WO2013139254A1 - Procédé et dispositif de mise à jour de clés - Google Patents

Procédé et dispositif de mise à jour de clés Download PDF

Info

Publication number
WO2013139254A1
WO2013139254A1 PCT/CN2013/072868 CN2013072868W WO2013139254A1 WO 2013139254 A1 WO2013139254 A1 WO 2013139254A1 CN 2013072868 W CN2013072868 W CN 2013072868W WO 2013139254 A1 WO2013139254 A1 WO 2013139254A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
identifier
variable part
key
variable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2013/072868
Other languages
English (en)
Chinese (zh)
Inventor
韦银星
张世伟
周苏静
吴强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2013139254A1 publication Critical patent/WO2013139254A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords

Definitions

  • the present invention relates to the field of communication network security, and in particular, to a method and apparatus for key update.
  • IBC identity based Cryptography
  • PKI Public Key Infrastructure
  • the key Since the key may be overdue or lost, a mechanism is needed for key revocation.
  • the "identification is the public key” is translated into the revocation of the identity.
  • the logo cannot be easily revoked, such as ID number, email address, etc.
  • the identity and identity are used interchangeably, taking into account the customary name; key updates and key revocation are not strictly distinguished.
  • the revoked public key is maintained by a Certificate Revocation List (CRL) or an Online Certificate Status Protocol (OCSP).
  • CTL Certificate Revocation List
  • OCSP Online Certificate Status Protocol
  • the database needs to be searched. .
  • the shortcoming of this kind of scheme is: It needs to rely on the certificate; the workload of the maintenance and management of the certificate is very large.
  • identity revocation is performed by appending an expiration time to the identity.
  • the downside of this approach is that the key revocation may not be timely and the key revocation may be required before the additional date expires.
  • a negotiation mechanism is needed at both ends of the communication to agree on additional information. Summary of the invention
  • the technical problem to be solved by the present invention is to provide a method and apparatus for key update, which can update a key in time in an identification-based cryptosystem.
  • a method for key update of the present invention includes: In the Identity-Based Cryptography (IBC), the key center sets the user identity as the public key to include a fixed part and a variable part, and updates the public key by changing the variable part of the user identity.
  • IBC Identity-Based Cryptography
  • variable part of the user identifier is a key center hashing the intermediate parameter, and is obtained from the result of the hash operation according to the length of the variable part, wherein the intermediate parameter includes a random value, the user Auxiliary identification and credentials.
  • variable part of the user identifier is a random value that is intercepted by the key center according to the length of the variable part; or, the variable part of the user identifier is a key center hashing the random value, according to The length of the variable portion is taken from the result of the hash operation.
  • the method further includes: after the variable center changes the variable part of the user identifier, publishing the user identifier and the public parameter generated when generating the private key for the user to the directory server;
  • the directory server stores the user ID and public parameters of the user.
  • the user identifier is an identity (AID) of the user.
  • the fixed part is a 64-bit subnet prefix
  • the variable part is a 64-bit interface identifier
  • the fixed part is a 64-bit subnet prefix + 32 bits used to distinguish the identifier of the subnet to which the user belongs, and the variable part is the remaining 32 bits.
  • the method further includes: after the first user receives the message sent by the second user, whether the variable part of the user identifier carried in the matching message is consistent with the variable part of the user identifier of the user identifier, If not, the second user is notified to update the user identifier of the first user.
  • the method further includes: in a communication process, the second user sends a message to the first user, and after receiving the message, the border device of the second user queries the directory server for the user identifier of the first user, where the first user When the variable portion of the user identification changes, the user identity of the first user is updated to the second user.
  • the method further includes: after the variable center changes the variable part of the user identifier, notifying the user identifier to the corresponding user, where the user updates the user identifier to the associated border device;
  • the border device of the first user updates the first user to the second user when the variable portion of the user identifier of the first user changes.
  • User ID the method further includes: after receiving the user identifier issued by the key center, the directory server notifies the other users who subscribe to the user identifier.
  • a device for key update includes: a public key configuration unit and a public key variable portion modification unit, wherein:
  • the public key configuration unit is configured to: set a user identifier as a public key to include a fixed part and a variable part;
  • the public key variable portion ⁇ tampering unit is configured to: update the public key by changing a variable portion of the user identifier.
  • the public key variable part modifying unit is configured to: perform a hash operation on the intermediate parameter, and intercept the variable part from the result of the hash operation according to the length of the variable part, wherein the intermediate parameter includes a random part Value, user assistance ID, and credentials.
  • the public key variable part modifying unit is configured to: set a variable part of the user identifier to a random value, and perform interception according to a length of the variable part; or, perform a hash operation on the random value, according to The length of the variable portion intercepts the variable portion from the result of the hash operation.
  • the method further includes: a public key issuing unit, wherein: the public key issuing unit is configured to: after the public key variable part modifying unit changes the variable part of the user identifier, the user identifier is generated and generated for the user The public parameters generated at the time of the key are published to the directory server.
  • the public key issuing unit is configured to: after the public key variable part modifying unit changes the variable part of the user identifier, the user identifier is generated and generated for the user The public parameters generated at the time of the key are published to the directory server.
  • the user identifier is an identity (AID) of the user.
  • the fixed part is a 64-bit subnet prefix
  • the variable part is a 64-bit interface identifier; or the fixed part is a 64-bit sub-interface.
  • the network prefix +32 bits is used to distinguish the identifier of the subnet to which the user belongs, and the variable part is the remaining 32 bits.
  • a method for key update includes:
  • the first user matches whether the variable part of the user identifier carried in the message is consistent with the variable part of the user identifier of the user, and if not, the notification
  • the second user updates the user identifier of the first user
  • the user identifier is a public key in an identity-based cryptographic system (IBC), and includes a fixed part and a variable part.
  • IBC identity-based cryptographic system
  • a method for key update includes:
  • the second user sends a message to the first user, and after receiving the message, the border device of the second user queries the directory server for the user identifier of the first user, and the variable part of the user identifier of the first user.
  • the change occurs, updating the user identifier of the first user to the second user;
  • the user identifier is a public key in an identity-based cryptosystem (IBC), and includes a fixed part and a variable part.
  • IBC identity-based cryptosystem
  • a method for key update includes:
  • the user identifier is notified to the corresponding user, and the user updates the user identifier to the associated border device;
  • the border device of the first user after receiving the message sent by the border device of the second user, the border device of the first user updates the first user to the second user when the variable portion of the user identifier of the first user changes.
  • the user identifier is a public key in an identity-based cryptosystem (IBC), and includes a fixed part and a variable part.
  • IBC identity-based cryptosystem
  • FIG. 1 is a system structural diagram of an identity-based cryptosystem according to an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of a method for generating a user identifier according to an embodiment of the present invention
  • FIG. 3 is a flowchart of key revocation according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a key revocation notification triggered by a terminal according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a key revocation notification triggered by a local border device according to an embodiment of the present invention
  • FIG. 6 is a flowchart of a key revocation notification triggered by a peer edge device according to an embodiment of the present invention
  • the user identifier is defined as a fixed portion and a variable portion
  • the key is revoked by changing the variable portion of the user identifier.
  • the variable part is calculated by hashing the intermediate parameters. Obtaining from the result of the hash operation according to the length of the variable portion, the variable portion may also be a random value intercepted according to the length of the variable portion, or, in order to hash the random value, according to the length of the variable portion Obtained from the results of the hash operation.
  • the intermediate parameters include: random values, user assistance IDs, and credentials.
  • the hash operation refers to the calculation using a hash function, and the hash function can use, for example, a message digest.
  • MD5 Message Digest
  • SHA-1 Secure Hash Algorithm
  • the key revocation process is initiated by the user.
  • the key center updates the user ID, generates the user's private key and public parameters, and then returns these parameters to the user, and simultaneously publishes the user ID and public parameters to the directory server.
  • the key revocation result can be triggered by the terminal, the local border device or the peer edge device to update.
  • the terminal triggers the update
  • user B obtains the latest user B's identity.
  • user A sends a message to user B
  • user B matches the variable part of the user identifier. If the user is found to be inconsistent, the user initiates an identity update message to notify user A to update the identity.
  • User A updates the identity of user B and re-initiates the session.
  • the border device A When the local border device triggers the update, when user A initiates communication with user B, the border device A goes to the directory server to find the identifier of user B, and the border device A is the local border device of user A.
  • Border device B is the peer boundary device relative to user A.
  • Figure 1 shows the system structure of the identified cryptosystem, including:
  • the directory server 100 stores a user identification (AID) and a public parameter, and the directory server 100 may be an identity location register (ILR) in the identification network, or Lightweight Directory Access Protocol (LDAP) server or X.500 Universal Server.
  • ILR identity location register
  • LDAP Lightweight Directory Access Protocol
  • the key center 102 is used by the key generator in the IBC to generate a user private key; for convenience, the key center herein can perform the user's authentication/authorization function.
  • Ida and IDb represent user identifiers, M for ciphertext, and C for ciphertext.
  • Key Center 102 generates a master key (seed) that generates a private key based on the master key, public parameters, and user ID.
  • the key center returns parameters (user ID, public parameters, and private key) to user B, and simultaneously publishes the user ID and public parameters to the directory server 100.
  • User A can obtain the user ID and public parameters of user B from the directory server.
  • User A and User B have symmetry, that is, user A can obtain the private key and public parameters from the key center, and user B can obtain the user ID and public parameters of user A from the directory server.
  • the specific IBC encryption, signature, authentication, and key negotiation procedures are not described here.
  • the user ID is used as the public key in the public/private key pair, and the user ID can be any string, such as an Internet Protocol (IP) address, an email address, or an ID number.
  • IP Internet Protocol
  • the identity is directly used as the public key in the IBC to encrypt/sign/hash the message, where the AID is 128 bits.
  • the IBC system works, but the user's private key needs to be updated or may be leaked, thus threatening the security of user communication and data. Therefore, a key revocation mechanism is required to allow the user to update at any time. Key.
  • FIG. 2 is a schematic diagram of a method for generating a user identifier.
  • a user identifier AID is divided into a fixed part and a variable part, and the user identifier is changed by updating a variable part of the user identifier, thereby implementing key cancellation.
  • a typical case is that the fixed part is 64 bits, the variable part is 64 bits, respectively corresponding to the globally routable subnet prefix and interface identifier of the IPv6 address; the other case is that the fixed part is 96 bits, where The upper 64 bits are subnet prefixes, the lower 32 bits are used to distinguish users on a particular subnet, and the variable part is 32 bits.
  • the fixed part is a user-friendly identifier that can be publicly disclosed and uniquely identified.
  • the variable part is random, used for key revocation, and user identity with different security strengths.
  • Random numbers are generated by a random number generator or created according to a time stamp of a certain precision.
  • User-assisted identification is distinguished from the user identification AID. In the mobile network, it can be an International Mobile Equipment Identity (IMSI), which is an ordinary user name in a fixed network.
  • IMSI International Mobile Equipment Identity
  • a voucher is a secret information owned by a user, such as a password.
  • the random number, the user-assisted identification, and the credential are concatenated.
  • the hash function outputs a fixed-length hash value from which the m-bit is truncated as a variable portion of the user identification.
  • the hash function can be SHA-1 or a more secure hash function algorithm.
  • FIG. 3 is a flowchart of a key revocation of an identity-based cryptosystem according to an embodiment of the present invention.
  • a user needs to revoke a key for some reason (such as a lost phone, an original key, or a password is compromised)
  • the operator needs to go to the operator's front desk.
  • the operator updates the variable part of the user identifier according to the method for generating the user identifier, and generates a corresponding private key and a public parameter for the user according to the IBC scheme.
  • the specific process includes:
  • Step 301 The user accesses the key center, and establishes a secure channel after being authenticated and authorized; the secure channel may be Internet Protocol Security (IPsec) or Transport Layer Security (TLS).
  • IPsec Internet Protocol Security
  • TLS Transport Layer Security
  • Step 302 The user initiates an identifier change request.
  • the user may provide a user auxiliary identifier and/or a credential as a parameter of the user identification change
  • the user auxiliary identifier may be a user name, an ID number, an IMSI, etc.
  • the credential may be a user password.
  • Step 303 The key center constructs a variable part of the user identifier according to the method for generating the user identifier, updates the user identifier, and generates a corresponding private key and a public parameter for the user.
  • Step 304 The key center returns an identifier update response message to the user, where the message carries information such as the updated user identifier, private key, and public parameters.
  • Step 305 The key center notifies the directory server to update the user identifier and the public parameter, and the directory server updates the corresponding variable part according to the fixed part of the user identifier.
  • the following H does not update the variable portion of the user ID of the user B, thereby updating the private key of the user B.
  • User B needs to notify the other users of the updated user ID (that is, the public key) by some mechanism, including:
  • user B After user B performs key revocation, user B obtains the latest user ID. User A sends the message to user B, and user B matches the variable part of the identifier. If the inconsistency is found, the identity update message is sent to notify user A to update the identifier. User A updates the user ID of user B and re-initiates the session.
  • Figure 4 shows the process of the key revocation notification triggered by the terminal, including:
  • the border device A and the border device B represent the two communicating parties.
  • the border device A and the border device B are deployed at the border of the carrier network, such as a broadband access server (BRAS), and the corresponding access service router (ASR) in the identification network.
  • BRAS broadband access server
  • ASR access service router
  • Step 401 The user A initiates a session with the user B, and the message includes the user ID of the user B.
  • the ID of the user B is updated, which is equivalent to the IPv6 address update (the high 64-bit subnet prefix is unchanged, and the lower 64-bit interface address changes).
  • Step 403 User B sends an identifier update message to user A, where the message includes the user identifier of user B.
  • Step 404 User A updates the user ID of user B.
  • Step 405 User A re-initiates the session to User B.
  • the terminal B needs to participate in the identifier update process, which has a greater impact on the terminal.
  • offline services such as e-mail
  • User B cannot feedback the update message to User A in real time, which leads to security risks in the previous data. Therefore, this solution is not suitable for offline services.
  • FIG. 5 is a flow of a key revocation notification triggered by a local border device, including: Step 501: User A initiates a session with user B, and the packet contains the user ID of user B. Step 502: After receiving the packet, the border device A receives the packet. And sending an identifier update request message to the directory server. After the user B performs the key revocation, the user identifier of the user B is updated in the directory server. Step 503: The directory server sends an identifier update response message to the border device A. Step 504: Device A sends an identifier update message to user A.
  • Step 505 User A re-initiates a session to User B, where the message includes the updated user ID of User B.
  • the identifier update is mainly performed by the network side device, and the impact on the terminal is small.
  • border device A needs to access the directory server to check for identity updates.
  • border device A When user A initiates communication with user B, border device A interacts with border device B, triggers the identity update at border device B, and then border device A notifies user A to update user B's user identity.
  • Boundary device B is the peer boundary device relative to user A.
  • Figure 6 is a key revocation notification triggered by the border device B, including:
  • Step 601 User B automatically updates the user identifier to the border device B.
  • the user ID is updated to its border device B.
  • Step 602 The user A initiates a session with the user B, and the packet contains the user identifier of the user B.
  • Step 603 After receiving the packet, the border device A forwards the packet to the border device B.
  • Step 604 The border device B receives the packet. After the message is received, check the fixed part of the user ID. If it does not match, discard the >3 ⁇ 4 text; if it matches, check the variable part of the user ID. If the variable part matches, the normal message processing process is performed. If the variable parts do not match, the identity update message is sent to the border device A;
  • Step 605 The border device B sends an identifier update message to the border device A.
  • Step 606 The border device A sends an identifier update message to the user A.
  • Step 607 User A re-initiates a session to User B, where the message contains the updated user ID of User B.
  • the directory server can use the directory server to trigger the key revocation.
  • User A subscribes to the directory server service, and after user B initiates the update, the directory server notifies the user eight.
  • the directory server maintains subscription information for a large number of users, which has a certain impact on performance.
  • the embodiment further provides an apparatus for key update, including: a public key configuration unit and a public key variable part modification unit, where:
  • a public key configuration unit configured to set a user identifier as a public key to include a fixed part and a variable part
  • the public key variable portion modifying unit is configured to update the public key by changing a variable portion of the user identification.
  • the public key variable part modifying unit is specifically configured to perform a hash operation on the intermediate parameter, and intercept the variable part from the result of the hash operation according to the length of the variable part, wherein the intermediate parameter includes a random value, a user auxiliary identifier, and a credential Or, the variable part of the user identifier is set to a random value, and is intercepted according to the length of the variable part; or, the random value is hashed, and the variable is intercepted from the result of the hash operation according to the length of the variable part section.
  • the device also includes a public key issuing unit, wherein:
  • the public key issuing unit is configured to post the user identifier and the public parameter generated when the private key is generated for the user to the directory server after the public key variable part modifying unit changes the variable part of the user identifier.
  • the user identifier is the user's identity (AID).
  • the identity identifier uses the IPv6 address
  • the fixed part is a 64-bit subnet prefix
  • the variable part is a 64-bit interface identifier.
  • the fixed part is a 64-bit sub-interface.
  • the network prefix +32 bits is used to distinguish the identifier of the subnet to which the user belongs, and the variable part is the remaining 32 bits.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be executed by a computing device The program code is implemented so that they can be stored in the storage device by the computing device, or they can be separately fabricated into individual integrated circuit modules, or a plurality of modules or steps can be made into a single integrated circuit module. .
  • the invention is not limited to any specific combination of hardware and software.
  • the present invention can effectively solve the problem of key revocation in the ID-based cryptosystem.
  • the user can perform key revocation in time, facilitating the operator to carry out security services, improving user convenience, and enhancing system security.
  • the user identification generated by the present invention also has the following advantages:
  • the user can update the key at any time

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Procédé de mise à jour de clés, comprenant : dans un système de cryptographie basée sur l'identité (IBC), la configuration, par un centre de clés, d'une identité d'utilisateur utilisée comme clé publique de sorte qu'elle comprenne une partie fixe et une partie variable, et la mise à jour, par le centre de clés, de la clé publique par modification de la partie variable de l'identité d'utilisateur.
PCT/CN2013/072868 2012-03-22 2013-03-19 Procédé et dispositif de mise à jour de clés Ceased WO2013139254A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2012100779295A CN103326853A (zh) 2012-03-22 2012-03-22 一种密钥更新的方法及装置
CN201210077929.5 2012-03-22

Publications (1)

Publication Number Publication Date
WO2013139254A1 true WO2013139254A1 (fr) 2013-09-26

Family

ID=49195399

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/072868 Ceased WO2013139254A1 (fr) 2012-03-22 2013-03-19 Procédé et dispositif de mise à jour de clés

Country Status (2)

Country Link
CN (1) CN103326853A (fr)
WO (1) WO2013139254A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038486A (zh) * 2014-06-04 2014-09-10 武汉理工大学 一种基于标识型密码实现用户登录鉴别的系统及方法
CN116389111A (zh) * 2023-04-04 2023-07-04 北京航空航天大学 基于标识的强权限控制模式下联盟链身份认证方式

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579645B (zh) * 2015-01-26 2017-07-14 中国科学院半导体研究所 基于aes加密系统的密钥更新方法
CN104735064B (zh) * 2015-03-16 2018-03-27 深圳奥联信息安全技术有限公司 一种标识密码系统中标识安全撤销并更新的方法
CN105554744B (zh) * 2015-12-16 2019-04-09 苏州寻息电子科技有限公司 一种定位节点的安全防护方法
CN105591738B (zh) * 2015-12-22 2018-12-25 新华三技术有限公司 一种密钥更新方法及装置
US10447665B2 (en) * 2017-03-31 2019-10-15 Konica Minolta Laboratory U.S.A., Inc. IPv6 link local secure network with biometric security to secure IOT devices
TW202019189A (zh) * 2018-11-05 2020-05-16 財團法人資訊工業策進會 用於裝置連線之雲端平台及裝置連線方法
CN110289962B (zh) * 2019-07-22 2020-06-30 国网电子商务有限公司 一种基于utxo模型的ibe密钥更新方法及装置
WO2022188027A1 (fr) * 2021-03-09 2022-09-15 华为技术有限公司 Procédé et dispositif de communication sécurisée

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060013389A1 (en) * 2004-06-23 2006-01-19 Harrison Keith A Cryptographic method and apparatus
CN101267301A (zh) * 2007-03-15 2008-09-17 上海贝尔阿尔卡特股份有限公司 通信网络中基于身份的认证和密钥协商方法及装置
CN101296107A (zh) * 2007-04-27 2008-10-29 上海贝尔阿尔卡特股份有限公司 通信网络中基于身份标识加密技术的安全通信方法及装置
CN101436930A (zh) * 2007-11-16 2009-05-20 华为技术有限公司 一种密钥分发的方法、系统和设备
CN101626294A (zh) * 2008-07-07 2010-01-13 华为技术有限公司 基于身份的认证方法、保密通信方法、设备和系统
CN101657036A (zh) * 2008-08-20 2010-02-24 中国移动通信集团公司 终端标识和用户标识对应关系的更新方法及其设备和系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340282B (zh) * 2008-05-28 2011-05-11 北京易恒信认证科技有限公司 复合公钥的生成方法
CN102215111A (zh) * 2011-07-06 2011-10-12 北京中兴通数码科技有限公司 一种结合标识密码体制和传统公钥密码体制的方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060013389A1 (en) * 2004-06-23 2006-01-19 Harrison Keith A Cryptographic method and apparatus
CN101267301A (zh) * 2007-03-15 2008-09-17 上海贝尔阿尔卡特股份有限公司 通信网络中基于身份的认证和密钥协商方法及装置
CN101296107A (zh) * 2007-04-27 2008-10-29 上海贝尔阿尔卡特股份有限公司 通信网络中基于身份标识加密技术的安全通信方法及装置
CN101436930A (zh) * 2007-11-16 2009-05-20 华为技术有限公司 一种密钥分发的方法、系统和设备
CN101626294A (zh) * 2008-07-07 2010-01-13 华为技术有限公司 基于身份的认证方法、保密通信方法、设备和系统
CN101657036A (zh) * 2008-08-20 2010-02-24 中国移动通信集团公司 终端标识和用户标识对应关系的更新方法及其设备和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038486A (zh) * 2014-06-04 2014-09-10 武汉理工大学 一种基于标识型密码实现用户登录鉴别的系统及方法
CN116389111A (zh) * 2023-04-04 2023-07-04 北京航空航天大学 基于标识的强权限控制模式下联盟链身份认证方式

Also Published As

Publication number Publication date
CN103326853A (zh) 2013-09-25

Similar Documents

Publication Publication Date Title
WO2013139254A1 (fr) Procédé et dispositif de mise à jour de clés
CN103597774B (zh) 提供机器到机器服务的方法和装置
KR102134302B1 (ko) 무선 네트워크 접속 방법 및 장치, 및 저장 매체
CN103975552B (zh) 经由经认证的路由器的数据交换
CN100456739C (zh) 远程访问虚拟专用网络中介方法和中介装置
CN111050322B (zh) 基于gba的客户端注册和密钥共享方法、装置及系统
US8374582B2 (en) Access method and system for cellular mobile communication network
CN103237038B (zh) 一种基于数字证书的双向入网认证方法
US20200358764A1 (en) System and method for generating symmetric key to implement media access control security check
US20160365982A1 (en) System and method for secure end-to-end messaging system
US20170201382A1 (en) Secure Endpoint Devices
JP2016509457A5 (fr)
JP5744231B2 (ja) Ptpプロトコル用の鍵を配布するための方法および装置
CN102404347A (zh) 一种基于公钥基础设施的移动互联网接入认证方法
CN101282208B (zh) 安全连接关联主密钥的更新方法和服务器及网络系统
CN118540167B (zh) 一种基于ipk的mqtt协议的身份认证方法和数据传输方法
CN102640449A (zh) 用于web应用通信的系统和方法
US12418406B2 (en) Authentication using a decentralized and/or hybrid decentralized secure cryptographic key storage method
Liyanage et al. A scalable and secure VPLS architecture for provider provisioned networks
CN102884756A (zh) 通信装置和通信方法
CN111314269A (zh) 一种地址自动分配协议安全认证方法及设备
CN115883088B (zh) 基于bgp路由的自治域安全参数更新方法
CN113014376B (zh) 一种用户与服务器之间安全认证的方法
CN118157859B (zh) 一种基于国密安全芯片的设备安全通信方法和设备
CN116074038B (zh) 一种用于IPv6数据安全传输的网关系统及方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13764674

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13764674

Country of ref document: EP

Kind code of ref document: A1