CN108173653A - Pass through method of the id password algorithm generation with life cycle key - Google Patents
Pass through method of the id password algorithm generation with life cycle key Download PDFInfo
- Publication number
- CN108173653A CN108173653A CN201810202956.8A CN201810202956A CN108173653A CN 108173653 A CN108173653 A CN 108173653A CN 201810202956 A CN201810202956 A CN 201810202956A CN 108173653 A CN108173653 A CN 108173653A
- Authority
- CN
- China
- Prior art keywords
- key
- voucher
- equipment module
- life cycle
- caller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000006854 communication Effects 0.000 claims abstract description 29
- 238000004891 communication Methods 0.000 claims abstract description 28
- 238000012795 verification Methods 0.000 abstract description 2
- 230000000295 complement effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000012152 algorithmic method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000032696 parturition Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of by method of the id password algorithm generation with life cycle key, public and private key pair is generated using id password algorithm, key pair is synthesized in hardware security carrier, the master of key pair is identified as EM equipment module ID;When user has coded communication demand, hardware security carrier is inserted on EM equipment module, calls one on EM equipment module the APP of the personal voucher of generation can be used for sign and issue personal voucher, is stored in EM equipment module;Personal voucher is issued caller by the callee of coded communication, the signature of individual's voucher that caller verification receives, and whether the ID for obtaining the EM equipment module ID of other side by other means and comparing in the personal voucher received is consistent, after being verified, caller p, a parameter is used in individual's voucher with caller to need the data of coded communication together with generate communication key.While reduction as possible the invention enables the safe coefficient of user key, facilitate the natural use habit of user.
Description
Technical field
The present invention relates to a kind of key generation methods, belong to networking or topologic network(Carrier recognition in chain containing block)It protects
Close field of communication technology.
Background technology
In secret communication, the granting and preservation of key are most important.By for many years it was verified that in the form of soft key
The key of storage, security level seal the mode of key up for safekeeping compared with hardware compared to lower in safety chip.But what hardware used
It seals the mode of key up for safekeeping in safety chip, needs to be ensured combined with mobile terminal with hardware at any time in each communication process,
Safety chip is solidificated in the circuit of mobile terminal by plug back and forth, affects the convenience that user uses.
Invention content
It is not reduced in order to ensure the security level of key, and solves the property easy to use of user, the present invention overcomes existing skill
The defects of art, provides a kind of key generation method with certain life cycle so that the safe coefficient of user key is as possible
While reduction, facilitate the natural use habit of user.
In order to solve the above technical problems, the technical solution adopted by the present invention is as follows:
A kind of method by the generation of id password algorithm with life cycle key, it is characterized in that, using id password algorithm
Public and private key pair is generated, key pair is synthesized in hardware security carrier, key pair is known including principal mark, and master is identified as EM equipment module
ID;
When user has coded communication demand, hardware security carrier is inserted on EM equipment module, one on calling EM equipment module can
APP for generating personal voucher signs and issues personal voucher, is stored in EM equipment module;
Personal voucher is issued caller by the callee of coded communication, and caller verifies the signature of individual's voucher received, and
Whether the ID for obtaining the EM equipment module ID of other side by other means and comparing in the personal voucher received is consistent, is verified
Afterwards, caller needs to add using shared parameter p, a and caller according to the graceful algorithm generation of diffie-hellman in individual's voucher
The data of close communication generate communication key together.
EM equipment module ID using phone number, chip serial number or other can represent the serial number of module uniqueness.
Cipher key pair further includes auxiliary mark.
Auxiliary mark includes key term of validity data.
The individual certificate properties include:
Principal mark is known | | auxiliary mark of signing | | p | | a | | the time | | signature is as a result, wherein p, a are according to the graceful algorithm life of diffie-hellman
Into shared parameter.
Result of signing is the signature of key pair private key.
The time that APP signs and issues personal voucher is a preset time, signs one when expiring again or is signed temporarily in called
Hair.
The advantageous effect that the present invention is reached:
The present invention provides a kind of key generation method with certain life cycle, soft based on hardware security chip keys
Supplemented by key, the complementary key generation of hard, soft key and guard method are formed so that the safe coefficient of user key is as possible
While reduction, facilitate the natural use habit of user.
Description of the drawings
Fig. 1 is the algorithm principle figure of one of principle based on the present invention.
Specific embodiment
The invention will be further described below in conjunction with the accompanying drawings.Following embodiment is only used for clearly illustrating the present invention
Technical solution, and be not intended to limit the protection scope of the present invention and limit the scope of the invention.
This programme is using one of the basic algorithm application idea of the graceful algorithm thinking of diffie-hellman as this method.In addition,
It can also be used in voucher plus auxiliary mark is encrypted, main and auxiliary mark taken out from voucher and calculates other side's encrypted public key, with encryption
As soon as public key encryption session key is unlocked with encryption key to other side, other side and obtains session key, controllable coded communication is realized.
I.e.:One information is exchanged by common signal channel, it is possible to create one and can be used for the shared of secure communication on the common channels
Key.
Diffie-hellman is graceful(Diffie-Hellman)Diffie-Hellman principle flow chart is as shown in Figure 1, Diffie-
The validity of Hellman Diffie-Hellman is dependent on the difficulty for calculating discrete logarithm.The algorithm description is as follows:
1st, parameter disclosed in the overall situation there are two, a prime number p and integer an a, a are a primitive roots of p.
2nd, assume that user A and B wish to exchange a key, user A selects a random number XA as private cipher key<P,
And calculate public-key cryptography YA=a^XA mod p.User A enables YA to disclose acquisition by B the value secrecy storage of XA.Similarly,
User B selects a privately owned random number XB<P, and calculate public-key cryptography YB=a^XB mod p.User B deposits the value secrecy of XB
It puts and YB is enable to disclose acquisition by A.
3rd, the calculation that user A generates shared private key is K=(YB) ^XA mod p.Equally, user B is generated altogether
The calculating for enjoying privacy key is K=(YA) ^XB mod p.The two, which are calculated, generates identical result.
Application process for the algorithm is:Start safety communication, communicating pair both ends must obtain identical first
Shared key(Master key), but shared key cannot mutually be sent by network, because this way is easily divulged a secret.Communicating pair
" material datas " that some are prepared for generating key by open or semi-over exchange, in exchanged generation key each other "
After material data ", communicating pair both ends can respectively generate duplicate shared key.At any time, communicating pair
All never exchange real key.
The key generation " material data " that communicating pair exchanges, length etc., " material data " length is longer, is generated
Key strength is also higher, and key attack is more difficult.
According to the graceful algorithm principle of diffie-hellman, with reference to the algorithmic characteristic principle of id password, the present invention, which devises, to be directed to
The encryption key generation method of EM equipment module communication so that by the application of this method, can generate raw with certain safety
Order the shared key in period.User is inserted into hardware security carrier without the moment when in use and is connected in real time, significantly facilitates use
The use at family, while ensure the safety of key.This method is suitable for mobile data communication(Voice, data, fax etc.).
But in modern practical application, this single algorithmic method still has safe drawback, and the present invention designs thus
Based on hardware security chip keys, supplemented by soft key, the soft key of certain safety lifecycle is formulated, forms hard, soft key
Complementary key generation and guard method.
The present invention generates the public and private key pair based on id password algorithm using id password algorithm, according to national commercial close
Code management related specifications are synthesized to key pair in hardware security carrier(Assuming that hardware security carrier is defined as CKey, and both sides
It is all each that there are one CKey), the master of key pair is identified as EM equipment module ID(Such as phone number), auxiliary mark includes key term of validity etc.
Data.When party A-subscriber has coded communication demand, CKey is inserted on EM equipment module, calls one on EM equipment module to can be used for giving birth to
Special APP into personal voucher signs and issues the personal voucher of a party A-subscriber, is stored in spare in EM equipment module.
The personal certificate properties of the party A-subscriber include:
Principal mark is known(EM equipment module ID)| | auxiliary mark of signing | | p | | a | | the time | | signature result(The signature of key pair private key),
Middle p, a are the shared parameters according to the graceful algorithm generation of diffie-hellman.When the caller of coded communication requires coded communication, add
Personal voucher is issued caller by the callee of close communication, and caller verifies the key pair private key in the individual's voucher received
Signature, and pass through authentication center's server(Such as the RA of digital certificate authentication center, i.e. certificate registration approval system)Or certainly
The modes such as EM equipment module ID of preset other side in body equipment obtain the EM equipment module ID of other side and compare in the personal voucher received
ID it is whether consistent, after being verified, caller uses p, a parameter and caller in the individual voucher to need the number of coded communication
According to generating communication key together.After communication key is obtained, the communication of both sides is proceeded by and is added i.e. by the way of symmetric cryptography
Close communication.
In the above method, using signature voucher, and the device id in voucher is compared, can prevent go-between from palming off what ID was carried out
Attack, ensure that safety.
Signing and issuing the personal voucher time can be set within a few houres, expire and sign one again;Or it can also face in called
When sign and issue.
Party B-subscriber after receiving the data, verifies the personal voucher of party A-subscriber that the method for verification is exactly using non-right
Algorithm is claimed to be verified, corresponding China's national secret algorithm is exactly SM2 or SM9 algorithms.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformation can also be made, these are improved and deformation
Also it should be regarded as protection scope of the present invention.
Claims (7)
1. it is a kind of by method of the id password algorithm generation with life cycle key, it is characterized in that, it is calculated using id password
Method generates public and private key pair, and key pair is synthesized in hardware security carrier, and key pair is known including principal mark, and master is identified as equipment mould
Block ID;
When user has coded communication demand, hardware security carrier is inserted on EM equipment module, one on calling EM equipment module can
APP for generating personal voucher signs and issues personal voucher, is stored in EM equipment module;
Personal voucher is issued caller by the callee of coded communication, and caller verifies the signature of individual's voucher received, and
Whether the ID for obtaining the EM equipment module ID of other side by other means and comparing in the personal voucher received is consistent, is verified
Afterwards, caller needs to add using shared parameter p, a and caller according to the graceful algorithm generation of diffie-hellman in individual's voucher
The data of close communication generate communication key together.
2. it is according to claim 1 by method of the id password algorithm generation with life cycle key, it is characterized in that,
EM equipment module ID using phone number, chip serial number or other represent the serial number of module uniqueness.
3. it is according to claim 1 by method of the id password algorithm generation with life cycle key, it is characterized in that,
Cipher key pair further includes auxiliary mark.
4. it is according to claim 3 by method of the id password algorithm generation with life cycle key, it is characterized in that,
Auxiliary mark includes key term of validity data.
5. it is according to claim 1 by method of the id password algorithm generation with life cycle key, it is characterized in that,
The individual certificate properties include:
Principal mark is known | | auxiliary mark of signing | | p | | a | | the time | | signature is as a result, wherein p, a are according to the graceful algorithm life of diffie-hellman
Into shared parameter.
6. it is according to claim 5 by method of the id password algorithm generation with life cycle key, it is characterized in that,
Result of signing is the signature of key pair private key.
7. it is according to claim 1 by method of the id password algorithm generation with life cycle key, it is characterized in that,
The time that APP signs and issues personal voucher is a preset time, signs one when expiring again or is signed and issued temporarily in called.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810202956.8A CN108173653A (en) | 2018-03-13 | 2018-03-13 | Pass through method of the id password algorithm generation with life cycle key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810202956.8A CN108173653A (en) | 2018-03-13 | 2018-03-13 | Pass through method of the id password algorithm generation with life cycle key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108173653A true CN108173653A (en) | 2018-06-15 |
Family
ID=62511090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810202956.8A Pending CN108173653A (en) | 2018-03-13 | 2018-03-13 | Pass through method of the id password algorithm generation with life cycle key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108173653A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110232764A (en) * | 2019-05-16 | 2019-09-13 | 暨南大学 | Anonymous Electronic Voting method and system based on block chain |
| CN113286293A (en) * | 2021-06-18 | 2021-08-20 | 中易通科技股份有限公司 | Safe conversation method, device and system based on safe password key |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1689269A (en) * | 2002-09-26 | 2005-10-26 | 国际商业机器公司 | System and method for guaranteeing software integrity |
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| CN102164034A (en) * | 2010-02-19 | 2011-08-24 | 爱迪德有限责任公司 | Device and method for establishing secure trust key |
| CN103825741A (en) * | 2014-01-24 | 2014-05-28 | 安徽云盾信息技术有限公司 | Solving method of injecting signed certificate in encryption equipment production process |
-
2018
- 2018-03-13 CN CN201810202956.8A patent/CN108173653A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1689269A (en) * | 2002-09-26 | 2005-10-26 | 国际商业机器公司 | System and method for guaranteeing software integrity |
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| CN102164034A (en) * | 2010-02-19 | 2011-08-24 | 爱迪德有限责任公司 | Device and method for establishing secure trust key |
| CN103825741A (en) * | 2014-01-24 | 2014-05-28 | 安徽云盾信息技术有限公司 | Solving method of injecting signed certificate in encryption equipment production process |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110232764A (en) * | 2019-05-16 | 2019-09-13 | 暨南大学 | Anonymous Electronic Voting method and system based on block chain |
| CN110232764B (en) * | 2019-05-16 | 2021-09-21 | 暨南大学 | Anonymous electronic voting method and system based on block chain |
| CN113286293A (en) * | 2021-06-18 | 2021-08-20 | 中易通科技股份有限公司 | Safe conversation method, device and system based on safe password key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525386B (en) | A Method of Private Intersection Sum Based on Paillier Homomorphic Encryption | |
| CN109309569B (en) | SM2 algorithm-based collaborative signature method and device and storage medium | |
| US7716482B2 (en) | Conference session key distribution method in an ID-based cryptographic system | |
| CN108199835B (en) | Multi-party combined private key decryption method | |
| CN104486077B (en) | A kind of end-to-end cryptographic key negotiation method of VoIP real time datas safe transmission | |
| US5222140A (en) | Cryptographic method for key agreement and user authentication | |
| CN104270249B (en) | It is a kind of from the label decryption method without certificate environment to identity-based environment | |
| US7899184B2 (en) | Ends-messaging protocol that recovers and has backward security | |
| US20060143457A1 (en) | Authenticated ID-based cryptosystem with no key escrow | |
| CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
| CN107612934A (en) | A kind of block chain mobile terminal computing system and method based on Secret splitting | |
| Peng et al. | Covert communication over VoIP streaming media with dynamic key distribution and authentication | |
| Wang et al. | An improved identity-based key agreement protocol and its security proof | |
| CN111010276A (en) | A multi-party joint SM9 key generation, ciphertext decryption method and medium | |
| CN115442050A (en) | Privacy protection federal learning method based on SM9 algorithm | |
| CN110086630B (en) | A Generating Method of Digital Signature Based on Edwards Curve | |
| Hsu et al. | Group anonymous D2D communication with end-to-end security in LTE-A | |
| CN118784337A (en) | Data security transmission method and system based on autonomous security interaction protocol | |
| CN103179514A (en) | Cell phone safe group-sending method and device for sensitive message | |
| CN110855425A (en) | Lightweight multiparty cooperative SM9 key generation and ciphertext decryption method and medium | |
| CN111526131B (en) | Anti-quantum-computation electronic official document transmission method and system based on secret sharing and quantum communication service station | |
| CN108173653A (en) | Pass through method of the id password algorithm generation with life cycle key | |
| CN114189338A (en) | SM9 secret key safety distribution and management system and method based on homomorphic encryption technology | |
| JP5125682B2 (en) | Key sharing system | |
| CN111669275A (en) | A Master-Slave Collaborative Signature Method with Selectable Slave Nodes in Wireless Network Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180615 |