed function similarly, a parameter master key Mk and a distributed factor N are input to generate a session key Sk, the session key Sk known by the two parties is used for carrying out encryption communication, the security platform calls an SM4 encryption function, a parameter session key Sk and a service message msg ' are input, the service message msg ' is encrypted by the session key Sk to obtain a ciphertext, the ciphertext is sent to the gas terminal security chip, the gas terminal security chip calls an SM4 decryption function, the parameter session key Sk and the ciphertext are input, and the ciphertext is decrypted by the session key Sk to obtain msg '.
In the prior art, key agreement communication can be carried out after key agreement is carried out through at least 4 handshakes, so that the service information can be safely transmitted, the process is complex, and the power consumption is high; although the safety requirement is met, the low power consumption requirement of the gas Internet of things industry cannot be met; in the invention, the service information is synchronously transmitted during the key agreement, thereby simplifying the key agreement communication process, ensuring the safety and the integrity of the communication, completing the key agreement function once and for all and simultaneously transmitting the service information once and for all; the invention has reasonable design and is worth popularizing.
The present invention and its embodiments have been described above, but the description is not limitative, and the actual structure is not limited thereto. In summary, those skilled in the art should appreciate that they can readily use the disclosed conception and specific embodiments as a basis for designing or modifying other structures for carrying out the same purposes of the present invention without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (5)

1. A lightweight key agreement communication protocol comprises a security platform, a gas terminal and a communication protocol, and is characterized in that: the security platform comprises a platform public key cert1, a platform private key skey1, a terminal public key cert2 and a master key Mk; the gas terminal comprises a terminal public key cert2, a terminal private key skey2, a platform public key cert1 and a master key Mk;
the communication protocol flow comprises the following steps:
the method comprises the following steps: the gas terminal generates a dispersion factor N, generates a session key Sk by combining a master key Mk and the dispersion factor N, and sends a ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))) to the secure platform;
step two: the secure platform receives ciphertext Ecert1(msg||N||ESkey2(H (msg | | N))), decrypting the signature with a platform private key skey1 to obtain msg and N, and verifying a signature value E with a terminal public key cert2Skey2(H (msg | | N)), and ensuring the authenticity and integrity of msg and N after verification is error-free; generating a session key Sk by using Mk and a dispersion factor N;
step three: encrypted communication is carried out by using a session key Sk, the msg' is encrypted by using the Sk and sent to the gas terminal by the security platform; and the gas terminal decrypts the data by Sk to obtain msg'.
2. A lightweight key agreement communication protocol according to claim 1, characterized in that: and the msg is a service message sent to the safety platform by the gas terminal.
3. A lightweight key agreement communication protocol according to claim 1, characterized in that: the msg' is a service message sent to the gas terminal by the security platform.
4. A lightweight key agreement communication protocol according to claim 1, characterized in that: said Ecert1(msg||N||ESkey2(H (msg. N))) is the platform public key cert1 for msg. N. ESkey2(H (msg | | N)) is encrypted.
5. A lightweight key agreement communication protocol according to claim 1, characterized in that: and H (msg | N) is used for carrying out hash operation on the msg | N.
CN202010551918.0A 2020-06-17 2020-06-17 Lightweight key negotiation communication protocol Pending CN111817846A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010551918.0A CN111817846A (en) 2020-06-17 2020-06-17 Lightweight key negotiation communication protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010551918.0A CN111817846A (en) 2020-06-17 2020-06-17 Lightweight key negotiation communication protocol

Publications (1)

Publication Number Publication Date
CN111817846A true CN111817846A (en) 2020-10-23

Family

ID=72845100

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010551918.0A Pending CN111817846A (en) 2020-06-17 2020-06-17 Lightweight key negotiation communication protocol

Country Status (1)

Country Link
CN (1) CN111817846A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113079022A (en) * 2021-03-31 2021-07-06 郑州信大捷安信息技术股份有限公司 Secure transmission method and system based on SM2 key negotiation mechanism
CN115802348A (en) * 2023-02-09 2023-03-14 信联科技(南京)有限公司 Low-power consumption NB-IoT terminal and secure communication mechanism
CN116132043A (en) * 2023-04-20 2023-05-16 北京智芯微电子科技有限公司 Session key negotiation method, device and equipment
CN116982288A (en) * 2022-07-04 2023-10-31 嘉兴倍创网络科技有限公司 Point-to-point secure communication method for Internet of things

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101511083A (en) * 2008-12-25 2009-08-19 北京握奇数据系统有限公司 Authentication method and terminal for telecom smart card
CN110943957A (en) * 2018-09-21 2020-03-31 郑州信大捷安信息技术股份有限公司 Safety communication system and method for vehicle intranet

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101511083A (en) * 2008-12-25 2009-08-19 北京握奇数据系统有限公司 Authentication method and terminal for telecom smart card
CN110943957A (en) * 2018-09-21 2020-03-31 郑州信大捷安信息技术股份有限公司 Safety communication system and method for vehicle intranet

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
曹化工等: "基于智能卡的PKI体系实现框架", 《小型微型计算机系统》 *
黄益彬等: "电网智能终端安全防护技术研究", 《电力信息化》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113079022A (en) * 2021-03-31 2021-07-06 郑州信大捷安信息技术股份有限公司 Secure transmission method and system based on SM2 key negotiation mechanism
CN113079022B (en) * 2021-03-31 2022-02-18 郑州信大捷安信息技术股份有限公司 Secure transmission method and system based on SM2 key negotiation mechanism
CN116982288A (en) * 2022-07-04 2023-10-31 嘉兴倍创网络科技有限公司 Point-to-point secure communication method for Internet of things
CN115802348A (en) * 2023-02-09 2023-03-14 信联科技(南京)有限公司 Low-power consumption NB-IoT terminal and secure communication mechanism
CN116132043A (en) * 2023-04-20 2023-05-16 北京智芯微电子科技有限公司 Session key negotiation method, device and equipment
CN116132043B (en) * 2023-04-20 2023-06-23 北京智芯微电子科技有限公司 Session key negotiation method, device and equipment

Similar Documents

Publication Publication Date Title
CN112887338B (en) Identity authentication method and system based on IBC identification password
CN104158653B (en) A kind of safety communicating method based on the close algorithm of business
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
EP2416524B1 (en) System and method for secure transaction of data between wireless communication device and server
CN111817846A (en) Lightweight key negotiation communication protocol
US20030026433A1 (en) Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique
US20100228968A1 (en) Split termination of secure communication sessions with mutual certificate-based authentication
CN108599925A (en) A kind of modified AKA identity authorization systems and method based on quantum communication network
CN110048849B (en) Multi-layer protection session key negotiation method
CN102868531B (en) Networked transaction certification system and method
US10630466B1 (en) Apparatus and method for exchanging cryptographic information with reduced overhead and latency
CN112564906A (en) Block chain-based data security interaction method and system
TW201537937A (en) Unified identity authentication platform and authentication method thereof
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN114650173A (en) Encryption communication method and system
CN1316405C (en) Method for obtaining digital siguature and realizing data safety
CN109274663A (en) Communication means based on SM2 dynamic key exchange and SM4 data encryption
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
CN113300842B (en) Method for improving security of symmetric encryption algorithm
CN114598533A (en) Block chain side chain cross-chain identity trusted authentication and data encryption transmission method
CN110266485A (en) A kind of Internet of Things secure communication control method based on NB-IoT
CN108768958B (en) Verification method for data integrity and source based on no leakage of verified information by third party
CN114928503B (en) Method for realizing secure channel and data transmission method
CN116760530A (en) Lightweight authentication key negotiation method for electric power Internet of things terminal
CN113839786B (en) Key distribution method and system based on SM9 key algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201023

RJ01 Rejection of invention patent application after publication