An identity-based end-to-end key authentication negotiation method and system

A technology of identity identification and key authentication, which is applied in the field of information security and can solve problems such as denial of service attacks

Active Publication Date: 2018-02-09
康铂新能源技术(昆山)有限公司
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The implicit authentication method adopted by the second technology is usually carried out after the message exchange is completed, which is easy to cause denial of service attack (DOS)
[0013] The above method adopts the implicit authentication method, and the other party can only be authenticated after the message exchange is completed, which is easy to cause a denial of service attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An identity-based end-to-end key authentication negotiation method and system
  • An identity-based end-to-end key authentication negotiation method and system
  • An identity-based end-to-end key authentication negotiation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0082] The sending-end message authentication code calculation module is further configured to generate a first key according to the sending-end private key, the receiving-end identity identifier, and first key exchange-related information when generating the first message authentication code, from the first Deriving the first authentication key from a key, using the first authentication key as the input key of the first message authentication code algorithm, and calculating the first message authentication code; When the second message authentication code is received by the end, a second key is generated according to the private key of the sending end, the identity of the receiving end, the second key exchange information, and the first key exchange related information, and the second key is obtained from the second key The second authentication key is derived from the key, and the second authentication key is used as the input key of the second message authentication code alg...

Embodiment approach 2

[0085] The sending-end message authentication code calculation module is further configured to generate a first key according to the sending-end private key, the receiving-end identity identifier, and first key exchange-related information when generating the first message authentication code, from the first Deriving the first authentication key from a key, using the first authentication key as the input key of the first message authentication code algorithm, and calculating the first message authentication code; When the second message authentication code is received by the end, a second key is generated according to the private key of the sending end, the identity of the receiving end, the second key exchange information, and the first key exchange related information, and the second key is obtained from the second key The second authentication key is derived from the key, and the second authentication key is used as the input key of the second message authentication code alg...

Embodiment approach 3

[0088] The sending-end message authentication code calculation module is further configured to generate a first key according to the sending-end private key, the receiving-end identity identifier, and first key exchange-related information when generating the first message authentication code, from the first Deriving the first authentication key from a key, using the first authentication key as the input key of the first message authentication code algorithm, and calculating the first message authentication code; When the second message authentication code is received by the end, a second key is generated according to the private key of the sending end, the identity of the receiving end, the second key exchange information, and the first key exchange related information, and the second key is obtained from the second key The second authentication key is derived from the key, the session key is derived from the second authentication key, and the session key is used as the input ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an identity-based end-to-end key authentication negotiation method and system. The sending end generates the first key exchange information T_A, and according to T_A, the sending end private key, the sending end identity ID_A, and the receiving end identity ID_B, the first key exchange related information generate the first message authentication code mac1, and send mac1 and T_A to the receiving end; the receiving end generates the second key exchange information T_B, according to the second key exchange information T_B, the receiving end private key , ID_A, T_A, the second key exchange related information to generate the second message authentication code mac2, and send mac2 and T_B to the sending end; the sending end generates the third message authentication code mac3 according to T_A, T_B, ID_A, ID_B; the receiving end After verifying mac1, sending end verifying mac2, and receiving end verifying mac3, the key authentication negotiation between the two ends is successful. The invention is especially suitable for the network where the identity mark and the location are separated, and can improve the security of the key agreement at the same time.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to an identity-based end-to-end key authentication negotiation method and system. Background technique [0002] The end-to-end authentication and key agreement method is an information security technology widely used in communication networks, and is generally implemented through public key cryptography and symmetric cryptography. Among them, the use of symmetric cryptography requires complex and secure key distribution and management systems. [0003] Public key cryptography needs to generate a pair of mathematically related public key and private key for each user. The public key is publicly released in a certain way, so that any sender can obtain the public key of the receiver, and the private key is provided by the receiver. kept secret. One of the biggest security problems in traditional public key cryptography systems is how to ensure that the public key used re...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L9/08
Inventor 周苏静韦银星
Owner 康铂新能源技术(昆山)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products