A method and a system for generating a sub-key of a binding device based on master key negotiation

Abstract

The invention discloses a method and a system for generating a sub-key of a binding device based on master key negotiation. The method comprises the following steps: an application client installed ina first device sends a device registration request carrying an identifier D1 of the first device and a sub-key Ks of an account to an application server; Wherein the Ks are generated according to thename of the account and a master key input by the user; After receiving the equipment registration request, the application server generates a random number N1, generates a sub-key Ka1 bound with first equipment according to N1, D1 and Ks, and sends the N1 to an application client; And the application client generates the sub-key Ka1 according to the received random numbers N1, D1 and Ks. According to the method, on the basis that a user only needs to remember one password serving as a main secret key and does not need to carry additional equipment due to the fact that the user does not needto carry the safety secret key, convenience can be provided for later sub-secret-key management, and higher safety is provided.

Description

technical field [0001] The present invention relates to the technical field of information security transmission, in particular to a method and system for generating subkeys of bound devices based on master key negotiation. Background technique [0002] With the rapid development of the Internet, every ordinary user begins to have more and more online accounts and more and more computer devices (PC, smart phone, Pad, Internet of Things devices, etc.). In the current multi-service and multi-device application scenario, password management is a heavy burden for users. The resulting password reuse attacks, password reset attacks, and phishing attacks have brought increasingly serious threats to the security of online accounts. [0003] Security keys were introduced as a more secure mode of authentication, first adopted by banks and some large Internet services (Google, Dropbox, Twitter, etc.). Based on FIDO, which can manage the security keys of multiple online accounts, it c...

AI Technical Summary

Problems solved by technology

[0006] However, in practical application, the inventors of the present invention found that after generating the sub-key based on the above-mentioned prior art scheme, it is not convenient to manage the generated sub-key, for example, the sub-key cannot be updated automatically on a regular basis

[0007] In addition, after the subkey is generated based on the above existing technical solutions, there are still some security holes in the management of the generated subkey. For example, when a new device is registered to generate a subkey, it is necessary to restore the subkey of other devices to Perform identity authentication: the new device needs to send a key recovery request carrying the application ID and user ID to the application server; the application server sends the random number corresponding to the application ID and user ID to the new device; key and the received random number can recover the subkey of the previous device; the new device can complete the identity authentication only after sending the recovered subkey of the previous device to the application server, and then re-negotiate with the application server to generate a binding copy device subkey

This vulnerability presents potential opportunities for attackers to

Images