CN116996872A

CN116996872A - Channel establishment method, device, system and computing equipment

Info

Publication number: CN116996872A
Application number: CN202210442059.0A
Authority: CN
Inventors: 陈博; 王闯; 江伟玉; 程建明; 李婕妤
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2022-04-25
Filing date: 2022-04-25
Publication date: 2023-11-03

Abstract

The application discloses a channel establishment method, a device, a system and related equipment. Wherein the method of channel establishment is applied to a communication between a first device and a second device, the method comprising: the second device receives a first public key, a first device identifier, a first key parameter and a first message signature, wherein the first public key, the first device identifier, the first key parameter and the first message signature are sent by the first device, the first device identifier is an identifier which is generated by the first device and is bound with the first public key, and the first key parameter is used for being based on that the first device has the first device identifier; after the first public key, the first device identification, the first key parameter and the first message signature pass verification, a shared key between the first device and the second device is generated. The channel establishing method can protect user privacy, prevent the equipment identifier from being replaced, determine the existence and legality of the equipment identifier and the secret key, determine the authenticity and integrity of the first message, and establish a safer channel after one interaction.

Description

Channel establishment method, device, system and computing equipment

Technical Field

The present application relates to the field of communications, and in particular, to a method, apparatus, system, and computing device for establishing a channel.

Background

In the application scenario of decentralization, both nodes do not have the third party to endorse their own identity, but there is also a need for confidentiality, integrity and authenticity protection of communications. WiFi is a typical decentralization scenario, and WPS (WiFi protect setup) is a technology used by WiFi to authenticate and establish wireless encryption channels. The main modes are as follows: the pairing and channel establishment can be realized by using keys when both parties press virtual button configuration (push button configuration, PBC) keys on the device in the same time period. And secondly, using an eight-bit personal identification number (personal identification number, PIN), and when the PIN codes of the two communication parties are consistent, pairing and channel establishment can be realized. The method is simple and easy to configure, and can be widely applied to wireless routers and network cards.

However, WPS-based channel establishment has proven to have a major potential safety hazard, and how to implement channel establishment with a higher security level is a technical problem to be solved.

Disclosure of Invention

The embodiment of the invention provides a channel establishment method, a device, a system and a computing device, which can perform key exchange, channel establishment and data transmission more safely.

In a first aspect, an embodiment of the present invention provides a channel setup system, including: a first device and a second device.

The first device is configured to generate a first public key, a first device identification, a first key parameter, and a first message signature. The first device identifier is an identifier which is generated by the first device and is bound with a first public key, the first key parameter is used for verifying that the first device has the first device identifier, and the first public key and the first private key form a pair of key pairs.

The second device is used for receiving and verifying the first public key, the first device identifier, the first key parameter and the first message signature sent by the first device, and generating a shared key between the first device and the second device under the condition that the content verification is passed.

The second device may also be configured to generate a second public key, a second device identification, a second key parameter, and a second message signature, and send the second public key, the second device identification, the second key parameter, and the second message signature to the first device.

And the first equipment receives the content, generates a shared key based on the second public key, the second equipment identifier, the second key parameter and the second message signature verification, and the shared key generated by the first equipment is equal to the shared key generated by the second equipment.

The above system including the first device and the second device is only a simple example provided for easy understanding, and in practical application, the channel establishment system is widely applied to the situations of decentralization and the like, a large number of devices exist in the system as the first device, and each device respectively establishes a secure channel with the second device.

Only the first device and the second device are present in the channel setup system, and no third party authority is present. The first equipment generates the first equipment identifier based on the first public key, the second equipment generates the second equipment identifier based on the second public key, the second equipment can verify the first equipment identifier based on the first public key which is stored locally, the first equipment can verify the second equipment identifier based on the second public key which is stored locally, equipment in the system can generate the equipment identifier itself or verify whether the received equipment identifier is correct or not, and therefore a third party authority is not required to be distributed with the equipment identifier in advance in a channel establishment system, and the correctness of the equipment identifier is verified, so that the privacy of a user can be further protected, and the establishment of a channel is safer.

The first device and the second device may also each generate a key parameter that is bound to the device identification, and the first device sends the first key parameter and the first device identification together to the second device. The second device can verify the first key parameter based on the locally stored public key, and can determine that the first device identifier is replaced in the channel establishment process under the condition that verification is not passed, and only after verification is passed, the first device identifier is determined not to be tampered, so that channel establishment is performed, and the security of channel establishment is improved. Likewise, the first device may also verify the second key parameter.

The first device generates a first message signature based on the first private key, the second device generates a second message signature based on the second private key, and the first device can verify the correctness of the second message signature, so that whether the content of the second message is tampered or not is determined, and the integrity and the authenticity of the content such as the second device identifier, the second key parameter and the like are determined. Likewise, the second device may also verify the first message signature, and the process of generating and verifying the message signature does not require participation of a third party authority.

In summary, the channel establishment system provided by the embodiment of the invention can more safely establish a channel.

In a second aspect, an embodiment of the present invention provides a channel establishment method, including: the second device receives a first public key, a first device identifier, a first key parameter and a first message signature, wherein the first public key, the first device identifier, the first key parameter and the first message signature are sent by the first device, the first device identifier is an identifier which is generated by the first device and is bound with the first public key, the first key parameter is used for enabling the first device to possess the first device identifier, and the first public key and the first private key form a pair of key pairs; the second device generates a shared key between the first device and the second device after the second device verifies based on the first public key, the first device identification, the first key parameter, and the first message signature.

In the scheme, the first public key, the first equipment identifier, the first key parameter and the first message signature which are sent by the first equipment are received and verified, and the shared key is generated under the condition that verification is passed, so that the establishment of a channel between the first equipment and the second equipment is realized.

The method further comprises the step that the second device sends a second public key, a second device identifier, a second key parameter and a second message signature to the first device, wherein the second device identifier is an identifier which is generated by the second device and is bound with the second public key, the second key parameter is used for verifying that the second device has the second device identifier, and the second public key and the second private key form a pair of key pairs.

In some possible designs, the first public key sent by the first device and received by the second device is generated based on the first private key.

The first private key is generated based on a first seed parameter, which may include one or more of a service set identification (service set identifier, SSID), hostname, physical address MAC address, and random number. The first private key is generated based on the seed parameter and a key derivation function (key derivation function, KDF), and the first private key can be expressed as:

a＝KDF(IDSeeds1)

Where KDF () is a key derivation function, idseds 1 is a first seed parameter, and a is a first private key.

The first public key is generated based on the first private key and DH algorithm, the first public key y _a Can be expressed as:

y _a ＝g ^a mod(p)

wherein g is the primary root, p is a large prime number, a is a first private key, y _a Is a first public key, and the first public key and the first private key form a pair of key pairs.

In some possible designs, the first device identification sent by the first device received by the second device is generated based on the first public key.

The first device identification is generated based on the first public key and the first seed parameter.

The first device identification is generated based on the first public key, the first seed parameter, and the hash function, the first device identification ID _a Can be expressed as:

ID _a ＝Hash(y _a ,IDSeeds1)

where Hash () represents a Hash function, y _a Is the first public key, idseds 1 is the first seed parameter, and according to the above formula, it can be determined that the first device identifier is an identifier bound to the first public key.

The first public key is used as one of the inputs in the generation process of the first equipment identifier, the first equipment identifier and the first public key can be determined to be bound, the first equipment identifier is changed according to the difference of the first private key, the first equipment identifier can be declared by the first equipment, and the third party authority is not required to be allocated in advance, so that the privacy of the user can be better protected.

In some possible designs, the first key parameter sent by the first device received by the second device includes a first parameter and a second parameter, wherein the first parameter is a third public key and the second parameter is generated based on the third private key and the first private key.

The third private key is generated based on the third seed parameter, and the third private key v is generated based on the third seed parameter _a Can be expressed as:

v _a ＝KDF(IDSeeds3)。

wherein IDSeeds3 is the third seed parameter, v _a As a third private key, KDF () is a key derivation function.

The third public key is generated based on the third private key and DH algorithm, and the third public key t is generated by the same generation process with the first public key _a Can be expressed as:

wherein g is the primary root, p is a large prime number, v _a T is the third private key _a The third public key is the first parameter in the first key parameters, and the third public key and the third private key form a pair of key pairs.

The second parameter is generated by one or more of an addition or multiplication operation based on the third private key, the first private key, and a first hash value, wherein the first hash value is generated based on the first public key, the third public key, and a hash function, and the first hash value c can be expressed as:

c＝Hash(g,y _a ,t _a )

Wherein g is the primary root, y _a Is the first public key, t _a Is a third public key, c is a first hash value, mod () represents a modulo operation.

Second parameter r _a Can be expressed as:

r _a ＝v _a -c×a

wherein v is _a Is a third private key, c is a first hash value, a is the first private key, r _a Is the second parameter.

According to the formula, the first public key and the first private key can be used in the generation process of the first key parameter, and the first key parameter can be determined to be used for binding with the first device identifier based on the first device having the first device identifier because the first device identifier is bound with the first public key.

In some possible designs, the first message signature sent by the first device and received by the second device is generated based on a first private key.

In a more specific embodiment, the first message signature is generated based on the first private key and a second hash value, wherein the second hash value is generated based on the first message and a hash function, and the second hash value R may be expressed as:

r=hash (first message)

Wherein Hash () represents a Hash function, R represents a second Hash value, and the first message is a message generated by the first device.

First message signature Sig _a Can be expressed as:

Sig _a ＝g ^a-R

wherein g is the original root, a is the first private key, R is the second hash value, sig _a Is the first message signature.

In a more specific embodiment, a pre-shared personal identification code (personal identification number, PIN) is present in the first device and the second device, the first message signature is generated by the first device based on the PIN, the hash value R, and the first private key, and the first message signature Sig _a Can be expressed as:

Sig _a ＝g ^a-pin×R

wherein g is the original root, a is the first private key, pin is the pre-shared personal identification code, R is the second hash value, sig _a Is the first message signature.

The second device may also receive the first message timestamp and the inherent field of the message, such as the source destination address, the port number, and so on, sent by the first device.

In some possible designs, the second device verifies the content after receiving the first public key, the first device identifier, the first key parameter and the first message signature sent by the first device, and generates a shared key between the first device and the second device after the verification is passed.

The second device verifies the first device identification.

In some possible designs, the second device generates the first authentication device identification based on a locally stored first public key. The second device compares the first authentication device identification with the first device identification, and in the case that the first authentication device identification is identical to the first device identification, the second device determines that the first device identification passes authentication.

The second device generates a first verification device identification based on the locally stored first public key, the first seed parameter, and the hash function, the first verification device identification being representable as:

ID ₁ ＝Hash(y _a ,IDSeeds1)

wherein y is _a IDSeeds1 represents the first seed parameter, hash () represents the Hash function, ID, representing the locally stored first public key ₁ Representing a first authentication device identification.

The second device compares the first verification device identifier with the first device identifier, and under the condition that the first verification device identifier is different from the first device identifier, the second device determines that the locally stored first public key is tampered, and can determine that man-in-the-middle attack possibly occurs in the process of sending the first message, replaces the first public key, and returns a device identifier declaration error to the first device, and the first device identifier, the corresponding public key and the first key parameter which are declared are attached to the second device, so that the first device is required to re-declare the device identifier; in the case that the first authentication device identity is the same as the first device identity, the second device determines that the first device identity is authenticated, and further verifies the first key parameter.

The second device verifies the first key parameter.

In some possible designs, the second device verifies the first key parameter based on a locally stored first public key, the second device compares the first verification key parameter to the first parameter, and in the event that the first verification key parameter and the first parameter are the same, the second device determines that the first key parameter is verified.

The second device generates a first verification hash value c based on the locally stored first public key, the locally stored second parameter, and the locally stored first public key and the locally stored first parameter ₁ Generating a first authentication key parameter, the first authentication key parameter being expressed as:

wherein g is the primary root, r _a Is a locally stored second parameter, y _a Is a locally stored first public key, c ₁ Is a first verification hash value, t ₁ Is the first authentication key parameter.

Comparing the first verification key parameter with the first parameter, determining that a certain mapping relation is met between the first parameter and the second parameter under the condition that the first verification key parameter is the same as the first parameter, proving the possession of the first device to the first private key, determining that the first key parameter verification is not passed by the second device under the condition that the first device identification is replaced, and identifying the device identification replacement caused by man-in-the-middle attack in the channel establishment process based on the short authentication code by the second device through verifying the first key parameter bound with the first device identification.

The second device verifies the first message signature.

In some possible designs, the second device generates the first verification public key based on the locally stored first message and the locally stored first message signature. The second device compares the first verification public key with the first public key, and in the case that the first verification public key is the same as the first public key, the second device determines that the first message signature verification passes.

The specific process comprises the steps that the second equipment generates a second verification hash value R based on a first message and a hash function which are stored locally ₁ Can be expressed as:

R ₁ =hash (first message)

Wherein, hash () is a Hash function, the first message is a message received by the second device, R ₁ Is the second verification hash value.

The second device generates a first verification public key based on the hash value and the locally stored first message signature, the first verification public key being representable as:

wherein g is primary root, sig _a Is the first message signature, R ₁ Is a second verification hash value, y ₁ Is the first authentication public key.

The first message signature is generated by the first device based on the first message and the first private key, and is directly verified by the second device, so that a third-party authority is not required to sign and verify the first message, the interaction step of channel establishment is simplified, the authenticity and the integrity of the first message can be determined by verifying the first message signature received by the second device, and the first message signature verification is not passed under the condition that the message is tampered.

In addition to verifying the received first device identifier, the first key parameter and the first message signature, the second device verifies a first message timestamp sent by the first device, compares the first message timestamp with a local timestamp and a preset time range, and continues to verify under the condition that the first message timestamp does not exceed the local timestamp and is within the preset time range. The second device also verifies a second parameter in the first key parameters, compares the second parameter with the locally stored parameters of the same type, determines that replay attack occurs in the process of sending the first message under the condition that the two parameters are the same, and determines to discard the received first message; and under the condition that the two parameters are different, the second equipment verifies the correctness of the equipment identification.

The second device generates a shared key between the first device and the second device in the event that the first public key, the first device identification, the first key parameter, and the first message signature verification pass.

The second device is based on the first public key y _a T in the first key parameter _a Second private key b and fourth private key v generated by the second device _b Generating a shared Key between a first device and a second device _ab The shared key may be expressed as:

where HKDF () represents HMAC-based KDF, is an HMAC-based key derivation function,as keying material (initial keying material, IKM), timeamp _a The shared key is used as a salt value to increase the randomness of the shared key. It will be appreciated that the parameters used by the key derivation function may also include more or fewer parameters, and are not specifically limited herein. The second device generates the shared key itself, and can also solve the security problem existing in the current pre-shared key leakage.

The method further comprises the steps that the second device sends a second public key, a second device identifier, a second key parameter and a second message signature to the first device, the first device receives the second public key, the second device identifier, the second key parameter and the second message signature, and after the second device identifier, the second key parameter and the second message signature pass verification, a shared key is generated, so that channel establishment between the first device and the second device is completed.

In a third aspect, an embodiment of the present invention provides another channel establishment method, where the channel establishment method includes: the first device generates a first public key, a first device identifier, a first key parameter and a first message signature; the method comprises the steps that a first device sends a first public key, a first device identifier, a first key parameter and a first message signature to a second device, wherein the first device identifier is an identifier bound with the first public key, the first key parameter is used for verifying that the first device has the first device identifier, and the first public key and the first private key form a pair of key pairs; the first device receives a second public key, a second device identifier, a second key parameter and a second message signature, wherein the second public key, the second device identifier, the second key parameter and the second message signature are transmitted by the second device, the second device identifier is an identifier which is generated by the second device and is bound with the second public key, the second key parameter is used for verifying that the second device has the second device identifier, the second key parameter comprises a third parameter and a fourth parameter, and the second public key and the second private key form a pair of key pairs; the first device generates a shared key between the second device and the first device after the second public key, the second device identification, the second key parameter, and the second message signature verify.

The process of the first device generating the first public key, the first device identification, the first key parameter and the first message signature is the same as described in the second aspect.

The first device sends the first public key, the first device identifier, the first key parameter and the first message signature to the second device, the second device receives and verifies, and the shared key is generated under the condition that verification is passed, and the specific process is the same as that described in the second aspect. The second device also generates a second public key, a second device identification, a second key parameter, and a second message signature, and sends the second public key, the second device identification, the second key parameter, and the second message signature to the first device.

The first device receives a second public key, a second device identifier, a second key parameter and a second message signature sent by the second device.

In some possible designs, the second public key is generated by the second device based on the second private key.

In a more specific embodiment, the second private key is generated based on a second seed parameter, wherein the second seed parameter may include one or more of a service set identification (service set identifier, SSID), hostname, physical address MAC address, and nonce. It will be appreciated that the second seed parameter may also include more or less parameters, not specifically defined herein. In a more specific embodiment, the second private key is generated based on the seed parameter and a key derivation function (key derivation function, KDF). For example, the second private key may be expressed as:

b＝KDF(IDSeeds2)

Where IDSeeds2 is the second seed parameter, b is the second private key, and KDF () is the key derivation function. In the above example, the second private key is generated by the key derivation function, but in other embodiments, the second private key may be generated by another function, which is not limited herein.

In a more specific embodiment, the second public key is generated based on a second private key and DH algorithm, the second public key y _b Can be expressed as:

y _b ＝g ^b mod(p)

wherein g is the primary root, p is a large prime number, y _b Is a second public key, b is a second private key, mod () represents a modulo operation, and the second public key and the second private key form a pair of key pairs. In the above example, the second public key is generated by the DH algorithm, but in other embodiments, the second public key may also be generated by other functions, which is not limited herein, for example, the second public key may also be generated based on the second private key and the RSA algorithm.

In some possible designs, the second device identification is generated by the second device based on the second public key. In a more specific embodiment, the second device identification is generated based on the second public key and the second seed parameter. It will be appreciated that the second device identification may also be generated based on further parameters, not specifically defined herein.

The second device identification is generated based on the second public key, the second seed parameter, and the hash function, the second device identification ID _b Can be expressed as:

ID _b ＝Hash(y _b ,IDSeeds2)

wherein y is _b Is the second public key, idseds 2 is the second seed parameter, hash () is the Hash function, ID _b Is a second device identity, and it may be determined that the second device identity is an identity bound to a second public key according to the above formula.

In some possible designs, the second key parameter is generated by the second device, including a third parameter and a fourth parameter, wherein the third parameter is a fourth public key, is generated by the second device based on the fourth private key, and the fourth parameter is generated by the second device based on the fourth private key and the second private key.

In a more specific embodiment, the fourth private key is generated based on a fourth seed parameter, wherein the fourth seed parameter may include one or more of a service set identification (service set identifier, SSID), hostname, physical address MAC address, and nonce. It will be appreciated that the fourth seed parameter may also include more or less parameters, not specifically defined herein. In a more specific embodiment, the fourth private key is generated based on the seed parameter and a key derivation function (key derivation function, KDF). For example, the fourth private key may be expressed as:

v _a ＝KDF(IDSeeds4)

Wherein IDSeeds4 is the fourth seed parameter, v _b For the fourth private key, KDF () is a key derivation function. In the above example, the generation of the fourth private key by the key derivation function is described as an example, and in other embodiments, the fourth private key may be generated by another function, which is not limited herein.

In a more specific embodiment, the fourth public key is generated based on a fourth private key and DH algorithm, the fourth public key t _b Can be expressed as:

wherein g is the primary root, p is a large prime number, t _b Is a fourth public key, also a third parameter, v _b Is a fourth private key, mod () represents a modulo operation, and the fourth public key and the fourth private key form a pair of key pairs. In the above example, the generation of the fourth public key by the DH algorithm is described as an example, and in other embodiments, the fourth public key may also be generated by other functions, which is not limited herein, for example, the fourth public key may also be generated based on the fourth private key and the RSA algorithm.

In a more specific embodiment, the fourth parameter is generated based on one or more of an addition or multiplication of the fourth private key, the second private key, and a third hash value, wherein the third hash value is generated based on the second public key, the fourth public key, and a hash function, and the third hash value c' may be expressed as:

c′＝Hash(g,y _b ,t _b )

Wherein g is the primary root, y _b Is the second public key, t _b Is a fourth public key, c' is a third hash value, mod () represents a modulo operation.

Fourth parameter r _b Can be expressed as:

r _b ＝v _b -c′×b

wherein v is _b Is a fourth private key, c' is a third hash value, b is a second private key, r _b Is the fourth parameter.

According to the formula, the second public key and the second private key can be used in the generation process of the second key parameter, and the second key parameter can be determined to be used for binding with the second device identifier based on the second device having the second device identifier because the second device identifier is bound with the second public key.

In some possible designs, the second message signature is generated by the second device based on a second private key.

In a more specific embodiment, the second message signature is generated based on the second private key and a fourth hash value, wherein the fourth hash value is generated based on the second message and a hash function, and the fourth hash value R' may be expressed as:

r' =hash (second message)

Wherein Hash () represents a Hash function, R' represents a fourth Hash value, and the second message is a message generated by the second device.

Second message signature Sig _b Can be expressed as:

Sig _b ＝g ^b-R′

wherein g is the original root, b is the second private key, R' is the fourth hash value, sig _b Is the second message signature.

In a more specific embodiment, a pre-shared personal identification code (personal identification number, PIN) is present in the first device and the second device, the second message signature is generated by the second device based on the PIN, the hash value R' and the second private key, and the second message signature Sig _b Can be expressed as:

Sig _b ＝g ^b-pin×R

wherein g is the original root, b is the second private key, pin is the pre-shared personal identification code, R' represents the fourth hash value, sig _b Is the second message signature.

The second device may also generate a second message timestamp and a message-inherent field, such as a source destination address, port number, etc.

After the second device identifier, the second key parameter and the second message signature pass verification, the first device generates a shared key, and the specific verification process is as follows.

The first device verifies the second device identification.

In some possible designs, the first device generates the second authentication device identification based on a locally stored second public key. The first device compares the second authentication device identification with the second device identification, and in the case where the second authentication device identification is the same as the second device identification, the first device determines that the second device identification is authenticated.

The first device generates a second verification device identification based on the locally stored second public key, the second seed parameter, and the hash function, the first verification device identification being representable as:

ID ₂ ＝Hash(y _b ,IDSeeds2)

wherein y is _b Representing local storageStored second public key, idseds 2 represents second seed argument, hash () represents Hash function, ID ₂ Representing a second authentication device identity.

The first equipment compares the second verification equipment identifier with the second equipment identifier, and under the condition that the second verification equipment identifier is different from the second equipment identifier, the first equipment determines that a locally stored second public key is tampered, and can determine that man-in-the-middle attack possibly occurs in the process of sending a second message, replaces the second public key, and returns an equipment identifier declaration error to the second equipment, and the second equipment is required to re-declare the equipment identifier by attaching the declared second equipment identifier, the corresponding public key and a second key parameter; in the case that the second authentication device identity is the same as the second device identity, the first device determines that the second device identity is authenticated, and further verifies the second key parameter.

The first device verifies the second key parameter.

In some possible designs, the first device verifies the second key parameter based on a locally stored second public key, the first device compares the second verification key parameter to the second parameter, and the first device determines that the second key parameter verifies passing if the second verification key parameter and the second parameter are the same.

The first device generates a third verification hash value c based on the locally stored second public key, the locally stored fourth parameter, and the locally stored second public key and the locally stored third parameter ₂ Generating a second authentication key parameter, the second authentication key parameter being expressed as:

wherein g is the primary root, r _b Is a fourth parameter stored locally, y _b Is a locally stored second public key c ₂ Is a third verification hash value, t ₂ Is the second authentication key parameter.

Comparing the second verification key parameter with the second parameter, and determining that the third parameter and the fourth parameter accord with a certain mapping relation under the condition that the second verification key parameter is the same as the second parameter, wherein the first device determines that the second key parameter passes verification.

The first device verifies the second message signature.

In some possible designs, the first device generates the second authentication public key based on the locally stored second message and the locally stored second message signature. The first device compares the second verification public key with the second public key, and in the case that the second verification public key is the same as the second public key, the first device determines that the second message signature verification passes.

The specific process comprises that the first device generates a fourth verification hash value R based on a locally stored second message and a hash function ₂ Can be expressed as:

R ₂ =hash (second message)

Wherein, hash () is a Hash function, and the second message is a message received by the first device, R ₂ Is a fourth verification hash value.

The first device generates a second verification public key based on the fourth verification hash value and the locally stored second message signature, the second verification public key being representable as:

wherein g is primary root, sig _b Is the second message signature, R ₂ Is a second verification hash value, y ₂ Is the second authentication public key.

In addition to verifying the second device identifier, the second key parameter and the second message signature sent by the received second device, the first device also verifies a second message timestamp sent by the second device, compares the second message timestamp with the local timestamp and a preset time range, and if the second message timestamp does not exceed the local timestamp and is within the preset time range, the first device continues to verify. The first device also verifies a fourth parameter in the second key parameters, compares the fourth parameter with the locally stored parameters of the same type, determines that replay attack occurs in the sending process of the second message under the condition that the two parameters are the same, and determines to discard the received second message; and under the condition that the two parameters are different, the first equipment verifies the correctness of the equipment identification.

The first device generates a shared key between the second device and the first device if the second public key, the second device identification, the second key parameter, and the second message signature pass verification.

The first device is based on the second public key y _b T in the second key parameter _b The generated first private key a and third private key v _a Generating a shared Key between a first device and a first device _ba The shared key may be expressed as:

where HKDF () represents HMAC-based KDF, is an HMAC-based key derivation function,as key material (initial keying material, IKM), timeamp| "shared key" is used as a salt value to increase the randomness of the shared key. It will be appreciated that the shared Key Key _ba The parameters used may also include more or fewer parameters, and are not specifically limited herein.

In the channel establishment method provided by the application, the first equipment can generate the first equipment identification by itself, the second equipment can also generate the second equipment identification by itself, the second equipment can verify the first equipment identification based on the locally stored first public key, the first equipment can verify the second equipment identification based on the locally stored second public key, no third party authority is needed for the generation and verification of the equipment identification in the channel establishment process, the risk of tampering and interception of the equipment identification is reduced, the generated equipment identification has randomness, the privacy of a user can be protected, and the establishment of the channel is carried out more safely.

Besides generating the respective device identifiers, the first device and the second device also need parameters capable of proving the correctness of the device identifiers, so as to further protect the channel establishment process. The first device and the second device each generate a key parameter bound with the device identifier, and the first device sends the first key parameter and the first device identifier to the second device. The second device verifies the first key parameter based on the locally stored first public key, after verification is passed, the first identifier can be determined to be correct, no third device attacks in the process, when verification is failed, the first device identifier can be determined to be replaced, channel establishment is stopped, and safety of channel establishment is improved. Similarly, the first device may also verify the second key parameter sent by the second device.

The first device can also generate a first message signature based on the first private key, the second device generates a second message signature based on the second private key, and the first device can verify the correctness of the received second message signature, so that whether the content of the second message is tampered or not is determined, the integrity and the authenticity of the content such as the second device identifier, the second key parameter and the like are determined, and after the message signature verification is passed, the channel establishment is completed. Similarly, the second device can verify the first message signature, and the third party authority is not required to participate in the process of generating and verifying the message signature, so that the first device and the second device can complete verification of all parameters through one-time interaction, and respective shared secret keys are generated.

In summary, the present application provides a safer channel establishment method.

In a fourth aspect, an embodiment of the present application provides a channel setting apparatus, which may be applied to a second device. The device comprises: a receiving unit and a processing unit. The receiving unit is used for receiving a first public key, a first equipment identifier, a first key parameter and a first message signature, wherein the first public key, the first equipment identifier, the first key parameter and the first message signature are sent by first equipment, the first equipment identifier is an identifier which is generated by the first equipment and is bound with the first public key, the first key parameter is used for enabling the first equipment to possess the first equipment identifier, and the first public key and the first private key form a pair of key pairs; and the processing unit is used for generating a shared key between the first device and the second device based on the first public key, the first device identifier, the first key parameter and the first message signature after verification.

The channel establishing device further comprises a generating unit and a sending unit, wherein the generating unit is used for generating a second public key, a second equipment identifier, a second key parameter and a second message signature, the second equipment identifier is an identifier which is generated by the second equipment and is bound with the second public key, the second key parameter is used for verifying that the second equipment has the second equipment identifier, and the second public key and the second private key form a pair of key pairs; and the sending unit is used for sending the second public key, the second equipment identifier, the second key parameter and the second message signature to the first equipment.

In a fifth aspect, an embodiment of the present invention provides another channel setting apparatus, which may be applied to a first device, including: the generating unit is used for generating a first public key, a first equipment identifier, a first key parameter and a first message signature; the sending unit is configured to send a first public key, a first device identifier, a first key parameter and a first message signature to the second device, where the first device identifier is an identifier bound to the first public key, the first key parameter is used to verify that the first device has the first device identifier, and the first public key and the first private key form a pair of key pairs. The receiving unit is used for receiving a second public key, a second equipment identifier, a second key parameter and a second message signature, wherein the second public key, the second equipment identifier, the second key parameter and the second message signature are sent by second equipment, the second equipment identifier is an identifier which is generated by the second equipment and is bound with the second public key, the second key parameter is used for verifying that the second equipment has the second equipment identifier, the second key parameter comprises a third parameter and a fourth parameter, and the second public key and the second private key form a pair of key pairs; and the processing unit is used for generating a shared secret key between the second device and the first device based on the second public key, the second device identifier, the second secret key parameter and the second message signature after verification is passed.

In a sixth aspect, an embodiment of the present application provides a communication device, where the computing device includes a processor, a memory, a communication module, and a bus. The processor, the memory and the communication module can be connected with each other through an internal bus, and can also realize communication through other means such as wireless transmission. The memory may store computer instructions for executing any one of the possible implementations of the second or third aspects, implementing the functions of the respective modules. The communication module comprises a transmitter and a receiver, and is used for transmitting and receiving messages transmitted between devices.

In a seventh aspect, embodiments of the present application provide a computer readable storage medium having instructions stored therein, the instructions being executable on the computing device to cause the computing device to perform the method of the above aspects.

Further combinations of the present application may be made to provide further implementations based on the implementations provided in the above aspects.

Drawings

In order to more clearly illustrate the technical solution of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described.

Fig. 1A is a schematic diagram of a channel setup system according to an embodiment of the present application;

fig. 1B is a schematic diagram of another channel setup system according to an embodiment of the present application;

fig. 2 is a flowchart of a channel establishment method according to an embodiment of the present application;

FIG. 3 is a schematic diagram of a semantic randomized ID generation process according to an embodiment of the present application;

fig. 4 is a flowchart of a process for batch network access and authentication of PLC devices according to an embodiment of the present application;

FIG. 5 is a flow chart of a campus network access authentication and ID assignment process provided by an embodiment of the present application;

fig. 6 is a schematic structural diagram of a channel setup device according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a communication device according to an embodiment of the present application.

Detailed Description

For easy understanding, the application scenario of the present application related to decentralization will be described in detail first.

As shown in fig. 1A, after a channel needs to be established between nodes, data transmission between nodes is free. Fig. 1A is a schematic diagram of a channel setup system according to an embodiment of the present application, where a technology used for communication between a first node and a second node may be bluetooth technology, zigbee technology, wireless local area network (Wireless Local Area Network, wlan) technology, ultra-wideband (UWB) technology, and so on. The first node and the second node are electronic devices having data transceiving capabilities. For example, the node may be an automotive cabin (cockpit domain) device, or a module in an automotive cabin device, e.g., one or more of a cabin domain controller (cockpit domain controller, CDC), a camera, a screen, a microphone, a sound, an electronic key, a keyless entry or start system controller, etc. The node may be a data relay device, such as a router, a repeater, a bridge or a switch, or may be a terminal device, such as various types of User Equipment (UE), a mobile phone (mobile phone), a tablet (pad), a desktop computer, a headset, a sound, etc., and may further include a machine smart device, such as a self-driving (self-driving) device, a transportation safety (transportation safety) device, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a machine type communication (machine type communication, MTC) device, an industrial control (industrial control) device, a remote medical (remote media) device, a smart grid (smart grid) device, a smart city (smart city) device, and may further include a wearable device, such as a smart watch, a smart bracelet, a pedometer, etc. In a specific embodiment, the node may comprise an in-vehicle system and a mobile terminal, i.e. short-range communication may be performed between the in-vehicle system and the mobile terminal. In some scenarios, the names of devices with similar data transceiving capabilities may not be referred to as nodes, but for convenience of description, in the embodiment of the present application, the electronic devices with data transceiving capabilities are collectively referred to as nodes.

Under the condition that the first node serves as a transmitting end, the first node is used for generating a first public key, a first equipment identifier, a first key parameter and a first message signature, and transmitting the first public key, the first equipment identifier, the first key parameter and the first message signature to the second node, wherein the first equipment identifier is an identifier which is generated by the first equipment and is bound with the first public key, and the first key parameter is used for verifying that the first equipment has the first equipment identifier.

The second node is configured to receive a first public key, a first device identifier, a first key parameter and a first message signature sent by the first node, and generate a shared key between the first node and the second node after verification of the first public key, the first device identifier, the first key parameter and the first message signature is passed.

The second node is further configured to generate a second public key, a second device identifier, a second key parameter, and a second message signature, and send the content to the first node, where the second device identifier is an identifier generated by the second device and bound to the second public key, and the second key parameter is used to verify that the second device owns the second device identifier.

The first node is similar to the second node, and is configured to receive a second public key, a second device identifier, a second key parameter and a second message signature sent by the second node, generate a shared key between the first node and the second node after verification based on the second public key, the second device identifier, the second key parameter and the second message signature passes, where the shared keys generated by the two nodes are the same.

Under the condition that the first node and the second node generate the shared key, the establishment of the channel between the two nodes is completed, and the nodes encrypt or decrypt the data to be transmitted by using the shared key, so that the safe transmission of the data is realized.

Fig. 1B is a schematic diagram of another channel establishment system provided in an embodiment of the present invention, where the system includes a plurality of terminal devices, where the plurality of terminal devices may be used as a first node at the same time, and a hub device may be used as a second node, where the hub device may be a hub management device in an internet of things environment, and may be an ID allocation server or a router, etc., and multiple channels may be established between the second node and the plurality of first nodes. In practical applications, the channel setup system is used in a situation where there are a large number of first nodes, and the channel setup system of fig. 1A only including the first node and the second node is a simple example of the present system in a situation where one first node and one second node correspond.

Compared with the current channel establishment system, the channel establishment system only comprises the first equipment and the second equipment, and no third-party authority mechanism exists. The first equipment generates the first equipment identifier based on the first public key, the second equipment generates the second equipment identifier based on the second public key, the second equipment can verify the first equipment identifier based on the first public key which is stored locally, the first equipment can verify the second equipment identifier based on the second public key which is stored locally, equipment in the system can generate the equipment identifier itself or verify whether the received equipment identifier is correct or not, and therefore a third party authority is not required to be distributed with the equipment identifier in advance in a channel establishment system, and the correctness of the equipment identifier is verified, so that the privacy of a user can be further protected, and the establishment of a channel is safer.

As shown in fig. 2, fig. 2 is a flowchart of a channel establishment method according to the present application, which can be applied to the systems shown in fig. 1A and 1B, and the method includes the following steps.

S201: the first device generates a first public key, a first device identification, a first key parameter, and a first message signature.

In some possible designs, the first public key is generated by the first device based on the first private key.

In a more specific embodiment, the first private key is generated based on a first seed parameter, wherein the first seed parameter may include one or more of a service set identification (service set identifier, SSID), hostname, physical address MAC address, and random number. It will be appreciated that the first seed parameter may also include more or less parameters, not specifically defined herein. In a more specific embodiment, the first private key is generated based on a seed parameter and a key derivation function (key derivation function, KDF). For example, the first private key may be expressed as:

a＝KDF(IDSeeds1)；

where idsceeds 1 is the first seed parameter, a is the first private key, and KDF () is the key derivation function. In the above example, the first private key is generated by the key derivation function as an example, and in other embodiments, the first private key may be generated by another function, which is not limited herein.

In a more specific embodiment, the first public key is generated based on a first private key and DH algorithm, the first public key y _a Can be expressed as:

y _a ＝g ^a mod(p)

wherein g is the primary root, p is a large prime number, y _a Is a first public key, a is a first private key, mod () represents modulo arithmetic, and the first public key and the first private key form a pair of keysFor each pair. In the above example, the first public key is generated by the DH algorithm, but in other embodiments, the first public key may also be generated by other functions, which is not limited herein, for example, the first public key may also be generated based on the first private key and the RSA algorithm.

In some possible designs, the first device identification is generated by the first device based on the first public key. In a more specific embodiment, the first device identification is generated based on the first public key and the first seed parameter. It will be appreciated that the first device identification may also be generated based on further parameters, not specifically defined herein.

ID _a ＝Hash(y _a ,IDSeeds1)

wherein y is _a Is the first public key, idseds 1 is the first seed parameter, hash () is the Hash function, ID _a Is the first device identity, and it can be determined that the first device identity is an identity bound to the first public key according to the above formula.

The first public key is used as one of the inputs in the generation process of the first equipment identifier, the first equipment identifier and the first public key can be determined to be bound, the first equipment identifier is changed according to the difference of the first private key, the first equipment identifier can be declared by the first equipment, and the third party authority is not required to be allocated in advance, so that the method can better protect the privacy of the user.

In some possible designs, the first key parameter is generated by the first device, including a first parameter and a second parameter, wherein the first parameter is the third public key, is generated by the first device based on the third private key, and the second parameter is generated by the first device based on the third private key and the first private key.

In a more specific embodiment, the third private key is generated based on a third seed parameter, wherein the third seed parameter may include one or more of a service set identification (service set identifier, SSID), hostname, physical address MAC address, and nonce. It will be appreciated that the third seed parameter may also include more or less parameters, not specifically defined herein. In a more specific embodiment, the third private key is generated based on the seed parameter and a key derivation function (key derivation function, KDF). For example, the third private key may be expressed as:

v _a ＝KDF(IDSeeds3)

Wherein IDSeeds3 is the third seed parameter, v _a As a third private key, KDF () is a key derivation function. In the above example, the generation of the third private key by the key derivation function is described as an example, and in other embodiments, the third private key may be generated by another function, which is not limited herein.

In a more specific embodiment, the third public key is generated based on a third private key and DH algorithm, the third public key t _a Can be expressed as:

wherein g is the primary root, p is a large prime number, t _a Is the third public key, also the first parameter, v _a Is a third private key, mod () represents a modulo operation, and the third public key and the third private key form a pair of key pairs. In the above example, the third public key is generated by the DH algorithm, but in other embodiments, the third public key may also be generated by other functions, which is not limited herein, for example, the third public key may also be generated based on the third private key and the RSA algorithm.

In a more specific embodiment, the second parameter is generated based on one or more of a third private key, a first private key, and a first hash value, where the first hash value is generated based on the first public key, the third public key, and a hash function, and the first hash value c may be expressed as:

c＝Hash(g,y _a ,t _a )

Wherein, the liquid crystal display device comprises a liquid crystal display device,g is the root, y _a Is the first public key, t _a Is a third public key, c is a first hash value, mod () represents a modulo operation.

Second parameter r _a Can be expressed as:

r _a ＝v _a -c×a

In some possible designs, the first message signature is generated by the first device based on the first private key.

r=hash (first message)

First message signature Sig _a Can be expressed as:

Sig _a ＝g ^a-R

In a more specific embodiment, a pre-shared personal identification code (personal identification number, PIN) is present in the first device and the second device, the first message signature is generated by the first device based on the PIN, the second hash value R and the first private key, and the first message signature Sig _a Can be expressed as:

Sig _a ＝g ^a-pin×R

wherein g is the originalRoot, a is the first private key, pin is the pre-shared personal identification code, R is the second hash value, sig _a Is the first message signature.

The first device may also generate a first message timestamp and a message inherent field, such as a source destination address, a port number, and the like, which is not specifically limited by the present application.

S202: the first device sends the first public key, the first device identification, the first key parameter, and the first message signature to the second device.

After the first device generates the first public key, the first device identifier, the first key parameter and the first message signature, the first device sends the generated content to the second device, and may also send the timestamp of the first message generated by the first device and the inherent fields of the message, such as the source destination address, the port number and other content, to the second device.

S203: the second device generates a second public key, a second device identification, a second key parameter, and a second message signature.

b＝KDF(IDSeeds2)

y _b ＝g ^b mod(p)

ID _b ＝Hash(y _b ,IDSeeds2)

the second device identity may be determined to be an identity bound to the second public key according to the above formula.

The second public key is used as one of the inputs in the generation process of the second equipment identifier, the second equipment identifier and the second public key can be determined to be bound, the second equipment identifier is changed according to the difference of the second private key, the second equipment identifier can be declared by the second equipment, and the third party authority is not required to be allocated in advance, so that the method can better protect the privacy of the user.

v _a ＝KDF(IDSeeds4)

c′＝Hash(g,y _b ,t _b )

Fourth parameter r _b Can be expressed as:

r _b ＝v _b -c′×b

r' =hash (second message)

Second message signature Sig _b Can be expressed as:

Sig _b ＝g ^b-R′

In a more specific embodiment, there is a pre-shared personal identification code (personal) in the first device and the second deviceidentification number, PIN), the second message signature being generated by the second device based on the PIN code, the hash value R' and the second private key, the second message signature Sig _b Can be expressed as:

Sig _b ＝g ^b-pin×R

The second device may also generate a second message timestamp and a message inherent field, such as a source destination address, a port number, and the like, which is not specifically limited by the present application.

S204: the second device generates a shared key after the second device passes the first public key, the first device identifier, the first key parameter and the first message signature verification.

The second device receives the first public key, the first device identifier, the first key parameter and the first message signature sent by the first device, and verifies the received first device identifier, the received first key parameter and the received first message signature, wherein the specific verification process is as follows.

The second device verifies the first device identification.

ID ₁ ＝Hash(y _a ,IDSeeds1)

The second device verifies the first key parameter.

Comparing the first verification key parameter with the first parameter, and under the condition that the first verification key parameter is the same as the first parameter, determining that the first parameter and the second parameter accord with a certain mapping relation, proving the ownership of the sending end to the first private key, and determining that the first key parameter passes the verification by the second equipment.

The second device verifies the first message signature.

R ₁ =hash (first message)

The second device is based on the first public key y _a T in the first key parameter _a The generated second private key b and fourth private key v _b Generating a shared Key between a first device and a second device _ab The shared key may be expressed as:

where HKDF () represents HMAC-based KDF, is an HMAC-based key derivation function,as keying material (initial keying material, IKM), timeamp _a The shared key is used as a salt value to increase the randomness of the shared key. It will be appreciated that the parameters used by the key derivation function may also include more or fewer parameters, and are not specifically limited herein.

S205: the second device sends the second public key, the second device identification, the second key parameter, and the second message signature to the first device.

After the second device generates the second public key, the second device identifier, the second key parameter and the second message signature, the second device sends the generated content to the first device, and may also send the timestamp of the second message and the inherent field of the message, such as the source destination address, the port number and other contents to the first device.

S206: the first device generates a shared key after the second public key, the second device identifier, the second key parameter and the second message signature pass verification.

The first device receives the second public key, the second device identifier, the second key parameter and the second message signature sent by the second device, and verifies the received second device identifier, second key parameter and second message signature, wherein the specific verification process is as follows.

The first device verifies the second device identification.

ID ₂ ＝Hash(y _b ,IDSeeds2)

wherein y is _b IDSeeds2 represents the second seed parameter, hash () represents the Hash function, ID, representing the locally stored second public key ₂ Representing a second authentication device identity.

The first device verifies the second key parameter.

Comparing the second verification key parameter with the second parameter, and under the condition that the second verification key parameter is the same as the second parameter, determining that the third parameter and the fourth parameter accord with a certain mapping relation, proving the possession of the sending end to the second private key, and determining that the second key parameter passes the verification by the first device.

The first device verifies the second message signature.

R ₂ =hash (second message)

The method for establishing the channel can be applied to different network levels such as an application layer, a transmission layer, a network layer, a data link layer and the like, is particularly suitable for self-organizing, decentralizing and other scenes, and is not particularly limited in application scenes.

In the channel establishment method provided by the application, the first equipment can generate the first equipment identification by itself, the second equipment can also generate the second equipment identification by itself, the first equipment can verify the second equipment identification based on the locally stored second public key, the second equipment can verify the first equipment identification based on the locally stored first public key, no third party authority is needed for the generation and verification of the equipment identification in the channel establishment process, the risk of tampering and interception of the equipment identification is reduced, the generated equipment identification has randomness, the privacy of a user can be protected, and the establishment of the channel is carried out more safely.

In one specific implementation, a self-resolving key exchange protocol (self-resolved key agreement protocol, SKAP) may be used for the establishment of the wireless secure channel. The channel establishment method in this embodiment is improved only in the step of generating the device identifier compared to the channel establishment method described in fig. 2, and other steps are the same as those described above.

First, the first device generates a first device identification based on the channel setup method described in fig. 2. The first device identification is generated by the first device based on the first public key, a first seed parameter, and a hash function, wherein the first seed parameter may include one or more of a service set identification (service set identifier, SSID), hostname, physical address MAC address, and a random number. It will be appreciated that the first seed parameter may also include more or less parameters, not specifically defined herein. The first public key is generated based on a first private key generated based on seed parameters and a key derivation function (key derivation function, KDF), the first private key can be expressed as:

a＝KDF(IDSeeds1)

where idsceeds 1 is the first seed parameter, a is the first private key, and KDF () is the key derivation function.

The first public key is generated based on the first private key and the DH algorithm, and the first public key can be expressed as:

y _a ＝g ^a mod(p)

wherein g is the primary root, p is a large prime number, y _a Is a first public key, a is a first private key, mod () represents a modulo operation, and the first public key and the first private key form a pair of key pairs.

ID _a ＝Hash(y _a ,IDSeeds1)

the first equipment identification ID calculated by the method _a The semantic-free randomizing device identification is usually represented by 128-bit characters or special characters which are difficult to read, and cannot be directly read, so that the corresponding first device cannot be directly determined. Thus, to more conveniently and intuitively distinguish devices, the first device may identify the ID with the semantic-less randomized device _a Mapping to semantically randomized device identification ID based on consistent hash _a ' is indicated by a letter that is easy to read. As shown in fig. 3, fig. 3 is a schematic diagram of a semantic randomization device identification generating process according to an embodiment of the present invention. In the process of generating the corresponding semantic randomization device identifications based on the semantic-free randomization device identifications, firstly, dividing all the semantic-free randomization device identifications into a plurality of ranges, assigning a semantic device identification prefix to each range, such as a superman, a crazy master and the like shown in fig. 3, and under the condition that the semantic-free randomization device identifications are obtained by calculation, the first device can determine the range of the semantic-free randomization device identifications, thereby determining the corresponding text prefixes with the semantic-free randomization device identifications. The second device can determine the corresponding first device according to the received text prefix of the first semantic randomization device identification, and the process of the second device for verifying the first semantic randomization device identification through calculation is simplified.

According to the above, it may be determined that the text prefix of the same semantic randomization device identifier corresponds to a semantic-free randomization device identifier within a range, so that semantic-free randomization device identifiers generated by different devices may have the same semantic prefix, at this time, the second device cannot distinguish different devices, and in order to avoid this situation, the first device may further generate a digital suffix corresponding to the semantic-free randomization device identifier based on the semantic-free randomization device identifier. As shown in fig. 3, the first device may generate a four-bit random number based on a hash algorithm and a semantic-free randomizing device identifier, and the number suffix and the text prefix generated by the first device may be combined into a complete semantic-free randomizing device identifier, for example, the semantic-free randomizing device identifier ID1 is converted into a semantic-free randomizing device identifier ID1' "crazy master #5461" through calculation, which can be understood that the first device may also map the semantic-free randomizing device identifier into a random number with more or less digits, which is not particularly limited in the present application.

In order to avoid the problem of repeated semantic randomization device identifiers in the channel establishment process, a first device scans devices which can be connected around the first device and can self-declare the device identifiers under the condition that the semantic randomization device identifiers corresponding to the semantic randomization device identifiers are generated but the semantic randomization device identifiers are not sent to a second device by the first device, so as to check whether the same semantic randomization device identifiers exist. Under the condition that the same device with semantic randomization device identification exists, the first device regenerates the public and private key pair, the semantic randomization device identification is not available, and different semantic randomization device identifications are obtained in the same way.

Under the condition that the first device does not scan the same semantic randomization device identification, the first device sends the first semantic randomization device identification, a first key parameter and a first message signature to the second device, the second device scans the devices which can be connected around the second device and can self-declare the device identification after receiving the semantic randomization device identification sent by the first device, and under the condition that the same device with the semantic randomization device identification exists, the second device sends a response message to the first device, wherein the response message comprises error information and error proof, and the error proof comprises the semantic randomization device identification and the key parameter bound by the device identification. And under the condition that the same equipment with the semantic randomization equipment identifier does not exist, and the second equipment verifies that the first equipment with the semantic randomization equipment identifier, the first key parameter and the first message signature pass, the second equipment sends a response message to the first equipment, and at the moment, the response message comprises a second equipment public key, and the second equipment has the semantic randomization equipment identifier, the second equipment key parameter and the second message signature. The first device receives the second device public key, the second device has semantic randomization device identification, second device key parameter and second message signature, and generates a shared key to complete the establishment of the channel between the first device and the second device under the condition that the content verification is passed. The first device may then encrypt data using the shared key, communicate with the second device in encrypted form, and the first device may display the semantically randomized device identification.

The method for establishing the channel used by the first device and the second device in the above embodiments can establish the channel between the devices more securely. In addition, in this embodiment, the first device converts the semantic randomization device identifier into the semantic randomization device identifier, and compared with the device identifier which is represented by multi-digit characters and is difficult to understand, the device identifier represented by short text greatly facilitates the storage and verification of the second device on the first device identifier, and can more conveniently distinguish different devices. Under the condition that the semantic randomization device identification is repeated, the first device or the second device can automatically trigger a device identification repeat processing mechanism, and the device can generate a new semantic randomization device identification, so that the safety of a communication process is ensured.

In a specific implementation process, as shown in fig. 4, fig. 4 is a schematic diagram of a batch networking and authentication process of a PLC device according to an embodiment of the present invention.

Programmable logic controllers (Programmable Logic Controller, PLCs) are digital operation electronic systems designed specifically for use in industrial environments. It adopts a programmable memory, in its interior is stored the instruction for executing logic operation, sequence control, timing, counting and arithmetic operation, etc. and utilizes digital or analog input and output to control various mechanical equipments or production processes. In the fields of industrial internet, internet of things and the like, a large number of PLC devices are required to work, and a central management device is required to manage the PLC devices, so that the PLC devices and the central management device are required to be in communication connection, and the batch networking and authentication process of the PLC devices, that is, the process of establishing channels between the plurality of PLC devices and the central management device, is required, it can be understood that the plurality of PCL devices are respectively used as a first device, the central management device is used as a second device, the second device and the plurality of first devices establish channels, and the specific process of establishing channels in the embodiment is the same as the channel establishment method described in fig. 2 except for the steps of directly scanning the second device to obtain the first public key and the first device identifier of the first device.

Before leaving the factory, the PLC equipment generates respective public and private key pairs according to RSA, DH algorithm and the like, generates respective equipment identifications according to the public keys and seed parameters of the equipment, and is provided with a two-dimensional code which comprises the public keys and the equipment identification information of the corresponding equipment.

Before managing the PLC device, the hub management device needs to first establish a device identification database to determine the device to be managed. In this embodiment, the central management device may acquire the device identifier of the corresponding PLC and the public key of each PLC device by scanning the two-dimensional code carried by each of the plurality of PLC devices, and store all the acquired device identifiers to obtain a device identifier database, thereby determining the PLC device to be managed.

The first PLC equipment generates a first key parameter according to a public-private key pair of the first equipment, the first key parameter is bound with a first PLC equipment identifier, a first request message signature is generated according to the first equipment private key, the first PLC equipment sends a network access registration request to the central management equipment, and a network access registration request message comprising the first PLC equipment public key, the first PLC equipment identifier, the first key parameter and the first message signature is sent to the central management equipment. The central management equipment receives the network access registration request and verifies parameters in the network access registration request message. If the first PLC equipment identifier received by the central management equipment exists in the equipment identifier database of the central management equipment, the first PLC equipment identifier passes verification. Subsequently, the backbone management device verifies the first key parameter and the first message signature transmitted by the first PLC device according to step S204 of verifying the first key parameter and the first message signature by the second device in fig. 2. Based on the first PLC device identifier, the first key parameter and the condition that the signature verification of the first request message passes, the central management device can generate a response message and send the response message to the first PLC device, the first PLC device receives and verifies the response message, and under the condition that the verification passes, the first PLC device generates a shared key to complete the establishment of channels among devices and complete network access registration. Then, channels between other PLC devices and the central management device can be established in the same way, and network access and authentication of the devices are completed.

In the embodiment, the central management equipment inputs the new network access equipment identification in a code scanning mode, a plurality of new network access equipment such as the first PLC equipment and the central management equipment do not need to share a secret key in advance, equipment certificates and the like are acquired from a third-party authority, and the network access authentication process is simplified. And after the first PLC equipment is accessed to the central management equipment, the network access registration authentication can be automatically performed without manual participation, and the implementation process can be applied to the batch network access and authentication process of various equipment capable of self-declaring equipment identification.

In a specific implementation process, as shown in fig. 5, fig. 5 is a schematic flow chart of a campus network access authentication and ID allocation according to an embodiment of the present application. According to the channel establishment method provided by the application, the newly-accessed network equipment is used as a first equipment to send an ID allocation request message to an ID allocation server, wherein the ID allocation server is used as a second equipment. The ID allocation request packet includes a first device identifier generated by the newly-accessed device and a first key parameter, where the first device identifier is an identifier generated by the first device and bound to a first public key, and the first key parameter is used to hold the first device identifier based on the first device. And the ID distribution server receives an ID distribution request message sent by the new network access equipment and verifies the first equipment identifier and the first key parameter. And after the ID distribution server passes the verification based on the first equipment identifier and the first key parameter, generating a response message comprising the second equipment identifier and the second key, and sending the response message to the newly-accessed equipment. The ID assignment server may also sign the response message using the private key and send the response message signature to the new network access device. After receiving the response message, the newly-accessed network device verifies the correctness of the signature of the response message by using the public key, determines that the response message is not tampered under the condition of determining that the response message is correct, acquires and stores a second device identifier and a second secret key in the response message, and can realize network access authentication of the newly-accessed network device and determine device identifier and secret key parameters of the device. After the channel between the newly-accessed device and the ID allocation server is established, the newly-accessed device may encrypt the data using the second key and then transmit the encrypted data to the ID allocation server, where the ID allocation server decrypts the data using the second key.

At present, the process of distributing the device identifier and the key to the newly-accessed device by the ID distribution server does not have any protection, and the device identifier and the key are extremely easy to intercept and tamper by a third device.

In this embodiment, the new network access device may generate a temporary device identifier and a temporary key parameter bound to the device identifier, and the ID allocation server may verify the received temporary device identifier and the key parameter to determine the identity of the new network access device. After verification is passed, a new device identifier, a key and a message signature are generated and sent to the new network access device, the new network access device can verify the correctness of the message signature and is used for determining whether the device identifier and the key are tampered, and the new network access device inputs the new device identifier and the key under the condition that the message signature verification is passed. In summary, the method described in this embodiment may protect the process of the ID allocation server allocating the device identifier and the key to the newly-networked device.

Fig. 6 is a schematic structural diagram of a channel setup apparatus according to the present application, which may be applied to the systems shown in fig. 1A and 1B, and the channel setup apparatus 600 may be applied to a second device. As shown in fig. 6, the channel setup apparatus 600 includes: a generating unit 610, a transmitting unit 620, a receiving unit 630, and a processing unit 640. The receiving unit 630 is configured to receive a first public key, a first device identifier, a first key parameter and a first message signature, where the first device identifier is an identifier that is generated by the first device and bound to the first public key, the first key parameter is used to obtain the first public key and the first private key based on the first device having the first device identifier, and the first public key and the first private key form a pair of key pairs. The processing unit 640 is configured to generate a shared key between the first device and the second device after the first public key, the first device identifier, the first key parameter, and the first message signature pass verification.

The apparatus includes a generating unit 610, configured to generate a second public key, a second device identifier, a second key parameter, and a second message signature, where the second device identifier is an identifier generated by the second device and bound to the second public key, the second key parameter is used to verify that the second device owns the second device identifier, and the second public key and the second private key form a pair of key pairs; the sending unit 620 is configured to send the second public key, the second device identifier, the second key parameter, and the second message signature to the first device.

The functional units of the channel setup apparatus 600 may be used to perform the method of the second device side described in the embodiment of fig. 2. The generation unit 610 in the apparatus may be used to perform step S203 in fig. 2, the transmission unit 620 may be used to perform step S205 in fig. 2, and the reception unit 630 and the processing unit 640 may be used to perform step S203 in fig. 2.

The channel setup apparatus 600 provided by the present application may also be applied to the first device. The channel establishment apparatus applied to the first device includes: the generating unit 610 is configured to generate a first public key, a first device identifier, a first key parameter, and a first message signature; the sending unit 620 is configured to send a first public key, a first device identifier, a first key parameter, and a first message signature to the second device, where the first device identifier is an identifier bound to the first public key, the first key parameter is used to verify that the first device owns the first device identifier, and the first public key and the first private key form a pair of key pairs. A receiving unit 630, configured to receive a second public key, a second device identifier, a second key parameter, and a second message signature sent by a second device, where the second device identifier is an identifier generated by the second device and bound to the second public key, the second key parameter is used to verify that the second device owns the second device identifier, the second key parameter includes a third parameter and a fourth parameter, and the second public key and the second private key form a pair of key pairs; the processing unit 640 is configured to generate a shared key between the second device and the first device after the second public key, the second device identifier, the second key parameter, and the second message signature pass verification.

The functional units of the channel setup apparatus 600 may be used to perform the method of the first device side described in the embodiment of fig. 2. The generation unit 610 in the apparatus may be used to perform step S201 in fig. 2, the transmission unit 620 may be used to perform step S202 in fig. 2, and the reception unit 630 and the processing unit 640 may be used to perform step S206 in fig. 2.

Fig. 7 is a schematic structural diagram of a communication device according to the present application, which may be applied to the system shown in fig. 1A and fig. 1B, and may be applied to a first node or a second node. As shown in fig. 7, the communication apparatus 700 includes: processor 710, memory 720, communication module 730, wherein the communication module comprises a receiver and a transmitter. The processor, the memory and the communication module can be connected with each other through an internal bus, and can also realize communication through other means such as wireless transmission.

The processor 710 may be comprised of at least one general purpose processor, such as a central processing unit (central processing unit, CPU), or a combination of CPU and hardware chips. The hardware chip may be an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD), or a combination thereof. The PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL), or any combination thereof. Processor 710 is configured to execute various types of digitally stored instructions.

The memory 720 may be volatile memory (volatile memory), such as random access memory (random access memory, RAM), dynamic RAM (DRAM), static RAM (SRAM), synchronous dynamic RAM (synchronous dynamic RAM, SDRAM), double data rate RAM (DDR), cache (cache), etc., and the memory may also include combinations of the above. Memory 720 includes program code that, when executed, causes processor 710 to perform all of the steps included in fig. 2, implementing the functions of fig. 2.

The communication module 730 includes a receiver for receiving data and a transmitter for transmitting data to the contralateral device. The receiver and transmitter constitute a communication module, which may be configured to receive and transmit information in accordance with one or more other types of wireless communications, such as bluetooth, IEEE 802.11 communication protocols, cellular technology, worldwide interoperability for microwave access (worldwide interoperability for microwave Access, wiMAX) or long term evolution (long term evolution, LTE), zigBee protocols, dedicated short range communications (dedicated short range communications, DSRC), and radio frequency identification (radio frequency identification, RFID) communications, etc.

It should be noted that fig. 7 is merely one possible implementation of an embodiment of the present application, and the computing device may include more or fewer components in practical applications, which are not limited herein.

Embodiments of the present application also provide a computer-readable storage medium having instructions stored therein that, when executed on a processor, implement the method flow shown in fig. 2.

Embodiments of the present application also provide a computer program product, which when run on a processor, implements the method flow shown in fig. 2.

When the computer program instructions are loaded or executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus.

The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means from one website, computer, server, or data center. Computer readable storage media can be any available media that can be accessed by a computer or data storage nodes, such as servers, data centers, etc. that contain at least one set of available media. Usable media may be magnetic media (e.g., floppy disks, hard disks, magnetic tape), optical media (e.g., high-density digital video discs (digital video disc, DVDs), or semiconductor media).

The present invention is not limited to the above embodiments, and various equivalent modifications and substitutions can be easily made by those skilled in the art within the technical scope of the present invention, and these modifications and substitutions are intended to be included in the scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims

1. A method of channel establishment for communication between a first device and a second device, comprising:

the second device receives a first public key, a first device identifier, a first key parameter and a first message signature, wherein the first public key, the first device identifier, the first key parameter and the first message signature are sent by a first device, the first device identifier is an identifier which is generated by the first device and is bound with the first public key, the first key parameter is used for verifying that the first device has the first device identifier, and the first public key and the first private key form a pair of key pairs;

and the second device generates a shared secret key between the first device and the second device based on the first public key, the first device identifier, the first secret key parameter and the first message signature after verification is passed.

2. The method according to claim 1, wherein the method further comprises:

the second device sends a second public key, a second device identifier, a second key parameter and a second message signature to the first device, wherein the second device identifier is an identifier which is generated by the second device and bound with the second public key, the second key parameter is used for verifying that the second device owns the second device identifier, and the second public key and the second private key form a pair of key pairs.

3. The method of claim 2, wherein the first device identification is generated based on the first public key, a first seed parameter, and a hash function, wherein the first seed parameter comprises one or more of a service set identification, SSID, hostname, physical address, and nonce.

4. A method according to claim 3, wherein the first key parameter comprises a first parameter and a second parameter, wherein the first parameter is a third public key and the second parameter is generated based on a third private key and the first private key, the third public key and the third private key forming a pair of key pairs.

5. The method of claim 4, wherein the second parameter is generated based on one or more of an addition or multiplication operation of the third private key, the first private key, and a first hash value, wherein the first hash value is generated based on the first public key, the third public key, and the hash function.

6. The method of claim 5, wherein the first message signature is generated based on the first private key and a second hash value or is generated based on the first private key, the second hash value, and a personal identification code, wherein the second hash value is generated based on a first message and the hash function, and wherein the personal identification code is present in the first device and the second device.

7. The method of claim 6, wherein prior to generating the shared key between the first device and the second device, the method further comprises:

the second device verifies the first device identification, the first key parameter, and the first message signature.

8. The method of claim 7, wherein the second device verifying the first device identification comprises:

The second device generates a first verification device identification based on a locally stored first public key;

the second device compares the first authentication device identification with the first device identification;

the second device determines that the first device identity is authenticated if the first authentication device identity is the same as the first device identity.

9. The method of claim 8, wherein the second device generating a first authentication device identification based on a locally stored first public key comprises:

the second device generates the first authentication device identification based on the locally stored first public key, the seed parameter, and the hash function.

10. The method of claim 9, wherein the second device verifying the first key parameter comprises:

the second device generating a first authentication key parameter based on the locally stored first public key;

the second device comparing the first authentication key parameter with the first parameter;

the second device determines that the first key parameter is authenticated if the first authentication key parameter is the same as the first parameter.

11. The method of claim 10, wherein the second device generating a first authentication key parameter based on the locally stored first public key comprises:

the second device generates a first verification key parameter based on the locally stored first public key, the locally stored second parameter, and a first verification hash value generated based on the locally stored first public key and the locally stored first parameter.

12. The method of claim 11, wherein the second device verifying the first message signature comprises:

the second device generates a first verification public key based on the first message and a locally stored first message signature;

the second device comparing the first authentication public key with the first public key;

and under the condition that the first verification public key and the first public key are the same, the second equipment determines that the first message signature passes verification.

13. The method of claim 12, wherein the second device generating a first verification public key based on the locally stored first message and the locally stored first message signature comprises:

the second device generates a second verification hash value based on the first message and a hash function;

The second device generates the first verification public key based on the second verification hash value and the locally stored first message signature.

14. The method of claim 13, wherein the second device generating a shared key between the first device and the second device after the first public key, the first device identification, the first key parameter, and the first message signature verification pass comprises:

the second device generates a shared key between the first device and the second device based on the second private key, a fourth private key generated by the second device, the first public key, and the first parameter.

15. A method of channel establishment for communication between a first device and a second device, comprising:

the first device generates a first public key, a first device identifier, a first key parameter and a first message signature;

the first device sends the first public key, the first device identifier, the first key parameter and the first message signature to the second device, wherein the first device identifier is an identifier bound with the first public key, the first key parameter is used for verifying that the first device owns the first device identifier, and the first public key and the first private key form a pair of key pairs;

The first device receives a second public key, a second device identifier, a second key parameter and a second message signature, wherein the second public key, the second device identifier, the second key parameter and the second message signature are sent by a second device, the second device identifier is an identifier which is generated by the second device and is bound with the second public key, the second key parameter is used for verifying that the second device has the second device identifier, the second key parameter comprises a third parameter and a fourth parameter, and the second public key and the second private key form a pair of key pairs;

and the first equipment generates a shared secret key between the second equipment and the first equipment based on the second public key, the second equipment identifier, the second secret key parameter and the second message signature after verification is passed.

16. The method of claim 15, wherein the first device generating a first device identification comprises:

the first device generates the first device identifier based on the first public key, a first seed parameter, and a hash function, wherein the first seed parameter includes one or more of a service set identifier SSID, a hostname, a physical address, and a random number.

17. The method of claim 16, wherein the first device generating the first key parameter comprises:

The first device generates a third private key and a third public key, the third public key is used as a first parameter in first key parameters, the first key parameters comprise a first parameter and a second parameter, and the third public key and the third private key form a pair of key pairs;

the first device generates a first hash value based on the first public key, the third public key, and the hash function;

the first device generates a second parameter of the first key parameters based on one or more of an addition operation or a multiplication operation of the third private key, the first private key, and the first hash value.

18. The method of claim 17, wherein the first device generating a first message signature comprises:

the first device generates a second hash value based on the first message and the hash function;

the first device generates the first message signature based on the first private key and the second hash value, or generates the first message signature based on the first private key, the second hash value, and a personal identification code.

19. The method of claim 18, wherein prior to generating the shared key between the second device and the first device, the method further comprises:

The first device verifies the second device identification, the second key parameter, and the second message signature.

20. The method of claim 19, wherein the first device verifying the second device identification comprises:

the first device generates a second verification device identification based on a locally stored second public key;

the first device compares the second authentication device identification with the second device identification;

the first device determines that the second device identity is authenticated if the second authentication device identity is the same as the second device identity.

21. The method of claim 20, wherein the first device generating a second authentication device identification based on a locally stored second public key comprises:

the first device generates the second authentication device identification based on the locally stored second public key, the two seed parameters, and the hash function, wherein the second seed parameters include one or more of a service set identification SSID, a hostname, a physical address, and a random number.

22. The method of claim 21, wherein the first device verifying the second key parameter comprises:

The first device generating the second authentication key parameter based on the locally stored second public key;

the first device comparing the second authentication key parameter with the third parameter;

the first device determines that the second key parameter is authenticated if the second authentication key parameter and the third parameter are the same.

23. The method of claim 22, wherein the first device generating a second authentication key parameter based on the locally stored second public key comprises:

the first device generates a second authentication key parameter based on the locally stored second public key, a locally stored fourth parameter, and a third authentication hash value generated based on the locally stored second public key and the locally stored third parameter.

24. The method of claim 23, wherein the first device verifying the second message signature comprises:

the first device signs the generated second verification public key based on the second message and a locally stored second message;

the first device comparing the second authentication public key with the second public key;

and under the condition that the second verification public key is the same as the second public key, the first device determines that the second message signature passes verification.

25. The method of claim 24, wherein the first device generating a second verification public key based on the locally stored second message and the locally stored second message signature comprises:

the first device generates a fourth verification hash value based on the second message and a hash function;

the first device generates the second verification public key based on the fourth verification hash value and the locally stored second message signature.

26. An apparatus for channel establishment, applied to a second device, the apparatus comprising:

the receiving unit is used for receiving a first public key, a first equipment identifier, a first key parameter and a first message signature, wherein the first public key, the first equipment identifier, the first key parameter and the first message signature are sent by first equipment, the first equipment identifier is an identifier which is generated by the first equipment and is bound with the first public key, the first key parameter is used for enabling the first equipment to own the first equipment identifier, and the first public key and the first private key form a pair of key pairs;

and the processing unit is used for generating a shared secret key between the first equipment and the second equipment based on the first public key, the first equipment identifier, the first secret key parameter and the first message signature after verification is passed.

27. The apparatus of claim 26, further comprising a generating unit and a transmitting unit:

the generation unit is used for generating a second public key, a second equipment identifier, a second key parameter and a second message signature, wherein the second equipment identifier is an identifier which is generated by the second equipment and is bound with the second public key, the second key parameter is used for verifying that the second equipment has the second equipment identifier, and the second public key and the second private key form a pair of key pairs;

and the sending unit is used for sending the second public key, the second equipment identifier, the second key parameter and the second message signature to the first equipment.

28. An apparatus for channel establishment, applied to a first device, the apparatus comprising:

the generation unit is used for generating a first public key, a first equipment identifier, a first key parameter and a first message signature;

a sending unit, configured to send the first public key, the first device identifier, the first key parameter, and the first message signature to the second device, where the first device identifier is an identifier bound to the first public key, the first key parameter is used to verify that the first device owns the first device identifier, and the first public key and the first private key form a pair of key pairs;

The receiving unit is used for receiving a second public key, a second equipment identifier, a second key parameter and a second message signature, wherein the second public key, the second equipment identifier, the second key parameter and the second message signature are sent by second equipment, the second equipment identifier is an identifier which is generated by the second equipment and is bound with the second public key, the second key parameter is used for verifying that the second equipment has the second equipment identifier, the second key parameter comprises a third parameter and a fourth parameter, and the second public key and the second private key form a pair of key pairs;

and the processing unit is used for generating a shared secret key between the second equipment and the first equipment based on the second public key, the second equipment identifier, the second secret key parameter and the second message signature after verification passes.

29. A communication device, characterized in that the computing device comprises a processor and a memory, the memory storing a computer program, the processor executing the computer program to cause the computing device to perform the method of any of claims 1 to 25.

30. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a program which, when run on a computing device, causes the computing device to perform the method of any of claims 1 to 25.