Negotiation method and system for secret key of secure channel

A security channel and key technology, applied in the field of data security communication, can solve the problem of low security strength and achieve the effect of improving security

Active Publication Date: 2020-03-24
FUJIAN LANDI COMML EQUIP CO LTD
View PDF10 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, in this application scenario, only a security channel with one-way authentication from the ordinary mobile terminal to the payment terminal side can be established, and its security strength is not high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Negotiation method and system for secret key of secure channel
  • Negotiation method and system for secret key of secure channel
  • Negotiation method and system for secret key of secure channel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0168] Please refer to figure 1 , a key negotiation method for a secure channel, comprising:

[0169] S1. The authentication server generates a first random number and the corresponding first temporary public key, sends the first temporary public key to the first terminal that trusts it with it, and sends the first random number to the first terminal that it trusts with it a second terminal, the first terminal is a data security device, and the second terminal is a non-data security device;

[0170] S2. The first terminal generates a second random number and a corresponding second temporary public key, and sends the second temporary public key to the second terminal through the authentication server;

[0171] S3. The first terminal and the second terminal respectively negotiate the key of the secure channel between them according to their respective random numbers and temporary public keys;

[0172] Wherein, the first terminal and the second terminal respectively establish a...

Embodiment 2

[0196]On the basis of the first embodiment, the second embodiment further explains how to realize mutual authentication between the authentication server and the first terminal and the second terminal respectively based on the shared password group, so as to solve the problem of mutual trust between the communication parties:

[0197] Before said step S1, steps are included:

[0198] S01. The first terminal and the second terminal respectively generate their current first key group and second key group according to their respective serial numbers;

[0199] Specifically, this embodiment is described by using the interaction between the secure payment terminal SPT and the ordinary mobile terminal, plus an application scenario of a background authentication server (Backend Server) that is mutually trusted with the secure payment terminal SPT and the ordinary mobile terminal. The authentication server (Backend Server) is used to prove the identity of the payment terminal to the mo...

Embodiment 3

[0255] In this embodiment, on the basis of Embodiment 1 or Embodiment 2, after the step S3, it also includes:

[0256] The first terminal and the second terminal respectively use the KDF key derivation algorithm to generate the third data encryption key, the first terminal to the second terminal direction authentication code key and the second terminal to the first terminal direction authentication key according to the negotiated key. code key, as a third key group of the secure channel between the first terminal and the second terminal;

[0257] Specifically, based on the principle of the ECDH key agreement protocol, the temporary key abG of the secure channel between SPT and MP_APP is generated;

[0258] Then according to abG, the third key group is generated by using the KDF key derivation algorithm;

[0259] The specific settings of the KDF algorithm are as follows:

[0260] Follow the key derivation method described in to perform key derivation. Optional, the specific ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a negotiation method and system for a secret key of a secure channel. The authentication server generates a first random number and a corresponding first temporary public key,sends the first temporary public key to a first terminal which is mutually trusted with the authentication server, and sends the first random number to a second terminal which is mutually trusted withthe authentication server, the first terminal is data security equipment, and the second terminal is non-data security equipment. The first terminal generates a second random number and a corresponding second temporary public key, and sends the second temporary public key to the second terminal through the authentication server. The first terminal and the second terminal negotiate secret keys ofsecure channels between the first terminal and the second terminal according to respective random numbers and temporary public keys. The first terminal and the second terminal negotiate together to obtain the key for realizing the high-reliability data security channel between the first terminal and the second terminal, so that the security of communication between the first terminal (such as a payment terminal) and the second terminal (such as a mobile terminal) is improved.

Description

technical field [0001] The invention relates to the field of data security communication, in particular to a method and system for negotiating keys of a security channel. Background technique [0002] In the prior art, in order to realize secure communication between two terminals, a data security channel is usually established between the two terminals. There are many solutions for the technical implementation of data security channels. Taking the RSA-based key agreement protocol as an example, the typical process of establishing a security channel is that the two parties in communication (assumed to be A and B) each save a public key that can authenticate the other party. The root public key certificate of the certificate, and the communication parties also need to keep a pair of public-private key pairs representing their respective identities in a safe place. Both parties send their own public key certificates to the other party, and the other party verifies the identit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L29/06
CPCH04L9/0838H04L63/205H04L63/061H04L63/08
Inventor 孟陆强陈本耀
Owner FUJIAN LANDI COMML EQUIP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap