CN112910846A - Communication method based on trusted third party authentication - Google Patents
Communication method based on trusted third party authentication Download PDFInfo
- Publication number
- CN112910846A CN112910846A CN202110055732.0A CN202110055732A CN112910846A CN 112910846 A CN112910846 A CN 112910846A CN 202110055732 A CN202110055732 A CN 202110055732A CN 112910846 A CN112910846 A CN 112910846A
- Authority
- CN
- China
- Prior art keywords
- party
- trusted
- key
- information
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 56
- 238000004891 communication Methods 0.000 title claims abstract description 50
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000008569 process Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000007123 defense Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a communication method based on trusted third party authentication, which is characterized in that step 1, a first party of two parties needing to establish communication applies for a request message for establishing communication with a second party of the two parties needing to establish communication from a trusted third party; step 2, the trusted third party sends information containing the identity information of the first party to the second party by using an asymmetric key encryption mode according to the request information sent by the first party; step 3, the second party decrypts the information sent by the trusted third party and sends information containing a temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode; and 4, the first party decrypts the information sent by the second party and acquires the temporary key in the information, and the first party and the second party communicate through the temporary key. The method of the invention reduces the burden of storing and managing the key by the user, improves the communication efficiency and ensures the safety by mixing the asymmetric encryption and the symmetric encryption and introducing a third party.
Description
Technical Field
The invention relates to a communication method, in particular to a communication method based on trusted third party authentication.
Background
Data information is widely spread in a network, confidentiality in a communication process becomes a focus of social attention, and a communication protocol is a first line of defense for ensuring reliable transmission of information on an unsafe channel. When information interaction is carried out, both communication parties can obey a safety protocol agreed in advance, but the absolute safety of the information interaction process cannot be guaranteed, and a lot of important information still faces the risk of being stolen. The protocol itself may have some security vulnerabilities that others exploit to launch attacks, and the two communicating parties may therefore suffer a significant loss.
In the communication process, key encryption is generally adopted to ensure safety, and key encryption algorithms have two major categories: symmetric encryption algorithms and asymmetric encryption algorithms. The symmetric key encryption protocol always uses the same key to pass through the encryption and decryption processes of the message, and has the advantages of high encryption speed, incapability of carrying out identity authentication of a user and easy problem of difficult management due to overlarge number of keys held by a communication agent; the asymmetric key encryption protocol can realize the legal identity authentication of the user, and the security is higher. However, due to the high complexity of the key, the encryption method is slow in processing large-capacity messages.
In the prior art, a communication protocol with two mixed encryption modes is adopted, and two communication parties adopt asymmetric keys to perform communication identity authentication, so that each user needs to store a large number of keys, and the burden on key storage and management is brought to the user. Therefore, the key used for managing the identity authentication is distributed through the key distribution center, and then the symmetric key used in the communication process is distributed to the two communication parties, which solves the problem of storing the key by the user, but when the key distribution center is invaded, the communication security among all users is threatened.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a communication method based on trusted third party authentication, which improves the communication efficiency in a mode of mixing a symmetric key and an asymmetric key, reduces the burden of users and ensures the communication safety among the users by storing and managing the key by a feasible third party, not only solves the problem that the encryption and decryption processes in an asymmetric encryption protocol are complicated, but also solves the problem that a communication agent cannot perform identity authentication under a symmetric key system and the like.
The technical scheme of the invention is as follows: a communication method based on trusted third party authentication comprises the following steps:
step 2, the trusted third party sends information containing the identity information of the first party to the second party according to the request information sent by the first party by using an asymmetric key encryption mode;
step 3, the second party decrypts the information sent by the trusted third party and sends information containing a temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode;
and 4, the first party decrypts the information sent by the second party and acquires a temporary key therein, and the first party and the second party communicate through the temporary key.
Further, in step 1, when the first party sends the request information to the trusted third party, the request information is encrypted by using an asymmetric key encryption mode, and in step 2, the trusted third party decrypts the request information.
Further, the step 1 of sending the request information by the first party in an asymmetric key encryption manner is to encrypt the request information by using the public key of the trusted third party, and the step 2 of decrypting the request information sent by the first party by the trusted third party is carried out by using the private key of the trusted third party.
Further, the step 2 of sending information by the trusted third party by using an asymmetric key encryption manner is to encrypt the information by using the public key of the second party, and the step 3 of decrypting the information of the trusted third party by using the private key of the second party is performed by the second party when the second party decrypts the information of the trusted third party.
Further, the step 3 of sending information by the second party by using the asymmetric key encryption method is to encrypt the information by using the public key of the first party, and the step 4 of decrypting the information sent by the second party by the first party by using the private key of the first party.
Further, the request information in step 1 includes the ID of the first party, the ID of the second party, and the first random number generated by the first party.
Further, the information sent by the trusted third party to the second party in step 2 includes the ID of the first party, the public key of the first party, and the first random number, and the information sent by the second party to the first party in step 3 includes the temporary key and the first random number-1.
Further, in step 4, the first party sends a message containing a second random number to the second party by encrypting with the temporary key after obtaining the temporary key, and the second party sends a message containing a second random number-1 to the first party by encrypting with the temporary key after decrypting the message with the temporary key.
Further, the temporary key is destroyed after the communication between the first party and the second party is completed.
The invention adopts asymmetric key encryption technology in the identity authentication process between the first party and the second party, and adopts symmetric key encryption technology in the main communication process, and compared with the prior art, the invention has the advantages that: and the trusted third party is used as a communication bridge between two communication users, so that a guiding effect is achieved for communication between the users. In a conventional asymmetric key encryption scheme, each user needs to store the public keys of all other users in order to establish contact. And the introduction of the trusted third party stores the public keys of all the users, and the users only need to store the public keys of the trusted third party, so the storage burden of the users is reduced. And because the public key of the user is not completely disclosed any more, the trusted third party can prevent the harassment of the illegal user to a certain extent as a first defense line, and the safety is improved to a certain extent on the basis of the traditional public key encryption protocol. Different from a common key distribution method, because the trusted third party has the possibility of being invaded, the trusted third party in the method does not generate a temporary key, namely a session key used by the communication of the main body, and the temporary key is completed by the communication main body, namely the user, and the session key does not pass through the trusted third party, so that the method has better privacy. Even if a trusted third party is invaded by an illegal user, the communication process of the main body cannot be completely destroyed.
Drawings
Fig. 1 is a schematic flowchart of a communication method based on trusted third party authentication according to an embodiment.
Detailed Description
The present invention is further illustrated by the following examples, which are not to be construed as limiting the invention thereto.
Referring to fig. 1, in order that a user Tom wants to establish a communication relationship with a user Dick in a distributed network, a specific message flow of the method of the present invention is as follows:
the Tom of the user is a first party of communication, the Dick of the user is a second party of communication, and the KDC of the key distribution center is a trusted third party.
Firstly Tom sends a request message to KDC, the public key of KDC is used to encrypt the request message, the message body of the request message contains the name of itself (Tom), the name of the other side (Dick) and the random number Nt generated randomly;
after receiving the message sent by Tom, KDC decrypts the message using its own private key, and then forwards the message requesting communication to Dick. A message body sent to Dick by KDC includes Tom name, random number Nt and public key of user Tom, and the public key of Dick is used for encrypting the message body;
after receiving the message sent by the KDC, the Dick decrypts the message by using its own private key, and then sends a feedback message to Tom, indicating that it has received the request message. A message body of a feedback message sent by Dick to Tom contains a user name Dick, a random number Nt-1 and a randomly generated temporary key Temkey (a symmetric key encryption mode is adopted in the formal communication process, and the message body is encrypted by Temkey), and the message body is encrypted by using a public key of Tom;
tom decrypts the message by using its own public key after receiving the feedback message of Dick. Tom acquires the temporary key Temkey and then generates a random number Nt' as a message. Tom uses temporary key Temkey to encrypt the random number Nt 'and then sends the random number Nt' to Dick;
and after receiving the last message of Tom, Dick decrypts the message by using Temkey. After acquiring the random number Nt ', Dick sends the encrypted message to Tom with the random number (Nt' -1) as the message body and encrypted using the temporary key Temkey. At this point, the last handshake is completed, and the communication between the user Tom and the Dick is formally established.
The specific message interaction process can be described in the following semi-formalized manner:
Message 1:Tom→KDC:Pubkey_K{Tom,Dick,Nt}
Message 2:KDC→Dick:Pubkey_D{Tom,Pubkey_T,Nt}
Message 3:Dick→Tom:Pubkey_T{Dick,Nt-1,Temkey}
Message 4:Tom→Dick:Temkey{Nt'}
Message 5:Dick→Tom:Temkey{Nt'-1}
for the communication method based on the trusted third party authentication, the theorem proving tool Isabelle/HOL is adopted to carry out formalized modeling on the protocol, establish the security theorem and carry out verification on the correctness of the theorem. All protocol specifications relate to the syntax theory of messages by modeling the protocol in the theorem proving tool Isabelle/HOL. Modeling is carried out on data objects in the protocol, mapping functions between users and keys, behavior description functions of the users and spyware and a message interaction flow, and the behavior of the protocol system is described in an event tracking mode. And finally, establishing two safety reasons according to the protocol safety requirements and verifying the safety of the reasons by adopting an inductive analysis mode. The verification result shows that compared with the traditional key protocol, the invention has better safety while reducing the storage burden of the user and improving the message processing efficiency.
Claims (9)
1. A communication method based on trusted third party authentication is characterized in that, step 1, a first party of two parties needing to establish communication applies for a trusted third party for request information for establishing communication with a second party of the two parties needing to establish communication;
step 2, the trusted third party sends information containing the identity information of the first party to the second party according to the request information sent by the first party by using an asymmetric key encryption mode;
step 3, the second party decrypts the information sent by the trusted third party and sends information containing a temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode;
and 4, the first party decrypts the information sent by the second party and acquires a temporary key therein, and the first party and the second party communicate through the temporary key.
2. The communication method based on the trusted third party certification according to claim 1, wherein the first party encrypts the request information to the trusted third party by using an asymmetric key encryption method in step 1, and the trusted third party decrypts the request information in step 2.
3. The communication method according to claim 2, wherein the sending of the request information by the first party using the asymmetric key encryption in step 1 is to encrypt the request information by using a public key of the trusted third party, and the decrypting is performed by using a private key of the trusted third party when the request information sent by the first party is decrypted by the trusted third party in step 2.
4. The communication method according to claim 1, wherein the sending of the information by the trusted third party using asymmetric key encryption in step 2 is performed by encrypting the information with a public key of the second party, and the decrypting is performed by the second party with a private key of the second party when decrypting the information of the trusted third party in step 3.
5. The communication method based on the trusted third party certification according to claim 1, wherein the step 3 of sending information by the second party using asymmetric key encryption is to encrypt the information by using the public key of the first party, and the step 4 of decrypting the information sent by the second party by the first party by using the private key of the first party.
6. The communication method based on the trusted third party authentication according to claim 1, wherein the request information in step 1 includes an ID of the first party, an ID of the second party and a first random number generated by the first party.
7. The communication method based on the trusted third party certification according to claim 6, wherein the information sent by the trusted third party to the second party in step 2 includes the ID of the first party, the public key of the first party and the first random number, and the information sent by the second party to the first party in step 3 and including the temporary key further includes the first random number-1.
8. The communication method based on the trusted third party certification according to claim 1, wherein in step 4, the first party sends the message containing the second random number to the second party by the temporary key encryption after obtaining the temporary key, and the second party sends the message containing the second random number-1 to the first party by the temporary key encryption after decrypting the message by the temporary key.
9. The communication method based on the trusted third party authentication according to claim 1, wherein the temporary key is destroyed after the first party and the second party are communicated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110055732.0A CN112910846B (en) | 2021-01-15 | 2021-01-15 | Communication method based on trusted third party authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110055732.0A CN112910846B (en) | 2021-01-15 | 2021-01-15 | Communication method based on trusted third party authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112910846A true CN112910846A (en) | 2021-06-04 |
| CN112910846B CN112910846B (en) | 2024-02-27 |
Family
ID=76113463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110055732.0A Active CN112910846B (en) | 2021-01-15 | 2021-01-15 | Communication method based on trusted third party authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112910846B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101218782A (en) * | 2004-02-12 | 2008-07-09 | 克里普提瓦公司 | System and method for warranting electronic mail using a hybrid public key encryption scheme |
| CN101789865A (en) * | 2010-03-04 | 2010-07-28 | 深圳市华信安创科技有限公司 | Dedicated server used for encryption and encryption method |
| CN102624528A (en) * | 2012-03-02 | 2012-08-01 | 中国人民解放军总参谋部第六十一研究所 | IBAKA (Identity Based Authentication and Key Agreement) method |
| CN108683647A (en) * | 2018-04-28 | 2018-10-19 | 重庆交通大学 | A kind of data transmission method based on multi-enciphering |
| CN109963279A (en) * | 2019-03-08 | 2019-07-02 | 中国科学院上海微系统与信息技术研究所 | A kind of mixed encryption method applied to dynamic ad hoc network |
| CN110224976A (en) * | 2019-04-29 | 2019-09-10 | 北京邮电大学 | A kind of encryption communication method, device and computer readable storage medium |
| CN110535868A (en) * | 2019-09-05 | 2019-12-03 | 山东浪潮商用系统有限公司 | Data transmission method and system based on Hybrid Encryption algorithm |
| CN110855671A (en) * | 2019-11-15 | 2020-02-28 | 三星电子(中国)研发中心 | Trusted computing method and system |
| CN111049738A (en) * | 2019-12-24 | 2020-04-21 | 杭州安司源科技有限公司 | E-mail data security protection method based on hybrid encryption |
-
2021
- 2021-01-15 CN CN202110055732.0A patent/CN112910846B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101218782A (en) * | 2004-02-12 | 2008-07-09 | 克里普提瓦公司 | System and method for warranting electronic mail using a hybrid public key encryption scheme |
| CN101789865A (en) * | 2010-03-04 | 2010-07-28 | 深圳市华信安创科技有限公司 | Dedicated server used for encryption and encryption method |
| CN102624528A (en) * | 2012-03-02 | 2012-08-01 | 中国人民解放军总参谋部第六十一研究所 | IBAKA (Identity Based Authentication and Key Agreement) method |
| CN108683647A (en) * | 2018-04-28 | 2018-10-19 | 重庆交通大学 | A kind of data transmission method based on multi-enciphering |
| CN109963279A (en) * | 2019-03-08 | 2019-07-02 | 中国科学院上海微系统与信息技术研究所 | A kind of mixed encryption method applied to dynamic ad hoc network |
| CN110224976A (en) * | 2019-04-29 | 2019-09-10 | 北京邮电大学 | A kind of encryption communication method, device and computer readable storage medium |
| CN110535868A (en) * | 2019-09-05 | 2019-12-03 | 山东浪潮商用系统有限公司 | Data transmission method and system based on Hybrid Encryption algorithm |
| CN110855671A (en) * | 2019-11-15 | 2020-02-28 | 三星电子(中国)研发中心 | Trusted computing method and system |
| CN111049738A (en) * | 2019-12-24 | 2020-04-21 | 杭州安司源科技有限公司 | E-mail data security protection method based on hybrid encryption |
Non-Patent Citations (1)
| Title |
|---|
| SHEEN: "混合加密(对称加密与非对称加密)", pages 2 - 3 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112910846B (en) | 2024-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI744371B (en) | Data storage method, data acquisition method, device and system | |
| CA2423636C (en) | Methods for authenticating potential members invited to join a group | |
| US8433066B2 (en) | Method for generating an encryption/decryption key | |
| CN109639680B (en) | Ternary equal instant communication identity authentication and authority control method | |
| CN101515319B (en) | Cipher key processing method, cipher key cryptography service system and cipher key consultation method | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| US9712519B2 (en) | Efficient encryption, escrow and digital signatures | |
| CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
| CN104253694A (en) | Encrypting method for network data transmission | |
| CN110087240B (en) | Wireless network security data transmission method and system based on WPA2-PSK mode | |
| CN113806772A (en) | Information encryption transmission method and device based on block chain | |
| CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
| US10630466B1 (en) | Apparatus and method for exchanging cryptographic information with reduced overhead and latency | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN108768613A (en) | A kind of ciphertext password method of calibration based on multiple encryption algorithms | |
| CN104270242A (en) | Encryption and decryption device used for network data encryption transmission | |
| CN112383391A (en) | Data security protection method based on data attribute authorization, storage medium and terminal | |
| CN116886288A (en) | Quantum session key distribution method and device | |
| CN110519222B (en) | External network access identity authentication method and system based on disposable asymmetric key pair and key fob | |
| WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN104394532A (en) | Anti-brute force safe log-in method for mobile terminal | |
| CN108737087B (en) | Protection method for mailbox account password and computer readable storage medium | |
| Bat-Erdene et al. | Security verification of key exchange in ciphertext-policy attribute based encryption | |
| CN116132025A (en) | Key negotiation method, device and communication system based on preset key group |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |