CN113852459B - Key agreement method, device and computer readable storage medium - Google Patents

Key agreement method, device and computer readable storage medium Download PDF

Info

Publication number
CN113852459B
CN113852459B CN202110932718.4A CN202110932718A CN113852459B CN 113852459 B CN113852459 B CN 113852459B CN 202110932718 A CN202110932718 A CN 202110932718A CN 113852459 B CN113852459 B CN 113852459B
Authority
CN
China
Prior art keywords
key
message
identity information
client
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110932718.4A
Other languages
Chinese (zh)
Other versions
CN113852459A (en
Inventor
陈福
郭凯
隋智源
朱建明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central university of finance and economics
Original Assignee
Central university of finance and economics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central university of finance and economics filed Critical Central university of finance and economics
Priority to CN202110932718.4A priority Critical patent/CN113852459B/en
Publication of CN113852459A publication Critical patent/CN113852459A/en
Application granted granted Critical
Publication of CN113852459B publication Critical patent/CN113852459B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Abstract

The application discloses a key negotiation method, equipment and a computer readable storage medium, which belong to the technical field of the Internet of things, and the method comprises the following steps: sending the identity information and key calculation parameters of the client to the PCA; receiving a shared key and anonymous identity information returned by the PCA based on the identity information and the key calculation parameter, and sending a first key negotiation message to a server based on the shared key and the anonymous identity information, wherein the first key negotiation message is used for the server to acquire a session key; and receiving a second key negotiation message sent by the server, and acquiring a session key according to the second key negotiation message. The method can obtain the shared secret key and the anonymous identity information of the client through PCA, reduces the calculation consumption of the server, and the server does not receive the identity information of the client, so that the client is completely anonymous to the server, and the security of the network is improved.

Description

Key agreement method, device and computer readable storage medium
Technical Field
The present disclosure relates to the field of internet of things, and in particular, to a key negotiation method, device and computer readable storage medium.
Background
The internet of things (Internet of Things, IOT) is a network that enables all common physical objects that can be addressed independently to be interconnected and interworked based on information carriers such as the internet, a traditional telecommunications network, and the like. With the development of communication technology, the internet of things equipment bears more important and private data transmission service, and the security of the internet of things equipment needs to be ensured. Therefore, in order to ensure the reliability and confidentiality of the internet of things system, a shared session key can be negotiated for two or more communication parties by using a key negotiation protocol (Key Agreement Protocols, KAP), so as to provide security services such as confidentiality, authentication or integrity for subsequent communication sessions.
In the related art, key negotiation operations such as identity authentication and calculation of a key based on identity information are generally performed by interaction between two communication parties (e.g., a client and a server). However, the key negotiation method in the related art may cause heavy computation consumption due to the huge number of devices and limited device resources in the internet of things environment. In addition, because the client needs to send the real identity information to the server, the server acquires the anonymous identity information, which may cause the exposure of the user identity of the client, and reduce the security of the network.
Disclosure of Invention
The application provides a key negotiation method, a device and a computer readable storage medium, which can solve the problems in the related art.
In a first aspect, a key agreement method is provided, the method comprising:
sending identity information and key calculation parameters of a client to a PCA (Personal Certification Authority, personal authentication mechanism), wherein the identity information and the key calculation parameters are used for the PCA to acquire and return a shared key and anonymous identity information of the client;
receiving the shared key and the anonymous identity information returned by the PCA, and sending a first key negotiation message to a server based on the shared key and the anonymous identity information, wherein the first key negotiation message is used for the server to acquire a session key;
and receiving a second key negotiation message sent by the server, and acquiring the session key according to the second key negotiation message.
In one possible implementation, the sending, to a server, a first key agreement message based on the shared key and the anonymous identity information includes:
receiving the basic parameters sent by the PCA and a third one-way hash function, wherein the third one-way hash function is used for generating a hash value of an input message;
Acquiring a first private key, and acquiring a first public key based on the first private key and the basic parameter;
obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function;
acquiring the first key negotiation message based on the anonymous identity information, the first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting the message digest key, and the first key negotiation message comprises the anonymous identity information, the first public key and the first message authentication code;
and sending the first key negotiation message to the server.
In a possible implementation manner, the second key negotiation message includes a second public key and a second message authentication code, and the second message authentication code is obtained by encrypting the message digest key;
the obtaining the session key according to the second key negotiation message includes:
checking the integrity of the second key agreement message according to the message digest key;
receiving a fourth one-way hash function sent by the PCA in response to the second key agreement message being complete; acquiring a verification value based on the second public key and the first private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In a second aspect, a key agreement method is provided, the method comprising:
receiving identity information and key calculation parameters sent by a client;
acquiring a shared key and anonymous identity information of the client according to the identity information and the key calculation parameter;
and returning the shared key and the anonymous identity information to the client, and sending the shared key, the anonymous identity information and the key calculation parameter to a server.
In one possible embodiment, the method further comprises:
obtaining a public parameter set, wherein the public parameter set comprises a basic parameter, a first one-way hash function, a second one-way hash function, a third one-way hash function, a fourth one-way hash function and a message authentication code, the first one-way hash function, the second one-way hash function, the third one-way hash function and the fourth one-way hash function are used for generating hash values for input messages, and the message authentication code is used for checking the integrity of the messages and verifying the identity of the sources of the messages;
and sending the public parameter set to the client and the server.
In a possible implementation manner, the obtaining the shared key and the anonymous identity information of the client according to the identity information and the key calculation parameter includes:
Acquiring a root key;
acquiring the shared key based on the identity information, the key calculation parameter, the root key, the base parameter and the first one-way hash function;
and acquiring the anonymous identity information based on the identity information, the key calculation parameter and the second one-way hash function.
In a possible implementation manner, before the returning the shared key and the anonymous identity information to the client, the method further includes:
searching whether the anonymous identity information is included in a database;
responding to the anonymous identity information contained in the database, and sending acquisition failure information to the client, wherein the acquisition failure information is used for indicating the client to update key calculation parameters and resending the identity information and the updated key calculation parameters;
and storing the shared key, the anonymous identity information and the key calculation parameter into the database in response to the anonymous identity information not being included in the database.
In a third aspect, a key agreement method is provided, the method comprising:
receiving a shared key, anonymous identity information and key calculation parameters of a client sent by PCA;
Receiving a first key negotiation message sent by the client, and acquiring a session key based on the anonymous identity information, the shared key, the key calculation parameter and the first key negotiation message;
and sending a second key negotiation message to the client, wherein the second key negotiation message is used for the client to acquire the session key.
In a possible implementation manner, the first key negotiation message includes anonymous identity information of the client, a first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting a message digest key;
the obtaining a session key based on the anonymous identity information, the shared key, the key calculation parameter, and the first key agreement message includes:
receiving a third one-way hash function sent by the PCA, wherein the third one-way hash function is used for generating a hash value of an input message;
acquiring a second private key, and acquiring a second public key based on the second private key and the basic parameter;
obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function;
Checking the integrity of the first key agreement message according to the message digest key;
receiving a fourth one-way hash function sent by the PCA in response to the first key agreement message being complete; acquiring a verification value based on the first public key and the second private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In one possible implementation manner, the sending the second key negotiation message to the client includes:
acquiring the second key negotiation message based on the anonymous identity information, the second public key and a second message authentication code, wherein the second message authentication code is obtained by encrypting the message digest key, and the second key negotiation message comprises the anonymous identity information, the second public key and the second message authentication code;
and sending the second key negotiation message to the client.
In a fourth aspect, there is provided a key agreement device, the device comprising:
the first sending module is used for sending the identity information and the key calculation parameters of the client to the PCA, wherein the identity information and the key calculation parameters are used for the PCA to acquire and return the shared key and the anonymous identity information of the client;
The second sending module is used for receiving the shared key and the anonymous identity information returned by the PCA, sending a first key negotiation message to a server based on the shared key and the anonymous identity information, wherein the first key negotiation message is used for the server to acquire a session key;
and the acquisition module is used for receiving a second key negotiation message sent by the server and acquiring the session key according to the second key negotiation message.
In one possible implementation, the second transmitting module is configured to receive the base parameter sent by the PCA and a third one-way hash function, where the third one-way hash function is configured to generate a hash value for the input message; acquiring a first private key, and acquiring a first public key based on the first private key and the basic parameter; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; acquiring the first key negotiation message based on the anonymous identity information, the first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting the message digest key, and the first key negotiation message comprises the anonymous identity information, the first public key and the first message authentication code; and sending the first key negotiation message to the server.
In a possible implementation manner, the second key negotiation message includes a second public key and a second message authentication code, and the second message authentication code is obtained by encrypting the message digest key;
the acquisition module is used for checking the integrity of the second key negotiation message according to the message digest key; and obtaining the session key based on the first private key, the first public key and the second public key in response to the second key agreement message being complete.
In one possible implementation, the obtaining module is configured to receive a fourth one-way hash function sent by the PCA; acquiring a verification value based on the second public key and the first private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In a fifth aspect, there is provided a key agreement device, the device comprising:
the receiving module is used for receiving the identity information and the key calculation parameters sent by the client;
the acquisition module is used for acquiring the shared secret key and the anonymous identity information of the client according to the identity information and the secret key calculation parameter;
And the return module is used for returning the shared secret key and the anonymous identity information to the client and sending the shared secret key, the anonymous identity information and the secret key calculation parameters to a server.
In a possible implementation manner, the obtaining module is further configured to obtain a public parameter set, where the public parameter set includes a base parameter, a first one-way hash function, a second one-way hash function, a third one-way hash function, a fourth one-way hash function, and a message authentication code, where the first one-way hash function, the second one-way hash function, the third one-way hash function, and the fourth one-way hash function are used to generate a hash value for an input message, and the message authentication code is used to check the integrity of the message and verify the identity of the source of the message; and sending the public parameter set to the client and the server.
In a possible implementation manner, the acquiring module is configured to acquire a root key; acquiring the shared key based on the identity information, the key calculation parameter, the root key, the base parameter and the first one-way hash function; and acquiring the anonymous identity information based on the identity information, the key calculation parameter and the second one-way hash function.
In one possible embodiment, the apparatus further comprises:
the checking module is used for searching whether the anonymous identity information is included in the database; responding to the anonymous identity information contained in the database, and sending acquisition failure information to the client, wherein the acquisition failure information is used for indicating the client to update key calculation parameters and resending the identity information and the updated key calculation parameters; and storing the shared key, the anonymous identity information and the key calculation parameter into a database in response to the anonymous identity information not being included in the database.
In a sixth aspect, there is provided a key agreement device, the device comprising:
the receiving module is used for receiving the shared secret key, the anonymous identity information and the secret key calculation parameter of the client sent by the PCA;
the acquisition module is used for receiving a first key negotiation message sent by the client and acquiring a session key based on the anonymous identity information, the shared key, the key calculation parameter and the first key negotiation message;
and the sending module is used for sending a second key negotiation message to the client, wherein the second key negotiation message is used for the client to acquire the session key.
In a possible implementation manner, the first key negotiation message includes anonymous identity information of the client, a first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting a message digest key;
the acquisition module is used for receiving a third one-way hash function sent by the PCA, and the third one-way hash function is used for generating a hash value of the input message; acquiring a second private key, and acquiring a second public key based on the second private key and the basic parameter; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; checking the integrity of the first key agreement message according to the message digest key; and acquiring the session key based on the first public key, the second private key and the second public key in response to the first key negotiation message being complete.
In one possible implementation, the obtaining module is configured to receive a fourth one-way hash function sent by the PCA; acquiring a verification value based on the first public key and the second private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In a possible implementation manner, the sending module is configured to obtain the second key negotiation message based on the anonymous identity information, the second public key, and a second message authentication code, where the second message authentication code is obtained by encrypting the message digest key, and the second key negotiation message includes the anonymous identity information, the second public key, and the second message authentication code; and sending the second key negotiation message to the client.
In a seventh aspect, there is also provided a key agreement system, the system comprising a client, a PCA and a server;
the client is configured to perform the key agreement method according to the first aspect or any of the possible implementation manners of the first aspect, the PCA is configured to perform the key agreement method according to the second aspect or any of the possible implementation manners of the second aspect, and the server is configured to perform the key agreement method according to the third aspect or any of the possible implementation manners of the third aspect.
In an eighth aspect, there is also provided a computer device comprising a processor and a memory, the memory having stored therein at least one program code, the at least one program code being loaded and executed by the processor to cause the computer device to implement the key agreement method of any one of the above.
In a ninth aspect, there is also provided a computer-readable storage medium having stored therein at least one program code loaded and executed by a processor to cause a computer to implement the key agreement method of any one of the above.
In a tenth aspect, there is also provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform any of the key agreement methods described above.
The technical scheme provided by the application can at least bring the following beneficial effects:
according to the technical scheme, the client and the server acquire the shared key and the anonymous identity information of the client through PCA, so that the calculation consumption of the server is reduced, the server does not receive the identity information of the client, the complete anonymity of the client to the server is realized, and the security of a network is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an implementation environment of a key negotiation method according to an embodiment of the present application;
fig. 2 is a flowchart of a key negotiation method provided in an embodiment of the present application;
fig. 3 is an interaction schematic diagram of a key negotiation method provided in an embodiment of the present application;
fig. 4 is a schematic diagram of a key negotiation apparatus according to an embodiment of the present application;
fig. 5 is a schematic diagram of a key negotiation apparatus according to an embodiment of the present application;
fig. 6 is a schematic diagram of a key negotiation apparatus according to an embodiment of the present application;
FIG. 7 is a schematic structural diagram of a computer device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The embodiment of the application provides a key negotiation method which can be interactively realized by a client, PCA and a server. Fig. 1 is a schematic diagram of an implementation environment of a key negotiation method according to an embodiment of the present application, and as shown in fig. 1, the implementation environment includes a client 101, a PCA 102 and a server 103.
Where the client 101 refers to a network access capable device, for example, a WiFi (Wireless Fidelity ) access capable device. Optionally, the client 101 is an intelligent device (such as VR (Virtual Reality) glasses, intelligent wearable device, smart tv, smart speaker, etc.), a terminal device, a router, a mobile phone, a tablet computer, or other devices with network access capability, which is not limited in this embodiment of the present application. Alternatively, one client 101 or a plurality of clients 101, which is not limited in this embodiment of the present application, in practical application, the number of clients 101 may be determined in combination with the application requirement or the maximum number of devices that can be authenticated by the PCA 102.
The PCA 102 has a device capable of providing the client 101 with a function of anonymizing processing, generating and distributing keys, and distributing key calculation parameters. Alternatively, the PCA 102 may be a server, a terminal device, a tablet computer, a wearable device, or other devices with the above functions, which is not limited in this embodiment of the present application, and in practical application, the implementation form of the PCA 102 may be determined in conjunction with an application scenario.
The server 103 can provide services or information to the client 101, e.g., the server 103 is a sensor node device for collecting sensor data. Alternatively, the server 103 may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
In one possible implementation, the client 101, PCA 102 and server 103 may be directly or indirectly connected through wired or wireless communication, which is not limited herein. Illustratively, as shown in fig. 1, the client 101 is connected to the PCA 102 and the client 101 is connected to the server 103 by wireless communication, and the PCA 102 is connected to the server 103 by wired communication.
The application scenario of the method includes, but is not limited to, when the client 101 needs to access the server 103, the client 101 performs user registration with the PCA 102, the PCA 102 calculates a shared key and anonymous identity information for the client 101, the PCA 102 generates public parameters related to key agreement, and the PCA 102 sends the shared key, the anonymous identity information, and the public parameters to the client 101 and the server 103. After that, the client 101 and the server 103 complete mutual authentication and negotiate a common session key according to the acquired shared key and anonymous identity information, and the subsequent client 101 and the server 103 encrypt the transmitted data through the session key to prevent eavesdropping, thereby improving the communication security.
Based on the implementation environment shown in fig. 1, an embodiment of the present application provides a key negotiation method, as shown in fig. 2, including the following steps 201-207.
In step 201, the client sends the identity information and key calculation parameters of the client to the PCA.
In the embodiment of the application, before the client negotiates the key with the server, the client performs the user identity registration through PCA. Optionally, the client acquires the identity information of the client and a key calculation parameter corresponding to the client, and sends the acquired identity information and the key calculation parameter to the PCA to realize user identity registration of the client.
The identity information of the client includes, but is not limited to, information such as vendor name, device name, product serial number, etc. of the client, and the embodiment of the present application does not limit the content of the identity information of the client, and can uniquely identify the client. Optionally, the key calculation parameter includes a random number, which may be preset by the client or updated in real time, which is not limited in the embodiment of the present application.
In one possible implementation manner, a wireless secure channel is established between the PCA and the client, alternatively, the secure channel between the PCA and the client may be a secure socket layer (Secure Socket Layer, SSL), and then the PCA and the client communicate through SSL, so as to ensure the security of the transmitted data.
Step 202, PCA obtains the shared key and anonymous identity information of the client according to the identity information and the key calculation parameter.
In one possible implementation, after the PCA receives the identity information and the key calculation parameters of the client, the PCA obtains the shared key and the anonymous identity information of the client according to the identity information and the key calculation parameters of the client. Because the identity information of the client is used for uniquely identifying the client, a one-to-one correspondence exists between the identity information of the client and the shared key, and a one-to-one correspondence also exists between the identity information of the client and the anonymous identity information.
In one possible implementation, before the PCA obtains the shared key and anonymous identity information of the client from the identity information and the key calculation parameters, the method further includes: a root key and a public parameter set are obtained. Wherein the public parameter set comprises a base parameter, a first one-way hash function, a second one-way hash function, a third one-way hash function, a fourth one-way hash function and a message authentication code; the public parameter set is sent to the client and the server. Wherein the message authentication code is used to check the integrity of the message and verify the identity of the source of the message
The root key includes a random number, which may be preset by the client or updated in real time, which is not limited in the embodiment of the present application. The basic parameters include a base point, which may be any point on a reference elliptic curve, which may be any elliptic curve on a reference prime number domain, and the selection of the reference prime number domain is not limited in the embodiment of the present application, and may be set empirically or flexibly adjusted according to application, for example, the reference prime number domain is a prime number domain F with order p q
Wherein the first one-way hash function, the second one-way hash function, the third one-way hash function, and the fourth one-way hash function are four mutually different one-way hash functions, each one-way hash function being used to generate a hash value from the input message. The embodiment of the present application does not limit the selection of the one-way hash function, and the one-way hash function may be an MD5 (Message Digest Algorithm ) function, an SHA (Secure Hash Algorithm, secure hash algorithm) function, or a CRC (Cyclic Redundancy Check, cyclic redundancy check code) function, for example.
In one possible implementation, the PCA obtains a shared key and anonymous identity information of the client from the identity information and key calculation parameters, including: acquiring a shared key based on the identity information, the key calculation parameter, the root key, the base parameter and the first one-way hash function; anonymous identity information is obtained based on the identity information, the key calculation parameter and the second one-way hash function.
In one possible implementation, obtaining the shared key based on the identity information, the key calculation parameter, the root key, the base parameter, and the first one-way hash function includes: acquiring an identity hash value based on the identity information and the first one-way hash function; the shared key is obtained based on the key calculation parameter, the root key, the base parameter, and the identity hash value.
In one possible implementation, before the PCA returns the shared key and the anonymous identity information to the client, the PCA further includes: searching whether anonymous identity information is included in the database; responding to the anonymous identity information contained in the database, and sending acquisition failure information to the client; and storing the shared key, the anonymous identity information and the key calculation parameter into the database in response to the anonymous identity information not being included in the database. Optionally, after receiving the acquisition failure information, the client updates a key calculation parameter, and resends the identity information and the updated key calculation parameter to the PCA.
In step 203, the pca returns the shared key and the anonymous identity information to the client and sends the shared key, the anonymous identity information, and the key calculation parameters to the server.
In one possible implementation, the PCA obtains the shared key and the anonymous identity information of the client according to the identity information and the key calculation parameters, returns the shared key and the anonymous identity information to the client, and sends the shared key, the anonymous identity information and the key calculation parameters to the server.
In a possible implementation manner, the PCA and the server are connected in a wired manner, i.e. in a physical manner, so that the PCA can perform offline communication with the server, the transmission speed and the transmission efficiency of data between the PCA and the server are high, and most of attacks of the internet of things can be isolated by offline transmission, so that the security is high. In addition, a wireless safety channel is not required to be established between the PCA and the server, so that the resource consumption of the server and the PCA is reduced.
Therefore, the client and the server can acquire the shared secret key and the anonymous identity information of the client, and in the following secret key negotiation process, the client and the server interact based on the anonymous identity information, so that the server cannot acquire the identity information of the client, complete anonymity of the client to the server is realized, and the security of the network is enhanced. If an attacker exists in the network, the key negotiation process and the data transmission process are both based on anonymous identity information, so that the complete anonymity of the attacker is also realized.
In step 204, the client sends a first key agreement message to the server based on the shared key and the anonymous identity information.
In one possible implementation, the client sends a first key agreement message to the server based on the shared key and the anonymous identity information, including: acquiring a first private key, and acquiring a first public key based on the first private key and basic parameters; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; acquiring a first key negotiation message based on anonymous identity information, a first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting a message digest key; a first key agreement message is sent to a server. Wherein the first key agreement message includes anonymous identity information, a first public key, and a first message authentication code.
In one possible implementation manner, the first private key acquired by the client includes a random number, where the random number may be preset by the client or may be updated in real time, and this embodiment of the present application is not limited to this. Optionally, obtaining the first public key based on the first private key and the base parameter includes: and obtaining the product operation of the first private key and the basic parameter, and taking the result of the product operation as the first public key.
In one possible implementation, obtaining the message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function includes: obtaining a verification value based on the shared key and the first public key; a message digest key is obtained based on the anonymous identity information, the key calculation parameter, the first public key, the verification value, and a third one-way hash function. Optionally, obtaining the verification value based on the shared key and the first public key includes: and obtaining the addition operation of the shared key and the first public key, and taking the result of the addition operation as a check value.
In one possible implementation, obtaining the first key agreement message based on the anonymous identity information, the first public key, and the first message authentication code includes: encrypting the anonymous identity information and the first public key by using a message digest key to obtain a first message authentication code; the first key agreement message is obtained based on the anonymous identity information, the first public key and the first message authentication code.
In one possible implementation, the client obtains a current first timestamp of the client, obtains a first key agreement message based on anonymous identity information, a first public key, and a first message authentication code, including: encrypting the anonymous identity information, the first public key and the first timestamp by using a message digest key to obtain a first message authentication code; the first key agreement message is obtained based on the anonymous identity information, the first public key, the first timestamp and the first message authentication code. The message digest key is obtained based on anonymous identity information, a first timestamp, a key calculation parameter, a first public key, a check value and a third one-way hash function, and the first key negotiation message comprises the anonymous identity information, the first public key, the first timestamp and a first message authentication code.
In one possible implementation manner, after the client acquires the first key negotiation message, the first key negotiation message is sent to the server in an offline manner, so as to perform key negotiation with the server.
In step 205, the server obtains a session key based on the anonymous identity information, the shared key, the key calculation parameters, and the first key agreement message.
In this embodiment of the present application, after receiving the first key negotiation message, the server may verify the first key negotiation message according to the anonymous identity information, the shared key, and the key calculation parameter sent by the PCA that has been received, and further obtain the session key with the client based on the first key negotiation message.
In one possible implementation, obtaining a session key based on anonymous identity information, a shared key, key calculation parameters, and a first key agreement message includes: acquiring a second private key, and acquiring a second public key based on the second private key and basic parameters; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; checking the integrity of the first key agreement message according to the message digest key; and acquiring the session key based on the first public key, the second private key and the second public key in response to the first key agreement message being complete.
The second private key acquired by the server includes a random number, where the random number may be preset by the server or may be updated in real time. Optionally, obtaining the second public key based on the second private key and the base parameter includes: and obtaining the product operation of the second private key and the basic parameter, and taking the result of the product operation as the second public key.
In one possible implementation, obtaining the message digest key based on the anonymous identity information, the shared key, the key calculation parameter, the first public key, and the third one-way hash function includes: obtaining a verification value based on the shared key and the first public key; a message digest key is obtained based on the anonymous identity information, the key calculation parameter, the first public key, the verification value, and a third one-way hash function. Optionally, obtaining the verification value based on the shared key and the first public key includes: and obtaining the addition operation of the shared key and the first public key, and taking the result of the addition operation as a check value.
In one possible implementation, verifying the integrity of the first key agreement message from the message digest key includes: analyzing the first message authentication code according to the message digest key, and if the message obtained by analyzing the first message authentication code is different from the message except the first message authentication code included in the first key negotiation message, the first key negotiation message is incomplete; if the message obtained by analyzing the first message authentication code is the same as the message except the first message authentication code included in the first key negotiation message, the first key negotiation message is complete.
In one possible implementation, obtaining the session key based on the first public key, the second private key, and the second public key includes: acquiring a verification value based on the first public key and the second private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In one possible implementation, the first key agreement message includes anonymous identity information, a first public key, a first timestamp, and a first message authentication code, the server obtains a second timestamp when the first key agreement message is received by the server, and the time validity of the first key agreement message is determined based on the first timestamp and the second timestamp.
In one possible implementation, determining the time validity of the first key agreement message based on the first timestamp and the second timestamp includes: calculating a time difference value between the first time stamp and the second time stamp; determining that the first key agreement message is invalid in response to the time difference exceeding the reference time difference; the first key agreement message is determined to be valid in response to the time difference not exceeding the reference time difference. The reference time difference can be set empirically or flexibly adjusted according to the application scenario, for example, the reference time difference is 1 second.
By the method, the time interval between the first key negotiation message received by the server and the first key negotiation message sent by the client can be determined, the first key negotiation message with longer interval is determined to be invalid information, and the server directly discards the first key negotiation message. Because the first key negotiation message transmitted to the server is transmitted at a longer time interval, the possibility of unsafe exists, and the network security can be improved by not processing the first key negotiation message.
In one possible implementation, obtaining the session key based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function includes: the server acquires a current third timestamp of the server; the session key is obtained based on the anonymous identity information, the first timestamp, the third timestamp, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
The server sends a second key agreement message to the client, step 206.
After the server obtains the session key based on the anonymous identity information, the shared key, the key calculation parameter and the first key negotiation message, a second key negotiation message is obtained in a similar manner to the first key negotiation message obtained by the client, and the second key negotiation message is sent to the client, so that the client obtains the same session key according to the second key negotiation message.
In one possible implementation, the server sends a second key agreement message to the client, including: the server obtains a second key negotiation message based on the anonymous identity information, the third timestamp, the second public key and a second message authentication code, wherein the second message authentication code is obtained by encrypting a message digest key; and sending a second key negotiation message to the client. Wherein the second key agreement message includes anonymous identity information, a third timestamp, a second public key, and a second message authentication code.
In step 207, the client obtains the session key according to the second key agreement message.
After the client receives the second key negotiation message sent by the server, the client can acquire the session key with the server according to the second key negotiation message. In the embodiment of the present application, the manner in which the client obtains the session key is similar to the manner in which the server obtains the session key.
In one possible implementation, the client obtains the session key according to the second key negotiation message, including: checking the integrity of the second key agreement message according to the message digest key; and obtaining the session key based on the first private key, the first public key and the second public key in response to the second key agreement message being complete.
In one possible implementation, obtaining the session key based on the first private key, the first public key, and the second public key includes: acquiring a verification value based on the second public key and the first private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In one possible implementation, the second key agreement message includes anonymous identity information, a third timestamp, a second public key, and a second message authentication code, and the client obtains the session key according to the second key agreement message, including: checking the integrity of the second key agreement message according to the message digest key; responding to the completeness of the second key negotiation message, and acquiring a verification value based on the second public key and the first private key; the session key is obtained based on the anonymous identity information, the first timestamp, the third timestamp, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
For ease of understanding, a key negotiation method provided in an embodiment of the present application is illustrated in conjunction with fig. 3, and includes the following five stages.
System initialization parameter phase
In the system initialization parameter phase, the PCA generates system setup parameters as follows:
First, PCA is in prime F domain q An elliptic curve E is selected from the upper part, and an n-order base point P (P E (F) q ) A base point P as a base parameter). PCA selects 4 mutually different one-way hash functions H 1 ,H 2 ,H 3 ,H 4 Message authentication code MAC k (m) selecting a root key x. Where the root key x may be a random number in a positive integer set, the message authentication code is used to check the integrity of the message and verify the identity of the source of the message. The manner in which the PCA selects the above parameters is not limited in the embodiments of the present application, and the PCA may randomly select the above parameters, or may select the above parameters according to a certain rule or empirically.
At PCA selection base point P (P ε E (F) q ) A one-way hash function H) 1 ,H 2 ,H 3 ,H 4 Message authentication code MAC k (m) and root key x, PCA is calculated based on base point P and root key x according to the following equation (1)Calculating public key P s
P S =xP (1)
Thus, PCA yields a set of parameters comprising: base point P (P.epsilon.E (F) q ) A one-way hash function H) 1 ,H 2 ,H 3 ,H 4 Message authentication code MAC k (m), root key x and public key P s . The PCA will save the root key x in the PCA and send it to client C i Devices connected to server S and other PCAs disclose the following public parameter sets { E (F) q ),P,P s ,H 1 ,H 2 ,H 3 ,H 4 ,MAC k (m) }. That is, PCA will disclose the parameter set { E (F q ),P,P s ,H 1 ,H 2 ,H 3 ,H 4 ,MAC k (m) } is sent to PCA client C i And a server S, so that client C i And the server S can use the parameter values to ensure the client C i The same as the above-mentioned parameter values used by the server S. Thus, client C in the embodiments of the present application i Can acquire the acquisition parameters { E (F q ),P,P s ,H 1 ,H 2 ,H 3 ,H 4 ,MAC k (m)}。
(II) user identity registration phase
During the user identity registration phase, see (1) and (2) in fig. 3, client C i Identity information of clientKey calculation parameter->Sent to PCA, optionally key calculation parameter +.>Is a random number->PCA is according to the following formula(2) Calculating an identity hash value +.>
Calculating the shared key of the client according to the following formula (3)
Calculating anonymous identity information of the client according to the following formula (4)
Wherein,representing the exclusive or operation in the logical operation, |is the or operation in the logical operation.
In one possible implementation, the shared key of the client is calculated by the above formulas (3) and (4)Anonymous identity information with client->After that, PCA searches anonymous identity information registered by other clients stored in PCA database, and determines anonymous identity information of the calculated client>Whether or not to conflict with anonymous identity information registered by other clients.
If anonymous identity information of a clientConflict with anonymous identity information registered by other clients, representing the +.>Having been registered by other clients, PCA informs client C i Re-registration is performed. Anonymous identity information of the client>Does not conflict with anonymous identity information registered by other clients, representing the +.>Not registered by other clients, at this time PCA will random number +.>Identity information of client->And anonymous identity information of the client +.>Stored in the database of the PCA. />
(III) PCA distribution key related information stage
In the PCA distributing key-related information phase, see (3) in fig. 3, the PCA transmits key-related information generated in the user identity registration phase to the client and the server. In one possible implementation, the PCA is physically connected to the server S, that is, the PCA and the server S can transmit information offline, and the PCA and the client Ci are connected through a wireless secure channel.
In one possible implementation, the PCA uses the client's shared key offlineAnonymous identity information of client->And random number->Sending to server S, PCA sends shared key of client through secure channel SSLAnd anonymous identity information of the client +. >Returning to client C i
(IV) session Key negotiation phase
In the session key negotiation phase, see (4) - (6) in fig. 3, the server S and the client C i Negotiating after two mutual authentications to generate a client C i Is used for the session key of (a).
In one possible implementation, client C i Generating a random numberThe generated random numberAs client C i Is->Wherein (1)>Represents a positive integer set, random number +.>Is any positive integer. The client C is calculated according to the following formula (5) i Is defined by a first public key R:
in one possible implementation, the shared key based on the first public key R and the clientA test value R' may be obtained. Since the first public key R is a public key, after the receiving party receives the check value R', if the receiving party also has a shared key +.>Then the receiver is based on the public first public key R and the shared key owned by the receiver +.>A verification value may also be obtained. If the verification value calculated by the receiving party is equal to the received verification value R', the two parties are provided with the same shared secret key, so that the identity authentication of the two parties can be realized.
Optionally, client C i The test value R' is calculated according to the following formula (6):
In one possible implementation, client C i Recording client C i Current time stampTimestamp->For verification ofValidity of the message. Optionally, client C i Based on timestamp->Anonymous identity information as described above>First public key R, check value R', key calculation parameter +.>A message digest key k is obtained, and the first message authentication code (Message Authentication Code, MAC) is encrypted using the message digest key k.
Illustratively, the message digest key k is calculated according to the following equation (7):
in one possible implementation, a first message authentication code encrypted based on a message digest key k is obtainedThereby, client C i Can be based on the first message authentication code MAC k Generating key agreement messagesWherein the key agreement message M 1 Including anonymous identity information->Timestamp->First public key R and message authentication code +.>The key agreement message M 1 Is sent to the clothingAnd a server S.
In one possible implementation, the server S receives the key agreement message M 1 After that, the server S passesChecking anonymous identity information +.>Is of the authenticity and key agreement message M 1 Validity of the timestamp. Wherein T' is the receipt of the key agreement message M by the server S 1 Time stamp of time.
The time difference Δt may be set empirically, or flexibly adjusted according to the application scenario, for example, the time difference Δt is 1 second. Alternatively, if not satisfiedIndicating transmission of key agreement message M 1 Receiving key agreement message M 1 If the time difference of (2) is not within the valid period, the key agreement message M is proved 1 Invalid, the server S terminates the current session; if it meetsIndicating transmission of key agreement message M 1 Receiving key agreement message M 1 If the time difference of (a) is within the validity period, the key agreement message M is proved 1 If it is valid, the server S continues to verify the key agreement message M 1 Is described herein).
In one possible implementation, the key agreement message M is responded to 1 If it is valid, the server S calculates the check value R' according to the above formula (6), if the server S owns the client C i Is a shared key of (2)The server S calculates the check value R' and the client C i The calculated test values R' are equal. Thus, the server S can calculate the message digest key k according to the above formula (7).
In one possible embodiment, the server S is able to verify the first message authentication code from the calculated message digest key kThat is to say, checking the message data decrypted on the basis of the message digest key k +. >And whether the received message data is the same. Optionally, if decrypted based on message digest key kUnlike the received message data, e.g. the received message data is +>Proving that the message is incomplete, that is to say, the content of the message is changed in the transmission process, the server S terminates the current session; if the message data decrypted according to the message digest key k is +.>Is the same as the received message data is +>The server S continues to obtain the session key if the message is proved to be complete.
In one possible implementation, the server S generates a random numberThe generated random number r S As a second private key of the server S, wherein (1)>Representing a positive integer set, a random number r S Is any positive integer. The second public key Q of the server S is calculated according to the following formula (8):
Q=r S ×P (8)
the second verification value Q' of the server S is calculated according to the following formula (9):
Q′=R×r S (9)
in a possible embodiment, the server S records the current timestamp T of the server S S And calculates the server S and the client C according to the following formula (10) i Is used for the session key sk:
in a possible embodiment, after the server S obtains the session key sk, the server S encrypts the second message authentication code MAC based on the message digest key k k Thereby, the server S generates a key agreement messageWherein the key agreement message M2 comprises anonymous identity information +.>Time stamp T S Second public key Q and second message authentication code +.>The key agreement message M 2 Sent to client C i
In one possible implementation, client C i Receiving key agreement message M 2 After that, client C i Checking the first message authentication code with the server SChecking the second message authentication code +.>Is described herein). Authenticating the code in response to the second message>Is complete, client C i According to key agreement message M 2 The second public key Q and the first private key +.>The second verification value Q' is calculated according to the following formula (11):
thereby, client C i Obtain the time stamp T S The second public key Q and the second verification value Q', and the client C i The server S and the client C can be calculated according to the above formula (10) i Is provided).
After the session key negotiation phase is completed, the server S and the client C i Together negotiating a session key sk, followed by server S and client C i In the session process of the system, the session key sk encrypts and decrypts the transmission data, so that the communication security of both parties of the session is ensured.
Fifth, message digest key update phase
In the message digest key updating stage, since the message digest key k is based on the key calculation parametersObtained, and Key calculation parameter->By client C i Generated by client C i Sending to PCA, then sending to server S by PCA, and then client C i And the server S can calculate the parameter based on the key +.>A message digest key k is calculated.
In one possible implementation, client C, if to update message digest key k i Updating a key calculation parameterThe updated key calculation parameter +.>Sending to PCA, PCA then sends the updated key calculation parameters->Synchronization to the server S, whereby updating of the message digest key can be achieved.
According to the key negotiation method provided by the embodiment of the application, the client and the server acquire the shared key and the anonymous identity information of the client through PCA, so that the calculation consumption of the server is reduced, the server does not receive the identity information of the client, the complete anonymity of the client to the server is realized, and the security of a network is improved.
Referring to fig. 4, an embodiment of the present application provides a key negotiation apparatus, including:
a first sending module 401, configured to send, to the PCA, identity information and key calculation parameters of the client, where the identity information and key calculation parameters are used by the PCA to obtain and return a shared key and anonymous identity information of the client;
A second sending module 402, configured to receive the shared key and the anonymous identity information returned by the PCA, send a first key negotiation message to the server based on the shared key and the anonymous identity information, where the first key negotiation message is used for the server to obtain a session key;
the obtaining module 403 is configured to receive a second key negotiation message sent by the server, and obtain a session key according to the second key negotiation message.
In one possible implementation, the second transmitting module 402 is configured to receive the base parameter of the PCA transmission and a third one-way hash function, and the third one-way hash function is configured to generate a hash value from the input message; acquiring a first private key, and acquiring a first public key based on the first private key and basic parameters; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; acquiring a first key negotiation message based on anonymous identity information, a first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting a message digest key, and the first key negotiation message comprises the anonymous identity information, the first public key and the first message authentication code; a first key agreement message is sent to a server.
In one possible implementation, the second key agreement message includes a second public key and a second message authentication code, the second message authentication code being encrypted by a message digest key;
an obtaining module 403, configured to verify the integrity of the second key negotiation message according to the message digest key; and obtaining the session key based on the first private key, the first public key and the second public key in response to the second key agreement message being complete.
In one possible implementation, the obtaining module 403 is configured to receive a fourth one-way hash function sent by the PCA; acquiring a verification value based on the second public key and the first private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
Referring to fig. 5, an embodiment of the present application provides a key negotiation apparatus, including:
a receiving module 501, configured to receive identity information and key calculation parameters sent by a client;
the obtaining module 502 is configured to obtain a shared key and anonymous identity information of the client according to the identity information and the key calculation parameter;
and the return module 503 is configured to return the shared key and the anonymous identity information to the client, and send the shared key, the anonymous identity information and the key calculation parameter to the server.
In a possible implementation manner, the obtaining module 502 is further configured to obtain a public parameter set, where the public parameter set includes a base parameter, a first one-way hash function, a second one-way hash function, a third one-way hash function, a fourth one-way hash function, and a message authentication code, and the first one-way hash function, the second one-way hash function, the third one-way hash function, and the fourth one-way hash function are used to generate a hash value for an input message, and the message authentication code is used to check the integrity of the message and verify the identity of the source of the message; and sending the public parameter set to the client and the server.
In one possible implementation, the obtaining module 502 is configured to obtain a root key; acquiring a shared key based on the identity information, the key calculation parameter, the root key, the base parameter and the first one-way hash function; anonymous identity information is obtained based on the identity information, the key calculation parameter and the second one-way hash function.
In one possible embodiment, the apparatus further comprises:
the checking module is used for searching whether the database comprises anonymous identity information; responding to the anonymous identity information contained in the database, sending acquisition failure information to the client, wherein the acquisition failure information is used for indicating the client to update the key calculation parameters, and retransmitting the identity information and the updated key calculation parameters; and storing the shared key, the anonymous identity information and the key calculation parameter into the database in response to the anonymous identity information not being included in the database.
Referring to fig. 6, an embodiment of the present application provides a key negotiation apparatus, including:
the receiving module 601 is configured to receive a shared key, anonymous identity information, and a key calculation parameter of a client sent by a PCA;
an obtaining module 602, configured to receive a first key negotiation message sent by a client, and obtain a session key based on anonymous identity information, a shared key, a key calculation parameter, and the first key negotiation message;
a sending module 603, configured to send a second key negotiation message to the client, where the second key negotiation message is used for the client to obtain the session key.
In one possible implementation, the first key agreement message includes anonymous identity information of the client, a first public key, and a first message authentication code, the first message authentication code being encrypted by a message digest key;
an acquisition module 602 configured to receive a third one-way hash function sent by the PCA, the third one-way hash function being configured to generate a hash value for the input message; acquiring a second private key, and acquiring a second public key based on the second private key and basic parameters; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; checking the integrity of the first key agreement message according to the message digest key; and acquiring the session key based on the first public key, the second private key and the second public key in response to the first key agreement message being complete.
In one possible implementation, the obtaining module 602 is configured to receive a fourth one-way hash function sent by the PCA; acquiring a verification value based on the first public key and the second private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
In a possible implementation manner, the sending module 603 is configured to obtain a second key negotiation message based on the anonymous identity information, a second public key and a second message authentication code, where the second message authentication code is obtained by encrypting a message digest key, and the second key negotiation message includes the anonymous identity information, the second public key and the second message authentication code; and sending a second key negotiation message to the client.
It should be understood that, in implementing the functions of the apparatus provided in the foregoing embodiments, only the division of the foregoing functional modules is illustrated, and in practical applications, the foregoing functional allocation may be implemented by different functional modules, that is, the internal structure of the device is divided into different functional modules, so as to implement all or part of the functions described above. In addition, the apparatus and the method embodiments provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the apparatus and the method embodiments are detailed in the method embodiments and are not repeated herein.
Referring to fig. 7, a schematic structural diagram of a computer device according to an embodiment of the present application is shown. The computer device may be a terminal, for example: smart phones, tablet computers, vehicle terminals, notebook computers or desktop computers. Terminals may also be referred to by other names as user equipment, portable terminals, laptop terminals, desktop terminals, etc.
Generally, the terminal includes: a processor 701 and a memory 702.
Processor 701 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 701 may be implemented in at least one hardware form of DSP (Digital Signal Processing ), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array ). The processor 701 may also include a main processor, which is a processor for processing data in an awake state, also referred to as a CPU (Central Processing Unit ); a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 701 may be integrated with a GPU (Graphics Processing Unit, image processor) for taking care of rendering and drawing of content that the display screen is required to display. In some embodiments, the processor 701 may also include an AI (Artificial Intelligence ) processor for processing computing operations related to machine learning.
Memory 702 may include one or more computer-readable storage media, which may be non-transitory. The memory 702 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 702 is used to store at least one instruction for execution by processor 701 to implement the key agreement method provided by the method embodiments in the present application.
In some embodiments, the terminal may further optionally include: a peripheral interface 703 and at least one peripheral. The processor 701, the memory 702, and the peripheral interface 703 may be connected by a bus or signal lines. The individual peripheral devices may be connected to the peripheral device interface 703 via buses, signal lines or a circuit board. Specifically, the peripheral device includes: at least one of radio frequency circuitry 704, a display 705, a camera assembly 706, audio circuitry 707, a positioning assembly 708, and a power supply 709.
A peripheral interface 703 may be used to connect I/O (Input/Output) related at least one peripheral device to the processor 701 and memory 702. In some embodiments, the processor 701, memory 702, and peripheral interface 703 are integrated on the same chip or circuit board; in some other embodiments, either or both of the processor 701, the memory 702, and the peripheral interface 703 may be implemented on separate chips or circuit boards, which is not limited in this embodiment.
The Radio Frequency circuit 704 is configured to receive and transmit RF (Radio Frequency) signals, also referred to as electromagnetic signals. The radio frequency circuitry 704 communicates with a communication network and other communication devices via electromagnetic signals. The radio frequency circuit 704 converts an electrical signal into an electromagnetic signal for transmission, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 704 includes: antenna systems, RF transceivers, one or more amplifiers, tuners, oscillators, digital signal processors, codec chipsets, subscriber identity module cards, and so forth. The radio frequency circuitry 704 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocol includes, but is not limited to: metropolitan area networks, various generations of mobile communication networks (2G, 3G, 4G, and 5G), wireless local area networks, and/or WiFi networks. In some embodiments, the radio frequency circuitry 704 may also include NFC (Near Field Communication ) related circuitry, which is not limited in this application.
The display screen 705 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display 705 is a touch display, the display 705 also has the ability to collect touch signals at or above the surface of the display 705. The touch signal may be input to the processor 701 as a control signal for processing. At this time, the display 705 may also be used to provide virtual buttons and/or virtual keyboards, also referred to as soft buttons and/or soft keyboards. In some embodiments, the display 705 may be one, disposed on the front panel of the terminal; in other embodiments, the display 705 may be at least two, respectively disposed on different surfaces of the terminal or in a folded design; in still other embodiments, the display 705 may be a flexible display disposed on a curved surface or a folded surface of the terminal. Even more, the display 705 may be arranged in a non-rectangular irregular pattern, i.e. a shaped screen. The display 705 may be made of LCD (Liquid Crystal Display ), OLED (Organic Light-Emitting Diode) or other materials.
The camera assembly 706 is used to capture images or video. Optionally, the camera assembly 706 includes a front camera and a rear camera. Typically, the front camera is disposed on the front panel of the terminal and the rear camera is disposed on the rear surface of the terminal. In some embodiments, the at least two rear cameras are any one of a main camera, a depth camera, a wide-angle camera and a tele camera, so as to realize that the main camera and the depth camera are fused to realize a background blurring function, and the main camera and the wide-angle camera are fused to realize a panoramic shooting and Virtual Reality (VR) shooting function or other fusion shooting functions. In some embodiments, camera assembly 706 may also include a flash. The flash lamp can be a single-color temperature flash lamp or a double-color temperature flash lamp. The dual-color temperature flash lamp refers to a combination of a warm light flash lamp and a cold light flash lamp, and can be used for light compensation under different color temperatures.
The audio circuit 707 may include a microphone and a speaker. The microphone is used for collecting sound waves of users and environments, converting the sound waves into electric signals, and inputting the electric signals to the processor 701 for processing, or inputting the electric signals to the radio frequency circuit 704 for voice communication. For the purpose of stereo acquisition or noise reduction, a plurality of microphones can be respectively arranged at different parts of the terminal. The microphone may also be an array microphone or an omni-directional pickup microphone. The speaker is used to convert electrical signals from the processor 701 or the radio frequency circuit 704 into sound waves. The speaker may be a conventional thin film speaker or a piezoelectric ceramic speaker. When the speaker is a piezoelectric ceramic speaker, not only the electric signal can be converted into a sound wave audible to humans, but also the electric signal can be converted into a sound wave inaudible to humans for ranging and other purposes. In some embodiments, the audio circuit 707 may also include a headphone jack.
The location component 708 is operative to locate a current geographic location of the terminal to enable navigation or LBS (Location Based Service, location-based services). The positioning component 708 may be a positioning component based on the United states GPS (Global Positioning System ), the Beidou system of China, the Granati system of Russia, or the Galileo system of the European Union.
The power supply 709 is used to power the various components in the terminal. The power supply 709 may be an alternating current, a direct current, a disposable battery, or a rechargeable battery. When the power supply 709 includes a rechargeable battery, the rechargeable battery may support wired or wireless charging. The rechargeable battery may also be used to support fast charge technology.
In some embodiments, the terminal further includes one or more sensors 710. The one or more sensors 710 include, but are not limited to: acceleration sensor 711, gyroscope sensor 712, pressure sensor 713, fingerprint sensor 714, optical sensor 715, and proximity sensor 716.
The acceleration sensor 711 can detect the magnitudes of accelerations on three coordinate axes of a coordinate system established with the terminal. For example, the acceleration sensor 711 may be used to detect the components of the gravitational acceleration in three coordinate axes. The processor 701 may control the display screen 705 to display a user interface in a landscape view or a portrait view based on the gravitational acceleration signal acquired by the acceleration sensor 711. The acceleration sensor 711 may also be used for the acquisition of motion data of a game or a user.
The gyro sensor 712 may detect a body direction and a rotation angle of the terminal, and the gyro sensor 712 may collect a 3D motion of the user to the terminal in cooperation with the acceleration sensor 711. The processor 701 may implement the following functions based on the data collected by the gyro sensor 712: motion sensing (e.g., changing UI according to a tilting operation by a user), image stabilization at shooting, game control, and inertial navigation.
The pressure sensor 713 may be disposed at a side frame of the terminal and/or at a lower layer of the display screen 705. When the pressure sensor 713 is disposed at a side frame of the terminal, a grip signal of the terminal by a user may be detected, and the processor 701 performs left-right hand recognition or quick operation according to the grip signal collected by the pressure sensor 713. When the pressure sensor 713 is disposed at the lower layer of the display screen 705, the processor 701 controls the operability control on the UI interface according to the pressure operation of the user on the display screen 705. The operability controls include at least one of a button control, a scroll bar control, an icon control, and a menu control.
The fingerprint sensor 714 is used to collect a fingerprint of the user, and the processor 701 identifies the identity of the user according to the fingerprint collected by the fingerprint sensor 714, or the fingerprint sensor 714 identifies the identity of the user according to the collected fingerprint. Upon recognizing that the user's identity is a trusted identity, the user is authorized by the processor 701 to perform related sensitive operations including unlocking the screen, viewing key generation information, downloading software, paying for and changing settings, etc. The fingerprint sensor 714 may be provided on the front, back or side of the terminal. When a physical key or vendor Logo is provided on the terminal, the fingerprint sensor 714 may be integrated with the physical key or vendor Logo.
The optical sensor 715 is used to collect the ambient light intensity. In one embodiment, the processor 701 may control the display brightness of the display screen 705 based on the ambient light intensity collected by the optical sensor 715. Specifically, when the intensity of the ambient light is high, the display brightness of the display screen 705 is turned up; when the ambient light intensity is low, the display brightness of the display screen 705 is turned down. In another embodiment, the processor 701 may also dynamically adjust the shooting parameters of the camera assembly 706 based on the ambient light intensity collected by the optical sensor 715.
A proximity sensor 716, also referred to as a distance sensor, is typically provided on the front panel of the terminal. The proximity sensor 716 is used to collect the distance between the user and the front face of the terminal. In one embodiment, when the proximity sensor 716 detects that the distance between the user and the front face of the terminal gradually decreases, the processor 701 controls the display 705 to switch from the bright screen state to the off screen state; when the proximity sensor 716 detects that the distance between the user and the front surface of the terminal gradually increases, the processor 701 controls the display screen 705 to switch from the off-screen state to the on-screen state.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is not limiting of the computer device and may include more or fewer components than shown, or may combine certain components, or employ a different arrangement of components.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a server provided in the embodiment of the present application, where the server 800 may have a relatively large difference due to different configurations or performances, and may include one or more processors (Central Processing Units, CPU) 801 and one or more memories 802, where at least one program instruction is stored in the one or more memories 802, and the at least one program instruction is loaded and executed by the one or more processors 801 to implement the key negotiation method provided in the foregoing method embodiments. Of course, the server 800 may also have a wired or wireless network interface, a keyboard, an input/output interface, and other components for implementing the functions of the device, which are not described herein.
Based on the computer device shown in fig. 7 and the server shown in fig. 8, the embodiment of the application also provides a key negotiation system, which includes a client, a PCA and a server. Alternatively, the terminal and PCA are computer devices as shown in fig. 7, and the server is a server as shown in fig. 8. The key negotiation method performed by the client, PCA and server may be referred to the above description of the embodiment shown in fig. 2, and will not be described herein.
In an exemplary embodiment, a computer device is also provided that includes a processor and a memory having at least one program code stored therein. The at least one program code is loaded into and executed by one or more processors to cause a computer device to implement any of the key agreement methods described above.
In an exemplary embodiment, there is also provided a computer-readable storage medium having stored therein at least one program code loaded and executed by a processor of a computer device to cause the computer to implement any of the key agreement methods described above.
Alternatively, the above-mentioned computer readable storage medium may be a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Read-Only optical disk (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, a computer program product or a computer program is also provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions to cause the computer device to perform any of the key agreement methods described above.
The foregoing description of the preferred embodiments is merely exemplary in nature and is in no way intended to limit the invention, since it is intended that all modifications, equivalents, improvements, etc. that fall within the spirit and scope of the invention.

Claims (9)

1. A method of key agreement, the method comprising:
the method comprises the steps that identity information and key calculation parameters of a client are sent to a personal authentication mechanism PCA, the identity information and the key calculation parameters are used for the PCA to acquire a shared key and anonymous identity information of the client, the shared key and the anonymous identity information of the client are sent to the client, and the shared key, the anonymous identity information and the key calculation parameters are sent to a server;
receiving the shared key and the anonymous identity information returned by the PCA, and receiving a public parameter set sent by the PCA, wherein the public parameter set comprises a basic parameter and a third one-way hash function, and the third one-way hash function is used for generating a hash value of an input message;
acquiring a first private key, and acquiring a first public key based on the first private key and the basic parameter; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; acquiring a first key negotiation message based on the anonymous identity information, the first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting the message digest key, and the first key negotiation message comprises the anonymous identity information, the first public key and the first message authentication code; sending the first key negotiation message to the server, wherein the first key negotiation message is used for the server to acquire a session key;
And receiving a second key negotiation message sent by the server, and acquiring the session key according to the second key negotiation message.
2. The method of claim 1, wherein the public parameter set further comprises a fourth one-way hash function for generating a hash value from the input message, the second key agreement message comprising a second public key and a second message authentication code, the second message authentication code being encrypted by the message digest key;
the obtaining the session key according to the second key negotiation message includes:
checking the integrity of the second key agreement message according to the message digest key;
responding to the second key negotiation message integrity, and acquiring a verification value based on the second public key and the first private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
3. A method of key agreement, the method comprising:
receiving identity information and key calculation parameters sent by a client;
acquiring a shared key and anonymous identity information of the client according to the identity information and the key calculation parameter;
Returning the shared key and the anonymous identity information to the client, and sending the shared key, the anonymous identity information and the key calculation parameter to a server;
sending a public parameter set to the client, wherein the public parameter set comprises a basic parameter and a third one-way hash function, the third one-way hash function is used for generating a hash value from an input message to the server, the shared key, the anonymous identity information, the basic parameter and the third one-way hash function are used for sending a first key negotiation message to the server by the client, and the first key negotiation message is used for the server to acquire a session key; the method for the client to acquire the first key negotiation message includes: acquiring a first private key, and acquiring a first public key based on the first private key and the basic parameter; obtaining a message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; and acquiring the first key negotiation message based on the anonymous identity information, the first public key and a first message authentication code, wherein the first message authentication code is obtained by encrypting the message digest key, and the first key negotiation message comprises the anonymous identity information, the first public key and the first message authentication code.
4. The method of claim 3, wherein prior to obtaining the shared key and anonymous identity information for the client based on the identity information and the key calculation parameters, further comprising:
obtaining a public parameter set, wherein the public parameter set further comprises a first one-way hash function and a second one-way hash function, and the first one-way hash function and the second one-way hash function are used for generating hash values for input messages;
the step of obtaining the shared key and the anonymous identity information of the client according to the identity information and the key calculation parameter includes:
acquiring a root key;
acquiring the shared key based on the identity information, the key calculation parameter, the root key, the base parameter and the first one-way hash function;
and acquiring the anonymous identity information based on the identity information, the key calculation parameter and the second one-way hash function.
5. The method according to claim 3 or 4, wherein the public parameter set further comprises a fourth one-way hash function, the fourth one-way hash function being used for the client to receive a second key agreement message sent by the server, the second key agreement message comprising a second public key and a second message authentication code, the second message authentication code being obtained by encryption of the message digest key; checking the integrity of the second key negotiation message according to the message digest key, and acquiring a verification value based on the second public key and the first private key in response to the second key negotiation message being complete; obtaining the session key based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function;
The method further comprises the steps of:
the public parameter set is sent to the server, the public parameter set is used for receiving a first key negotiation message sent by the client, the first key negotiation message comprises anonymous identity information of the client, a first public key and a first message authentication code, and the first message authentication code is obtained by encrypting the message digest key; acquiring a second private key, and acquiring a second public key based on the second private key and the basic parameter; obtaining the message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function; checking the integrity of the first key agreement message according to the message digest key; responding to the completeness of the first key negotiation message, and acquiring a verification value based on the first public key and the second private key; the session key is obtained based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function.
6. The method according to any one of claims 3 or 4, wherein before said returning the shared key and the anonymous identity information to the client, the method further comprises:
Searching whether the anonymous identity information is included in a database;
responding to the anonymous identity information contained in the database, and sending acquisition failure information to the client, wherein the acquisition failure information is used for indicating the client to update key calculation parameters and resending the identity information and the updated key calculation parameters;
and storing the shared key, the anonymous identity information and the key calculation parameter into the database in response to the anonymous identity information not being included in the database.
7. A method of key agreement, the method comprising:
receiving a shared key, anonymous identity information and key calculation parameters of a client sent by a personal authentication mechanism PCA;
receiving a public parameter set sent by the PCA, wherein the public parameter set comprises a basic parameter, a third one-way hash function and a fourth one-way hash function, and the third one-way hash function and the fourth one-way hash function are used for generating hash values for input messages;
receiving a first key negotiation message sent by the client, wherein the first key negotiation message comprises anonymous identity information of the client, a first public key and a first message authentication code, and the first message authentication code is obtained by encrypting a message digest key;
Acquiring a second private key, and acquiring a second public key based on the second private key and the basic parameter;
obtaining the message digest key based on the anonymous identity information, the key calculation parameter, the shared key, the first public key, and the third one-way hash function;
checking the integrity of the first key agreement message according to the message digest key;
responding to the completeness of the first key negotiation message, and acquiring a verification value based on the first public key and the second private key; obtaining a session key based on the anonymous identity information, the first public key, the second public key, the authentication value, and the fourth one-way hash function;
and sending a second key negotiation message to the client, wherein the second key negotiation message is used for the client to acquire the session key.
8. A computer device, characterized in that it comprises a processor and a memory, in which at least one program code is stored, which is loaded and executed by the processor, to cause the computer device to implement the key agreement method according to claim 1 or 2, or the key agreement method according to any one of claims 3-6, or the key agreement method according to claim 7.
9. A computer-readable storage medium, wherein at least one program code is stored in the computer-readable storage medium, the at least one program code being loaded and executed by a processor to cause a computer to implement the key agreement method according to claim 1 or 2, or the key agreement method according to any one of claims 3-6, or the key agreement method according to claim 7.
CN202110932718.4A 2021-08-13 2021-08-13 Key agreement method, device and computer readable storage medium Active CN113852459B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110932718.4A CN113852459B (en) 2021-08-13 2021-08-13 Key agreement method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110932718.4A CN113852459B (en) 2021-08-13 2021-08-13 Key agreement method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN113852459A CN113852459A (en) 2021-12-28
CN113852459B true CN113852459B (en) 2024-03-19

Family

ID=78975373

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110932718.4A Active CN113852459B (en) 2021-08-13 2021-08-13 Key agreement method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN113852459B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244513B (en) * 2021-12-31 2024-02-09 日晷科技(上海)有限公司 Key negotiation method, device and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639329A (en) * 2015-02-02 2015-05-20 浙江大学 Method for mutual authentication of user identities based on elliptic curve passwords
CN105516201A (en) * 2016-01-20 2016-04-20 陕西师范大学 Lightweight anonymous authentication and key negotiation method in multi-server environment
CN106209369A (en) * 2016-07-01 2016-12-07 中国人民解放军国防科学技术大学 Single interactive authentication key agreement protocol of ID-based cryptosystem system
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol
WO2017202161A1 (en) * 2016-05-26 2017-11-30 中兴通讯股份有限公司 Certificateless two-party authenticated key agreement method, device, and data storage medium
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN109639412A (en) * 2018-12-05 2019-04-16 成都卫士通信息产业股份有限公司 A kind of communication means, system and electronic equipment and storage medium
CN110225023A (en) * 2019-06-06 2019-09-10 湖南大学 A kind of traceable anonymous authentication method and system
CN113014379A (en) * 2021-02-05 2021-06-22 南阳理工学院 Three-party authentication and key agreement method, system and computer storage medium supporting cross-cloud domain data sharing
CN113015159A (en) * 2019-12-03 2021-06-22 中国移动通信有限公司研究院 Initial security configuration method, security module and terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107040367B (en) * 2016-02-04 2020-11-20 宁波巨博信息科技有限公司 Method, device and system for session key negotiation
JP7136903B2 (en) * 2017-10-22 2022-09-13 エルジー エレクトロニクス インコーポレイティド Encryption method and system for managing digital certificates

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639329A (en) * 2015-02-02 2015-05-20 浙江大学 Method for mutual authentication of user identities based on elliptic curve passwords
CN105516201A (en) * 2016-01-20 2016-04-20 陕西师范大学 Lightweight anonymous authentication and key negotiation method in multi-server environment
WO2017202161A1 (en) * 2016-05-26 2017-11-30 中兴通讯股份有限公司 Certificateless two-party authenticated key agreement method, device, and data storage medium
CN106209369A (en) * 2016-07-01 2016-12-07 中国人民解放军国防科学技术大学 Single interactive authentication key agreement protocol of ID-based cryptosystem system
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN107360571A (en) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 Anonymity in a mobile network is mutually authenticated and key agreement protocol
CN109639412A (en) * 2018-12-05 2019-04-16 成都卫士通信息产业股份有限公司 A kind of communication means, system and electronic equipment and storage medium
CN110225023A (en) * 2019-06-06 2019-09-10 湖南大学 A kind of traceable anonymous authentication method and system
CN113015159A (en) * 2019-12-03 2021-06-22 中国移动通信有限公司研究院 Initial security configuration method, security module and terminal
CN113014379A (en) * 2021-02-05 2021-06-22 南阳理工学院 Three-party authentication and key agreement method, system and computer storage medium supporting cross-cloud domain data sharing

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Huawei, Hisilicon.S3-161760 "V2X security architecture based on the new security elements".3GPP tsg_sa\WG3_Security.2016,(第TSGS3_85_Santa_Cruz期),全文. *
匿名双向认证与密钥协商新协议;万仁福,李方伟,朱江;电子科技大学学报(第01期);全文 *
基于证书的改进ECDH双向认证及密钥协商协议;王新国;张兵;胡天军;万国根;;小型微型计算机系统(第12期);全文 *
无线网络中基于共享密钥的轻量级匿名认证协议;钟成;李兴华;宋园园;马建峰;;计算机学报(第05期);全文 *

Also Published As

Publication number Publication date
CN113852459A (en) 2021-12-28

Similar Documents

Publication Publication Date Title
JP6966572B2 (en) Signature generation method, electronic devices and storage media
ES2836114T3 (en) Information sending method, information reception method, device and system
WO2020143414A1 (en) Wireless network access method, device, equipment and system
CN109547471B (en) Network communication method and device
CN112711774B (en) Data processing method, device, equipment and storage medium
CN110245144B (en) Protocol data management method, device, storage medium and system
CN108964903B (en) Password storage method and device
WO2021208615A1 (en) User invitation method and apparatus, computer device, and computer readable storage medium
CN110826103B (en) Method, device, equipment and storage medium for processing document authority based on blockchain
CN108769992B (en) User authentication method, device, terminal and storage medium
CN112003879B (en) Data transmission method for virtual scene, computer device and storage medium
CN110597924B (en) Block chain-based user identification processing method, device, equipment and storage medium
CN112073421B (en) Communication processing method, communication processing device, terminal and storage medium
CN112417425A (en) Equipment authentication method, device, system, terminal equipment and storage medium
CN113821835B (en) Key management method, key management device and computing equipment
CN110598386B (en) Block chain-based data processing method, device, equipment and storage medium
CN111404991A (en) Method, device, electronic equipment and medium for acquiring cloud service
CN110677262B (en) Information notarization method, device and system based on blockchain
CN110365501B (en) Method and device for group joining processing based on graphic code
CN111212074B (en) Blockchain-based qualification identification method, device, equipment and storage medium
CN113821821B (en) Security architecture system, cryptographic operation method of security architecture system and computing device
CN113852459B (en) Key agreement method, device and computer readable storage medium
CN110597840A (en) Partner relationship establishing method, device, equipment and storage medium based on block chain
CN111935166B (en) Communication authentication method, system, electronic device, server, and storage medium
CN108683684B (en) Method, device and system for logging in target instant messaging application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant