CN117499026A - Group equipment secret key updating method and system - Google Patents

Group equipment secret key updating method and system Download PDF

Info

Publication number
CN117499026A
CN117499026A CN202311345423.2A CN202311345423A CN117499026A CN 117499026 A CN117499026 A CN 117499026A CN 202311345423 A CN202311345423 A CN 202311345423A CN 117499026 A CN117499026 A CN 117499026A
Authority
CN
China
Prior art keywords
key
update
target
verification
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311345423.2A
Other languages
Chinese (zh)
Inventor
王闯
孙伟
吴戈
黄炎
王敬伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongfeng Motor Group Co Ltd
Original Assignee
Dongfeng Motor Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dongfeng Motor Group Co Ltd filed Critical Dongfeng Motor Group Co Ltd
Priority to CN202311345423.2A priority Critical patent/CN117499026A/en
Publication of CN117499026A publication Critical patent/CN117499026A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a group equipment secret key updating method and a system, which comprises the steps of firstly determining a target host initiating secret key updating; then the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key; then the first verification is carried out by sending the first verification result to a target secondary server; if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key. Therefore, by increasing the verification process of the server to the host initiating the key update, an attacker cannot forge the key update message without knowing the communication key, and the random number in the message can avoid the attacker from carrying out replay attack on the protocol, thereby improving the security.

Description

Group equipment secret key updating method and system
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a method and a system for updating a group device key.
Background
The secret key is a parameter which is input in an algorithm for converting plaintext into ciphertext or converting ciphertext into plaintext, the secret key is divided into a symmetric secret key and an asymmetric secret key, and the security of group communication is crucial for constructing distributed application in a dynamic peer-to-peer group network environment. Currently, the challenge faced by secure group communications is how to design a secure, efficient, robust and scalable group key management scheme that allows each party in the group communication to obtain a shared key, called the group key.
For the TTS protocol, the protocol allows the joining and leaving of group members while changing the communication key of the server, is a good dynamic group key agreement protocol. But there is a problem in that an attacker plays back or arbitrarily generates a new key update message to disrupt the normal operation of the protocol.
Disclosure of Invention
In view of the foregoing, the present invention is directed to a method and system for updating a group device key.
According to a first aspect of the present invention, there is provided a group device key updating method, comprising:
determining a target host initiating key update;
the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key;
transmitting the first key update message to the target secondary server for first verification;
if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification;
if the second verification is successful, determining a target update key between the host and the secondary server according to the update key.
Optionally, determining the target host that initiates the key update includes:
when detecting a new member or a leaving member in the group device, the total server randomly determines a target secondary server from the connected secondary servers;
the target secondary server randomly determines a target host for initiating key update from the connected hosts.
Optionally, before the target host generates the update key and the random number, the method further includes:
the target secondary server generates a first temporary key and sends the first temporary key to the target host.
Optionally, before the target secondary server determines the second key update message according to the update key, the random number, and the received second temporary key, the method further includes:
the master server generates a second temporary key and sends the second temporary key to the target secondary server.
Optionally, the target secondary server performs a first verification, including:
the target secondary server decrypts the first key update message;
if the decrypted first key updating message is consistent with the updating key and the random number, the first verification is successful;
otherwise, it is unsuccessful.
Optionally, the total server performs a second verification, including:
the master server decrypts the second key update message;
if the decrypted second key updating message is consistent with the updating key and the random number, the second verification is successful;
otherwise, it is unsuccessful.
According to a second aspect of the present invention, there is provided a group device key updating system comprising:
the target host is a host initiating key updating; the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key;
the target secondary server is used for receiving the first key update message and performing first verification; when the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key,
the master server is used for receiving the second key update message and performing second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key.
Optionally, the total server also randomly determines a target secondary server from the connected secondary servers by detecting a new member or an outgoing member in the group device;
the target secondary server randomly determines a target host for initiating key update from the connected hosts.
According to a third aspect of the present invention, there is provided an electronic device comprising: the group device key updating method comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the group device key updating method when executing the computer program.
According to a fourth aspect of the present invention, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the group device key updating method described above.
The above-mentioned one or more technical solutions in the embodiments of the present disclosure at least have the following technical effects:
the embodiment of the specification provides a group equipment secret key updating method and system, which comprises the steps of firstly determining a target host initiating secret key updating; then the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key; then the first key update message is sent to the target secondary server for first verification; if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key. Therefore, by increasing the verification process of the server to the host initiating the key update, an attacker cannot forge the key update message because the attacker does not know the communication key, and the random number in the message can prevent the attacker from carrying out replay attack on the protocol, thereby avoiding attack and improving safety.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also throughout the drawings, like reference numerals are used to designate like parts.
In the drawings:
fig. 1 is a flowchart of a group device key update method in an embodiment of the present invention.
Fig. 2 is a block diagram of a group device key update system in accordance with an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
In the description of the present invention, it should also be noted that, unless explicitly specified and limited otherwise, the terms "disposed," "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
Referring to fig. 1, the present embodiment provides a method for updating a group device key, which includes steps 101 to 105:
step 101: determining a target host initiating key update;
in this embodiment, the group device key updating method is applied to the group device key updating system. The system comprises a total server, a plurality of secondary servers connected with the total server, and a plurality of hosts connected with the secondary servers. The group key needs to be updated when members are added or removed from the group device.
For example, there are 3 secondary servers connected to the total server, namely secondary server a, secondary server B, and secondary server C, each of which is connected to a number of hosts. When the host a connected to the secondary server a needs to be removed, the group key needs to be updated. When the newly added host B needs to establish a connection with the secondary server B, the group key needs to be updated.
When the group key needs to be updated, a target host is determined from the hosts as an updater for initiating the key update. Optionally, the step of determining the target host that initiates the key update may include:
when detecting a new member or a leaving member in the group device, the total server randomly determines a target secondary server from the connected secondary servers;
the target secondary server randomly determines a target host for initiating key update from the connected hosts.
Specifically, when there is a host leaving in the group device or a new host joining, the total server determines one secondary server from the plurality of secondary servers as the target secondary server. If there is only one secondary server, then that secondary server acts directly as the target secondary server. After determining the target secondary server, the target secondary server randomly selects one host from a plurality of hosts connected with the target secondary server as a target host. If the number of the hosts connected with the target secondary server is only 1, the host is directly used as the target host. After determining the target host, the target host may initiate a key update.
Step 102: the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key;
in this embodiment, the target host generates a random number R and updates the key X. Wherein, before generating the update key X, the target host and the target secondary server agree on 2 large integers p and g, 1<g<p, these two integers do not need to be kept secret, then, based on the finite field, the target host randomly selects a large integer r (kept secret), and calculates x=g r mod n. In addition, before the target host generates the update key and the random number, the target secondary server generates the first temporary key S1 and sends the first temporary key S1 to the target host. The target host encrypts the update key X and the random number R using the first temporary key S1, denoted as (X, R) S1. The target host uses (X, R) s1, the random number R, and the update key X as the first key update message.
Step 103: transmitting the first key update message to the target secondary server for first verification;
after the first key update message is determined, the target host sends the first key update message to the target secondary server, and the target secondary server performs first verification according to the first key update message so as to verify the integrity of the decrypted X value and the freshness of the R value. In an alternative embodiment, the step of the target secondary server performing the first verification may include:
the target secondary server decrypts the first key update message;
if the decrypted first key updating message is consistent with the updating key and the random number, the first verification is successful;
otherwise, it is unsuccessful.
In this embodiment, the target secondary server knows the first temporary key S1, and decrypts the (X, R) S1 in the first key update message according to the first temporary key S1, and the obtained decrypted X, R is used to verify the integrity of the X value and the freshness of the R value. If the decrypted X, R is the same as the random number R and the update key X in the first key update message, it is indicated that the first verification is successful, and if the decrypted X, R is different from the random number R and the update key X in the first key update message, it is indicated that the first verification is unsuccessful.
Step 104: if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification;
in this embodiment, when the first authentication of the target secondary server is successful, the second authentication is performed. The second authentication is performed by the overall server. The target secondary server re-encrypts the update key X and the random number R with the second temporary key S2, denoted (X, R) S2. And then taking the updated secret key X, the random number R and the (X, R) s2 as a second secret key updating message, and sending the second secret key updating message to the total server, wherein the total server performs second verification according to the second secret key updating message.
It should be noted that, before the target secondary server determines the second key update message according to the update key, the random number, and the received second temporary key, the total server generates the second temporary key and sends the second temporary key to the target secondary server. The second temporary key, similar to the first temporary key, is a symmetrically encrypted temporary key for this key update. At the next key update, additional temporary keys are generated.
In an alternative embodiment, the step of performing the second authentication by the overall server may include:
the master server decrypts the second key update message;
if the decrypted second key updating message is consistent with the updating key and the random number, the second verification is successful;
otherwise, it is unsuccessful.
Similarly to the first verification, when the total server performs the second verification, the total server knows the second temporary secret key S2, and decrypts the (X, R) S2 in the second secret key update message according to the second temporary secret key S2, so as to obtain the decrypted X, R, so as to confirm the authenticity of the update. If the decrypted X, R is the same as the random number R and the update key X in the second key update message, the second verification is successful, and if the decrypted X, R is different from the random number R and the update key X in the second key update message, the second verification is unsuccessful.
Step 105: if the second verification is successful, determining a target update key between the host and the secondary server according to the update key.
In this embodiment, if the second verification is successful, the target update key between each host and the corresponding secondary server may be determined according to the update key. The calculation mode of the secret key is the same as the original TTS protocol, namely, each host calculates a target updated secret key according to the broadcast information of the secondary server and the total server of the subgroup, and the method belongs to the prior art. For example, the total server decrypts ti recent lines based on X for each ti ε { t1, t2, …, tk-1}, calculates M ti =X S2 mod p and broadcast. ti is the k-1 th order equation on the finite field, t1, t2 are the number on the finite field, and Mti refers to the data obtained by decrypting ti. After receiving the data broadcast by the total server, each secondary server calculates { (ti, mti) lt1 ∈ti ∈tk-1}.
In summary, in the method for updating a group device key provided in the embodiments of the present disclosure, a target host initiating a key update is first determined; then the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key; then the first key update message is sent to the target secondary server for first verification; if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key. Therefore, by increasing the verification process of the server to the host initiating the key update, an attacker cannot forge the key update message because the attacker does not know the communication key, and the random number in the message can prevent the attacker from carrying out replay attack on the protocol, thereby avoiding attack and improving safety.
Based on the same inventive concept, referring to fig. 2, this embodiment further provides a group device key updating system, including: the system comprises a total server, a plurality of secondary servers connected with the total server and a plurality of hosts connected with the secondary servers.
The target host is a host initiating key updating; the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key;
the target secondary server is used for receiving the first key update message and performing first verification; when the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key,
the master server is used for receiving the second key update message and performing second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key.
Optionally, the total server also randomly determines a target secondary server from the connected secondary servers by detecting a new member or an outgoing member in the group device;
the target secondary server randomly determines a target host for initiating key update from the connected hosts.
Optionally, the target secondary server is further configured to generate a first temporary key, and send the first temporary key to the target host.
Optionally, the total server is further configured to generate a second temporary key, and send the second temporary key to the target secondary server.
Optionally, when the first verification is performed, the target secondary server decrypts the first key update message;
if the decrypted first key updating message is consistent with the updating key and the random number, the first verification is successful;
otherwise, it is unsuccessful.
Optionally, in performing the second verification, the master server decrypts the second key update message;
if the decrypted second key updating message is consistent with the updating key and the random number, the second verification is successful;
otherwise, it is unsuccessful.
In summary, in the group device key update system provided in the embodiments of the present disclosure, a target host that initiates a key update is first determined; then the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key; then the first key update message is sent to the target secondary server for first verification; if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key. Therefore, by increasing the verification process of the server to the host initiating the key update, an attacker cannot forge the key update message because the attacker does not know the communication key, and the random number in the message can prevent the attacker from carrying out replay attack on the protocol, thereby avoiding attack and improving safety.
The electronic device provided in this embodiment includes a group device key updating device, a memory, a processor, and a communication unit, where the memory stores machine-readable instructions executable by the processor, and when the electronic device is running, the processor and the memory communicate with each other through a bus, and the processor executes the machine-readable instructions and executes a group device key updating method.
The memory, the processor and the communication unit are electrically connected with each other directly or indirectly to realize signal transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The group device key updating means comprises at least one software function module which may be stored in the form of software or firmware (firmware) in a memory. The processor is configured to execute executable modules (e.g., software functional modules or computer programs included in the group device key updating apparatus) stored in the memory.
In some embodiments, a processor is used to perform one or more of the functions described in this embodiment. In some embodiments, a processor may include one or more processing cores (e.g., a single core processor (S) or a multi-core processor (S)). By way of example only, the processor may include a central processing unit (Central Processing Unit, CPU), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), special instruction set processor (Application Specific Instruction-setProcessor, ASIP), graphics processing unit (Graphics Processing Unit, GPU), physical processing unit (Physics Processing Unit, PPU), digital signal processor (Digital Signal Processor, DSP), field programmable gate array (Field Programmable Gate Array, FPGA), programmable logic device (Programmable Logic Device, PLD), controller, microcontroller unit, reduced instruction set computer (ReducedInstruction Set Computing, RISC), microprocessor, or the like, or any combination thereof.
For ease of illustration, only one processor is depicted in the electronic device. However, it should be noted that the electronic device in the present embodiment may also include a plurality of processors, and thus the steps performed by one processor described in the present embodiment may also be performed jointly by a plurality of processors or performed separately. For example, if the processor of the server performs step a and step B, it should be understood that step a and step B may also be performed by two different processors together or performed separately in one processor. For example, the processor performs step a, the second processor performs step B, or the processor and the second processor together perform steps a and B.
In this embodiment, the memory is configured to store a program, and the processor is configured to execute the program after receiving an execution instruction. The method of defining a flow disclosed in any implementation manner of this embodiment may be applied to a processor or implemented by a processor.
The communication unit is used for establishing communication connection between the electronic equipment and other equipment through a network and is used for receiving and transmitting data through the network.
In some embodiments, the network may be any type of wired or wireless network, or a combination thereof.
In this embodiment, the electronic device may be, but is not limited to, an electronic device such as a server, a notebook computer, an ultra-mobile personal computer (ultra-mobile personal computer, UMPC), a netbook, a personal digital assistant (Personal Digital Assistant, PDA), etc., and the embodiment is not limited in particular type.
On the basis of the foregoing, this embodiment provides a readable storage medium, on which a computer program is stored, which when executed by a processor, implements the group device key updating method of any of the foregoing embodiments.
In summary, the method and system for updating a group device key provided in the embodiments of the present disclosure first determine a target host that initiates a key update; then the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key; then the first key update message is sent to the target secondary server for first verification; if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification; if the second verification is successful, determining a target update key between the host and the secondary server according to the update key. Therefore, by increasing the verification process of the server to the host initiating the key update, an attacker cannot forge the key update message because the attacker does not know the communication key, and the random number in the message can prevent the attacker from carrying out replay attack on the protocol, thereby avoiding attack and improving safety.
It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to corresponding procedures in the foregoing method for the specific working procedure of the readable storage medium described above, and thus, redundant description is not necessary.
The above is merely various embodiments of the present invention, but the protection scope of the present invention is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present invention, and the changes and substitutions are intended to be covered in the protection scope of the present invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (10)

1. A method for updating a group device key, comprising:
determining a target host initiating key update;
the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key;
transmitting the first key update message to a target secondary server for first verification;
if the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key, and sends the second key update message to the total server for second verification;
and if the second verification is successful, determining a target update key between the host and the secondary server according to the update key.
2. The method of claim 1, wherein the determining the target host that initiated the key update comprises:
when detecting a new member or a leaving member in the group device, the total server randomly determines a target secondary server from the connected secondary servers;
the target secondary server randomly determines a target host for initiating key update from the connected hosts.
3. The method of claim 1, wherein prior to the target host generating the update key and the random number, the method further comprises:
the target secondary server generates a first temporary key and sends the first temporary key to the target host.
4. The method of claim 1, wherein prior to the target secondary server determining a second key update message based on the update key, the random number, and the received second temporary key, the method further comprises:
the master server generates a second temporary key and sends the second temporary key to the target secondary server.
5. The method of claim 1, wherein the target secondary server performs a first validation comprising:
the target secondary server decrypts the first key update message;
if the decrypted first key updating message is consistent with the updating key and the random number, the first verification is successful;
otherwise, it is unsuccessful.
6. The method of claim 1, wherein the overall server performs a second validation comprising:
the master server decrypts the second key update message;
if the decrypted second key updating message is consistent with the updating key and the random number, the second verification is successful;
otherwise, it is unsuccessful.
7. A group device key update system, comprising:
the target host is a host initiating key updating; the target host generates an update secret key and a random number, and determines a first secret key update message according to the update secret key, the random number and the received first temporary secret key;
the target secondary server is used for receiving the first key update message and performing first verification; when the first verification is successful, the target secondary server determines a second key update message according to the update key, the random number and the received second temporary key,
the total server is used for receiving the second key update message and performing second verification; and if the second verification is successful, determining a target update key between the host and the secondary server according to the update key.
8. The system of claim 7, wherein the overall server also randomly determines a target secondary server from the connected secondary servers using the new member or the leaving member in the detected group device;
the target secondary server randomly determines a target host for initiating key update from the connected hosts.
9. An electronic device, the electronic device comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the group device key update method of any of claims 1-6 when the computer program is executed.
10. A computer readable storage medium, having stored thereon a computer program which when executed by a processor implements a group device key updating method as claimed in any of claims 1-6.
CN202311345423.2A 2023-10-16 2023-10-16 Group equipment secret key updating method and system Pending CN117499026A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311345423.2A CN117499026A (en) 2023-10-16 2023-10-16 Group equipment secret key updating method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311345423.2A CN117499026A (en) 2023-10-16 2023-10-16 Group equipment secret key updating method and system

Publications (1)

Publication Number Publication Date
CN117499026A true CN117499026A (en) 2024-02-02

Family

ID=89680662

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311345423.2A Pending CN117499026A (en) 2023-10-16 2023-10-16 Group equipment secret key updating method and system

Country Status (1)

Country Link
CN (1) CN117499026A (en)

Similar Documents

Publication Publication Date Title
EP3619884B1 (en) Secure dynamic threshold signature scheme employing trusted hardware
EP3491600B1 (en) Blockchain-implemented method and system
CN108886468B (en) System and method for distributing identity-based key material and certificates
KR100956482B1 (en) Establishment of a trusted relationship between unknown communication parties
CN108632261B (en) Multi-party quantum summation method and system
Chow et al. Server-aided signatures verification secure against collusion attack
KR20210139344A (en) Methods and devices for performing data-driven activities
CN108933650B (en) Data encryption and decryption method and device
CN104052608A (en) Certificate-free remote anonymous authentication method based on third party in cloud application
KR100989185B1 (en) A password authenticated key exchange method using the RSA
CN107294696B (en) Method for distributing full homomorphic keys for Leveled
EP3496331A1 (en) Two-party signature device and method
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN110191467B (en) Authentication method, equipment, device and storage medium for Internet of things equipment
Luo et al. A security communication model based on certificateless online/offline signcryption for Internet of Things
Khan et al. Resource efficient authentication and session key establishment procedure for low-resource IoT devices
Salem et al. SOS: Self‐organized secure framework for VANET
KR101131929B1 (en) Public key-based authentication apparatus and method for authentication
CN110266478B (en) Information processing method and electronic equipment
US8484471B2 (en) Multi-party distributed multiplication device, multi-party distributed multiplication system and method
JP2006227411A (en) Communications system, encryption device, key generator, key generating method, restoration device, communication method, encryption method, and cryptography restoration method
WO2023016729A1 (en) Generating digital signature shares
CN117499026A (en) Group equipment secret key updating method and system
Zhang et al. Building PUF as a Service: Distributed Authentication and Recoverable Data Sharing With Multidimensional CRPs Security Protection
CN110572788B (en) Wireless sensor communication method and system based on asymmetric key pool and implicit certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination