CN116599659A - Certificate-free identity authentication and key negotiation method and system - Google Patents

Certificate-free identity authentication and key negotiation method and system Download PDF

Info

Publication number
CN116599659A
CN116599659A CN202310607953.3A CN202310607953A CN116599659A CN 116599659 A CN116599659 A CN 116599659A CN 202310607953 A CN202310607953 A CN 202310607953A CN 116599659 A CN116599659 A CN 116599659A
Authority
CN
China
Prior art keywords
entity
key
authentication
identity authentication
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310607953.3A
Other languages
Chinese (zh)
Other versions
CN116599659B (en
Inventor
胡春强
刘泽伟
张今革
蔡斌
夏晓峰
桑军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University
Original Assignee
Chongqing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University filed Critical Chongqing University
Priority to CN202310607953.3A priority Critical patent/CN116599659B/en
Publication of CN116599659A publication Critical patent/CN116599659A/en
Application granted granted Critical
Publication of CN116599659B publication Critical patent/CN116599659B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application relates to a password security technology, and discloses a certificate-free identity authentication and key negotiation method, which comprises the following steps: the key generation center generates system public parameters and discloses the system public parameters to an entity, wherein the entity comprises a smart electric meter, an aggregator and a control center; generating a user key for each entity using an identity identifier of the entity and the system public parameters; and completing identity authentication between each entity by using the user key, and generating a session key of each entity. The application also provides a system based on the certificate-free identity authentication and key negotiation method. The application can improve the safety and authentication efficiency of the non-certificate identity authentication and key negotiation.

Description

Certificate-free identity authentication and key negotiation method and system
Technical Field
The application relates to the technical field of password security, in particular to a method and a system for certificateless identity authentication and key agreement.
Background
Authentication and key agreement (Authenticated KeyAgreement, AKA) is an important primitive in cryptography, and is the basis for establishing secure communications. The protocol allows the two parties to negotiate a shared (session) key in an environment which is not trusted by each other, the key is not known by anyone except the two parties, and therefore the data security and the data integrity in the communication can be ensured.
The intelligent power grid certificateless identity authentication and key agreement is a safety mechanism based on a certificateless public key cryptosystem, and can realize the identity authentication and session key agreement of two communication parties in the intelligent power grid under the condition that public key certificates are not needed to be used. The mechanism can avoid the problems of certificate management overhead of the traditional Public Key Infrastructure (PKI) and key escrow of an identity-based public key cryptosystem (ID-PKC), and can resist attack of a malicious Key Generation Center (KGC).
The advantages and disadvantages of the existing certificate-free identity authentication and key agreement method can be summarized as follows:
(1) Public Key Infrastructure (PKI) based method:
the advantages are that: the public key encryption technology has good safety and reliability, and can effectively guarantee confidentiality and integrity of communication.
Disadvantages: the large-scale trust authorities and key management systems need to be established, the cost is high, and the management work is complex. In addition, PKI methods also face key revocation and revocation issues.
(2) Standard protocol based method:
the advantages are that: standard protocol-based methods generally use simple, easily understood protocols with good interoperability and flexibility.
Disadvantages: only the legitimacy of the communication protocol is considered, and the communication data cannot be encrypted and protected. When the network environment is bad or an attacker exists, the necessary security is lacking.
(3) The method based on the cryptographic algorithm comprises the following steps:
the advantages are that: the encryption protection is carried out on the communication data by adopting a cryptographic algorithm, so that the confidentiality and the integrity of communication can be effectively ensured.
Disadvantages: some conventional cryptographic algorithms present a risk of being attacked and hacked, while also requiring a unified key management system to secure keys.
(4) The method based on the two-factor authentication comprises the following steps:
the advantages are that: and a double-factor authentication mode is adopted to provide higher-level identity authentication and authorization guarantee for intelligent power grid users. Even if an attacker gets a certain factor, identity authentication cannot be passed.
Disadvantages: the two-factor authentication mode requires more hardware equipment or mobile phone APP, and can increase the use complexity and operation difficulty of a user.
The different identity authentication and key negotiation methods need to be comprehensively considered in use according to the aspects of application scenes, security requirements, cost, user convenience and the like, and have the problems of simple encryption algorithm, complex use process, difficult protection and management of keys and the like, so that the existing identity authentication and key negotiation has the problems of lower security and lower authentication efficiency.
Disclosure of Invention
The application provides a method and a system for negotiating the identity authentication without a certificate and a key, which can improve the security and the authentication efficiency of negotiating the identity authentication without a certificate and the key.
In order to achieve the above object, the present application provides a method for certificateless identity authentication and key agreement, comprising:
the key generation center generates system public parameters and discloses the system public parameters to an entity, wherein the entity comprises a smart electric meter, an aggregator and a control center;
generating a user key for each entity using an identity identifier of the entity and the system public parameters;
and completing identity authentication between each entity by using the user key, and generating a session key of each entity.
Optionally, the generating the system public parameter of the system includes:
acquiring a safety parameter;
generating a parameter tuple by using a key generation center according to the security parameter;
extracting a system main private key in the parameter tuple, and generating a formula to calculate the system main private key according to a preset public key;
and selecting a preset number of secure hash functions, and generating the system public parameters by parallelly establishing the attribute parameters of the parameter tuples, the system main private key and the system main public key.
Optionally, the generating the user key of each entity by using each entity in the system and the system public parameter includes:
each entity randomly selects an entity secret value from the multiplication cyclic group, and calculates a key pair of each entity according to a preset key pair generation formula;
inquiring an entity public key and an entity private key in the key pair;
each entity sends a key generation request to the key generation center through an identity identifier and the entity public key;
after receiving the key generation request, the key generation center inquires whether the identity identifier of the entity exists in a registration list;
the key generation center refuses the key generation request of the entity when the identity identifier of the entity exists in the registration list;
when the identity identifier of the entity does not exist in the registration list, the key generation center generates an entity key of the entity by using the system public parameter, the system main private key, the identity identifier and the entity public key.
Optionally, querying the entity public key and the entity private key in the key pair includes:
the key generation center randomly selects a generated center secret value from the multiplication cyclic group and generates partial key pairs and hash check values;
when the entity receives a partial key pair, the partial key pair is checked by using the identity identifier and the hash check value pair;
when the verification fails, the entity deletes the partial key pair;
and when the verification is successful, the entity receives the partial key pair and generates an entity private key and an entity public key of the entity according to the partial key pair.
Optionally, the step of using the user key to complete identity authentication between each of the entities includes:
taking the first entity as an authentication requester and the second entity as an authentication responder;
using the system public parameter, the entity private key, the public key of the identity identifier, the public key of the second entity and the identity identifier of the first entity to complete the initial identity authentication from the first entity to the second entity;
taking the second entity as an authentication requester and the first entity as an authentication responder;
using the system public parameter, the entity private key, the identity identifier, the public key of the first entity and the identity identifier of the second entity to complete the response identity authentication from the second entity to the first entity;
and integrating the initial identity authentication and the response identity authentication to complete the identity authentication between the first entity and the second entity.
Optionally, the generating a session key for each entity includes:
calculating a key negotiation value between each entity by using a preset key negotiation formula;
and calculating a session key according to the key negotiation value and storing the session key.
Optionally, the calculating and saving the session key according to the key negotiation value includes:
the session key is calculated using the following formula:
wherein the H is 2 As a second hash function, the ID a An identity identifier of a first entity, said ID b Is an identity identifier of a second entity, said Φ a Authentication information for the first entity, said Φ b Authentication information for the second entity, theAn entity private key for the first entity, said +.>And (3) an entity private key of the second entity, wherein the I represents a connection symbol.
In order to solve the problems, the application also provides a system based on the certificateless identity authentication and key agreement method, which comprises a smart meter, an aggregator, a control center and a key generation center, wherein the key generation center is respectively in bidirectional communication with the smart meter, the aggregator and the control center.
Optionally, the key generation center completes entity registration, identity verification and generation of relevant parameters of session key protocol for the smart meter, aggregator and control center.
Optionally, an identity authentication and key negotiation process is completed between the intelligent ammeter and the aggregator;
and the aggregator and the control center complete the identity authentication and key negotiation process.
The embodiment of the application utilizes the preset key generation center to initialize the system built by the entities and generate the system public parameters of the system, thereby realizing the sharing of the system public parameters among the entities, further ensuring the key negotiation efficiency and authentication efficiency among the entities, in addition, utilizing the identity identifier of each entity in the system and the system public parameters to generate the user key of each entity, utilizing the shared system public parameters to combine with the identity identifier, realizing the user key generation speed of each entity, utilizing the user key to complete the identity authentication among the entities, generating the session key of each entity, and utilizing the session key to encrypt and decrypt the communication among the entities, thereby ensuring the forward security of the communication among the entities, ensuring the content encryption and authentication security of the authentication information, and further ensuring the security and the efficiency of the identity authentication among the entities.
Drawings
FIG. 1 is a flow chart of a method for certificateless identity authentication and key agreement according to an embodiment of the present application;
FIG. 2 is a diagram illustrating a user key generation process of a method for certificateless identity authentication and key agreement according to one embodiment of the present application;
FIG. 3 is a diagram illustrating an authentication procedure of a method for performing authentication and key agreement without credentials according to an embodiment of the present application;
FIG. 4 is a diagram illustrating a session key generation procedure of a method for certificateless identity authentication and key agreement according to one embodiment of the present application;
fig. 5 is a block diagram of a system based on the method of certificateless identity authentication and key agreement according to an embodiment of the present application.
The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides a method for certificateless identity authentication and key agreement. The execution main body of the certificateless identity authentication and key agreement method includes, but is not limited to, at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the method of certificateless identity authentication and key agreement may be performed by software or hardware installed in a terminal device or a server device, the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a method for certificateless identity authentication and key agreement according to an embodiment of the present application is shown. In this embodiment, the method for certificateless identity authentication and key agreement includes:
s1, a key generation center generates system public parameters and discloses the system public parameters to an entity, wherein the entity comprises an intelligent ammeter, an aggregator and a control center.
In the embodiment of the application, the preset key generation center refers to a half entity connecting identity authentication and key negotiation entities, is a trusted mechanism and is mainly responsible for participating in the generation of system public parameters, the generation of a master key and the generation of a user private key among the entities. The key generation center can simplify the management and distribution of the system public key and improve the convenience and safety of users.
As an embodiment of the present application, generating a system common parameter of the system includes:
acquiring a safety parameter;
generating a parameter tuple by using the key generation center according to the security parameter;
extracting a system main private key in the parameter tuple, and generating a formula to calculate the system main private key according to a preset public key;
and selecting a preset number of secure hash functions, and generating system public parameters by connecting attribute parameters of the parameter tuples, a system main private key and a system main public key.
In the embodiment of the application, the security parameter of the system refers to a positive integer randomly selected from a positive integer set as the security parameter.
In the embodiment of the application, the secure hash function refers to a special hash function applied to cryptography, and has the properties of unidirectionality, second original image stability and collision stability. Wherein, the preset number of secure hash functions can be set to 2.
In the embodiment of the application, the parameter tuple refers to a data set formed by all parameters of the system.
In the embodiment of the application, parameter tuples existp is the main private key of the system, q is the security parameter,>is a cyclic group of order n=pq.
Further, calculating a system master public key according to a preset public key generation formula, including:
the system master public key may be calculated using the following calculation formula:
m sk =p
M PK =g p
wherein m is sk M is the main private key of the system PK G is a generator randomly selected on the cyclic group,
further, generating a system public parameter by the attribute parameter, the system main private key and the system main public key of the simultaneous parameter tuple, including:
wherein H is 1 As a first hash function, H 2 For the second hash function, {0,1} * Is a Cartesian product of the uncertainty set {0,1}, where'→' is a mapping relationship,and multiplying the cyclic group.
S2, generating a user key of each entity by using the identity identifier of each entity in the system and the system public parameters.
In the embodiment of the application, the identity identifier refers to an identifier which uniquely represents entity identity information.
In the embodiment of the application, the user key refers to a key configured for distinguishing different entities and is distributed according to the identification symbol of the entity.
As an embodiment of the present application, generating a user key of each entity in the system using an identifier of each entity and the system public parameter includes:
each entity randomly selects an entity secret value from the multiplication cyclic group, and calculates a key pair of each entity according to a preset key pair generation formula;
inquiring an entity public key and an entity private key in the key pair;
each entity sends a key generation request to a key generation center through an identity identifier and an entity public key;
after receiving the key generation request, the key generation center inquires whether the identity identifier of the entity exists in the registration list;
the key generation center refuses the key generation request of the entity when the identity identifier of the entity exists in the registration list;
when the identity identifier of the entity does not exist in the registration list, the key generation center generates an entity key of the entity by using the system public parameter, the system main private key, the identity identifier and the entity public key.
According to the embodiment of the application, the key pair of each entity is calculated according to a preset key pair generation formula, and the following formula can be adopted:
wherein sk i As entity private key, pk i Is an entityPublic key, x i Is an entity secret value.
As an embodiment of the present application, querying the public key and the private key of the key pair includes:
the key generation center randomly selects a generated center secret value from the multiplication cyclic group and generates partial key pairs and hash check values;
when an entity receives a partial key pair, verifying the partial key pair by using an identity identifier and a hash verification value pair;
when the verification fails, the entity deletes part of the key pairs;
and when the verification is successful, the entity receives the partial key pair and generates an entity private key and an entity public key of the entity according to the partial key pair.
The embodiment of the application generates partial key pairs and hash check values by adopting the following formulas:
h i =H 1 (ID i ||pk i ||R i )
s i =r i +p·h i
wherein r is i To generate a central secret value that is used to generate a central secret,for the entity part private key,/->For the entity part public key, h i For hash check value, ID i In order to provide an entity identity identifier, the symbol of the connection is represented by the symbol.
Further, when the entity receives the partial key pair, verifying the partial key pair with the identity identifier and the hash check value pair, comprising:
the partial key pair may be verified using the following formula:
wherein,,ciphertext obtained by encrypting the hash check value for the system master public key,/the system master public key>In order to check the value of the value,and decrypting the hash check value for the system main public key to obtain a plaintext, || represents a connection symbol.
Further, generating an entity private key and an entity public key of the entity according to the partial key pair comprises:
generating an entity private key and an entity public key of an entity by adopting the following formula:
wherein SK is i Authentication of private keys for entities, PK i The public key is authenticated for the entity.
In the embodiment of the present application, the process of generating the user key by the smart meter, the second entity aggregator and the third entity control center is the same as the process of generating the user key by the entity, and will not be described herein.
S3, completing identity authentication between the entities by using the user key, and generating a session key of each entity.
In the embodiment of the application, the identity authentication refers to an entity authentication process performed between the intelligent ammeter and the second entity aggregator and between the second entity aggregator and the third entity control center.
As an embodiment of the present application, using a user key to complete identity authentication between each entity includes:
taking the first entity as an authentication requester and the second entity as an authentication responder;
utilizing the system public parameter and entity private key of the first entity and the public key and the identity identifier of the second entity to complete the initial identity authentication from the first entity to the second entity;
taking the second entity as an authentication requester and the first entity as an authentication responder;
the system public parameter and the entity private key of the second entity and the public key and the identity identifier of the first entity are utilized to complete the response identity authentication from the second entity to the first entity;
and integrating the initial identity authentication and the response identity authentication to complete the identity authentication between the first entity and the second entity.
The identity authentication process between the second entity and the third entity is the same as the identity authentication process between the first entity and the second entity, and will not be described herein.
As an embodiment of the present application, generating a session key for each entity includes:
calculating a key negotiation value between each entity by using a preset key negotiation formula;
and calculating and storing the session key according to the key negotiation value.
Further, calculating and saving the session key according to the key negotiation value includes:
the session key is calculated using the following formula:
wherein H is 2 For the second hash function, ID a For the identity identifier, ID, of the first entity b Phi is the identity identifier of the second entity a Phi is authentication information of the first entity b For the authentication information of the second entity,an entity private key for the first entity, +.>As the entity private key of the second entity, the symbol of the connection is represented by the symbol.
The embodiment of the application utilizes the preset key generation center to initialize the system built by the entities and generate the system public parameters of the system, thereby realizing the sharing of the system public parameters among the entities, further ensuring the key negotiation efficiency and authentication efficiency among the entities, in addition, utilizing the identity identifier of each entity in the system and the system public parameters to generate the user key of each entity, utilizing the shared system public parameters to combine with the identity identifier, realizing the user key generation speed of each entity, utilizing the user key to complete the identity authentication among the entities, generating the session key of each entity, and utilizing the session key to encrypt and decrypt the communication among the entities, thereby ensuring the forward security of the communication among the entities, ensuring the content encryption and authentication security of the authentication information, and further ensuring the security and the efficiency of the identity authentication among the entities.
Referring to fig. 2, 3 and 4, KGC is a key generation center, SM is a smart meter, GW is an aggregator, params is a system common parameter, and ID a For the identity identifier, ID, of the first entity b Is an identity identifier of the second entity.
Referring to fig. 5, a block diagram of a system based on the method of certificateless identity authentication and key agreement according to an embodiment of the present application is shown. In this embodiment, the system based on the certificate-free authentication and key negotiation method includes a smart meter, an aggregator, a control center, and a key generation center, where the key generation center is in two-way communication with the smart meter, the aggregator, and the control center, respectively.
And the key generation center completes entity registration, identity verification and generation of related parameters of a session key protocol for the intelligent ammeter, the aggregator and the control center.
The intelligent ammeter and the aggregator complete the identity authentication and key negotiation process;
and the aggregator and the control center complete the identity authentication and key negotiation process.
It will be evident to those skilled in the art that the application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present application and not for limiting the same, and although the present application has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present application without departing from the spirit and scope of the technical solution of the present application.

Claims (10)

1. A method for certificateless identity authentication and key agreement, the method comprising:
the key generation center generates system public parameters and discloses the system public parameters to an entity, wherein the entity comprises a smart electric meter, an aggregator and a control center;
generating a user key for each entity using an identity identifier of the entity and the system public parameters;
and completing identity authentication between each entity by using the user key, and generating a session key of each entity.
2. The certificateless identity authentication and key agreement method according to claim 1, wherein the generating system public parameters of the system includes:
acquiring a safety parameter;
generating a parameter tuple by using a key generation center according to the security parameter;
extracting a system main private key in the parameter tuple, and generating a formula to calculate the system main private key according to a preset public key;
and selecting a preset number of secure hash functions, and generating the system public parameters by parallelly establishing the attribute parameters of the parameter tuples, the system main private key and the system main public key.
3. A method of certificateless identity authentication and key agreement according to claim 1 or 2, wherein said generating a user key for each entity in the system using the identity identifier of each entity and the system public parameters, comprises:
each entity randomly selects an entity secret value from the multiplication cyclic group, and calculates a key pair of each entity according to a preset key pair generation formula;
inquiring an entity public key and an entity private key in the key pair;
each entity sends a key generation request to the key generation center through an identity identifier and the entity public key;
after receiving the key generation request, the key generation center inquires whether the identity identifier of the entity exists in a registration list;
the key generation center refuses the key generation request of the entity when the identity identifier of the entity exists in the registration list;
when the identity identifier of the entity does not exist in the registration list, the key generation center generates an entity key of the entity by using the system public parameter, the system main private key, the identity identifier and the entity public key.
4. A method of certificateless identity authentication and key agreement as recited in claim 3, wherein querying the key pair for the entity public key and the entity private key includes:
the key generation center randomly selects a generated center secret value from the multiplication cyclic group and generates partial key pairs and hash check values;
when the entity receives a partial key pair, the partial key pair is checked by using the identity identifier and the hash check value pair;
when the verification fails, the entity deletes the partial key pair;
and when the verification is successful, the entity receives the partial key pair and generates an entity private key and an entity public key of the entity according to the partial key pair.
5. The method of certificateless identity authentication and key agreement according to claim 1 or 2 or 4, wherein said using the user key to complete identity authentication between each of the entities includes:
taking the first entity as an authentication requester and the second entity as an authentication responder;
using the system public parameter, the entity private key, the public key of the identity identifier, the public key of the second entity and the identity identifier of the first entity to complete the initial identity authentication from the first entity to the second entity;
taking the second entity as an authentication requester and the first entity as an authentication responder;
using the system public parameter, the entity private key, the identity identifier, the public key of the first entity and the identity identifier of the second entity to complete the response identity authentication from the second entity to the first entity;
and integrating the initial identity authentication and the response identity authentication to complete the identity authentication between the first entity and the second entity.
6. The certificateless identity authentication and key agreement method according to claim 5, wherein the generating a session key for each of the entities includes:
calculating a key negotiation value between each entity by using a preset key negotiation formula;
and calculating a session key according to the key negotiation value and storing the session key.
7. The method for certificateless identity authentication and key agreement according to claim 6, wherein the calculating and saving a session key according to the key agreement value includes:
the session key is calculated using the following formula:
wherein the H is 2 As a second hash function, the ID a An identity identifier of a first entity, said ID b Is an identity identifier of a second entity, said Φ a Authentication information for the first entity, said Φ b Authentication information for the second entity, theAn entity private key for the first entity, said +.>Is the entity private key of the second entity, the II represents the connection symbol.
8. A system based on the certificateless identity authentication and key agreement method according to any one of claims 1 to 7, comprising a smart meter, an aggregator, a control center and a key generation center in bi-directional communication with the smart meter, the aggregator and the control center, respectively.
9. The certificateless identity authentication and key agreement system according to claim 8, wherein the key generating center performs entity registration, authentication and generation of related parameters of session key protocol for the smart meter, aggregator and control center.
10. The certificateless identity authentication and key agreement system according to claim 8 or 9, wherein the smart meter and the aggregator perform an identity authentication and key agreement procedure;
and the aggregator and the control center complete the identity authentication and key negotiation process.
CN202310607953.3A 2023-05-26 2023-05-26 Certificate-free identity authentication and key negotiation method and system Active CN116599659B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310607953.3A CN116599659B (en) 2023-05-26 2023-05-26 Certificate-free identity authentication and key negotiation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310607953.3A CN116599659B (en) 2023-05-26 2023-05-26 Certificate-free identity authentication and key negotiation method and system

Publications (2)

Publication Number Publication Date
CN116599659A true CN116599659A (en) 2023-08-15
CN116599659B CN116599659B (en) 2024-01-26

Family

ID=87598943

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310607953.3A Active CN116599659B (en) 2023-05-26 2023-05-26 Certificate-free identity authentication and key negotiation method and system

Country Status (1)

Country Link
CN (1) CN116599659B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117155710A (en) * 2023-10-30 2023-12-01 江西财经大学 Industrial Internet of things certificateless grid authentication key negotiation method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN113179153A (en) * 2021-03-22 2021-07-27 淮阴工学院 User authentication and key agreement method based on certificateless

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107437993A (en) * 2016-05-26 2017-12-05 中兴通讯股份有限公司 One kind is based on without the side's authentication key agreement method of certificate two and device
CN113179153A (en) * 2021-03-22 2021-07-27 淮阴工学院 User authentication and key agreement method based on certificateless

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张曼君: "无证书公钥密码体制的理论与应用研究", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117155710A (en) * 2023-10-30 2023-12-01 江西财经大学 Industrial Internet of things certificateless grid authentication key negotiation method and system
CN117155710B (en) * 2023-10-30 2024-01-26 江西财经大学 Industrial Internet of things certificateless grid authentication key negotiation method and system

Also Published As

Publication number Publication date
CN116599659B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN113783836B (en) Internet of things data access control method and system based on block chain and IBE algorithm
CN105959269B (en) A kind of identifiable dynamic group key agreement method of identity-based
CN102318258B (en) The subjective entropy of identity-based
CN107947913A (en) The anonymous authentication method and system of a kind of identity-based
CN108667616A (en) Across cloud security Verification System based on mark and method
CN114710275B (en) Cross-domain authentication and key negotiation method based on blockchain in Internet of things environment
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN109243020A (en) A kind of smart lock identity identifying method based on no certificate
CN113612610B (en) Session key negotiation method
CN105610773A (en) Communication encryption method of electric energy meter remote meter reading
CN113411801B (en) Mobile terminal authentication method based on identity signcryption
CN111769937A (en) Two-party authentication key agreement protocol oriented to advanced measurement system of smart grid
CN113572603A (en) Heterogeneous user authentication and key agreement method
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN115473623A (en) Method for safely aggregating multidimensional user data in smart power grid
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
Chen et al. Provable secure group key establishment scheme for fog computing
CN110048852B (en) Quantum communication service station digital signcryption method and system based on asymmetric key pool
CN116232759A (en) Mist-blockchain assisted smart grid aggregation authentication method
CN114401084B (en) Third-party random number transmission method based on ciphertext transformation
CN115459975A (en) Certificate-free access authentication method for industrial edge equipment based on Chebyshev polynomial

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant