CN114884659B - Key agreement method, gateway, terminal device and storage medium - Google Patents

Key agreement method, gateway, terminal device and storage medium Download PDF

Info

Publication number
CN114884659B
CN114884659B CN202210796885.5A CN202210796885A CN114884659B CN 114884659 B CN114884659 B CN 114884659B CN 202210796885 A CN202210796885 A CN 202210796885A CN 114884659 B CN114884659 B CN 114884659B
Authority
CN
China
Prior art keywords
random number
key
gateway
key agreement
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210796885.5A
Other languages
Chinese (zh)
Other versions
CN114884659A (en
Inventor
任泳瑜
杨峰
李超伟
袁艳芳
张磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Original Assignee
Beijing Smartchip Microelectronics Technology Co Ltd
Beijing Smartchip Semiconductor Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Smartchip Microelectronics Technology Co Ltd, Beijing Smartchip Semiconductor Technology Co Ltd filed Critical Beijing Smartchip Microelectronics Technology Co Ltd
Priority to CN202210796885.5A priority Critical patent/CN114884659B/en
Publication of CN114884659A publication Critical patent/CN114884659A/en
Application granted granted Critical
Publication of CN114884659B publication Critical patent/CN114884659B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a key agreement method, a gateway, a terminal device and a storage medium, wherein the key agreement method comprises the following steps: after receiving a session application message sent by a terminal device, a gateway generates a first random number, encrypts and signs the first random number to obtain a key negotiation request message and sends the key negotiation request message to the terminal device, the terminal device verifies and decrypts the request message and then responds to the request message to send a key negotiation response message to the gateway, the gateway generates a session key after verifying and decrypting the response message, encrypts a third random number in the response message by using the session key to generate a key negotiation confirmation message and sends the key negotiation confirmation message to the terminal device, and the terminal device decrypts the generated session key by using the generated session key to obtain the third random number and verifies the third random number, and completes negotiation after the verification is passed. Therefore, the session key can be negotiated randomly in the communication between the terminal equipment and the gateway, so that the communication process is safer, the user privacy data are better protected, and the safety of the Internet of things is further improved.

Description

Key agreement method, gateway, terminal device and storage medium
Technical Field
The present invention relates to the field of data communication technologies, and in particular, to a key agreement method, a gateway, a terminal device, and a storage medium.
Background
The electric power internet of things receives wide attention due to the huge application prospect. However, due to the characteristics of a network structure, a terminal device, a communication mode, an application scenario, and the like, some security and privacy problems specific to the power internet of things cannot be solved directly by the existing internet security technology means at present, and therefore, it is necessary to deeply research the key security and privacy protection technologies of the power internet of things.
At present, in the related technology of internet of things communication, a public key is generally only adopted to encrypt data, and then a private key of equipment is utilized to decrypt the data, namely, a decryption mode is utilized to perform key agreement.
However, the key agreement method has a low safety factor, and if a private key of one party is illegally obtained, a session key obtained by the key agreement is also obtained, so that two or more parties of communication cannot safely perform normal communication, and even risk of stealing private data can be faced.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, an object of the present invention is to provide a key negotiation method, which can negotiate a session key randomly in communication between a terminal device and a gateway, so as to make the communication process safer, better protect user privacy data, and further improve the security of the internet of things.
A second object of the invention is to propose another key agreement method.
A third object of the invention is to propose a gateway.
A fourth object of the present invention is to provide a terminal device.
A fifth object of the present invention is to propose a computer-readable storage medium.
In order to achieve the above object, an embodiment of a first aspect of the present invention provides a key agreement method, applied to a gateway, where the method includes: after receiving a session application message sent by a terminal device, generating a first random number; carrying out encryption signature on the first random number to obtain a key negotiation request message, and sending the key negotiation request message to the terminal equipment, so that the terminal equipment responds when obtaining the first random number after verifying the signature and decrypting the key negotiation request message; after receiving a key negotiation response message sent by the terminal equipment, performing signature verification and decryption on the key negotiation response message, and after passing verification according to the first random number, generating a first session key according to the first random number and a second random number in the key negotiation response message; and encrypting a third random number in the key negotiation response message according to the first session key, and sending the generated key negotiation confirmation message to the terminal equipment, so that the terminal equipment decrypts the key negotiation confirmation message according to a second session key to obtain the third random number, and completes negotiation after verification is passed according to the third random number, wherein the second session key is generated by the terminal equipment according to the first random number and the second random number.
In the key agreement method of the embodiment of the invention, after a gateway receives a session application message sent by a terminal device, the gateway generates a first random number, the first random number is sent to the terminal device as a key agreement request message after being encrypted and signed, the terminal device responds to the key agreement request message after checking and decrypting the signature and sends a key agreement response message to the gateway, the gateway generates a first session key after checking and decrypting the key agreement response message, encrypts a third random number in the key agreement response message to generate a key agreement confirmation message and sends the key agreement confirmation message to the terminal device, and the terminal device verifies the third random number after decrypting by using a second session key generated by the terminal device and completes the agreement after passing the verification. Therefore, the key negotiation method provided by the embodiment of the invention can randomly negotiate the session key in the communication between the terminal equipment and the gateway, so that the communication process is safer, the user privacy data is better protected, and the safety of the Internet of things is further improved.
In some embodiments of the present invention, the session application packet includes public key information of the terminal device, where performing an encryption signature on the first random number to obtain a key agreement request packet includes: encrypting the first random number according to the public key information of the terminal equipment to obtain a first encryption result, signing the first encryption result according to the private key information of the gateway to obtain a first signature result, and generating the key negotiation request message according to the first encryption result and the first signature result.
In some embodiments of the present invention, the performing signature verification and decryption on the key agreement response packet includes: and checking the signature of the key negotiation response message according to the public key information of the terminal equipment to obtain a first signature checking result, and decrypting the first signature checking result according to the private key information of the gateway to obtain the first random number, the second random number and the third random number.
In some embodiments of the invention, verifying based on the first random number comprises: and comparing the first random number generated by the user with the first random number obtained by decryption, and confirming that the verification is passed when the first random number and the second random number are consistent.
In some embodiments of the present invention, after encrypting the third random number in the key agreement response message according to the first session key, the method further comprises: signing the encryption result of the third random number according to the private key information of the gateway to obtain a second signature result; and generating the key negotiation confirmation message according to the encryption result of the third random number and the second signature result.
In some embodiments of the present invention, lengths of the first random number, the second random number, and the third random number are determined according to an encryption level.
In order to achieve the above object, a second aspect of the present invention provides another key agreement method, applied to a terminal device, where the method includes: sending a session application message to a gateway so that the gateway generates a first random number after receiving the session application message and encrypts and signs the first random number to obtain a key negotiation request message;
after receiving the key agreement request message sent by the gateway, performing signature verification and decryption on the key agreement request message to obtain the first random number, generating a second random number and a third random number, and performing encryption signature on the first random number, the second random number and the third random number to generate a key agreement response message;
sending a key negotiation response message to the gateway, generating a second session key according to the first random number and the second random number, generating a first session key by the gateway after the first random number in the key negotiation response message passes verification, and encrypting and confirming a third random number in the key negotiation response message according to the first session key;
and after receiving a key negotiation confirmation message sent by the gateway, decrypting the key negotiation confirmation message according to the second session key to obtain the third random number, and completing negotiation after verification passes according to the third random number.
After sending a session application message to a gateway, the gateway generates a first random number after receiving the session application message, and sends the first random number as a key negotiation request message to a terminal device after performing encryption signature on the first random number, the terminal device responds to the key negotiation request message after performing signature verification and decryption on the key negotiation request message, and sends a key negotiation response message to the gateway, the gateway generates a first session key after performing signature verification and decryption on the key negotiation response message, encrypts a third random number in the key negotiation response message to generate a key negotiation confirmation message, and sends the key negotiation confirmation message to the terminal device, and the terminal device verifies the third random number after decrypting by using a second session key generated by the terminal device, and completes negotiation after passing verification. Therefore, the key negotiation method provided by the embodiment of the invention can randomly negotiate the session key in the communication between the terminal equipment and the gateway, so that the communication process is safer, the user privacy data is better protected, and the safety of the Internet of things is further improved.
In some embodiments of the present invention, the performing signature verification and decryption on the key agreement request packet includes: and checking the signature of the key negotiation request message according to the public key information of the gateway to obtain a second signature checking result, and decrypting the second signature checking result according to the private key information of the terminal equipment to obtain the first random number.
In some embodiments of the present invention, generating a key agreement response message by performing cryptographic signature on the first random number, the second random number, and the third random number includes: encrypting the first random number, the second random number and the third random number according to the public key information of the gateway to obtain a second encryption result, signing the second encryption result according to the private key information of the terminal equipment to obtain a third signature result, and generating the key negotiation response message according to the second encryption result and the third signature result.
In some embodiments of the present invention, before decrypting the key agreement confirmation message according to the second session key, the method further includes: and checking the signature of the key negotiation confirmation message according to the public key information of the gateway to obtain a third signature checking result.
In some embodiments of the present invention, decrypting the key agreement confirmation packet according to the second session key to obtain the third random number includes: and decrypting the third signature verification result according to the second session key to obtain the third random number.
In some embodiments of the invention, verifying based on the third random number comprises: and comparing the third random number generated by the third random number generator with the third random number obtained by decryption, and confirming that the verification is passed when the third random number is consistent with the third random number.
In some embodiments of the present invention, lengths of the first random number, the second random number, and the third random number are determined according to an encryption level.
In order to achieve the above object, an embodiment of a third aspect of the present invention provides a gateway, which includes a memory, a processor, and a key agreement program that is stored in the memory and is executable on the processor, where when the processor executes the key agreement program, the gateway implements a key agreement method described in the above embodiment.
The gateway comprises the memory and the processor, the processor executes the key negotiation program stored in the memory, and the session key can be randomly negotiated in the communication between the terminal equipment and the gateway, so that the communication process is safer, the private data of the user are better protected, and the safety of the Internet of things is further improved.
In order to achieve the foregoing object, a fourth aspect of the present invention provides a terminal device, which includes a memory, a processor, and a key agreement program that is stored in the memory and is executable on the processor, where when the processor executes the key agreement program, the processor implements another key agreement method according to the foregoing embodiments.
The terminal equipment of the embodiment of the invention comprises a memory and a processor, wherein the processor executes a key negotiation program stored on the memory, and can randomly negotiate a session key in the communication between the terminal equipment and the gateway, so that the communication process is safer, the private data of a user is better protected, and the safety of the Internet of things is further improved.
To achieve the above object, a fifth embodiment of the present invention provides a computer-readable storage medium, on which a key agreement program is stored, where the key agreement program, when executed by a processor, implements the key agreement method according to the above embodiments.
The computer-readable storage medium of the embodiment of the invention can randomly negotiate the session key in the communication between the terminal device and the gateway by executing the key negotiation program stored in the processor, so that the communication process is safer, the user privacy data are better protected, and the safety of the internet of things is further improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a flow diagram of a key agreement method according to one embodiment of the invention;
FIG. 2 is a schematic diagram of terminal device and gateway interaction according to an embodiment of the present invention;
FIG. 3 is a flowchart of a key agreement method according to another embodiment of the present invention;
FIG. 4 is a block diagram of a gateway architecture according to an embodiment of the present invention;
fig. 5 is a block diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
A key agreement method, a gateway, a terminal device, and a storage medium according to an embodiment of the present invention are described below with reference to the drawings.
Fig. 1 is a flowchart of a key agreement method according to one embodiment of the present invention.
As shown in fig. 1, the present invention provides a key agreement method, and it should be noted that, the key agreement method in the embodiment of the present invention is applied to negotiation before a session between a gateway and a terminal device, and the key agreement method is described for a gateway side, and the method includes the following steps:
s10, after receiving a session application message sent by the terminal equipment, generating a first random number.
Specifically, before a terminal device and a gateway perform a session, a session key needs to be negotiated to ensure security of the session, before the session, the terminal device may send a session application message to the gateway, and after receiving the session application message, the gateway may determine that the corresponding terminal device needs to perform a session with the gateway, where the session application message may include identity information of the terminal device, such as a User Identification (UID), and then the gateway may determine the terminal device that currently sends the session application message. It will be appreciated that the end device UID may enable the gateway to accurately determine to a particular end device, rather than a class of end devices.
After receiving the session application message, the gateway generates a first random number, where the first random number may be a random number of a fixed length generated by the gateway according to a random algorithm, and the first random number is a material for subsequently generating a session key. Optionally, the length of the first random number may be 16 bytes, and it should be noted that, after receiving the session application packet sent by the terminal device each time, the gateway regenerates the first random number according to a random algorithm, that is, there is no association between the first random number generated by the gateway each time and the first random number generated before, and all the generated first random numbers are different.
S20, the first random number is encrypted and signed to obtain a key negotiation request message, and the key negotiation request message is sent to the terminal equipment, so that the terminal equipment responds when obtaining the first random number after signing and decrypting the key negotiation request message.
Specifically, after the gateway generates the first random number, the gateway may perform an encryption signature on the first random number to obtain a key agreement request message, that is, after receiving a session application message sent by the terminal device, the gateway needs to generate a corresponding key agreement request message for replying, and a specific generation manner of the key agreement request message is determined according to the first random number generated by the gateway itself.
In some embodiments of the present invention, the session application packet includes public key information of the terminal device, where the encrypting and signing the first random number to obtain the key agreement request packet includes: the first random number is encrypted according to the public key information of the terminal equipment to obtain a first encryption result, the first encryption result is signed according to the private key information of the gateway to obtain a first signature result, and a key negotiation request message is generated according to the first encryption result and the first signature result.
Specifically, the session application message sent by the terminal device to the gateway includes public key information of the terminal device, and it can be understood that when the terminal device determines that a session is to be performed with a certain gateway, the public key information of the terminal device can be shared with the gateway, so that a subsequent encryption and decryption procedure can be performed smoothly. In this embodiment, the terminal device includes its public key information in the session application message, after receiving the session application message, the gateway may encrypt the first random number with the public key information of the terminal device to obtain a first encryption result after generating the first random number, where the first encryption result may be represented by Enc (R1, ECC _ keyair terminal device), where R1 represents the first random number, and the ECC _ keyair terminal device represents an asymmetric key pair of the terminal device, where the ECC _ keyair terminal device represents the public key information of the terminal device.
After the first random number is encrypted by using the public key information of the terminal equipment to obtain a first encryption result Enc (R1, ECC _ KEYPAIR terminal equipment), the first encryption result Enc (R1, ECC _ KEYPAIR terminal equipment) is also signed by using the private key information stored by the gateway itself to obtain a first signature result, and the first signature result can be signed by using Sign (Enc (R1, ECC _ KEYPAIR terminal equipment) and ECC _ KEYPAIR gateway), wherein the ECC _ KEYPAIR gateway represents an asymmetric key pair of the gateway, and here represents the private key information of the gateway.
After the first signature result and the first encryption result are obtained, a key agreement request message generated according to the first encryption result and the first signature result may further specifically add a byte length of the first encryption result and a byte length of the first signature result to generate a key agreement request message, where the key agreement request message may specifically be represented as LEN _ M (2B) | Enc (R1, ECC _ keyair terminal device) | LEN _ SIGN (2B) | SIGN (Enc (R1, ECC _ keyair terminal device), ECC _ keyair gateway), where LEN _ M (2B) represents a byte length of the first encryption result Enc (air 1, ECC _ keyair terminal device), and LEN _ SIGN (2B) represents a byte length of the first signature result SIGN (Enc (R1, ECC _ keyair terminal device).
The gateway sends the key negotiation request message to the terminal equipment after carrying out encryption signature by using the public key information of the terminal equipment and the private key information of the gateway, and the terminal equipment responds after receiving the key negotiation request message and sends a key negotiation response message to the gateway.
And S30, after receiving the key negotiation response message sent by the terminal equipment, carrying out signature verification and decryption on the key negotiation response message, carrying out verification according to the first random number, and then generating a first session key according to the first random number and a second random number in the key negotiation response message.
Specifically, first, after receiving a key agreement request message sent by a gateway, a terminal device may perform signature verification and decryption on the key agreement request message to obtain a first random number, and then the terminal device may generate a second random number and a third random number, perform encryption and signature according to the first random number, the second random number, and the third random number to obtain a key agreement response message, and send the key agreement response message to the gateway.
More specifically, after the terminal device performs signature verification and decryption to obtain a first random number and generates a second random number and a third random number, the three random numbers may be encrypted by using public key information of the gateway to obtain an encryption result. After the first random number, the second random number and the third random number are encrypted to obtain an encryption result, the terminal device can also sign the encryption result by using the private key information of the terminal device to obtain a signature result. The terminal device further generates a key agreement response message according to the encryption result and the signature result, where the key agreement response message may be represented as LEN _ M (2B) | Enc (R1 | R2| R3, ECC _ keyair gateway) | LEN _ SIGN (2B) | SIGN (Enc (R1 | R2| R3, ECC _ keyair gateway), ECC _ keyair terminal device), where LEN _ M (2B) represents a byte length of the encryption result Enc (R1 | R2| R3, ECC _ keyair gateway), LEN _ SIGN (2B) represents a byte length of the signature result SIGN (Enc (R1 | R2| R3, ECC _ keyair gateway), ECC _ keyair terminal device), R1 represents a first random number, R2 represents a second random number, R3 represents a third random number, ECC _ keyair gateway represents a private key of the ECC _ keyair gateway, and the public key information of the terminal device represents the asymmetric key pair of the ECC keyair terminal device, and the public key information of the ECC _ keyair terminal device represents the asymmetric key pair.
After receiving a key negotiation response message LEN _ M (2B) | Enc (R1 | R2| R3, ECC _ keyair gateway) | LEN _ SIGN (2B) | SIGN (Enc (R1 | R2| R3, ECC _ keyair gateway), ECC _ keyair terminal device) sent by the terminal device, the gateway may perform signature verification and decryption on the key negotiation response message to obtain a first random number R1, a second random number R2, and a third random number R3, then perform verification on the first random number R1, and generate a first session key according to the first random number R1 and the second random number R2 after the verification is passed. Since the first random number and the second random number generated by the terminal device and the gateway are both the same in each key negotiation process, the first session key generated according to the first random number and the second random number is also changed, i.e. the session key generated at each negotiation is different.
In this embodiment, the signature verification and decryption of the key agreement response message includes: and verifying the signature of the key negotiation response message according to the public key information of the terminal equipment to obtain a first signature verification result, and decrypting the first signature verification result according to the private key information of the gateway to obtain a first random number, a second random number and a third random number.
Specifically, after receiving the key agreement response message sent by the terminal device, the gateway may first check the key agreement response message LEN _ M (2B) | Enc (R1 | R2| R3, ECC _ keyair gateway) | LEN _ SIGN (2B) | SIGN (Enc (R1 | R2| R3, ECC _ keyair gateway), ECC _ keyair terminal device) by using public key information of the terminal device to obtain a first check result, which may be represented as Enc (R1 | R2| R3, ECC _ keyair gateway), and then decrypt the first check result by using private key information of the gateway to obtain a first random number R1, a second random number R2, and a third random number R3, and then verify the first random number R1.
In some embodiments, verifying based on the first random number comprises: and comparing the first random number generated by the user with the first random number obtained by decryption, and confirming that the verification is passed when the first random number and the second random number are consistent.
Specifically, after the gateway receives a session application message sent by the terminal device, the gateway itself generates a first random number, obtains the first random number after performing signature verification and decryption on a key agreement response message sent by the terminal device, compares the two random numbers, and passes the verification when the two random numbers are consistent, thereby indicating that the current terminal device is the terminal device which sent the session application message to the gateway before, and can perform the next procedure when the verification passes.
S40, encrypting a third random number in the key negotiation response message according to the first session key, and sending the generated key negotiation confirmation message to the terminal equipment, so that the terminal equipment decrypts the key negotiation confirmation message according to a second session key to obtain the third random number, and completes negotiation after verification passes according to the third random number, wherein the second session key is generated by the terminal equipment according to the first random number and the second random number.
Specifically, after generating the first session key according to the first random number and the second random number, the gateway encrypts the third random number using the first session key, and more specifically, for example, if the first session key is SK, the gateway encrypts the second random number using the first session key SK to obtain the encryption result Enc (R3, SK). It should be noted that, in some specific embodiments, the generation manner of the first session key SK may include a first random number, a second random number, and a special code, where the special code is possessed by both the gateway and the terminal device, where the special code includes an uplink special code and a downlink special code, and the uplink special code and the downlink special code may be different or the same, where the uplink special code may be used by the gateway to send a message or the terminal device to receive a message, and the downlink special code may be used by the gateway to receive a message or the terminal device to send a message, and certainly, functions of the uplink special code and the downlink special code may also be interchanged, that is, the downlink special code may be used by the gateway to send a message or the terminal device to receive a message, and the uplink special code may be used by the gateway to receive a message or the terminal device to send a message.
That is to say, the value of the first session key may be represented by (R1 | R2| special code), and specifically, the SM3 hash algorithm may be used to calculate the first random number, the second random number, and the uplink special code or the downlink special code in the special code, and since the calculated value of the SM3 hash algorithm is 32 bytes, the data length of the first 16 bytes therein may be used as the first session key in this embodiment, so as to increase the speed of subsequent encryption and decryption.
After the first session key SK encrypts the third random number to obtain an encryption result Enc (R3, SK), the gateway further SIGNs the encryption result Enc (R3, SK) by using its own private key information to obtain a signature result Sign (Enc (R3, SK), ECC _ keykey gateway), and then generates a key agreement confirmation message according to the encryption result and the signature result, and sends the key agreement confirmation message to the terminal device, where the key agreement confirmation message may be represented as LEN _ M (2B) | Enc (R3, SK) | LEN _ Sign (2B) | Sign (Enc (R3, SK), ECC _ keykey gateway. The ECC _ keykey gateway represents private key information of the gateway, and the first session key SK may encrypt the third random number in an ECB (Electronic Codebook) encryption manner.
After receiving the key negotiation confirmation message LEN _ M (2B) | Enc (R3, SK) | LEN _ SIGN (2B) | SIGN (Enc (R3, SK), ECC _ keystar gateway, the terminal device performs signature verification by using public key information of the gateway to obtain a signature verification result Enc (R3, SK), and then decrypts the signature verification result by using the second session key to obtain the third random number R3. It should be noted that, in this embodiment, the second session key is generated by the terminal device according to the first random number and the second random number, where after the terminal device sends the key agreement response message to the gateway, before receiving the key agreement confirmation message sent by the gateway, the terminal device may first generate the second session key according to the first random number and the second random number. Then, after receiving the key agreement confirmation message, the terminal device may decrypt the key agreement confirmation message according to the second session key to obtain the third random number therein.
After the terminal device decrypts the third random number, the third random number may be compared with a third random number generated by the terminal device itself, and if the third random number is consistent with the third random number, the verification is passed, and at this time, the key agreement is already completed.
In some embodiments of the present invention, the lengths of the first random number, the second random number, and the third random number may be limited to 16 bytes, and of course, may be other byte lengths, and may be specifically determined according to the encryption level. For example, the higher the encryption level, the longer the length of the random number, and the lower the encryption level, the shorter the length of the random number. Of course, it is not excluded that the encryption level is inversely related to the random number length, i.e. the higher the encryption level, the shorter the length of the random number, and the lower the encryption level, the longer the length of the random number.
It should be noted that, when calculating the session key, the gateway or the terminal device in this embodiment additionally calculates an initial IV value, where the initial IV value is another initial random number vector. More specifically, after the terminal device verifies and decrypts to obtain the first random number, in addition to generating the second random number and the third random number, another fourth random number may be generated, where the fourth random number is generated by the terminal device in the process of generating the second session key, but the fourth random number and the initial IV value may not be used in the key negotiation process between the terminal device and the gateway, so the present application is not limited thereto.
It should be noted that, in this embodiment, the generation and reception, decryption and encryption, signature and signature verification related to the message by the terminal device may be performed in a security chip in the terminal device, so that the whole negotiation process is more secure and reliable.
The following describes the embodiment in detail with reference to fig. 2, wherein, in the first step, the terminal device may send a session application message including the terminal device UID and the terminal device certificate to the gateway, and the gateway generates a first random number after receiving the session application message, and generates a key agreement request message LEN _ M (2B) | Enc (R1, ECC _ keyair terminal device) | LEN _ SIGN (2B) | SIGN (Enc (R1, ECC _ keyair terminal device), ECC _ keyair gateway). And secondly, after receiving the key agreement request message, the terminal equipment performs signature verification and decryption to obtain a first random number, then generates a second random number, a third random number and a fourth random number, generates a key agreement response message LEN _ M (2B) | Enc (R1 | R2| R3| R4, ECC _ KEYPAIR gateway) | LEN _ SIGN (2B) | SIGN (Enc (R1 | R2| R3| R4, ECC _ KEYPAIR gateway), ECC _ KEYPAIR terminal equipment) and sends the key agreement response message to the gateway, and then generates a second session key by using the first random number, the second random number and the downlink special code. And thirdly, after receiving the key negotiation response message, the gateway performs signature verification and decryption to obtain a first random number, a second random number, a third random number and a fourth random number, generates a first session key by using the first random number, the second random number and a downlink special code after the first random number passes verification, encrypts the third random number by using the first session key, and SIGNs an encryption result by using a gateway public key to obtain a key negotiation confirmation message LEN _ M (2B) | Enc (R3, SK) | LEN _ SIGN (2B) | SIGN (Enc (R3, SK), ECC _ KEYPAIR gateway), and sends the key negotiation confirmation message LEN _ M (2B) | Enc (R3, SK), ECC _ KEYPAIR gateway to the terminal equipment. And fourthly, the terminal equipment checks the signature and decrypts after receiving the key negotiation confirmation message to obtain a third random number, and completes negotiation with the gateway after the third random number passes verification.
To sum up, the key agreement method of the embodiment of the present invention utilizes an SM2 algorithm (i.e., ECC _ keykey algorithm) and an SM3 algorithm, and combines with the random numbers generated by the gateway and the terminal device to perform encryption, signature, and other manners, so as to securely and randomly negotiate a session key in the communication between the terminal device and the gateway, so that the communication between the single device and the gateway is safer, thereby better protecting the private data of the user, and further improving the security of the internet of things.
Fig. 3 is a flowchart of a key agreement method according to another embodiment of the present invention.
Further, the present invention provides another key agreement method, which is applied to a terminal device, and comprises the following steps: s100, sending a session application message to the gateway so that the gateway generates a first random number after receiving the session application message and encrypts and signs the first random number to obtain a key negotiation request message. S200, after receiving the key negotiation request message sent by the gateway, performing signature verification and decryption on the key negotiation request message to obtain a first random number, generating a second random number and a third random number, and performing encryption and signature on the first random number, the second random number and the third random number to generate a key negotiation response message. S300, sending a key negotiation response message to the gateway, generating a second session key according to the first random number and the second random number, generating the first session key by the gateway after the first random number in the key negotiation response message passes verification, and encrypting and confirming a third random number in the key negotiation response message according to the first session key. S400, after receiving the key agreement confirmation message sent by the gateway, decrypting the key agreement confirmation message according to the second session key to obtain a third random number, and completing the agreement after passing verification according to the third random number.
In some embodiments of the present invention, the performing signature verification and decryption on the key agreement request message includes: and verifying the signature of the key negotiation request message according to the public key information of the gateway to obtain a second signature verification result, and decrypting the second signature verification result according to the private key information of the terminal equipment to obtain a first random number.
In some embodiments of the present invention, generating a key agreement response message by performing cryptographic signature on the first random number, the second random number, and the third random number includes: encrypting the first random number, the second random number and the third random number according to the public key information of the gateway to obtain a second encryption result, signing the second encryption result according to the private key information of the terminal equipment to obtain a third signature result, and generating a key negotiation response message according to the second encryption result and the third signature result.
In some embodiments of the present invention, before decrypting the key agreement confirmation message according to the second session key, the method further includes: and checking the signature of the key negotiation confirmation message according to the public key information of the gateway to obtain a third signature checking result.
In some embodiments of the present invention, decrypting the key agreement confirmation message according to the second session key to obtain the third random number includes: and decrypting the third signature verification result according to the second session key to obtain a third random number.
In some embodiments of the invention, verifying based on the third random number comprises: and comparing the third random number generated by the user with the third random number obtained by decryption, and confirming that the verification is passed when the third random number and the third random number are consistent.
In some embodiments of the present invention, the lengths of the first random number, the second random number, and the third random number are determined according to an encryption level.
It should be noted that, the key agreement method according to the embodiment of the present invention is applied to the terminal device, and the specific implementation manner of the key agreement method may be described in the foregoing embodiment, which is applied to the gateway, and is not described herein again.
In summary, the key negotiation method in the embodiment of the present invention can randomly negotiate a session key in the communication between the terminal device and the gateway, so that the communication process is safer, the user privacy data is better protected, and the security of the internet of things is further improved.
Fig. 4 is a block diagram of a gateway architecture according to an embodiment of the present invention.
Further, as shown in fig. 4, the present invention provides a gateway 100, where the gateway 100 includes a memory 101, a processor 102, and a key agreement program stored in the memory 101 and capable of running on the processor 102, and when the processor 102 executes the key agreement program, the key agreement method according to the foregoing embodiments is implemented.
The gateway comprises the memory and the processor, the processor executes the key negotiation program stored in the memory, and the session key can be randomly negotiated in the communication between the terminal equipment and the gateway, so that the communication process is safer, the private data of the user are better protected, and the safety of the Internet of things is further improved.
Fig. 5 is a block diagram of a terminal device according to an embodiment of the present invention.
Further, as shown in fig. 5, the present invention provides a terminal device 200, where the terminal device 200 includes a memory 201, a processor 202, and a key agreement program stored in the memory 201 and capable of running on the processor 202, and when the processor 202 executes the key agreement program, the key agreement method according to the foregoing embodiment is implemented.
The terminal equipment of the embodiment of the invention comprises a memory and a processor, wherein the processor executes a key negotiation program stored on the memory, and can randomly negotiate a session key in the communication between the terminal equipment and the gateway, so that the communication process is safer, the private data of a user is better protected, and the safety of the Internet of things is further improved.
Further, the present invention proposes a computer-readable storage medium having stored thereon a key agreement program which, when executed by a processor, implements the key agreement method according to the above-described embodiments.
The computer-readable storage medium of the embodiment of the invention can randomly negotiate the session key in the communication between the terminal device and the gateway by executing the key negotiation program stored in the processor, so that the communication process is safer, the user privacy data are better protected, and the safety of the internet of things is further improved.
It should be noted that the logic and/or steps shown in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Further, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following technologies, which are well known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description of the specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be considered limiting of the invention.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of the feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present invention, unless otherwise explicitly stated or limited, the terms "mounted," "connected," "fixed," and the like are to be construed broadly, e.g., as being permanently connected, detachably connected, or integral; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or they may be interconnected within two elements or in a relationship where two elements interact with each other unless otherwise specifically limited. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the present invention, unless otherwise expressly stated or limited, the first feature "on" or "under" the second feature may be directly contacting the first and second features or indirectly contacting the first and second features through an intermediate. Also, a first feature "on," "over," and "above" a second feature may be directly or diagonally above the second feature, or may simply indicate that the first feature is at a higher level than the second feature. A first feature being "under," "below," and "beneath" a second feature may be directly under or obliquely under the first feature, or may simply mean that the first feature is at a lesser elevation than the second feature.
Although embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are exemplary and not to be construed as limiting the present invention, and that changes, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (15)

1. A key agreement method, applied to a gateway, the method comprising:
after receiving a session application message sent by a terminal device, generating a first random number;
carrying out encryption signature on the first random number to obtain a key negotiation request message, and sending the key negotiation request message to the terminal equipment, so that the terminal equipment responds when obtaining the first random number after verifying the signature and decrypting the key negotiation request message;
after receiving a key agreement response message sent by the terminal device, performing signature verification and decryption on the key agreement response message to obtain the first random number, and after passing verification according to the first random number, generating a first session key according to the first random number and a second random number in the key agreement response message, wherein verification according to the first random number comprises: comparing the first random number generated by the user with the first random number obtained by decryption, and confirming that the verification is passed when the first random number and the first random number are consistent;
and encrypting a third random number in the key agreement response message according to the first session key, and sending the generated key agreement confirmation message to the terminal equipment, so that the terminal equipment decrypts the key agreement confirmation message according to a second session key to obtain the third random number, and completes the agreement after passing verification according to the third random number, wherein the second session key is generated by the terminal equipment according to the first random number and the second random number.
2. The key agreement method according to claim 1, wherein the session application message includes public key information of the terminal device, and wherein the performing a cryptographic signature on the first random number to obtain a key agreement request message includes:
encrypting the first random number according to the public key information of the terminal equipment to obtain a first encryption result, signing the first encryption result according to the private key information of the gateway to obtain a first signature result, and generating the key negotiation request message according to the first encryption result and the first signature result.
3. The key agreement method according to claim 1, wherein the signature verification and decryption of the key agreement response message comprises:
and checking the signature of the key negotiation response message according to the public key information of the terminal equipment to obtain a first signature checking result, and decrypting the first signature checking result according to the private key information of the gateway to obtain the first random number, the second random number and the third random number.
4. The key agreement method according to any one of claims 1-3, wherein after encrypting a third random number in the key agreement response message according to the first session key, the method further comprises:
signing the encryption result of the third random number according to the private key information of the gateway to obtain a second signature result;
and generating the key negotiation confirmation message according to the encryption result of the third random number and the second signature result.
5. The key agreement method according to claim 1, wherein lengths of the first random number, the second random number, and the third random number are determined according to an encryption level.
6. A key agreement method is applied to a terminal device, and comprises the following steps:
sending a session application message to a gateway so that the gateway generates a first random number after receiving the session application message and encrypts and signs the first random number to obtain a key negotiation request message;
after receiving the key agreement request message sent by the gateway, performing signature verification and decryption on the key agreement request message to obtain the first random number, generating a second random number and a third random number, and performing encryption and signature on the first random number, the second random number and the third random number to generate a key agreement response message;
sending a key negotiation response message to the gateway, generating a second session key according to the first random number and the second random number, generating a first session key by the gateway after the first random number in the key negotiation response message is verified, encrypting a third random number in the key negotiation response message according to the first session key, and sending a key negotiation confirmation message to the terminal equipment;
and after receiving a key negotiation confirmation message sent by the gateway, decrypting the key negotiation confirmation message according to the second session key to obtain the third random number, and completing negotiation after passing verification according to the third random number.
7. The key agreement method according to claim 6, wherein the signing and decrypting the key agreement request message includes:
and checking the signature of the key negotiation request message according to the public key information of the gateway to obtain a second signature checking result, and decrypting the second signature checking result according to the private key information of the terminal equipment to obtain the first random number.
8. The key agreement method according to claim 6, wherein the generating of the key agreement response message by cryptographically signing the first random number, the second random number, and the third random number comprises:
encrypting the first random number, the second random number and the third random number according to the public key information of the gateway to obtain a second encryption result, signing the second encryption result according to the private key information of the terminal equipment to obtain a third signature result, and generating the key negotiation response message according to the second encryption result and the third signature result.
9. The key agreement method according to any one of claims 6-8, wherein before decrypting the key agreement confirmation message according to the second session key, the method further comprises:
and checking the signature of the key negotiation confirmation message according to the public key information of the gateway to obtain a third signature checking result.
10. The key agreement method according to claim 9, wherein decrypting the key agreement confirmation packet according to the second session key to obtain the third random number comprises:
and decrypting the third signature verification result according to the second session key to obtain the third random number.
11. The key agreement method according to claim 10, wherein the verifying according to the third random number comprises:
and comparing the third random number generated by the user with the third random number obtained by decryption, and confirming that the verification is passed when the third random number and the third random number are consistent.
12. The key agreement method according to claim 6, wherein lengths of the first random number, the second random number, and the third random number are determined according to an encryption level.
13. A gateway comprising a memory, a processor, and a key agreement program stored on the memory and executable on the processor, wherein the processor implements the key agreement method according to any one of claims 1 to 5 when executing the key agreement program.
14. A terminal device, comprising a memory, a processor and a key agreement program stored on the memory and operable on the processor, wherein the processor implements the key agreement method according to any one of claims 6 to 12 when executing the key agreement program.
15. A computer-readable storage medium, having stored thereon a key agreement program, which when executed by a processor implements a key agreement method according to any one of claims 1-12.
CN202210796885.5A 2022-07-08 2022-07-08 Key agreement method, gateway, terminal device and storage medium Active CN114884659B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210796885.5A CN114884659B (en) 2022-07-08 2022-07-08 Key agreement method, gateway, terminal device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210796885.5A CN114884659B (en) 2022-07-08 2022-07-08 Key agreement method, gateway, terminal device and storage medium

Publications (2)

Publication Number Publication Date
CN114884659A CN114884659A (en) 2022-08-09
CN114884659B true CN114884659B (en) 2022-10-25

Family

ID=82683672

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210796885.5A Active CN114884659B (en) 2022-07-08 2022-07-08 Key agreement method, gateway, terminal device and storage medium

Country Status (1)

Country Link
CN (1) CN114884659B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114553426B (en) * 2020-11-26 2023-08-15 中移物联网有限公司 Signature verification method, key management platform, security terminal and electronic equipment
CN116208949B (en) * 2023-05-05 2023-07-25 北京智芯微电子科技有限公司 Encryption transmission method and system for communication message, sending terminal and receiving terminal
CN116684090B (en) * 2023-07-13 2024-04-16 北清晋如通信技术有限公司 Key negotiation method, device and system and electronic equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018076365A1 (en) * 2016-10-31 2018-05-03 美的智慧家居科技有限公司 Key negotiation method and device
CN108809643B (en) * 2018-07-11 2021-04-27 飞天诚信科技股份有限公司 Method, system and device for device and cloud to negotiate key
CN109120649B (en) * 2018-11-02 2020-11-06 美的集团股份有限公司 Key agreement method, cloud server, device, storage medium and system
CN112134694B (en) * 2020-08-11 2024-01-23 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005028A (en) * 2018-11-02 2018-12-14 美的集团股份有限公司 Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system

Also Published As

Publication number Publication date
CN114884659A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
CN114884659B (en) Key agreement method, gateway, terminal device and storage medium
CN106603485B (en) Key agreement method and device
CN109510708B (en) Public key password calculation method and system based on Intel SGX mechanism
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
WO2018076365A1 (en) Key negotiation method and device
US8924728B2 (en) Apparatus and method for establishing a secure session with a device without exposing privacy-sensitive information
CN111147225A (en) Credible measurement and control network authentication method based on double secret values and chaotic encryption
EP2173055A1 (en) A method, a system, a client and a server for key negotiating
CN112118223B (en) Authentication method of master station and terminal, master station, terminal and storage medium
CN107820239B (en) Information processing method and device
CN111614621B (en) Internet of things communication method and system
CN104821933A (en) Device and method certificate generation
CN112019326B (en) Vehicle charging safety management method and system
JP4851497B2 (en) Apparatus and method for direct anonymous authentication from bilinear maps
CN112383395B (en) Key negotiation method and device
CN104836784A (en) Information processing method, client, and server
CN112241527B (en) Secret key generation method and system of terminal equipment of Internet of things and electronic equipment
CN112165386B (en) Data encryption method and system based on ECDSA
CN101192927B (en) Authorization based on identity confidentiality and multiple authentication method
CN112134694A (en) Data interaction method, master station, terminal and computer readable storage medium
CN110493177B (en) Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number
CN109309648B (en) Information transmission method and equipment
CN111245611B (en) Anti-quantum computation identity authentication method and system based on secret sharing and wearable equipment
CN108932425B (en) Offline identity authentication method, authentication system and authentication equipment
US20240064006A1 (en) Identity authentication method and apparatus, storage medium, program, and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant