WO2018076365A1 - Key negotiation method and device - Google Patents

Key negotiation method and device Download PDF

Info

Publication number
WO2018076365A1
WO2018076365A1 PCT/CN2016/104113 CN2016104113W WO2018076365A1 WO 2018076365 A1 WO2018076365 A1 WO 2018076365A1 CN 2016104113 W CN2016104113 W CN 2016104113W WO 2018076365 A1 WO2018076365 A1 WO 2018076365A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
ciphertext
terminal device
cloud server
random number
Prior art date
Application number
PCT/CN2016/104113
Other languages
French (fr)
Chinese (zh)
Inventor
刘复鑫
Original Assignee
美的智慧家居科技有限公司
美的集团股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 美的智慧家居科技有限公司, 美的集团股份有限公司 filed Critical 美的智慧家居科技有限公司
Priority to PCT/CN2016/104113 priority Critical patent/WO2018076365A1/en
Publication of WO2018076365A1 publication Critical patent/WO2018076365A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present application relates to the field of information security technologies, and in particular, to a key negotiation method and apparatus.
  • SSL Secure Sockets Layer
  • SSL Secure Sockets Layer
  • the purpose of the present application is to solve at least one of the above technical problems to some extent.
  • the first object of the present application is to propose a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost and improving the data transmission. Safe and efficient.
  • a second object of the present application is to propose another method of key agreement.
  • a third object of the present application is to propose a key agreement apparatus.
  • a fourth object of the present application is to propose another key agreement apparatus.
  • a fifth object of the invention is to propose an apparatus.
  • a sixth object of the invention is to propose another device.
  • a seventh object of the present invention is to provide a nonvolatile computer storage medium.
  • An eighth object of the present invention is to provide another non-volatile computer storage medium.
  • the first aspect of the present application provides a key negotiation method, including the following steps: generating a first random number, applying a first public key of a cloud server to the first random number and a terminal device.
  • the identification information is encrypted to generate a first ciphertext;
  • the key negotiation request is sent to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so as to After the first server decrypts the first ciphertext, the cloud server verifies the legality of the terminal device according to the identifier information and the second public key, and receives the cloud server to verify the terminal device.
  • the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and
  • the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • the key negotiation method in the embodiment of the present application further has the following additional technical features:
  • the identifier information is a MAC address of the terminal device
  • the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
  • the applying the session key to encrypt the first character string negotiated in advance with the cloud server including: generating a random length of a preset length by using a random number generator according to a preset period. Splicing the random number with the first character string to generate a second character string; applying the session key to encrypt the second character string, and transmitting the third character string to the cloud server a key confirmation response of the ciphertext, wherein the cloud server applies the session key to decrypt the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
  • the second aspect of the present application provides another key negotiation method, including the following steps: receiving a key negotiation request sent by a terminal device, where the key negotiation request includes: a first ciphertext And the second public key of the terminal device; the first private key of the application cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored query is performed according to the identifier information and the second public key.
  • the license database verifies the legality of the terminal device; if the license database includes the identification information and the second public key, applying the second public key to encrypt the session key, and sending the session key to the terminal device a key agreement response including a second ciphertext, wherein the session key includes the first random number; and receiving, by the terminal device, the second private key to decrypt the second ciphertext to obtain the first a key confirmation response including a third ciphertext sent after the random number, applying the session key to decrypt the third ciphertext to obtain a decryption result; and detecting whether the decryption result includes The first string of the pre-negotiated terminal device determines whether the key negotiation is successful.
  • the key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. again
  • the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity.
  • the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
  • the key negotiation method in the embodiment of the present application further has the following additional technical features:
  • the applying the second public key to encrypt the session key comprises: generating a second random number, and splicing the second random number with the first random number to generate a session a key; the session key is encrypted by applying the second public key.
  • the third aspect of the present application provides a key agreement apparatus, including: an encryption module, configured to generate a first random number, and apply a first public key of a cloud server to the first random number and The identification information of the terminal device is encrypted to generate a first ciphertext; the sending module is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the terminal device a second public key, after the cloud server applies the first private key to decrypt the first ciphertext, and verifies the legality of the terminal device according to the identifier information and the second public key; And a key agreement response including the second ciphertext sent by the second public key after the second public key is encrypted, and the session key is included, after the cloud server is configured to verify that the terminal device is legal.
  • a decryption module configured to apply the second private key to decrypt the second ciphertext, and when the first random number is obtained, apply the session key pair in advance
  • the first string negotiated by the cloud server is encrypted, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session key to the third ciphertext.
  • Decryption processing is performed, and whether the key negotiation is successful is determined according to whether the first character string is included in the decryption result.
  • the key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
  • the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
  • the identifier information is a MAC address of the terminal device
  • the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
  • the decrypting module is configured to: generate a random number of a preset length by using a random number generator according to a preset period; and perform splicing processing on the random number and the first character string to generate a first a second string; the second string is encrypted by applying the session key, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session secret Decrypting the third ciphertext by the key, and rooting Whether the key negotiation is successful is determined according to whether the first string is included in the decrypted result.
  • the fourth aspect of the present application provides another key agreement apparatus, which includes: a receiving module, configured to receive a key negotiation request sent by a terminal device, where the key negotiation The request includes: a first ciphertext and a second public key of the terminal device; the query module is configured to decrypt the first ciphertext by using the first private key of the cloud server to obtain the first random number and the identifier information of the terminal device, according to the Determining the legality of the terminal device by using the identifier information and the second public key query pre-stored license database; the first processing module is configured to: when the license database includes the identifier information and the second public key, Applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number; and the second processing module, Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first
  • the key negotiation apparatus in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, and decrypts the second ciphertext according to the identification information and the second public key.
  • the legality, and the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
  • the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
  • the first processing module is configured to: generate a second random number, splicing the second random number and the first random number to generate a session key; and applying the second The public key encrypts the session key.
  • An embodiment of the fifth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the plurality of processors are executed, performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending the first ciphertext to the cloud
  • the server sends a key negotiation request, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first
  • the ciphertext verifying the legality of the terminal device according to the identifier information and the second public key
  • after receiving the cloud server to verify that the terminal device is legal applying the second public key to the session key a key agreement response including a second ciphertext sent after encryption, wherein the session key includes the first random number; and applying the second private key to solve the second cip
  • the device in the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud device through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and obtains the decryption result.
  • the data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • a sixth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the multiple processors are executed, the following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and a first application cloud server
  • the private key decrypts the first ciphertext to obtain the first random number and the identification information of the terminal device, and queries the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device;
  • the license database includes the identifier information and the second public key, and the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where
  • the session key includes the first random number; and the receiving, by the terminal device, the second private key is used to decrypt the second ciphertext to obtain the first random number, and the
  • the device of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs the decrypted data again.
  • the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity.
  • a seventh aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by a device, causing the device Performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending a key negotiation request to the cloud server,
  • the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, according to the Determining the legality of the terminal device by using the identifier information and the second public key; after receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then sent a key agreement response of the ciphertext, wherein the session key includes the first random number; applying the second private key to decrypt the second ciphertext, if obtained The first random number is used to en
  • the non-volatile computer storage medium of the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key. And encrypting the decrypted data again, sending it to the terminal device, and then decrypting the second ciphertext after the terminal device receives the second ciphertext to verify the identity.
  • the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
  • An eighth aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by one device, causing the device The following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and decrypting the first by using a first private key of the cloud server Obtaining the first random number and the identification information of the terminal device, and verifying the legality of the terminal device according to the identifier information and the second public key querying the pre-stored license database; if the license database includes the identifier information And the second public key, the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where the session key includes the first a random number; receiving a key including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first random number In response to applying the third
  • the non-volatile computer storage medium of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identification information and the second public key, and decrypts the The data is obtained for another encryption, and is simultaneously transmitted to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
  • FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application.
  • FIG. 4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
  • the CA certificate is used on the device side, and the device is authenticated by encrypting and decrypting the public and private keys of the device.
  • the terminal device sends a connection request to the server, and the server sends its own CA certificate and information related to the CA certificate to the terminal device, and the terminal device checks whether the CA certificate sent by the server is issued by the CA center trusted by the server. .
  • the SSL protocol is executed.
  • the terminal device compares the information of the CA certificate, such as the domain name and public key, with the information previously sent by the server.
  • the authentication server is legal only when the information is consistent.
  • the server selects a password scheme with the highest degree of encryption from the password scheme sent by the terminal device, and notifies the terminal device after adding the password of the terminal device, and the terminal device selects the password scheme for the password scheme.
  • a call key which is then sent to the server using the server's public key.
  • the server receives the information sent by the terminal device, decrypts the private key to obtain the session key, and the server and the browser exchange information according to the password symmetric scheme.
  • the present application proposes a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost, which improves the security and efficiency of data transmission. high. details as follows:
  • FIG. 1 is a flow chart of a method of key agreement in accordance with one embodiment of the present application.
  • the key negotiation method includes:
  • Step 110 Generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext.
  • the first random number of the preset length may be generated by the random number generator.
  • the preset length can be rooted Set as needed, such as 5 strings, 10 strings, and so on.
  • the random number may be one or more of letters, numbers, special symbols, and the like.
  • the terminal device may obtain its own identification information, and may perform an encryption operation on the obtained first random number and the identification information by using the first public key of the cloud server that is stored in advance to generate the first ciphertext.
  • the identifier information may be a MAC (Media Access Control) address, or may be an International Mobile Equipment Identity (IMEI), or may be other device identification information, and may be performed according to actual application requirements. Select settings.
  • MAC Media Access Control
  • IMEI International Mobile Equipment Identity
  • the first public key is a key that is pre-agreed with the cloud server and can encrypt the plaintext.
  • the cloud server may pre-generate a pair of permanent first private key and first public key pair by using an asymmetric algorithm, and store it on the cloud server, and the cloud server sends the first public key to the terminal device. Therefore, when the terminal device initiates the connection establishment request to the cloud server, the cloud server can verify the identity of the terminal device by using the first private key to ensure that the illegal terminal device establishes a connection with the cloud server, thereby further improving the security of data transmission.
  • Step 120 Send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first public key to decrypt the first ciphertext, according to the identifier.
  • the information and the second public key verify the legitimacy of the terminal device.
  • the cloud server may use the first private key to decrypt the first ciphertext to obtain the first random number. And identification information.
  • the identification information is the MAC address of the terminal device
  • the validity of the terminal device is verified according to the MAC and the second public key by checking the license database at the same time to confirm whether the license server has generated the MAC and the second public key.
  • the key negotiation request further includes a hash value of the first ciphertext, so that the cloud server applies the first public key to decrypt the first ciphertext, and then verifies the terminal device according to the MAC address, the hash value, and the second public key. legality.
  • the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
  • Step 130 After receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then send a key agreement response including the second ciphertext, where the session key includes the first random number.
  • the cloud server uses the received second public key to encrypt the session key including the first random number to obtain a second operation.
  • the ciphertext is then sent to the terminal device.
  • the cloud server may further generate a second random number, the first random number and the second random number.
  • the number is spliced to obtain spliced data, and the spliced data is encrypted by using the received second public key to obtain a second ciphertext.
  • the second ciphertext is then sent to the terminal device. That is to say, the second ciphertext further includes a second random number generated by the cloud server.
  • the first random number must be included in the session key, and the second random number or other data may be added to further improve security.
  • Step 140 The second public key is used to decrypt the second ciphertext. If the first random number is obtained, the session key is used to encrypt the first character string negotiated in advance with the cloud server, and the third server is sent to the cloud server. The key confirmation response of the file is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
  • the terminal device decrypts the second private key of the terminal device, and after the decryption succeeds, compares the generated first random number with the decrypted plaintext information. If the comparison result includes the first random number, the terminal device confirms that the cloud server passes the authentication.
  • the application session key encrypts the first character string negotiated in advance with the cloud server, and sends a key confirmation response including the third ciphertext to the cloud server for the cloud server application.
  • the session key decrypts the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
  • the encrypting the first character string negotiated in advance with the cloud server by using the session key may be understood as firstly generating a random number of a preset length by using a random number generator according to a preset period.
  • the random number is spliced with the first character string to generate a second character string.
  • the application session key encrypts the second character string, and sends a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and decrypts according to the decryption process. Whether the result contains the first string determines whether the key negotiation is successful.
  • the preset period can be set as needed, for example, 10 minutes, 20 minutes, and the like.
  • the preset length can be set as needed, for example, 5 strings, 10 strings, and the like.
  • the random number may be one or more of letters, numbers, special symbols, and the like.
  • the splicing process can be understood as “random number + first character string”, and can also be understood as “first character string + random number”, and can also be understood as random characters arbitrarily inserted into each character of the first character string. Wait.
  • the result of encrypting the second character string by using a session key pre-negotiated with the cloud server may be used as the third ciphertext by, for example, an MD5 encryption algorithm, a DES encryption algorithm, an RSA encryption algorithm, or the like.
  • the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
  • the algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
  • the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and
  • the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • FIG. 2 is a flow chart of a method of key agreement in accordance with another embodiment of the present application.
  • the key negotiation method includes:
  • Step 210 Receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
  • Step 220 The first private key of the cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored license database is queried according to the identifier information and the second public key to verify the legality of the terminal device.
  • the cloud server may use the first private key to decrypt the first ciphertext, and obtain the first random number and the identification information of the terminal device.
  • step 110 For details of the identification information, refer to step 110, which is not described in detail here.
  • the validity of the terminal device can be verified according to the MAC and the second public key by simultaneously querying the license database to confirm whether the license server has generated the MAC and the second public key.
  • the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
  • Step 230 If the license database includes the identifier information and the second public key, encrypt the session key by applying the second public key, and send a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number.
  • Step 240 The receiving terminal device applies a second private key to decrypt the second ciphertext to obtain a key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decryption result.
  • the license database includes the identifier information and the second public key, and the session key including the first random number is encrypted by using the received second public key to obtain a second ciphertext, and then the second ciphertext is sent to Terminal Equipment.
  • a second random number may be generated, the second random number is spliced with the first random number to generate a session key, and the session key is encrypted by applying a second public key.
  • the cloud server sends a key agreement response including the second ciphertext to the terminal device. Therefore, the receiving terminal device uses the second private key to decrypt the second ciphertext to obtain the key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decrypted result.
  • Step 250 Detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
  • the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
  • the algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
  • the key information that is negotiated with the terminal device is applied to encrypt or decrypt the interaction information. That is, after the key negotiation ends, the interaction information may be processed by using the key information negotiated with the terminal device, which may be one or more of encryption and decryption.
  • the key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption.
  • the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity.
  • FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application.
  • the smart terminal can send a key negotiation request to the cloud server by means of a wireless connection (WIFI, Bluetooth, ZigBee, etc.), wherein the key negotiation request includes the first ciphertext and the second public key.
  • a wireless connection WIFI, Bluetooth, ZigBee, etc.
  • the first ciphertext is obtained by encrypting the first random number R1 and the MAC address of the terminal device by using the first public key of the cloud server.
  • the key negotiation request may be decrypted to obtain corresponding plaintext information, that is, the first random number R1, the MAC address of the terminal device, and the second public key of the terminal device.
  • the cloud server may further generate a second random number R2, and then encrypt the first random number R1 and the second random number R2 obtained by using the second public key to obtain a second ciphertext, and send the second ciphertext to the terminal device.
  • the terminal device may use the second private key to decrypt the second ciphertext, and after the decryption succeeds, send the encrypted authentication pass information to the cloud server, where the authentication pass information is sent. It may be that the pre-set confirmation information ("OK" or the like in FIG. 3) is encrypted and generated based on the first random number R1 and the second random number R2.
  • the cloud server decrypts the information to obtain pre-set character information, and then establishes a secure communication connection according to the authentication pass information.
  • the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and
  • the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
  • the present application also proposes a key agreement apparatus.
  • FIG. 4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application.
  • the key agreement apparatus may include an encryption module 41, a sending module 42, a response module 43, and a decryption module 44.
  • the cryptographic module 41 is configured to generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate the first ciphertext.
  • the sending module 42 is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, The validity of the terminal device is verified according to the identification information and the second public key.
  • the response module 43 is configured to receive a key agreement response that includes the second ciphertext after the cloud server verifies that the terminal device is legal, and the second public key is used to encrypt the session key, where the session key includes the first random number.
  • the decryption module 44 is configured to use the second private key to decrypt the second ciphertext.
  • the application session key encrypts the first string negotiated in advance with the cloud server, and sends the first string to the cloud server.
  • the key confirmation response of the third ciphertext is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
  • the identifier information is a MAC address of the terminal device
  • the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server applies the first private key to decrypt the first ciphertext. After that, the validity of the terminal device is verified according to the MAC address, the hash value, and the second public key.
  • the decrypting module 44 is configured to generate a random number of a preset length by using a random number generator according to a preset period, and perform a splicing process on the random number and the first character string to generate a second character string. Encrypting the second character string by using the session key, and sending a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and according to whether the decryption result is The first string is included to determine if the key negotiation is successful.
  • the key agreement device provided by the embodiment of the present invention corresponds to the key agreement method provided by the foregoing first embodiment. Therefore, the implementation manner of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
  • the key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity.
  • the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
  • FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
  • the key agreement apparatus may include: a receiving module 51, a querying module 52, a first processing module 53, a second processing module 54, and a detecting module 55.
  • the receiving module 51 is configured to receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
  • the query module 52 is configured to use the first private key of the cloud server to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and query the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device.
  • the first processing module 53 is configured to: when the license database includes the identifier information and the second public key, apply the second public key to encrypt the session key, and send a key agreement response including the second ciphertext to the terminal device, where the session is dense
  • the key includes a first random number.
  • the second processing module 54 is configured to receive a key confirmation response including a third ciphertext sent by the terminal device after the second private cipher is decrypted by the second private cipher, and decrypt the third ciphertext by using the session key to obtain the decryption. result.
  • the detecting module 55 is configured to detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
  • the first processing module 53 is configured to generate a second random number, splicing the second random number with the first random number to generate a session key, and applying the second public key to the session key. encryption.
  • the key agreement device provided by the embodiment of the present invention corresponds to the key negotiation method provided in the foregoing second embodiment. Therefore, the implementation of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
  • the key agreement apparatus of the embodiment of the present invention receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption.
  • the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity.

Abstract

Disclosed are a key negotiation method and device. The method comprises: generating a first random number, and using a first public key of a cloud server to encrypt the first random number and identification information about a terminal device so as to generate a first ciphertext; sending, to the cloud server, a key negotiation request comprising the first ciphertext and a second public key of the terminal device; receiving a key negotiation response comprising a second ciphertext and being sent by the cloud server after using the second public key to encrypt a session key comprising the first random number and after verifying that the terminal device is legitimate; and using a second private key to decrypt the second ciphertext, and when the first random number is obtained, using the session key to encrypt a first character string negotiated with the cloud server in advance, and sending a key acknowledgement response comprising a third ciphertext to the cloud server. By means of the method, two-way identity authentication of a terminal device and a cloud server can be realized, and a reliable and secure connection is established, thereby reducing the cost and improving the security of data transmission, and the method has a high efficiency.

Description

密钥协商方法及装置Key negotiation method and device 技术领域Technical field
本申请涉及信息安全技术领域,尤其涉及一种密钥协商方法及装置。The present application relates to the field of information security technologies, and in particular, to a key negotiation method and apparatus.
背景技术Background technique
通常,SSL(Secure Sockets Layer,安全套接层)作为一种为网络通信提供安全及数据完整性的安全协议,常被用于终端设备在与相关服务器通信时,对通信双方身份的确认,以及为了避免数据的泄漏对通信数据的加密等。Generally, SSL (Secure Sockets Layer) is a security protocol that provides security and data integrity for network communication. It is often used to confirm the identity of the communicating parties when the terminal device communicates with the relevant server, and Avoid data leakage, encryption of communication data, etc.
然而,上述使用SSL协议进行安全服务的方式中,由于SSL内存占用率大,多数终端设备无法运行SSL,且SSL在进行服务的过程中,需借助第三方CA公司,操作过于复杂。以及只能对服务器进行身份认证,无法对终端设备进行身份认证,安全性低。However, in the above-mentioned way of using the SSL protocol for security services, most of the terminal devices cannot run SSL because of the large SSL memory usage, and the SSL is required to use a third-party CA company in the process of performing the service, and the operation is too complicated. And the server can only be authenticated, the terminal device cannot be authenticated, and the security is low.
发明内容Summary of the invention
本申请的目的旨在至少在一定程度上解决上述的技术问题之一。The purpose of the present application is to solve at least one of the above technical problems to some extent.
为此,本申请的第一个目的在于提出一种密钥协商方法,该方法可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。To this end, the first object of the present application is to propose a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost and improving the data transmission. Safe and efficient.
本申请的第二个目的在于提出另一种密钥协商方法。A second object of the present application is to propose another method of key agreement.
本申请的第三个目的在于提出一种密钥协商装置。A third object of the present application is to propose a key agreement apparatus.
本申请的第四个目的在于提出另一种密钥协商装置。A fourth object of the present application is to propose another key agreement apparatus.
本发明的第五个目的在于提出一种设备。A fifth object of the invention is to propose an apparatus.
本发明的第六个目的在于提出另一种设备。A sixth object of the invention is to propose another device.
本发明的第七个目的在于提出一种非易失性计算机存储介质。A seventh object of the present invention is to provide a nonvolatile computer storage medium.
本发明的第八个目的在于提出另一种非易失性计算机存储介质。An eighth object of the present invention is to provide another non-volatile computer storage medium.
为了实现上述目的,本申请第一方面实施例提出了一种密钥协商方法,包括以下步骤:生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包 括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In order to achieve the above object, the first aspect of the present application provides a key negotiation method, including the following steps: generating a first random number, applying a first public key of a cloud server to the first random number and a terminal device. The identification information is encrypted to generate a first ciphertext; the key negotiation request is sent to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so as to After the first server decrypts the first ciphertext, the cloud server verifies the legality of the terminal device according to the identifier information and the second public key, and receives the cloud server to verify the terminal device. After being legal, the packet sent by encrypting the session key by applying the second public key a key agreement response of the second ciphertext, wherein the session key includes the first random number; applying the second private key to decrypt the second ciphertext, if the first random number is obtained And the first session string negotiated with the cloud server is encrypted by using the session key, and the key confirmation response including the third ciphertext is sent to the cloud server for the cloud server Decrypting the third ciphertext by using the session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
本申请实施例的密钥协商方法,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。In the key negotiation method of the embodiment of the present application, the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商方法,,还具有如下附加的技术特征:In addition, the key negotiation method in the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述标识信息为所述终端设备的MAC地址;所述密钥协商请求中还包括:所述第一密文的哈希值,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述MAC地址、所述哈希值和所述第二公钥验证所述终端设备的合法性。In an embodiment of the present application, the identifier information is a MAC address of the terminal device, and the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
在本申请的一个实施例中,所述应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,包括:按照预设周期通过随机数发生器生成预设长度的随机数;将所述随机数与所述第一字符串进行拼接处理生成第二字符串;应用所述会话密钥对所述第二字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In an embodiment of the present application, the applying the session key to encrypt the first character string negotiated in advance with the cloud server, including: generating a random length of a preset length by using a random number generator according to a preset period. Splicing the random number with the first character string to generate a second character string; applying the session key to encrypt the second character string, and transmitting the third character string to the cloud server a key confirmation response of the ciphertext, wherein the cloud server applies the session key to decrypt the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result. .
为了实现上述目的,本申请第二方面实施例提出了另一种密钥协商方法,包括以下步骤:接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。In order to achieve the above object, the second aspect of the present application provides another key negotiation method, including the following steps: receiving a key negotiation request sent by a terminal device, where the key negotiation request includes: a first ciphertext And the second public key of the terminal device; the first private key of the application cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored query is performed according to the identifier information and the second public key. The license database verifies the legality of the terminal device; if the license database includes the identification information and the second public key, applying the second public key to encrypt the session key, and sending the session key to the terminal device a key agreement response including a second ciphertext, wherein the session key includes the first random number; and receiving, by the terminal device, the second private key to decrypt the second ciphertext to obtain the first a key confirmation response including a third ciphertext sent after the random number, applying the session key to decrypt the third ciphertext to obtain a decryption result; and detecting whether the decryption result includes The first string of the pre-negotiated terminal device determines whether the key negotiation is successful.
本申请实施例的密钥协商方法,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的 加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. again The encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商方法,还具有如下附加的技术特征:In addition, the key negotiation method in the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述应用所述第二公钥对会话密钥加密,包括:生成第二随机数,将所述第二随机数与所述第一随机数进行拼接生成会话密钥;应用所述第二公钥对所述会话密钥加密。In an embodiment of the present application, the applying the second public key to encrypt the session key comprises: generating a second random number, and splicing the second random number with the first random number to generate a session a key; the session key is encrypted by applying the second public key.
为了实现上述目的,本申请第三方面实施例提出了一种密钥协商装置,包括:加密模块,用于生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;发送模块,用于向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;响应模块,用于接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;解密模块,用于应用所述第二私钥对所述第二密文进行解密,在获得所述第一随机数时,应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In order to achieve the above object, the third aspect of the present application provides a key agreement apparatus, including: an encryption module, configured to generate a first random number, and apply a first public key of a cloud server to the first random number and The identification information of the terminal device is encrypted to generate a first ciphertext; the sending module is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the terminal device a second public key, after the cloud server applies the first private key to decrypt the first ciphertext, and verifies the legality of the terminal device according to the identifier information and the second public key; And a key agreement response including the second ciphertext sent by the second public key after the second public key is encrypted, and the session key is included, after the cloud server is configured to verify that the terminal device is legal. a first random number; a decryption module, configured to apply the second private key to decrypt the second ciphertext, and when the first random number is obtained, apply the session key pair in advance The first string negotiated by the cloud server is encrypted, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session key to the third ciphertext. Decryption processing is performed, and whether the key negotiation is successful is determined according to whether the first character string is included in the decryption result.
本申请实施例的密钥协商装置,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商装置,还具有如下附加的技术特征:In addition, the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述标识信息为所述终端设备的MAC地址;所述密钥协商请求中还包括:所述第一密文的哈希值,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述MAC地址、所述哈希值和所述第二公钥验证所述终端设备的合法性。In an embodiment of the present application, the identifier information is a MAC address of the terminal device, and the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server application office After decrypting the first ciphertext, the first private key verifies the legality of the terminal device according to the MAC address, the hash value, and the second public key.
在本申请的一个实施例中,所述解密模块用于:按照预设周期通过随机数发生器生成预设长度的随机数;将所述随机数与所述第一字符串进行拼接处理生成第二字符串;应用所述会话密钥对所述第二字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根 据解密结果中是否包含所述第一字符串确定密钥协商是否成功。In an embodiment of the present application, the decrypting module is configured to: generate a random number of a preset length by using a random number generator according to a preset period; and perform splicing processing on the random number and the first character string to generate a first a second string; the second string is encrypted by applying the session key, and a key confirmation response including the third ciphertext is sent to the cloud server, where the cloud server applies the session secret Decrypting the third ciphertext by the key, and rooting Whether the key negotiation is successful is determined according to whether the first string is included in the decrypted result.
为了实现上述目的,本申请第四方面实施例提出了另一种密钥协商装置,其特征在于,包括:接收模块,用于接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;查询模块,用于应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;第一处理模块,用于在所述许可数据库包括所述标识信息和所述第二公钥时,应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;第二处理模块,用于接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测模块,用于检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。In order to achieve the above object, the fourth aspect of the present application provides another key agreement apparatus, which includes: a receiving module, configured to receive a key negotiation request sent by a terminal device, where the key negotiation The request includes: a first ciphertext and a second public key of the terminal device; the query module is configured to decrypt the first ciphertext by using the first private key of the cloud server to obtain the first random number and the identifier information of the terminal device, according to the Determining the legality of the terminal device by using the identifier information and the second public key query pre-stored license database; the first processing module is configured to: when the license database includes the identifier information and the second public key, Applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number; and the second processing module, Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first ciphertext, and applying the conference Decrypting the third ciphertext decryption result acquired; a detection module for detecting whether the decryption result string comprising a first pre-negotiated with the terminal device determines whether the key negotiation is successful.
本申请实施例的密钥协商装置,本申请实施例的密钥协商方法,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key negotiation apparatus in the embodiment of the present application, the key negotiation method in the embodiment of the present application, receives the encrypted first ciphertext sent by the terminal device, and decrypts the second ciphertext according to the identification information and the second public key. The legality, and the decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
另外,本申请实施例的密钥协商装置,还具有如下附加的技术特征:In addition, the key agreement apparatus of the embodiment of the present application further has the following additional technical features:
在本申请的一个实施例中,所述第一处理模块用于:生成第二随机数,将所述第二随机数与所述第一随机数进行拼接生成会话密钥;应用所述第二公钥对所述会话密钥加密。In an embodiment of the present application, the first processing module is configured to: generate a second random number, splicing the second random number and the first random number to generate a session key; and applying the second The public key encrypts the session key.
本发明第五方面实施例提供了一种设备,包括:一个或者多个处理器;存储器;一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时,执行以下步骤:生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。 An embodiment of the fifth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the plurality of processors are executed, performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending the first ciphertext to the cloud The server sends a key negotiation request, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first After the ciphertext, verifying the legality of the terminal device according to the identifier information and the second public key; and after receiving the cloud server to verify that the terminal device is legal, applying the second public key to the session key a key agreement response including a second ciphertext sent after encryption, wherein the session key includes the first random number; and applying the second private key to solve the second ciphertext And if the first random number is obtained, applying the session key to encrypt a first character string negotiated in advance with the cloud server, and sending a key confirmation including the third ciphertext to the cloud server. In response, the cloud server applies the session key to decrypt the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
本申请实施例的设备,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The device in the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud device through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and obtains the decryption result. The data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本发明第六方面实施例提供了一种设备,包括:一个或者多个处理器;存储器;一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时,执行以下步骤:接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。A sixth aspect of the present invention provides an apparatus, including: one or more processors; a memory; one or more programs, the one or more programs being stored in the memory when When the multiple processors are executed, the following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and a first application cloud server The private key decrypts the first ciphertext to obtain the first random number and the identification information of the terminal device, and queries the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device; The license database includes the identifier information and the second public key, and the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where The session key includes the first random number; and the receiving, by the terminal device, the second private key is used to decrypt the second ciphertext to obtain the first random number, and the a key confirmation response of the ciphertext, applying the session key to decrypt the third ciphertext to obtain a decryption result; and detecting whether the decryption result includes a first string determined in advance by the terminal device to determine whether the key negotiation is success.
本申请实施例的设备,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The device of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs the decrypted data again. The encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after receiving the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本发明第七方面实施例提供了一种非易失性计算机存储介质,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备执行以下步骤:生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密 处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。A seventh aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by a device, causing the device Performing the following steps: generating a first random number, encrypting the first random number and the identification information of the terminal device by using the first public key of the cloud server to generate a first ciphertext; and sending a key negotiation request to the cloud server, The key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, according to the Determining the legality of the terminal device by using the identifier information and the second public key; after receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then sent a key agreement response of the ciphertext, wherein the session key includes the first random number; applying the second private key to decrypt the second ciphertext, if obtained The first random number is used to encrypt the first character string negotiated in advance with the cloud server by using the session key, and send a key confirmation response including the third ciphertext to the cloud server for the Decoding the third ciphertext by using the session key by the cloud server Processing, and determining whether the key negotiation is successful according to whether the first string is included in the decrypted result.
本申请实施例的非易失性计算机存储介质,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The non-volatile computer storage medium of the embodiment of the present application sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key. And encrypting the decrypted data again, sending it to the terminal device, and then decrypting the second ciphertext after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本发明第八方面实施例提供了一种非易失性计算机存储介质,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备执行以下步骤:接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。An eighth aspect of the present invention provides a non-volatile computer storage medium storing one or more programs, when the one or more programs are executed by one device, causing the device The following steps are performed: receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device; and decrypting the first by using a first private key of the cloud server Obtaining the first random number and the identification information of the terminal device, and verifying the legality of the terminal device according to the identifier information and the second public key querying the pre-stored license database; if the license database includes the identifier information And the second public key, the second public key is used to encrypt the session key, and the key agreement response including the second ciphertext is sent to the terminal device, where the session key includes the first a random number; receiving a key including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first random number In response to applying the third session key to decrypt the ciphertext decryption result acquired; detecting whether the decryption result string comprising a first pre-negotiated with the terminal device determines whether the key negotiation is successful.
本申请实施例的非易失性计算机存储介质,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The non-volatile computer storage medium of the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identification information and the second public key, and decrypts the The data is obtained for another encryption, and is simultaneously transmitted to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
本申请附加的方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本申请的实践了解到。The aspects and advantages of the present invention will be set forth in part in the description which follows.
附图说明DRAWINGS
本申请上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中:The above and/or additional aspects and advantages of the present invention will become apparent and readily understood from
图1是根据本申请一个实施例的密钥协商方法的流程图;1 is a flowchart of a key agreement method according to an embodiment of the present application;
图2是根据本申请另一个实施例的密钥协商方法的流程;2 is a flowchart of a key agreement method according to another embodiment of the present application;
图3是根据本申请一个实施例的密钥协商方法的示意图; FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application; FIG.
图4是根据本申请一个实施例的密钥协商装置的结构示意图;4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application;
图5是根据本申请另一个实施例的密钥协商装置的结构示意图。FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
具体实施方式detailed description
下面详细描述本申请的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,旨在用于解释本申请,而不能理解为对本申请的限制。The embodiments of the present application are described in detail below, and the examples of the embodiments are illustrated in the drawings, wherein the same or similar reference numerals are used to refer to the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the accompanying drawings are intended to be illustrative, and are not to be construed as limiting.
下面参考附图描述本申请实施例的密钥协商方法及装置。The key negotiation method and apparatus of the embodiment of the present application are described below with reference to the accompanying drawings.
通常,SSL在为网络通信提供安全服务时,在设备端使用CA证书,通过设备的公私钥配对加解密,完成对服务器的认证。Generally, when SSL provides security services for network communication, the CA certificate is used on the device side, and the device is authenticated by encrypting and decrypting the public and private keys of the device.
举例而言,终端设备发送一个连接请求至服务器,服务器将自己的CA证书,以及与CA证书相关的信息发送至终端设备,终端设备检查服务器发送的CA证书是否是由自己信赖的CA中心签发的。For example, the terminal device sends a connection request to the server, and the server sends its own CA certificate and information related to the CA certificate to the terminal device, and the terminal device checks whether the CA certificate sent by the server is issued by the CA center trusted by the server. .
如果是,则继续执行SSL协议,终端设备比较CA证书的信息,比如域名、公钥等信息,与服务器先前发送的相关信息是否一致,只有在信息一致时,认证服务器身份合法。If yes, the SSL protocol is executed. The terminal device compares the information of the CA certificate, such as the domain name and public key, with the information previously sent by the server. The authentication server is legal only when the information is consistent.
进而,在服务器合法时,服务器从终端设备发送过来的密码方案中,选择一种加密程度最高的密码方案,用终端设备的公钥加过密后通知终端设备,终端设备针对该密码方案,选择一个通话密钥,进而使用服务器的公钥加过密后发送给服务器。Further, when the server is legal, the server selects a password scheme with the highest degree of encryption from the password scheme sent by the terminal device, and notifies the terminal device after adding the password of the terminal device, and the terminal device selects the password scheme for the password scheme. A call key, which is then sent to the server using the server's public key.
从而,服务器接收到终端设备发送过来的信息,通过自己的私钥解密获得通话密钥,进而服务器、浏览器根据密码对称方案进行信息交互。Therefore, the server receives the information sent by the terminal device, decrypts the private key to obtain the session key, and the server and the browser exchange information according to the password symmetric scheme.
由此,可以看出在使用SSL协议进行通信时,只能对服务器进行身份认证,无法对终端设备进行身份认证,且SSL相对太过庞大,多数终端设备无法运行SSL,可行性低,并且由于SSL需要借助第三方CA公司,操作过于复杂。以及只能对服务器进行身份认证,无法对终端设备进行身份认证,安全性低。Therefore, it can be seen that when using the SSL protocol for communication, only the server can be authenticated, the terminal device cannot be authenticated, and the SSL is relatively too large. Most terminal devices cannot run SSL, which is low in feasibility and SSL requires the help of a third-party CA company, and the operation is too complicated. And the server can only be authenticated, the terminal device cannot be authenticated, and the security is low.
为了解决上述问题,本申请提出了一种密钥协商方法,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。具体如下:In order to solve the above problem, the present application proposes a key negotiation method, which can complete the two-way identity authentication of the terminal device and the cloud server, and establish a reliable secure connection, thereby reducing the cost, which improves the security and efficiency of data transmission. high. details as follows:
图1是根据本申请一个实施例的密钥协商方法的流程图。1 is a flow chart of a method of key agreement in accordance with one embodiment of the present application.
如图1所示,该密钥协商方法包括:As shown in FIG. 1, the key negotiation method includes:
步骤110,生成第一随机数,应用云端服务器的第一公钥对第一随机数和终端设备的标识信息进行加密生成第一密文。Step 110: Generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext.
具体地,可以通过随机数发生器生成预设长度的第一随机数。其中,预设长度可以根 据需要进行设置,例如5个字符串、10个字符串等。其中,随机数可以是字母、数字和特殊符号等中的一种或者多种。Specifically, the first random number of the preset length may be generated by the random number generator. Where the preset length can be rooted Set as needed, such as 5 strings, 10 strings, and so on. The random number may be one or more of letters, numbers, special symbols, and the like.
进一步地,终端设备可以获取自身的标识信息,并可使用预先存储的云端服务器的第一公钥对得到的第一随机数和标识信息进行加密操作,以生成第一密文。Further, the terminal device may obtain its own identification information, and may perform an encryption operation on the obtained first random number and the identification information by using the first public key of the cloud server that is stored in advance to generate the first ciphertext.
其中,标识信息可以是MAC(Media Access Control,媒体访问控制)地址,也可以是IMEI(International Mobile Equipment Identity,国际移动设备身份码),还可以是其他的设备标识信息,可以根据实际应用需要进行选择设置。The identifier information may be a MAC (Media Access Control) address, or may be an International Mobile Equipment Identity (IMEI), or may be other device identification information, and may be performed according to actual application requirements. Select settings.
其中,第一公钥是与云端服务器预先约定设置的可以对明文进行加密的密钥。The first public key is a key that is pre-agreed with the cloud server and can encrypt the plaintext.
举例而言,云端服务器可预先使用非对称算法生成一对永久的第一私钥和第一公钥对,并存储在云端服务器上,同时云端服务器会将第一公钥发送给终端设备上。从而在终端设备向云端服务器发起建立连接请求时,云端服务器能够根第一私钥验证终端设备的身份,以保证非法终端设备与云端服务器建立连接,进一步提高数据传输的安全性。For example, the cloud server may pre-generate a pair of permanent first private key and first public key pair by using an asymmetric algorithm, and store it on the cloud server, and the cloud server sends the first public key to the terminal device. Therefore, when the terminal device initiates the connection establishment request to the cloud server, the cloud server can verify the identity of the terminal device by using the first private key to ensure that the illegal terminal device establishes a connection with the cloud server, thereby further improving the security of data transmission.
步骤120,向云端服务器发送密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥,以便云端服务器应用第一公钥解密第一密文后,根据标识信息和第二公钥验证终端设备的合法性。Step 120: Send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first public key to decrypt the first ciphertext, according to the identifier. The information and the second public key verify the legitimacy of the terminal device.
具体地,终端设备在向云端服务器发送包括第一密文和终端设备的第二公钥的密钥协商请求后,云端服务器可以应用第一私钥解密第一密文后,得到第一随机数和标识信息。Specifically, after the terminal device sends the key negotiation request including the first ciphertext and the second public key of the terminal device to the cloud server, the cloud server may use the first private key to decrypt the first ciphertext to obtain the first random number. And identification information.
其中,当标识信息是终端设备的MAC地址时,通过同时查询许可数据库,以确认许可服务器是否已经生成MAC和第二公钥,从而根据MAC和第二公钥验证终端设备的合法性。Wherein, when the identification information is the MAC address of the terminal device, the validity of the terminal device is verified according to the MAC and the second public key by checking the license database at the same time to confirm whether the license server has generated the MAC and the second public key.
或者是,密钥协商请求中还包括第一密文的哈希值,以便云端服务器应用第一公钥解密第一密文后,根据MAC地址、哈希值和第二公钥验证终端设备的合法性。Alternatively, the key negotiation request further includes a hash value of the first ciphertext, so that the cloud server applies the first public key to decrypt the first ciphertext, and then verifies the terminal device according to the MAC address, the hash value, and the second public key. legality.
需要说明的是,如果应用第一私钥解密第一密文成功,进行后续验证,如果应用第一公钥解密第一密文失败,云端服务器可以将该终端设备作为非法终端设备,不再进行后续验证。It should be noted that, if the first private key is used to decrypt the first ciphertext successfully, and subsequent verification is performed, if the first public key is used to decrypt the first ciphertext, the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
步骤130,接收云端服务器验证终端设备合法后,应用第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。Step 130: After receiving the cloud server to verify that the terminal device is legal, the second public key is used to encrypt the session key and then send a key agreement response including the second ciphertext, where the session key includes the first random number.
具体地,在对第一密文解密成功,并得到第一密文的明文信息之后,云端服务器使用接收到的第二公钥对该包括第一随机数的会话秘钥进行加密操作得到第二密文,然后将第二密文发送给终端设备。Specifically, after the first ciphertext is successfully decrypted, and the plaintext information of the first ciphertext is obtained, the cloud server uses the received second public key to encrypt the session key including the first random number to obtain a second operation. The ciphertext is then sent to the terminal device.
为了进一步提高数据传输的安全性,可以在对第一密文解密成功,并得到第一密文的明文信息之后,云端服务器还可生成一个第二随机数,将第一随机数和第二随机数进行拼接,得到拼接数据,并使用接收到的第二公钥对该拼接数据进行加密操作得到第二密文, 然后将第二密文发送给终端设备。也就是说,第二密文还包括云端服务器生成的第二随机数。In order to further improve the security of the data transmission, after the first ciphertext is successfully decrypted and the plaintext information of the first ciphertext is obtained, the cloud server may further generate a second random number, the first random number and the second random number. The number is spliced to obtain spliced data, and the spliced data is encrypted by using the received second public key to obtain a second ciphertext. The second ciphertext is then sent to the terminal device. That is to say, the second ciphertext further includes a second random number generated by the cloud server.
需要说明的是,在会话密钥中必须包含第一随机数,另外为了进一步提高安全性加入第二随机数或者别的数据可以根据需要选择设置。It should be noted that the first random number must be included in the session key, and the second random number or other data may be added to further improve security.
步骤140,应用第二公钥对第二密文进行解密,如果获得第一随机数,则应用会话密钥对预先与云端服务器协商的第一字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。Step 140: The second public key is used to decrypt the second ciphertext. If the first random number is obtained, the session key is used to encrypt the first character string negotiated in advance with the cloud server, and the third server is sent to the cloud server. The key confirmation response of the file is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
具体地,当终端设备接收到第二密文后,使用终端设备的第二私钥对其进行解密操作,在解密成功后,可根据生成的第一随机数与解密得到的明文信息进行比对,如果比对结果中包含有第一随机数,则终端设备确认云端服务器通过身份验证。Specifically, after receiving the second ciphertext, the terminal device decrypts the second private key of the terminal device, and after the decryption succeeds, compares the generated first random number with the decrypted plaintext information. If the comparison result includes the first random number, the terminal device confirms that the cloud server passes the authentication.
进一步地,当确定云端服务器通过身份认证之后,应用会话密钥对预先与云端服务器协商的第一字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。Further, after determining that the cloud server passes the identity authentication, the application session key encrypts the first character string negotiated in advance with the cloud server, and sends a key confirmation response including the third ciphertext to the cloud server for the cloud server application. The session key decrypts the third ciphertext, and determines whether the key negotiation is successful according to whether the first string is included in the decryption result.
其中,应用会话密钥对预先与云端服务器协商的第一字符串进行加密可以理解为首先按照预设周期通过随机数发生器生成预设长度的随机数。The encrypting the first character string negotiated in advance with the cloud server by using the session key may be understood as firstly generating a random number of a preset length by using a random number generator according to a preset period.
进一步地,将随机数与第一字符串进行拼接处理生成第二字符串。Further, the random number is spliced with the first character string to generate a second character string.
进一步地,应用会话密钥对第二字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。Further, the application session key encrypts the second character string, and sends a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and decrypts according to the decryption process. Whether the result contains the first string determines whether the key negotiation is successful.
其中,预设周期可以根据需要进行设置,例如10分钟、20分钟等。The preset period can be set as needed, for example, 10 minutes, 20 minutes, and the like.
其中,预设长度可以根据需要进行设置,例如5个字符串、10个字符串等。The preset length can be set as needed, for example, 5 strings, 10 strings, and the like.
其中,随机数可以是字母、数字和特殊符号等中的一种或者多种。The random number may be one or more of letters, numbers, special symbols, and the like.
需要说明的是,拼接处理可以理解为“随机数+第一字符串”、也可以理解为“第一字符串+随机数”、还可以理解为随机数任意插入第一字符串的各个字符之间等。It should be noted that the splicing process can be understood as “random number + first character string”, and can also be understood as “first character string + random number”, and can also be understood as random characters arbitrarily inserted into each character of the first character string. Wait.
具体地,可以通过例如MD5加密算法、DES加密算法和RSA加密算法等,应用与云端服务器预先协商的会话密钥对第二字符串进行加密得到的结果作为第三密文。Specifically, the result of encrypting the second character string by using a session key pre-negotiated with the cloud server may be used as the third ciphertext by, for example, an MD5 encryption algorithm, a DES encryption algorithm, an RSA encryption algorithm, or the like.
进一步,将第三密文发送给云端服务器,云端服务器会利用相应的解密Further, the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
算法,应用与终端设备预先协商的会话密钥对第三密文进行解密处理。The algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
进一步地,判断解密结果中是否包含第一字符串以确定终端设备与服务器协商是否成功。 Further, it is determined whether the first character string is included in the decryption result to determine whether the terminal device negotiates with the server successfully.
本申请实施例的密钥协商方法,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。In the key negotiation method of the embodiment of the present application, the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
图2是根据本申请另一个实施例的密钥协商方法的流程图。2 is a flow chart of a method of key agreement in accordance with another embodiment of the present application.
如图2所示,该密钥协商方法包括:As shown in FIG. 2, the key negotiation method includes:
步骤210,接收终端设备发送的密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥。Step 210: Receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
步骤220,应用云端服务器的第一私钥解密第一密文获取第一随机数和终端设备的标识信息,根据标识信息和第二公钥查询预存的许可数据库验证终端设备的合法性。Step 220: The first private key of the cloud server is used to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and the pre-stored license database is queried according to the identifier information and the second public key to verify the legality of the terminal device.
具体地,云端服务器接收终端设备发送的密钥协商请求后,云端服务器可以应用第一私钥解密第一密文后,得到第一随机数和终端设备的标识信息。Specifically, after the cloud server receives the key negotiation request sent by the terminal device, the cloud server may use the first private key to decrypt the first ciphertext, and obtain the first random number and the identification information of the terminal device.
需要说明的是,标识信息的具体说明请参见步骤110,此处不再详述。For details of the identification information, refer to step 110, which is not described in detail here.
其中,可以通过同时查询许可数据库,以确认许可服务器是否已经生成MAC和第二公钥,从而根据MAC和第二公钥验证终端设备的合法性。Wherein, the validity of the terminal device can be verified according to the MAC and the second public key by simultaneously querying the license database to confirm whether the license server has generated the MAC and the second public key.
需要说明的是,如果应用第一私钥解密第一密文成功,进行后续验证,如果应用第一公钥解密第一密文失败,云端服务器可以将该终端设备作为非法终端设备,不再进行后续验证。It should be noted that, if the first private key is used to decrypt the first ciphertext successfully, and subsequent verification is performed, if the first public key is used to decrypt the first ciphertext, the cloud server may use the terminal device as an illegal terminal device, and no longer perform the process. Subsequent verification.
步骤230,如果许可数据库包括标识信息和第二公钥,则应用第二公钥对会话密钥加密,向终端设备发送包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。Step 230: If the license database includes the identifier information and the second public key, encrypt the session key by applying the second public key, and send a key agreement response including the second ciphertext to the terminal device, where the session key includes the first random number.
步骤240,接收终端设备应用第二私钥解密第二密文获取第一随机数后发送的包括第三密文的密钥确认响应,应用会话密钥解密第三密文获取解密结果。Step 240: The receiving terminal device applies a second private key to decrypt the second ciphertext to obtain a key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decryption result.
具体地,许可数据库包括标识信息和第二公钥,使用接收到的第二公钥对该包括第一随机数的会话秘钥进行加密操作得到第二密文,然后将第二密文发送给终端设备。Specifically, the license database includes the identifier information and the second public key, and the session key including the first random number is encrypted by using the received second public key to obtain a second ciphertext, and then the second ciphertext is sent to Terminal Equipment.
其中,为了进一步提高数据传输的安全性,可以生成第二随机数,将第二随机数与第一随机数进行拼接生成会话密钥,应用第二公钥对所述会话密钥加密。In order to further improve the security of data transmission, a second random number may be generated, the second random number is spliced with the first random number to generate a session key, and the session key is encrypted by applying a second public key.
进一步地,云端服务器向终端设备发送包括第二密文的密钥协商响应。由此,接收终端设备应用第二私钥解密第二密文获取第一随机数后发送的包括第三密文的密钥确认响应,应用会话密钥解密第三密文获取解密结果。Further, the cloud server sends a key agreement response including the second ciphertext to the terminal device. Therefore, the receiving terminal device uses the second private key to decrypt the second ciphertext to obtain the key acknowledgment response including the third ciphertext after the first random number is obtained, and decrypts the third ciphertext by using the session key to obtain the decrypted result.
步骤250,检测解密结果中是否包含与终端设备预先协商的第一字符串确定密钥协商是否成功。 Step 250: Detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
具体地,将第三密文发送给云端服务器,云端服务器会利用相应的解密Specifically, the third ciphertext is sent to the cloud server, and the cloud server uses the corresponding decryption.
算法,应用与终端设备预先协商的会话密钥对第三密文进行解密处理。The algorithm performs decryption processing on the third ciphertext by using a session key pre-negotiated with the terminal device.
进一步地,判断解密结果中是否包含第一字符串以确定终端设备与服务器协商是否成功。Further, it is determined whether the first character string is included in the decryption result to determine whether the terminal device negotiates with the server successfully.
需要说明的是,在检测获知解密结果中包含第一字符串时应用与终端设备协商的密钥信息对交互信息进行加密或解密处理。即在密钥协商结束以后,可以利用与终端设备协商的密钥信息对交互信息进行处理,可以是加密、解密等一种或者多种。It should be noted that, when detecting that the decrypted result includes the first character string, the key information that is negotiated with the terminal device is applied to encrypt or decrypt the interaction information. That is, after the key negotiation ends, the interaction information may be processed by using the key information negotiated with the terminal device, which may be one or more of encryption and decryption.
本申请实施例的密钥协商方法,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key negotiation method in the embodiment of the present application receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. Once again, the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
为了本领域人员更加清楚上述实施过程,结合例子说明如下:In order to make the above implementation process more clear to those skilled in the art, the following examples are described as follows:
图3是根据本申请一个实施例的密钥协商方法的示意图。FIG. 3 is a schematic diagram of a key agreement method according to an embodiment of the present application.
如图3所示,智能终端可通过无线连接(WIFI、蓝牙、ZigBee等)的方式向云端服务器发送密钥协商请求时,其中,该密钥协商请求包括第一密文和第二公钥。As shown in FIG. 3, the smart terminal can send a key negotiation request to the cloud server by means of a wireless connection (WIFI, Bluetooth, ZigBee, etc.), wherein the key negotiation request includes the first ciphertext and the second public key.
其中,该第一密文为使用云端服务器第一公钥对第一随机数R1和终端设备的MAC地址进行加密得到的。在云端服务器接收到该密钥协商请求之后,可对该密钥协商请求进行解密操作以获得相应的明文信息,即第一随机数R1、终端设备的MAC地址和终端设备的第二公钥。The first ciphertext is obtained by encrypting the first random number R1 and the MAC address of the terminal device by using the first public key of the cloud server. After the cloud server receives the key negotiation request, the key negotiation request may be decrypted to obtain corresponding plaintext information, that is, the first random number R1, the MAC address of the terminal device, and the second public key of the terminal device.
另外,云端服务器还可以生成一个第二随机数R2,然后通过使用第二公钥对获得的第一随机数R1和第二随机数R2进行加密,得到第二密文,并发送至终端设备。In addition, the cloud server may further generate a second random number R2, and then encrypt the first random number R1 and the second random number R2 obtained by using the second public key to obtain a second ciphertext, and send the second ciphertext to the terminal device.
进一步地,终端设备在接收到第二密文之后,可使用第二私钥对第二密文进行解密,并在解密成功后,向云端服务器发送加密的认证通过信息,其中发送的认证通过信息可以是根据第一随机数R1和第二随机数R2对预先设置的确认信息(如图3中的“OK”等)进行加密生成的。Further, after receiving the second ciphertext, the terminal device may use the second private key to decrypt the second ciphertext, and after the decryption succeeds, send the encrypted authentication pass information to the cloud server, where the authentication pass information is sent. It may be that the pre-set confirmation information ("OK" or the like in FIG. 3) is encrypted and generated based on the first random number R1 and the second random number R2.
进一步地,云端服务器接收到该认证通过信息之后会对该信息进行解密,以获得预先设置的字符信息,进而根据认证通过信息建立安全的通信连接。Further, after receiving the authentication pass information, the cloud server decrypts the information to obtain pre-set character information, and then establishes a secure communication connection according to the authentication pass information.
本申请实施例的密钥协商方法,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认 证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。In the key negotiation method of the embodiment of the present application, the encrypted first ciphertext is sent to the cloud server by the terminal device, and is decrypted by the cloud server, and the legality of the terminal device is verified according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
为实现上述目的,本申请还提出一种密钥协商装置。To achieve the above object, the present application also proposes a key agreement apparatus.
图4是根据本申请一个实施例的密钥协商装置的结构示意图。FIG. 4 is a schematic structural diagram of a key agreement apparatus according to an embodiment of the present application.
如图4所示,该密钥协商装置可包括:加密模块41、发送模块42、响应模块43和解密模块44。As shown in FIG. 4, the key agreement apparatus may include an encryption module 41, a sending module 42, a response module 43, and a decryption module 44.
其中,加密模块41用于生成第一随机数,应用云端服务器的第一公钥对第一随机数和终端设备的标识信息进行加密生成第一密文。The cryptographic module 41 is configured to generate a first random number, and apply the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate the first ciphertext.
发送模块42用于向云端服务器发送密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥,以便云端服务器应用第一私钥解密第一密文后,根据标识信息和第二公钥验证终端设备的合法性。The sending module 42 is configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and the second public key of the terminal device, so that the cloud server applies the first private key to decrypt the first ciphertext, The validity of the terminal device is verified according to the identification information and the second public key.
响应模块43用于接收云端服务器验证终端设备合法后,应用第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。The response module 43 is configured to receive a key agreement response that includes the second ciphertext after the cloud server verifies that the terminal device is legal, and the second public key is used to encrypt the session key, where the session key includes the first random number.
解密模块44用于应用第二私钥对第二密文进行解密,在获得第一随机数时,应用会话密钥对预先与云端服务器协商的第一字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。The decryption module 44 is configured to use the second private key to decrypt the second ciphertext. When the first random number is obtained, the application session key encrypts the first string negotiated in advance with the cloud server, and sends the first string to the cloud server. The key confirmation response of the third ciphertext is used for decrypting the third ciphertext by the cloud server application session key, and determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
其中,在本申请的一个实施例中,标识信息为终端设备的MAC地址,密钥协商请求中还包括:第一密文的哈希值,以便云端服务器应用第一私钥解密第一密文后,根据MAC地址、哈希值和第二公钥验证终端设备的合法性。In an embodiment of the present application, the identifier information is a MAC address of the terminal device, and the key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server applies the first private key to decrypt the first ciphertext. After that, the validity of the terminal device is verified according to the MAC address, the hash value, and the second public key.
其中,在本申请的一个实施例中,解密模块44用于按照预设周期通过随机数发生器生成预设长度的随机数,将随机数与第一字符串进行拼接处理生成第二字符串,应用会话密钥对第二字符串进行加密,向云端服务器发送包括第三密文的密钥确认响应,以供云端服务器应用会话密钥对第三密文进行解密处理,并根据解密结果中是否包含第一字符串确定密钥协商是否成功。In an embodiment of the present application, the decrypting module 44 is configured to generate a random number of a preset length by using a random number generator according to a preset period, and perform a splicing process on the random number and the first character string to generate a second character string. Encrypting the second character string by using the session key, and sending a key confirmation response including the third ciphertext to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and according to whether the decryption result is The first string is included to determine if the key negotiation is successful.
本发明实施例提供的密钥协商装置与上述第一方面实施例提供的密钥协商方法相对应,因此在前述密钥协商方法的实施方式也适用于本实施例提供的密钥协商装置,在本实施例中不再详细描述。The key agreement device provided by the embodiment of the present invention corresponds to the key agreement method provided by the foregoing first embodiment. Therefore, the implementation manner of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
本申请实施例的密钥协商装置,通过终端设备将加密的第一密文发送至云端服务器,以通过云端服务器对其进行解密并根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认 证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key agreement apparatus of the embodiment of the present invention sends the encrypted first ciphertext to the cloud server through the terminal device, decrypts the cloud file through the cloud server, and verifies the legality of the terminal device according to the identifier information and the second public key, and The decrypted data is encrypted again, sent to the terminal device, and then decrypted after the terminal device receives the second ciphertext to verify the identity. Thereby, the two-way identity of the terminal device and the cloud server can be completed. Proof and establish a reliable and secure connection, which reduces costs, which improves the security and efficiency of data transmission.
图5是根据本申请另一个实施例的密钥协商装置的结构示意图。FIG. 5 is a schematic structural diagram of a key agreement apparatus according to another embodiment of the present application.
如图5所示,该密钥协商装置可包括:接收模块51、查询模块52、第一处理模块53、第二处理模块54和检测模块55。As shown in FIG. 5, the key agreement apparatus may include: a receiving module 51, a querying module 52, a first processing module 53, a second processing module 54, and a detecting module 55.
接收模块51用于接收终端设备发送的密钥协商请求,其中,密钥协商请求包括:第一密文和终端设备的第二公钥。The receiving module 51 is configured to receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device.
查询模块52用于应用云端服务器的第一私钥解密第一密文获取第一随机数和终端设备的标识信息,根据标识信息和第二公钥查询预存的许可数据库验证终端设备的合法性。The query module 52 is configured to use the first private key of the cloud server to decrypt the first ciphertext to obtain the first random number and the identification information of the terminal device, and query the pre-stored license database according to the identifier information and the second public key to verify the legality of the terminal device.
第一处理模块53用于在许可数据库包括标识信息和第二公钥时,应用第二公钥对会话密钥加密,向终端设备发送包括第二密文的密钥协商响应,其中,会话密钥包括第一随机数。The first processing module 53 is configured to: when the license database includes the identifier information and the second public key, apply the second public key to encrypt the session key, and send a key agreement response including the second ciphertext to the terminal device, where the session is dense The key includes a first random number.
第二处理模块54用于接收终端设备应用第二私钥解密第二密文获取第一随机数后发送的包括第三密文的密钥确认响应,应用会话密钥解密第三密文获取解密结果。The second processing module 54 is configured to receive a key confirmation response including a third ciphertext sent by the terminal device after the second private cipher is decrypted by the second private cipher, and decrypt the third ciphertext by using the session key to obtain the decryption. result.
检测模块55用于检测解密结果中是否包含与终端设备预先协商的第一字符串确定密钥协商是否成功。The detecting module 55 is configured to detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
其中,在本申请的一个实施例中,第一处理模块53用于生成第二随机数,将第二随机数与第一随机数进行拼接生成会话密钥;应用第二公钥对会话密钥加密。In an embodiment of the present application, the first processing module 53 is configured to generate a second random number, splicing the second random number with the first random number to generate a session key, and applying the second public key to the session key. encryption.
本发明实施例提供的密钥协商装置与上述第二方面实施例提供的密钥协商方法相对应,因此在前述密钥协商方法的实施方式也适用于本实施例提供的密钥协商装置,在本实施例中不再详细描述。The key agreement device provided by the embodiment of the present invention corresponds to the key negotiation method provided in the foregoing second embodiment. Therefore, the implementation of the foregoing key negotiation method is also applicable to the key agreement device provided in this embodiment. This embodiment will not be described in detail.
本申请实施例的密钥协商装置,接收终端设备发送的加密的第一密文,以并对其进行解密再根据标识信息和第二公钥验证终端设备的合法性,并对解密得到数据进行再一次的加密,同时发送给终端设备,然后在终端设备接收到该第二密文之后对其进行解密,以验证身份。由此,可以完成终端设备和云端服务器的双向身份认证,并建立可靠性的安全连接,降低了成本,其提高了数据传输的安全性且效率高。The key agreement apparatus of the embodiment of the present invention receives the encrypted first ciphertext sent by the terminal device, decrypts the ciphertext, and then verifies the legality of the terminal device according to the identifier information and the second public key, and performs data decryption. Once again, the encryption is simultaneously sent to the terminal device, and then the terminal device decrypts the second ciphertext after it receives the second ciphertext to verify the identity. Thereby, the two-way identity authentication of the terminal device and the cloud server can be completed, and a reliable and secure connection is established, which reduces the cost, which improves the security of the data transmission and is highly efficient.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。 In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the application. In the present specification, the schematic representation of the above terms is not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples. In addition, various embodiments or examples described in the specification, as well as features of various embodiments or examples, may be combined and combined.
尽管上面已经示出和描述了本申请的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本申请的限制,本领域的普通技术人员在本申请的范围内可以对上述实施例进行变化、修改、替换和变型。 While the embodiments of the present application have been shown and described above, it is understood that the above-described embodiments are illustrative and are not to be construed as limiting the scope of the present application. The embodiments are subject to variations, modifications, substitutions and variations.

Claims (14)

  1. 一种密钥协商方法,其特征在于,包括以下步骤:A key negotiation method, comprising the steps of:
    生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;Generating a first random number, and applying the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext;
    向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;Sending a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and a second public key of the terminal device, so that the cloud server applies the first private key After decrypting the first ciphertext, verifying the legality of the terminal device according to the identifier information and the second public key;
    接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;Receiving, by the cloud server, the key agreement response including the second ciphertext sent by the second public key after the session key is encrypted, wherein the session key includes the first a random number;
    应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。Applying the second private key to decrypt the second ciphertext, and if the first random number is obtained, applying the session key to encrypt the first character string negotiated in advance with the cloud server, The cloud server sends a key confirmation response including the third ciphertext, so that the cloud server applies the session key to decrypt the third ciphertext, and according to whether the decryption result includes the The first string determines if the key negotiation was successful.
  2. 如权利要求1所述的方法,其特征在于,所述标识信息为所述终端设备的MAC地址;The method according to claim 1, wherein the identification information is a MAC address of the terminal device;
    所述密钥协商请求中还包括:所述第一密文的哈希值,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述MAC地址、所述哈希值和所述第二公钥验证所述终端设备的合法性。The key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server applies the first private key to decrypt the first ciphertext, according to the MAC address, The hash value and the second public key verify the legitimacy of the terminal device.
  3. 如权利要求1所述的方法,其特征在于,所述应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,包括:The method of claim 1, wherein the applying the session key to encrypt a first character string negotiated in advance with the cloud server comprises:
    按照预设周期通过随机数发生器生成预设长度的随机数;Generating a random number of a preset length by a random number generator according to a preset period;
    将所述随机数与所述第一字符串进行拼接处理生成第二字符串;Splicing the random number with the first character string to generate a second character string;
    应用所述会话密钥对所述第二字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。Encrypting the second character string by using the session key, and sending a key confirmation response including the third ciphertext to the cloud server, where the cloud server applies the session key pair to the The third ciphertext performs decryption processing, and determines whether the key negotiation is successful according to whether the first character string is included in the decryption result.
  4. 一种密钥协商方法,其特征在于,包括以下步骤:A key negotiation method, comprising the steps of:
    接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;Receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device;
    应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;Decrypting the first ciphertext of the cloud server to obtain the first random number and the identification information of the terminal device, and querying the pre-stored license database according to the identifier information and the second public key to verify the terminal device legality;
    如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括 所述第一随机数;And if the license database includes the identifier information and the second public key, applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where The session key includes The first random number;
    接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first ciphertext, and applying the session key to decrypt the first The third ciphertext obtains the decrypted result;
    检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。It is detected whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
  5. 如权利要求4所述的方法,其特征在于,所述应用所述第二公钥对会话密钥加密,包括:The method of claim 4, wherein the applying the second public key to encrypt the session key comprises:
    生成第二随机数,将所述第二随机数与所述第一随机数进行拼接生成会话密钥;Generating a second random number, and splicing the second random number with the first random number to generate a session key;
    应用所述第二公钥对所述会话密钥加密。The session key is encrypted by applying the second public key.
  6. 一种密钥协商装置,其特征在于,包括:A key agreement device, comprising:
    加密模块,用于生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;The cryptographic module is configured to generate a first random number, and use the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext;
    发送模块,用于向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;a sending module, configured to send a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and a second public key of the terminal device, so that the cloud server application office After the first private key decrypts the first ciphertext, verifying the legality of the terminal device according to the identifier information and the second public key;
    响应模块,用于接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;a response module, configured to receive a key agreement response that includes the second ciphertext sent by the second public key after the cloud server is authenticated by the cloud server, where the session key is encrypted. The key includes the first random number;
    解密模块,用于应用所述第二私钥对所述第二密文进行解密,在获得所述第一随机数时,应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。a decryption module, configured to apply the second private key to decrypt the second ciphertext, and when the first random number is obtained, apply the session key to a first character negotiated in advance with the cloud server The string is encrypted, and the key confirmation response including the third ciphertext is sent to the cloud server, so that the cloud server applies the session key to decrypt the third ciphertext, and according to the decryption result Whether the first string is included in the determination whether the key negotiation is successful.
  7. 如权利要求6所述的装置,其特征在于,所述标识信息为所述终端设备的MAC地址;The device according to claim 6, wherein the identification information is a MAC address of the terminal device;
    所述密钥协商请求中还包括:所述第一密文的哈希值,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述MAC地址、所述哈希值和所述第二公钥验证所述终端设备的合法性。The key negotiation request further includes: a hash value of the first ciphertext, so that the cloud server applies the first private key to decrypt the first ciphertext, according to the MAC address, The hash value and the second public key verify the legitimacy of the terminal device.
  8. 如权利要求6所述的装置,其特征在于,所述解密模块用于:The apparatus of claim 6 wherein said decryption module is for:
    按照预设周期通过随机数发生器生成预设长度的随机数;Generating a random number of a preset length by a random number generator according to a preset period;
    将所述随机数与所述第一字符串进行拼接处理生成第二字符串;Splicing the random number with the first character string to generate a second character string;
    应用所述会话密钥对所述第二字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处 理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。Encrypting the second character string by using the session key, and sending a key confirmation response including the third ciphertext to the cloud server, where the cloud server applies the session key pair to the Third ciphertext decryption And determining whether the key negotiation is successful according to whether the first string is included in the decryption result.
  9. 一种密钥协商装置,其特征在于,包括:A key agreement device, comprising:
    接收模块,用于接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;a receiving module, configured to receive a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device;
    查询模块,用于应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;a query module, configured to decrypt the first ciphertext by using the first private key of the cloud server to obtain the first random number and the identification information of the terminal device, and query the pre-stored license database verification according to the identifier information and the second public key. Legality of the terminal device;
    第一处理模块,用于在所述许可数据库包括所述标识信息和所述第二公钥时,应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;a first processing module, configured to: when the license database includes the identifier information and the second public key, apply the second public key to encrypt a session key, and send the second ciphertext to the terminal device Key negotiation response, wherein the session key includes the first random number;
    第二处理模块,用于接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;a second processing module, configured to receive a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first ciphertext, and apply the Decrypting the third ciphertext by the session key to obtain a decryption result;
    检测模块,用于检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。And a detecting module, configured to detect whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
  10. 如权利要求9所述的装置,其特征在于,所述第一处理模块用于:The apparatus of claim 9, wherein the first processing module is configured to:
    生成第二随机数,将所述第二随机数与所述第一随机数进行拼接生成会话密钥;Generating a second random number, and splicing the second random number with the first random number to generate a session key;
    应用所述第二公钥对所述会话密钥加密Encrypting the session key by applying the second public key
  11. 一种设备,其特征在于,包括:An apparatus, comprising:
    一个或者多个处理器;One or more processors;
    存储器;Memory
    一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时,执行以下步骤:One or more programs, the one or more programs being stored in the memory, and when executed by the one or more processors, performing the following steps:
    生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;Generating a first random number, and applying the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext;
    向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;Sending a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and a second public key of the terminal device, so that the cloud server applies the first private key After decrypting the first ciphertext, verifying the legality of the terminal device according to the identifier information and the second public key;
    接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;Receiving, by the cloud server, the key agreement response including the second ciphertext sent by the second public key after the session key is encrypted, wherein the session key includes the first a random number;
    应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包 括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。Applying the second private key to decrypt the second ciphertext, and if the first random number is obtained, applying the session key to encrypt the first character string negotiated in advance with the cloud server, The cloud server sends a packet a key confirmation response of the third ciphertext, wherein the cloud server applies the session key to decrypt the third ciphertext, and determines whether the first string is included in the decryption result. Whether the key negotiation was successful.
  12. 一种设备,其特征在于,包括:An apparatus, comprising:
    一个或者多个处理器;One or more processors;
    存储器;Memory
    一个或者多个程序,所述一个或者多个程序存储在所述存储器中,当被所述一个或者多个处理器执行时,执行以下步骤:One or more programs, the one or more programs being stored in the memory, and when executed by the one or more processors, performing the following steps:
    接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;Receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device;
    应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;Decrypting the first ciphertext of the cloud server to obtain the first random number and the identification information of the terminal device, and querying the pre-stored license database according to the identifier information and the second public key to verify the terminal device legality;
    如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;And if the license database includes the identifier information and the second public key, applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where The session key includes the first random number;
    接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first ciphertext, and applying the session key to decrypt the first The third ciphertext obtains the decrypted result;
    检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。It is detected whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
  13. 一种非易失性计算机存储介质,其特征在于,所述计算机存储介质存储有一个或者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备执行以下步骤:A non-volatile computer storage medium, characterized in that the computer storage medium stores one or more programs, when the one or more programs are executed by a device, causing the device to perform the following steps:
    生成第一随机数,应用云端服务器的第一公钥对所述第一随机数和终端设备的标识信息进行加密生成第一密文;Generating a first random number, and applying the first public key of the cloud server to encrypt the first random number and the identification information of the terminal device to generate a first ciphertext;
    向所述云端服务器发送密钥协商请求,其中,所述密钥协商请求包括:所述第一密文和所述终端设备的第二公钥,以便所述云端服务器应用所述第一私钥解密所述第一密文后,根据所述标识信息和所述第二公钥验证所述终端设备的合法性;Sending a key negotiation request to the cloud server, where the key negotiation request includes: the first ciphertext and a second public key of the terminal device, so that the cloud server applies the first private key After decrypting the first ciphertext, verifying the legality of the terminal device according to the identifier information and the second public key;
    接收所述云端服务器验证所述终端设备合法后,应用所述第二公钥对会话密钥加密后发送的包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;Receiving, by the cloud server, the key agreement response including the second ciphertext sent by the second public key after the session key is encrypted, wherein the session key includes the first a random number;
    应用所述第二私钥对所述第二密文进行解密,如果获得所述第一随机数,则应用所述会话密钥对预先与所述云端服务器协商的第一字符串进行加密,向所述云端服务器发送包括所述第三密文的密钥确认响应,以供所述云端服务器应用所述会话密钥对所述第三密文进行解密处理,并根据解密结果中是否包含所述第一字符串确定密钥协商是否成功。Applying the second private key to decrypt the second ciphertext, and if the first random number is obtained, applying the session key to encrypt the first character string negotiated in advance with the cloud server, The cloud server sends a key confirmation response including the third ciphertext, so that the cloud server applies the session key to decrypt the third ciphertext, and according to whether the decryption result includes the The first string determines if the key negotiation was successful.
  14. 一种非易失性计算机存储介质,其特征在于,所述计算机存储介质存储有一个或 者多个程序,当所述一个或者多个程序被一个设备执行时,使得所述设备执行以下步骤:A non-volatile computer storage medium, characterized in that the computer storage medium stores one or A plurality of programs, when the one or more programs are executed by a device, cause the device to perform the following steps:
    接收终端设备发送的密钥协商请求,其中,所述密钥协商请求包括:第一密文和终端设备的第二公钥;Receiving a key negotiation request sent by the terminal device, where the key negotiation request includes: a first ciphertext and a second public key of the terminal device;
    应用云端服务器的第一私钥解密所述第一密文获取第一随机数和终端设备的标识信息,根据所述标识信息和所述第二公钥查询预存的许可数据库验证所述终端设备的合法性;Decrypting the first ciphertext of the cloud server to obtain the first random number and the identification information of the terminal device, and querying the pre-stored license database according to the identifier information and the second public key to verify the terminal device legality;
    如果所述许可数据库包括所述标识信息和所述第二公钥,则应用所述第二公钥对会话密钥加密,向所述终端设备发送包括第二密文的密钥协商响应,其中,所述会话密钥包括所述第一随机数;And if the license database includes the identifier information and the second public key, applying the second public key to encrypt the session key, and sending a key agreement response including the second ciphertext to the terminal device, where The session key includes the first random number;
    接收所述终端设备应用所述第二私钥解密所述第二密文获取所述第一随机数后发送的包括第三密文的密钥确认响应,应用所述会话密钥解密所述第三密文获取解密结果;Receiving a key confirmation response including the third ciphertext sent by the terminal device after the second private key is decrypted by the second private key to obtain the first ciphertext, and applying the session key to decrypt the first The third ciphertext obtains the decrypted result;
    检测所述解密结果中是否包含与所述终端设备预先协商的第一字符串确定密钥协商是否成功。 It is detected whether the decryption result includes whether the first string determined in advance with the terminal device determines whether the key negotiation is successful.
PCT/CN2016/104113 2016-10-31 2016-10-31 Key negotiation method and device WO2018076365A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/104113 WO2018076365A1 (en) 2016-10-31 2016-10-31 Key negotiation method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/104113 WO2018076365A1 (en) 2016-10-31 2016-10-31 Key negotiation method and device

Publications (1)

Publication Number Publication Date
WO2018076365A1 true WO2018076365A1 (en) 2018-05-03

Family

ID=62023049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/104113 WO2018076365A1 (en) 2016-10-31 2016-10-31 Key negotiation method and device

Country Status (1)

Country Link
WO (1) WO2018076365A1 (en)

Cited By (110)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109376021A (en) * 2018-09-26 2019-02-22 深圳壹账通智能科技有限公司 The response method and server that interface calls
CN109379176A (en) * 2018-12-10 2019-02-22 湖北工业大学 A kind of certifiede-mail protocol method of anti-password leakage
CN110011958A (en) * 2018-12-13 2019-07-12 平安科技(深圳)有限公司 Information ciphering method, device, computer equipment and storage medium
CN110224816A (en) * 2019-05-15 2019-09-10 如般量子科技有限公司 Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number
CN110266485A (en) * 2019-06-28 2019-09-20 宁波奥克斯电气股份有限公司 A kind of Internet of Things secure communication control method based on NB-IoT
CN110378753A (en) * 2019-07-29 2019-10-25 秒针信息技术有限公司 A kind of advertisement serving policy determines method and device
CN110796443A (en) * 2019-10-28 2020-02-14 飞天诚信科技股份有限公司 Method and terminal for constructing magnetic track data
CN110830243A (en) * 2019-10-18 2020-02-21 中国第一汽车股份有限公司 Symmetric key distribution method, device, vehicle and storage medium
CN110868294A (en) * 2019-12-09 2020-03-06 北京智宝云科科技有限公司 Key updating method, device and equipment
CN110912872A (en) * 2019-11-04 2020-03-24 国网思极神往位置服务(北京)有限公司 New energy power plant dispatching data acquisition system based on Beidou electric power application
CN111031352A (en) * 2019-12-02 2020-04-17 北京奇艺世纪科技有限公司 Audio and video encryption method, security processing method, device and storage medium
CN111065092A (en) * 2019-12-30 2020-04-24 江苏全链通信息科技有限公司 5G communication information encryption and decryption method, equipment and storage medium
CN111082935A (en) * 2019-12-31 2020-04-28 江苏芯盛智能科技有限公司 Media key generation method and device and terminal based on media key
CN111130750A (en) * 2018-10-30 2020-05-08 长城汽车股份有限公司 Vehicle CAN safety communication method and system
CN111127014A (en) * 2019-12-25 2020-05-08 中国银联股份有限公司 Transaction information processing method, server, user terminal, system and storage medium
CN111177739A (en) * 2019-10-28 2020-05-19 腾讯云计算(北京)有限责任公司 Data processing method, information interaction system and computer storage medium
CN111385793A (en) * 2018-12-30 2020-07-07 上海银基信息安全技术股份有限公司 Instruction sending method, instruction sending system, electronic equipment and storage medium
CN111405082A (en) * 2020-03-23 2020-07-10 Oppo(重庆)智能科技有限公司 Device connection method, electronic device, terminal and storage medium
CN111404952A (en) * 2020-03-24 2020-07-10 中国南方电网有限责任公司 Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN111416718A (en) * 2020-03-13 2020-07-14 浙江华消科技有限公司 Method and device for receiving communication key, method and device for sending communication key
CN111431717A (en) * 2020-03-31 2020-07-17 兴唐通信科技有限公司 Encryption method for satellite mobile communication system
CN111526160A (en) * 2020-05-26 2020-08-11 中国联合网络通信集团有限公司 Secret information processing method and server
CN111586055A (en) * 2020-05-09 2020-08-25 天合光能股份有限公司 Method for realizing communication safety of energy storage system based on DES random token
CN111586070A (en) * 2020-05-15 2020-08-25 北京中油瑞飞信息技术有限责任公司 Three-phase metering device communication method and device, three-phase metering device and storage medium
CN111600854A (en) * 2020-04-29 2020-08-28 北京智芯微电子科技有限公司 Method for establishing security channel between intelligent terminal and server
CN111614637A (en) * 2020-05-08 2020-09-01 郑州信大捷安信息技术股份有限公司 Secure communication method and system based on software cryptographic module
CN111698225A (en) * 2020-05-28 2020-09-22 国家电网有限公司 Application service authentication encryption method suitable for power dispatching control system
CN111723384A (en) * 2019-03-22 2020-09-29 阿里巴巴集团控股有限公司 Data processing method, system and equipment
CN111740985A (en) * 2020-06-19 2020-10-02 国动物联网有限公司 TCP long connection security verification encryption method
CN111786778A (en) * 2020-06-12 2020-10-16 视联动力信息技术股份有限公司 Method and device for updating key
CN112052018A (en) * 2020-09-09 2020-12-08 北京文香信息技术有限公司 Application program installation method and device
CN112087419A (en) * 2020-07-25 2020-12-15 北京蜂云科创信息技术有限公司 Vehicle-mounted terminal data transmission safety protection method and device
CN112118210A (en) * 2019-06-20 2020-12-22 阿里巴巴集团控股有限公司 Authentication key configuration method, device, system and storage medium
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112149140A (en) * 2019-06-28 2020-12-29 北京百度网讯科技有限公司 Prediction method, device, equipment and storage medium
CN112152963A (en) * 2019-06-26 2020-12-29 国民技术股份有限公司 Intelligent lock, security platform and authentication method thereof
CN112311533A (en) * 2019-07-29 2021-02-02 中国电信股份有限公司 Terminal identity authentication method, system and storage medium
CN112332940A (en) * 2020-11-06 2021-02-05 北京东土科技股份有限公司 Data transmission method based on time synchronization network and related equipment
CN112422275A (en) * 2020-10-26 2021-02-26 深圳Tcl新技术有限公司 Key negotiation method, system, equipment and computer storage medium in UART communication
CN112436936A (en) * 2020-11-11 2021-03-02 安徽量安通信息科技有限公司 Cloud storage method and system with quantum encryption function
CN112448808A (en) * 2019-08-29 2021-03-05 斑马智行网络(香港)有限公司 Communication method, device, access point, server, system and storage medium
CN112487380A (en) * 2020-12-16 2021-03-12 江苏国科微电子有限公司 Data interaction method, device, equipment and medium
CN112511295A (en) * 2020-11-12 2021-03-16 银联商务股份有限公司 Authentication method and device for interface calling, micro-service application and key management center
CN112533213A (en) * 2019-09-17 2021-03-19 中移(苏州)软件技术有限公司 Key negotiation method, device, terminal and storage medium
CN112822016A (en) * 2021-01-25 2021-05-18 厦门市易联众易惠科技有限公司 Method for performing data authorization on blockchain and blockchain network
CN112839062A (en) * 2021-04-20 2021-05-25 北京天维信通科技有限公司 Port hiding method, device and equipment with mixed authentication signals
CN112929166A (en) * 2021-02-03 2021-06-08 中国人民解放军火箭军工程大学 Master station, slave station and data transmission system based on Modbus-TCP protocol
CN112995120A (en) * 2019-12-18 2021-06-18 北京国双科技有限公司 Data monitoring method and device
CN113014376A (en) * 2019-12-21 2021-06-22 浙江宇视科技有限公司 Method for safety authentication between user and server
CN113010293A (en) * 2021-03-19 2021-06-22 广州万协通信息技术有限公司 Multithreading concurrent data encryption and decryption processing method and device and storage medium
CN113055340A (en) * 2019-12-26 2021-06-29 华为技术有限公司 Authentication method and device
CN113099443A (en) * 2019-12-23 2021-07-09 阿里巴巴集团控股有限公司 Equipment authentication method, device, equipment and system
CN113141333A (en) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 Communication method, device, server, system and storage medium for network access device
CN113194465A (en) * 2021-04-20 2021-07-30 歌尔股份有限公司 BLE connection verification method and device between terminals and readable storage medium
CN113207121A (en) * 2021-03-31 2021-08-03 中国电力科学研究院有限公司 Key management method and system for intelligent power distribution network communication system
CN113254957A (en) * 2019-11-26 2021-08-13 支付宝(杭州)信息技术有限公司 Data query method, device, equipment and system based on privacy information protection
CN113395406A (en) * 2021-06-23 2021-09-14 中国电力科学研究院有限公司 Encryption authentication method and system based on power equipment fingerprints
CN113422683A (en) * 2021-03-04 2021-09-21 上海数道信息科技有限公司 Edge cloud cooperative data transmission method, system, storage medium and terminal
CN113572743A (en) * 2021-07-02 2021-10-29 深圳追一科技有限公司 Data encryption and decryption method and device, computer equipment and storage medium
CN113591113A (en) * 2021-07-29 2021-11-02 华控清交信息科技(北京)有限公司 Privacy calculation method, device and system and electronic equipment
CN113613227A (en) * 2021-08-09 2021-11-05 青岛海尔科技有限公司 Data transmission method and device of Bluetooth equipment, storage medium and electronic device
CN113676478A (en) * 2021-08-20 2021-11-19 北京奇艺世纪科技有限公司 Data processing method and related equipment
CN113674456A (en) * 2021-08-19 2021-11-19 中国建设银行股份有限公司 Unlocking method, unlocking device, electronic equipment and storage medium
CN113691958A (en) * 2021-09-02 2021-11-23 北卡科技有限公司 SM 9-based V2X identity authentication method
CN113852459A (en) * 2021-08-13 2021-12-28 中央财经大学 Key agreement method, device and computer readable storage medium
CN113902069A (en) * 2021-09-18 2022-01-07 瀚辰科技有限公司 Homing pigeon foot ring based on NFC antenna and identification method thereof
CN114022259A (en) * 2021-11-11 2022-02-08 陕西华春网络科技股份有限公司 Bidding method and device based on public key designation and identity verification
CN114051031A (en) * 2021-11-16 2022-02-15 中国电信股份有限公司 Encryption communication method, system, equipment and storage medium based on distributed identity
WO2022037379A1 (en) * 2020-08-20 2022-02-24 飞天诚信科技股份有限公司 Electronic device and method therefor for protecting seed data packet
CN114095256A (en) * 2021-11-23 2022-02-25 广州市诺的电子有限公司 Terminal authentication method, system, equipment and storage medium based on edge calculation
CN114142995A (en) * 2021-11-05 2022-03-04 支付宝(杭州)信息技术有限公司 Key secure distribution method and device for block chain relay communication network
CN114172745A (en) * 2022-01-19 2022-03-11 中电华瑞技术有限公司 Internet of things security protocol system
CN114205083A (en) * 2021-12-22 2022-03-18 中国电信股份有限公司 SRv 6-based security authentication method, network node and authentication system
CN114221784A (en) * 2021-11-12 2022-03-22 招银云创信息技术有限公司 Data transmission method and computer equipment
CN114244513A (en) * 2021-12-31 2022-03-25 日晷科技(上海)有限公司 Key agreement method, device and storage medium
CN114244630A (en) * 2022-02-15 2022-03-25 北京指掌易科技有限公司 Communication method, device, equipment and storage medium
CN114297618A (en) * 2021-12-28 2022-04-08 北京深思数盾科技股份有限公司 Authorization code generation method, identity authentication method, terminal, server and medium
CN114338184A (en) * 2021-12-29 2022-04-12 中国电信股份有限公司 Communication encryption method, device, nonvolatile storage medium and processor
CN114363088A (en) * 2022-02-18 2022-04-15 京东科技信息技术有限公司 Method and device for requesting data
CN114362946A (en) * 2022-03-10 2022-04-15 北京得瑞领新科技有限公司 Key agreement method and system
CN114389804A (en) * 2021-12-30 2022-04-22 中国电信股份有限公司 Intelligent terminal control method and device, electronic equipment and storage medium
CN114398602A (en) * 2022-01-11 2022-04-26 国家计算机网络与信息安全管理中心 Internet of things terminal identity authentication method based on edge calculation
CN114419765A (en) * 2022-01-18 2022-04-29 上汽通用五菱汽车股份有限公司 Method and device for realizing vehicle safety control by NFC card and readable storage medium
CN114422251A (en) * 2022-01-21 2022-04-29 晋商博创(北京)科技有限公司 Cloud-based multi-factor password processing method and device and storage medium
CN114448613A (en) * 2021-12-21 2022-05-06 北京邮电大学 Physical layer key generation method and device of communication system and electronic equipment
CN114650175A (en) * 2022-03-21 2022-06-21 网宿科技股份有限公司 Verification method and device
CN114662087A (en) * 2022-05-20 2022-06-24 广州万协通信息技术有限公司 Multi-terminal verification security chip firmware updating method and device
CN114697956A (en) * 2022-01-26 2022-07-01 深圳市三诺数字科技有限公司 Secure communication method based on double links and related equipment thereof
CN114697000A (en) * 2020-12-28 2022-07-01 深圳Tcl新技术有限公司 Network distribution method, device, terminal and computer readable storage medium
CN114884659A (en) * 2022-07-08 2022-08-09 北京智芯微电子科技有限公司 Key agreement method, gateway, terminal device and storage medium
CN114900348A (en) * 2022-04-28 2022-08-12 福建福链科技有限公司 Block chain sensor data verification method and terminal
CN114915416A (en) * 2022-04-20 2022-08-16 中金金融认证中心有限公司 Method for encrypting file, method for verifying decryption and related products
CN114978554A (en) * 2022-07-29 2022-08-30 广州匠芯创科技有限公司 Software authorization authentication system and method
CN115037552A (en) * 2022-06-29 2022-09-09 北京大甜绵白糖科技有限公司 Authentication method, device, equipment and storage medium
CN115102745A (en) * 2022-06-16 2022-09-23 慧之安信息技术股份有限公司 Internet of things terminal identity security authentication method based on lightweight
CN115134177A (en) * 2022-09-02 2022-09-30 国网瑞嘉(天津)智能机器人有限公司 Networking encryption communication method and device, server equipment and terminal equipment
CN115174195A (en) * 2022-06-30 2022-10-11 中国第一汽车股份有限公司 Database file processing method, encryption terminal and decryption terminal
CN115314204A (en) * 2022-10-11 2022-11-08 南京易科腾信息技术有限公司 Random number generation method, device and storage medium
CN115348076A (en) * 2022-08-12 2022-11-15 天翼数字生活科技有限公司 Equipment security authentication method based on attribute encryption and related device thereof
CN115348066A (en) * 2022-08-05 2022-11-15 昆仑数智科技有限责任公司 Data encryption transmission method and device, electronic equipment and storage medium
CN115499199A (en) * 2022-09-14 2022-12-20 重庆长安汽车股份有限公司 Vehicle safety communication method and device, vehicle and storage medium
CN115577019A (en) * 2022-12-07 2023-01-06 杭州恒生数字设备科技有限公司 Spoken language testing method, device, equipment and storage medium
CN115668858A (en) * 2020-05-29 2023-01-31 华为技术有限公司 Key agreement method, device and system
CN115933993A (en) * 2023-01-04 2023-04-07 山东省地质矿产勘查开发局八〇一水文地质工程地质大队(山东省地矿工程勘察院) System and method for evaluating antifouling function of karst fracture network type aqueous medium
CN115941183A (en) * 2023-02-27 2023-04-07 紫光同芯微电子有限公司 Biological information processing method and related device
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN116208949A (en) * 2023-05-05 2023-06-02 北京智芯微电子科技有限公司 Encryption transmission method and system for communication message, sending terminal and receiving terminal
CN117118756A (en) * 2023-10-23 2023-11-24 中关村芯海择优科技有限公司 Data interaction method, device, computer equipment and computer readable storage medium
CN117176479A (en) * 2023-11-02 2023-12-05 北京安博通科技股份有限公司 Bypass decryption national cipher flow auditing method and device and electronic equipment
WO2024027070A1 (en) * 2022-08-03 2024-02-08 中国电力科学研究院有限公司 Terminal device authentication method and system based on identification public key, and computer-readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060095771A1 (en) * 2004-11-02 2006-05-04 Guido Appenzeller Security device for cryptographic communications
CN101771535A (en) * 2008-12-30 2010-07-07 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
CN105656941A (en) * 2016-03-14 2016-06-08 美的集团股份有限公司 Identity authentication device and method
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server
CN105959189A (en) * 2016-06-08 2016-09-21 美的集团股份有限公司 Home appliance equipment, communication system and method of cloud server and terminal, and terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060095771A1 (en) * 2004-11-02 2006-05-04 Guido Appenzeller Security device for cryptographic communications
CN101771535A (en) * 2008-12-30 2010-07-07 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
CN105656941A (en) * 2016-03-14 2016-06-08 美的集团股份有限公司 Identity authentication device and method
CN105871920A (en) * 2016-06-08 2016-08-17 美的集团股份有限公司 Communication system and method of terminal and cloud server as well as terminal and cloud server
CN105959189A (en) * 2016-06-08 2016-09-21 美的集团股份有限公司 Home appliance equipment, communication system and method of cloud server and terminal, and terminal

Cited By (175)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109376021A (en) * 2018-09-26 2019-02-22 深圳壹账通智能科技有限公司 The response method and server that interface calls
CN111130750B (en) * 2018-10-30 2023-09-12 长城汽车股份有限公司 Vehicle CAN (controller area network) safety communication method and system
CN111130750A (en) * 2018-10-30 2020-05-08 长城汽车股份有限公司 Vehicle CAN safety communication method and system
CN109379176B (en) * 2018-12-10 2021-12-03 湖北工业大学 Password leakage resistant authentication and key agreement method
CN109379176A (en) * 2018-12-10 2019-02-22 湖北工业大学 A kind of certifiede-mail protocol method of anti-password leakage
CN110011958A (en) * 2018-12-13 2019-07-12 平安科技(深圳)有限公司 Information ciphering method, device, computer equipment and storage medium
CN110011958B (en) * 2018-12-13 2023-04-07 平安科技(深圳)有限公司 Information encryption method and device, computer equipment and storage medium
CN111385793A (en) * 2018-12-30 2020-07-07 上海银基信息安全技术股份有限公司 Instruction sending method, instruction sending system, electronic equipment and storage medium
CN111723384B (en) * 2019-03-22 2024-04-02 阿里巴巴集团控股有限公司 Data processing method, system and equipment
CN111723384A (en) * 2019-03-22 2020-09-29 阿里巴巴集团控股有限公司 Data processing method, system and equipment
CN110224816B (en) * 2019-05-15 2023-09-05 如般量子科技有限公司 Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment
CN110224816A (en) * 2019-05-15 2019-09-10 如般量子科技有限公司 Anti- quantum calculation application system and short distance energy-saving communication method and computer equipment based on key card and sequence number
CN112118210B (en) * 2019-06-20 2023-09-01 阿里巴巴集团控股有限公司 Authentication key configuration method, device, system and storage medium
CN112118210A (en) * 2019-06-20 2020-12-22 阿里巴巴集团控股有限公司 Authentication key configuration method, device, system and storage medium
CN112152963B (en) * 2019-06-26 2024-04-09 国民技术股份有限公司 Intelligent lock, security platform and authentication method thereof
CN112152963A (en) * 2019-06-26 2020-12-29 国民技术股份有限公司 Intelligent lock, security platform and authentication method thereof
CN110266485B (en) * 2019-06-28 2022-06-24 宁波奥克斯电气股份有限公司 Internet of things safety communication control method based on NB-IoT
CN112149140B (en) * 2019-06-28 2023-06-27 北京百度网讯科技有限公司 Prediction method, prediction device, prediction equipment and storage medium
CN110266485A (en) * 2019-06-28 2019-09-20 宁波奥克斯电气股份有限公司 A kind of Internet of Things secure communication control method based on NB-IoT
CN112149140A (en) * 2019-06-28 2020-12-29 北京百度网讯科技有限公司 Prediction method, device, equipment and storage medium
CN112311533A (en) * 2019-07-29 2021-02-02 中国电信股份有限公司 Terminal identity authentication method, system and storage medium
CN110378753A (en) * 2019-07-29 2019-10-25 秒针信息技术有限公司 A kind of advertisement serving policy determines method and device
CN110378753B (en) * 2019-07-29 2022-05-17 秒针信息技术有限公司 Advertisement putting strategy determination method and device
CN112448808A (en) * 2019-08-29 2021-03-05 斑马智行网络(香港)有限公司 Communication method, device, access point, server, system and storage medium
CN112533213A (en) * 2019-09-17 2021-03-19 中移(苏州)软件技术有限公司 Key negotiation method, device, terminal and storage medium
CN112533213B (en) * 2019-09-17 2022-06-10 中移(苏州)软件技术有限公司 Key negotiation method, device, terminal and storage medium
CN110830243A (en) * 2019-10-18 2020-02-21 中国第一汽车股份有限公司 Symmetric key distribution method, device, vehicle and storage medium
CN110830243B (en) * 2019-10-18 2023-06-09 中国第一汽车股份有限公司 Symmetric key distribution method, device, vehicle and storage medium
CN110796443B (en) * 2019-10-28 2023-09-19 飞天诚信科技股份有限公司 Method and terminal for constructing track data
CN110796443A (en) * 2019-10-28 2020-02-14 飞天诚信科技股份有限公司 Method and terminal for constructing magnetic track data
CN111177739A (en) * 2019-10-28 2020-05-19 腾讯云计算(北京)有限责任公司 Data processing method, information interaction system and computer storage medium
CN111177739B (en) * 2019-10-28 2023-11-03 腾讯云计算(北京)有限责任公司 Data processing method, information interaction system and computer storage medium
CN110912872A (en) * 2019-11-04 2020-03-24 国网思极神往位置服务(北京)有限公司 New energy power plant dispatching data acquisition system based on Beidou electric power application
CN113254957A (en) * 2019-11-26 2021-08-13 支付宝(杭州)信息技术有限公司 Data query method, device, equipment and system based on privacy information protection
CN113254957B (en) * 2019-11-26 2022-04-08 支付宝(杭州)信息技术有限公司 Data query method, device, equipment and system based on privacy information protection
CN111031352A (en) * 2019-12-02 2020-04-17 北京奇艺世纪科技有限公司 Audio and video encryption method, security processing method, device and storage medium
CN111031352B (en) * 2019-12-02 2022-10-18 北京奇艺世纪科技有限公司 Audio and video encryption method, security processing method, device and storage medium
CN110868294A (en) * 2019-12-09 2020-03-06 北京智宝云科科技有限公司 Key updating method, device and equipment
CN110868294B (en) * 2019-12-09 2023-03-24 北京智宝云科科技有限公司 Key updating method, device and equipment
CN112995120A (en) * 2019-12-18 2021-06-18 北京国双科技有限公司 Data monitoring method and device
CN113014376B (en) * 2019-12-21 2022-06-14 浙江宇视科技有限公司 Method for safety authentication between user and server
CN113014376A (en) * 2019-12-21 2021-06-22 浙江宇视科技有限公司 Method for safety authentication between user and server
CN113099443A (en) * 2019-12-23 2021-07-09 阿里巴巴集团控股有限公司 Equipment authentication method, device, equipment and system
CN111127014B (en) * 2019-12-25 2023-09-19 中国银联股份有限公司 Transaction information processing method, server, user terminal, system and storage medium
CN111127014A (en) * 2019-12-25 2020-05-08 中国银联股份有限公司 Transaction information processing method, server, user terminal, system and storage medium
CN113055340B (en) * 2019-12-26 2023-09-26 华为技术有限公司 Authentication method and equipment
CN113055340A (en) * 2019-12-26 2021-06-29 华为技术有限公司 Authentication method and device
CN111065092A (en) * 2019-12-30 2020-04-24 江苏全链通信息科技有限公司 5G communication information encryption and decryption method, equipment and storage medium
CN111082935B (en) * 2019-12-31 2022-07-12 江苏芯盛智能科技有限公司 Media key generation method and device and terminal based on media key
CN111082935A (en) * 2019-12-31 2020-04-28 江苏芯盛智能科技有限公司 Media key generation method and device and terminal based on media key
CN113141333A (en) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 Communication method, device, server, system and storage medium for network access device
CN111416718A (en) * 2020-03-13 2020-07-14 浙江华消科技有限公司 Method and device for receiving communication key, method and device for sending communication key
CN111405082A (en) * 2020-03-23 2020-07-10 Oppo(重庆)智能科技有限公司 Device connection method, electronic device, terminal and storage medium
CN111404952A (en) * 2020-03-24 2020-07-10 中国南方电网有限责任公司 Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN111404952B (en) * 2020-03-24 2022-06-14 中国南方电网有限责任公司 Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN111431717A (en) * 2020-03-31 2020-07-17 兴唐通信科技有限公司 Encryption method for satellite mobile communication system
CN111600854A (en) * 2020-04-29 2020-08-28 北京智芯微电子科技有限公司 Method for establishing security channel between intelligent terminal and server
CN111600854B (en) * 2020-04-29 2022-03-08 北京智芯微电子科技有限公司 Method for establishing security channel between intelligent terminal and server
CN111614637A (en) * 2020-05-08 2020-09-01 郑州信大捷安信息技术股份有限公司 Secure communication method and system based on software cryptographic module
CN111586055A (en) * 2020-05-09 2020-08-25 天合光能股份有限公司 Method for realizing communication safety of energy storage system based on DES random token
CN111586070A (en) * 2020-05-15 2020-08-25 北京中油瑞飞信息技术有限责任公司 Three-phase metering device communication method and device, three-phase metering device and storage medium
CN111526160A (en) * 2020-05-26 2020-08-11 中国联合网络通信集团有限公司 Secret information processing method and server
CN111698225A (en) * 2020-05-28 2020-09-22 国家电网有限公司 Application service authentication encryption method suitable for power dispatching control system
CN115668858A (en) * 2020-05-29 2023-01-31 华为技术有限公司 Key agreement method, device and system
CN111786778A (en) * 2020-06-12 2020-10-16 视联动力信息技术股份有限公司 Method and device for updating key
CN111740985A (en) * 2020-06-19 2020-10-02 国动物联网有限公司 TCP long connection security verification encryption method
CN112087419A (en) * 2020-07-25 2020-12-15 北京蜂云科创信息技术有限公司 Vehicle-mounted terminal data transmission safety protection method and device
CN112087419B (en) * 2020-07-25 2022-07-29 北京蜂云科创信息技术有限公司 Vehicle-mounted terminal data transmission safety protection method and device
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112134694B (en) * 2020-08-11 2024-01-23 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
WO2022037379A1 (en) * 2020-08-20 2022-02-24 飞天诚信科技股份有限公司 Electronic device and method therefor for protecting seed data packet
CN112052018A (en) * 2020-09-09 2020-12-08 北京文香信息技术有限公司 Application program installation method and device
CN112052018B (en) * 2020-09-09 2024-02-20 安徽文香科技股份有限公司 Application program installation method and device
CN112422275A (en) * 2020-10-26 2021-02-26 深圳Tcl新技术有限公司 Key negotiation method, system, equipment and computer storage medium in UART communication
CN112332940B (en) * 2020-11-06 2024-03-12 北京东土科技股份有限公司 Data transmission method based on time synchronization network and related equipment
CN112332940A (en) * 2020-11-06 2021-02-05 北京东土科技股份有限公司 Data transmission method based on time synchronization network and related equipment
CN112436936A (en) * 2020-11-11 2021-03-02 安徽量安通信息科技有限公司 Cloud storage method and system with quantum encryption function
CN112436936B (en) * 2020-11-11 2022-11-01 安徽量安通信息科技有限公司 Cloud storage method and system with quantum encryption function
CN112511295B (en) * 2020-11-12 2022-11-22 银联商务股份有限公司 Authentication method and device for interface calling, micro-service application and key management center
CN112511295A (en) * 2020-11-12 2021-03-16 银联商务股份有限公司 Authentication method and device for interface calling, micro-service application and key management center
CN112487380A (en) * 2020-12-16 2021-03-12 江苏国科微电子有限公司 Data interaction method, device, equipment and medium
CN112487380B (en) * 2020-12-16 2024-04-05 江苏国科微电子有限公司 Data interaction method, device, equipment and medium
CN114697000A (en) * 2020-12-28 2022-07-01 深圳Tcl新技术有限公司 Network distribution method, device, terminal and computer readable storage medium
CN112822016A (en) * 2021-01-25 2021-05-18 厦门市易联众易惠科技有限公司 Method for performing data authorization on blockchain and blockchain network
CN112822016B (en) * 2021-01-25 2023-04-28 厦门市易联众易惠科技有限公司 Method for data authorization on block chain and block chain network
CN112929166B (en) * 2021-02-03 2022-10-04 中国人民解放军火箭军工程大学 Master station, slave station and data transmission system based on Modbus-TCP protocol
CN112929166A (en) * 2021-02-03 2021-06-08 中国人民解放军火箭军工程大学 Master station, slave station and data transmission system based on Modbus-TCP protocol
CN113422683A (en) * 2021-03-04 2021-09-21 上海数道信息科技有限公司 Edge cloud cooperative data transmission method, system, storage medium and terminal
CN113010293B (en) * 2021-03-19 2023-08-22 广州万协通信息技术有限公司 Multithread concurrent data encryption and decryption processing method, device and storage medium
CN113010293A (en) * 2021-03-19 2021-06-22 广州万协通信息技术有限公司 Multithreading concurrent data encryption and decryption processing method and device and storage medium
CN113207121A (en) * 2021-03-31 2021-08-03 中国电力科学研究院有限公司 Key management method and system for intelligent power distribution network communication system
CN112839062A (en) * 2021-04-20 2021-05-25 北京天维信通科技有限公司 Port hiding method, device and equipment with mixed authentication signals
CN113194465A (en) * 2021-04-20 2021-07-30 歌尔股份有限公司 BLE connection verification method and device between terminals and readable storage medium
CN113194465B (en) * 2021-04-20 2023-11-24 歌尔股份有限公司 BLE connection verification method and device between terminals and readable storage medium
CN113395406A (en) * 2021-06-23 2021-09-14 中国电力科学研究院有限公司 Encryption authentication method and system based on power equipment fingerprints
CN113395406B (en) * 2021-06-23 2024-02-13 中国电力科学研究院有限公司 Encryption authentication method and system based on power equipment fingerprint
CN113572743B (en) * 2021-07-02 2023-07-28 深圳追一科技有限公司 Data encryption and decryption methods and devices, computer equipment and storage medium
CN113572743A (en) * 2021-07-02 2021-10-29 深圳追一科技有限公司 Data encryption and decryption method and device, computer equipment and storage medium
CN113591113A (en) * 2021-07-29 2021-11-02 华控清交信息科技(北京)有限公司 Privacy calculation method, device and system and electronic equipment
CN113591113B (en) * 2021-07-29 2024-04-05 华控清交信息科技(北京)有限公司 Privacy calculation method, device and system and electronic equipment
CN113613227B (en) * 2021-08-09 2023-10-24 青岛海尔科技有限公司 Data transmission method and device of Bluetooth equipment, storage medium and electronic device
CN113613227A (en) * 2021-08-09 2021-11-05 青岛海尔科技有限公司 Data transmission method and device of Bluetooth equipment, storage medium and electronic device
CN113852459B (en) * 2021-08-13 2024-03-19 中央财经大学 Key agreement method, device and computer readable storage medium
CN113852459A (en) * 2021-08-13 2021-12-28 中央财经大学 Key agreement method, device and computer readable storage medium
CN113674456B (en) * 2021-08-19 2023-09-22 中国建设银行股份有限公司 Unlocking method, unlocking device, electronic equipment and storage medium
CN113674456A (en) * 2021-08-19 2021-11-19 中国建设银行股份有限公司 Unlocking method, unlocking device, electronic equipment and storage medium
CN113676478B (en) * 2021-08-20 2023-09-12 北京奇艺世纪科技有限公司 Data processing method and related equipment
CN113676478A (en) * 2021-08-20 2021-11-19 北京奇艺世纪科技有限公司 Data processing method and related equipment
CN113691958A (en) * 2021-09-02 2021-11-23 北卡科技有限公司 SM 9-based V2X identity authentication method
CN113691958B (en) * 2021-09-02 2023-06-09 北卡科技有限公司 SM 9-based V2X identity authentication method
CN113902069A (en) * 2021-09-18 2022-01-07 瀚辰科技有限公司 Homing pigeon foot ring based on NFC antenna and identification method thereof
CN114142995B (en) * 2021-11-05 2023-08-22 支付宝(杭州)信息技术有限公司 Key security distribution method and device for block chain relay communication network
CN114142995A (en) * 2021-11-05 2022-03-04 支付宝(杭州)信息技术有限公司 Key secure distribution method and device for block chain relay communication network
CN114022259A (en) * 2021-11-11 2022-02-08 陕西华春网络科技股份有限公司 Bidding method and device based on public key designation and identity verification
CN114022259B (en) * 2021-11-11 2023-08-25 陕西华春网络科技股份有限公司 Bidding method and device based on public key assignment and identity verification
CN114221784B (en) * 2021-11-12 2024-04-09 招银云创信息技术有限公司 Data transmission method and computer equipment
CN114221784A (en) * 2021-11-12 2022-03-22 招银云创信息技术有限公司 Data transmission method and computer equipment
CN114051031A (en) * 2021-11-16 2022-02-15 中国电信股份有限公司 Encryption communication method, system, equipment and storage medium based on distributed identity
CN114095256B (en) * 2021-11-23 2023-09-26 广州市诺的电子有限公司 Terminal authentication method, system, equipment and storage medium based on edge calculation
CN114095256A (en) * 2021-11-23 2022-02-25 广州市诺的电子有限公司 Terminal authentication method, system, equipment and storage medium based on edge calculation
CN114448613B (en) * 2021-12-21 2024-01-26 北京邮电大学 Physical layer key generation method and device of communication system and electronic equipment
CN114448613A (en) * 2021-12-21 2022-05-06 北京邮电大学 Physical layer key generation method and device of communication system and electronic equipment
CN114205083A (en) * 2021-12-22 2022-03-18 中国电信股份有限公司 SRv 6-based security authentication method, network node and authentication system
CN114297618A (en) * 2021-12-28 2022-04-08 北京深思数盾科技股份有限公司 Authorization code generation method, identity authentication method, terminal, server and medium
CN114338184A (en) * 2021-12-29 2022-04-12 中国电信股份有限公司 Communication encryption method, device, nonvolatile storage medium and processor
CN114389804A (en) * 2021-12-30 2022-04-22 中国电信股份有限公司 Intelligent terminal control method and device, electronic equipment and storage medium
CN114244513A (en) * 2021-12-31 2022-03-25 日晷科技(上海)有限公司 Key agreement method, device and storage medium
CN114244513B (en) * 2021-12-31 2024-02-09 日晷科技(上海)有限公司 Key negotiation method, device and storage medium
CN114398602A (en) * 2022-01-11 2022-04-26 国家计算机网络与信息安全管理中心 Internet of things terminal identity authentication method based on edge calculation
CN114419765A (en) * 2022-01-18 2022-04-29 上汽通用五菱汽车股份有限公司 Method and device for realizing vehicle safety control by NFC card and readable storage medium
CN114172745A (en) * 2022-01-19 2022-03-11 中电华瑞技术有限公司 Internet of things security protocol system
CN114422251A (en) * 2022-01-21 2022-04-29 晋商博创(北京)科技有限公司 Cloud-based multi-factor password processing method and device and storage medium
CN114422251B (en) * 2022-01-21 2024-02-13 晋商博创(北京)科技有限公司 Cloud-based multi-factor password processing method, device and storage medium
CN114697956A (en) * 2022-01-26 2022-07-01 深圳市三诺数字科技有限公司 Secure communication method based on double links and related equipment thereof
CN114244630A (en) * 2022-02-15 2022-03-25 北京指掌易科技有限公司 Communication method, device, equipment and storage medium
CN114363088B (en) * 2022-02-18 2024-04-16 京东科技信息技术有限公司 Method and device for requesting data
CN114363088A (en) * 2022-02-18 2022-04-15 京东科技信息技术有限公司 Method and device for requesting data
CN114362946A (en) * 2022-03-10 2022-04-15 北京得瑞领新科技有限公司 Key agreement method and system
CN114362946B (en) * 2022-03-10 2022-06-07 北京得瑞领新科技有限公司 Key agreement method and system
CN114650175B (en) * 2022-03-21 2024-04-02 网宿科技股份有限公司 Verification method and device
CN114650175A (en) * 2022-03-21 2022-06-21 网宿科技股份有限公司 Verification method and device
CN114915416A (en) * 2022-04-20 2022-08-16 中金金融认证中心有限公司 Method for encrypting file, method for verifying decryption and related products
CN114900348B (en) * 2022-04-28 2024-01-30 福建福链科技有限公司 Block chain sensor data verification method and terminal
CN114900348A (en) * 2022-04-28 2022-08-12 福建福链科技有限公司 Block chain sensor data verification method and terminal
CN114662087B (en) * 2022-05-20 2022-09-02 广州万协通信息技术有限公司 Multi-terminal verification security chip firmware updating method and device
CN114662087A (en) * 2022-05-20 2022-06-24 广州万协通信息技术有限公司 Multi-terminal verification security chip firmware updating method and device
CN115102745A (en) * 2022-06-16 2022-09-23 慧之安信息技术股份有限公司 Internet of things terminal identity security authentication method based on lightweight
CN115102745B (en) * 2022-06-16 2023-10-27 慧之安信息技术股份有限公司 Lightweight-based terminal identity security authentication method for Internet of things
CN115037552A (en) * 2022-06-29 2022-09-09 北京大甜绵白糖科技有限公司 Authentication method, device, equipment and storage medium
CN115174195A (en) * 2022-06-30 2022-10-11 中国第一汽车股份有限公司 Database file processing method, encryption terminal and decryption terminal
CN114884659A (en) * 2022-07-08 2022-08-09 北京智芯微电子科技有限公司 Key agreement method, gateway, terminal device and storage medium
CN114978554A (en) * 2022-07-29 2022-08-30 广州匠芯创科技有限公司 Software authorization authentication system and method
CN114978554B (en) * 2022-07-29 2022-10-18 广州匠芯创科技有限公司 Software authorization authentication system and method
WO2024027070A1 (en) * 2022-08-03 2024-02-08 中国电力科学研究院有限公司 Terminal device authentication method and system based on identification public key, and computer-readable storage medium
CN115348066B (en) * 2022-08-05 2023-03-28 昆仑数智科技有限责任公司 Data encryption transmission method and device, electronic equipment and storage medium
CN115348066A (en) * 2022-08-05 2022-11-15 昆仑数智科技有限责任公司 Data encryption transmission method and device, electronic equipment and storage medium
CN115348076A (en) * 2022-08-12 2022-11-15 天翼数字生活科技有限公司 Equipment security authentication method based on attribute encryption and related device thereof
WO2024031868A1 (en) * 2022-08-12 2024-02-15 天翼数字生活科技有限公司 Attribute encryption-based device security authentication method and related apparatus thereof
CN115348076B (en) * 2022-08-12 2024-02-06 天翼数字生活科技有限公司 Equipment security authentication method and system based on attribute encryption and related devices thereof
CN115134177B (en) * 2022-09-02 2022-11-18 国网瑞嘉(天津)智能机器人有限公司 Networking encryption communication method and device, server equipment and terminal equipment
CN115134177A (en) * 2022-09-02 2022-09-30 国网瑞嘉(天津)智能机器人有限公司 Networking encryption communication method and device, server equipment and terminal equipment
CN115499199A (en) * 2022-09-14 2022-12-20 重庆长安汽车股份有限公司 Vehicle safety communication method and device, vehicle and storage medium
CN115314204B (en) * 2022-10-11 2022-12-16 南京易科腾信息技术有限公司 Random number generation method, device and storage medium
CN115314204A (en) * 2022-10-11 2022-11-08 南京易科腾信息技术有限公司 Random number generation method, device and storage medium
CN115577019A (en) * 2022-12-07 2023-01-06 杭州恒生数字设备科技有限公司 Spoken language testing method, device, equipment and storage medium
CN115933993A (en) * 2023-01-04 2023-04-07 山东省地质矿产勘查开发局八〇一水文地质工程地质大队(山东省地矿工程勘察院) System and method for evaluating antifouling function of karst fracture network type aqueous medium
CN115933993B (en) * 2023-01-04 2023-05-30 山东省地质矿产勘查开发局八〇一水文地质工程地质大队(山东省地矿工程勘察院) Karst fracture network type aqueous medium antifouling function evaluation system and method
CN116055207B (en) * 2023-01-31 2023-10-03 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN116055207A (en) * 2023-01-31 2023-05-02 深圳市圣驼储能技术有限公司 Encryption method and system for communication data of Internet of things
CN115941183B (en) * 2023-02-27 2023-10-13 紫光同芯微电子有限公司 Biological information processing method and related device
CN115941183A (en) * 2023-02-27 2023-04-07 紫光同芯微电子有限公司 Biological information processing method and related device
CN116208949A (en) * 2023-05-05 2023-06-02 北京智芯微电子科技有限公司 Encryption transmission method and system for communication message, sending terminal and receiving terminal
CN117118756B (en) * 2023-10-23 2024-01-16 中关村芯海择优科技有限公司 Data interaction method, device, computer equipment and computer readable storage medium
CN117118756A (en) * 2023-10-23 2023-11-24 中关村芯海择优科技有限公司 Data interaction method, device, computer equipment and computer readable storage medium
CN117176479A (en) * 2023-11-02 2023-12-05 北京安博通科技股份有限公司 Bypass decryption national cipher flow auditing method and device and electronic equipment

Similar Documents

Publication Publication Date Title
WO2018076365A1 (en) Key negotiation method and device
CN106603485B (en) Key agreement method and device
CN110380852B (en) Bidirectional authentication method and communication system
JP6168415B2 (en) Terminal authentication system, server device, and terminal authentication method
US9847882B2 (en) Multiple factor authentication in an identity certificate service
WO2018045817A1 (en) Mobile network authentication method, terminal device, server and network authentication entity
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
WO2017028593A1 (en) Method for making a network access device access a wireless network access point, network access device, application server, and non-volatile computer readable storage medium
CN107040513B (en) Trusted access authentication processing method, user terminal and server
US20140298037A1 (en) Method, apparatus, and system for securely transmitting data
CN109302412B (en) VoIP communication processing method based on CPK, terminal, server and storage medium
WO2018127081A1 (en) Method and system for obtaining encryption key
US7653713B2 (en) Method of measuring round trip time and proximity checking method using the same
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
US20140281493A1 (en) Provisioning sensitive data into third party
WO2017185913A1 (en) Method for improving wireless local area network authentication mechanism
US20080010242A1 (en) Device authentication method using broadcast encryption (BE)
JP7292263B2 (en) Method and apparatus for managing digital certificates
JP6548172B2 (en) Terminal authentication system, server device, and terminal authentication method
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN113225352B (en) Data transmission method and device, electronic equipment and storage medium
WO2016011588A1 (en) Mobility management entity, home server, terminal, and identity authentication system and method
US20210392004A1 (en) Apparatus and method for authenticating device based on certificate using physical unclonable function
KR100668446B1 (en) Safe --method for transferring digital certificate
WO2018010150A1 (en) Authentication method and authentication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16920134

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 02.10.2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16920134

Country of ref document: EP

Kind code of ref document: A1