CN112398644B - Content key sharing method, system and storage medium - Google Patents

Content key sharing method, system and storage medium Download PDF

Info

Publication number
CN112398644B
CN112398644B CN202011084384.1A CN202011084384A CN112398644B CN 112398644 B CN112398644 B CN 112398644B CN 202011084384 A CN202011084384 A CN 202011084384A CN 112398644 B CN112398644 B CN 112398644B
Authority
CN
China
Prior art keywords
node
information
authentication
receiving
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011084384.1A
Other languages
Chinese (zh)
Other versions
CN112398644A (en
Inventor
余小龙
常林
李新国
张迪
赖育森
宫俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen National Engineering Laboratory Of Digital Television Co ltd
Original Assignee
Shenzhen National Engineering Laboratory Of Digital Television Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen National Engineering Laboratory Of Digital Television Co ltd filed Critical Shenzhen National Engineering Laboratory Of Digital Television Co ltd
Priority to CN202011084384.1A priority Critical patent/CN112398644B/en
Publication of CN112398644A publication Critical patent/CN112398644A/en
Application granted granted Critical
Publication of CN112398644B publication Critical patent/CN112398644B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a content key sharing method, a system and a storage medium, wherein the method comprises the following steps: the receiving node shares a key after performing pairwise authentication with an adjacent relay node, the relay node shares the key after performing pairwise authentication with an upper-level relay node or a source node, and the receiving node sends authentication information to the source node through the relay node; the source node receives and verifies the authentication information, and if the authentication information is successfully verified, the source node sends the verification information and the decryption key to the receiving node through the relay node; the receiving node receives the decryption key and the verification information, verifies according to the verification information, and sends confirmation information to the source node if the verification is passed; and the source node receives the confirmation information and sends the encrypted content to the receiving node sending the confirmation information according to the confirmation information. The decryption key is sent after authentication, and then the encrypted content is sent, so that data transmission is safe, the encrypted content is directly sent to the receiving node without being decrypted and encrypted by the relay node, and the burden of the relay node is saved.

Description

Content key sharing method, system and storage medium
Technical Field
The present invention relates to the technical field of keys, and in particular, to a method, a system, and a storage medium for sharing a content key.
Background
In order to protect the interests of copyright owners, consumer electronic devices for decoding, storing and displaying digital audio and video content should have a copyright protection function, i.e. be able to perform corresponding operations according to the copyright protection information of the digital audio and video content, i.e. these devices have a module dedicated to processing the copyright protection information, this module performs operations according to the copyright protection information, e.g. the copyright information shows that a certain movie cannot be copied, then after the device receives a copy request, this device will reject this request, and such devices are collectively called legal devices. Consumer electronics devices in home users are not always legal devices, and in order to ensure that digital audio and video content is only transmitted between legal devices, the legitimacy of the devices needs to be authenticated through an authentication key agreement protocol before content transmission, and a shared key is generated. Therefore, the video and audio content is transmitted between legal devices, and the video and audio content is protected.
In the process of connecting the interfaces with each other, key transmission is required to be performed, so as to perform decryption through key information to realize communication of each interface. However, authentication is required before key transmission, and the initiator and the relay party need to perform mutual authentication, and then the initiator forwards authentication information to the relay party, and the relay party needs to decrypt the authentication information and then encrypt the decrypted authentication information for transmission to the relay party or the receiving party on the upper level, and the receiving party decrypts the authentication information after receiving the authentication information.
Therefore, if there are multiple relays, the process of data transmission by multiple relays also needs to be encrypted and decrypted, which results in resource waste and increases the burden of the relays.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the invention provides a method for sharing a content key, which can reduce the burden of a transfer party and can keep the security of data transmission.
The invention also provides a content key sharing system.
The invention also provides a computer readable storage medium.
In a first aspect, an embodiment of the present invention provides a content key sharing method applied to an interface, where the interface includes multiple network node groups, where the network node groups include a source node, a sink node, and at least one relay node, where the method includes:
the receiving node and an adjacent relay node or receiving node share a key after authentication, the relay node and the relay node or the source node on the upper level share the key after authentication, and the receiving node sends authentication information to the source node through the relay node;
the source node receives and verifies the authentication information, and if the authentication information is successfully verified, the source node issues verification information and a decryption key to the receiving node through the relay node;
the receiving node receives the decryption key and the verification information, verifies the decryption key and the verification information according to the verification information, and sends confirmation information to the source node if the decryption key and the verification information pass verification;
and the source node receives the confirmation information and sends the encrypted content to a receiving node which sends the confirmation information according to the confirmation information.
The content key sharing method of the embodiment of the invention at least has the following beneficial effects: the receiving node and the relay node are used for authentication, then the relay node and the source node are used for pairwise authentication, the source node receives authentication information sent by the receiving node after authentication, a decryption key is issued to the receiving node after the authentication information is verified to be successful, confirmation information is returned to the source node after the receiving node receives the decryption key, the source node sends encrypted content to the receiving node sending the decryption key, the decryption key is sent after the authentication, the encrypted content is sent, data transmission is safe and simple, the encrypted content is directly sent to the receiving node, the relay node is not needed to conduct decryption and encrypted transmission, and burden of the relay node is saved.
According to the content key sharing method according to another embodiment of the present invention, pairwise authentication and key sharing are performed between the receiving node and an adjacent relay node, pairwise authentication and key sharing are performed between the relay node and the relay node or the source node on the upper level, and the receiving node sends authentication information to the source node through the relay node, including:
the receiving node and the relay node carry out pairwise authentication and share a secret key;
after the receiving node and the relay node finish authentication, the relay node receives authentication information from the receiving node;
and the relay node and the source node carry out pairwise authentication and share a key, and if the relay node and the source node finish authentication, the relay node forwards the authentication information to the source node.
According to another embodiment of the present invention, a method for sharing a content key, where the source node receives and verifies the authentication information, and if the authentication information is successfully verified, the source node issues verification information and a decryption key to the receiving node through the relay node, includes:
the source node verifies according to the authentication information, if the verification is successful, the source node encrypts the decryption key according to a key between the source node and the subordinate relay node to obtain a primarily encrypted decryption key, and sends the primarily encrypted decryption key and the authentication information to the authenticated relay node;
the relay node receives the decryption key encrypted for the first time, obtains the decryption key after decrypting according to the decryption key encrypted for the first time, obtains the decryption key encrypted for the second time by reusing the key between the relay node and the receiving node at the lower level according to the decryption key, and sends the decryption key encrypted for the second time and the verification information to the authenticated receiving node.
According to another embodiment of the present invention, a method for sharing a content key, in which the source node performs verification according to the authentication information, includes:
the source node extracts node ID information according to the authentication information;
and verifying whether the node ID information is cancelled or not, wherein if the node ID information is not cancelled, the verification is successful.
According to another embodiment of the present invention, a content key sharing method, where the verification information is node ID information, the receiving node receives the decryption key and the verification information, performs verification according to the verification information, and sends confirmation information to the source node if the verification is successful, includes:
the receiving node receives the decryption key and the node ID information which are secondarily encrypted;
judging whether the node ID information is matched with the ID information of the receiving node;
and if the matching is carried out, sending confirmation information to the source node.
A content key sharing method according to further embodiments of the present invention further includes:
and if the ID information of the receiving node is not matched with the received node ID information, discarding the decryption key of the secondary encryption.
A content key sharing method according to further embodiments of the present invention further includes:
after the source node sends the verification information and the decryption key, presetting a confirmation time threshold;
and if the confirmation information is not received within the preset confirmation time threshold, ending.
A content key sharing method according to further embodiments of the present invention further includes:
and if the relay node does not have a subordinate node or is not authenticated with the subordinate node after receiving the decryption key, discarding the decryption key.
In a second aspect, an embodiment of the present invention provides a content key sharing system including: a receiving node, a relay node and a source node;
the receiving node is used for sharing a key after pairwise authentication with the relay node or the receiving node;
the relay node is used for performing pairwise authentication with the relay node or the source node of the upper level, then sharing a secret key, and forwarding the authentication information to the source node;
the source node is also used for receiving and verifying the authentication information, and if the authentication information is successfully verified, the source node issues verification information and a decryption key to the receiving node through the relay node;
the receiving node is further configured to receive the decryption key and the verification information, perform verification according to the verification information, and send confirmation information to the source node if the verification passes;
and the source node is also used for receiving the confirmation information and sending the encrypted content to a receiving node which sends the confirmation information according to the confirmation information.
The content key sharing system of the embodiment of the invention at least has the following beneficial effects: the receiving node and the relay node are used for authentication, then the relay node and the source node are used for pairwise authentication, the source node receives authentication information sent by the receiving node after the authentication, and sends a decryption key to the receiving node after the authentication information is verified to be successful, and the receiving node returns confirmation information to the source node after receiving the decryption key, so that the source node sends encrypted content to the receiving node sending the decryption key, and sends the decryption key and the encrypted content after the authentication, so that the data transmission is safe and simple, the encrypted content is directly sent to the receiving node, the relay node is not required to decrypt and encrypt the transmission, and the burden of the relay node is saved.
In a third aspect, an embodiment of the invention provides a computer-readable storage medium, the computer-executable instructions for:
the content key sharing method described in the first aspect is performed.
The computer-readable storage medium of the embodiment of the invention at least has the following beneficial effects: the content key sharing method of the first aspect is made simple in operation by a computer-executable instruction for causing a computer to execute the content key sharing method.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
FIG. 1 is a flow chart illustrating a content key sharing method according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a content key sharing method according to another embodiment of the present invention;
fig. 3 is a schematic node structure diagram of a content key sharing method according to an embodiment of the present invention;
FIG. 4 is a flowchart illustrating a content key sharing method according to another embodiment of the present invention;
FIG. 5 is a flowchart illustrating a content key sharing method according to another embodiment of the present invention;
FIG. 6 is a flowchart illustrating a content key sharing method according to another embodiment of the present invention;
FIG. 7 is a flow chart illustrating a content key sharing method according to another embodiment of the present invention;
FIG. 8 is a flow chart illustrating a content key sharing method according to another embodiment of the present invention;
fig. 9 is a block diagram of a content key sharing system according to an embodiment of the present invention.
Reference numerals: 100. a receiving node; 200. a relay node; 300. and (4) a source node.
Detailed Description
The concept and technical effects of the present invention will be clearly and completely described below in conjunction with the embodiments to fully understand the objects, features and effects of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and those skilled in the art can obtain other embodiments without inventive effort based on the embodiments of the present invention, and all embodiments are within the protection scope of the present invention.
In the description of the present invention, if an orientation description is referred to, for example, the orientations or positional relationships indicated by "upper", "lower", "front", "rear", "left", "right", etc. are based on the orientations or positional relationships shown in the drawings, only for convenience of describing the present invention and simplifying the description, but not for indicating or implying that the referred device or element must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention. If a feature is referred to as being "disposed," "secured," "connected," or "mounted" to another feature, it can be directly disposed, secured, or connected to the other feature or indirectly disposed, secured, connected, or mounted to the other feature.
In the description of the embodiments of the present invention, if "a number" is referred to, it means one or more, if "a plurality" is referred to, it means two or more, if "greater than", "less than" or "more than" is referred to, it is understood that the number is not included, and if "greater than", "lower" or "inner" is referred to, it is understood that the number is included. If reference is made to "first" or "second", this should be understood to distinguish between features and not to indicate or imply relative importance or to implicitly indicate the number of indicated features or to implicitly indicate the precedence of the indicated features.
Currently, the main interface protection standards are HDCP (intel initiative) and DICP (electronic industry standard SJT 11407.1-2009 digital interface content protection system specification). The HDCP Authentication protocol comprises an AKE stage (Authentication and key exchange), an LC stage (location check), an SKE stage (Session key exchange) and an Authentication stage with a receiver, wherein the AKE stage comprises functions of identity one-way Authentication, key agreement, key reuse and the like and is used for establishing a secure shared main key.
When the AKE stage is finished, the HDCP authentication immediately enters an LC stage, and the LC is mainly used for verifying the geographical position and preventing the content protected by the HDCP from being forwarded remotely. In the LC stage, an authentication initiator initiates a message and sets a timer, and an authentication receiver must respond within 20ms, otherwise, the LC authentication is considered to fail and the authentication protocol is exited.
And entering an SKE stage after the LC stage is finished, wherein the SKE stage is used for negotiating a session key related to the content encryption. This phase is implemented by the HDCP authentication initiator sending a SKE _ Send _ eks message containing the encrypted session key.
When an interface transit party (HDCP responder) exists, an authentication initiator (HDCP transmitter) needs to additionally initiate authentication on the interface transit party after the SKE phase, so as to send a management instruction and receive interface topology information connected below the transit party. The HDCP management instruction is implemented in Stream _ ID _ Type, and is used to restrict whether the relay interface side allows forwarding of each Stream _ ID Stream to a low-version HDCP device. HDCP supports multiple layers of forwarding and multiple interfaces, and the topology information includes information about these layers and interface devices, such as the number of layers, and the digital certificate of each device, and is typically used to ensure the validity of the digital certificate of each device.
Therefore, forwarding in the interface participates in decryption and encryption of the content, a high-speed encryption and decryption module is required to be arranged in the forwarding in the interface, and authentication of each node is complicated.
Based on this, the application discloses a content key sharing method, a system and a storage medium, which can save the implementation cost of interface protection.
Referring to fig. 1, in a first aspect, a content key sharing method is applied to an interface, where the interface includes a plurality of network node groups, where each network node group includes a source node, a receiving node, and at least one relay node, and an embodiment of the present invention discloses a content key sharing method including:
s100, a receiving node and an adjacent relay node share a key after pairwise authentication, the relay node and a superior relay node or a source node share the key after pairwise authentication, and the receiving node sends authentication information to the source node through the relay node;
s200, the source node receives and verifies the authentication information, and if the authentication information is successfully verified, the relay node issues the verification information and the decryption key to the receiving node;
s300, the receiving node receives the decryption key and the verification information, compares the decryption key and the verification information with the node information of the receiving node according to the verification information, and sends confirmation information to the source node if the comparison is successful;
s400, the source node receives the confirmation information and sends the encrypted content to the receiving node sending the confirmation information according to the confirmation information.
When the receiving node needs to receive the content sent by the source node, the receiving node needs to perform pairwise authentication with the adjacent relay node for the initiator, if the receiving node and the adjacent relay node complete authentication, a key is contributed to the adjacent relay node, and the key between each relay node and each receiving node is unique. After the receiving node and the adjacent relay nodes complete mutual authentication, the relay nodes receive authentication information sent by the receiving node, then the relay nodes and the source node perform pairwise authentication, if the mutual authentication between the relay nodes and the source node is completed, the relay nodes share a secret key, and the secret key between each relay node and the source node is unique. And if the relay node and the source node complete authentication, the source node receives authentication information forwarded by the relay node. The source node receives the authentication information and then verifies the authentication information, if the authentication information is verified successfully, the decryption key and the verification information are issued to the relay node, the relay node forwards the decryption key and the verification information to the receiving node, after the receiving node receives the decryption key and the verification information, the receiving node verifies according to the verification information, if the receiving node verifies successfully, the confirmation information is sent to the source node, and the source node receives the confirmation information and sends the encrypted content to the receiving node sending the confirmation information according to the confirmation information. Therefore, after mutual authentication is performed on the receiving node, the relay node and the source node, the source node sends the decryption key through the relay node, returns confirmation information to the source node after the correct receiving node receives the decryption key, and sends the encrypted content to the receiving node, so that the receiving node can decrypt the encrypted content according to the received decryption key to obtain the decrypted content, and the safety degree of data transmission is greatly improved. After the authentication and the decryption key forwarding are completed, the relay node is only responsible for forwarding the encrypted content, the encrypted content does not need to be decrypted and then transmitted, the operation steps of the relay node are saved, the source node sends the decrypted content after being verified through the authentication information, and sends the encrypted content to the corresponding receiving node after receiving the confirmation information, so that the source node does not need to collect the information of each interface, and the transmission procedures of the encrypted content and the decryption key are simplified.
Referring to fig. 2, in some embodiments, step S100 includes:
s110, the receiving node and the relay node carry out pairwise authentication and share a secret key;
s120, after the receiving node and the relay node finish authentication, the relay node receives authentication information from the receiving node;
s130, the relay node and the source node perform pairwise authentication and share a secret key, and if the relay node and the source node complete authentication, the relay node forwards authentication information to the source node.
The receiving node and the relay node carry out pairwise authentication and share a secret key, the relay node receives authentication information from the receiving node, and then the relay node carries out authentication with the upper source node. And if the authentication is finished, transmitting authentication information to the source node to realize mutual authentication among the receiving node, the relay node and the source node, and forwarding the authentication information after the authentication among the nodes is passed to provide a safe information transmission route. The source node can judge whether information needs to be sent to the receiving nodes or not through the authentication information without collecting the information of each receiving node by the source node for comparison, so that the operation steps of authenticating the source node and the receiving nodes are saved.
Specifically, the authentication information includes globally unique node ID information of the receiving node. The receiving node authenticates the superior node, the superior node can be a relay node or a source node, if the superior node is the relay node, the relay node receives the authentication information after the receiving node completes authentication with the relay node, then the relay node verifies whether the receiving node sending the authentication information completes authentication, and if the relay node and the receiving node complete authentication, the relay node forwards the authentication information to the superior node. If the relay node and the receiving node sending the authentication information do not complete authentication, the authentication information is forwarded to the upper node after the authentication is completed. If the superior node of the receiving node is the source node, the source node receives the authentication information and then verifies whether the receiving node sending the authentication information completes authentication or not, and if the authentication is completed, the source node verifies the authentication information. If the superior node of the relay node is also the relay node, the relay node completes the same operation with the relay node to forward the authentication information until the superior node of the relay node is the source node. After receiving the authentication information, the relay node judges whether authentication of a receiving node or the relay node which sends the authentication information is completed, if so, the authentication information is forwarded to the source node so as to ensure that the information is forwarded after the authentication between the nodes, so that the sending safety of the authentication information is improved, the relay node only needs to forward the authentication information without analyzing the authentication information, and the relay node only needs to authenticate to a superior node, thereby simplifying the authentication steps between the nodes.
For example, referring to fig. 3, it is assumed that 4 layers of 9 nodes are included in the interface network, and the 9 nodes include 1 source node, 4 receiving nodes and 4 relay nodes, and the 9 nodes are a hierarchical tree structure, and the structure is shown with reference to fig. 3. In fig. 3, source is a Source node, router10 is a first relay node, and Router20 is a second relay node; router21 is a third relay node; router31 is a fourth relay node, sink22 is a first receiving node, sink30 is a second receiving node, sink32 is a third receiving node, and Sink40 is a fourth receiving node. In this configuration, if authentication is performed in a conventional manner, the operation is as follows: the source node initiates node authentication to the first relay node, and after the first relay node receives the node authentication request, the first relay node can initiate authentication to the second relay node, the third relay node and the first receiving node. Similarly, after the third relay node receives the node authentication request sent by the first relay node, the third relay node initiates node authentication to the fourth relay node, the second receiving node and the third receiving node. Therefore, by using the conventional authentication method, a plurality of nodes need to be authenticated, which complicates the procedure of node authentication. In this embodiment, for example, when the source node sends content to the third receiving node, after the third receiving node and the third relay node complete authentication, the third receiving node and the third relay node share a key, the third relay node prepares to send authentication information to the source node, and the authentication information includes ACK information of a globally unique ID of the third receiving node, so that sending the authentication information to the third relay node indicates that the third receiving node and the third relay node complete authentication. And after the authentication of the first relay node and the third relay node is not finished, the third relay node sends the authentication information to the first relay node, the first relay node receives the authentication information to check the authentication state of the third relay node, and after the authentication of the third relay node and the third relay node is finished, the third relay node sends the authentication information to the first relay node. And the first relay node checks the authentication state with the third relay node after receiving the authentication information, and if the authentication is not completed, the first relay node and the third relay node forward the authentication information to the source node after completing the authentication. For the tree structure interface, the interface network is composed of three types of source nodes, relay nodes and receiving nodes, only one source node is provided, and the superior interfaces of the relay nodes and the receiving nodes are only allowed to be connected with one node, so that authentication is initiated through the receiving nodes and then mutual authentication is performed layer by layer without performing mutual authentication on each node of each layer, thereby saving authentication steps and maintaining authentication security among the nodes.
Referring to fig. 4, in some embodiments, step S200 includes:
s210, the source node verifies according to the authentication information, if the verification is successful, the source node encrypts a decryption key according to a key between the source node and the subordinate relay node to obtain a primarily encrypted decryption key, and sends the primarily encrypted decryption key and the authentication information to the authenticated relay node;
s220, the relay node receives the decryption key, obtains the decryption key after decrypting according to the primarily encrypted decryption key, reuses the key between the relay node and a lower-level receiving node according to the decryption key to encrypt so as to obtain a secondarily encrypted decryption key, and sends the secondarily encrypted decryption key and the verification information to the authenticated receiving node.
After the authentication between the nodes is completed, the source node verifies according to the authentication information, if the authentication information is successfully verified, the verification information and the decryption key are sent to the lower node, and the decryption key sent by the source node is the decryption key which is encrypted by the key between the source node and the lower relay node and is encrypted for the first time. After the relay node receives the primarily encrypted decryption key, the relay node decrypts the primarily encrypted decryption key according to a key between the relay node and a subordinate relay node or a receiving node to obtain a decryption key, encrypts the decryption key according to a key shared by the relay node and the subordinate relay node or the receiving node to obtain a secondarily encrypted decryption key, and then sends the secondarily encrypted decryption key and the verification information to the authenticated relay node or the receiving node. The relay nodes send the secondarily encrypted decryption keys to the subordinate relay nodes, then the subordinate relay nodes decrypt the decryption keys according to the keys between the subordinate relay nodes and subordinate receiving nodes to obtain the decryption keys, and then the superior relay nodes encrypt the decryption keys according to the keys between the subordinate relay nodes and authenticated subordinate receiving nodes to transmit the decryption keys to the subordinate receiving nodes, so that the decryption keys of the source nodes can be safely transmitted downwards, and the security of key transmission is guaranteed.
Referring to fig. 5, in some embodiments, the verifying by the source node according to the authentication information includes:
s211, the source node extracts node ID information according to the authentication information;
s212, verifying whether the node ID information is revoked, wherein if the node ID information is not revoked, the verification is successful.
And the source node analyzes the authentication information to extract the node ID information, then verifies whether the node ID information is revoked, and if the node ID information is not revoked, the source node considers that the node ID information is successfully verified, and then sends the verification information and the primarily encrypted decryption key to a subordinate relay node or a receiving node. Whether the decryption key and the verification information are sent to the lower-level relay node or the receiving node is determined by the source node according to whether the node ID information is cancelled, so that the accuracy of sending the decryption key by the source node is improved, and unnecessary data transmission caused by sending the decryption key to the receiving node corresponding to the node ID information cancellation is prevented.
For example, referring to fig. 3, after completing pairwise authentication between nodes, the source node obtains authentication information, the source node checks the authentication status with the first relay node, and if the source node and the first relay node successfully authenticate, the source node analyzes the authentication information to obtain node ID information, and the node ID information is ID information of the third receiving node. And the source node judges whether the analyzed node ID information is revoked, if the node ID information is not revoked, the node ID information is considered to be valid, the source node encrypts a decryption key according to a key shared by the first relay node to obtain a primarily encrypted decryption key, the decryption key is Kc, and the primarily encrypted decryption key is recorded as E [ Kc ]. And then sending the primarily encrypted decryption key to a first relay node, checking the authentication state of the first relay node and a subordinate node, if the authentication of the second relay node, the third relay node and the first receiving node is completed, decrypting the primarily encrypted key by using a key shared by the subordinate node to obtain a decryption key Kc, then encrypting according to the key shared by each node to obtain a decryption key E '[ Kc ] encrypted twice trisection, and then sending the trisection independent E' [ Kc ] to the second relay node, the third relay node and the first receiving node respectively. The decryption key is encrypted and decrypted through the shared key between the nodes, an encryption module is not required to be independently arranged on each node, so that the encryption operation is simple and convenient, and the transmission of the decryption key is safe.
In some embodiments, referring to fig. 6, the verification information is node ID information, and the node ID information is the same as the node ID information parsed in the authentication information.
Step S300 includes:
s310, receiving the decryption key and the node ID information of the secondary encryption by the receiving node;
s320, judging whether the ID information of the node is matched with the ID information of the node;
and S330, if the data is matched with the source node, sending confirmation information to the source node.
When a plurality of relay nodes exist, the decryption key is encrypted between any two adjacent relay nodes to obtain the decryption key which is regarded as a secondary encrypted decryption key, and the receiving node receives the secondary encrypted decryption key and the node ID information, judges whether the node ID information is matched with the ID information of the receiving node, and sends confirmation information to the source node if the node ID information is matched with the ID information. Because the authentication information received by the source node is analyzed to obtain the node ID information, and the node ID information is the receiving node sending the authentication information, whether the receiving node is the receiving node sending the authentication information can be judged only by comparing the node ID information with the ID information of the receiving node, so that the sending safety of the decryption key is improved, and the subsequent source node can send the encrypted content to the correct receiving node.
Referring to fig. 6, in some embodiments, the content key sharing method further includes:
s340, if the ID information of the receiving node is not matched with the received node ID information, discarding the decryption key of the secondary encryption.
When the receiving node receives the node ID information and the secondary encrypted key information, the receiving node needs to determine whether the node ID information matches the ID information of the receiving node itself, and if not, the receiving node deletes the received secondary encrypted decryption key so as not to affect the storage space of the receiving node.
For example, referring to fig. 3, when the first relay node sends the decryption key and the node ID information that are twice encrypted to the second relay node, the third relay node, and the first receiving node, the first receiving node determines that the ID information of the first receiving node is not consistent with the node ID information, and the first receiving node discards the decryption key that is twice encrypted. After the third relay node receives the decryption key and the node ID information, the third relay node detects the authentication state of the subordinate node, if the authentication of the fourth relay node, the second receiving node and the third receiving node is completed, the third relay node uses the key shared by the subordinate node to unlock the decryption key of the secondary encryption to obtain the decryption key, then encryption is carried out according to the key shared among the fourth relay node, the second receiving node and the third receiving node to obtain the decryption key of the secondary encryption again as E '[ Kc ], and then three independent secondary encryption keys E' [ Kc ] are respectively sent to the fourth relay node, the second receiving node and the third receiving node, so that the decryption key can be safely transmitted. And the third receiving node receives the node ID information and the secondary encrypted decryption key, judges that the ID information of the third receiving node is consistent with the received node ID information, unlocks the secondary encrypted decryption key according to the key shared by the third receiving node and the third relay node to obtain the decryption key, and simultaneously generates confirmation information and sends the confirmation information to the source node along the third relay node and the first relay node. Therefore, the receiving node compares the ID information of the receiving node with the received node ID information to judge the correctness of the receiving node, so that the decryption key can be sent to the correct receiving node.
In some embodiments, after the source node receives the acknowledgement message, the source node sends the encrypted content to the relay node, and the relay node forwards the encrypted content to the receiving node that sent the acknowledgement message. When the relay node receives the encrypted content, the relay node only forwards the encrypted content to the subordinate relay node or the receiving node, and does not participate in decryption, so that the burden of the relay node is reduced.
For example, referring to fig. 3, the source node sends the encrypted content to the first relay node, which forwards the encrypted content to the third receiving node. Therefore, the first relay node and the third relay node only transmit the encrypted content and do not need to decrypt and encrypt the encrypted content, and the burden of the first relay node and the third relay node is reduced.
Referring to fig. 7, in some embodiments, the content key sharing method further includes:
and S230, if the relay node receives the decryption key, and if the relay node does not have a subordinate node or is not authenticated with the subordinate node, discarding the decryption key.
After the relay node receives the decryption key of the primary encryption or the secondary encryption, the relay node judges whether a lower node exists or the authentication between the relay node and the lower node is not completed, and if the relay node does not have the lower node, the authentication state of the relay node is incorrect so as to discard the decryption key of the primary encryption or the secondary encryption. If the relay node is not authenticated with the lower node, the relay node also discards the decryption key of the primary encryption or the secondary encryption. The decryption key which is encrypted for the first time or encrypted for the second time is discarded by the relay node which does not correspond to the relay node, so that the storage space of the relay node is saved, the relay can be prevented from randomly transmitting the decryption key, and the security of data transmission is influenced.
For example, referring to fig. 3, when the second relay node receives the primarily encrypted decryption key, since the second relay node does not have a lower node, the authentication state of the second relay node is incorrect and the primarily encrypted decryption key is discarded. When the fourth relay node receives the decryption key encrypted twice, the fourth relay node discards the decryption key encrypted twice because the fourth relay node does not complete authentication with the fourth receiving node. Therefore, the fourth relay node cannot transmit the twice encrypted decryption key at will and does not affect the storage space of the fourth relay node.
Referring to fig. 8, in some embodiments, the content key sharing method further includes:
s500, after the source node sends the verification information and the decryption key, presetting a confirmation time threshold;
and S600, if the confirmation information is not received within the preset confirmation time threshold, ending.
After sending the verification information and the primarily encrypted decryption key, the source node needs to receive the confirmation information within the preset time threshold, so that the encrypted content is further sent after receiving the confirmation information within the preset time threshold. If the corresponding receiving node cannot be found, the confirmation information does not need to be continuously waited through the preset time threshold of the source node, so that unnecessary waiting is prevented.
For example, referring to fig. 3, after the source node sends the acknowledgement information, the source node starts a timer, and waits for receiving the acknowledgement information returned by the third receiving node, and if the source node receives the acknowledgement information returned by the third receiving node within the preset time threshold, the source node decrypts the acknowledgement information to verify that the acknowledgement information is correct, and then starts to send the encrypted content.
In some embodiments, after the receiving node receives the encrypted content, the receiving node decrypts the encrypted content according to the previously received decryption key, and if the receiving node does not have the decryption key, the receiving node discards the encrypted content.
For example, when the third receiving node receives the encrypted content, the third receiving node decrypts the encrypted content according to the decryption key obtained in the second encryption before, so that the third receiving node can safely obtain the correct data content.
A content key sharing method according to an embodiment of the present invention is described in detail in a specific embodiment with reference to fig. 3. It is to be understood that the following description is only exemplary, and not a specific limitation of the invention.
In fig. 3, source is a Source node, router10 is a first relay node, and Router20 is a second relay node; router21 is a third relay node; router31 is a fourth relay node, sink22 is a first receiving node, sink30 is a second receiving node, sink32 is a third receiving node, and Sink40 is a fourth receiving node. And after the authentication of the first relay node and the third relay node is not finished, the third relay node sends the authentication information to the first relay node, the first relay node receives the authentication information to check the authentication state of the third relay node, and after the authentication of the third relay node and the third relay node is finished, the third relay node sends the authentication information to the first relay node. And the first relay node checks the authentication state with the third relay node after receiving the authentication information, and waits for the first relay node and the third relay node to finish authentication and then forwards the authentication information to the source node if the authentication is not finished.
After the authentication between the nodes is completed, the source node obtains authentication information, the source node checks the authentication state with the first relay node, and if the authentication between the source node and the first relay node is successful, the authentication information is analyzed to obtain node ID information. And the source node judges whether the analyzed node ID information is revoked, if the node ID information is not revoked, the node ID information is considered to be valid, the source node encrypts a decryption key according to a key shared by the first relay node to obtain a primarily encrypted decryption key, the decryption key is Kc, and the primarily encrypted decryption key is marked as E [ Kc ]. And then the source node sends the primarily encrypted decryption key to the first relay node, the first relay node checks the authentication state with the subordinate node, if the authentication of the second relay node, the third relay node and the first receiving node is completed, the primarily encrypted key is decrypted by using the key shared by the subordinate node to obtain a decryption key Kc, then encryption is carried out according to the key shared by each node to obtain a decryption key E 'Kc encrypted twice in thirds, and then the E' Kc independent in thirds is sent to the second relay node, the third relay node and the first receiving node respectively.
When the first relay node sends the decryption key and the node ID information which are encrypted twice to the second relay node, the third relay node and the first receiving node, the first receiving node judges that the ID information of the first receiving node is inconsistent with the node ID information, and the first receiving node discards the decryption key which is encrypted twice. After the third relay node receives the decryption key and the node ID information, the third relay node detects the authentication state of the subordinate node, if the authentication of the fourth relay node, the second receiving node and the third receiving node is completed, the third relay node uses the key shared by the subordinate node to unlock the decryption key of the secondary encryption to obtain the decryption key, then encryption is carried out according to the key shared among the fourth relay node, the second receiving node and the third receiving node to obtain the decryption key of the secondary encryption again as E '[ Kc ], and then three independent secondary encryption keys E' [ Kc ] are respectively sent to the fourth relay node, the second receiving node and the third receiving node, so that the decryption key can be safely transmitted. And the third receiving node receives the node ID information and the decryption key of the secondary encryption, judges that the ID information of the third receiving node is consistent with the received node ID information, unlocks the decryption key of the secondary encryption according to the key shared by the third receiving node and the third relay node to obtain the decryption key, and simultaneously generates confirmation information and sends the confirmation information to the source node along the third relay node and the first relay node.
When the second relay node receives the primarily encrypted decryption key, since the second relay node has no subordinate node, the authentication state of the second relay node is incorrect and the primarily encrypted decryption key is discarded. When the fourth relay node receives the decryption key encrypted twice, the fourth relay node discards the decryption key encrypted twice because the fourth relay node does not complete authentication with the fourth receiving node.
In a second aspect, referring to fig. 9, other embodiments of the present application further disclose a content key sharing system, including: a receiving node 100, a relay node 200, and a source node 300; the receiving node 100 is configured to perform pairwise authentication with the relay node 200 or the receiving node 100 and then share a key; the relay node 200 is configured to perform pairwise authentication with the superior relay node 200 or the source node 300, share a key, and forward authentication information to the source node 300; the source node 300 is further configured to receive and verify the authentication information, and if the authentication information is successfully verified, issue verification information and a decryption key to the receiving node 100 through the relay node 200; the receiving node 100 is further configured to receive the decryption key and the verification information, perform verification according to the verification information, and send a confirmation message to the source node 300 if the verification passes; the source node 300 is further configured to receive the acknowledgement information and issue the encrypted content to the receiving node 100 that sent the acknowledgement information according to the acknowledgement information.
The receiving node 100 and the relay node 200 are used for authentication, then the relay node 200 and the source node 300 are used for pairwise authentication, the source node 300 receives authentication information sent by the receiving node 100 after authentication, and sends a decryption key to the receiving node 100 after verifying that the authentication information is successful, and the receiving node 100 returns confirmation information to the source node 300 after receiving the decryption key, so that the source node 300 sends encrypted content to the receiving node 100 sending the decryption key, and sends the decryption key and the encrypted content after authentication, so that data transmission is safe and simple, the encrypted content is directly sent to the receiving node 100, the relay node 200 is not required to perform decryption and encrypted transmission, and the burden of the relay node 200 is saved. The content key sharing system performs the content key sharing method according to the first aspect, which is not described herein again.
In a third aspect, a computer-readable storage medium stores computer-executable instructions for causing a computer to perform a content key sharing method as in the first aspect.
The content key sharing method according to the first aspect is implemented by computer-executable instructions for causing a computer to execute the content key sharing method.
The above-described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention. Furthermore, the embodiments of the present invention and the features of the embodiments may be combined with each other without conflict.

Claims (10)

1. A content key sharing method applied to an interface, the interface comprising a plurality of network node groups, the network node groups comprising a source node, a receiving node and at least one relay node, the method comprising:
the receiving node and an adjacent relay node or receiving node share a key after authentication, the relay node and the relay node or the source node on the upper level share the key after authentication, and the receiving node sends authentication information to the source node through the relay node;
the source node receives and verifies the authentication information, and if the authentication information is verified successfully, the source node issues verification information and a decryption key to the receiving node through the relay node;
the receiving node receives the decryption key and the verification information, verifies the decryption key and the verification information according to the verification information, and sends confirmation information to the source node if the decryption key and the verification information pass verification;
and the source node receives the confirmation information and sends the encrypted content to a receiving node sending the confirmation information according to the confirmation information.
2. The content key sharing method according to claim 1, wherein the receiving node performs pairwise authentication with an adjacent relay node and shares a key, the relay node performs pairwise authentication with the relay node or a source node on the upper level and shares a key, and the receiving node transmits authentication information to the source node through the relay node, including:
the receiving node and the relay node carry out pairwise authentication and share a secret key;
after the receiving node and the relay node finish authentication, the relay node receives authentication information from the receiving node;
and the relay node and the source node carry out pairwise authentication and share a key, and if the relay node and the source node finish authentication, the relay node forwards the authentication information to the source node.
3. The method according to claim 1 or 2, wherein the source node receives and verifies the authentication information, and if the authentication information is successfully verified, the source node issues verification information and a decryption key to the sink node through the relay node, including:
the source node verifies according to the authentication information, encrypts the decryption key according to a key between the source node and the subordinate relay node to obtain a primarily encrypted decryption key if the verification is successful, and sends the primarily encrypted decryption key and the authentication information to the authenticated relay node;
the relay node receives the decryption key encrypted for the first time, obtains the decryption key after decrypting according to the decryption key encrypted for the first time, obtains the decryption key encrypted for the second time by reusing the key between the relay node and the receiving node at the lower level according to the decryption key, and sends the decryption key encrypted for the second time and the verification information to the authenticated receiving node.
4. The content key sharing method according to claim 1 or 2, wherein the source node performs verification according to the authentication information, and includes:
the source node extracts node ID information according to the authentication information;
and verifying whether the node ID information is revoked, wherein if the node ID information is not revoked, the verification is successful.
5. The method according to claim 4, wherein the authentication information is node ID information, the receiving node receives the decryption key and the authentication information, performs authentication according to the authentication information, and sends a confirmation message to the source node if the authentication is successful, comprising:
the receiving node receives the decryption key and the node ID information which are secondarily encrypted;
judging whether the node ID information is matched with the ID information of the receiving node;
and if the matching is carried out, sending confirmation information to the source node.
6. The content key sharing method according to claim 4, further comprising:
and if the ID information of the receiving node is not matched with the received node ID information, discarding the decryption key of the secondary encryption.
7. The content key sharing method according to claim 1, further comprising:
after the source node sends the verification information and the decryption key, presetting a confirmation time threshold;
and if the confirmation information is not received within the preset confirmation time threshold, ending the process.
8. The content key sharing method according to claim 3, further comprising:
and if the relay node does not have a subordinate node or is not authenticated with the subordinate node after receiving the decryption key, discarding the decryption key.
9. A content key sharing system, comprising: a receiving node, a relay node and a source node;
the receiving node is used for sharing a key after pairwise authentication with the relay node or the receiving node;
the relay node is used for performing pairwise authentication with the relay node or the source node at the upper level, then sharing a secret key, and forwarding authentication information to the source node;
the source node is also used for receiving and verifying the authentication information, and if the authentication information is successfully verified, the source node issues verification information and a decryption key to the receiving node through the relay node;
the receiving node is further configured to receive the decryption key and the verification information, perform verification according to the verification information, and send confirmation information to the source node if the verification is passed;
and the source node is also used for receiving the confirmation information and sending the encrypted content to a receiving node sending the confirmation information according to the confirmation information.
10. A computer-readable storage medium storing computer-executable instructions for:
the content key sharing method of any one of claims 1 to 8 is performed.
CN202011084384.1A 2020-10-12 2020-10-12 Content key sharing method, system and storage medium Active CN112398644B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011084384.1A CN112398644B (en) 2020-10-12 2020-10-12 Content key sharing method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011084384.1A CN112398644B (en) 2020-10-12 2020-10-12 Content key sharing method, system and storage medium

Publications (2)

Publication Number Publication Date
CN112398644A CN112398644A (en) 2021-02-23
CN112398644B true CN112398644B (en) 2023-03-03

Family

ID=74595949

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011084384.1A Active CN112398644B (en) 2020-10-12 2020-10-12 Content key sharing method, system and storage medium

Country Status (1)

Country Link
CN (1) CN112398644B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978730B (en) * 2022-05-27 2023-09-15 深圳铸泰科技有限公司 Security detection method and storage medium for Internet of things at perceived situation
CN115242389B (en) * 2022-09-23 2022-12-23 安徽华云安科技有限公司 Data confusion transmission method and system based on multi-level node network

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267365A (en) * 2007-03-14 2008-09-17 华为技术有限公司 Authentication method, system and device for communication network access of device
CN101729249A (en) * 2009-12-21 2010-06-09 西安西电捷通无线网络通信有限公司 Building method of safe connection among user terminals and system thereof
CN102098672A (en) * 2011-03-16 2011-06-15 北京邮电大学 Method and system for transmitting key information, transmitting end and receiving end
CN103905389A (en) * 2012-12-26 2014-07-02 华为终端有限公司 Relay equipment-based security association, data transmission method, device and system
CN106165353A (en) * 2014-04-14 2016-11-23 美国莱迪思半导体公司 Point-to-point authentication protocol is used to carry out high usage route to encryption stream

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5811771B2 (en) * 2011-10-31 2015-11-11 オンキヨー株式会社 Relay device, relay device program, and transmission device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101267365A (en) * 2007-03-14 2008-09-17 华为技术有限公司 Authentication method, system and device for communication network access of device
CN101729249A (en) * 2009-12-21 2010-06-09 西安西电捷通无线网络通信有限公司 Building method of safe connection among user terminals and system thereof
CN102098672A (en) * 2011-03-16 2011-06-15 北京邮电大学 Method and system for transmitting key information, transmitting end and receiving end
CN103905389A (en) * 2012-12-26 2014-07-02 华为终端有限公司 Relay equipment-based security association, data transmission method, device and system
CN106165353A (en) * 2014-04-14 2016-11-23 美国莱迪思半导体公司 Point-to-point authentication protocol is used to carry out high usage route to encryption stream

Also Published As

Publication number Publication date
CN112398644A (en) 2021-02-23

Similar Documents

Publication Publication Date Title
US11606341B2 (en) Apparatus for use in a can system
EP3337127B1 (en) Legitimacy verification of a node in a distributed network using certificate white-listing
CN111049660B (en) Certificate distribution method, system, device and equipment, and storage medium
CN107659406B (en) Resource operation method and device
CN112532393B (en) Verification method for cross-chain transaction, relay link point equipment and medium
CN106850680B (en) Intelligent identity authentication method and device for rail transit equipment
KR100749846B1 (en) Device for realizing security function in mac of portable internet system and authentication method using the device
JP2008547246A (en) Method for comprehensive authentication and management of service provider, terminal and user identification module, and system and terminal apparatus using the method
CN112398644B (en) Content key sharing method, system and storage medium
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN112383395B (en) Key negotiation method and device
CN111083696B (en) Communication verification method and system, mobile terminal and vehicle machine side
KR20100101887A (en) Method and system for authenticating in communication system
JP2019195229A (en) Roadside equipment, execution method for same, service provider device and mobile station
CN113766450A (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
CN115022850A (en) Authentication method, device, system, electronic equipment and medium for D2D communication
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
KR102415628B1 (en) Method and apparatus for authenticating drone using dim
CN116074061A (en) Data processing method and device for rail transit, electronic equipment and storage medium
JP3749679B2 (en) Method and apparatus for preventing illegal packet in wireless multi-hop network
CN112583853B (en) Content stream protection method, system and computer readable storage medium
CN114386063A (en) Authentication system, method and device for accessing data of Internet of things equipment
FI20225107A1 (en) System for dispersing access rights for routing devices in network
KR101490638B1 (en) Method of authenticating smart card, server performing the same and system performint the same
CN116248280B (en) Anti-theft method for security module without key issue, security module and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant