Method for distributing key using public key cryptographic technique and on-line updating of the public key

Abstract

The invention relates to a method for the distribution of an encryption key and the online innovation of a public key, which comprises the steps that: (1) a first entity produces a temporary public and private key pair; (2) a communication conversation encryption key exists between the first entity and a second entity; (3) an encryption key distribution center locally stored is utilized to carry out the signature verification of the public key; (4) the second entity produces a temporary public and private key pair; (5) a encryption key response message is formed and returned to the second entity; (6) the encryption key distribution center locally stored is utilized to carry out the signature verification of the public key; (7) the communication conversation encryption key is utilized by the first entity and the second entity to serve as a conversation encryption key to carry out secret communication. The method proposes a method that safely distributes communication encryption key to each pair of entity, causes the encryption key to have PFS property and lowers the complexity of the encryption key management of the system, and also supports the online innovation function of a public key of the encryption key distribution center which is the trusted third party.

Description

technical field [0001] The invention relates to a key distribution using public key encryption technology and a public key online updating method. Background technique [0002] When secure communication is required between communication network entities, key management is one of the key technologies. Sharing a key per pair of users is possible in small networks, but is not feasible in larger networks. In a system with N users, in order to realize secure communication between any two users, N(N-1) / 2 keys need to be generated and distributed to ensure secure communication between any two users in the network. As the scale of the system increases, the complexity increases dramatically. For a network where N is 1000, about 500,000 keys are needed for distribution, storage, etc. In order to reduce complexity, a centralized key management method is usually adopted, which is implemented by a trusted online server as the key distribution center KDC (Key Distribution Center) or key...

AI Technical Summary

Problems solved by technology

[0005] Due to the participation of the key distribution center or key transfer center, each pair of entities can use a new communication key each time they communicate, but each user needs to save a shared key with the key distribution center or key transfer center. The secret management key is used for a long time, and for the key distribution center and the key transfer center, it not only needs to store a huge number of secret management keys, but also bears a large security risk, because once there is a problem, it will directly Threat to the security of the entire system, and none of the above key distribution methods has the perfect forward secrecy PFS (Perfect Forward Secrecy) of the key

Images