CN114362925A - Key negotiation method, device and terminal - Google Patents
Key negotiation method, device and terminal Download PDFInfo
- Publication number
- CN114362925A CN114362925A CN202011053642.XA CN202011053642A CN114362925A CN 114362925 A CN114362925 A CN 114362925A CN 202011053642 A CN202011053642 A CN 202011053642A CN 114362925 A CN114362925 A CN 114362925A
- Authority
- CN
- China
- Prior art keywords
- key
- calling
- message
- identity
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 238000012545 processing Methods 0.000 claims description 27
- 230000006870 function Effects 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 16
- 238000012790 confirmation Methods 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 abstract description 11
- 238000004891 communication Methods 0.000 description 15
- 239000002699 waste material Substances 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 2
- NEEFMPSSNFRRNC-HQUONIRXSA-N pasireotide aspartate Chemical compound OC(=O)[C@@H](N)CC(O)=O.OC(=O)[C@@H](N)CC(O)=O.C([C@H]1C(=O)N2C[C@@H](C[C@H]2C(=O)N[C@H](C(=O)N[C@H](CC=2C3=CC=CC=C3NC=2)C(=O)N[C@H](C(N[C@@H](CC=2C=CC(OCC=3C=CC=CC=3)=CC=2)C(=O)N1)=O)CCCCN)C=1C=CC=CC=1)OC(=O)NCCN)C1=CC=CC=C1 NEEFMPSSNFRRNC-HQUONIRXSA-N 0.000 description 2
- 229940050423 signifor Drugs 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a key agreement method, a device and a terminal, wherein the key agreement method comprises the following steps: determining a first public key and a first private key of a calling terminal; obtaining a second public key of the called terminal according to the blockchain certificate of the called terminal; obtaining a shared secret key according to the first private key and the second public key; and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal. The scheme can realize the information acquisition according to the block chain certificate, thereby avoiding the mutual trust problem among multiple CAs; in addition, the calling message can be directly obtained according to the first public key and the shared key, and the operation does not need to be carried out by using an asymmetric key algorithm twice, so that the operation amount of shared key negotiation is reduced; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a key agreement method, an apparatus, and a terminal.
Background
IP-based multimedia communications, including VoIP, have become the mainstream of real-time communications. Due to the connectionless and publicly accessible nature of IP networks, VoIP communications are vulnerable to a variety of attacks, including the possibility of voice interception (breach of confidentiality) and voice data tampering (breach of integrity). In this regard, a series of standards have been established to secure VoIP communications: [1] SRTP (secure real-time transport protocol) is defined to encrypt and protect the integrity of RTP (real-time transport protocol) or RTCP (real-time transport control protocol) packets carrying multimedia; [2] a protocol framework is designed for both VoIP communication parties to establish a common Key TGK (Traffic-encryption Key) Generation Key. The TGK may further derive a TEK (Traffic-encrypting key) key for SRTP to secure RTP or RTCP packets.
Specifically, three methods of generating the key TGK are defined: (1) based on a preset key; (2) encrypting a transfer key TGK based on a public key; (3) the TGK is generated based on DH (Diffie-Hellmen) key exchange protocol negotiation.
As described above, the key set in advance is required to be configured in advance in both communication parties, and therefore, the key set in advance can be used only in a small range. The methods of generating the key TGK used on a large scale are the above-mentioned method (2) and method (3). The method (3) is a scheme for generating the TGK based on DH key exchange protocol negotiation, and is specifically shown in fig. 1:
the scheme mainly involves the exchange of DH public keys by both calling and called parties, as shown in the figure, the calling party sends an I _ MESSAGE MESSAGE containing the DH public key to the called party, as a response, the called party sends an R _ MESSAGE MESSAGE containing the DH public key to the calling party, and then both parties generate a shared key TGK by adopting a DH key negotiation algorithm (logarithm operation).
The I _ MESSAGE includes: message header HDR, timestamp T, random number RAND, caller id IDi and its certificate CERTi, callee id IDr, security policy identification SP, public key DHi, digital signature SIGNi for the entire message.
Where the time stamp T is used to prevent replay attacks and the random number RAND is used to increase the freshness of the key TEK when derived from the key TGK. The caller generates a random number xi as the private key of DH and calculates the corresponding public key DHi gxi. The caller signs the I _ MESSAGE with the private key corresponding to the public key in his certificate to generate SIGNi to ensure that it has not been tampered with.
After receiving the I _ MESSAGE, the called party verifies the digital signature using the public key in the caller certificate, ensuring that the received public key DHi has not been tampered with. The called party generates a random number xr as a DH private key and calculates a corresponding public key DHr ═ gxr. The callee generates a key TGK, which is then DH calculated using its own private key xr and the caller's public key DHi, i.e. TGK gxrxi。
The called party generates an R MESSAGE comprising a header HDR, a timestamp T, a random number RAND, a called identity IDr and its certificate CERTr, a calling identity IDi, a called public key DHr, a calling public key DHi, a digital signature SIGNi for the whole MESSAGE.
After receiving the R _ MESSAGE, the caller verifies the digital signature using the public key in the called certificate, ensuring that the received public key DHr has not been tampered. The caller generates a secret key TGK, and performs DH operation by using its own private key xi and the public key DHr of the callee, i.e. TGK gxixr。
The whole solution relies entirely on PKI (public key infrastructure) and the caller needs to sign the whole message with its own private key. The called party needs to authenticate the message using the public key of the calling party. In addition to the signature requiring an asymmetric algorithm, the DH operation is also an asymmetric algorithm. Therefore, the calling party and the called party need to use two times of asymmetric key algorithm for operation.
However, with the above method (3), since there are multiple CAs (authorization centers) in the public key infrastructure PKI in practice, the existence of multiple CAs brings about a problem of mutual trust between CAs; the calling party and the called party need to use two times of asymmetric key algorithms to carry out operation, so that the operation amount is large; in addition, two message exchanges between the calling party and the called party are required to be completed to generate the key TGK, which results in long time delay.
From the above, the existing scheme for sharing key negotiation has the problems of small application range, mutual trust between CAs, large computation amount, long time delay and the like.
Disclosure of Invention
The invention aims to provide a key agreement method, a device and a terminal, which are used for solving the problems of mutual trust between CA, large computation amount and the like in the shared key agreement scheme in the prior art.
In order to solve the above technical problem, an embodiment of the present invention provides a key agreement method, applied to a calling terminal, including:
determining a first public key and a first private key of the calling terminal;
obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
obtaining a shared secret key according to the first private key and the second public key;
and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal.
Optionally, the obtaining the second public key of the called terminal according to the blockchain certificate of the called terminal includes:
acquiring a block chain certificate of the called terminal from a block chain according to the identity of the called terminal;
and obtaining a second public key of the called terminal according to the block chain certificate.
Optionally, the calling message includes a message authentication code;
the obtaining of the calling message according to the first public key and the shared key includes:
and obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity identifier, the called identity identifier, the security policy identifier and the first public key.
Optionally, the obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key includes:
obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Optionally, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identifier, and a first public key.
The embodiment of the invention also provides a key negotiation method, which is applied to a called terminal and comprises the following steps:
receiving a calling message sent by a calling terminal;
obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
verifying the message authentication code in the calling message according to the shared secret key;
and confirming that the shared key is the target shared key under the condition of passing the verification.
Optionally, the message authentication code is obtained according to the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and the first public key.
Optionally, the message authentication code is obtained by using a formula one according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Optionally, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identifier, and a first public key.
Optionally, before receiving the calling message sent by the calling terminal, the method further includes:
and writing the second public key and the identity of the called terminal into the block chain in a block chain certificate mode.
The embodiment of the present invention further provides a key agreement device, applied to a calling terminal, including:
the first determining module is used for determining a first public key and a first private key of the calling terminal;
the first processing module is used for obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
the second processing module is used for obtaining a shared key according to the first private key and the second public key;
and the third processing module is used for obtaining the calling message according to the first public key and the shared secret key and sending the calling message to the called terminal.
Optionally, the first processing module includes:
the first obtaining submodule is used for obtaining the block chain certificate of the called terminal from a block chain according to the identity of the called terminal;
and the first processing submodule is used for obtaining a second public key of the called terminal according to the block chain certificate.
Optionally, the calling message includes a message authentication code;
the third processing module comprises:
and the second processing submodule is used for obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key.
Optionally, the obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key includes:
obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Optionally, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identifier, and a first public key.
The embodiment of the invention also provides a key negotiation device, which is applied to a called terminal and comprises the following steps:
the first receiving module is used for receiving a calling message sent by a calling terminal;
the fourth processing module is used for obtaining a shared key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
the first verification module is used for verifying the message authentication code in the calling message according to the shared secret key;
and the first confirmation module is used for confirming that the shared secret key is the target shared secret key under the condition of passing the verification.
Optionally, the message authentication code is obtained according to the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and the first public key.
Optionally, the message authentication code is obtained by using a formula one according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Optionally, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identifier, and a first public key.
Optionally, the method further includes:
and the fifth processing module is used for writing the second public key and the identity of the called terminal into the block chain in a block chain certificate mode before receiving the calling message sent by the calling terminal.
The embodiment of the invention also provides a terminal, which is a calling terminal and comprises: a processor and a transceiver;
the processor is used for determining a first public key and a first private key of the calling terminal;
obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
obtaining a shared secret key according to the first private key and the second public key;
and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal by using the transceiver.
Optionally, the processor is specifically configured to:
acquiring a block chain certificate of the called terminal from a block chain according to the identity of the called terminal;
and obtaining a second public key of the called terminal according to the block chain certificate.
Optionally, the calling message includes a message authentication code;
the obtaining of the calling message according to the first public key and the shared key includes:
and obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity identifier, the called identity identifier, the security policy identifier and the first public key.
Optionally, the obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key includes:
obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Optionally, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identifier, and a first public key.
The embodiment of the invention also provides a terminal, which is a called terminal and comprises: a processor and a transceiver;
the processor is used for receiving a calling message sent by a calling terminal through the transceiver;
obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
verifying the message authentication code in the calling message according to the shared secret key;
and confirming that the shared key is the target shared key under the condition of passing the verification.
Optionally, the message authentication code is obtained according to the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and the first public key.
Optionally, the message authentication code is obtained by using a formula one according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Optionally, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identifier, and a first public key.
Optionally, the processor is further configured to:
and before receiving the calling message sent by the calling terminal, writing the second public key and the identity of the called terminal into the blockchain in a manner of a blockchain certificate.
The embodiment of the invention also provides a terminal, which comprises a memory, a processor and a program which is stored on the memory and can be operated on the processor; the processor implements the key negotiation method of the calling terminal side when executing the program; or, the processor implements the key agreement method on the called terminal side when executing the program.
The embodiment of the invention also provides a readable storage medium, which stores a program, and the program realizes the steps in the key negotiation method of the calling terminal side when being executed by a processor; alternatively, the program implements the steps in the above-described key agreement method on the called terminal side when executed by the processor.
The technical scheme of the invention has the following beneficial effects:
in the above scheme, the key agreement method determines a first public key and a first private key of the calling terminal; obtaining a second public key of the called terminal according to the block chain certificate of the called terminal; obtaining a shared secret key according to the first private key and the second public key; obtaining a calling message according to the first public key and the shared key, and sending the calling message to the called terminal; the information can be acquired according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the calling message can be directly obtained according to the first public key and the shared key, and the operation does not need to be carried out by using an asymmetric key algorithm twice, so that the operation amount of shared key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme can support and realize that the called terminal does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
Drawings
FIG. 1 is a diagram illustrating a key agreement scheme in the prior art;
fig. 2 is a first flowchart of a key agreement method according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a key agreement method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a specific implementation flow of a key agreement method according to an embodiment of the present invention;
FIG. 5 is a first schematic structural diagram of a key agreement device according to an embodiment of the present invention;
FIG. 6 is a second schematic structural diagram of a key agreement device according to an embodiment of the present invention;
fig. 7 is a first schematic structural diagram of a terminal according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a terminal structure according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
Aiming at the problems of mutual trust between CA, large computation amount and the like in the shared key negotiation scheme in the prior art, the invention provides a key negotiation method which is applied to a calling terminal and comprises the following steps as shown in figure 2:
step 21: determining a first public key and a first private key of the calling terminal;
step 22: obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
step 23: obtaining a shared secret key according to the first private key and the second public key;
step 24: and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal.
The first public key may be a first DH (Diffie-Hellman) public key, the first private key may be a first DH private key, the second public key may be a second DH public key, and the second private key may be a second DH private key, which is described below, but is not limited thereto.
The key negotiation method provided by the embodiment of the invention determines a first public key and a first private key of the calling terminal; obtaining a second public key of the called terminal according to the block chain certificate of the called terminal; obtaining a shared secret key according to the first private key and the second public key; obtaining a calling message according to the first public key and the shared key, and sending the calling message to the called terminal; the information can be acquired according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the calling message can be directly obtained according to the first public key and the shared key, and the operation does not need to be carried out by using an asymmetric key algorithm twice, so that the operation amount of shared key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme can support and realize that the called terminal does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
The obtaining of the second public key of the called terminal according to the blockchain certificate of the called terminal includes: acquiring a block chain certificate of the called terminal from a block chain according to the identity of the called terminal; and obtaining a second public key of the called terminal according to the block chain certificate.
In the embodiment of the invention, the calling message comprises a message authentication code; the obtaining of the calling message according to the first public key and the shared key includes: and obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity identifier, the called identity identifier, the security policy identifier and the first public key.
Wherein the message authentication code MAC can be used for the called terminal to verify the integrity of the calling message.
Specifically, the obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key includes: obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I; wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Where the timestamp T may be used to prevent replay attacks and the random number RAND may be used to increase the freshness of the caller messages.
In the embodiment of the present invention, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
Wherein the determining the first public key and the first private key of the calling terminal comprises: generating a random number as the first private key; and obtaining the first public key according to the first private key.
Specifically, the obtaining the first public key according to the first private key includes: obtaining the first public key according to the first private key by adopting a formula I; wherein, the first formula is: DHi ═ gxi(ii) a DHi denotes the first public key; g denotes a constant and xi denotes the first private key.
In this embodiment of the present invention, obtaining a shared key according to the first private key and the second public key includes: obtaining a shared key according to the first private key and the second public key by adopting a formula II and a formula III; wherein, the formula two and the formula three are respectively: DHr ═ gxr;
TGK=(DHr)xi=gxrxi(ii) a TGK represents the shared key; xi represents the first private key; DHr represents the second public key; xr represents a random number generated by the called terminal.
An embodiment of the present invention further provides a key agreement method, applied to a called terminal, as shown in fig. 3, including:
step 31: receiving a calling message sent by a calling terminal;
step 32: obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
step 33: verifying the message authentication code in the calling message according to the shared secret key;
step 34: and confirming that the shared key is the target shared key under the condition of passing the verification.
The second private key may specifically be a second DH private key, the first public key may specifically be a first DH public key, the first private key related to the following description may specifically be a first DH private key, and the second public key may specifically be a second DH public key, but the disclosure is not limited thereto.
The key negotiation method provided by the embodiment of the invention receives a calling message sent by a calling terminal; obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message; verifying the message authentication code in the calling message according to the shared secret key; confirming that the shared key is a target shared key under the condition that the verification is passed; the calling terminal can be supported to acquire information according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the scheme can directly obtain the shared secret key by the second private key and the first public key without using an asymmetric secret key algorithm twice, so that the calculation amount of shared secret key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
The message authentication code is obtained according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key.
Specifically, the message authentication code is obtained by using a formula one according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key; wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
Where the timestamp T may be used to prevent replay attacks and the random number RAND may be used to increase the freshness of the caller messages.
In the embodiment of the present invention, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
Further, before receiving the calling message sent by the calling terminal, the method further includes: and writing the second public key and the identity of the called terminal into the block chain in a block chain certificate mode.
Therefore, the calling terminal can be further supported to acquire information by adopting the block chain certificate so as to solve the mutual trust problem among the multiple CAs.
The key agreement method provided by the embodiment of the present invention is further described below with reference to multiple sides, such as the calling terminal and the called terminal, where the shared key is the TGK, and the first public key, the first private key, the second public key, and the second private key are DH keys.
To solve the foregoing technical problem, an embodiment of the present invention provides a key agreement method, which may be specifically implemented as a block chain-based (DH) key agreement scheme, and relates to: the DH public key of the user and the id thereof are written into the blockchain in the form of a blockchain certificate (for the management of the blockchain certificate format and the blockchain certificate, reference may be made to the existing method, which is not described herein again). Before the calling terminal sends an I _ MESSAGE (i.e., the calling MESSAGE), it generates its own DH public and private key pair (i.e., the first public key and the first private key), and may also find a blockchain certificate corresponding to the called terminal from the blockchain, and uses the DH public key (i.e., the second public key) in the blockchain certificate and its own private key (i.e., the first private key) to generate a key TGK (i.e., the shared key); and integrity protecting the entire I _ MESSAGE using TGK (specifically, generating MAC using TGK). After the called terminal receives the I _ MESSAGE, the private key (i.e., the second private key) corresponding to the DH public key (i.e., the second public key) on the block chain certificate of the called terminal and the received DH public key (i.e., the first public key) of the calling terminal are used to perform DH to generate a key TGK, and the integrity of the MESSAGE (specifically, the integrity of the MESSAGE can be verified MAC) is verified by using the key TGK, so that the calling and called parties obtain a shared key TGK.
Specifically, the scheme provided by the embodiment of the present invention may be as shown in fig. 4, where the calling terminal sends an I _ MESSAGE to the called terminal, where the scheme specifically involves:
first, initial conditions: the DH public key and the ID of each user (namely the terminal) are written into the block chain in a block chain certificate mode; the user may write by himself or by an operator, which is not limited herein.
Secondly, the block chain based DH key negotiation process includes:
(1) before sending the I _ MESSAGE, the calling terminal generates a random number xi as a DH private key (i.e., the first private key), and calculates to obtain a corresponding public key (i.e., the first public key) DHi ═ gxi. The calling terminal finds the blockchain certificate of the called terminal from the blockchain, and obtains the DH public key DHr of the called terminal from the blockchain certificate (i.e. the second public key, where the specific DHr is g)xrWhere xr is a random number generated on the called terminal side), and generates a secret key TGK g using its own private key (i.e., the first private key) and the DH public key of the called terminal (i.e., the second public key)xrxi;
(2) The calling terminal generates an I _ MESSAGE MESSAGE according to the own public key (namely the first public key) and the key TGK, and sends the I _ MESSAGE MESSAGE to the called terminal. Specifically, the I _ MESSAGE includes: specifically, integrity protection is performed on the whole message by using a key TGK, specifically, integrity operation can be performed by using the TGK to obtain a MAC, and a formula for calculating the MAC specifically can be as follows:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
here HASH is a HASH function such as SHA-256. ║ denotes a concatenation of information for indicating the concatenation of information.
(3) After receiving the I _ MESSAGE, the called terminal generates a key TGK using its own private key (i.e., the second private key) and the received public key DHi (i.e., the first public key), where the specific TGK is (DHi)xr=gxixrThen, the key TGK is used for verifying the MAC, if the verification is successful, the I _ MESSAGE MESSAGE is not tampered and the received key TGK is correct; so that both parties know the key TGK.
In the embodiment of the present invention, the called terminal does not return the R _ MESSAGE (i.e., the called MESSAGE corresponding to the calling MESSAGE) to the calling terminal.
As can be seen from the above, in the scheme provided in the embodiment of the present invention: the DH public key and the identity of each user are written into the block chain in a block chain certificate mode respectively, so that the multi-CA trust problem is solved; because the I _ MESSAGE MESSAGE is subjected to integrity protection by using the key TGK instead of using a digital signature, the computation amount is remarkably reduced compared with that of the existing DH-based key negotiation scheme; because the calling party and the called party only need to execute the operation of an asymmetric key algorithm once, and because the DH public key of the called party on the block chain is directly used for generating the key TGK, the R _ MESSAGE MESSAGE is omitted, thereby reducing the communication delay.
An embodiment of the present invention further provides a key agreement device, applied to a calling terminal, as shown in fig. 5, including:
a first determining module 51, configured to determine a first public key and a first private key of the calling terminal;
the first processing module 52 is configured to obtain a second public key of the called terminal according to the blockchain certificate of the called terminal;
the second processing module 53 is configured to obtain a shared secret key according to the first private key and the second public key;
and a third processing module 54, configured to obtain a calling message according to the first public key and the shared secret key, and send the calling message to the called terminal.
The key negotiation device provided by the embodiment of the invention determines a first public key and a first private key of the calling terminal; obtaining a second public key of the called terminal according to the block chain certificate of the called terminal; obtaining a shared secret key according to the first private key and the second public key; obtaining a calling message according to the first public key and the shared key, and sending the calling message to the called terminal; the information can be acquired according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the calling message can be directly obtained according to the first public key and the shared key, and the operation does not need to be carried out by using an asymmetric key algorithm twice, so that the operation amount of shared key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme can support and realize that the called terminal does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
Wherein the first processing module comprises: the first obtaining submodule is used for obtaining the block chain certificate of the called terminal from a block chain according to the identity of the called terminal; and the first processing submodule is used for obtaining a second public key of the called terminal according to the block chain certificate.
In the embodiment of the invention, the calling message comprises a message authentication code; the third processing module comprises: and the second processing submodule is used for obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key.
Specifically, the obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key includes: obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I; wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
In the embodiment of the present invention, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
The implementation embodiments of the key agreement method on the calling terminal side are all applicable to the embodiment of the key agreement device, and the same technical effects can be achieved.
An embodiment of the present invention further provides a key agreement device, applied to a called terminal, as shown in fig. 6, including:
a first receiving module 61, configured to receive a calling message sent by a calling terminal;
a fourth processing module 62, configured to obtain a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
a first verification module 63, configured to verify a message authentication code in the calling message according to the shared key;
and a first confirming module 64, configured to confirm that the shared key is the target shared key if the verification passes.
The key negotiation device provided by the embodiment of the invention receives a calling message sent by a calling terminal; obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message; verifying the message authentication code in the calling message according to the shared secret key; confirming that the shared key is a target shared key under the condition that the verification is passed; the calling terminal can be supported to acquire information according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the scheme can directly obtain the shared secret key by the second private key and the first public key without using an asymmetric secret key algorithm twice, so that the calculation amount of shared secret key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
The message authentication code is obtained according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key.
Specifically, the message authentication code is obtained by using a formula one according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key; wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
In the embodiment of the present invention, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
Further, the key agreement apparatus further includes: and the fifth processing module is used for writing the second public key and the identity of the called terminal into the block chain in a block chain certificate mode before receiving the calling message sent by the calling terminal.
The implementation embodiments of the key agreement method on the called terminal side are all applicable to the embodiment of the key agreement device, and the same technical effects can be achieved.
An embodiment of the present invention further provides a terminal, where the terminal is a calling terminal, and as shown in fig. 7, the terminal includes: a processor 71 and a transceiver 72;
the processor 71 is configured to determine a first public key and a first private key of the calling terminal;
obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
obtaining a shared secret key according to the first private key and the second public key;
and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal by using the transceiver 72.
The terminal provided by the embodiment of the invention determines a first public key and a first private key of the calling terminal; obtaining a second public key of the called terminal according to the block chain certificate of the called terminal; obtaining a shared secret key according to the first private key and the second public key; obtaining a calling message according to the first public key and the shared key, and sending the calling message to the called terminal; the information can be acquired according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the calling message can be directly obtained according to the first public key and the shared key, and the operation does not need to be carried out by using an asymmetric key algorithm twice, so that the operation amount of shared key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme can support and realize that the called terminal does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
Wherein the processor is specifically configured to: acquiring a block chain certificate of the called terminal from a block chain according to the identity of the called terminal; and obtaining a second public key of the called terminal according to the block chain certificate.
In the embodiment of the invention, the calling message comprises a message authentication code; the obtaining of the calling message according to the first public key and the shared key includes: and obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity identifier, the called identity identifier, the security policy identifier and the first public key.
Specifically, the obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key includes: obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I; wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
In the embodiment of the present invention, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
The implementation embodiments of the key agreement method on the calling terminal side are all applicable to the embodiment of the terminal, and the same technical effects can be achieved.
An embodiment of the present invention further provides a terminal, where the terminal is a called terminal, and as shown in fig. 8, the terminal includes: a processor 81 and a transceiver 82;
the processor 81 is configured to receive a calling message sent by a calling terminal through the transceiver 82;
obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
verifying the message authentication code in the calling message according to the shared secret key;
and confirming that the shared key is the target shared key under the condition of passing the verification.
The terminal provided by the embodiment of the invention receives the calling message sent by the calling terminal; obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message; verifying the message authentication code in the calling message according to the shared secret key; confirming that the shared key is a target shared key under the condition that the verification is passed; the calling terminal can be supported to acquire information according to the block chain certificate, so that the mutual trust problem among multiple CAs is avoided; in addition, the scheme can directly obtain the shared secret key by the second private key and the first public key without using an asymmetric secret key algorithm twice, so that the calculation amount of shared secret key negotiation is reduced; in addition, the scheme does not need to be configured in advance any more so as to be suitable for various shared key negotiation scenes and further ensure the application range; furthermore, the scheme does not need to feed back the corresponding called message to the calling terminal, thereby avoiding resource waste and reducing communication time delay; the problems that mutual trust between CAs exists in a shared key negotiation scheme in the prior art, the calculation amount is large and the like are well solved.
The message authentication code is obtained according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key.
Specifically, the message authentication code is obtained by using a formula one according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key; wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
In the embodiment of the present invention, the calling message further includes the shared secret key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
Further, the processor is further configured to: and before receiving the calling message sent by the calling terminal, writing the second public key and the identity of the called terminal into the blockchain in a manner of a blockchain certificate.
The implementation embodiments of the key agreement method on the called terminal side are all applicable to the embodiment of the terminal, and the same technical effect can be achieved.
The embodiment of the invention also provides a terminal, which comprises a memory, a processor and a program which is stored on the memory and can be operated on the processor; the processor implements the key negotiation method of the calling terminal side when executing the program; or, the processor implements the key agreement method on the called terminal side when executing the program.
The implementation embodiments of the key agreement method on the calling terminal side or the called terminal side are all applicable to the embodiment of the terminal, and the same technical effects can be achieved correspondingly.
The embodiment of the invention also provides a readable storage medium, which stores a program, and the program realizes the steps in the key negotiation method of the calling terminal side when being executed by a processor; alternatively, the program implements the steps in the above-described key agreement method on the called terminal side when executed by the processor.
The implementation embodiments of the key agreement method at the calling terminal side or the called terminal side are all applicable to the embodiment of the readable storage medium, and the same technical effects can be achieved.
It should be noted that many of the functional components described in this specification are referred to as modules/sub-modules in order to more particularly emphasize their implementation independence.
In embodiments of the invention, the modules/sub-modules may be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be constructed as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different bits which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of executable code may be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices. Likewise, operational data may be identified within the modules and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
When a module can be implemented by software, considering the level of existing hardware technology, a module implemented by software may build a corresponding hardware circuit to implement a corresponding function, without considering cost, and the hardware circuit may include a conventional Very Large Scale Integration (VLSI) circuit or a gate array and an existing semiconductor such as a logic chip, a transistor, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
While the preferred embodiments of the present invention have been described, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (24)
1. A key negotiation method is applied to a calling terminal, and is characterized by comprising the following steps:
determining a first public key and a first private key of the calling terminal;
obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
obtaining a shared secret key according to the first private key and the second public key;
and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal.
2. The key agreement method according to claim 1, wherein the obtaining the second public key of the called terminal according to the blockchain certificate of the called terminal comprises:
acquiring a block chain certificate of the called terminal from a block chain according to the identity of the called terminal;
and obtaining a second public key of the called terminal according to the block chain certificate.
3. The key agreement method according to claim 1 or 2, characterized in that the calling message includes a message authentication code;
the obtaining of the calling message according to the first public key and the shared key includes:
and obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity identifier, the called identity identifier, the security policy identifier and the first public key.
4. The key agreement method according to claim 3, wherein the obtaining the message authentication code according to the shared key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key comprises:
obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
5. The key agreement method according to claim 3, wherein the calling message further includes the shared key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
6. A key negotiation method is applied to a called terminal, and is characterized by comprising the following steps:
receiving a calling message sent by a calling terminal;
obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
verifying the message authentication code in the calling message according to the shared secret key;
and confirming that the shared key is the target shared key under the condition of passing the verification.
7. The key agreement method according to claim 6, wherein the message authentication code is obtained from the shared key, a message header, a timestamp, a random number, a caller id, a callee id, a security policy id, and the first public key.
8. The key agreement method according to claim 7, wherein the message authentication code is obtained by using formula one according to the shared key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
9. The key agreement method according to claim 7 or 8, wherein the calling message further comprises the shared key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
10. The key agreement method according to claim 6, further comprising, before receiving the calling message sent by the calling terminal:
and writing the second public key and the identity of the called terminal into the block chain in a block chain certificate mode.
11. A key agreement device applied to a calling terminal is characterized by comprising:
the first determining module is used for determining a first public key and a first private key of the calling terminal;
the first processing module is used for obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
the second processing module is used for obtaining a shared key according to the first private key and the second public key;
and the third processing module is used for obtaining the calling message according to the first public key and the shared secret key and sending the calling message to the called terminal.
12. The key agreement device according to claim 11, wherein the first processing module comprises:
the first obtaining submodule is used for obtaining the block chain certificate of the called terminal from a block chain according to the identity of the called terminal;
and the first processing submodule is used for obtaining a second public key of the called terminal according to the block chain certificate.
13. The key agreement device according to claim 11 or 12, wherein the calling message includes a message authentication code;
the third processing module comprises:
and the second processing submodule is used for obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key.
14. The key agreement device of claim 13, wherein the obtaining the message authentication code according to the shared key, the message header, the timestamp, the random number, the caller id, the callee id, the security policy id, and the first public key comprises:
obtaining the message authentication code according to the shared secret key, the message header, the timestamp, the random number, the calling identity, the called identity, the security policy identity and the first public key by adopting a formula I;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
15. The key agreement device of claim 13, wherein the calling message further comprises the shared key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and a first public key.
16. A key agreement device applied to a called terminal is characterized by comprising:
the first receiving module is used for receiving a calling message sent by a calling terminal;
the fourth processing module is used for obtaining a shared key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
the first verification module is used for verifying the message authentication code in the calling message according to the shared secret key;
and the first confirmation module is used for confirming that the shared secret key is the target shared secret key under the condition of passing the verification.
17. The key agreement device of claim 16, wherein the message authentication code is derived from the shared key, a message header, a timestamp, a random number, a caller id, a callee id, a security policy id, and the first public key.
18. The key agreement device of claim 17, wherein the message authentication code is obtained according to the shared key, a message header, a timestamp, a random number, a caller id, a callee id, a security policy id, and a first public key, using formula one;
wherein, the first formula is:
MAC=HASH(TGK,HDR║T║RAND║[IDi]║[IDr]║{SP}║DHi);
MAC represents the message authentication code; HASH represents a HASH function; TGK represents the shared key; HDR denotes the message header; t represents the time stamp; RAND denotes the random number; [ IDi ] represents the caller ID; [ IDr ] represents the called identity; { SP } represents the security policy identity; DHi denotes the first public key; ║ denotes a concatenation of information.
19. The key agreement device according to claim 17 or 18, wherein the calling message further comprises the shared key, a message header, a timestamp, a random number, a calling identity, a called identity, a security policy identity, and the first public key.
20. The key agreement device according to claim 16, further comprising:
and the fifth processing module is used for writing the second public key and the identity of the called terminal into the block chain in a block chain certificate mode before receiving the calling message sent by the calling terminal.
21. A terminal, the terminal being a calling terminal, the terminal comprising: a processor and a transceiver;
the processor is used for determining a first public key and a first private key of the calling terminal;
obtaining a second public key of the called terminal according to the block chain certificate of the called terminal;
obtaining a shared secret key according to the first private key and the second public key;
and obtaining a calling message according to the first public key and the shared secret key, and sending the calling message to the called terminal by using the transceiver.
22. A terminal, the terminal being a called terminal, the terminal comprising: a processor and a transceiver;
the processor is used for receiving a calling message sent by a calling terminal through the transceiver;
obtaining a shared secret key according to the second private key of the called terminal and the first public key of the calling terminal in the calling message;
verifying the message authentication code in the calling message according to the shared secret key;
and confirming that the shared key is the target shared key under the condition of passing the verification.
23. A terminal comprising a memory, a processor, and a program stored on the memory and executable on the processor; wherein the processor implements the key agreement method according to any one of claims 1 to 5 when executing the program; alternatively, the first and second electrodes may be,
the processor, when executing the program, implements the key agreement method of any one of claims 6 to 10.
24. A readable storage medium on which a program is stored, the program, when executed by a processor, implementing the steps in the key agreement method according to any one of claims 1 to 5; alternatively, the first and second electrodes may be,
the program when executed by a processor implementing the steps in the key agreement method according to any one of claims 6 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011053642.XA CN114362925A (en) | 2020-09-29 | 2020-09-29 | Key negotiation method, device and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011053642.XA CN114362925A (en) | 2020-09-29 | 2020-09-29 | Key negotiation method, device and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114362925A true CN114362925A (en) | 2022-04-15 |
Family
ID=81089748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011053642.XA Pending CN114362925A (en) | 2020-09-29 | 2020-09-29 | Key negotiation method, device and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114362925A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499223A (en) * | 2022-09-20 | 2022-12-20 | 贵州电网有限责任公司 | Key exchange method, device, electronic equipment and storage medium |
| WO2024114205A1 (en) * | 2022-11-30 | 2024-06-06 | 大唐移动通信设备有限公司 | Key negotiation method and apparatus |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
| CN106936788A (en) * | 2015-12-31 | 2017-07-07 | 北京大唐高鸿软件技术有限公司 | A kind of cryptographic key distribution method suitable for VOIP voice encryptions |
| CN109728898A (en) * | 2019-03-08 | 2019-05-07 | 湖南师范大学 | Internet-of-things terminal safety communicating method based on block chain technology |
| CN110417553A (en) * | 2019-08-07 | 2019-11-05 | 北京阿尔山区块链联盟科技有限公司 | Secure Multi-Party communication means, device and user terminal |
| US20200092113A1 (en) * | 2018-09-19 | 2020-03-19 | Synaptics Incorporated | Method and System For Securing In-Vehicle Ethernet Links |
| US20200220725A1 (en) * | 2019-01-09 | 2020-07-09 | HCL America, Inc. | System and method for authenticating a caller of a telephonic call |
-
2020
- 2020-09-29 CN CN202011053642.XA patent/CN114362925A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101005359A (en) * | 2006-01-18 | 2007-07-25 | 华为技术有限公司 | Method and device for realizing safety communication between terminal devices |
| CN106936788A (en) * | 2015-12-31 | 2017-07-07 | 北京大唐高鸿软件技术有限公司 | A kind of cryptographic key distribution method suitable for VOIP voice encryptions |
| US20200092113A1 (en) * | 2018-09-19 | 2020-03-19 | Synaptics Incorporated | Method and System For Securing In-Vehicle Ethernet Links |
| US20200220725A1 (en) * | 2019-01-09 | 2020-07-09 | HCL America, Inc. | System and method for authenticating a caller of a telephonic call |
| CN109728898A (en) * | 2019-03-08 | 2019-05-07 | 湖南师范大学 | Internet-of-things terminal safety communicating method based on block chain technology |
| CN110417553A (en) * | 2019-08-07 | 2019-11-05 | 北京阿尔山区块链联盟科技有限公司 | Secure Multi-Party communication means, device and user terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499223A (en) * | 2022-09-20 | 2022-12-20 | 贵州电网有限责任公司 | Key exchange method, device, electronic equipment and storage medium |
| WO2024114205A1 (en) * | 2022-11-30 | 2024-06-06 | 大唐移动通信设备有限公司 | Key negotiation method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11108565B2 (en) | Secure communications providing forward secrecy | |
| JP7119040B2 (en) | Data transmission method, device and system | |
| US7861097B2 (en) | Secure implementation and utilization of device-specific security data | |
| EP2707988B1 (en) | Discovery of security associations for key management relying on public keys | |
| EP2700187B1 (en) | Discovery of security associations | |
| US20230155816A1 (en) | Internet of things security with multi-party computation (mpc) | |
| US20140281500A1 (en) | Systems, methods and apparatuses for remote attestation | |
| US11405365B2 (en) | Method and apparatus for effecting a data-based activity | |
| JP2012050066A (en) | Secure field-programmable gate array (fpga) architecture | |
| NO342744B1 (en) | Mutual authentication | |
| CN116614599B (en) | Video monitoring method, device and storage medium for secure encryption | |
| CA3107237C (en) | Key generation for use in secured communication | |
| CN114362925A (en) | Key negotiation method, device and terminal | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN114928503B (en) | Method for realizing secure channel and data transmission method | |
| CN116132025A (en) | Key negotiation method, device and communication system based on preset key group | |
| CN115766119A (en) | Communication method, communication apparatus, communication system, and storage medium | |
| US20230188330A1 (en) | System and method for identity-based key agreement for secure communication | |
| JP2004274134A (en) | Communication method, communication system using the communication method, server and client | |
| Gurbani et al. | A secure and lightweight scheme for media keying in the session initiation protocol (SIP) work in progress | |
| CN114362950A (en) | Information transmission method, device and terminal | |
| Boureanu et al. | Lurk: Server-controlled tls delegation | |
| TWI751433B (en) | Secure communication key negotiation method | |
| CN114567439B (en) | Identity authentication method and device | |
| WO2023151427A1 (en) | Quantum key transmission method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |