CN114785486A - Key generation method and device and authentication end equipment - Google Patents

Key generation method and device and authentication end equipment Download PDF

Info

Publication number
CN114785486A
CN114785486A CN202110005428.5A CN202110005428A CN114785486A CN 114785486 A CN114785486 A CN 114785486A CN 202110005428 A CN202110005428 A CN 202110005428A CN 114785486 A CN114785486 A CN 114785486A
Authority
CN
China
Prior art keywords
authentication
key
identity
authentication end
ausf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110005428.5A
Other languages
Chinese (zh)
Inventor
陈美玲
粟栗
杜海涛
冉鹏
邵京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN202110005428.5A priority Critical patent/CN114785486A/en
Publication of CN114785486A publication Critical patent/CN114785486A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Abstract

The invention provides a secret key generation method, a secret key generation device and authentication end equipment. The method comprises the following steps: after identity authentication is carried out with a second authentication end, an identity identifier in the authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end are obtained; generating a security key K according to the identity and the extended master session keyausf. By adopting the key generation method of the embodiment of the invention, the TLS handshake key exchange process is carried out between the first authentication end and the second authentication end, and after the identity authentication is finished, the security key K is generated according to the identity identifier in the authentication process and the expansion main session key authenticated between the first authentication end and the second authentication endausfThe security key KausfCan be used for encryption of subsequent data plane and user plane, so that the data plane and the user plane are encryptedIdentity information is fused in the encrypted key, and the effect of improving the security of the key material is achieved.

Description

Key generation method and device and authentication end equipment
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method and an apparatus for generating a secret key, and an authentication end device.
Background
Extensible Authentication Protocol (EAP) was first defined in RFC2284 in 1998, and more than 20 EAP-based Authentication methods have been developed.
An X509 certificate is used in an EAP-Transport Layer Security protocol (TLS) to realize Identity authentication of both communication parties, but the bottleneck problem of EAP-TLS authentication can be caused by too large certificate in the scene of Internet of things, and EAP-TLS-Identity-Based digital Signature (IBS) is a digital Signature technology of an Identity-Based cryptosystem (Identity-Based Cryptograph, IBC) technology by using an original public key to replace the X509 certificate, can be used for Identity authentication of a user, and can solve the problem of too large certificate.
The key derivation of the existing EAP-TLS-IBS still adopts a set of key materials of TLS, only the function of certificate authentication is replaced by using IBS for authentication, and the key generated by TLS handshake is still used for encryption protection after the authentication is finished, so that the key materials are single and easy to leak, and the security is at risk.
Disclosure of Invention
The technical scheme of the invention aims to provide a key generation method, a key generation device and authentication end equipment, and solves the problem that in the prior art, the key material is single and easy to leak in the authentication process, so that the safety has risks.
The embodiment of the invention provides a secret key generation method which is applied to a first authentication end, wherein the method comprises the following steps:
after identity authentication is carried out with a second authentication end, an identity identifier in the authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end are obtained;
generating a security key K according to the identity identification and the expanded main session keyausf
Optionally, in the key generation method, the identity includes an identity of the first authentication end and/or an identity of the second authentication end.
Optionally, in the key generation method, the secure key K is generated according to the identity and the extended master session keyausfThe method comprises the following steps:
a first security key K generated according to the identity of the first authentication end and the expanded main session keyausf
A second security key K generated according to the identity of the second authentication end and the expansion master session keyausf
Generating a third security key K according to the identity of the first authentication end, the identity of the second authentication end and the extended master session keyausf
Optionally, in the key generation method, a security key K is generated according to the identity and the extended master session keyausfThe method comprises the following steps:
selecting M bytes of identity identification and N bytes of the expanded main session key, and generating the security key K after logical splicingausf
Optionally, the key generation method includes selecting M bytes of an identity and N bytes of the extended master session key, and generating the secure key K after performing logical concatenationausfThe method comprises the following steps:
if the total number of the bytes of the identity identification is less than M bytes, combining the identity identification and 0 character to form M bytes;
logically splicing M bytes comprising an identity and 0 characters with N bytes in the extended master session key to generate the security key Kausf
Optionally, the method for generating a secret key, where the authenticating between the first authentication end and the second authentication end includes:
receiving first authentication information which is sent by a second authentication end and comprises a first handshake message;
responding to the first authentication information, and sending second authentication information comprising a second handshake message to the second authentication terminal; wherein, the second handshake message includes identity information of the first authentication end;
receiving third authentication information sent by a second authentication end according to the second authentication information; and the third authentication information comprises identity information of a second authentication end.
Optionally, in the key generation method, the first handshake message further includes a first random number, and the second handshake message further includes a second random number;
wherein after receiving the first authentication information, the method further comprises:
generating a master key according to the first authentication information;
and generating the expanded master session key according to the first random number, the second random number and the master key.
Optionally, in the key generation method, the first authentication end is one of a client and a server, and the second authentication end is the other of the client and the server.
The embodiment of the present invention further provides an authentication end device, where the authentication end device is a first authentication end, and the authentication end device includes a transceiver and a processor, where:
the transceiver is used for acquiring an identity identifier in an authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end after performing identity authentication with the second authentication end;
the processorFor generating a security key K according to the identity and the extended master session keyausf
The embodiment of the present invention further provides a key generation device, which is applied to a first authentication end, wherein the device includes:
the information acquisition module is used for acquiring an identity identifier in the authentication process and an extended master session key authenticated between the first authentication end and the second authentication end after the identity authentication is carried out with the second authentication end;
a processing module for generating a security key K according to the ID and the extended master session keyausf
An embodiment of the present invention further provides an authentication device, where the authentication device includes: a processor, a memory and a program stored on the memory and executable on the processor, the program, when executed by the processor, implementing a key generation method as claimed in any one of the above.
An embodiment of the present invention further provides a readable storage medium, where the readable storage medium stores a program, and the program, when executed by a processor, implements the steps of the key generation method described in any one of the above.
At least one of the above technical solutions of the present invention has the following beneficial effects:
by adopting the key generation method of the embodiment of the invention, the TLS handshake key exchange process is carried out between the first authentication end and the second authentication end, and after the identity authentication is finished, the security key K is generated according to the identity identifier in the authentication process and the expansion main session key authenticated between the first authentication end and the second authentication endausfThe security key KausfThe method can be used for encrypting the subsequent data surface and the user surface, so that the identity information is fused in the encrypted key of the data surface and the user surface, and the effect of improving the safety of the key material is achieved.
Drawings
Fig. 1 is a flowchart of one implementation of a key generation method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating an authentication procedure of EAP-TLS-IBS;
FIG. 3 is a schematic diagram of an EMSK generation process;
FIG. 4 shows a security key KausfGenerating a schematic diagram of the process;
fig. 5 is a schematic structural diagram of an authentication end device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an authentication device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an authentication device according to an embodiment of the present invention.
Detailed Description
To make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
In order to solve the problem that security is risky due to the fact that a key material is single and easy to leak in the authentication process in the prior art, an embodiment of the invention provides a key generation method, and the generated secure key K is enabled to be generated by applying an identity to the key generation process of EAP-TLS-IBSausfThe identity information is fused to ensure that the identity information is fused in the key used for encrypting the data plane and the user plane, so that the effect of improving the security of the key material is achieved.
One embodiment of the present invention provides a key generation method, which is applied to a first authentication end, and as shown in fig. 1, the method includes:
s110, after identity authentication is carried out with a second authentication end, an identity identifier in the authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end are obtained;
s120, generating a security key K according to the identity and the expansion master session keyausf
By adopting the key generation method of the embodiment of the invention, the TLS handshake key exchange process is carried out between the first authentication end and the second authentication end, and after the identity authentication is finished, the security key K is generated according to the identity identifier in the authentication process and the expansion main session key authenticated between the first authentication end and the second authentication endausfThe security key KausfCan be used for subsequent dataThe encryption of the surface and the user surface ensures that the identity information is fused in the encrypted keys of the data surface and the user surface, thereby achieving the effect of improving the safety of key materials.
To clearly illustrate the specific process of the key generation method according to the embodiment of the present invention, the following first describes the authentication process between the first authentication end and the second authentication end in detail.
In the embodiment of the present invention, an authentication process in the key generation method according to the embodiment of the present invention is described by taking a first authentication end as a server and a second authentication end as a client as an example. It should be noted that the client and the server may be bidirectional authentication, and names of the first authentication end and the second authentication end as the client and the server may be interchanged. Optionally, the key generation method according to the embodiment of the present invention is applied to an authentication procedure of EAP-TLS-IBS, and as shown in fig. 2, the authentication procedure of EAP-TLS-IBS mainly includes:
s201, a first authentication end (server) sends an EAP request to a second authentication end (client);
s202, the second authentication terminal sends first authentication information to the first authentication terminal;
s203, the first authentication terminal sends second authentication information to the second authentication terminal;
s204, the second authentication end sends third authentication information to the first authentication end;
s205, the authentication ends.
And the first authentication end and the second authentication end adopt certificates for identity verification. The certificate may be of any type supported by TLS, including the original public key, optionally used for identity authentication in EAP-TLS-IBS.
Specifically, in step S202, the first authentication information includes first handshake information, and information carried by the first handshake information includes:
a supported encryption suite;
the supported version supported _ version extension comprises a TLS protocol version number supported by the second authentication end;
a supported set supported _ groups extension comprising supported elliptic curve types;
shared key _ shared extension including public keys corresponding to each elliptic curve type in supported _ groups;
the signature algorithm signature _ algorithm is used for indicating the IBS signature algorithm supported by the second authentication terminal;
first certificate type information, which is used for indicating the certificate type that the second authentication terminal can process; it may also be referred to as service certificate type server _ certificate _ type;
second certificate type information, which is used for indicating the certificate type that the second authentication terminal can provide; it may also be referred to as a client certificate Type client _ certificate _ Type.
In this embodiment of the present invention, in step S203, the second authentication information includes second handshake information, where the second handshake information includes:
the version supported _ versions supported by the first authentication end comprise TLS protocol version numbers selected from supported _ versions sent by the second authentication end by the first authentication end;
and the shared key _ shared extension is used for indicating the target elliptic curve type selected according to the elliptic curve type sent by the second authentication terminal and the public key used for key negotiation of the first authentication terminal and calculated according to the selected target elliptic curve type.
And calculating a handshake key by using the calculated hash values of the key material and the two messages of the first handshake information and the second handshake information, wherein the message information sent in the later handshake stage is protected by the key. Further, the Application Data sent by the first authentication end to the second authentication end is encrypted by using the Application key Application _ key.
Further, the second authentication information further includes:
encrypting the Encrypted extended Extension information, wherein the first authentication end immediately sends the Encrypted extended Extension information after sending the second handshake information, and the information is first Encrypted data, comprises extended data irrelevant to key agreement and is used for indicating to the second authentication end;
service certificate type server _ certificate _ type information for indicating a certificate type in a certificate payload;
client certificate Type client _ certificate _ Type information for indicating the certificate Type required to be provided by the client;
the Certificate information comprises identity information of a first authentication end, original public key information of the first authentication end, a selected signature algorithm and a hash value of public parameters of the algorithm;
verifying Certificate Verify information, wherein the Certificate Verify information comprises a signature value obtained by performing HMAC signature on a message by adopting a first authentication end;
the Certificate request information comprises request information for requesting the second authentication terminal to send the Certificate;
and the Finished authenticated message is the last message in the identity verification stage and is used for verifying the integrity of the handshake message, and the Finished authenticated message provides key confirmation to bind the identity into the exchanged key.
Further, the second authentication information further includes Application Data, wherein the Application Data is encrypted by the Application key.
In step S204, in the step of sending, by the second authentication end, the third authentication information to the first authentication end, the third authentication information includes Certificate verification information, and an authentication Finished message.
The Certificate verification information in the third authentication information includes identity information of the second authentication end and the like.
According to the above, the identity authentication between the first authentication end and the second authentication end includes:
receiving first authentication information which is sent by a second authentication end and comprises a first handshake message;
responding to the first authentication information, and sending second authentication information comprising a second handshake message to the second authentication terminal; wherein, the second handshake message includes identity information of the first authentication end;
receiving third authentication information sent by a second authentication end according to the second authentication information; and the third authentication information comprises identity information of the second authentication end.
Through the identity authentication process between the first authentication end and the second authentication end, identity information is interacted between the first authentication end and the second authentication end, and the identity authentication method can be used for subsequent security key KausfAnd (4) generating.
Optionally, in the identity authentication process, the first handshake information further includes a first Random number Random _ C, where the first Random number Random _ C is used as a private key da selected by the second authenticator, and the second authenticator calculates a public key POINT for each elliptic curve type supported in the supported _ groups extension, that is, a public key recorded in the shared key _ shared extension; specifically, point (ha) ═ Random _ C × base point G.
Further, after receiving the first handshake information, the first authentication end selects a supported key distribution algorithm, an encryption signature algorithm, and a second random number random _ S (private key db), selects an adopted elliptic curve type, and determines a corresponding public key point (ha) of the second authentication end through a shared key _ shared, and determines a public key point (hb) for key negotiation of the first authentication end according to the second random number random _ S (or private key db) of the first authentication end and the public key of the second authentication end. The public key point (hb) ═ random _ S × base point G, calculates a master key (X, Y) ═ random _ S × Ha, selects the X coordinate as a handshake key handshake _ secret, and then encrypts a handshake message according to the selected encryption scheme.
Therefore, according to the above, a Master Key Secret may be derived from the process of performing identity authentication between the first authentication end and the second authentication end, and as shown in fig. 3, the Master Key Secret is further used as a pre-Master Key pre _ Master _ Secret in the EAP-TLS, and a Master Session Key (MSK) and an Extended Master Session Key (EMSK) may be derived from the Master Key and the first Random number Random _ C and the second Random number Random _ S in the process of performing identity authentication.
According to the above, the key generation method according to the embodiment of the present invention, after receiving the first authentication information, further includes:
generating a master key according to the first authentication information;
and generating the expanded master session key according to the first random number, the second random number and the master key.
Therefore, by using the key generation method according to the embodiment of the present invention, through the authentication process of the first authentication end (server) and the second authentication end (client), EAP-TLS-IBS completely follows the handshake process of TLS1.3, and a TLS protocol is used to carry and transfer the identity information (i.e., server id or clientID) of the client and the server. The derivation of the EMSK can be completed only after the TLS handshake is completed, meanwhile, after the TLS handshake is completed, the identity information of the client and the server is exchanged, both sides know the identity information of the opposite side, the identity in the authentication process can be obtained, the expansion main session key authenticated between the first authentication side and the second authentication side can be further obtained, and the security key Kausf can be generated according to the identity and the expansion main session key.
Optionally, the identity includes an identity of the first authentication end and/or an identity of the second authentication end.
Wherein, in step S120, the secure key K is generated according to the identity and the extended master session keyausfThe method comprises the following steps:
a first security key K generated according to the identity of the first authentication end and the extended master session keyausf
A second security key K generated according to the identity of the second authentication end and the expanded main session keyausf
Generating a third security key K according to the identity of the first authentication end, the identity of the second authentication end and the extended master session keyausf
As shown in fig. 4, at the security key KausfThe generation process comprises inputting parameters EMSK and Identity information, wherein the Identity of the first authentication end (such as client Identity server ID) and the Identity of the second authentication endThe Identity (such as clientID for the server) can be used as the input of Identity information to generate a security key Kausf
Optionally, when the Identity of the first authentication end is input as Identity information, a first security key K may be generated by combining the Identity of the first authentication end and the extended master session keyausf(ii) a When the Identity of the second authentication end is input as Identity information, a second secure key K may be generated in which the Identity of the second authentication end is combined with the extended master session keyausf(ii) a When the Identity of the first authentication end and the Identity of the second authentication end are combined and input as Identity information, a third secure key K formed by combining the Identity of the first authentication end, the Identity of the second authentication end and the expanded master session key can be generatedausf
Further, in the embodiment of the present invention, a security key K is generated according to the identity and the extended master session keyausfThe method comprises the following steps:
selecting M bytes of identity identification and N bytes of the extended main session key, and generating the security key K after logical splicingausf
By adopting the embodiment, the identity identifier of M bytes and the expanded main session key of N bytes are adopted to form the security key K according to permutation and combinationausfFor key derivation.
Optionally, the total length of the M bytes and the N bytes is 6 bytes.
Optionally, M bytes of the identity identifier and N bytes of the extended master session key are selected, and the security key K is generated after logical concatenationausfThe method comprises the following steps:
if the total number of the bytes of the identity identification is less than M bytes, combining the identity identification and 0 character to form M bytes;
logically splicing M bytes comprising an identity and 0 characters with N bytes in the extended master session key to generate the security key Kausf
Specifically, the identity and the extended master session key are logically spliced to generate a security key KausfWhen the identity is less than M bytes, 0 character is used for padding to form M bytes.
According to the key generation method provided by the embodiment of the invention, when the identity identifiers are different, three different safety keys K are respectively formed in the above modesausfAnd can be derived as three key materials, one of which can be selected according to different scenes in actual use, and optionally, the selected key material can be uniquely determined through ngKSI.
It should be noted that, the specific process of the key generation method according to the embodiment of the present invention is described above by taking the first authentication end as the server and the second authentication end as the client, and it can be understood that, when the first authentication end is the client and the second authentication end is the server, the client generates the security key K according to the identity and the extended master session key in the authentication processausfAre the same as the above-described embodiments and will not be described in detail here.
By adopting the key generation method of the embodiment of the invention, the handshake key of TLS and the original identities of the two parties are combined, so that the identity information is fused in the keys of the data plane and the user plane of the subsequent 5GS, and the key derivation process when EAP-TLS-IBS is used in the 5GS is perfected; compared with the prior art, three sets of different key materials can be derived through the identity information, and a user can select different key materials according to different scenes, so that the problem that no available key material exists due to key leakage under the condition that the key material is single is solved. In addition, the flexibility of key use is increased, a set of key materials do not need to be used for a long time, and the attack difficulty of an attacker is increased due to multiple sets of key materials.
The embodiment of the present invention further provides an authentication end device, where the authentication end device is a first authentication end, as shown in fig. 5, and includes a transceiver 510 and a processor 520, where:
the transceiver 510 is configured to, after performing identity authentication with a second authentication end, obtain an identity identifier in an authentication process and an extended master session key authenticated between the first authentication end and the second authentication end;
the processor 520 is configured to generate a security key K according to the identity and the extended master session keyausf
Optionally, the authentication end device, wherein the identity includes an identity of the first authentication end and/or an identity of the second authentication end.
Optionally, the apparatus at the authentication end, wherein the processor 520 generates a security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
a first security key K generated according to the identity of the first authentication end and the expanded main session keyausf
A second security key K generated according to the identity of the second authentication end and the expansion master session keyausf
Generating a third security key K according to the identity of the first authentication end, the identity of the second authentication end and the extended master session keyausf
Optionally, the apparatus at the authentication end, wherein the processor 520 generates a security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
selecting M bytes of identity identification and N bytes of the extended main session key, and generating the security key K after logical splicingausf
Optionally, the apparatus at the authentication end, wherein the processor 520 selects M bytes of the identity and N bytes of the extended master session key, and generates the secure key K after performing logical concatenationausfThe method comprises the following steps:
if the total number of the bytes of the identity identification is less than M bytes, combining the identity identification and 0 character to form M bytes;
m bytes including identity and 0 character and N bytes in the extended master session keyGenerating the security key K after the line logic splicingausf
Optionally, the authenticating device, where the first authenticating end and the second authenticating end perform identity authentication, includes:
receiving first authentication information including a first handshake message sent by a second authentication terminal;
responding to the first authentication information, and sending second authentication information comprising a second handshake message to the second authentication terminal; wherein, the second handshake message includes identity information of the first authentication end;
receiving third authentication information sent by a second authentication end according to the second authentication information; and the third authentication information comprises identity information of the second authentication end.
Optionally, the authenticating end device, wherein the first handshake message further includes a first random number, and the second handshake message further includes a second random number;
wherein, after receiving the first authentication information, the processor 520 is further configured to:
generating a master key according to the first authentication information;
and generating the expanded master session key according to the first random number, the second random number and the master key.
Optionally, the first authentication end is one of a client and a server, and the second authentication end is the other of the client and the server.
An embodiment of the present invention further provides a key generation apparatus, which is applied to a first authentication end, and as shown in fig. 6, the apparatus includes:
an information obtaining module 610, configured to obtain an identity identifier in an authentication process and an extended master session key authenticated between the first authentication end and the second authentication end after performing identity authentication with the second authentication end;
a processing module 620, configured to generate a security key K according to the identity and the extended master session keyausf
Optionally, the key generation apparatus may further include a second authentication end, where the identity identifier includes an identity identifier of the second authentication end and/or an identity identifier of the first authentication end.
Optionally, the key generating apparatus, wherein the processing module 620 generates a security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
a first security key K generated according to the identity of the first authentication end and the expanded main session keyausf
A second security key K generated according to the identity of the second authentication end and the expansion master session keyausf
Generating a third security key K according to the identity of the first authentication end, the identity of the second authentication end and the extended master session keyausf
Optionally, the key generating apparatus, wherein the processing module 620 generates the security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
selecting M bytes of identity identification and N bytes of the extended main session key, and generating the security key K after logical splicingausf
Optionally, in the key generation apparatus, the processing module 620 selects M bytes of the identity and N bytes of the extended master session key, and generates the secure key K after performing logical concatenationausfThe method comprises the following steps:
if the total number of the bytes of the identity identification is less than M bytes, combining the identity identification and 0 character to form M bytes;
logically splicing M bytes comprising an identity and 0 characters with N bytes in the extended master session key to generate the security key Kausf
Optionally, the key generating apparatus, wherein the performing identity authentication between the first authentication end and the second authentication end includes:
receiving first authentication information which is sent by a second authentication end and comprises a first handshake message;
responding to the first authentication information, and sending second authentication information comprising a second handshake message to the second authentication terminal; wherein, the second handshake message includes identity information of the first authentication end;
receiving third authentication information sent by a second authentication end according to the second authentication information; and the third authentication information comprises identity information of a second authentication end.
Optionally, the key generation apparatus, wherein the first handshake message further includes a first random number, and the second handshake message further includes a second random number;
wherein, after receiving the first authentication information, the processing module 620 is further configured to:
generating a master key according to the first authentication information;
and generating the expanded master session key according to the first random number, the second random number and the master key.
Optionally, the key generation apparatus may further include a second authentication end, where the second authentication end is a second authentication end, and the second authentication end is a third authentication end.
In another aspect, an embodiment of the present invention further provides an authentication device, optionally, the authentication device is a first authentication end, as shown in fig. 7, and includes: a processor 701; and a memory 703 connected to the processor 701 through a bus interface 702, where the memory 703 is used to store programs and data used by the processor 701 in executing operations, and the processor 701 calls and executes the programs and data stored in the memory 703.
The transceiver 704 is connected to the bus interface 702, and is configured to receive and transmit data under the control of the processor 701, and specifically, the processor 701 is configured to read a program in the memory 703 and execute the following processes:
optionally, the authentication device, wherein the identity includes an identity of a first authentication end and/or an identity of a second authentication end.
Optionally, the authentication apparatus, wherein the processor 701 generates a security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
a first security key K generated according to the identity of the first authentication end and the expanded main session keyausf
A second security key K generated according to the identity of the second authentication end and the expanded main session keyausf
Generating a third security key K according to the identity of the first authentication end, the identity of the second authentication end and the extended master session keyausf
Optionally, in the authentication device, the processor 701 generates a security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
selecting M bytes of identity identification and N bytes of the extended main session key, and generating the security key K after logical splicingausf
Optionally, in the authentication device, the processor 701 selects M bytes of the identity identifier and N bytes of the extended master session key, and generates the secure key K after performing logical concatenation on the M bytes of the identity identifier and the N bytes of the extended master session keyausfThe method comprises the following steps:
if the total number of the bytes of the identity identification is less than M bytes, combining the identity identification and 0 character to form M bytes;
logically splicing M bytes comprising identity identification and 0 character with N bytes in the extended master session key to generate the security key Kausf
Optionally, the authenticating device, where the first authenticating end and the second authenticating end perform identity authentication, includes:
receiving first authentication information which is sent by a second authentication end and comprises a first handshake message;
responding to the first authentication information, and sending second authentication information comprising a second handshake message to the second authentication terminal; the second handshake message comprises identity information of a first authentication end;
receiving third authentication information sent by a second authentication end according to the second authentication information; and the third authentication information comprises identity information of the second authentication end.
Optionally, the authentication device, wherein the first handshake message further includes a first random number, and the second handshake message further includes a second random number;
wherein, after receiving the first authentication information, the processor 701 is further configured to:
generating a master key according to the first authentication information;
and generating the expanded master session key according to the first random number, the second random number and the master key.
Optionally, in the authentication device, the first authentication end is one of a client and a server, and the second authentication end is the other of the client and the server.
Where in fig. 7 the bus architecture may include any number of interconnected buses and bridges, in particular one or more processors represented by processor 701 and various circuits of memory represented by memory 703 are linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 704 may be a plurality of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The processor 701 is responsible for managing the bus architecture and general processing, and the memory 703 may store data used by the processor 701 in performing operations.
Those skilled in the art will understand that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program includes instructions for executing all or part of the steps of the above methods; and the program may be stored in a readable storage medium, which may be any form of storage medium.
In addition, the specific embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the program, when executed by a processor, implements the steps in the key generation method as described in any one of the above.
In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be physically included alone, or two or more units may be integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to perform some steps of the transceiving method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
While the preferred embodiments of the present invention have been described, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.

Claims (12)

1. A key generation method is applied to a first authentication end, and is characterized by comprising the following steps:
after identity authentication is carried out with a second authentication end, an identity identifier in the authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end are obtained;
generating a security key K according to the identity and the extended master session keyausf
2. The key generation method according to claim 1, wherein the identity includes an identity of a first authenticator and/or an identity of the second authenticator.
3. The key generation method of claim 2, wherein generating the security key K according to the identity and the extended master session keyausfThe method comprises the following steps:
a first security key K generated according to the identity of the first authentication end and the expanded main session keyausf
A second security key K generated according to the identity of the second authentication end and the expanded main session keyausf
Generating a third security key K according to the identity of the first authentication end, the identity of the second authentication end and the extended master session keyausf
4. The key generation method of claim 1, wherein a security key K is generated based on the identity and the extended master session keyausfThe method comprises the following steps:
selecting M bytes of identity identification and N bytes of the expanded main session key, and generating the security key K after logical splicingausf
5. The key generation method of claim 4, wherein M bytes of the identity and N bytes of the extended master session key are selected and logically spliced to generate the security key KausfThe method comprises the following steps:
if the total number of the bytes of the identity identification is less than M bytes, combining the identity identification and 0 character to form M bytes;
logically splicing M bytes comprising identity identification and 0 character with N bytes in the extended master session key to generate the security key Kausf
6. The method of claim 1, wherein the authenticating the first authenticator with the second authenticator comprises:
receiving first authentication information including a first handshake message sent by a second authentication terminal;
responding to the first authentication information, and sending second authentication information comprising a second handshake message to the second authentication terminal; wherein, the second handshake message includes identity information of the first authentication end;
receiving third authentication information sent by a second authentication end according to the second authentication information; and the third authentication information comprises identity information of the second authentication end.
7. The key generation method of claim 6, wherein the first handshake message further includes a first random number, and the second handshake message further includes a second random number;
wherein after receiving the first authentication information, the method further comprises:
generating a master key according to the first authentication information;
and generating the expanded master session key according to the first random number, the second random number and the master key.
8. The method of claim 1, wherein the first authenticator is one of a client and a server, and the second authenticator is the other of the client and the server.
9. An authentication side device, the authentication side device being a first authentication side, comprising a transceiver and a processor, wherein:
the transceiver is used for acquiring an identity identifier in an authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end after performing identity authentication with the second authentication end;
the processor is used for generating a security key K according to the identity and the expansion master session keyausf
10. A key generation apparatus applied to a first authenticator, the apparatus comprising:
the information acquisition module is used for acquiring an identity identifier in the authentication process and an expanded master session key authenticated between the first authentication end and the second authentication end after the identity authentication is carried out with the second authentication end;
a processing module for generating a security key K according to the ID and the extended master session keyausf
11. An authentication device, comprising: a processor, a memory and a program stored on the memory and executable on the processor, the program, when executed by the processor, implementing a key generation method as claimed in any one of claims 1 to 8.
12. A readable storage medium, characterized in that the readable storage medium has stored thereon a program which, when executed by a processor, carries out the steps of the key generation method according to any one of claims 1 to 8.
CN202110005428.5A 2021-01-05 2021-01-05 Key generation method and device and authentication end equipment Pending CN114785486A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110005428.5A CN114785486A (en) 2021-01-05 2021-01-05 Key generation method and device and authentication end equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110005428.5A CN114785486A (en) 2021-01-05 2021-01-05 Key generation method and device and authentication end equipment

Publications (1)

Publication Number Publication Date
CN114785486A true CN114785486A (en) 2022-07-22

Family

ID=82407631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110005428.5A Pending CN114785486A (en) 2021-01-05 2021-01-05 Key generation method and device and authentication end equipment

Country Status (1)

Country Link
CN (1) CN114785486A (en)

Similar Documents

Publication Publication Date Title
CN108111301B (en) Method and system for realizing SSH protocol based on post-quantum key exchange
CN111416807B (en) Data acquisition method, device and storage medium
CN110380852B (en) Bidirectional authentication method and communication system
US11533297B2 (en) Secure communication channel with token renewal mechanism
US11044082B2 (en) Authenticating secure channel establishment messages based on shared-secret
CN113630248B (en) Session key negotiation method
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN113612610B (en) Session key negotiation method
CN112383395B (en) Key negotiation method and device
JP2022500920A (en) Systems and methods for sharing common secrets implemented by computers
CN110690969A (en) Method and system for completing bidirectional SSL/TLS authentication in cooperation of multiple parties
US20240113885A1 (en) Hub-based token generation and endpoint selection for secure channel establishment
CN116132043B (en) Session key negotiation method, device and equipment
CN116318654A (en) SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution
CN113839786B (en) Key distribution method and system based on SM9 key algorithm
CN113422753B (en) Data processing method, device, electronic equipment and computer storage medium
CN113676330B (en) Digital certificate application system and method based on secondary secret key
JP2005175992A (en) Certificate distribution system and certificate distribution method
CN115766119A (en) Communication method, communication apparatus, communication system, and storage medium
US20210111906A1 (en) Pseudonym credential configuration method and apparatus
CN114386020A (en) Quick secondary identity authentication method and system based on quantum security
CN113986464A (en) Method and system for safely migrating virtual machine
CN114285557A (en) Communication encryption method, system and device
CN114785486A (en) Key generation method and device and authentication end equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination