CN112910846B - Communication method based on trusted third party authentication - Google Patents
Communication method based on trusted third party authentication Download PDFInfo
- Publication number
- CN112910846B CN112910846B CN202110055732.0A CN202110055732A CN112910846B CN 112910846 B CN112910846 B CN 112910846B CN 202110055732 A CN202110055732 A CN 202110055732A CN 112910846 B CN112910846 B CN 112910846B
- Authority
- CN
- China
- Prior art keywords
- party
- key
- trusted
- information
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 53
- 238000004891 communication Methods 0.000 title claims abstract description 47
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000008569 process Effects 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000007123 defense Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The invention discloses a communication method based on trusted third party authentication, which is characterized in that step 1, a first direction trusted third party in two parties needing to establish communication applies for request information for establishing communication with a second party in two parties needing to establish communication; step 2, the trusted third party sends information containing the identity information of the first party to the second party according to the request information sent by the first party and by using an asymmetric key encryption mode; step 3, the second party decrypts the information sent by the trusted third party and sends information containing a temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode; and 4, the first party decrypts the information sent by the second party and acquires the temporary key, and the first party and the second party communicate through the temporary key. The method of the invention reduces the burden of storing the management key by the user, improves the communication efficiency and ensures the safety by mixing asymmetric encryption and symmetric encryption and introducing a third party.
Description
Technical Field
The invention relates to a communication method, in particular to a communication method based on trusted third party authentication.
Background
Data information is widely spread in networks, confidentiality of the communication process is a focus of social concern, and communication protocols are the first lines of defense to ensure reliable transmission of information over unsafe channels. When information interaction is carried out, the two communication parties can observe a pre-agreed safety protocol, but the process of information interaction cannot be ensured to be absolutely safe, and a lot of important information still faces the risk of being stolen. The protocol itself may have some security holes that others exploit to develop attacks, and the communication partners may therefore suffer significant losses.
In the communication process, key encryption is generally adopted to ensure safety, and key encryption algorithms have two main types: symmetric encryption algorithms and asymmetric encryption algorithms. The symmetric key encryption protocol always uses the same key to penetrate through the encryption and decryption processes of the message, and has the advantages of high encryption speed, incapability of carrying out identity authentication of a user, and easiness in causing the problem that the number of the keys held by a communication agency is too large to be easily managed; the asymmetric key encryption protocol can realize legal identity authentication of the user, and has higher security. However, due to the high complexity of the key, this encryption scheme is slow in handling large volume messages.
In the prior art, two kinds of communication protocols mixed by encryption modes are adopted, and two parties of communication adopt asymmetric keys for communication identity authentication, so that each user is required to store a large number of keys, and the burden on key storage and management is brought to the user. Therefore, the key distribution center is used for managing the key used for identity authentication, and then the symmetric key used in the communication process is distributed to the two communication parties, so that the problem of storing the key by the users is solved, and when the key distribution center is invaded, the communication security among all users is threatened.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a communication method based on trusted third party authentication, which improves communication efficiency in a mode of mixing a symmetric key and an asymmetric key, reduces the burden of users and ensures the communication safety among the users by storing and managing the key by a feasible third party, not only solves the problem that encryption and decryption processes in an asymmetric encryption protocol are complicated, but also solves the problem that a communication agent cannot perform identity authentication under a symmetric key system.
The technical scheme of the invention is as follows: a communication method based on trusted third party authentication comprises the following steps:
step 1, a first direction trusted third party in two parties needing to establish communication applies for request information for establishing communication with a second party in two parties needing to establish communication;
step 2, the trusted third party sends information containing the identity information of the first party to the second party according to the request information sent by the first party and by using an asymmetric key encryption mode;
step 3, the second party decrypts the information sent by the trusted third party and sends information containing a temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode;
and 4, the first party decrypts the information sent by the second party and acquires the temporary key therein, and the first party and the second party communicate through the temporary key.
Further, in step 1, when the first party sends the request information, the request information is encrypted by using an asymmetric key encryption mode, and in step 2, the trusted party decrypts the request information.
In step 1, the first party uses the asymmetric key encryption mode to send the request information, which is to encrypt the request information by using the public key of the trusted third party, and in step 2, the trusted third party decrypts the request information sent by the first party by using the private key of the trusted third party.
In step 2, the trusted third party uses the asymmetric key encryption mode to send information, which is to encrypt the information by using the public key of the second party, and in step 3, the second party decrypts the information of the trusted third party by using the private key of the second party.
Further, in step 3, the second party uses the asymmetric key encryption to send information, which is to encrypt information by using the public key of the first party, and in step 4, the first party decrypts the information sent by the second party by using the private key of the first party.
Further, in step 1, the request information includes an ID of the first party, an ID of the second party, and a first random number generated by the first party.
Further, in step 2, the information sent by the third party to the second party includes the ID of the first party, the public key of the first party, and the first random number, and in step 3, the information including the temporary key sent by the second party to the first party further includes the first random number-1.
Further, in step 4, the first party obtains the temporary key and then encrypts a message containing a second random number with the temporary key to the second party, and the second party decrypts the message with the temporary key and then encrypts a message containing a second random number-1 with the temporary key to the first party.
Further, the first party destroys the temporary key after communication with the second party is completed.
The invention adopts an asymmetric key encryption technology in the identity authentication process between the first party and the second party, and adopts a symmetric key encryption technology in the main communication process, compared with the prior art, the invention has the advantages that: the trusted third party is used as a communication bridge between the two parties of the communication user, so that a guiding effect is achieved for the communication between the users. In a conventional asymmetric key encryption scheme, each user needs to store the public keys of all other users in order to establish a relationship. And the introduction of the trusted third party stores the public keys of all users, and the users only need to store the public keys of the trusted third party, so that the storage burden of the users is reduced. And because the public key of the user is not completely disclosed any more, the trusted third party can prevent harassment of illegal users to a certain extent as a first defense line, and the security is improved to a certain extent on the basis of the traditional public key encryption protocol. Unlike common key distributing method, the trusted third party has no temporary key, i.e. the session key used in the main communication, and the session key is completed by the communication main body, i.e. the user, without passing through the trusted third party, and has better privacy. Even if a trusted third party is invaded by an illegal user, the communication process of the main body cannot be completely destroyed.
Drawings
Fig. 1 is a schematic flow chart of a communication method based on trusted third party authentication according to an embodiment.
Detailed Description
The invention is further illustrated, but is not limited, by the following examples.
Referring to fig. 1, in order to establish a communication relationship between a user Tom and a user Dick in a distributed network, a specific message flow of the method of the present invention is as follows:
the user Tom is a first party of communication, the user Dick is a second party of communication, and the key distribution center KDC is a trusted third party.
Firstly, tom sends a request message to KDC, the request message is encrypted by using the public key of the KDC, and the message body of the request message comprises the name (Tom) of the user, the name (Dick) of the opposite party and a random number Nt generated randomly;
after receiving the message sent by Tom, the KDC decrypts the message using its own private key, and then forwards the message requesting communication to the Dick. The message body sent to the Dick by the KDC comprises the name of Tom, a random number Nt and a public key of the Tom of the user, and the message body is encrypted by using the public key of the Dick;
after receiving the message sent by the KDC, the Dick decrypts the message by using its own private key, and then sends a feedback message to Tom, indicating that it has received the request message. The message body of the feedback message sent to Tom by the Dick comprises a user name Dick, a random number Nt-1 and a randomly generated temporary key Temkey (the formal communication process adopts a symmetric key encryption mode, adopts the Temkey to encrypt the message body), and encrypts the message body by using the public key of Tom;
tom decrypts the message using its own public key after receiving the Dick feedback message. Tom obtains the temporary key Temkey and then generates a random number Nt' as a message. Tom uses a temporary key Temkey to encrypt the random number Nt 'and then sends the random number Nt' to Dick;
after the Dick receives the last message of Tom, it decrypts the message using the temp key. After the random number Nt 'is acquired, dick takes the random number (Nt' -1) as the message body and encrypts it using the temporary key temp, sending the encrypted message to Tom. So far, the last handshake is completed, and the communication between the users Tom and Dick is formally established.
The specific message interaction process can be described in the following semi-formal manner:
Message 1:Tom→KDC:Pubkey_K{Tom,Dick,Nt}
Message 2:KDC→Dick:Pubkey_D{Tom,Pubkey_T,Nt}
Message 3:Dick→Tom:Pubkey_T{Dick,Nt-1,Temkey}
Message 4:Tom→Dick:Temkey{Nt'}
Message 5:Dick→Tom:Temkey{Nt'-1}
for the communication method based on the trusted third party authentication, an theorem proving tool Isable/HOL is adopted to perform formal modeling on the protocol, a security primer is established, and correctness of the primer is unfolded and verified. By modeling the protocol in the theorem proving tool Isable/HOL, all protocol specifications relate to the grammar theory of messages. Modeling data objects in the protocol, mapping functions between users and secret keys, behavior description functions of users and spyware and message interaction flow, and describing the behavior of the protocol system in an event tracking mode. And finally, establishing two security quotations according to the protocol security requirements, and verifying the security of the quotations by adopting a way of inductive analysis. The verification result shows that compared with the traditional key protocol, the invention reduces the storage burden of the user and improves the information processing efficiency, and simultaneously has better security.
Claims (5)
1. A communication method based on trusted third party authentication is characterized in that step 1, a first party in two parties needing to establish communication applies for request information for establishing communication with a second party in two parties needing to establish communication; the first party sends the request information in an asymmetric key encryption mode, and the first party encrypts the request information by adopting the public key of the trusted third party;
step 2, the trusted third party decrypts the request information by using the private key of the trusted third party, and the trusted third party sends information containing the identity information of the first party to the second party according to the request information sent by the first party and by using an asymmetric key encryption mode; the trusted third party uses an asymmetric key encryption mode to send information, and encrypts the information by adopting a public key of the second party;
step 3, the second party decrypts the information sent by the trusted third party by using the private key of the second party and sends the information containing the temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode; wherein the second party sends the information containing the temporary key to the first party by using an asymmetric key encryption mode, and the information is encrypted by adopting a public key of the first party;
and 4, decrypting the information sent by the second party by the first party by using the private key of the first party and obtaining the temporary key therein, wherein the first party and the second party communicate through the temporary key.
2. The communication method based on trusted third party authentication according to claim 1, wherein the request information in step 1 includes an ID of the first party, an ID of the second party, and a first random number generated by the first party.
3. The communication method based on trusted third party authentication according to claim 2, wherein the information sent by the trusted third party to the second party in step 2 includes the ID of the first party, the public key of the first party, and the first random number, and the information including the temporary key sent by the second party to the first party in step 3 further includes the first random number-1.
4. The communication method based on trusted third party authentication according to claim 1, wherein in step 4, the first party sends a message containing a second random number to the second party with the temporary key encryption after obtaining the temporary key, and the second party sends a message containing a second random number-1 to the first party with the temporary key encryption after decrypting the message with the temporary key.
5. The communication method based on trusted third party authentication of claim 1, wherein the temporary key is destroyed after the first party has completed communicating with the second party.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110055732.0A CN112910846B (en) | 2021-01-15 | 2021-01-15 | Communication method based on trusted third party authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110055732.0A CN112910846B (en) | 2021-01-15 | 2021-01-15 | Communication method based on trusted third party authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112910846A CN112910846A (en) | 2021-06-04 |
| CN112910846B true CN112910846B (en) | 2024-02-27 |
Family
ID=76113463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110055732.0A Active CN112910846B (en) | 2021-01-15 | 2021-01-15 | Communication method based on trusted third party authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112910846B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101218782A (en) * | 2004-02-12 | 2008-07-09 | 克里普提瓦公司 | System and method for warranting electronic mail using a hybrid public key encryption scheme |
| CN101789865A (en) * | 2010-03-04 | 2010-07-28 | 深圳市华信安创科技有限公司 | Dedicated server used for encryption and encryption method |
| CN102624528A (en) * | 2012-03-02 | 2012-08-01 | 中国人民解放军总参谋部第六十一研究所 | IBAKA (Identity Based Authentication and Key Agreement) method |
| CN108683647A (en) * | 2018-04-28 | 2018-10-19 | 重庆交通大学 | A kind of data transmission method based on multi-enciphering |
| CN109963279A (en) * | 2019-03-08 | 2019-07-02 | 中国科学院上海微系统与信息技术研究所 | A kind of mixed encryption method applied to dynamic ad hoc network |
| CN110224976A (en) * | 2019-04-29 | 2019-09-10 | 北京邮电大学 | A kind of encryption communication method, device and computer readable storage medium |
| CN110535868A (en) * | 2019-09-05 | 2019-12-03 | 山东浪潮商用系统有限公司 | Data transmission method and system based on Hybrid Encryption algorithm |
| CN110855671A (en) * | 2019-11-15 | 2020-02-28 | 三星电子(中国)研发中心 | Trusted computing method and system |
| CN111049738A (en) * | 2019-12-24 | 2020-04-21 | 杭州安司源科技有限公司 | E-mail data security protection method based on hybrid encryption |
-
2021
- 2021-01-15 CN CN202110055732.0A patent/CN112910846B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101218782A (en) * | 2004-02-12 | 2008-07-09 | 克里普提瓦公司 | System and method for warranting electronic mail using a hybrid public key encryption scheme |
| CN101789865A (en) * | 2010-03-04 | 2010-07-28 | 深圳市华信安创科技有限公司 | Dedicated server used for encryption and encryption method |
| CN102624528A (en) * | 2012-03-02 | 2012-08-01 | 中国人民解放军总参谋部第六十一研究所 | IBAKA (Identity Based Authentication and Key Agreement) method |
| CN108683647A (en) * | 2018-04-28 | 2018-10-19 | 重庆交通大学 | A kind of data transmission method based on multi-enciphering |
| CN109963279A (en) * | 2019-03-08 | 2019-07-02 | 中国科学院上海微系统与信息技术研究所 | A kind of mixed encryption method applied to dynamic ad hoc network |
| CN110224976A (en) * | 2019-04-29 | 2019-09-10 | 北京邮电大学 | A kind of encryption communication method, device and computer readable storage medium |
| CN110535868A (en) * | 2019-09-05 | 2019-12-03 | 山东浪潮商用系统有限公司 | Data transmission method and system based on Hybrid Encryption algorithm |
| CN110855671A (en) * | 2019-11-15 | 2020-02-28 | 三星电子(中国)研发中心 | Trusted computing method and system |
| CN111049738A (en) * | 2019-12-24 | 2020-04-21 | 杭州安司源科技有限公司 | E-mail data security protection method based on hybrid encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112910846A (en) | 2021-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7024563B2 (en) | Confidential and mutually authenticated key exchange | |
| US10693848B2 (en) | Installation of a terminal in a secure system | |
| CA2423636C (en) | Methods for authenticating potential members invited to join a group | |
| TW201814496A (en) | Data storage method, data acquisition method, device and system wherein security of both the data key and the data ciphertext is ensured because the data key shared by the first device and the second device is protected under the storage root key of the respective trusted platform modules | |
| EP3205048B1 (en) | Generating a symmetric encryption key | |
| US8433066B2 (en) | Method for generating an encryption/decryption key | |
| CN101800738B (en) | Realization system and method for safely visiting and storing intranet data by mobile equipment | |
| CN111756529B (en) | Quantum session key distribution method and system | |
| CN101094394A (en) | Method for guaranteeing safe transmission of video data, and video monitoring system | |
| CN112637136A (en) | Encrypted communication method and system | |
| CN109639680B (en) | Ternary equal instant communication identity authentication and authority control method | |
| CN111914291A (en) | Message processing method, device, equipment and storage medium | |
| CN116886288A (en) | Quantum session key distribution method and device | |
| CN109962924B (en) | Group chat construction method, group message sending method, group message receiving method and system | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| WO2020042023A1 (en) | Instant messaging data encryption method and apparatus | |
| CN104394532A (en) | Anti-brute force safe log-in method for mobile terminal | |
| CN112910846B (en) | Communication method based on trusted third party authentication | |
| CN112054905B (en) | Secure communication method and system of mobile terminal | |
| Sarumi | A review of encryption methods for secure data communication | |
| CN114218555B (en) | Method and device for enhancing password security strength of password management APP (application) password and storage medium | |
| CN114205170B (en) | Bridging port platform networking communication and service encryption calling method | |
| WO2023082578A1 (en) | Verification method, communication node and system | |
| Ranjith et al. | Research Issues and Scope of Data Security by Self Destruction Mechanism in Cloud Computing. | |
| CN104901932A (en) | Secure login method based on CPK (Combined Public Key Cryptosystem) identity authentication technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |