Cross-domain key management method based on IBC and PKI

Abstract

The invention provides a cross-domain key management method based on IBC and PKI, the method takes respective advantages of two systems and solves a problem of mutual trust of KGC public parameters under a cross-domain environment. In the key management method, a plurality of independent KGC systems are built based on an IBC system, a CA system is built based on a PKI system, the CA system signs and issues a digital certificate for the public parameter of each KGC system, further generates a cross-domain authorization list for each KGC according to a cross-domain authority control strategy andissues the cross-domain authorization list to each node user through each KGC system. When cross-domain authentication is executed between the node users, ID of an opposite side and index informationof the KGC system, where the opposite side is, are exchanged, the public parameter is extracted from the cross-domain authorization list and an IBC related algorithm is used, thus, authentication andcommunication processes can be completed. With the method provided by the invention, time and economic cost caused by accessing to a PPS or other switching systems are saved, moreover, a flexible cross-domain authority control strategy is supported, so the method is very suitable for the emerging fields with massive node users, such as the Internet of Things and electronic currency.

Description

technical field [0001] The invention relates to information security and a key system, in particular to a cross-domain key management method based on a mixed system of IBC and PKI. Background technique [0002] The traditional PKI (Public Key Infrastructure) system is based on digital certificates to achieve identity authentication, which is widely used in encrypted mail, online banking, e-government and other fields. At present, the SM2 asymmetric encryption algorithm issued by the National Commercial Cryptography Administration is mainly used in China. . In the emerging Internet of Things, electronic currency and other fields, in the face of tens of millions of node users, there are strict requirements on the hardware deployment, load balancing, disaster recovery and other capabilities of the CA center server in the PKI system. In order to solve many problems in certificate management, the IBC (Identity-Based Cryptography) system has been more and more widely used, which ...

AI Technical Summary

Problems solved by technology

At present, the mainstream solution to solve cross-domain authentication is to use public parameter service (PPS). PPS is responsible for publishing public parameters of different KGC domains. Node users need to access PPS in real time to complete cross-domain transactions, which requires a certain system construction cost and per transaction. times, and, in this way, the power of PPS is supreme, the attacker can forge an illegal domain out of thin air on the link, and the node user lacks a strong means to confirm whether the received parameters are legal, easy security risk

Images