[go: up one dir, main page]

CN110048843B - Session key transmission method, device and computer readable storage medium - Google Patents

Session key transmission method, device and computer readable storage medium Download PDF

Info

Publication number
CN110048843B
CN110048843B CN201910466910.1A CN201910466910A CN110048843B CN 110048843 B CN110048843 B CN 110048843B CN 201910466910 A CN201910466910 A CN 201910466910A CN 110048843 B CN110048843 B CN 110048843B
Authority
CN
China
Prior art keywords
node
isp
information
isp node
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910466910.1A
Other languages
Chinese (zh)
Other versions
CN110048843A (en
Inventor
路成业
王凌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iallchain Co Ltd
Original Assignee
Iallchain Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iallchain Co Ltd filed Critical Iallchain Co Ltd
Priority to CN201910466910.1A priority Critical patent/CN110048843B/en
Publication of CN110048843A publication Critical patent/CN110048843A/en
Application granted granted Critical
Publication of CN110048843B publication Critical patent/CN110048843B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a session key transmission method, session key transmission equipment and a computer-readable storage medium. In the embodiment of the present invention, when the user node generates the session key required for the communication between the user node and the first ISP node, the user node encrypts the session key by using the public key of the first ISP node, and sends the encrypted session key to the first ISP node, so that the first ISP node can obtain the session key, and thus the user node and the first ISP node have the same session key, and other nodes except the user node and the first ISP node cannot obtain the session key, thereby improving the security of the communication between the user node and the first ISP node.

Description

Session key transmission method, device and computer readable storage medium
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a session key transmission method, a device, and a computer-readable storage medium.
Background
With the development of the intelligent terminal, a user can install various different Application programs (APPs) on the intelligent terminal, and the different APPs can provide different services for the user.
However, when a user installs an APP on an intelligent terminal, the user needs to register on an Internet Service Provider (ISP) server corresponding to the APP, and since Internet Service providers of different APPs are different, the user needs to register on different ISP servers. With the increasing number of APPs installed on the intelligent terminal by the user, if the user names and passwords registered on different ISP servers by the user are the same, the user names and passwords are easily leaked. If the user names and passwords registered by the user on different ISP servers are different, the user names and passwords corresponding to the APPs are difficult to remember by the user. In order to solve the problem, the prior art proposes to construct a federation block chain by using a large ISP node, for example, Facebook, twitter, wechat, pay pal, or the like, and after a user registers a user name and a password in a certain large ISP node, the large ISP node can provide query service of the user name and the password for other ISP nodes in the federation block chain, for example, a small ISP node.
In the prior art, when a user node and a small ISP node communicate with each other, a session key needs to be provided between the user node and the small ISP node, and if the user node is an online node in a blockchain network, after the user node generates the session key, the user node may query a public key of the small ISP node from a blockchain account book of the blockchain network, encrypt the session key by using the public key, and send the encrypted session key to the small ISP node, so that only the user node and the small ISP node possess the session key. However, if the user node does not have the capability of accessing the block chain, that is, the user node is not an online node in the block chain network, the user node cannot acquire the public key of the small ISP node, so that the secure transmission of the session key cannot be ensured. If the public key of the small ISP node is actively provided to the user node by the small ISP node, the public key may be tampered with by a malicious intermediate node, so that the security of communication between the small ISP node and the user node is low.
Disclosure of Invention
Embodiments of the present invention provide a session key transmission method, a device, and a computer-readable storage medium, so as to improve security of communication between the user node and the first ISP node.
In a first aspect, an embodiment of the present invention provides a session key transmission method, including:
a first Internet Service Provider (ISP) node receives a login request sent by a user node, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
the first ISP node sends the identification information of the user node and the public key of the first ISP node to a second ISP node in a block chain network, and the user node is registered in the second ISP node;
the first ISP node receives first information sent by the second ISP node, wherein the first information is obtained by the second ISP node encrypting a public key of the first ISP node by adopting a shared key between the second ISP node and the user node to obtain first encrypted information and signing the first encrypted information by adopting a private key of the second ISP node;
the first ISP node verifies the private key signature of the second ISP node in the first information according to the public key of the second ISP node;
after the first ISP node verifies the private key signature of the second ISP node, sending the first encrypted information to the user node in a short message mode or a point-to-point P2P mode of an IP address;
the first ISP node receives second information sent by the user node, wherein the second information is obtained by encrypting a session key generated by the user node by adopting a public key of the first ISP node;
and the first ISP node acquires the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
In a second aspect, an embodiment of the present invention provides a session key transmission method, including:
a second ISP node receives identification information of a user node and a public key of the first ISP node, wherein the identification information of the user node and the public key of the first ISP node are sent by the first ISP node, and the user node is registered in the second ISP node;
the second ISP node determines a shared key between the second ISP node and the user node according to the identification information of the user node;
the second ISP node encrypts the public key of the first ISP node by adopting the shared key to obtain first encrypted information, and signs the first encrypted information by adopting the private key of the second ISP node to obtain first information;
and the second ISP node transmits the first information to the first ISP node.
In a third aspect, an embodiment of the present invention provides a session key transmission method, including:
a user node sends a login request to a first ISP node, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
the user node receives first encrypted information sent by the first ISP node in a short message mode or a point-to-point P2P mode of an IP address, wherein the first encrypted information is obtained by encrypting a public key of the first ISP node by using a shared key between a second ISP node and the user node, and the user node is registered in the second ISP node;
the user node decrypts the first encrypted information by adopting the shared key to obtain a public key of the first ISP node;
the user node generates a session key, and encrypts the session key by adopting the public key of the first ISP node to obtain second information;
and the user node sends the second information to the first ISP node so that the first ISP node acquires the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
In a fourth aspect, an embodiment of the present invention provides a first internet service provider ISP node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a login request sent by a user node through the communication interface, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
sending the identification information of the user node and the public key of the first ISP node to a second ISP node in a block chain network through the communication interface, wherein the user node is registered in the second ISP node;
receiving first information sent by the second ISP node through the communication interface, wherein the first information is obtained by encrypting a public key of the first ISP node by the second ISP node by using a shared key between the second ISP node and the user node to obtain first encrypted information and signing the first encrypted information by using a private key of the second ISP node;
verifying the private key signature of the second ISP node in the first information according to the public key of the second ISP node;
after the first ISP node verifies the private key signature of the second ISP node, the first encrypted information is sent to the user node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address;
receiving second information sent by the user node through the communication interface, wherein the second information is obtained by encrypting a session key generated by the user node by using a public key of the first ISP node;
and acquiring the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
In a fifth aspect, an embodiment of the present invention provides a second ISP node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving, through the communication interface, identification information of a user node and a public key of a first ISP node, where the user node is registered in the second ISP node, where the identification information is sent by the first ISP node;
determining a shared key between the second ISP node and the user node according to the identification information of the user node;
encrypting the public key of the first ISP node by adopting the shared key to obtain first encrypted information, and signing the first encrypted information by adopting the private key of the second ISP node to obtain first information;
and sending the first information to the first ISP node through the communication interface.
In a sixth aspect, an embodiment of the present invention provides a user node, including:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending a login request to a first ISP node through the communication interface, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
receiving first encryption information sent by the first ISP node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address, wherein the first encryption information is obtained by encrypting a public key of the first ISP node by using a shared key between a second ISP node and the user node, and the user node is registered in the second ISP node;
decrypting the first encrypted information by using the shared key to obtain a public key of the first ISP node;
generating a session key, and encrypting the session key by adopting the public key of the first ISP node to obtain second information;
and sending the second information to the first ISP node through the communication interface so that the first ISP node acquires the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
In a seventh aspect, an embodiment of the present invention provides a session key transmission system, where the system includes:
a first ISP node according to the fourth aspect, a second ISP node according to the fifth aspect and a user node according to the sixth aspect.
In an eighth aspect, the present invention provides a computer-readable storage medium, on which a computer program is stored, the computer program being executed by a processor to implement the methods in the first, second and third aspects.
The invention provides a session key transmission method, a device and a computer readable storage medium, a public key of a first ISP node and identification information of the user node are transmitted to a second ISP node registered by the user node through the first ISP node unregistered by the user node, enabling the second ISP node to determine a shared key between the second ISP node and the user node according to the identification information of the user node, and encrypting the public key of the first ISP node with the shared key to obtain first encrypted information, after the first ISP node acquires the first encryption information from the second ISP node, the first encryption information is sent to the user node in a short message mode or a point-to-point P2P mode of an IP address, and the user node can decrypt the first encrypted information according to the shared secret key to obtain the public key of the first ISP node. When the user node generates a session key required for communication between the user node and the first ISP node, the user node encrypts the session key by using the public key of the first ISP node and sends the encrypted session key to the first ISP node, so that the first ISP node can acquire the session key, and thus the user node and the first ISP node have the same session key, and other nodes except the user node and the first ISP node cannot acquire the session key, thereby improving the security of communication between the user node and the first ISP node.
Drawings
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present invention;
fig. 2 is a flowchart of a session key transmission method according to an embodiment of the present invention;
fig. 3 is a flowchart of a session key transmission method according to another embodiment of the present invention;
fig. 4 is a flowchart of a session key transmission method according to another embodiment of the present invention;
fig. 5 is a flowchart of a session key transmission method according to another embodiment of the present invention;
fig. 6 is a schematic structural diagram of a first internet service provider ISP node according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a second ISP node according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a user node according to an embodiment of the present invention.
With the foregoing drawings in mind, certain embodiments of the disclosure have been shown and described in more detail below. These drawings and written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the concepts of the disclosure to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The session key transmission method provided by the embodiment of the invention can be applied to the communication system shown in fig. 1. As shown in fig. 1, the communication system includes: an internet service provider node 1-an internet service provider node 5, and a user node, wherein the internet service provider node 1 may be a small ISP node, and the internet service provider node 2-the internet service provider node 5 may be a large ISP node, e.g. a node of an internet service provider such as Facebook, twitter, wechat, payroll, etc. The user node may specifically be a user terminal device. Large ISP nodes such as internet service provider node 2-internet service provider node 5 may construct a federation blockchain. Optionally, each of the internet service provider node 2-internet service provider node 5 is accessed as a block chain service node in the federation block chain, and provides an identity authentication service for other ISP nodes or user nodes. Optionally, the creation block of the federation block chain stores information such as a block chain identifier, a public key, and an IP address of each of the internet service provider node 2 and the internet service provider node 5. The internet service provider node 2-internet service provider node 5 manages the federation blockchain as an established node of the federation blockchain. For example, the internet service provider node 2-internet service provider node 5 may decide whether to allow access to the federation blockchain for a certain ISP node, e.g., a certain small ISP node. For example, the internet service provider node 1 and the user node may be nodes that access the federation blockchain upon approval by the internet service provider node 2-the internet service provider node 5.
In this embodiment, it is assumed that the user node is registered at any one of the federation blockchain nodes of the internet service provider node 2-the internet service provider node 5, that is, the registration information of the user node is recorded at any one of the federation blockchain nodes of the internet service provider node 2-the internet service provider node 5, and is stored in the ledger of the federation blockchain. And the user node and the block chain alliance node have a shared key, namely the user node and the block chain alliance node communicate through the shared key. For example, the user node registers the user information with the internet service provider node 2, and the user node and the internet service provider node 2 have a shared key therebetween. The user node is not registered with a small ISP node, such as internet service provider node 1.
The session key transmission method provided by the embodiment of the invention aims to solve the technical problems in the prior art.
The following describes the technical solutions of the present invention and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present invention will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a session key transmission method according to an embodiment of the present invention. The embodiment of the invention provides a session key transmission method aiming at the technical problems in the prior art, and the method comprises the following specific steps:
step 201, a first internet service provider ISP node receives a login request sent by a user node, where the login request includes identification information of the user node, and the user node is not registered in the first ISP node.
In this embodiment, the first internet service provider ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. When the user node needs to log in to the small ISP node, the user node may send a login request to the small ISP node, the login request including identification information of the user node. Correspondingly, the small ISP node receives a login request sent by the user node, and acquires the identification information of the user node from the login request.
Step 202, the first ISP node sends the identification information of the user node and the public key of the first ISP node to a second ISP node in a block chain network, where the user node is registered in the second ISP node.
The second ISP node in this embodiment may specifically be an internet service provider node 2 as shown in fig. 1. After the small ISP node obtains the identification information of the user node from the login request, the identification information of the user node and the public key of the small ISP node are broadcast to the blockchain network, where the blockchain network may specifically be a network including the federation blockchain nodes as described above. Correspondingly, all the federation block link points in the block chain network can receive the identification information of the user node and the public key of the small ISP node. In other embodiments, the small ISP node may also broadcast the identification information of the user node, its own blockchain identification, and its own public key into the blockchain network.
Step 203, the first ISP node receives first information sent by the second ISP node, where the first information is obtained by the second ISP node encrypting the public key of the first ISP node by using the shared key between the second ISP node and the user node to obtain first encrypted information, and signing the first encrypted information by using the private key of the second ISP node.
After the internet service provider node 2 in the block chain network receives the identification information of the user node and the public key of the small ISP node, first, a shared key between the internet service provider node 2 and the user node is determined according to the identification information of the user node, further, the public key of the small ISP node is encrypted by using the shared key and according to a first encryption algorithm agreed in advance to obtain first encryption information, further, the internet service provider node 2 uses a private key of itself to sign the first encryption information by using a private key to obtain first information, and the first information is broadcasted to the block chain network in a broadcasting manner, so that the small ISP node in the block chain network can receive the first information.
And step 204, the first ISP node verifies the private key signature of the second ISP node in the first information according to the public key of the second ISP node.
After receiving the first information, the small ISP node first queries a blockchain ledger corresponding to the blockchain network, queries and acquires the public key of the internet service provider node 2 from the blockchain ledger, and verifies the private key signature of the internet service provider node 2 in the first information by using the public key of the internet service provider node 2.
Step 205, after the first ISP node verifies the private key signature of the second ISP node, sending the first encrypted information to the user node in a short message manner or in a point-to-point P2P manner of an IP address.
If the small ISP node verifies the private key signature of the internet service provider node 2 in the first information, the small ISP node sends the first encrypted information to the user node, where the first encrypted information is the information obtained by encrypting the public key of the small ISP node by using the shared key between the internet service provider node 2 and the user node as described above.
Specifically, since the user node may be an intelligent terminal, the intelligent terminal is not suitable for being used as an online node in the blockchain network due to power consumption, that is, the intelligent terminal is in an offline state in the blockchain network. At this point, the user node and the small ISP node need to be in single line contact, for example, the user node and the small ISP node may communicate via short message over mobile switching network or Peer-to-Peer (P2P) over IP addresses. Therefore, the small ISP node can send the first encrypted information to the user node in a short message mode or a point-to-point P2P mode of an IP address.
Step 206, the first ISP node receives second information sent by the user node, where the second information is obtained by the user node encrypting a session key generated by the user node by using the public key of the first ISP node.
After the user node receives the first encrypted information, the first encrypted information is decrypted according to the decryption algorithm corresponding to the pre-agreed first encryption algorithm and the shared key between the user node and the internet service provider node 2, so as to obtain the public key of the small ISP node. Further, the user node may generate a session key required for communication between the user node and the small ISP node, encrypt the session key using the public key of the small ISP node according to a second encryption algorithm agreed in advance to obtain second information, and send the second information to the small ISP node, and specifically, the user node may send the second information to the small ISP node in a short message manner or in a peer-to-peer P2P manner of an IP address. Correspondingly, the small ISP node receives the second information in a short message mode or a point-to-point P2P mode of an IP address.
It will be appreciated that the second encryption algorithm for encrypting the session key using the public key of the small ISP node may be the same as or different from the first encryption algorithm for encrypting the public key of the small ISP node using the shared key between the internet service provider node 2 and the user node as described above.
And step 207, the first ISP node obtains the session key according to the second information, where the session key is used for the communication between the first ISP node and the user node.
And when the small ISP node receives the second information, acquiring a session key from the second information, and carrying out subsequent communication between the small ISP node and the user node by using the session key.
Optionally, the first ISP node obtains the session key according to the second information, including; and the first ISP node decrypts the second information by adopting a private key of the first ISP node to obtain the session key.
For example, when the small ISP node receives the second information, the second information is decrypted by using the private key of the small ISP node according to a decryption algorithm corresponding to a second encryption algorithm that is agreed in advance, so as to obtain the session key. So that the user node and the small ISP node will have the same session key.
In the embodiment of the invention, the public key of the first ISP node and the identification information of the user node are sent to the second ISP node registered by the user node through the first ISP node unregistered by the user node, so that the second ISP node determines the shared key between the second ISP node and the user node according to the identification information of the user node, the public key of the first ISP node is encrypted by adopting the shared key to obtain first encryption information, and after the first ISP node obtains the first encryption information from the second ISP node, the first encryption information is sent to the user node through a short message mode or a point-to-point P2P mode of an IP address, so that the user node can decrypt the first encryption information according to the shared key to obtain the public key of the first ISP node. When the user node generates a session key required for communication between the user node and the first ISP node, the user node encrypts the session key by using the public key of the first ISP node and sends the encrypted session key to the first ISP node, so that the first ISP node can acquire the session key, and thus the user node and the first ISP node have the same session key, and other nodes except the user node and the first ISP node cannot acquire the session key, thereby improving the security of communication between the user node and the first ISP node.
On the basis of the foregoing embodiment, the sending, by the first ISP node, the identification information of the user node and the public key of the first ISP node to the second ISP node in the block chain network includes the following steps as shown in fig. 3:
step 301, the first ISP node queries and acquires the public key of the second ISP node from the block chain account book corresponding to the block chain network.
For example, when the mini ISP node receives a login request sent by the user node and acquires the identification information of the user node from the login request, the mini ISP node may query a blockchain ledger corresponding to the blockchain network and query and acquire the public key of the internet service provider node 2 from the blockchain ledger.
Step 302, the first ISP node encrypts the identification information of the user node and the public key of the first ISP node by using the public key of the second ISP node to obtain second encrypted information.
The small ISP node encrypts the identification information of the user node and the public key of the small ISP node itself by using the public key of the internet service provider node 2 to obtain second encrypted information.
Step 303, the first ISP node signs the second encrypted information by using the private key of the first ISP node to obtain signed information.
The small ISP node signs the second encrypted information by adopting the private key of the small ISP node to obtain the signature information.
Step 304, the first ISP node sends the signature information to the second ISP node.
The small ISP node broadcasts the signature information into the blockchain network so that the signature information can be received by the internet service provider node 2 in the blockchain network.
Correspondingly, after the internet service provider node 2 receives the signature information, firstly, the public key of the small ISP node is queried in the block chain book according to the block chain identifier of the small ISP node. And verifying the private key signature of the small ISP node in the signature information according to the public key of the small ISP node, and if the signature passes the verification, the internet service provider node 2 acquires the second encrypted information, and decrypts the second encrypted information according to the private key of the internet service provider node 2 to obtain the identification information of the user node and the public key of the small ISP node.
Fig. 4 is a flowchart of a session key transmission method according to another embodiment of the present invention. The session key transmission method provided by this embodiment specifically includes the following steps:
step 401, a second ISP node receives identification information of a user node and a public key of a first ISP node, which are sent by the first ISP node, and the user node is registered in the second ISP node.
In this embodiment, the first internet service provider ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. When the user node needs to log in to the small ISP node, the user node may send a login request to the small ISP node, the login request including identification information of the user node. Correspondingly, the small ISP node receives a login request sent by the user node, and acquires the identification information of the user node from the login request.
The second ISP node in this embodiment may specifically be an internet service provider node 2 as shown in fig. 1. After the small ISP node obtains the identification information of the user node from the login request, the identification information of the user node and the public key of the small ISP node are broadcast to the blockchain network, where the blockchain network may specifically be a network including the federation blockchain nodes as described above. Correspondingly, all the federation block link points in the block chain network can receive the identification information of the user node and the public key of the small ISP node. In other embodiments, the small ISP node may also broadcast the identification information of the user node, its own blockchain identification, and its own public key into the blockchain network. Accordingly, the internet service provider node 2 receives the identification information of the user node and the public key of the small ISP node.
Step 402, the second ISP node determines a shared key between the second ISP node and the user node according to the identification information of the user node.
After the internet service provider node 2 in the block chain network receives the identification information of the user node and the public key of the small ISP node, a shared key between the internet service provider node 2 and the user node is determined according to the identification information of the user node.
And step 403, the second ISP node encrypts the public key of the first ISP node by using the shared key to obtain first encrypted information, and signs the first encrypted information by using the private key of the second ISP node to obtain first information.
The internet service provider node 2 further encrypts the public key of the small ISP node by using the shared key according to a predetermined first encryption algorithm to obtain first encrypted information, and further, the internet service provider node 2 uses its own private key to sign the first encrypted information by using its own private key to obtain the first information.
Step 404, the second ISP node sends the first information to the first ISP node.
The internet service provider node 2 broadcasts the first information into the blockchain network by means of broadcasting so that the small ISP node in the blockchain network can receive the first information.
In the embodiment of the invention, the public key of the first ISP node and the identification information of the user node are sent to the second ISP node registered by the user node through the first ISP node unregistered by the user node, so that the second ISP node determines the shared key between the second ISP node and the user node according to the identification information of the user node, the public key of the first ISP node is encrypted by adopting the shared key to obtain first encryption information, and after the first ISP node obtains the first encryption information from the second ISP node, the first encryption information is sent to the user node through a short message mode or a point-to-point P2P mode of an IP address, so that the user node can decrypt the first encryption information according to the shared key to obtain the public key of the first ISP node. When the user node generates a session key required for communication between the user node and the first ISP node, the user node encrypts the session key by using the public key of the first ISP node and sends the encrypted session key to the first ISP node, so that the first ISP node can acquire the session key, and thus the user node and the first ISP node have the same session key, and other nodes except the user node and the first ISP node cannot acquire the session key, thereby improving the security of communication between the user node and the first ISP node.
Fig. 5 is a flowchart of a session key transmission method according to another embodiment of the present invention. The session key transmission method provided by this embodiment specifically includes the following steps:
step 501, a user node sends a login request to a first ISP node, where the login request includes identification information of the user node, and the user node is not registered in the first ISP node.
In this embodiment, the first internet service provider ISP node may specifically be an internet service provider node 1 as shown in fig. 1, where the internet service provider node 1 is a small ISP node, and the user node does not register user information with the small ISP node. When the user node needs to log in to the small ISP node, the user node may send a login request to the small ISP node, the login request including identification information of the user node. Correspondingly, the small ISP node receives a login request sent by the user node, and acquires the identification information of the user node from the login request.
Step 502, the user node receives first encrypted information sent by the first ISP node in a short message manner or in a point-to-point P2P manner of an IP address, where the first encrypted information is obtained by encrypting a public key of the first ISP node using a shared key between a second ISP node and the user node, and the user node is registered in the second ISP node.
Through steps 202 to 204 described in the foregoing embodiment, the small ISP node may obtain the first encrypted information, where the first encrypted information is obtained by encrypting the public key of the small ISP node by using the shared key between the internet service provider node 2 and the user node as described above. Specifically, since the user node may be an intelligent terminal, the intelligent terminal is not suitable for being used as an online node in the blockchain network due to power consumption, that is, the intelligent terminal is in an offline state in the blockchain network. At this point, the user node and the small ISP node need to be in single line contact, for example, the user node and the small ISP node may communicate via short message over mobile switching network or P2P for IP address. Therefore, the small ISP node can send the first encrypted information to the user node in a short message mode or a point-to-point P2P mode of an IP address. Correspondingly, the user node receives the first encrypted information sent by the small ISP node in a short message mode or a point-to-point P2P mode of an IP address.
Step 503, the user node decrypts the first encrypted information by using the shared key to obtain the public key of the first ISP node.
After the user node receives the first encrypted information, the first encrypted information is decrypted according to the decryption algorithm corresponding to the pre-agreed first encryption algorithm and the shared key between the user node and the internet service provider node 2, so as to obtain the public key of the small ISP node.
Step 504, the user node generates a session key, and encrypts the session key with the public key of the first ISP node to obtain second information.
The user node may generate a session key required for communication between the user node and the small ISP node, and encrypt the session key using the public key of the small ISP node according to a second encryption algorithm agreed in advance to obtain second information.
Step 505, the user node sends the second information to the first ISP node, so that the first ISP node obtains the session key according to the second information, where the session key is used for the communication between the first ISP node and the user node.
The user node sends the second information to the small ISP node, and specifically, the user node may send the second information to the small ISP node in a short message manner or in a peer-to-peer P2P manner of an IP address. Correspondingly, the small ISP node receives the second information in a short message mode or a point-to-point P2P mode of an IP address. And when the small ISP node receives the second information, decrypting the second information by adopting a private key of the small ISP node according to a decryption algorithm corresponding to a predetermined second encryption algorithm to obtain the session key. So that the user node and the small ISP node will have the same session key.
In the embodiment of the invention, the public key of the first ISP node and the identification information of the user node are sent to the second ISP node registered by the user node through the first ISP node unregistered by the user node, so that the second ISP node determines the shared key between the second ISP node and the user node according to the identification information of the user node, the public key of the first ISP node is encrypted by adopting the shared key to obtain first encryption information, and after the first ISP node obtains the first encryption information from the second ISP node, the first encryption information is sent to the user node through a short message mode or a point-to-point P2P mode of an IP address, so that the user node can decrypt the first encryption information according to the shared key to obtain the public key of the first ISP node. When the user node generates a session key required for communication between the user node and the first ISP node, the user node encrypts the session key by using the public key of the first ISP node and sends the encrypted session key to the first ISP node, so that the first ISP node can acquire the session key, and thus the user node and the first ISP node have the same session key, and other nodes except the user node and the first ISP node cannot acquire the session key, thereby improving the security of communication between the user node and the first ISP node.
Fig. 6 is a schematic structural diagram of a first internet service provider ISP node according to an embodiment of the present invention. As shown in fig. 6, the first internet service provider ISP node 60 may execute the processing procedure provided in the embodiment of the session key transmission method, where: memory 61, processor 62, computer programs and communication interface 63; wherein the computer program is stored in the memory 61 and is configured to be executed by the processor 62 to: receiving a login request sent by a user node through a communication interface 63, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node; sending the identification information of the user node and the public key of the first ISP node to a second ISP node in the block chain network through a communication interface 63, wherein the user node is registered in the second ISP node; receiving first information sent by the second ISP node through a communication interface 63, where the first information is obtained by encrypting the public key of the first ISP node by the second ISP node using the shared key between the second ISP node and the user node to obtain first encrypted information, and signing the first encrypted information by using the private key of the second ISP node; verifying the private key signature of the second ISP node in the first information according to the public key of the second ISP node; after the first ISP node verifies the private key signature of the second ISP node, the first encrypted information is sent to the user node through a communication interface 63 in a short message mode or a point-to-point P2P mode of an IP address; receiving second information sent by the user node through a communication interface 63, where the second information is obtained by encrypting, by the user node, a session key generated by the user node by using a public key of the first ISP node; and acquiring the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
Optionally, when the processor 62 sends the identification information of the user node and the public key of the first ISP node to the second ISP node in the block link network through the communication interface 63, the following steps are specifically performed: inquiring and acquiring the public key of the second ISP node from a block chain account book corresponding to the block chain network; encrypting the identification information of the user node and the public key of the first ISP node by adopting the public key of the second ISP node to obtain second encryption information; signing the second encrypted information by using a private key of the first ISP node to obtain signed information; the signature information is sent to the second ISP node via communication interface 63.
Optionally, when the processor 62 acquires the session key according to the second information, the processor is specifically configured to: and decrypting the second information by adopting the private key of the first ISP node to obtain the session key.
The first internet service provider ISP node of the embodiment shown in fig. 6 may be configured to execute the technical solution of the above method embodiment, and the implementation principle and the technical effect are similar, and are not described herein again.
Fig. 7 is a schematic structural diagram of a second ISP node according to an embodiment of the present invention. As shown in fig. 7, the second ISP node 70 may execute the processing procedure provided in the session key transmission method embodiment, where: memory 71, processor 72, computer programs and communication interface 73; wherein the computer program is stored in the memory 71 and is configured to be executed by the processor 72 for: receiving, through communication interface 73, identification information of a user node and a public key of a first ISP node, where the user node is registered in the second ISP node, where the identification information is sent by the first ISP node; determining a shared key between the second ISP node and the user node according to the identification information of the user node; encrypting the public key of the first ISP node by adopting the shared key to obtain first encrypted information, and signing the first encrypted information by adopting the private key of the second ISP node to obtain first information; the first information is transmitted to the first ISP node via communication interface 73.
The second ISP node in the embodiment shown in fig. 7 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a user node according to an embodiment of the present invention. The user node provided in the embodiment of the present invention may execute the processing flow provided in the embodiment of the session key transmission method, as shown in fig. 8, where the user node 80 includes: memory 81, processor 82, computer programs and communication interface 83; wherein the computer program is stored in the memory 81 and is configured to be executed by the processor 82 for: sending a login request to a first ISP node via communication interface 83, said login request including identification information of said user node, said user node not being registered with said first ISP node; receiving first encryption information sent by the first ISP node through a communication interface 83 in a short message manner or a point-to-point P2P manner of an IP address, where the first encryption information is obtained by encrypting a public key of the first ISP node with a shared key between a second ISP node and the user node, and the user node is registered in the second ISP node; decrypting the first encrypted information by using the shared key to obtain a public key of the first ISP node; generating a session key, and encrypting the session key by adopting the public key of the first ISP node to obtain second information; and sending the second information to the first ISP node through a communication interface 83, so that the first ISP node obtains the session key according to the second information, where the session key is used for the communication between the first ISP node and the user node.
The user node in the embodiment shown in fig. 8 may be configured to execute the technical solution of the method embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
In addition, an embodiment of the present invention further provides a session key transmission system, where the system includes: a first ISP node, a second ISP node and a user node as described above.
Furthermore, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the session key transmission method described in the foregoing embodiment.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (12)

1. A session key transmission method, comprising:
a first Internet Service Provider (ISP) node receives a login request sent by a user node, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
the first ISP node sends the identification information of the user node and the public key of the first ISP node to a second ISP node in a block chain network, and the user node is registered in the second ISP node;
the first ISP node receives first information sent by the second ISP node, wherein the first information is obtained by the second ISP node encrypting a public key of the first ISP node by adopting a shared key between the second ISP node and the user node to obtain first encrypted information and signing the first encrypted information by adopting a private key of the second ISP node;
the first ISP node verifies the private key signature of the second ISP node in the first information according to the public key of the second ISP node;
after the first ISP node verifies the private key signature of the second ISP node, sending the first encrypted information to the user node in a short message mode or a point-to-point P2P mode of an IP address;
the first ISP node receives second information sent by the user node, wherein the second information is obtained by encrypting a session key generated by the user node by adopting a public key of the first ISP node;
and the first ISP node acquires the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
2. The method of claim 1, wherein the first ISP node transmitting the identification information of the user node and the public key of the first ISP node to a second ISP node in a blockchain network comprises:
the first ISP node inquires and acquires a public key of the second ISP node from a block chain account book corresponding to the block chain network;
the first ISP node encrypts the identification information of the user node and the public key of the first ISP node by adopting the public key of the second ISP node to obtain second encrypted information;
the first ISP node signs the second encrypted information by adopting a private key of the first ISP node to obtain signature information;
and the first ISP node sends the signature information to the second ISP node.
3. The method according to claim 1 or 2, wherein the first ISP node obtains the session key according to the second information, including;
and the first ISP node decrypts the second information by adopting a private key of the first ISP node to obtain the session key.
4. A session key transmission method, comprising:
a second ISP node receives identification information of a user node and a public key of the first ISP node, wherein the identification information of the user node and the public key of the first ISP node are sent by the first ISP node, and the user node is registered in the second ISP node;
the second ISP node determines a shared key between the second ISP node and the user node according to the identification information of the user node;
the second ISP node encrypts the public key of the first ISP node by adopting the shared key to obtain first encrypted information, and signs the first encrypted information by adopting the private key of the second ISP node to obtain first information;
the second ISP node sends the first information to the first ISP node, the first ISP node is used for sending the first encrypted information to the user node in a short message mode or a point-to-point P2P mode of an IP address, and the user node is used for decrypting the first encrypted information according to the shared key to obtain a public key of the first ISP node; when the user node generates a session key required for the communication between the user node and the first ISP node, the user node is further configured to encrypt the session key by using the public key of the first ISP node, and send the encrypted session key to the first ISP node.
5. A session key transmission method, comprising:
a user node sends a login request to a first ISP node, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
the user node receives first encrypted information sent by the first ISP node in a short message mode or a point-to-point P2P mode of an IP address, wherein the first encrypted information is obtained by encrypting a public key of the first ISP node by using a shared key between a second ISP node and the user node, and the user node is registered in the second ISP node;
the user node decrypts the first encrypted information by adopting the shared key to obtain a public key of the first ISP node;
the user node generates a session key, and encrypts the session key by adopting the public key of the first ISP node to obtain second information;
and the user node sends the second information to the first ISP node so that the first ISP node acquires the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
6. A first internet service provider, ISP, node comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving a login request sent by a user node through the communication interface, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
sending the identification information of the user node and the public key of the first ISP node to a second ISP node in a block chain network through the communication interface, wherein the user node is registered in the second ISP node;
receiving first information sent by the second ISP node through the communication interface, wherein the first information is obtained by encrypting a public key of the first ISP node by the second ISP node by using a shared key between the second ISP node and the user node to obtain first encrypted information and signing the first encrypted information by using a private key of the second ISP node;
verifying the private key signature of the second ISP node in the first information according to the public key of the second ISP node;
after the first ISP node verifies the private key signature of the second ISP node, the first encrypted information is sent to the user node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address;
receiving second information sent by the user node through the communication interface, wherein the second information is obtained by encrypting a session key generated by the user node by using a public key of the first ISP node;
and acquiring the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
7. The ISP node of claim 6, wherein the processor, when sending the identification information of the user node and the public key of the first ISP node to a second ISP node in the blockchain network via the communication interface, is further configured to:
inquiring and acquiring the public key of the second ISP node from a block chain account book corresponding to the block chain network;
encrypting the identification information of the user node and the public key of the first ISP node by adopting the public key of the second ISP node to obtain second encryption information;
signing the second encrypted information by using a private key of the first ISP node to obtain signed information;
and sending the signature information to the second ISP node through the communication interface.
8. The ISP node of claim 6 or 7, wherein the processor, when obtaining the session key according to the second information, is specifically configured to:
and decrypting the second information by adopting the private key of the first ISP node to obtain the session key.
9. A second ISP node, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
receiving, through the communication interface, identification information of a user node and a public key of a first ISP node, where the user node is registered in the second ISP node, where the identification information is sent by the first ISP node;
determining a shared key between the second ISP node and the user node according to the identification information of the user node;
encrypting the public key of the first ISP node by adopting the shared key to obtain first encrypted information, and signing the first encrypted information by adopting the private key of the second ISP node to obtain first information;
sending the first information to the first ISP node through the communication interface, wherein the first ISP node is used for sending the first encrypted information to the user node through a short message mode or a point-to-point P2P mode of an IP address, and the user node is used for decrypting the first encrypted information according to the shared key to obtain a public key of the first ISP node; when the user node generates a session key required for the communication between the user node and the first ISP node, the user node is further configured to encrypt the session key by using the public key of the first ISP node, and send the encrypted session key to the first ISP node.
10. A user node, comprising:
a memory;
a processor;
a communication interface; and
a computer program;
wherein the computer program is stored in the memory and configured to be executed by the processor to:
sending a login request to a first ISP node through the communication interface, wherein the login request comprises identification information of the user node, and the user node is not registered in the first ISP node;
receiving first encryption information sent by the first ISP node through the communication interface in a short message mode or a point-to-point P2P mode of an IP address, wherein the first encryption information is obtained by encrypting a public key of the first ISP node by using a shared key between a second ISP node and the user node, and the user node is registered in the second ISP node;
decrypting the first encrypted information by using the shared key to obtain a public key of the first ISP node;
generating a session key, and encrypting the session key by adopting the public key of the first ISP node to obtain second information;
and sending the second information to the first ISP node through the communication interface so that the first ISP node acquires the session key according to the second information, wherein the session key is used for the communication between the first ISP node and the user node.
11. A session key transmission system, the system comprising:
the first ISP node of any one of claims 6 to 8, the second ISP node of claim 9, and the user node of claim 10.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5.
CN201910466910.1A 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium Active CN110048843B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910466910.1A CN110048843B (en) 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910466910.1A CN110048843B (en) 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN110048843A CN110048843A (en) 2019-07-23
CN110048843B true CN110048843B (en) 2021-09-10

Family

ID=67284239

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910466910.1A Active CN110048843B (en) 2019-05-30 2019-05-30 Session key transmission method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110048843B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143487A (en) * 2010-02-03 2011-08-03 中兴通讯股份有限公司 Negotiation method and negotiation system for end-to-end session key
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 An authentication method, client, relay device and server
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN109087100A (en) * 2018-08-02 2018-12-25 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015108410A1 (en) * 2014-01-15 2015-07-23 Xorkey B.V. Secure login without passwords
US10567168B2 (en) * 2017-11-16 2020-02-18 International Business Machines Corporation Blockchain transaction privacy enhancement through broadcast encryption

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143487A (en) * 2010-02-03 2011-08-03 中兴通讯股份有限公司 Negotiation method and negotiation system for end-to-end session key
CN105337740A (en) * 2014-07-31 2016-02-17 阿里巴巴集团控股有限公司 An authentication method, client, relay device and server
CN107809411A (en) * 2016-09-09 2018-03-16 华为技术有限公司 Authentication method, terminal device, server and the network authentication entity of mobile network
CN106535184A (en) * 2016-10-18 2017-03-22 深圳市金立通信设备有限公司 Key management method and system
CN108702622A (en) * 2017-11-30 2018-10-23 深圳前海达闼云端智能科技有限公司 Mobile network's access authentication method, device, storage medium and block chain node
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN108684041A (en) * 2018-05-31 2018-10-19 上海邑游网络科技有限公司 The system and method for login authentication
CN109087100A (en) * 2018-08-02 2018-12-25 中国联合网络通信集团有限公司 Cryptographic key distribution method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN110048843A (en) 2019-07-23

Similar Documents

Publication Publication Date Title
CN105050081B (en) Method, device and system for connecting network access device to wireless network access point
CN102379114B (en) Security Key Management in IMS-based Multimedia Broadcast and Multicast Service (MBMS)
EP2553894B1 (en) Certificate authority
CN102857911B (en) Positioning method, terminal and server
CN103314605A (en) Method and apparatus for authenticating a communication device
US20140281493A1 (en) Provisioning sensitive data into third party
WO2012042367A1 (en) Mobile handset identification and communication authentication
CN105007577A (en) Virtual SIM card parameter management method, mobile terminal and server
CN110995418A (en) Cloud storage authentication method and system, edge computing server and user router
KR20180016398A (en) Manage service provider certificates
US12512991B2 (en) Implementation of one-touch login service
Li et al. A secure sign-on protocol for smart homes over named data networking
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
JP2020533853A (en) Methods and equipment for managing digital certificates
RU2685975C2 (en) Providing communication security with extended multimedia platforms
CN100403814C (en) A key control method for multicast broadcast service
CN111918289B (en) Terminal access method, device and server
JP2024501326A (en) Access control methods, devices, network equipment, terminals and blockchain nodes
US11139962B2 (en) Method, chip, device and system for authenticating a set of at least two users
CN117240486A (en) Authentication method and communication device
CN110225017B (en) Identity authentication method, equipment and storage medium based on alliance block chain
CN113993127B (en) Implementation method and device for one-key login service
CN104243452A (en) Method and system for cloud computing access control
JP2023506791A (en) Privacy information transmission method, device, computer equipment and computer readable medium
CN107040501B (en) Authentication method and device based on platform as a service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant