CN108777678B - A network key exchange system, device and method - Google Patents
A network key exchange system, device and method Download PDFInfo
- Publication number
- CN108777678B CN108777678B CN201810480420.2A CN201810480420A CN108777678B CN 108777678 B CN108777678 B CN 108777678B CN 201810480420 A CN201810480420 A CN 201810480420A CN 108777678 B CN108777678 B CN 108777678B
- Authority
- CN
- China
- Prior art keywords
- information
- key
- interaction
- interaction information
- timestamp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 198
- 230000003993 interaction Effects 0.000 claims abstract description 494
- 230000005540 biological transmission Effects 0.000 claims abstract description 82
- 238000004891 communication Methods 0.000 claims abstract description 25
- 230000008569 process Effects 0.000 claims description 122
- 238000012795 verification Methods 0.000 claims description 65
- 238000004422 calculation algorithm Methods 0.000 claims description 18
- 230000002452 interceptive effect Effects 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000012546 transfer Methods 0.000 claims description 2
- 238000004590 computer program Methods 0.000 description 7
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- FFBHFFJDDLITSX-UHFFFAOYSA-N benzyl N-[2-hydroxy-4-(3-oxomorpholin-4-yl)phenyl]carbamate Chemical compound OC1=C(NC(=O)OCC2=CC=CC=C2)C=CC(=C1)N1CCOCC1=O FFBHFFJDDLITSX-UHFFFAOYSA-N 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本申请提供一种网络密钥交互系统、装置及方法,该系统包括第一设备和第二设备;第一设备将生成的第一交互信息发送给第二设备;接收第二设备接收到第一交互信息后发送的第二交互信息;基于第一交互信息中携带的第一轮信息和第二交互信息中携带的第二轮信息生成临时传输密钥;使用临时传输密钥对随机生成的网络密钥加密后,将之携带在第三交互信息中发送给第二设备;第二设备在接收到第三交互信息后,根据第一交互信息中携带的第一轮信息和本地生成的第二轮信息生成临时传输密钥,并使用生成的临时传输密钥获取第三交互信息中携带的网络密钥。该系统能够通过多次握手的方式协商网络密钥,能够在网络密钥被窃取的时候及时更换,提高无线网络通讯的安全性。
The present application provides a network key interaction system, device and method. The system includes a first device and a second device; the first device sends the generated first interaction information to the second device; the receiving second device receives the first The second interaction information sent after exchanging information; the temporary transmission key is generated based on the first-round information carried in the first interaction information and the second-round information carried in the second interaction information; using the temporary transmission key pair randomly generated network After the key is encrypted, it is carried in the third interaction information and sent to the second device; after the second device receives the third interaction information, it is based on the first round of information carried in the first interaction information and the locally generated second The round information generates a temporary transmission key, and the generated temporary transmission key is used to obtain the network key carried in the third interaction information. The system can negotiate the network key through multiple handshakes, can change the network key in time when the network key is stolen, and improve the security of wireless network communication.
Description
技术领域technical field
本申请涉及数据安全领域,具体而言,涉及一种网络密钥交互系统、装置及方法。The present application relates to the field of data security, and in particular, to a network key interaction system, device and method.
背景技术Background technique
随着物联网技术的不断发展,物联网的应用越来越广泛,规模也越来越庞大。物联网设备一般采用紫蜂协议(ZigBee)等无线网络通信协议进行通信。With the continuous development of the Internet of Things technology, the application of the Internet of Things has become more and more extensive, and the scale has become larger and larger. IoT devices generally use wireless network communication protocols such as ZigBee to communicate.
在物联网中,为了保证通讯的高效性,现有的无线网络通讯协议主要采用对传输数据不加密或少加密的措施来实现;不加密的数据传输方式,也即在通讯过程中取消了加密环节,这造成通信信息很容易就被窃取,容易造成多方利益受损;少加密的数据传输方式主要通过出厂设置的预定义密钥进行数据加密传输;虽然在一定程度上保证了数据的安全性,但是预定义密钥无法改变,一旦被窃取,同样会造成信息的泄露。In the Internet of Things, in order to ensure the efficiency of communication, the existing wireless network communication protocol mainly adopts the measures of no encryption or less encryption of the transmitted data; This makes communication information easy to be stolen and damages the interests of multiple parties; the less encrypted data transmission method mainly uses the factory-set predefined key for data encryption transmission; although data security is guaranteed to a certain extent , but the predefined key cannot be changed. Once stolen, it will also cause information leakage.
因此,无线网络通讯的安全性差成为目前亟待解决的问题。Therefore, the poor security of wireless network communication has become an urgent problem to be solved at present.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本申请的目的在于提供一种网络密钥协商系统、装置及方法,能够实现密钥的加密传输,提高无线网络通讯的安全性。In view of this, the purpose of the present application is to provide a network key agreement system, device and method, which can realize encrypted transmission of keys and improve the security of wireless network communication.
第一方面,本申请实施例提供了网络密钥协商系统,包括:进行数据通信的第一设备以及第二设备;In a first aspect, an embodiment of the present application provides a network key agreement system, including: a first device for data communication and a second device;
所述第一设备,用于生成第一交互信息,并将所述第一交互信息发送给所述第二设备;所述第一交互信息携带有:使用安全密钥加密的第一轮信息;接收所述第二设备接收到所述第一交互信息后发送的第二交互信息;基于所述第一轮信息、所述第二交互信息中携带的第二轮信息,生成临时传输密钥;使用所述临时传输密钥对随机生成的网络密钥进行加密,生成网络密钥加密信息;将所述网络密钥加密信息携带在第三交互信息中,发送给所述第二设备;接收所述第二设备基于所述第三交互信息发送的第四交互信息,并基于随机生成的所述网络密钥对所述第四交互信息进行验证,若验证通过,则完成与第二设备之间网络密钥的协商;the first device, configured to generate first interaction information, and send the first interaction information to the second device; the first interaction information carries: the first round of information encrypted with a security key; receiving second interaction information sent by the second device after receiving the first interaction information; generating a temporary transmission key based on the first round information and the second round information carried in the second interaction information; Use the temporary transmission key to encrypt the randomly generated network key to generate network key encryption information; carry the network key encryption information in the third interaction information, and send it to the second device; receive the network key encryption information; The second device verifies the fourth interaction information based on the fourth interaction information sent by the third interaction information and based on the randomly generated network key, and if the verification is passed, the communication with the second device is completed. Negotiation of network keys;
所述第二设备,用于接收所述第一交互信息后,生成第二交互信息,并将所述第二交互信息发送给所述第一设备;所述第二交互信息携带有:使用所述安全密钥加密的第二轮信息;接收所述第一设备根据所述第二交互信息发送的第三交互信息;基于所述第一交互信息中携带的第一轮信息以及第二轮信息,生成临时传输密钥,并基于所述临时传输密钥对网络密钥加密信息进行解密,获得所述网络密钥;基于所述网络密钥生成所述第四交互信息,并向所述第一设备发送所述第四交互信息。The second device is configured to generate second interaction information after receiving the first interaction information, and send the second interaction information to the first device; the second interaction information carries: using the the second round of information encrypted by the security key; receive the third interaction information sent by the first device according to the second interaction information; based on the first round of information and the second round of information carried in the first interaction information , generate a temporary transmission key, and decrypt the network key encryption information based on the temporary transmission key to obtain the network key; generate the fourth interaction information based on the network key, and report it to the third A device sends the fourth interaction information.
第二方面,本申请实施例还提供了一种网络密钥协商装置,用于由第一设备和第二设备构成的网络密钥协商系统中;所述第一设备中安装有第一交互模块;所述第二设备中安装有第二交互模块;In a second aspect, an embodiment of the present application further provides a network key agreement apparatus, which is used in a network key agreement system composed of a first device and a second device; the first device is installed with a first interaction module ; a second interaction module is installed in the second device;
所述第一交互模块,用于:生成第一交互信息,并将所述第一交互信息发送给所述第二交互模块;所述第一交互信息携带有:使用安全密钥加密的第一轮信息;接收所述第二设备根据所述第一交互信息反馈的第二交互信息;基于所述第一轮信息、所述第二交互信息中携带的所述第二轮信息,生成临时传输密钥;使用所述临时传输密钥对随机生成的网络密钥进行加密,生成网络密钥加密信息;将所述网络密钥加密信息,以及使用所述安全密钥加密后的设备密钥携带在第三交互信息中,发送给所述第二交互模块;接收所述第二交互模块基于所述第三交互信息发送的第四交互信息,并基于随机生成的所述网络密钥对所述第四交互信息进行验证,若验证通过,则完成与第二交互模块之间网络密钥的协商;The first interaction module is configured to: generate first interaction information, and send the first interaction information to the second interaction module; the first interaction information carries: the first interaction information encrypted with a security key round information; receiving second interaction information fed back by the second device according to the first interaction information; generating a temporary transmission based on the first round information and the second round information carried in the second interaction information encryption key; use the temporary transmission key to encrypt the randomly generated network key to generate network key encryption information; carry the network key encryption information and the device key encrypted with the security key In the third interaction information, send it to the second interaction module; receive fourth interaction information sent by the second interaction module based on the third interaction information, and pair the randomly generated network key with the The fourth interaction information is verified, and if the verification is passed, the negotiation of the network key with the second interaction module is completed;
所述第二交互模块,用于接收所述第一交互信息后,生成第二交互信息,并将所述第二交互信息发送给所述第一交互模块;所述第二交互信息携带有:使用所述安全密钥加密的第二轮信息;接收所述第一交互模块根据所述第二交互信息发送的第三交互信息;基于所述第一交互信息中携带的第一轮信息以及第二轮信息,生成临时传输密钥,并基于所述临时传输密钥对网络密钥加密信息进行解密,获得所述网络密钥;基于所述网络密钥生成所述第四交互信息,并向所述第一交互模块发送第四交互信息。The second interaction module is configured to generate second interaction information after receiving the first interaction information, and send the second interaction information to the first interaction module; the second interaction information carries: using the second round of information encrypted by the security key; receiving the third interaction information sent by the first interaction module according to the second interaction information; based on the first round of information and the first round of information carried in the first interaction information Second-round information, generate a temporary transmission key, decrypt the network key encryption information based on the temporary transmission key, and obtain the network key; generate the fourth interaction information based on the network key, and send it to the network key. The first interaction module sends fourth interaction information.
第三方面,提供一种网络密钥协商方法,该方法应用于进行网络密钥协商的第一设备,该方法包括:In a third aspect, a network key negotiation method is provided, the method is applied to a first device performing network key negotiation, and the method includes:
生成第一交互信息,并将所述第一交互信息发送给所述第二设备;所述第一交互信息携带有:使用安全密钥加密的第一轮信息;generating first interaction information, and sending the first interaction information to the second device; the first interaction information carries: the first round of information encrypted with a security key;
接收所述第二设备接收到所述第一交互信息后发送的第二交互信息;所述第二交互信息中携带有:使用安全密钥加密的第二轮信息;Receive second interaction information sent by the second device after receiving the first interaction information; the second interaction information carries: the second round of information encrypted with a security key;
基于所述第一轮信息、所述第二交互信息中携带的第二轮信息,生成临时传输密钥;generating a temporary transmission key based on the first-round information and the second-round information carried in the second interaction information;
使用所述临时传输密钥对随机生成的网络密钥进行加密,生成网络密钥加密信息;Using the temporary transmission key to encrypt the randomly generated network key to generate network key encryption information;
将所述网络密钥加密信息携带在第三交互信息中,发送给所述第二设备;carrying the network key encryption information in the third interaction information, and sending it to the second device;
接收所述第二设备基于所述第三交互信息发送的第四交互信息;所述第四交互信息基于所述网络密钥生成;receiving fourth interaction information sent by the second device based on the third interaction information; the fourth interaction information is generated based on the network key;
基于所述网络密钥对所述第四交互信息进行验证,若验证通过,则完成与第二设备之间网络密钥的协商。The fourth interaction information is verified based on the network key, and if the verification is passed, the network key negotiation with the second device is completed.
第四方面,提供一种网络密钥协商方法,该方法应用于进行网络密钥协商的第二设备,该方法包括:In a fourth aspect, a network key negotiation method is provided, the method is applied to a second device performing network key negotiation, and the method includes:
接收第一设备发送的第一交互信息,并在接收所述第一交互信息后,生成第二交互信息;receiving first interaction information sent by the first device, and after receiving the first interaction information, generating second interaction information;
将所述第二交互信息发送给所述第一设备;所述第二交互信息携带有:使用所述安全密钥加密的第二轮信息;sending the second interaction information to the first device; the second interaction information carries: the second round of information encrypted with the security key;
接收所述第一设备根据所述第二交互信息发送的第三交互信息;receiving third interaction information sent by the first device according to the second interaction information;
基于所述第一交互信息中携带的第一轮信息以及第二轮信息,生成临时传输密钥,并基于所述临时传输密钥对网络密钥加密信息进行解密,获得所述网络密钥;generating a temporary transmission key based on the first-round information and the second-round information carried in the first interaction information, and decrypting the network key encryption information based on the temporary transmission key to obtain the network key;
基于所述网络密钥生成所述第四交互信息,并向所述第一设备发送所述第四交互信息。The fourth interaction information is generated based on the network key, and the fourth interaction information is sent to the first device.
本申请实施例提供的网络密钥交互系统,采用哈希链机制进行网络密钥的传输以及身份信息的认证,与现有技术中不加密的数据传输方式,以及少加密的数据传输方式,能够实现密钥的加密传输,提高无线网络通讯的安全性。The network key interaction system provided by the embodiments of the present application adopts the hash chain mechanism to transmit network keys and authenticate identity information, which can be compared with the non-encrypted data transmission methods and the less encrypted data transmission methods in the prior art. It realizes the encrypted transmission of keys and improves the security of wireless network communication.
为使本申请的上述目的、特征和优点能更明显易懂,下文特举较佳实施例,并配合所附附图,作详细说明如下。In order to make the above-mentioned objects, features and advantages of the present application more obvious and easy to understand, the preferred embodiments are exemplified below, and are described in detail as follows in conjunction with the accompanying drawings.
附图说明Description of drawings
为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,应当理解,以下附图仅示出了本申请的某些实施例,因此不应被看作是对范围的限定,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他相关的附图。In order to illustrate the technical solutions of the embodiments of the present application more clearly, the following drawings will briefly introduce the drawings that need to be used in the embodiments. It should be understood that the following drawings only show some embodiments of the present application, and therefore do not It should be regarded as a limitation of the scope, and for those of ordinary skill in the art, other related drawings can also be obtained according to these drawings without any creative effort.
图1示出本申请实施例提供的网络密钥协商系统结构示意图;1 shows a schematic structural diagram of a network key agreement system provided by an embodiment of the present application;
图2示出本申请实施例提供的生成临时传输密钥的流程图;FIG. 2 shows a flowchart of generating a temporary transmission key provided by an embodiment of the present application;
图3示出本申请实施例提供的另一生成临时传输密钥的流程图;3 shows another flowchart of generating a temporary transmission key provided by an embodiment of the present application;
图4示出本申请实施例提供的一种网络密钥协商方法的流程图;FIG. 4 shows a flowchart of a network key agreement method provided by an embodiment of the present application;
图5示出本申请实施例提供的另一网络密钥协商方法的流程图;5 shows a flowchart of another network key negotiation method provided by an embodiment of the present application;
图6a示出本申请实施例提供的一种设备发现过程的流程图;FIG. 6a shows a flowchart of a device discovery process provided by an embodiment of the present application;
图6b示出本申请实施例提供的密钥协商的第一过程的流程图;FIG. 6b shows a flowchart of the first process of key negotiation provided by an embodiment of the present application;
图6c示出本申请实施例提供的密钥协商的第一过程的流程图;FIG. 6c shows a flowchart of the first process of key negotiation provided by an embodiment of the present application;
图6d示出本申请实施例提供的密钥协商的第二过程的流程图;FIG. 6d shows a flowchart of the second process of key negotiation provided by an embodiment of the present application;
图6e示出本申请实施例提供的密钥协商的第三过程的流程图;FIG. 6e shows a flowchart of a third process of key negotiation provided by an embodiment of the present application;
图6f示出本申请实施例提供的密钥协商的第四过程的流程图;FIG. 6f shows a flowchart of a fourth process of key negotiation provided by an embodiment of the present application;
图7示出本申请实施例提供的网络密钥协商系统流程图;7 shows a flowchart of a network key agreement system provided by an embodiment of the present application;
图8示出本申请实施例提供的一种计算机设备的结构示意图。FIG. 8 shows a schematic structural diagram of a computer device provided by an embodiment of the present application.
具体实施方式Detailed ways
与现有技术不同,本申请实施例提供一种网络密钥协商系统,能够在第一设备和第二设备之间通过多次握手的方式协商网络密钥,然后使用网络密钥对第一设备和第二设备之间的通信数据进行加密,且能够在需要的时候重复网络密钥协商过程,协商新的网络密钥,使得某次协商得到的网络密钥即使在使用过程中被泄露,第一设备和第二设备还能够通过协商新的网络密钥去替代原有的网络密钥,从而能够在网络密钥被窃取的时候及时更换,提高无线网络通讯的安全性。Different from the prior art, the embodiment of the present application provides a network key negotiation system, which can negotiate a network key between a first device and a second device through multiple handshakes, and then use the network key to negotiate a network key for the first device. The communication data between the device and the second device is encrypted, and the network key negotiation process can be repeated when necessary to negotiate a new network key, so that even if the network key obtained by a certain negotiation is leaked during use, the first The first device and the second device can also negotiate a new network key to replace the original network key, so that the network key can be replaced in time when the network key is stolen, thereby improving the security of wireless network communication.
为使本申请的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本申请做进一步详细的说明。在本申请实施例中,该系统不仅能够用于物联网中,还能够用于其它无线网络设备中。下面对该系统加以说明。In order to make the above objects, features and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and specific embodiments. In this embodiment of the present application, the system can be used not only in the Internet of Things, but also in other wireless network devices. The system will be described below.
参见图1所示,本申请实施例提供一种网络密钥协商系统,包括:进行数据通信的第一设备以及第二设备;Referring to FIG. 1 , an embodiment of the present application provides a network key agreement system, including: a first device for data communication and a second device;
第一设备,用于生成第一交互信息,并将第一交互信息发送给第二设备;第一交互信息携带有:使用安全密钥加密的第一轮信息;接收第二设备接收到第一交互信息后发送的第二交互信息;基于第一轮信息、第二交互信息中携带的第二轮信息,生成临时传输密钥;使用临时传输密钥对随机生成的网络密钥进行加密,生成网络密钥加密信息;将网络密钥加密信息携带在第三交互信息中,发送给第二设备;接收第二设备基于第三交互信息发送的第四交互信息,并基于随机生成的网络密钥对第四交互信息进行验证,若验证通过,则完成与第二设备之间网络密钥的协商;The first device is configured to generate the first interaction information and send the first interaction information to the second device; the first interaction information carries: the first round of information encrypted by using the security key; the receiving second device receives the first The second interaction information sent after the information is exchanged; based on the first round of information and the second round of information carried in the second interaction information, a temporary transmission key is generated; the randomly generated network key is encrypted with the temporary transmission key to generate network key encryption information; carrying the network key encryption information in the third interaction information and sending it to the second device; receiving the fourth interaction information sent by the second device based on the third interaction information, and based on the randomly generated network key Verifying the fourth interaction information, and if the verification passes, completing the negotiation of the network key with the second device;
第二设备,用于接收第一交互信息后,生成第二交互信息,并将第二交互信息发送给第一设备;第二交互信息携带有:使用安全密钥加密的第二轮信息;接收第一设备根据第二交互信息发送的第三交互信息;基于第一交互信息中携带的第一轮信息以及第二轮信息,生成临时传输密钥,并基于临时传输密钥对网络密钥加密信息进行解密,获得网络密钥;基于网络密钥生成第四交互信息,并向第一设备发送第四交互信息。The second device is configured to generate the second interaction information after receiving the first interaction information, and send the second interaction information to the first device; the second interaction information carries: the second round of information encrypted by using the security key; receiving The third interaction information sent by the first device according to the second interaction information; based on the first-round information and the second-round information carried in the first interaction information, generate a temporary transmission key, and encrypt the network key based on the temporary transmission key The information is decrypted to obtain a network key; fourth interaction information is generated based on the network key, and the fourth interaction information is sent to the first device.
在具体实施中,第一设备和第二设备是用于进行无线数据通信的双方;例如在物联网中,第一设备可以是物联网信任中心服务器;第二设备可以是要加入到物联网中的设备,例如智能灯具、智能门锁等;在其它无线网络中,第一设备和第二设备分别为要进行数据交互的终端等。另外,网络密钥协商的发起方可以是进行数据通信的任意一方,也即,进行数据通信的双方中任意一方都可以作为本申请中的第一设备,发起网络密钥协商的过程。In a specific implementation, the first device and the second device are two parties used for wireless data communication; for example, in the Internet of Things, the first device may be a trust center server of the Internet of Things; the second device may be added to the Internet of Things devices, such as smart lamps, smart door locks, etc.; in other wireless networks, the first device and the second device are terminals that need to perform data interaction, respectively. In addition, the initiator of the network key negotiation can be any party that performs data communication, that is, any one of the two parties performing data communication can act as the first device in this application to initiate the process of network key negotiation.
本申请提供的网络密钥协商系统,包括了几个过程:The network key agreement system provided by this application includes several processes:
(1)第一设备在发起网络密钥协商过程的时候,会生成第一交互信息,并将该第一交互信息发送给第二设备。在第一交互信息中携带有使用安全密钥ks加密的第一轮信息TrID;其中,安全密钥ks为第一设备和第二设备预先约定好的密钥,仅仅在进行网络密钥协商的时候才会使用;除了网络密钥协商过程,第一设备和第二设备进行数据交互均使用上一个协商密钥交互过程协商得到的网络密钥。第一轮信息TrID由第一设备随机生成。(1) When the first device initiates the network key negotiation process, it will generate first interaction information, and send the first interaction information to the second device. The first interaction information carries the first round of information TrID encrypted with the security key ks; wherein, the security key ks is a pre-agreed key between the first device and the second device, and is only used for network key negotiation. Except for the network key negotiation process, the data exchange between the first device and the second device uses the network key negotiated in the previous negotiated key exchange process. The first round of information TrID is randomly generated by the first device.
生成的第一交互信息α满足公式:α=(TrID)ks。The generated first interaction information α satisfies the formula: α=(TrID)ks.
(2)第二设备接收第一设备发送的第一交互信息,并生成第二交互信息,将第二交互信息发送给第一设备。(2) The second device receives the first interaction information sent by the first device, generates second interaction information, and sends the second interaction information to the first device.
具体的,第二交互信息中携带了使用安全密钥ks加密的第二轮信息RsID;该安全密钥ks与第一交互信息使用的安全密钥ks相同。第二轮信息RsID由第二设备随机生成。Specifically, the second interaction information carries the second round of information RsID encrypted with the security key ks; the security key ks is the same as the security key ks used in the first interaction information. The second round of information RsID is randomly generated by the second device.
所生成的第二交互信息β满足公式:β=(RsID)ks。The generated second interaction information β satisfies the formula: β=(RsID)ks.
此处,第二设备在接收到第一设备发送的第一交互信息后,还会使用安全密钥ks对加密的第一轮信息TrID进行解密,并对解密后获得的第一轮信息TrID进行保存。Here, after receiving the first interaction information sent by the first device, the second device will also use the security key ks to decrypt the encrypted first-round information TrID, and decrypt the first-round information TrID obtained after decryption. save.
(3)第一设备接收第二设备发送的第二交互信息,并使用安全密钥ks对第二交互信息中携带的加密的第二轮信息RsID进行解密,获得第二轮信息RsID。(3) The first device receives the second interaction information sent by the second device, and uses the security key ks to decrypt the encrypted second-round information RsID carried in the second interaction information to obtain the second-round information RsID.
在获得第二轮信息RsID之后,第一设备会使用第一设备生成的第一轮信息TrID和从第二交互信息中获得的第二轮信息RsID,生成临时传输密钥Ktrans。After obtaining the second-round information RsID, the first device generates a temporary transmission key Ktrans using the first-round information TrID generated by the first device and the second-round information RsID obtained from the second interaction information.
具体的,本申请实施例中,还提供一种第一设备生成临时传输密钥Ktrans的具体方法,在该方法中,在第二交互信息中携带有使用安全密钥ks加密的密钥位掩码KBM,该密钥位掩码KBM在第二设备中预先存储,不同的设备对应有不同的密钥位掩码KBM。该密钥位掩码KBM实际为一个密钥索引和设备密钥的对照表。密钥位掩码KBM中,包括了至少三个密钥索引KI,每个密钥索引KI都对应有一个设备密钥K。此时,第二交互信息β满足公式:β=(RsID)ks||(KBM)ksSpecifically, this embodiment of the present application further provides a specific method for the first device to generate a temporary transmission key Ktrans. In this method, a key bit mask encrypted with the security key ks is carried in the second interaction information. code KBM, the key bit mask KBM is pre-stored in the second device, and different devices correspond to different key bit masks KBM. The key bit mask KBM is actually a comparison table of a key index and a device key. The key bit mask KBM includes at least three key indices KI, and each key index KI corresponds to a device key K. At this time, the second interaction information β satisfies the formula: β=(RsID)ks||(KBM)ks
当第一设备接收到第二设备发送的第二交互信息之后,会使用安全密钥ks对加密的密钥位掩码KBM进行解密,获得密钥位掩码KBM,然后从中指定一个密钥索引KI。After the first device receives the second interaction information sent by the second device, it decrypts the encrypted key bit mask KBM using the security key ks, obtains the key bit mask KBM, and then specifies a key index from it. KI.
第一设备在接收到第二交互信息之后,根据下述如图2所示的步骤生成临时传输密钥Ktrans:After receiving the second interaction information, the first device generates a temporary transmission key Ktrans according to the following steps as shown in Figure 2:
S201:将第一轮信息以及第二交互信息中携带的第二轮信息连接,形成字符串。S201: Connect the first round of information and the second round of information carried in the second interaction information to form a string.
具体实现的时候,将第一轮信息TrID和第二轮信息RsID连接,实际上是将第一轮信息TrID和第二轮信息RsID进行拼接,拼接的方法可以根据实际的需要进行具体设定。In specific implementation, connecting the first round of information TrID and the second round of information RsID is actually splicing the first round of information TrID and the second round of information RsID, and the splicing method can be specifically set according to actual needs.
例如,第一轮信息TrID为32位;第二轮信息RsID为32位,要将第一轮信息TrID和第二轮信息RsID拼接成一个128位的字符串,可以采用下述任意一种方式进行拼接:For example, the first round of information TrID is 32 bits; the second round of information RsID is 32 bits. To concatenate the first round of information TrID and the second round of information RsID into a 128-bit string, any of the following methods can be used To splice:
TrID||TrID||RsID||RsID、TrID||RsID||RsID||TrID、TrID||RsID||TrID||RsID、RsID||RsID||TrID||TrID、RsID||TrID||RsID||TrID、RsID||TrID||TrID||RsID、TrID||RsID||RsID||RsID……等,其中“‖”表示拼接。TrID||TrID||RsID||RsID, TrID||RsID||RsID||TrID, TrID||RsID||TrID||RsID, RsID||RsID||TrID||TrID, RsID||TrID|| RsID||TrID, RsID||TrID||TrID||RsID, TrID||RsID||RsID||RsID... etc., where "‖" means splicing.
也即,第一轮信息TrID、和第二轮信息RsID在进行连接形成字符串时,数量最少为1,位置可以根据需要随意进行设定。That is, when the first round of information TrID and the second round of information RsID are connected to form a string, the number is at least 1, and the position can be arbitrarily set as required.
S202:以第一设备指定的密钥索引KI对应的设备密钥k为加密密钥,对字符串进行加密,生成临时传输密钥Ktrans。S202: Using the device key k corresponding to the key index KI specified by the first device as an encryption key, encrypt the character string to generate a temporary transmission key Ktrans.
预设加密算法可以根据实际的使用需求进行设定,一般地,可以采用对称密钥加密算法,加密过程和解密过程使用相同的设备密钥k,该预设加密算法可以为:高级加密标准(Advanced Encryption Standard,AES)加密算法、数据加密标准(Data EncryptionStandard,DES)等。The preset encryption algorithm can be set according to actual use requirements. Generally, a symmetric key encryption algorithm can be used. The encryption process and the decryption process use the same device key k. The preset encryption algorithm can be: Advanced Encryption Standard (Advanced Encryption Standard (Advanced Encryption Standard) Advanced Encryption Standard, AES) encryption algorithm, data encryption standard (Data Encryption Standard, DES) and so on.
例如,将32位的第一轮信息TrID和32位的第二轮信息RsID按照TrID||TrID||RsID||RsID的方式进行连接,生成的128位的字符串,再使用AES算法,以第一设备指定的密钥索引KI对应的设备密钥k作为加密密钥,对字符串进行加密,生成的临时传输密钥Ktrans满足下述公式:Ktrans=AESk(TrID||TrID||RsID||RsID)。For example, connect the 32-bit first-round information TrID and the 32-bit second-round information RsID in the manner of TrID||TrID||RsID||RsID to generate a 128-bit string, and then use the AES algorithm to The device key k corresponding to the key index KI specified by the first device is used as the encryption key to encrypt the character string, and the generated temporary transmission key Ktrans satisfies the following formula: Ktrans=AES k (TrID||TrID||RsID ||RsID).
第一设备在生成临时传输密钥Ktrans后,使用该临时传输密钥Ktrans对随机生成的网络密钥KNWK进行加密,生成网络密钥加密信息Kit,其中网络密钥加密信息Kit满足下述公式:Kit=AESKtransKNWK)。After generating the temporary transmission key Ktrans, the first device uses the temporary transmission key Ktrans to encrypt the randomly generated network key K NWK , and generates network key encryption information Kit, wherein the network key encryption information Kit satisfies the following formula : Kit=AES Ktrans K NWK ).
在该示例中,是使用AES算法对网络密钥KNWK进行加密;在其它实施例中,还可以采用其他加密算法,基于临时传输密钥Ktrans对网络密钥KNWK进行加密,生成网络密钥加密信息Kit。In this example, the AES algorithm is used to encrypt the network key K NWK ; in other embodiments, other encryption algorithms may also be used to encrypt the network key K NWK based on the temporary transmission key Ktrans to generate the network key Encrypted Information Kit.
第一设备在生成网络密钥加密信息Kit后,还会使用安全密钥ks对第一设备指定的密钥索引KI进行加密,然后将网络密钥加密信息Kit、以及加密后的密钥索引KI携带在第三交互信息中,发送给第二设备。其中,第三交互信息γ满足公式:γ=(KI)ks||Kit。After generating the network key encryption information Kit, the first device also uses the security key ks to encrypt the key index KI specified by the first device, and then encrypts the network key encryption information Kit and the encrypted key index KI. It is carried in the third interaction information and sent to the second device. Wherein, the third interaction information γ satisfies the formula: γ=(KI)ks||Kit.
另外,在本申请另一实施例中,第一设备在接收到第二设备发送的第二交互消息之后,还会向第二设备发送一指示消息,该指示消息携带有第一轮信息TrID以及定义时间长度identify time;该第一轮信息TrID以及定义时间长度identify time使用安全密钥ks进行加密,且该指示消息δ满足公式:δ=(TrID||identify time)ks。In addition, in another embodiment of the present application, after receiving the second interaction message sent by the second device, the first device further sends an indication message to the second device, where the indication message carries the first round of information TrID and Define the time length identify time; the first round information TrID and the defined time length identify time are encrypted using the security key ks, and the indication message δ satisfies the formula: δ=(TrID||identify time)ks.
当第二设备接收到第一设备发送的指示消息δ后,使用安全密钥ks对指示消息δ解密,得到第一轮信息TrID以及定义时间长度identify time,且指示消息中携带的第一轮信息TrID和第一交互信息中携带的第一轮信息TrID一致,则第二设备还用于向第二设备的操作者发出网络密钥正在交互的提示信息,此提示信息执行的时长与定义时间长度identifytime相同。When the second device receives the indication message δ sent by the first device, it decrypts the indication message δ using the security key ks to obtain the first-round information TrID and the defined time length identify time, and indicates the first-round information carried in the message The TrID is consistent with the first-round information TrID carried in the first interaction information, then the second device is also used to send a prompt message to the operator of the second device that the network key is being exchanged, and the execution time of this prompt message is the same as the defined time length identifytime is the same.
(4)第二设备接收第一设备发送的第三交互信息γ。在接收到第三交互信息γ后,会根据第一交互信息α中携带的第一轮信息和本地生成的第二轮信息,生成临时传输密钥Ktrans,并使用生成的临时传输密钥Ktrans对网络密钥加密信息Kit进行解密,获得KNWK。(4) The second device receives the third interaction information γ sent by the first device. After receiving the third interaction information γ, a temporary transmission key Ktrans will be generated according to the first round information carried in the first interaction information α and the locally generated second round information, and the generated temporary transmission key Ktrans will be used to pair The network key encrypted information Kit is decrypted to obtain K NWK .
具体的,参见图3所示,本申请实施例还提供一种第二设备根据第一交互信息α中携带的第一轮信息和本地生成的第二轮信息,生成临时传输密钥Ktrans的具体方法,在该方法中,第二设备在接收到第三交互信息γ之后,首先使用安全密钥ks对加密第一设备指定的密钥索引KI进行解密,获得第一设备指定的密钥索引KI,并从第二设备存储的密钥位掩码KBM中获取与该第一设备指定的密钥索引KI对应的设备秘k。然后通过下述步骤生成临时传输密钥Ktrans:Specifically, as shown in FIG. 3 , an embodiment of the present application further provides a specific method for the second device to generate the temporary transmission key Ktrans according to the first-round information carried in the first interaction information α and the locally-generated second-round information In this method, after receiving the third interaction information γ, the second device first decrypts the key index KI specified by the encrypted first device using the security key ks, and obtains the key index KI specified by the first device. , and obtain the device secret k corresponding to the key index KI specified by the first device from the key bit mask KBM stored in the second device. The temporary transport key Ktrans is then generated by the following steps:
S301:将第一交互信息中携带的第一轮信息以及第二轮信息连接,形成字符串。S301: Connect the first-round information and the second-round information carried in the first interaction information to form a string.
S302:用于使用预设加密算法,以第三交互信息中携带的第一设备指定的密钥索引KI对应的设备密钥k为加密密钥,对字符串进行加密,生成临时传输密钥Ktrans。S302: using a preset encryption algorithm, using the device key k corresponding to the key index KI specified by the first device carried in the third interaction information as the encryption key, encrypting the character string, and generating a temporary transmission key Ktrans .
此处,第二设备使用第一轮信息和第二轮信息生成字符串的方法与第一设备生成字符串的方法完全一致,并且第二设备生成临时传输密钥Ktrans和第一设备生成临时传输密钥Ktrans的方法也完全一致,具体请参见上述图2对应的实施例描述,在此不再赘述。Here, the method that the second device generates the character string using the first-round information and the second-round information is exactly the same as the method that the first device generates the character string, and the second device generates the temporary transmission key Ktrans and the first device generates the temporary transmission The method of the key Ktrans is also completely the same. For details, please refer to the description of the embodiment corresponding to FIG. 2 above, which will not be repeated here.
第二设备在生成临时传输密钥Ktrans之后,会使用临时传输密钥Ktrans对网络密钥加密信息Kit进行解密,获得网络密钥KNWK。第二设备在获得网络密钥KNWK后,会基于该网络密钥KNWK生成第四交互信息,并将第四交互信息发送给第一设备。After generating the temporary transmission key Ktrans, the second device will use the temporary transmission key Ktrans to decrypt the network key encryption information Kit to obtain the network key K NWK . After obtaining the network key K NWK , the second device generates fourth interaction information based on the network key K NWK , and sends the fourth interaction information to the first device.
此处,本申请实施例还提供一种第二设备向第一设备发送第四交互信息的另外一种具体实施方式:Here, this embodiment of the present application further provides another specific implementation manner in which the second device sends fourth interaction information to the first device:
在上述过程(1)中,第一交互信息还携带有使用安全密钥ks加密的第一时间戳Ti1。In the above process (1), the first interaction information also carries the first timestamp T i1 encrypted with the security key ks.
第二设备在过程(2)中,会使用安全密钥ks对加密的第一时间戳Ti1进行解密,获得并保存Ti1。In the process (2), the second device will use the security key ks to decrypt the encrypted first timestamp T i1 to obtain and save T i1 .
第二设备在过程(4)中,还用于使用网络密钥KNWK对第一时间戳Ti1进行加密,生成时间戳加密信息;将时间戳加密信息携带在第四交互信息ω中,并将第四交互信息ω发送给第一设备。In the process (4), the second device is further configured to use the network key K NWK to encrypt the first time stamp T i1 to generate time stamp encryption information; carry the time stamp encryption information in the fourth interaction information ω, and The fourth interaction information ω is sent to the first device.
其中,第四交互信息ω满足下述公式:ω=(Ti1)KNWK。Wherein, the fourth interaction information ω satisfies the following formula: ω=(T i1 )K NWK .
另外,第四交互信息ω还可以基于第一设备和第二设备在前述交互过程中所交互的其他信息生成,例如第一轮信息、第二轮信息等生成。例如,使用网络密钥KNWK对第一轮信息TrID进行加密,生成第四交互信息发送给第一设备。第一设备在接收到第四交互信息后,会使用网络密钥KNWK对第四交互信息进行解密,获得第一轮信息TrID,将得到的第一轮信息TrID和第一设备自身生成的第一轮信息TrID进行比对;若两者一致,则说明第二设备所生成的网络密钥KNWK和第一设备生成的网络密钥KNWK相同,则认为第一设备和第二设备的网络密钥协商成功。In addition, the fourth interaction information ω may also be generated based on other information exchanged by the first device and the second device in the foregoing interaction process, such as first-round information, second-round information, and the like. For example, the first round of information TrID is encrypted using the network key K NWK to generate fourth interaction information and send it to the first device. After receiving the fourth interaction information, the first device will use the network key K NWK to decrypt the fourth interaction information, obtain the first round of information TrID, and combine the obtained first round of information TrID with the first round of information generated by the first device itself. A round of information TrID is compared; if the two are consistent, it means that the network key K NWK generated by the second device and the network key K NWK generated by the first device are the same, then it is considered that the network of the first device and the second device are the same. Key negotiation succeeded.
(5)第一设备接收由第二设备发送的第四交互信息ω后,使用第一设备生成的网络密钥KNWK对第四交互信息ω中携带的时间戳加密信息进行解密,获取第一时间戳Ti1;然后将获取的第一时间戳Ti1与第一设备自己在过程(1)生成的第一时间戳Ti1进行比对;在获取的第一时间戳Ti1与第一设备生成的第一时间戳Ti1一致时,验证通过。第一设备和第二设备的网络密钥协商成功。(5) After receiving the fourth interaction information ω sent by the second device, the first device uses the network key K NWK generated by the first device to decrypt the time stamp encryption information carried in the fourth interaction information ω, and obtain the first time stamp T i1 ; then compare the first time stamp T i1 obtained with the first time stamp T i1 generated by the first device itself in process (1); at the first time stamp T i1 obtained and the first time stamp T i1 When the generated first timestamp T i1 is consistent, the verification is passed. The network key negotiation between the first device and the second device is successful.
另外,在本申请另一实施例中,还可以包括下述过程:In addition, in another embodiment of the present application, the following process may also be included:
(6)第一设备在对第四交互信息ω验证通过后,还会向第二设备发送验证通过通知,以告知第二设备网络密钥协商成功。第二设备在接收到第一设备发送的验证通过通知后,在后续与第一设备进行数据交互时,使用协商成功的网络密钥KNWK对交互信息进行加密。(6) After passing the verification of the fourth interaction information ω, the first device will also send a verification pass notification to the second device to inform the second device that the network key negotiation is successful. After receiving the verification pass notification sent by the first device, the second device encrypts the interaction information by using the successfully negotiated network key K NWK during subsequent data exchange with the first device.
本申请实施例中,第一设备和第二设备之间经过多次握手,首先以加密的方式交互第一轮信息和第二轮信息;在第一设备获得第一轮信息和第二轮信息后,会基于第一轮信息、第二轮信息,对要协商的加密后网络密钥进行加密后,传递给第二设备;第二设备能够使用和第一设备相同的方式,基于第一轮信息、第二轮信息和从第一设备获取的设备密钥,对加密后的网络密钥进行解密后,获得网络密钥,进而使得某次协商得到的网络密钥即使在使用过程中被泄露,第一设备和第二设备还能够通过协商新的网络密钥去替代原有的网络密钥,从而能够在网络密钥被窃取的时候及时更换,提高无线网络通讯的安全性。In this embodiment of the present application, after multiple handshakes between the first device and the second device, the first-round information and the second-round information are firstly exchanged in an encrypted manner; the first-round information and the second-round information are obtained at the first device After that, based on the first round information and the second round information, the encrypted network key to be negotiated will be encrypted and passed to the second device; the second device can use the same method as the first device, based on the first round information, the second round of information and the device key obtained from the first device, after decrypting the encrypted network key, the network key is obtained, so that the network key obtained by a certain negotiation is leaked even during use , the first device and the second device can also negotiate a new network key to replace the original network key, so that the network key can be replaced in time when the network key is stolen, thereby improving the security of wireless network communication.
本申请实施例还提供另外一种网络密钥协商系统,在该协商系统中,第一设备与第二设备进行密钥协商的过程中,需要对彼此的身份进行认证。具体的,The embodiment of the present application also provides another network key negotiation system, in which the first device and the second device need to authenticate each other's identities during the key negotiation process between the first device and the second device. specific,
第一交互信息中还携带有基于第一秘密种子生成的第一身份认证信息;第一身份认证信息为对第一秘密种子进行m-1次哈希运算得到;The first interaction information also carries first identity authentication information generated based on the first secret seed; the first identity authentication information is obtained by performing m-1 hash operations on the first secret seed;
第二设备,还用于在生成第二交互信息之前,对第一身份认证信息进行1次哈希运算,并检测进行了1次哈希运算的第一身份认证信息与预先获取的第一设备的身份信息是否一致;在检测到进行了1次哈希运算的第一身份认证信息与预先获取的第一设备的身份信息一致后,生成第二交互信息;The second device is further configured to perform a hash operation on the first identity authentication information before generating the second interaction information, and detect the first identity authentication information that has undergone one hash operation and the pre-acquired first device Whether the identity information of the first device is consistent; after detecting that the first identity authentication information that has undergone one hash operation is consistent with the pre-acquired identity information of the first device, the second interaction information is generated;
其中,第一设备的身份信息为第一设备对第一秘密种子进行m次哈希运算得到;Wherein, the identity information of the first device is obtained by the first device performing m hash operations on the first secret seed;
以及,as well as,
第二交互信息中还携带有基于第二秘密种子生成的第二身份认证信息、密钥位掩码KBM,第二身份认证信息为第二设备对第二秘密种子进行s-1次哈希运算得到;密钥位掩码为第二设备预设的加密算法;The second interaction information also carries the second identity authentication information generated based on the second secret seed and the key bit mask KBM, and the second identity authentication information is that the second device performs s-1 hash operations on the second secret seed obtain; the key bit mask is the encryption algorithm preset by the second device;
第一设备,还用于在生成第三交互信息之前,对第二身份认证信息进行1次哈希运算,并检测进行了1次哈希运算的第二身份认证信息与预先获取的第二设备的身份信息是否一致;在检测到进行了1次哈希运算的第二身份认证信息与预先获取的第二设备的身份信息一致后,生成第三交互信息;The first device is further configured to perform a hash operation on the second identity authentication information before generating the third interaction information, and detect the second identity authentication information that has undergone one hash operation and the pre-acquired second device Whether the identity information is consistent; after detecting that the second identity authentication information that has undergone one hash operation is consistent with the pre-acquired identity information of the second device, generate third interaction information;
其中,第二设备的身份信息为第二设备对第二秘密种子进行s次哈希运算得到。The identity information of the second device is obtained by the second device performing s hash operations on the second secret seed.
在具体实施中,第一设备和第二设备在进行网络密钥协商之前,还会在设备发现过程交互彼此的身份信息,使得第一设备获得第二设备的身份信息,并且第二设备获得第一设备的身份信息。In a specific implementation, before the first device and the second device perform network key negotiation, they will also exchange each other's identity information during the device discovery process, so that the first device obtains the identity information of the second device, and the second device obtains the first device's identity information. Identity information of a device.
具体的,第一设备的身份信息为:第一设备根据随机生成的第一秘密种子进行m次哈希运算得到。第一设备的身份信息表示为:(ID,hm(Si))。Specifically, the identity information of the first device is obtained by the first device performing m hash operations on the randomly generated first secret seed. The identity information of the first device is represented as: (ID, h m (Si)).
第二设备的身份信息为:第二设备根据随机生成的第二秘密种子进行s次哈希运算得到。第二设备的身份信息表示为:(ID,hs(St))。The identity information of the second device is obtained by the second device performing s hash operations on the randomly generated second secret seed. The identity information of the second device is represented as: (ID, h s (St)).
第一设备在生成其身份信息之后,会将其身份信息向外界广播,使得第二设备能够根据第一设备的广播的信息获得第一设备的身份信息,并将第一设备的身份信息保存;以及第二设备在生成其身份信息之后,同样会将其身份信息发送给第一设备,使得第一设备能够根据第二设备发送的信息获得第二设备的身份信息,并将第二设备的身份信息保存。After the first device generates its identity information, it will broadcast its identity information to the outside world, so that the second device can obtain the identity information of the first device according to the broadcast information of the first device, and save the identity information of the first device; And after the second device generates its identity information, it will also send its identity information to the first device, so that the first device can obtain the identity information of the second device according to the information sent by the second device, and send the identity information of the second device. Information is saved.
另外,第一设备和第二设备也可以不通过设备发现过程交互彼此的身份信息,而是将彼此的身份信息进行预先存储;在进行密钥交互的时候,直接会用存储的身份信息进行。In addition, the first device and the second device may not exchange each other's identity information through the device discovery process, but store each other's identity information in advance; when performing key exchange, they will directly use the stored identity information.
在进行网络密钥协商过程中:During network key negotiation:
A:在上述过程(1)中,第一设备,还用于生成第一身份认证信息,将第一身份认证信息携带在第一交互信息α中,然后将携带有第一身份认证信息的第一交互信息α发送给第二设备。A: In the above process (1), the first device is also used to generate the first identity authentication information, carry the first identity authentication information in the first interaction information α, and then store the first identity authentication information carrying the first identity authentication information in the first interaction information α. An interaction information α is sent to the second device.
第一设备在生成第一身份认证信息时,是使用第一秘密种子进行m-1次哈希运算得到的。所生成的第一身份认证信息可以表示为hm-1(Si)。When the first device generates the first identity authentication information, it is obtained by performing m-1 hash operations using the first secret seed. The generated first identity authentication information may be represented as h m-1 (Si).
则将该第一身份认证信息携带在第一交互信息中后,第一交互信息α满足下述公式:α=(TrID)ks||hm-1(Si)。Then, after the first identity authentication information is carried in the first interaction information, the first interaction information α satisfies the following formula: α=(TrID)ks||h m-1 (Si).
B:在上述过程(2)中,第二设备在接收到第一设备发送的携带有第一身份认证信息的第一交互信息α后,要基于已经获得的第一设备的身份信息和第一交互信息中携带的第一身份认证信息,对第一设备的身份进行认证,认证通过后,才会生成第二交互信息β。B: In the above process (2), after receiving the first interaction information α that carries the first identity authentication information sent by the first device, the second device needs to use the acquired identity information of the first device and the first The first identity authentication information carried in the interaction information authenticates the identity of the first device, and only after the authentication is passed, the second interaction information β is generated.
具体的,第二设备将第一交互信息α携带的第一身份认证信息进行1次哈希运算,并将经过1次哈希运算的第一身份认证信息与第二设备保存的第一设备的身份信息进行比对,若两者一致,则对第一设备的身份认证通过。Specifically, the second device performs one hash operation on the first identity authentication information carried by the first interaction information α, and combines the first identity authentication information after one hash operation with the first device's information stored in the second device. The identity information is compared, and if the two are consistent, the identity authentication of the first device is passed.
第二设备在对第一设备的身份认证通过后,使用第一身份认证信息对第一设备的身份信息进行更新,也即,将原来的身份认信息(ID,hm(Si)),更改为:(ID,hm-1(Si))。After passing the identity authentication of the first device, the second device uses the first identity authentication information to update the identity information of the first device, that is, changes the original identity information (ID, h m (Si)) to is: (ID, h m-1 (Si)).
第二设备,在向第一设备发送第二交互信息之前,还会生成第二身份认证信息,并将第二身份认证信息携带在第二交互信息中。The second device, before sending the second interaction information to the first device, further generates second identity authentication information, and carries the second identity authentication information in the second interaction information.
第二设备在生成第二身份认证信息时,是使用第二秘密种子进行s-1次哈希运算得到的。所生成的第二身份认证信息可以表示为hs-1(St)。When the second device generates the second identity authentication information, it is obtained by performing s-1 hash operations using the second secret seed. The generated second identity authentication information may be represented as h s-1 (St).
则将该第二身份认证信息携带在第二交互信息中后,第二交互信息β满足下述公式:β=(RsID)ks||(KBM)ks||hs-1(St)。Then, after the second identity authentication information is carried in the second interaction information, the second interaction information β satisfies the following formula: β=(RsID)ks||(KBM)ks||h s-1 (St).
C:在上述过程(3)中,第一设备接收到携带有第二身份认证信息的第二交互信息β后,要基于已经获得的第二设备的身份信息和第二交互信息中携带的第二身份认证信息,对第二设备的身份进行认证,认证通过后,才会生成第三交互信息γ。C: In the above process (3), after the first device receives the second interaction information β that carries the second identity authentication information, it needs to be based on the acquired identity information of the second device and the second interaction information carried in the second interaction information. The second identity authentication information is used to authenticate the identity of the second device, and only after the authentication is passed, the third interaction information γ is generated.
具体的,第一设备将第二交互信息β携带的第二身份认证信息进行1次哈希运算,并将经过1次哈希运算的第二身份认证信息与第一设备保存的第二设备的身份信息进行比对,若两者一致,则说明身份认证通过。身份认证通过后,才会执行基于第一轮信息、第二交互信息中携带的第二轮信息,生成临时传输密钥Ktrans的步骤。Specifically, the first device performs one hash operation on the second identity authentication information carried by the second interaction information β, and combines the second identity authentication information after one hash operation with the second device's information stored in the first device. The identity information is compared, and if the two are consistent, the identity authentication is passed. After the identity authentication is passed, the step of generating the temporary transmission key Ktrans based on the first-round information and the second-round information carried in the second interaction information is performed.
第一设备在对第二设备的身份认证通过后,使用第二身份认证信息对第二设备的身份信息进行更新,也即,将原来的身份认信息(ID,hs(St)),更改为:(ID,hs-1(St))。After passing the identity authentication of the second device, the first device uses the second identity authentication information to update the identity information of the second device, that is, changes the original identity information (ID, h s (St)) to is: (ID, h s-1 (St)).
第一设备在对第二设备的认证通过后,还会对第一秘密种子进行m-2次哈希运算生成第三身份认证信息,并将携带有第三身份认证信息的第三交互信息γ发送给第二设备。After passing the authentication of the second device, the first device will also perform m-2 hash operations on the first secret seed to generate third identity authentication information, and send the third interaction information γ carrying the third identity authentication information. sent to the second device.
其中,第三身份认证信息为:hm-2(Si);Wherein, the third identity authentication information is: h m-2 (Si);
此时的第三交互信息γ满足下述公式:γ=(KI)ks||Kit||hm-2(Si)。The third interaction information γ at this time satisfies the following formula: γ=(KI)ks||Kit||h m-2 (Si).
D:在上述过程(4)中,第二设备接收到携带有第三身份认证信息的第三交互信息γ后,要基于当前的第一设备的身份信息和第三交互信息中携带的第三身份认证信息hm-2(Si),对第一设备的身份进行再次认证。认证通过后,生成第四交互信息ω。D: In the above process (4), after the second device receives the third interaction information γ that carries the third identity authentication information, it needs to base on the current identity information of the first device and the third interaction information carried in the third interaction information. The identity authentication information h m-2 (Si) is used to re-authenticate the identity of the first device. After the authentication is passed, the fourth interaction information ω is generated.
具体的,第二设备将第三交互信息γ携带的第三身份认证信息hm-2(Si)进行1次哈希计算,并将经过1次哈希运算的第三身份认证信息与使用第一身份认证信息更新的第一设备的身份信息进行对比,若两者一致,则说明身份认证通过。Specifically, the second device performs one hash calculation on the third identity authentication information h m-2 (Si) carried by the third interaction information γ, and combines the third identity authentication information after one hash operation with the third identity authentication information using the first hash operation. The identity information of the first device whose identity authentication information is updated is compared, and if the two are consistent, the identity authentication is passed.
第二设备在对第一设备的身份认证通过后,还会对第二秘密种子进行s-2次哈希运算生成第四身份认证信息,并将该第四身份认证信息携带在第四交互信息ω中,并将携带有第四身份认证信息的第四交互信息ω发送给第一设备。其中,所生成的第四身份认证信息为:hs-2(St);After passing the identity authentication of the first device, the second device will perform s-2 hash operations on the second secret seed to generate fourth identity authentication information, and carry the fourth identity authentication information in the fourth interaction information ω, and send the fourth interaction information ω carrying the fourth identity authentication information to the first device. Wherein, the generated fourth identity authentication information is: h s-2 (St);
在将该第四身份认证信息携带在第四交互信息ω中后,第四交互信息ω满足下述公式:ω=(Ti1)KNWK||hs-2(St)。After the fourth identity authentication information is carried in the fourth interaction information ω, the fourth interaction information ω satisfies the following formula: ω=(T i1 )K NWK ||h s-2 (St).
E:在上述过程(5)中,第一设备接收到携带有第四身份认证信息的第四交互信息γ后,基于第四交互信息ω中携带的第四身份认证信息,和使用第二身份认证信息更新的第二设备的身份信息,对第一设备进行身份认证。身份认证通过后,才会基于随机生成的网络密钥KNWK对第四交互信息进行验证。E: In the above process (5), after the first device receives the fourth interaction information γ carrying the fourth identity authentication information, based on the fourth identity authentication information carried in the fourth interaction information ω, and uses the second identity The identity information of the second device updated by the authentication information is used to authenticate the identity of the first device. After the identity authentication is passed, the fourth interaction information is verified based on the randomly generated network key K NWK .
具体的,第一设备将第四交互信息ω携带的第四身份认证信息进行1次哈希计算,并将经过1次哈希运算的第四身份认证信息与使用第二身份认证信息更新的第二设备的身份信息进行对比,若两者一致,则说明身份认证通过。身份认证通过后,基于随机生成的网络密钥KNWK对第四交互信息进行验证,并在验证通过后,认为第一设备和第二设备的网络密钥KNWK协商成功。Specifically, the first device performs one hash calculation on the fourth identity authentication information carried by the fourth interaction information ω, and compares the fourth identity authentication information that has undergone one hash operation with the fourth identity authentication information updated by using the second identity authentication information. The identity information of the two devices is compared, and if the two are consistent, the identity authentication is passed. After the identity authentication is passed, the fourth interaction information is verified based on the randomly generated network key K NWK , and after the verification is passed, it is considered that the negotiation of the network key K NWK of the first device and the second device is successful.
本申请实施例中,第一设备和第二设备之间经过多次握手,不仅以加密的方式交互第一轮信息和第二轮信息,还要在多次握手过程中,利用哈希链对第一设备和第二设备的身份进行认证,并在认证通过后,才会执行后续对应的操作,进而能够避免攻击者在第一设备和第二设备进行网络密钥协商过程中,假冒第一设备或者第二设备的身份加入到网络密钥协商过程,窃取第一设备和第二设备之间协商的网络密钥,从而提高无线网络通信的安全性。In this embodiment of the present application, after multiple handshakes between the first device and the second device, not only the first round of information and the second round of information are exchanged in an encrypted manner, but also during the multiple handshakes, a hash chain is used to The identities of the first device and the second device are authenticated, and after the authentication is passed, the subsequent corresponding operations will be performed, thereby preventing attackers from impersonating the first device and the second device during the process of network key negotiation between the first device and the second device. The identity of the device or the second device is added to the network key negotiation process to steal the network key negotiated between the first device and the second device, thereby improving the security of wireless network communication.
本申请实施例还提供另外一种网络密钥协商系统,在该协商系统中,第一设备与第二设备进行密钥协商的多次握手过程中,不仅要进行网络密钥的协商,并对彼此的身份进行验证,还要在多次握手过程中检验网络密钥协商通道是否关闭以及数据的完整性,其中:The embodiment of the present application also provides another network key negotiation system. In the negotiation system, in the multiple handshake process of the key negotiation between the first device and the second device, not only network key negotiation is performed, but also network key negotiation is performed. The identity of each other is verified, and the network key agreement channel is closed and the integrity of the data is verified during multiple handshakes, where:
第一设备,还用于基于第一秘密种子以及第一时间戳生成第一通道信息,并将第一通道信息以及使用安全密钥加密的第一时间戳携带在第一交互信息中;The first device is further configured to generate the first channel information based on the first secret seed and the first timestamp, and carry the first channel information and the first timestamp encrypted with the security key in the first interaction information;
在接收到第二交互信息后,基于网络密钥以及第三时间戳,生成第三通道信息;并将第三通道信息,以及使用安全密钥加密的第三时间戳携带在第三交互信息中;After receiving the second interaction information, generate the third channel information based on the network key and the third timestamp; and carry the third channel information and the third timestamp encrypted with the security key in the third interaction information ;
第二设备,还用于在生成第四交互信息之前,还用于:The second device is further configured to, before generating the fourth interaction information, be further configured to:
使用第一交互信息中携带的第一时间戳、基于第三身份认证信息,生成第一通道验证信息,并检测计算得到的第一通道验证信息以及第一交互信息中携带的第一通道信息是否一致;在检测到第一通道验证信息以及第一交互信息中携带的第一通道信息一致后,确认网络密钥协商通道未中断;Using the first timestamp carried in the first interaction information and based on the third identity authentication information, generate the first channel verification information, and detect whether the calculated first channel verification information and the first channel information carried in the first interaction information are Consistent; after detecting that the first channel verification information and the first channel information carried in the first interaction information are consistent, confirm that the network key negotiation channel is not interrupted;
在确认网络密钥协商通道未中断后,第二设备还用于:使用安全密钥对第三交互信息中携带的加密后的第三时间戳进行解密,得到第三时间戳;根据得到的第三时间戳,以及网络密钥,计算生成第三通道验证信息;检测计算生成的第三通道验证信息以及第三交互信息中携带的第三通道信息是否一致;在检测两者一致后,则网络密钥协商过程中的数据完整,生成第四交互信息。After confirming that the network key negotiation channel is not interrupted, the second device is further configured to: use the security key to decrypt the encrypted third timestamp carried in the third interaction information to obtain the third timestamp; Three timestamps, and network keys, calculate and generate the third channel verification information; check whether the third channel verification information generated by the calculation and the third channel information carried in the third interaction information are consistent; after detecting that the two are consistent, the network The data in the key negotiation process is complete, and the fourth interaction information is generated.
在具体实施中:In specific implementation:
Ⅰ:在上述过程(1)或过程A中,第一设备在生成第一交互信息α前,会基于第一秘密种子以及第一时间戳生成第一通道信息MACi1,并将第一通道信息携带在第一交互信息中,发送给第二设备。I: In the above process (1) or process A, before generating the first interaction information α, the first device will generate the first channel information MAC i1 based on the first secret seed and the first timestamp, and convert the first channel information It is carried in the first interaction information and sent to the second device.
此处,本申请实施例提供一种基于第一秘密种子以及第一时间戳生成第一通道信息MACi1的具体方法,包括:Here, an embodiment of the present application provides a specific method for generating first channel information MAC i1 based on a first secret seed and a first timestamp, including:
第一设备对第一秘密种子进行m-2次哈希运算,并将进行了m-2次哈希运算的第一秘密种子与第一时间戳Ti1进行拼接,并将拼接的结果进行1次哈希运算,得到第一通道信息MACi1。The first device performs m-2 hash operations on the first secret seed, splices the first secret seed that has undergone m-2 hash operations with the first timestamp T i1 , and performs 1 on the spliced result. Hash operations are performed for the first time to obtain the first channel information MAC i1 .
此处,第一时间戳Ti1是在生成第一交互信息的过程的当前时刻获取的当前时刻的时间戳。Here, the first time stamp T i1 is a time stamp of the current time obtained at the current time of the process of generating the first interaction information.
将进行了m-2次哈希运算的第一秘密种子与第一时间戳Ti1进行拼接,拼接的方式可以根据实际需要进行具体设定。The first secret seed that has undergone m-2 hash operations is spliced with the first timestamp T i1 , and the splicing method can be specifically set according to actual needs.
例如:采用下述任意一种方式对进行了m-2次哈希运算的第一秘密种子与第一时间戳Ti1进行拼接:a:hm-2(Si)||Ti1;b:Ti1||hm-2(Si);For example, use any of the following methods to splicing the first secret seed that has been hashed for m-2 times with the first timestamp T i1 : a: h m-2 (Si)||T i1 ; b: T i1 ||h m-2 (Si);
其中“‖”表示拼接,此处,在将进行了m-2次哈希运算的第一秘密种子与第一时间戳Ti1进行拼接时,位置和数量可以根据需要进行设定。“‖” represents splicing. Here, when splicing the first secret seed that has undergone m-2 hash operations with the first timestamp T i1 , the position and number can be set as required.
以上述a为例,在将拼接的结果进行1次哈希运算,得到第一通道信息MACi1满足下述公式:MACi1=h(hm-2(Si)||Ti1)。Taking the above a as an example, after performing one hash operation on the spliced result, the first channel information MAC i1 is obtained and satisfies the following formula: MAC i1 =h(h m-2 (Si)||T i1 ).
此外,为了实现后续对通道的验证,还要将使用安全密钥ks加密的第一时间戳携带在第一交互信息中。In addition, in order to implement subsequent verification of the channel, the first time stamp encrypted with the security key ks is also carried in the first interaction information.
此时,第一交互信息α满足下述公式:At this time, the first interaction information α satisfies the following formula:
α=(TrID)ks||hm-1(Si)||MACi1||(Ti1)ks。α=(TrID)ks||h m-1 (Si)||MAC i1 ||(T i1 )ks.
Ⅱ:在上述过程(2)或过程B中,第二设备接收到第一交互信息α后,使用安全密钥ks对第一交互信息α携带的加密的第一时间戳Ti1进行解密,得到并保存该第一时间戳Ti1。II: In the above process (2) or process B, after receiving the first interaction information α, the second device uses the security key ks to decrypt the encrypted first time stamp T i1 carried by the first interaction information α, and obtains: and save the first timestamp T i1 .
Ⅲ:在上述过程(3)或过程C中,第一设备在接收到第二交互信息后,基于网络密钥KNWK以及第三时间戳,生成第三通道信息MACi2,并将该第三通道信息和使用安全密钥ks加密后的第三时间戳携带在第三交互信息中。III: In the above process (3) or process C, after receiving the second interaction information, the first device generates the third channel information MAC i2 based on the network key K NWK and the third time stamp, and sends the third The channel information and the third timestamp encrypted with the security key ks are carried in the third interaction information.
本申请实施例还提供一种生成第三通道信息MACi2的具体方法,该方法包括:第一设备将网络密钥KNWK以及第三时间戳Ti2进行拼接,将进行了拼接的网络密钥KNWK以及第三时间戳Ti2进行一次哈希运算,生成第三通道信息MACi2。The embodiment of the present application also provides a specific method for generating the third channel information MAC i2 , the method includes: the first device splices the network key K NWK and the third time stamp T i2 , and splices the spliced network key K NWK and the third timestamp T i2 perform a hash operation to generate the third channel information MAC i2 .
此处需要注意的是,对网络密钥KNWK以及第三时间戳Ti2进行拼接,拼接的方式可以根据实际需要进行具体设定。It should be noted here that the network key K NWK and the third timestamp T i2 are spliced, and the splicing method can be specifically set according to actual needs.
例如:可以采用下述方式中任意一种对网络密钥KNWK以及第三时间戳Ti2进行拼接:a:KNWK||Ti2;b:Ti2||KNWK。For example, the network key K NWK and the third timestamp T i2 may be spliced in any of the following manners: a: K NWK ||T i2 ; b: T i2 ||K NWK .
其中“‖”表示拼接,此处,在将网络密钥KNWK以及第三时间戳Ti2进行拼接时,位置和数量都可以根据需要进行设定。“‖” represents splicing, and here, when splicing the network key K NWK and the third time stamp T i2 , both the position and the number can be set as required.
以上述b为例,在将拼接的结果进行1次哈希运算,得到第三通道信息MACi2满足下述公式:MACi2=h(Ti2||KNWK)。Taking the above b as an example, after performing one hash operation on the spliced result, the third channel information MAC i2 is obtained, which satisfies the following formula: MAC i2 =h(T i2 ||K NWK ).
此外,为了方便实现的验证过程,还会将使用安全密钥ks加密的第三时间戳携带在第三交互信息中。In addition, in order to facilitate the verification process implemented, the third time stamp encrypted with the security key ks is also carried in the third interaction information.
所生成的第三交互信息γ满足下述公式:The generated third interaction information γ satisfies the following formula:
γ=(KI)ks||Kit||hm-2(Si)||MACi2||(Ti2)ks。γ=(KI)ks||Kit||h m-2 (Si)||MAC i2 ||(T i2 )ks.
Ⅳ:在上述过程(4)或者上述过程D中,第二设备在接收到第一设备发送的第三交互信息之后,并在生成第四交互信息之前,还会基于第一交互信息中携带的第一时间戳Ti1和第三交互信息中携带的第三身份认证信息hm-2(Si),生成第一通道验证信息NACi1。并将生成的第一通道验证信息NACi1和第一交互信息中携带的第一通道信息MACi1进行比对;若两者一致,则第二设备验证从上述过程(1)至过程(4)中,网络密钥协商通道未中断。IV: In the above process (4) or the above process D, after the second device receives the third interaction information sent by the first device, and before generating the fourth interaction information The first time stamp T i1 and the third identity authentication information h m-2 (Si) carried in the third interaction information generate the first channel authentication information NAC i1 . and compare the generated first channel verification information NAC i1 with the first channel information MAC i1 carried in the first interaction information; if the two are consistent, the second device verifies from the above process (1) to process (4) , the network key agreement channel is not interrupted.
若两者不一致,则第二设备验证从上述过程(1)至过程(4)中,网络密钥协商通道中断,终止此次网络密钥协商过程。If the two are inconsistent, the second device verifies that the network key negotiation channel is interrupted from the above process (1) to process (4), and terminates this network key negotiation process.
在网络密钥协商通道未中断的情况下,第二设备还会根据第三交互信息中携带的第三时间戳Ti2,以及网络密钥KNWK,生成第三通道验证信息NACi2,并将第三通道验证信息NACi2和第三交互信息中携带的第三通道信息MACi2进行比对,在两者一致的情况下,确认网络密钥协商过程中的数据完整之后,才会生成第四交互信息。In the case that the network key negotiation channel is not interrupted, the second device will also generate the third channel verification information NAC i2 according to the third time stamp T i2 carried in the third interaction information and the network key K NWK , and use the The third channel authentication information NAC i2 is compared with the third channel information MAC i2 carried in the third interaction information. interactive information.
假若两者不一致,则确认网络密钥协商过程的数据是不完整的,终止此次网络密钥协商过程。If the two are inconsistent, it is confirmed that the data in the network key negotiation process is incomplete, and the current network key negotiation process is terminated.
此外,为了实现后续的验证,还要将使用安全密钥ks加密的第四时间戳携带在第四交互信息中。In addition, in order to implement subsequent verification, the fourth time stamp encrypted by using the security key ks is also carried in the fourth interaction information.
所生成的第四交互信息ω满足下述公式:The generated fourth interaction information ω satisfies the following formula:
ω=(Ti1)KNWK||hs-2(St)||(Tt2)ks。ω=(T i1 )K NWK ||h s-2 (St)||(T t2 )ks.
通过上述实施例,能够让第二设备在密钥协商过程中,确定密钥协商通道是未中断的,且在密钥协商过程中交互的数据是完整的,只有在网络密钥协商通道未中断,且密钥协商过程中交互的数据完整的前提下,才会执行后续的网络密钥协商过程。Through the above embodiment, the second device can determine that the key negotiation channel is not interrupted during the key negotiation process, and the data exchanged during the key negotiation process is complete, and only when the network key negotiation channel is not interrupted , and the data exchanged during the key negotiation process is complete, the subsequent network key negotiation process will be performed.
另外,在本申请另一实施例中,第一设备也会在网络密钥协商的过程中对网络密钥协商通道是否中断做出验证。In addition, in another embodiment of the present application, the first device also verifies whether the network key negotiation channel is interrupted during the network key negotiation process.
具体的,第二设备,还用于在将第二交互信息发送给第一设备之前,基于第二秘密种子、第二时间戳以及第一通道验证信息,生成第二通道信息,并将第二通道信息以及使用安全密钥加密的第二时间戳携带在第二交互信息中;Specifically, the second device is further configured to, before sending the second interaction information to the first device, generate the second channel information based on the second secret seed, the second timestamp and the first channel verification information, and send the second channel information to the second device. The channel information and the second timestamp encrypted with the security key are carried in the second interaction information;
第一设备,还用于在接收到第四交互信息后,基于第四交互信息中携带的第四身份认证信息、第二交互信息中携带的第二时间戳、以及第一设备生成的第一通道信息,计算生成第二通道验证信息;检测计算生成的第二通道验证信息以及第二交互信息中携带的第二通道信息是否一致;在检测计算生成的第二通道验证信息以及第二交互信息中携带的第二通道信息一致后,对第四交互信息进行验证。The first device is further configured to, after receiving the fourth interaction information, based on the fourth identity authentication information carried in the fourth interaction information, the second timestamp carried in the second interaction information, and the first time stamp generated by the first device. channel information, calculate and generate the second channel verification information; detect whether the second channel verification information generated by the calculation and the second channel information carried in the second interaction information are consistent; detect and calculate the generated second channel verification information and the second interaction information After the second channel information carried in the data is consistent, the fourth interaction information is verified.
在具体实现的时候:In concrete implementation:
①:在上述过程(1)、过程A或者过程Ⅰ中,第一设备在向第二设备发送第一交互信息的时候,会将第一通道信息MACi1携带在第一交互信息中,发送给第二设备。①: In the above process (1), process A or process I, when the first device sends the first interaction information to the second device, it will carry the first channel information MAC i1 in the first interaction information, and send it to the second device. second device.
②:在上述过程(2)、过程B或者过程Ⅱ中,第二设备在接收到第一设备发送的第一交互信息之后,会基于第二秘密种子、第二时间戳以及第一通道信息MACi1,生成第二通道信息MACt1。②: In the above process (2), process B or process II, after receiving the first interaction information sent by the first device, the second device will use the second secret seed, the second timestamp and the first channel information MAC i1 , the second channel information MAC t1 is generated.
本申请实施例还提供一种生成第二通道信息MACt1的具体方法:The embodiment of the present application also provides a specific method for generating the second channel information MAC t1 :
第二设备对第二秘密种子进行s-2次哈希运算,并将进行了s-2次哈希运算第二秘密种子、第二时间戳Tt1以及第一交互信息α中携带的第一通道信息MACi1进行拼接,并将拼接的结果进行1次哈希运算,生成第二通道信息MACt1。The second device performs s-2 hash operations on the second secret seed, and performs s-2 hash operations on the second secret seed, the second timestamp T t1 , and the first hash carried in the first interaction information α. The channel information MAC i1 is spliced, and a hash operation is performed on the spliced result to generate the second channel information MAC t1 .
此处需要注意的是,对进行了s-2次哈希运算的第二秘密种子、第二时间戳Tt1以及第一通道信息MACi1进行拼接,拼接的方式可以根据实际需要进行具体设定。It should be noted here that the second secret seed that has undergone s-2 hash operations, the second timestamp T t1 and the first channel information MAC i1 are spliced, and the splicing method can be specifically set according to actual needs. .
例如,拼接时可以采用下述任意一种方式进行:For example, splicing can be performed in any of the following ways:
a:hs-2(St)||Tt1||MACi1;b:Tt1||hs-2(St)||MACi1;c:MACi1||Tt1||hs-2(St)……等,其中“‖”表示拼接;此处:在将进行了s-2次哈希运算的第二秘密种子、第二时间戳Tt1以及第一通道信息MACi1进行拼接时,位置和数量均可以根据需要进行设定。a: h s-2 (St)||T t1 ||MAC i1 ; b: T t1 ||h s-2 (St)||MAC i1 ; c: MAC i1 ||T t1 ||h s-2 (St)... etc., where "‖" represents splicing; here: when splicing the second secret seed, the second timestamp T t1 and the first channel information MAC i1 that have undergone s-2 hash operations , the location and quantity can be set as required.
以上述a为例,在将拼接的结果进行1次哈希运算,得到第二通道信息MACt1满足下述公式:MACt1=h(hs-2(St)||Tt1||MACi1)。Taking the above a as an example, after performing one hash operation on the spliced result, the second channel information MAC t1 is obtained, which satisfies the following formula: MAC t1 =h(h s-2 (St)||T t1 ||MAC i1 ).
此时,第二交互信息β满足下述公式:At this time, the second interaction information β satisfies the following formula:
β=(RsID)ks||(KBM)ks||hs-1(St)||(Tt1)ks||MACt1。β=(RsID)ks||(KBM)ks||h s-1 (St)||(T t1 )ks||MAC t1 .
③:在上述过程(3)、过程C或者过程Ⅲ中,第一设备接收到第二交互信息β后,使用安全密钥ks对第二交互信息β携带的加密的第二时间戳Tt1进行解密,获得并保存解密后的第二时间戳Tt1。以及将第二交互信息中携带的第二通道信息MACt1进行保存。③: In the above process (3), process C or process III, after receiving the second interaction information β, the first device uses the security key ks to perform encryption on the encrypted second time stamp T t1 carried by the second interaction information β. Decrypt, obtain and save the decrypted second timestamp T t1 . and storing the second channel information MAC t1 carried in the second interaction information.
④:在上述过程(4)、过程D或者过程Ⅳ中,第二设备会生成第四身份认证信息hs-2(St)携带在第四交互信息中,并将第四交互信息发送给第一设备。④: In the above process (4), process D or process IV, the second device will generate the fourth identity authentication information h s-2 (St) and carry it in the fourth interaction information, and send the fourth interaction information to the a device.
⑤:在上述过程(5)、或者过程E中,第一设备还会在接收到第四交互信息后,基于第四交互信息中携带的第四身份认证信息hs-2(St)、上述③中获得的第二时间戳Tt1,以及当前第一设备生成的第一通道信息MACi1,生成第二通道验证信息NACt1。此处第二通道验证信息NACt1的生成过程与第二通道信息MACi1的生成过程一致,在此不再赘述。⑤: In the above-mentioned process (5) or process E, after receiving the fourth interaction information, the first device will also, based on the fourth identity authentication information h s-2 (St) carried in the fourth interaction information, the above The second time stamp T t1 obtained in ③, and the first channel information MAC i1 currently generated by the first device, generate the second channel verification information NAC t1 . Here, the generation process of the second channel verification information NAC t1 is the same as the generation process of the second channel information MAC i1 , and details are not repeated here.
第一设备还将该第二通道验证信息NACt1和上述③中获得的第二通道信息MACt1进行比对。若两者一致,则确认网络密钥协商通道正常,然后对第四交互信息进行验证。若两者不一致,则中断此次网络密钥协商过程。The first device also compares the second channel verification information NAC t1 with the second channel information MAC t1 obtained in the above ③. If the two are consistent, it is confirmed that the network key negotiation channel is normal, and then the fourth interaction information is verified. If the two are inconsistent, the network key negotiation process is interrupted.
本申请实施例中,在多次握手过程中,通过第一通道信息和第二通道验证信息对通道的连续性进行验证,并验证网络密钥协商过程中数据的完整性。检验网络密钥协商通道是否关闭保证了网络密钥协商过程中信息数据在第一设备与第二设备之间处于交互中,并没有中断,而数据完整性的验证保证了数据在交互过程中未出现错误的交互信息,进而完成网络密钥的协商。In the embodiment of the present application, in the multiple handshake process, the continuity of the channel is verified through the first channel information and the second channel verification information, and the integrity of the data in the network key negotiation process is verified. Checking whether the network key negotiation channel is closed ensures that the information and data are in the interaction between the first device and the second device during the network key negotiation process, and there is no interruption, and the verification of data integrity ensures that the data is not interrupted during the interaction process. Incorrect exchange information occurs, and then the negotiation of the network key is completed.
在本申请另一实施例中,在网络密钥协商过程中,还会在每次握手过程中验证所交互数据的时效,以保证验证的连续性和安全性。In another embodiment of the present application, in the process of network key negotiation, the validity of the exchanged data is also verified in each handshake process, so as to ensure the continuity and security of verification.
在本实施例中:第一交互信息中还携带有使用安全密钥加密的第一时间戳;In this embodiment: the first interaction information also carries a first timestamp encrypted with a security key;
第二设备,还用于使用安全密钥对加密的第一时间戳进行解密,获取第一时间戳,并检测第一时间戳与当前时间之间的时间差是否小于预设的时间差阈值;在检测第一时间戳与当前时间之间的时间差小于预设的时间差阈值后,生成第二交互信息;The second device is further configured to decrypt the encrypted first time stamp by using the security key, obtain the first time stamp, and detect whether the time difference between the first time stamp and the current time is less than a preset time difference threshold; After the time difference between the first timestamp and the current time is less than a preset time difference threshold, the second interaction information is generated;
以及,as well as,
第三交互信息中还携带有使用安全密钥加密的第三时间戳;The third interaction information also carries a third timestamp encrypted with the security key;
第二设备,还用于使用安全密钥对加密的第三时间戳Ti2进行解密,获取第三时间戳,并检测第三时间戳与当前时间之间的时间差是否小于预设的时间差阈值;在检测第三时间戳与当前时间之间的时间差是否小于预设的时间差阈值后,生成第四交互信息;The second device is further configured to decrypt the encrypted third time stamp T i2 using the security key, obtain the third time stamp, and detect whether the time difference between the third time stamp and the current time is less than a preset time difference threshold; After detecting whether the time difference between the third timestamp and the current time is less than a preset time difference threshold, generating fourth interaction information;
以及,as well as,
第二交互信息中还携带有使用安全密钥加密的第二时间戳;The second interaction information also carries a second timestamp encrypted with the security key;
第一设备,还用于使用安全密钥对加密的第二时间戳Tt1进行解密,获取第二时间戳,并检测第二时间戳与当前时间之间的时间差是否小于预设的时间差阈值;在检测第二时间戳与当前时间之间的时间差是否小于预设的时间差阈值后,生成临时传输密钥;The first device is further configured to decrypt the encrypted second time stamp T t1 by using the security key, obtain the second time stamp, and detect whether the time difference between the second time stamp and the current time is less than a preset time difference threshold; After detecting whether the time difference between the second timestamp and the current time is less than a preset time difference threshold, generating a temporary transmission key;
第四交互信息中还携带有使用安全密钥加密的第四时间戳;The fourth interaction information also carries a fourth timestamp encrypted with the security key;
第一设备,还用于使用安全密钥对加密的第四时间戳进行解密,获取第四时间戳,并检测第四时间戳与当前时间之间的时间差是否小于预设的时间差阈值;在检测第四时间戳与当前时间之间的时间差是否小于预设的时间差阈值后,对第四交互信息进行验证。The first device is further configured to decrypt the encrypted fourth time stamp by using the security key, obtain the fourth time stamp, and detect whether the time difference between the fourth time stamp and the current time is less than a preset time difference threshold; After the time difference between the fourth timestamp and the current time is less than a preset time difference threshold, the fourth interaction information is verified.
在具体实施中:In specific implementation:
一,在上述过程(1)、过程A、过程Ⅰ、或者过程①中,第一设备在生成第一交互信息的时候,还会使用安全密钥对第一时间戳Ti1进行加密后,携带在第一交互信息中,并将第一交互信息发送给第二设备。1. In the above process (1), process A, process I, or
二,在上述过程(2)、过程B、过程II、或者过程②中,第二设备接收到携带有第一时间戳Ti1的第一交互信息α后,使用安全密钥ks对第一交互信息α携带的加密的第一时间戳Ti1进行解密,得到解密后的第一时间戳Ti1,检测第一时间戳Ti1与当前时间之间的时间差是否小于预设的时间差阈值。若检测到第一时间戳Ti1与当前时间之间的时间差小于预设的时间差阈值,则第二设备接收到第一交互信息α是有效的,则执行后续身份认证的过程或者执行后续生成第二交互信息的过程。若检测到第一时间戳Ti1与当前时间之间的时间差大于预设的时间差阈值,则第二设备接收到第一交互信息α是无效的,结束当前网络密钥的协商过程。2. In the above process (2), process B, process II, or
第二设备在生成第二交互信息的时候,还会使用安全密钥ks对第二时间戳Tt1进行加密,生成加密后的第二时间戳,并将加密后的第二时间戳携带在第二交互信息β中。When generating the second interaction information, the second device will also use the security key ks to encrypt the second timestamp T t1 , generate an encrypted second timestamp, and carry the encrypted second timestamp in the first timestamp. Two interactive information β.
三,在上述过程(3)、过程C、过程III、或者过程③中,第一设备接收到携带有加密的第二时间戳Tt1的第二交互信息β后,使用安全密钥ks对加密的第二时间戳Tt1,得到解密后的第二时间戳Tt1,检测第二时间戳Tt1与当前时间之间的时间差是否小于预设的时间差阈值;若检测到第二时间戳Tt1与当前时间之间的时间差小于预设的时间差阈值后,生成临时传输密钥,并执行后续生成第三交互信息的过程。若检测到第二时间戳Tt1与当前时间之间的时间差大于预设的时间差阈值,则结束当前网络密钥的协商过程。3. In the above process (3), process C, process III, or process ③, after receiving the second interaction information β carrying the encrypted second time stamp T t1 , the first device uses the security key ks to encrypt The second time stamp T t1 is obtained, and the decrypted second time stamp T t1 is obtained, and whether the time difference between the second time stamp T t1 and the current time is less than the preset time difference threshold is detected; if the second time stamp T t1 is detected After the time difference from the current time is smaller than the preset time difference threshold, a temporary transmission key is generated, and a subsequent process of generating third interaction information is performed. If it is detected that the time difference between the second time stamp T t1 and the current time is greater than the preset time difference threshold, the negotiation process of the current network key is ended.
第一设备在生成第三交互信息的时候,还会使用安全密钥ks对第三时间戳Ti2进行加密,生成加密后的第三时间戳,并将加密后的第三时间戳携带在第三交互信息γ中。When generating the third interactive information, the first device will also use the security key ks to encrypt the third time stamp T i2 , generate an encrypted third time stamp, and carry the encrypted third time stamp in the third time stamp. Three interactive information γ.
四,在上述过程(4)、过程D、过程Ⅳ、或者过程④中,第二设备接收到携带有加密的第三时间戳Ti2的第三交互信息γ后,使用安全密钥ks对加密的第三时间戳Ti2,得到解密后的第三时间戳Ti2,检测第三时间戳Ti2与当前时间之间的时间差是否小于预设的时间差阈值;若检测到第三时间戳Ti2与当前时间之间的时间差小于预设的时间差阈值后,生成第四交互信息。若检测到第三时间戳Ti2与当前时间之间的时间差大于预设的时间差阈值,则结束当前网络密钥的协商过程。Fourth, in the above process (4), process D, process IV, or process ④, after receiving the third interaction information γ carrying the encrypted third time stamp T i2 , the second device uses the security key ks to encrypt The third time stamp T i2 is obtained, the decrypted third time stamp T i2 is obtained, and it is detected whether the time difference between the third time stamp T i2 and the current time is less than the preset time difference threshold; if the third time stamp T i2 is detected After the time difference from the current time is smaller than the preset time difference threshold, the fourth interaction information is generated. If it is detected that the time difference between the third time stamp T i2 and the current time is greater than the preset time difference threshold, the negotiation process of the current network key is ended.
第二设备在生成第四交互信息的时候,还会使用安全密钥ks对第四时间戳Tt2进行加密,生成加密后的第四时间戳,并将加密后的第四时间戳携带在第四交互信息ω中。When generating the fourth interaction information, the second device will also use the security key ks to encrypt the fourth timestamp T t2 , generate an encrypted fourth timestamp, and carry the encrypted fourth timestamp in the third timestamp. Four interactive information ω.
五,在上述过程(5)、过程E或者过程⑤中,第一设备接收到携带有加密的第四时间戳Tt2的第四交互信息ω后,使用安全密钥ks对加密的第四时间戳Tt2,得到解密后的第四时间戳Tt2,检测第四时间戳Tt2与当前时间之间的时间差是否小于预设的时间差阈值;若检测到第四时间戳Tt2与当前时间之间的时间差小于预设的时间差阈值后,进行第四交互信息验证的步骤。若检测到第四时间戳Tt2与当前时间之间的时间差大于预设的时间差阈值,则结束当前网络密钥的协商过程。Fifth, in the above process (5), process E or process ⑤, after receiving the fourth interaction information ω carrying the encrypted fourth time stamp T t2 , the first device uses the security key ks to encrypt the fourth time stamp T t2. Stamp T t2 to obtain the decrypted fourth time stamp T t2 , and detect whether the time difference between the fourth time stamp T t2 and the current time is less than the preset time difference threshold; if the difference between the fourth time stamp T t2 and the current time is detected After the time difference between them is smaller than the preset time difference threshold, the fourth step of verifying the interactive information is performed. If it is detected that the time difference between the fourth time stamp T t2 and the current time is greater than the preset time difference threshold, the negotiation process of the current network key is ended.
本申请实施例,在网络密钥协商的过程中,利用安全密钥对时间戳加密后发送出去。对时间戳的检测,避免信息交互超时,攻击者在这段时间内截取交互信息后又发送的一条信息,从而能够进一步地保证无线网络通讯的安全性。In this embodiment of the present application, in the process of network key negotiation, the time stamp is encrypted with a security key and sent out. The detection of the time stamp avoids the information exchange time-out, and the attacker intercepts a piece of information sent after the exchange information within this period, thereby further ensuring the security of wireless network communication.
基于同一发明构思,本申请实施例中还提供了与网络密钥协商系统对应的网络密钥协商方法,由于本申请实施例中的方法解决问题的原理与本申请实施例上述网络密钥协商系统相似,因此方法的实施可以参见系统的实施,重复之处不再赘述。Based on the same inventive concept, the embodiments of the present application also provide a network key agreement method corresponding to the network key agreement system. Similar, so the implementation of the method can refer to the implementation of the system, and the repetition will not be repeated.
参见图4所示,本申请实施例提供的网络密钥协商方法,用于进行网络密钥协商的第一设备,该方法包括:Referring to FIG. 4 , a network key negotiation method provided by an embodiment of the present application is used for a first device for performing network key negotiation, and the method includes:
S401:生成第一交互信息,并将第一交互信息发送给第二设备;第一交互信息携带有:使用安全密钥加密的第一轮信息;S401: Generate first interaction information, and send the first interaction information to a second device; the first interaction information carries: first-round information encrypted with a security key;
S402:接收第二设备接收到第一交互信息后发送的第二交互信息;第二交互信息中携带有:使用安全密钥加密的第二轮信息;S402: Receive second interaction information sent by the second device after receiving the first interaction information; the second interaction information carries: the second round of information encrypted with a security key;
S403:基于第一轮信息、第二交互信息中携带的第二轮信息,生成临时传输密钥;S403: Generate a temporary transmission key based on the first-round information and the second-round information carried in the second interaction information;
S404:使用临时传输密钥对随机生成的网络密钥进行加密,生成网络密钥加密信息;S404: Use the temporary transmission key to encrypt the randomly generated network key to generate network key encryption information;
S405:将网络密钥加密信息携带在第三交互信息中,发送给第二设备;S405: Carry the network key encryption information in the third interaction information, and send it to the second device;
S406:接收第二设备基于第三交互信息发送的第四交互信息;第四交互信息基于网络密钥生成;S406: Receive fourth interaction information sent by the second device based on the third interaction information; the fourth interaction information is generated based on the network key;
S407:基于网络密钥对第四交互信息进行验证,若验证通过,则完成与第二设备之间网络密钥的协商。S407: Verify the fourth interaction information based on the network key, and if the verification passes, complete the network key negotiation with the second device.
本申请实施例中,第一设备首先以加密的方式将第一轮信息发送给第二设备。在第一设备获得第一轮信息和第二轮信息后,会基于第一轮信息、第二轮信息,对要协商的加密后网络密钥进行加密后,传递给第二设备;第一设备和第二设备还能够通过协商新的网络密钥去替代原有的网络密钥,从而能够在网络密钥被窃取的时候及时更换,提高无线网络通讯的安全性。In this embodiment of the present application, the first device first sends the first round of information to the second device in an encrypted manner. After the first device obtains the first-round information and the second-round information, it encrypts the encrypted network key to be negotiated based on the first-round information and the second-round information, and transmits it to the second device; the first device encrypts the encrypted network key to be negotiated. The network key and the second device can also replace the original network key by negotiating a new network key, so that the network key can be replaced in time when the network key is stolen, thereby improving the security of wireless network communication.
可选地,在本申请另一实施例中,第二交互信息中还携带有使用安全密钥加密的密钥位掩码;密钥位掩码中包括至少三个密钥索引;每个密钥索引对应一个设备密钥;Optionally, in another embodiment of the present application, the second interaction information further carries a key bit mask encrypted with a security key; the key bit mask includes at least three key indices; The key index corresponds to a device key;
使用安全密钥对密钥位掩码进行解密,并从获得的解密后的密钥位掩码中指定一个密钥索引;Decrypt the key bitmask using the security key and specify a key index from the obtained decrypted key bitmask;
网络密钥协商方法还包括:The network key agreement method also includes:
基于第一轮信息、第二交互信息中携带的第二轮信息,生成临时传输密钥,具体包括:Based on the first-round information and the second-round information carried in the second interaction information, a temporary transmission key is generated, which specifically includes:
将第一轮信息以及第二交互信息中携带的第二轮信息连接,形成字符串;Connect the first round of information and the second round of information carried in the second interactive information to form a string;
使用预设加密算法,以第一设备指定的密钥索引对应的设备密钥为加密密钥,对字符串进行加密,生成临时传输密钥。Using a preset encryption algorithm, using the device key corresponding to the key index specified by the first device as the encryption key, the character string is encrypted to generate a temporary transmission key.
网络密钥协商方法还包括:The network key agreement method also includes:
使用安全密钥对第一设备指定的密钥索引进行加密,并将加密的密钥索引携带在第三交互信息中;Encrypting the key index specified by the first device using the security key, and carrying the encrypted key index in the third interaction information;
可选地,在本申请另一实施例中,第一设备具体用于通过下述步骤基于随机生成的网络密钥对第四交互信息进行验证:Optionally, in another embodiment of the present application, the first device is specifically configured to verify the fourth interaction information based on a randomly generated network key through the following steps:
使用第一设备生成的网络密钥对时间戳加密信息进行解密,获取第一时间戳;Decrypt the timestamp encrypted information using the network key generated by the first device to obtain the first timestamp;
将解密时间戳加密信息获取的第一时间戳与第一设备生成的第一时间戳进行比对;comparing the first time stamp obtained by decrypting the time stamp encryption information with the first time stamp generated by the first device;
在解密时间戳加密信息获取的第一时间戳与第一设备生成的第一时间戳一致时,验证通过。The verification is passed when the first timestamp obtained by decrypting the timestamp encrypted information is consistent with the first timestamp generated by the first device.
可选地,在本申请另一实施例中,第二交互信息中还携带有基于第二秘密种子生成的第二身份认证信息,第二身份认证信息为第二设备对第二秘密种子进行s-1次哈希运算得到;Optionally, in another embodiment of the present application, the second interaction information also carries second identity authentication information generated based on the second secret seed, and the second identity authentication information is that the second device performs s on the second secret seed. -1 hash operation is obtained;
网络密钥协商方法还包括:The network key agreement method also includes:
在生成第三交互信息之前,对第二身份认证信息进行1次哈希运算;Before generating the third interaction information, perform a hash operation on the second identity authentication information;
检测进行了1次哈希运算的第二身份认证信息与预先获取的第二设备的身份信息是否一致;Detecting whether the second identity authentication information that has undergone one hash operation is consistent with the pre-acquired identity information of the second device;
检测到进行了1次哈希运算的第二身份认证信息与预先获取的第二设备的身份信息一致后,生成第三交互信息;After detecting that the second identity authentication information subjected to one hash operation is consistent with the pre-acquired identity information of the second device, third interaction information is generated;
其中,第二设备的身份信息为第二设备对第二秘密种子进行s次哈希运算得到。The identity information of the second device is obtained by the second device performing s hash operations on the second secret seed.
可选地,在本申请另一实施例中,网络密钥协商方法还包括:Optionally, in another embodiment of the present application, the network key negotiation method further includes:
在检测到进行了1次哈希运算的第二身份认证信息与预先获取的第二设备的身份信息一致后,使用第二身份认证信息更新第二设备的身份信息;After detecting that the second identity authentication information subjected to one hash operation is consistent with the pre-acquired identity information of the second device, use the second identity authentication information to update the identity information of the second device;
第四交互信息中还携带有基于第二秘密种子生成的第四身份认证信息;第四身份认证信息为对第二秘密种子进行s-2次哈希运算得到;The fourth interaction information also carries fourth identity authentication information generated based on the second secret seed; the fourth identity authentication information is obtained by performing s-2 hash operations on the second secret seed;
对第四交互信息进行验证之前,该网络密钥协商方法还包括:Before verifying the fourth interaction information, the network key negotiation method further includes:
对第四身份认证信息进行1次哈希运算;
检测进行了1次哈希运算的第四身份认证信息与使用第二身份认证信息更新得到的第二设备的身份信息是否一致;Detecting whether the fourth identity authentication information that has undergone one hash operation is consistent with the identity information of the second device updated by using the second identity authentication information;
在检测到进行了1次哈希运算的第四身份认证信息与使用第二身份认证信息更新得到的第二设备的身份信息一致后,对第四交互信息进行验证。After it is detected that the fourth identity authentication information subjected to one hash operation is consistent with the identity information of the second device updated by using the second identity authentication information, the fourth interaction information is verified.
可选地,在本申请另一实施例中,网络密钥协商方法还包括:Optionally, in another embodiment of the present application, the network key negotiation method further includes:
基于第一秘密种子以及第一时间戳生成第一通道信息,并将第一通道信息以及使用安全密钥加密的第一时间戳携带在第一交互信息中;generating the first channel information based on the first secret seed and the first timestamp, and carrying the first channel information and the first timestamp encrypted with the security key in the first interaction information;
在接收到第二交互信息后,基于网络密钥以及第三时间戳,生成第三通道信息;After receiving the second interaction information, generating third channel information based on the network key and the third timestamp;
将第三通道信息,以及使用安全密钥加密的第三时间戳携带在第三交互信息中。The third channel information and the third time stamp encrypted with the security key are carried in the third interaction information.
可选地,在本申请另一实施例中,基于第一秘密种子以及第一时间戳生成第一通道验证信息具体包括:Optionally, in another embodiment of the present application, generating the first channel verification information based on the first secret seed and the first timestamp specifically includes:
对第一秘密种子进行m-2次哈希运算;Perform m-2 hash operations on the first secret seed;
将进行了m-2次哈希运算的第一秘密种子与第一时间戳拼接后,进行1次哈希运算,生成第一通道验证信息。After splicing the first secret seed that has undergone m-2 hash operations with the first timestamp, one hash operation is performed to generate the first channel verification information.
基于网络密钥以及第三时间戳,生成第三通道验证信息,具体包括:Based on the network key and the third timestamp, the third channel verification information is generated, which specifically includes:
将第三时间戳以及网络密钥拼接后,进行1次哈希运算,生成第三通道验证信息。After splicing the third timestamp and the network key, a hash operation is performed to generate the third channel verification information.
可选地,在本申请另一实施例中,网络密钥协商方法还包括:Optionally, in another embodiment of the present application, the network key negotiation method further includes:
在接收到第四交互信息后,基于第四交互信息中携带的第四身份认证信息、第二交互信息中携带的第二时间戳、以及第一设备生成的第一通道信息,计算生成第二通道验证信息;After receiving the fourth interaction information, based on the fourth identity authentication information carried in the fourth interaction information, the second timestamp carried in the second interaction information, and the first channel information generated by the first device, calculate and generate the second Channel verification information;
检测计算生成的第二通道验证信息以及第二交互信息中携带的第二通道验证信息是否一致;Detecting whether the second channel verification information generated by the calculation and the second channel verification information carried in the second interaction information are consistent;
在检测计算生成的第二通道验证信息以及第二交互信息中携带的第二通道验证信息一致后,对第四交互信息进行验证。After detecting that the second channel verification information generated by the calculation and the second channel verification information carried in the second interaction information are consistent, the fourth interaction information is verified.
可选地,在本申请另一实施例中,第二交互信息中还携带有使用安全密钥加密的第二时间戳;Optionally, in another embodiment of the present application, the second interaction information further carries a second timestamp encrypted with a security key;
网络密钥协商方法还包括:The network key agreement method also includes:
使用安全密钥对加密的第二时间戳进行解密,获取第二时间戳;Decrypt the encrypted second timestamp using the security key to obtain the second timestamp;
检测第二时间戳与当前时间之间的时间差是否小于预设的时间差阈值;Detecting whether the time difference between the second timestamp and the current time is less than a preset time difference threshold;
在检测第二时间戳与当前时间之间的时间差是否小于预设的时间差阈值后,生成临时传输密钥;After detecting whether the time difference between the second timestamp and the current time is less than a preset time difference threshold, generating a temporary transmission key;
第四交互信息中还携带有使用安全密钥加密的第四时间戳;The fourth interaction information also carries a fourth timestamp encrypted with the security key;
网络密钥协商方法还包括:The network key agreement method also includes:
使用安全密钥对加密的第四时间戳进行解密,获取第四时间戳;Decrypt the encrypted fourth timestamp using the security key to obtain the fourth timestamp;
检测第四时间戳与当前时间之间的时间差是否小于预设的时间差阈值;Detecting whether the time difference between the fourth timestamp and the current time is less than a preset time difference threshold;
在检测第四时间戳与当前时间之间的时间差是否小于预设的时间差阈值后,对第四交互信息进行验证。After detecting whether the time difference between the fourth timestamp and the current time is less than a preset time difference threshold, the fourth interaction information is verified.
参见图5所示,本申请实施例提供的网络密钥协商方法,用于进行网络密钥协商的第二设备,该方法包括:Referring to FIG. 5 , a network key negotiation method provided by an embodiment of the present application is used for a second device for performing network key negotiation, and the method includes:
S501:接收第一设备发送的第一交互信息,并在接收第一交互信息后,生成第二交互信息;S501: Receive first interaction information sent by a first device, and after receiving the first interaction information, generate second interaction information;
S502:将第二交互信息发送给第一设备;第二交互信息携带有:使用安全密钥加密的第二轮信息;S502: Send the second interaction information to the first device; the second interaction information carries: the second round of information encrypted with the security key;
S503:接收第一设备根据第二交互信息发送的第三交互信息;S503: Receive third interaction information sent by the first device according to the second interaction information;
S504:基于第一交互信息中携带的第一轮信息以及第二轮信息,生成临时传输密钥,并基于临时传输密钥对网络密钥加密信息进行解密,获得网络密钥;S504: Generate a temporary transmission key based on the first-round information and the second-round information carried in the first interaction information, and decrypt the network key encryption information based on the temporary transmission key to obtain a network key;
S505:基于网络密钥生成第四交互信息,并向第一设备发送第四交互信息。S505: Generate fourth interaction information based on the network key, and send the fourth interaction information to the first device.
本申请实施例中,第二设备以加密的方式将第二轮信息发送第一设备。第二设备能够使用和第一设备相同的方式,基于第一轮信息、第二轮信息和从第一设备获取的设备密钥,对加密后的网络密钥进行解密后,获得网络密钥,进而使得某次协商得到的网络密钥即使在使用过程中被泄露,第一设备和第二设备还能够通过协商新的网络密钥去替代原有的网络密钥,从而能够在网络密钥被窃取的时候及时更换,提高无线网络通讯的安全性。In this embodiment of the present application, the second device sends the second round of information to the first device in an encrypted manner. In the same way as the first device, the second device can decrypt the encrypted network key based on the first round information, the second round information and the device key obtained from the first device to obtain the network key, In this way, even if the network key obtained by a certain negotiation is leaked during use, the first device and the second device can negotiate a new network key to replace the original network key, so that the network key can be replaced by the network key. When stolen, it can be replaced in time to improve the security of wireless network communication.
可选地,在本申请另一实施例中,第二设备预先存储有密钥位掩码;密钥位掩码中包括至少三个密钥索引;每个密钥索引对应一个设备密钥;Optionally, in another embodiment of the present application, the second device pre-stores a key bitmask; the key bitmask includes at least three key indices; each key index corresponds to a device key;
第二交互信息中还携带有使用安全密钥加密的密钥位掩码;The second interaction information also carries a key bit mask encrypted with the security key;
网络密钥协商方法还包括:The network key agreement method also includes:
在接收到第三交互信息之后,使用安全密钥对第三交互信息中携带的加密第一设备指定的密钥索引进行解密,获得第一设备指定的密钥索引;以及,通过下述步骤生成临时传输密钥:After receiving the third interaction information, use the security key to decrypt the key index specified by the encrypted first device carried in the third interaction information to obtain the key index specified by the first device; and generate the following steps: Temporary transfer key:
将第一交互信息中携带的第一轮信息以及第二轮信息连接,形成字符串;connecting the first round of information and the second round of information carried in the first interaction information to form a string;
用于使用预设加密算法,以第三交互信息中携带的第一设备指定的密钥索引对应的设备密钥为加密密钥,对字符串进行加密,生成临时传输密钥。It is used for encrypting the character string by using the preset encryption algorithm and using the device key corresponding to the key index specified by the first device carried in the third interaction information as the encryption key to generate a temporary transmission key.
可选地,在本申请另一实施例中,第一交互信息中还携带有使用安全密钥加密的第一时间戳;Optionally, in another embodiment of the present application, the first interaction information further carries a first timestamp encrypted with a security key;
基于网络密钥生成并向第一设备发送第四交互信息,具体包括:Generate and send fourth interaction information based on the network key to the first device, specifically including:
使用网络密钥对第一时间戳进行加密,生成时间戳加密信息;Encrypting the first timestamp using the network key to generate timestamp encryption information;
将时间戳加密信息携带在第四交互信息中,并将第四交互信息发送给第一设备。The time stamp encryption information is carried in the fourth interaction information, and the fourth interaction information is sent to the first device.
可选地,在本申请另一实施例中,第一交互信息中还携带有基于第一秘密种子生成的第一身份认证信息;第一身份认证信息为第一设备对第一秘密种子进行m-1次哈希运算得到;Optionally, in another embodiment of the present application, the first interaction information also carries first identity authentication information generated based on the first secret seed; the first identity authentication information is that the first device performs an m operation on the first secret seed. -1 hash operation is obtained;
网络密钥协商方法还包括:The network key agreement method also includes:
在生成第二交互信息之前,对第一身份认证信息进行1次哈希运算;Before generating the second interaction information, perform a hash operation on the first identity authentication information;
检测进行了1次哈希运算的第一身份认证信息与预先获取的第一设备的身份信息是否一致;Detecting whether the first identity authentication information subjected to one hash operation is consistent with the pre-acquired identity information of the first device;
在检测到进行了1次哈希运算的第一身份认证信息与预先获取的第一设备的身份信息一致后,生成第二交互信息;After detecting that the first identity authentication information subjected to one hash operation is consistent with the pre-acquired identity information of the first device, the second interaction information is generated;
其中,第一设备的身份信息为第一设备对第一秘密种子进行m次哈希运算得到。The identity information of the first device is obtained by the first device performing m hash operations on the first secret seed.
可选地,在本申请另一实施例中,网络密钥协商方法还包括:Optionally, in another embodiment of the present application, the network key negotiation method further includes:
在检测到进行了1次哈希运算的第一身份认证信息与预先获取的第一设备的身份信息一致后,使用第一身份认证信息更新第一设备的身份信息;After detecting that the first identity authentication information subjected to one hash operation is consistent with the pre-acquired identity information of the first device, use the first identity authentication information to update the identity information of the first device;
第三交互信息中还携带有基于第一秘密种子生成的第三身份认证信息;第三身份认证信息为对第一秘密种子进行m-2次哈希运算得到。The third interaction information also carries third identity authentication information generated based on the first secret seed; the third identity authentication information is obtained by performing m-2 hash operations on the first secret seed.
该方法还包括:在生成第四交互信息之前,对第三身份认证信息进行1次哈希运算;The method further includes: before generating the fourth interaction information, performing a hash operation on the third identity authentication information;
检测进行了1次哈希运算的第三身份认证信息与使用第一身份认证信息更新得到的第一设备的身份信息是否一致;Detecting whether the third identity authentication information that has undergone one hash operation is consistent with the identity information of the first device updated by using the first identity authentication information;
在检测到进行了1次哈希运算的第一身份认证信息与使用第一身份认证信息更新得到的第一设备的身份信息一致后,生成第四交互信息。After it is detected that the first identity authentication information subjected to one hash operation is consistent with the identity information of the first device updated by using the first identity authentication information, the fourth interaction information is generated.
可选地,在本申请另一实施例中,在生成第四交互信息之前,网络密钥协商方法还包括:Optionally, in another embodiment of the present application, before generating the fourth interaction information, the network key negotiation method further includes:
使用第一交互信息中携带的第一时间戳、基于第三身份认证信息,生成第一通道验证信息;generating first channel verification information based on the third identity authentication information using the first timestamp carried in the first interaction information;
检测计算得到的第一通道验证信息以及第一交互信息中携带的第一通道信息是否一致;Detecting whether the calculated first channel verification information and the first channel information carried in the first interaction information are consistent;
在检测到第一通道验证信息以及第一交互信息中携带的第一通道信息一致后,确认网络密钥协商通道未中断;After detecting that the first channel verification information and the first channel information carried in the first interaction information are consistent, confirming that the network key negotiation channel is not interrupted;
在确认网络密钥协商通道未中断后,网络密钥协商方法还包括:After confirming that the network key negotiation channel is not interrupted, the network key negotiation method further includes:
使用安全密钥对第三交互信息中携带的加密后的第三时间戳进行解密,得到第三时间戳;Decrypting the encrypted third timestamp carried in the third interaction information by using the security key to obtain the third timestamp;
根据得到的第三时间戳,以及网络密钥,计算生成第三通道验证信息;Calculate and generate the third channel verification information according to the obtained third timestamp and the network key;
检测计算生成的第三通道验证信息以及第三交互信息中携带的第三通道信息是否一致;Detecting whether the third channel verification information generated by the calculation and the third channel information carried in the third interaction information are consistent;
在检测两者一致后,则网络密钥协商过程中的数据完整,生成第四交互信息。After it is detected that the two are consistent, the data in the network key negotiation process is complete, and fourth interaction information is generated.
可选地,在本申请另一实施例中,在将第二交互信息发送给第一设备之前,网络密钥协商方法还包括:Optionally, in another embodiment of the present application, before sending the second interaction information to the first device, the network key negotiation method further includes:
基于第二秘密种子、第二时间戳以及第一通道信息,生成第二通道信息;generating second channel information based on the second secret seed, the second timestamp, and the first channel information;
将第二通道信息以及使用安全密钥加密的第二时间戳携带在第二交互信息中。The second channel information and the second time stamp encrypted with the security key are carried in the second interaction information.
可选地,在本申请另一实施例中,基于第二秘密种子、第二时间戳以及第一通道信息,生成第二通道信息具体包括:Optionally, in another embodiment of the present application, generating the second channel information based on the second secret seed, the second timestamp, and the first channel information specifically includes:
对第二秘密种子进行s-2次哈希运算;Perform s-2 hash operations on the second secret seed;
将进行了s-2次哈希运算的第二秘密种子、第二时间戳以及第一通道信息拼接后,进行1次哈希运算,生成第二通道信息。After splicing the second secret seed, the second timestamp, and the first channel information that have undergone s-2 hash operations, one hash operation is performed to generate the second channel information.
可选地,在本申请另一实施例中,第一交互信息中还携带有使用安全密钥加密的第一时间戳;Optionally, in another embodiment of the present application, the first interaction information further carries a first timestamp encrypted with a security key;
网络密钥协商方法还包括:The network key agreement method also includes:
使用安全密钥对加密的第一时间戳Ti1进行解密,获取第一时间戳;Decrypt the encrypted first timestamp T i1 using the security key to obtain the first timestamp;
检测第一时间戳与当前时间之间的时间差是否小于预设的时间差阈值;Detecting whether the time difference between the first timestamp and the current time is less than a preset time difference threshold;
在检测第一时间戳与当前时间之间的时间差小于预设的时间差阈值后,生成第二交互信息;After detecting that the time difference between the first timestamp and the current time is less than a preset time difference threshold, generating second interaction information;
第三交互信息中还携带有使用安全密钥加密的第三时间戳;The third interaction information also carries a third timestamp encrypted with the security key;
网络密钥协商方法还包括:The network key agreement method also includes:
使用安全密钥对加密的第三时间戳进行解密,获取第三时间戳;Decrypt the encrypted third timestamp using the security key to obtain the third timestamp;
并检测第三时间戳与当前时间之间的时间差是否小于预设的时间差阈值;and detecting whether the time difference between the third timestamp and the current time is less than a preset time difference threshold;
在检测第三时间戳与当前时间之间的时间差是否小于预设的时间差阈值后,生成第四交互信息。After detecting whether the time difference between the third timestamp and the current time is less than a preset time difference threshold, fourth interaction information is generated.
本申请还提供一种网络密钥协商系统的具体示例:参见图6a-图6f和图7所示。The present application also provides a specific example of a network key agreement system: see FIG. 6a-FIG. 6f and FIG. 7 .
设备发现过程,如图6a和图7所示:The device discovery process, as shown in Figure 6a and Figure 7:
S601:第一设备利用第一秘密种子进行m次哈希运算,得到第一设备的身份信息(ID,hm(Si))。执行S603。S601: The first device uses the first secret seed to perform m hash operations to obtain the identity information (ID, h m (Si)) of the first device. Execute S603.
S602;第二设备利用第二秘密种子进行s次哈希运算,得到第二设备的身份信息(ID,hs(St))。执行S604。S602: The second device uses the second secret seed to perform s hash operations to obtain the identity information (ID, h s (St)) of the second device. Execute S604.
S603:第一设备向外界广播其身份信息(ID,hm(Si))。S603: The first device broadcasts its identity information (ID, h m (Si)) to the outside world.
S604:第二设备向第一设备发送其身份信息(ID,hs(St))。S604: The second device sends its identity information (ID, h s (St)) to the first device.
S605:第二设备根据第一设备广播的信息获得第一设备身份信息(ID,hm(Si))。S605: The second device obtains the first device identity information (ID, h m (Si)) according to the information broadcasted by the first device.
S606:第一设备根据第二设备发送的信息获得第二设备身份信息(ID,hs(St))。S606: The first device obtains the second device identity information (ID, h s (St)) according to the information sent by the second device.
密钥协商的第一过程,参见图6b和图7所示:The first process of key negotiation is shown in Figure 6b and Figure 7:
S607:第一设备,利用第一秘密种子进行m-2次哈希运算,并将运算结果与第一时间戳拼接起来,并将拼接的结果进行1次哈希运算,生成第一通道信息MACi1;跳转至S611。S607: The first device uses the first secret seed to perform m-2 hash operations, splices the operation result with the first timestamp, and performs 1 hash operation on the spliced result to generate the first channel information MAC i1 ; Jump to S611.
其中,MACi1满足:MACi1=h(hm-2(Si)||Ti1)Wherein, MAC i1 satisfies: MAC i1 =h(h m-2 (Si)||T i1 )
S608:第一设备利用第一秘密种子进行m-1次哈希运算,生成第一设备的第一身份认证信息hm-1(Si)。跳转至S611。S608: The first device uses the first secret seed to perform m-1 hash operations to generate first identity authentication information h m-1 (Si) of the first device. Jump to S611.
S609:第一设备使用预置的安全密钥ks对第一轮信息TrID进行加密,得到加密后的第一轮信息:(TrID)ks。跳转至S611。S609: The first device encrypts the first round of information TrID by using the preset security key ks to obtain encrypted first round of information: (TrID)ks. Jump to S611.
S610:第一设备使用安全密钥ks对当前的第一时间戳Ti1进行加密,得到加密后的第一时间戳(Ti1)ks。跳转至S611。S610: The first device uses the security key ks to encrypt the current first timestamp T i1 to obtain an encrypted first timestamp (T i1 )ks. Jump to S611.
S611:将加密后的第一时间戳(TrID)ks,与第一通道验证信息MACi1、第一身份认证信息hk-1(Si)、和加密后的第一时间戳(Ti1)ks拼接起来,生成第一交互信息α;S611: Combine the encrypted first timestamp (TrID)ks with the first channel authentication information MAC i1 , the first identity authentication information h k-1 (Si), and the encrypted first timestamp (T i1 )ks spliced together to generate the first interaction information α;
其中,第一交互信息α满足:α=(TrID)ks||hm-1(Si)||MACi1||(Ti1)ks。Wherein, the first interaction information α satisfies: α=(TrID)ks||h m-1 (Si)||MAC i1 ||(T i1 )ks.
此处,只有当S607-S610均执行完之后,S611才会执行,且上述步骤S607至S610无执行的先后顺序。Here, S611 will be executed only after S607-S610 are all executed, and the above steps S607 to S610 have no order of execution.
S612:将第一交互信息α发送给第二设备。S612: Send the first interaction information α to the second device.
密钥协商的第二过程,参见图6c和图7所示:The second process of key negotiation is shown in Figure 6c and Figure 7:
S614:第二设备接收第一设备发送的第一交互信息α。S614: The second device receives the first interaction information α sent by the first device.
S615:使用安全密钥ks解密第一交互信息α中加密的第一时间戳(Ti1)ks,得到解密后的第一时间戳Ti1。S615: Decrypt the encrypted first timestamp (T i1 )ks in the first interaction information α using the security key ks to obtain the decrypted first timestamp T i1 .
S616:检测第一时间戳Ti1与当前时间的差是否小于预设的时间差阈值;若否,则跳转至S617,若是,则跳转至S618。S616: Detect whether the difference between the first timestamp T i1 and the current time is less than a preset time difference threshold; if not, skip to S617, and if so, skip to S618.
S617:结束当前网络密钥协商过程。S617: End the current network key negotiation process.
S618:对第一交互信息α中携带的第一身份认证信息hm-1(Si)进行一次哈希运算,得到hm(Si);S618: Perform a hash operation on the first identity authentication information h m-1 (Si) carried in the first interaction information α to obtain h m (Si);
S619:检测运算得到的hm(Si)与设备发现过程保存的第一设备的身份信息是否一致;若否,则跳转至S617;若是,则跳转至S620和S621、S622、S623、S624、S625。S619: Check whether the h m (Si) obtained by the operation is consistent with the identity information of the first device saved in the device discovery process; if not, jump to S617; if so, jump to S620 and S621, S622, S623, S624 , S625.
S620:第二设备将第一设备的身份信息更新为(ID,hm-1(Si))。跳转至S626。S620: The second device updates the identity information of the first device to (ID, h m-1 (Si)). Jump to S626.
S621:第二设备对第二秘密种子进行s-2次哈希运算,并将进行了s-2次哈希运算第二秘密种子、第二时间戳Tt1以及第一交互信息α中的第一通道信息MACi1进行拼接,并将拼接的结果进行1次哈希运算,生成第二通道信息MACt1。S621: The second device performs s-2 hash operations on the second secret seed, and performs s-2 hash operations on the second secret seed, the second time stamp T t1 , and the th One channel information MAC i1 is spliced, and a hash operation is performed on the spliced result to generate the second channel information MAC t1 .
其中,MACt1满足:MACt1=h(hs-2(St)||Tt1||MACi1)。Wherein, MAC t1 satisfies: MAC t1 =h(h s-2 (St)||T t1 ||MAC i1 ).
跳转至S626。Jump to S626.
S622:第二设备利用第二秘密种子进行s-1次哈希运算,生成第二设备的第二身份认证信息hs-1(St)。跳转至S626。S622: The second device uses the second secret seed to perform s-1 hash operations to generate the second identity authentication information h s-1 (St) of the second device. Jump to S626.
S623:第二设备利用预置的安全密钥ks对第二轮信息RsID进行加密,得到加密后的第二轮信息:(RsID)ks。跳转至S626。S623: The second device encrypts the second-round information RsID by using the preset security key ks, to obtain the encrypted second-round information: (RsID)ks. Jump to S626.
S624:第二设备使用预置的安全密钥ks对第二设备中预置的密钥位掩码KBM进行加密,得到加密后的密钥位掩码:(KBM)ks。跳转至S626。S624: The second device uses the preset security key ks to encrypt the key bit mask KBM preset in the second device to obtain an encrypted key bit mask: (KBM) ks. Jump to S626.
S625:第二设备使用预置的安全密钥ks对第二时间戳Tt1进行加密,得到加密后的第二时间戳(Tt1)ks。跳转至S626。S625: The second device uses the preset security key ks to encrypt the second timestamp T t1 to obtain an encrypted second timestamp (T t1 )ks. Jump to S626.
S626:将第二轮信息进行加密得到(RsID)ks,与第二通道验证信息MACt1,第二身份认证信息hs-1(St),加密后的密钥位掩码(KBM)ks和使用安全密钥ks加密后的第二时间戳Tt1拼接起来,生成第二交互信息β发送给第一设备。S626: Encrypt the second round of information to obtain (RsID)ks, which are combined with the second channel verification information MAC t1 , the second identity verification information h s-1 (St), the encrypted key bit mask (KBM) ks and The second timestamp T t1 encrypted by using the security key ks is spliced together to generate second interaction information β and send to the first device.
其中,第二交互信息β满足:Among them, the second interaction information β satisfies:
β=(RsID)ks||(KBM)ks||hs-1(St)||(Tt1)ks||MACt1。β=(RsID)ks||(KBM)ks||h s-1 (St)||(T t1 )ks||MAC t1 .
此处,只有当S620-S625均执行完之后,S626才会执行,且上述步骤S620至S625无执行的先后顺序。Here, S626 will be executed only after S620-S625 are all executed, and the above steps S620 to S625 have no order of execution.
密钥协商的第三过程,参见图6d和图7所示:The third process of key negotiation is shown in Figure 6d and Figure 7:
S627:第一设备接收第二设备发送的第二交互信息。S627: The first device receives the second interaction information sent by the second device.
S628:第一设备使用安全密钥ks解密第二交互信息β中携带的加密的第二时间戳(Tt1)ks,得到第二时间戳Tt1。S628: The first device uses the security key ks to decrypt the encrypted second timestamp (T t1 )ks carried in the second interaction information β to obtain the second timestamp T t1 .
S629:第一设备将检测第二时间戳Tt1与当前时间的差是否小于预设的时间差阈值;若否,则跳转至S630;若是,则跳转至S631。S629: The first device will detect whether the difference between the second time stamp T t1 and the current time is less than the preset time difference threshold; if not, jump to S630; if so, jump to S631.
S630:结束网络密钥协商过程。S630: End the network key negotiation process.
S631:第一设备将第二交互信息β中的第二身份认证信息进行1次哈希运算得到hs(St)。跳转至S632.S631: The first device performs a hash operation on the second identity authentication information in the second interaction information β to obtain h s (St). Jump to S632.
S632:检测运算得到的hs(St)与第二设备的身份信息是否一致。若否,则跳转至S630;若是,则跳转至S633、S638、S639以及S641。S632: Detect whether the h s (St) obtained by the operation is consistent with the identity information of the second device. If no, go to S630; if yes, go to S633, S638, S639 and S641.
S633:第一设备将第二设备的身份信息更新为(ID,hs-1(St))。S633: The first device updates the identity information of the second device to (ID, h s-1 (St)).
S634:第一设备使用安全密钥ks解密第二交互信息β中的第二时间戳Tt1以及第二轮信息RsID,并将第二轮信息RsID进行保存。S634: The first device uses the security key ks to decrypt the second time stamp T t1 and the second round information RsID in the second interaction information β, and saves the second round information RsID.
S635:第一设备使用安全密钥ks对第二交互信息β中的加密的密钥位掩码(KBM)ks进行解密得到密钥位掩码KBM,并从密钥位掩码KBM中指定一密钥索引KI。跳转至S636以及S640。S635: The first device uses the security key ks to decrypt the encrypted key bit mask (KBM) ks in the second mutual information β to obtain the key bit mask KBM, and specifies a key bit mask KBM from the key bit mask KBM. Key index KI. Jump to S636 and S640.
S636:将第二轮信息RsID以及第一轮信息TrID拼接成一个128位的字符串,使用AES算法,基于设备密钥k作为加密密钥对字符串进行加密生成临时传输密钥Ktrans。S636: Concatenate the second-round information RsID and the first-round information TrID into a 128-bit string, and use the AES algorithm to encrypt the string based on the device key k as an encryption key to generate a temporary transmission key Ktrans.
其中,临时传输密钥Ktrans满足:Ktrans=AESk(TrID||TrID||RsID||RsID)。Wherein, the temporary transmission key Ktrans satisfies: Ktrans=AES k (TrID||TrID||RsID||RsID).
跳转至S637。Jump to S637.
S637:第一设备使用临时传输密钥Ktrans对随机生成的网络密钥KNWK进行加密,生成网络密钥加密信息Kit。S637: The first device uses the temporary transmission key Ktrans to encrypt the randomly generated network key K NWK to generate network key encryption information Kit.
其中,网络密钥加密信息Kit满足:Kit=AESKtrans(KNWK)。Wherein, the network key encryption information Kit satisfies: Kit=AES Ktrans (K NWK ).
跳转至S642。Jump to S642.
S638:将网络密钥KNWK以及第三时间戳Ti2拼接起来生成第三通道信息MACi2。S638: Combine the network key K NWK and the third timestamp T i2 to generate the third channel information MAC i2 .
其中,第三通道信息MACi2满足:MACi2=h(Ti2||KNWK)Wherein, the third channel information MAC i2 satisfies: MAC i2 =h(T i2 ||K NWK )
跳转至S642。Jump to S642.
S639:利用第一秘密种子进行m-2次哈希运算,生成第一设备的第三身份认证信息hm-2(Si)。跳转至S642。S639: Use the first secret seed to perform m-2 hash operations to generate third identity authentication information h m-2 (Si) of the first device. Jump to S642.
S640:使用安全密钥ks对密钥指数KI进行加密。跳转至S642。S640: Encrypt the key exponent KI using the security key ks. Jump to S642.
S641:使用安全密钥ks对第三时间戳Ti2进行加密,得到加密后的第三时间戳(Ti2)ks。跳转至S642。S641: Use the security key ks to encrypt the third time stamp T i2 to obtain an encrypted third time stamp (T i2 )ks. Jump to S642.
S642:将网络密钥加密信息Kit、第三通道信息MACi2、使用安全密钥ks加密的第三时间戳Ti2、使用安全密钥ks加密的密钥指数KI以及第三身份认证信息拼接起来,得到第三交互信息γ。S642: Splicing together the network key encryption information Kit, the third channel information MAC i2 , the third time stamp T i2 encrypted with the security key ks, the key index KI encrypted with the security key ks, and the third identity authentication information , and obtain the third interaction information γ.
第三交互信息γ满足:γ=(KI)ks||Kit||hm-2(Si)||MACi2||(Ti2)ks。The third interaction information γ satisfies: γ=(KI)ks||Kit||h m-2 (Si)||MAC i2 ||(T i2 )ks.
此处,只有当S637-S641均执行完之后,S642才会执行,且上述步骤S637-S641无执行的先后顺序。Here, S642 will be executed only after S637-S641 are all executed, and the above-mentioned steps S637-S641 have no order of execution.
密钥协商的第四过程,如图6e和图7所示:The fourth process of key negotiation, as shown in Figure 6e and Figure 7:
S643:第二设备接收第一设备发送的第三交互信息。S643: The second device receives the third interaction information sent by the first device.
S644:第二设备使用安全密钥ks解密第三交互信息γ中加密的第三时间戳(Ti2)ks,得到解密后的第三时间戳Ti2。S644: The second device uses the security key ks to decrypt the encrypted third timestamp (T i2 )ks in the third interaction information γ to obtain the decrypted third timestamp T i2 .
S645:检测第三时间戳Ti2与当前时间的差是否小于预设的时间差阈值;若否,则跳转至S646,若是,则跳转至S647。S645: Detect whether the difference between the third time stamp T i2 and the current time is less than a preset time difference threshold; if not, jump to S646, and if so, jump to S647.
S646:结束当前网络密钥协商过程。S646: End the current network key negotiation process.
S647:基于第一交互信息中携带的第一时间戳Ti1和第三交互信息中携带的第三身份认证信息hm-2(Si),生成第一通道验证信息NACi1。S647: Based on the first timestamp T i1 carried in the first interaction information and the third identity authentication information h m-2 (Si) carried in the third interaction information, generate first channel verification information NAC i1 .
S648:检测第一通道验证信息NACi1和第一交互信息中携带的第一通道信息MACi1是否一致:若否,则跳转至S646;若是,则跳转至S649。S648: Detect whether the first channel verification information NAC i1 is consistent with the first channel information MAC i1 carried in the first interaction information: if not, go to S646; if so, go to S649.
S649:基于第三交互信息中携带的第三时间戳Ti2,以及网络密钥KNWK,生成第三通道验证信息NACi2。S649: Based on the third time stamp T i2 carried in the third interaction information and the network key K NWK , generate the third channel verification information NAC i2 .
S650:检测第三通道验证信息NACi2和第三交互信息中携带的第三通道信息MACi2是否一致;若否,则跳转至S646;若是,则跳转至S651。S650: Detect whether the third channel authentication information NAC i2 is consistent with the third channel information MAC i2 carried in the third interaction information; if not, go to S646; if so, go to S651.
S651:对第三交互信息γ中携带的第三身份认证信息hm-2(Si)进行1次哈希运算,得到hm-1(Si)。S651: Perform one hash operation on the third identity authentication information h m-2 (Si) carried in the third interaction information γ to obtain h m-1 (Si).
S652:检测运算得到的hm-1(Si)与密钥协商过程中的更新的第一设备的身份信息是否一致;若否,则跳转至S646;若是,则跳转至S653、S654、S655以及S656。S652: Detect whether the h m-1 (Si) obtained by the operation is consistent with the updated identity information of the first device in the key negotiation process; if not, jump to S646; if so, jump to S653, S654, S655 and S656.
S653:利用第二秘密种子进行s-2次哈希运算,生成第四身份认证信息hs-2(St)。跳转至S655。S653: Use the second secret seed to perform s-2 hash operations to generate fourth identity authentication information h s-2 (St). Jump to S655.
S654:使用网络密钥KNWK对第一时间戳Ti1进行加密,生成时间戳加密信息(Ti1)KNWK。跳转至S655。S654: Encrypt the first timestamp T i1 using the network key K NWK to generate timestamp encryption information (T i1 )K NWK . Jump to S655.
S655:使用安全密钥ks对第四时间戳Tt2进行加密,得到加密后的第四时间戳(Tt2)ks。跳转至S656。S655: Use the security key ks to encrypt the fourth time stamp T t2 to obtain an encrypted fourth time stamp (T t2 )ks. Jump to S656.
S656:将第四身份认证信息hs-2(St)、时间戳加密信息(Ti1)KNWK与加密后的第四时间戳(Tt2)ks拼接起来,得到第四交互信息ω。S656: Combine the fourth identity authentication information h s-2 (St), the timestamp encryption information (T i1 )K NWK and the encrypted fourth timestamp (T t2 )ks to obtain fourth interaction information ω.
其中,第四交互信息ω满足:ω=(Ti1)KNWK||hs-2(St)||(Tt2)ks。Wherein, the fourth mutual information ω satisfies: ω=(T i1 )K NWK ||h s-2 (St)||(T t2 )ks.
此处,只有当S653-S655均执行完之后,S656才会执行,且上述步骤S653-S655无执行的先后顺序。Here, S656 will be executed only after S653-S655 are all executed, and the above-mentioned steps S653-S655 have no order of execution.
在另一实施例中,可以先执行S650,当S650的检测结果为是时,才执行S648。另外,还可以将S650和S648不分先后顺序的执行。In another embodiment, S650 may be performed first, and when the detection result of S650 is yes, then S648 is performed. In addition, S650 and S648 can also be executed in no particular order.
密钥协商的第五过程,如图6f和图7所示:The fifth process of key negotiation, as shown in Figure 6f and Figure 7:
S657:第一设备接收到第二设备发送的第四交互信息。S657: The first device receives the fourth interaction information sent by the second device.
S658:第一设备使用安全密钥ks解密第四交互信息ω中加密的第四时间戳(Tt2)ks,得到解密后的第四时间戳Tt2。S658: The first device decrypts the encrypted fourth timestamp (T t2 )ks in the fourth interaction information ω by using the security key ks, and obtains the decrypted fourth timestamp T t2 .
S659:检测第四时间戳Tt2与当前时间的差是否小于预设的时间差阈值;若否,则跳转至S662,若是,则跳转至S660。S659: Detect whether the difference between the fourth time stamp T t2 and the current time is less than a preset time difference threshold; if not, jump to S662, and if so, jump to S660.
S660:第一设备使用本端生成的网络密钥KNWK解密时间戳加密信息(Ti1)KNWK,得到第一时间戳Ti1。S660: The first device uses the network key K NWK generated by the local end to decrypt the encrypted timestamp information (T i1 )K NWK to obtain the first timestamp T i1 .
S661:第一设备将检测S660得到的第一时间戳Ti1与密钥协商的第一过程生成的第一时间戳Ti1是否一致;若否,则跳转至S662;若是,则跳转至S663。S661: The first device will detect whether the first timestamp T i1 obtained in S660 is consistent with the first timestamp T i1 generated by the first process of key negotiation; if not, skip to S662; if so, skip to S663.
S662:结束网络密钥协商过程。S662: End the network key negotiation process.
S663:第一设备将基于第四身份认证信息hs-2(St)、密钥协商第三过程得到的第二时间戳Tt1,以及当前第一设备生成的第一通道信息MACi1,生成第二通道验证信息NACt1。S663: Based on the fourth identity authentication information h s-2 (St), the second timestamp T t1 obtained by the third key negotiation process, and the first channel information MAC i1 currently generated by the first device, the first device generates The second channel authentication information NAC t1 .
S664:检测第二通道验证信息NACt1与密钥协商第三过程得到的第二通道验证信息是否一致;若否,则跳转至S662。若是,则跳转至S665。S664: Detect whether the second channel verification information NAC t1 is consistent with the second channel verification information obtained in the third process of key negotiation; if not, go to S662. If so, jump to S665.
S665:向第二设备反馈密钥协商成功信息。S665: Feed back key negotiation success information to the second device.
S666:网络密钥协商结束。S666: The network key negotiation ends.
对应于图4中的网络密钥协商方法,本申请实施例还提供了一种计算机设备800,如图8所示,该设备包括存储器81、处理器82及存储在该存储器81上并可在该处理器82上运行的计算机程序,其中,上述处理器82执行上述计算机程序时实现上述网络密钥协商方法的步骤。Corresponding to the network key agreement method in FIG. 4 , an embodiment of the present application further provides a computer device 800, as shown in FIG. A computer program running on the
具体地,上述存储器81和处理器82能够为通用的存储器81和处理器82,这里不做具体限定,当处理器82运行存储器81存储的计算机程序时,能够执行上述网络密钥协商方法,采用哈希链机制进行网络密钥的传输以及身份信息的认证,与现有技术中不加密的数据传输方式,以及少加密的数据传输方式相比,能够实现密钥的加密传输,提高无线网络通讯的安全性。Specifically, the above-mentioned
对应于图4中的网络密钥协商方法,本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,该计算机程序被处理器运行时执行上述网络密钥协商方法的步骤。Corresponding to the network key agreement method in FIG. 4 , an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and the computer program is executed by the processor when the above-mentioned network is executed. The steps of the key agreement method.
具体地,该存储介质能够为通用的存储介质,如移动磁盘、硬盘等,该存储介质上的计算机程序被运行时,能够执行上述网络密钥协商方法,采用哈希链机制进行网络密钥的传输以及身份信息的认证,与现有技术中不加密的数据传输方式,以及少加密的数据传输方式相比,能够实现密钥的加密传输,提高无线网络通讯的安全性。Specifically, the storage medium can be a general storage medium, such as a removable disk, a hard disk, etc., when the computer program on the storage medium is run, the above-mentioned network key agreement method can be executed, and a hash chain mechanism is used to perform network key negotiation. Compared with the non-encrypted data transmission mode and the less encrypted data transmission mode in the prior art, the transmission and authentication of the identity information can realize the encrypted transmission of the key and improve the security of wireless network communication.
本申请实施例所提供的网络密钥交互系统及装置的计算机程序产品,包括存储了程序代码的计算机可读存储介质,所述程序代码包括的指令可用于执行前面方法实施例中所述的方法,具体实现可参见方法实施例,在此不再赘述。The computer program product of the network key interaction system and device provided by the embodiments of the present application includes a computer-readable storage medium storing program codes, and the instructions included in the program codes can be used to execute the methods described in the foregoing method embodiments. , and the specific implementation can refer to the method embodiment, which is not repeated here.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统和装置的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and brevity of description, for the specific working process of the system and device described above, reference may be made to the corresponding process in the foregoing method embodiments, which will not be repeated here.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution, and the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。The above are only specific embodiments of the present application, but the protection scope of the present application is not limited to this. should be covered within the scope of protection of this application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810480420.2A CN108777678B (en) | 2018-05-18 | 2018-05-18 | A network key exchange system, device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810480420.2A CN108777678B (en) | 2018-05-18 | 2018-05-18 | A network key exchange system, device and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108777678A CN108777678A (en) | 2018-11-09 |
| CN108777678B true CN108777678B (en) | 2020-12-11 |
Family
ID=64027191
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810480420.2A Expired - Fee Related CN108777678B (en) | 2018-05-18 | 2018-05-18 | A network key exchange system, device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108777678B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114499828B (en) * | 2020-10-23 | 2024-04-30 | 京东方科技集团股份有限公司 | Communication method, Internet of Things terminal, gateway device and Internet of Things system |
| CN112600667B (en) * | 2020-11-25 | 2023-04-07 | 广东电网有限责任公司电力科学研究院 | Key negotiation method, device, equipment and storage medium |
| CN112512064B (en) * | 2020-12-02 | 2024-02-13 | 普联技术有限公司 | Wireless distribution network method, wireless gateway and equipment to be accessed |
| CN112737774B (en) * | 2020-12-28 | 2023-04-07 | 苏州科达科技股份有限公司 | Data transmission method, device and storage medium in network conference |
| CN117938984B (en) * | 2024-01-29 | 2024-09-13 | 数盾信息科技股份有限公司 | Network data transmission method and device based on high-speed encryption algorithm |
| CN119763285A (en) * | 2024-12-25 | 2025-04-04 | 河南驰诚电气股份有限公司 | Wireless device control method, device and storage medium for home alarm |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101150849A (en) * | 2006-09-18 | 2008-03-26 | 华为技术有限公司 | Method, system, mobile node and communication node for generating binding management key |
| US7574600B2 (en) * | 2004-03-24 | 2009-08-11 | Intel Corporation | System and method for combining user and platform authentication in negotiated channel security protocols |
| CN104980928A (en) * | 2014-04-03 | 2015-10-14 | 华为终端有限公司 | Method, equipment and system used for establishing secure connection |
| CN106817352A (en) * | 2015-11-30 | 2017-06-09 | 深圳市中兴微电子技术有限公司 | Broadcasting packet encryption method and device |
| CN107046531A (en) * | 2017-03-06 | 2017-08-15 | 国网湖南省电力公司 | Data processing method and system for data access of monitoring terminal to power information network |
| CN107493168A (en) * | 2017-09-07 | 2017-12-19 | 中国电子科技集团公司第三十研究所 | Quanta identity authentication method and its application process during quantum key distribution |
-
2018
- 2018-05-18 CN CN201810480420.2A patent/CN108777678B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7574600B2 (en) * | 2004-03-24 | 2009-08-11 | Intel Corporation | System and method for combining user and platform authentication in negotiated channel security protocols |
| CN101150849A (en) * | 2006-09-18 | 2008-03-26 | 华为技术有限公司 | Method, system, mobile node and communication node for generating binding management key |
| CN104980928A (en) * | 2014-04-03 | 2015-10-14 | 华为终端有限公司 | Method, equipment and system used for establishing secure connection |
| CN106817352A (en) * | 2015-11-30 | 2017-06-09 | 深圳市中兴微电子技术有限公司 | Broadcasting packet encryption method and device |
| CN107046531A (en) * | 2017-03-06 | 2017-08-15 | 国网湖南省电力公司 | Data processing method and system for data access of monitoring terminal to power information network |
| CN107493168A (en) * | 2017-09-07 | 2017-12-19 | 中国电子科技集团公司第三十研究所 | Quanta identity authentication method and its application process during quantum key distribution |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108777678A (en) | 2018-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108777678B (en) | A network key exchange system, device and method | |
| CN108449756B (en) | System, method and device for updating network key | |
| US11451614B2 (en) | Cloud authenticated offline file sharing | |
| US10979412B2 (en) | Methods and apparatus for secure device authentication | |
| KR100520116B1 (en) | A method for discributing the key to mutual nodes to code a key on mobile ad-hoc network and network device using thereof | |
| CN105723648B (en) | A key configuration method, system and device | |
| EP4231680A1 (en) | Identity authentication system, method and apparatus, device, and computer readable storage medium | |
| EP3051744B1 (en) | Key configuration method and apparatus | |
| CN103096301B (en) | Method for verifying wireless local area network access point and station for the same | |
| US8000478B2 (en) | Key handshaking method and system for wireless local area networks | |
| US10680835B2 (en) | Secure authentication of remote equipment | |
| CN106788989B (en) | Method and equipment for establishing secure encrypted channel | |
| US20050125693A1 (en) | Automatic detection of wireless network type | |
| US7464265B2 (en) | Methods for iteratively deriving security keys for communications sessions | |
| US20230344626A1 (en) | Network connection management method and apparatus, readable medium, program product, and electronic device | |
| CN113630248B (en) | Session key negotiation method | |
| US20230247010A1 (en) | Systems and methods for encryption in network communication | |
| CN112512048B (en) | Mobile network access system, method, storage medium and electronic device | |
| US20250293864A1 (en) | Set up and distribution of post-quantum secure pre-shared keys using extendible authentication protocol | |
| CN105515757A (en) | Security information interaction equipment based on trusted execution environment | |
| CN111083169B (en) | A communication method and system for industrial control network | |
| WO2021147369A1 (en) | Message verification method and apparatus | |
| CN117729056A (en) | Equipment identity authentication method and system | |
| CN103096305A (en) | Wireless network connection method and device and access point thereof | |
| CN119071775A (en) | Wireless access method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20201211 |