CN112134694B - Data interaction method, master station, terminal and computer readable storage medium - Google Patents
Data interaction method, master station, terminal and computer readable storage medium Download PDFInfo
- Publication number
- CN112134694B CN112134694B CN202010800673.0A CN202010800673A CN112134694B CN 112134694 B CN112134694 B CN 112134694B CN 202010800673 A CN202010800673 A CN 202010800673A CN 112134694 B CN112134694 B CN 112134694B
- Authority
- CN
- China
- Prior art keywords
- session key
- terminal
- master station
- random number
- private information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本发明公开了一种数据交互方法、主站、终端及计算机可读存储介质,其中方法包括:主站向终端发送第一报文,第一报文是主站利用非对称加密算法对主站和终端的ID进行加密生成第一私密信息,并将第一私密信息与主站和终端的ID合并生成;主站接收终端发送的第一应答报文,第一应答报文中有终端生成的第一随机数和终端基于对称加密算法和非对称加密算法生成的第二私密信息;主站验证第二私密信息和主站的ID的正确性,并在验证通过后利用对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,以及在第二会话密钥与第一会话密钥相同时保存第一会话密钥。由此,保证了会话密钥产生的随机性、多样性及安全性,有利于提高数据交互的安全性。
The invention discloses a data interaction method, a master station, a terminal and a computer-readable storage medium. The method includes: the master station sends a first message to the terminal. The first message is the master station using an asymmetric encryption algorithm to send a message to the master station. The first private information is encrypted with the ID of the terminal to generate the first private information, and the first private information is combined with the IDs of the master station and the terminal; the master station receives the first response message sent by the terminal, and the first response message contains the The first random number and the second private information generated by the terminal based on the symmetric encryption algorithm and the asymmetric encryption algorithm; the main station verifies the correctness of the second private information and the ID of the main station, and after passing the verification, uses the symmetric encryption algorithm to The random number performs a key agreement operation to generate a second session key, and when the second session key is the same as the first session key, the first session key is saved. This ensures the randomness, diversity and security of session key generation, which is beneficial to improving the security of data interaction.
Description
技术领域Technical field
本发明涉及计算机信息安全技术领域,尤其涉及一种数据交互方法、一种主站、一种终端及一种计算机可读存储介质。The present invention relates to the technical field of computer information security, and in particular to a data interaction method, a main station, a terminal and a computer-readable storage medium.
背景技术Background technique
近年来,国家电网公司一直在全面推进用电信息采集系统的建设,此系统可以实现对所有电力用户和关口的全面覆盖,实现计量装置在线监测和用户负荷、电量、电压等重要信息的实时采集,及时、完整、准确地为有关系统提供基础数据,为企业经营管理各环节的分析、决策提供支撑,为实现智能双向互动服务提供信息基础。为实现上述功能,系统中需要大量的终端(也称用电信息采集设备)参与配合以进行数据信息的采集,这些设备通常可以实现电能表数据的采集、数据管理、数据双向传输以及转发或执行控制命令等。In recent years, the State Grid Corporation of China has been comprehensively promoting the construction of an electricity information collection system. This system can achieve comprehensive coverage of all power users and gateways, and enable online monitoring of metering devices and real-time collection of important information such as user load, power, and voltage. , provide basic data for relevant systems in a timely, complete and accurate manner, provide support for analysis and decision-making in all aspects of enterprise operation and management, and provide an information basis for realizing intelligent two-way interactive services. In order to realize the above functions, the system requires a large number of terminals (also called power information collection equipment) to participate in the collection of data information. These devices can usually realize the collection of energy meter data, data management, two-way data transmission, and forwarding or execution. control commands, etc.
为了建立全面的用电信息采集系统,需要建设系统主站、传输信道、终端以及电子式电能表。目前,大部分终端数据上传通信信道采用的是GPRS(General Packet RadioService,通用无线分组服务)。为了保证用电信息采集系统的安全稳定运行,防止造成用户供电中断,防止通过公共网络和用户终端入侵主站造成更大范围的安全风险,主站与终端进行数据交互时,需要进行认证和加密,这就需要规定主站与终端之间进行数据传输的方法与规则。In order to establish a comprehensive power consumption information collection system, it is necessary to build a system main station, transmission channel, terminal and electronic energy meter. Currently, most terminal data upload communication channels use GPRS (General Packet Radio Service). In order to ensure the safe and stable operation of the power information collection system, prevent power supply interruption to users, and prevent intrusions into the main station through public networks and user terminals from causing wider security risks, authentication and encryption are required when the main station interacts with terminals. , which requires stipulating the methods and rules for data transmission between the main station and the terminal.
相关技术中,在主站与终端进行数据交互时,先进行对称的外部认证,认证通过后再对通信数据进行加密操作,以保证数据的安全传输。该方式在数据交互前虽然具有认证操作,但是该认证方式很容易被破解和重放,安全度低。In related technologies, when the master station and the terminal interact with each other in data, symmetrical external authentication is first performed, and after the authentication is passed, the communication data is encrypted to ensure safe transmission of data. Although this method has authentication operations before data interaction, this authentication method is easy to be cracked and replayed, and has low security.
发明内容Contents of the invention
本发明旨在至少在一定程度上解决相关技术中的技术问题之一。为此,本发明的第一个目的在于提出一种数据交互方法,采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。The present invention aims to solve one of the technical problems in the related art, at least to a certain extent. To this end, the first purpose of the present invention is to propose a data interaction method that uses a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm to perform session key negotiation to obtain the session key, ensuring the randomness of session key generation. , diversity and security, thus providing a secure basis for subsequent data interaction and conducive to improving the security of data interaction.
本发明的第二个目的在于提出另一种数据交互方法。The second object of the present invention is to propose another data interaction method.
本发明的第三个目的在于提出一种主站。The third object of the present invention is to provide a master station.
本发明的第四个目的在于提出一种终端。The fourth object of the present invention is to provide a terminal.
本发明的第五个目的在于提出一种计算机可读存储介质。The fifth object of the present invention is to provide a computer-readable storage medium.
为达到上述目的,本发明第一方面实施例提出了一种数据交互方法,包括以下步骤:主站向终端发送第一报文,第一报文是主站利用非对称加密算法对主站和终端的ID(Identity Document,身份标识号)进行加密生成第一私密信息,并将第一私密信息与主站和终端的ID合并生成的;主站接收终端发送的第一应答报文,第一应答报文中携带有终端生成的第一随机数,和,终端基于对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥、并基于非对称加密算法对第一会话密钥和主站的ID进行加密生成的第二私密信息;主站验证第二私密信息和主站的ID的正确性,并在验证通过后利用对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,以及确定第二会话密钥与第一会话密钥是否相同,并在相同时保存第一会话密钥以完成会话密钥协商。In order to achieve the above object, the first embodiment of the present invention proposes a data interaction method, which includes the following steps: the master station sends a first message to the terminal, and the first message is the master station using an asymmetric encryption algorithm to The terminal's ID (Identity Document, identity identification number) is encrypted to generate the first private information, and the first private information is combined with the IDs of the main station and the terminal; the main station receives the first response message sent by the terminal, and the first The response message carries the first random number generated by the terminal, and the terminal performs a key negotiation operation on the first random number based on a symmetric encryption algorithm to generate a first session key, and generates a first session key based on an asymmetric encryption algorithm. The second private information is encrypted with the ID of the primary station; the primary station verifies the correctness of the second private information and the ID of the primary station, and after passing the verification, uses a symmetric encryption algorithm to perform a key negotiation operation on the first random number to generate a second session key, and determine whether the second session key is the same as the first session key, and if they are the same, save the first session key to complete the session key negotiation.
根据本发明实施例的数据交互方法,通过采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。According to the data interaction method of the embodiment of the present invention, the session key is obtained through session key negotiation by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, thereby ensuring the randomness, diversity and security of the session key generation. This provides a secure basis for subsequent data interaction and is conducive to improving the security of data interaction.
为达到上述目的,本发明第二方面实施例提出了另一种数据交互方法,包括以下步骤:终端接收主站发送的第一报文,第一报文携带有主站和终端的ID,和,主站利用非加密算法对主站和终端的ID进行加密生成的第一私密信息;终端验证第一私密信息的正确性,并在验证通过后生成第一随机数,以及利用对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥,并利用非对称加密算法对第一会话密钥和主站的ID进行加密生成第二私密信息,以及将第一随机数和第二私密信息合并生成第一应答报文发送给主站,以便主站基于对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,并在确定第二会话密钥与第一会话密钥相同后保存第一会话密钥以完成会话密钥协商。In order to achieve the above object, the second embodiment of the present invention proposes another data interaction method, which includes the following steps: the terminal receives the first message sent by the master station, the first message carries the IDs of the master station and the terminal, and , the primary station uses a non-encryption algorithm to encrypt the IDs of the primary station and the terminal to generate the first private information; the terminal verifies the correctness of the first private information, and after passing the verification, generates the first random number, and uses a symmetric encryption algorithm to The first random number performs a key negotiation operation to generate a first session key, and an asymmetric encryption algorithm is used to encrypt the first session key and the ID of the primary station to generate the second private information, and the first random number and the second The private information is merged to generate a first response message and sent to the main station, so that the main station performs a key negotiation operation on the first random number based on the symmetric encryption algorithm to generate a second session key, and determines the second session key and the first session key. After the keys are the same, the first session key is saved to complete the session key negotiation.
根据本发明实施例的数据交互方法,通过采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。According to the data interaction method of the embodiment of the present invention, the session key is obtained through session key negotiation by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, thereby ensuring the randomness, diversity and security of the session key generation. This provides a secure basis for subsequent data interaction and is conducive to improving the security of data interaction.
为达到上述目的,本发明第三方面实施例提出了一种主站,包括第一发送单元、第一接收单元和第一处理单元,其中,第一发送单元,用于向终端发送第一报文,第一报文是第一处理单元利用非对称加密算法对主站和终端的ID进行加密生成第一私密信息,并将第一私密信息与主站和终端的ID合并生成的;第一接收单元,用于接收终端发送的第一应答报文,第一应答报文中携带有终端生成的第一随机数,和,终端基于对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥、并基于非对称加密算法对第一会话密钥和主站的ID进行加密生成的第二私密信息;第一处理单元,用于验证第二私密信息和主站的ID的正确性,并在验证通过后利用对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,以及确定第二会话密钥与第一会话密钥是否相同,并在相同时保存第一会话密钥以完成会话密钥协商。In order to achieve the above object, the third embodiment of the present invention proposes a master station, including a first sending unit, a first receiving unit and a first processing unit, wherein the first sending unit is used to send a first report to the terminal. The first message is generated by the first processing unit using an asymmetric encryption algorithm to encrypt the IDs of the main station and the terminal to generate the first private information, and merging the first private information with the IDs of the main station and the terminal; the first The receiving unit is configured to receive a first response message sent by the terminal. The first response message carries a first random number generated by the terminal, and the terminal performs a key negotiation operation on the first random number based on a symmetric encryption algorithm to generate a second response message. a session key and second private information generated by encrypting the first session key and the ID of the primary station based on an asymmetric encryption algorithm; a first processing unit for verifying the correctness of the second private information and the ID of the primary station property, and after passing the verification, use a symmetric encryption algorithm to perform a key negotiation operation on the first random number to generate a second session key, and determine whether the second session key is the same as the first session key, and save the second session key if they are the same. A session key to complete session key negotiation.
根据本发明实施例的主站,通过采用对称加密算法与非对称加密算法相结合的方式与终端进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。According to the embodiment of the present invention, the master station obtains the session key by performing session key negotiation with the terminal by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, thereby ensuring the randomness, diversity and security of the session key generation. , thus providing a secure basis for subsequent data interaction and conducive to improving the security of data interaction.
为达到上述目的,本发明第四方面实施例提出了一种终端,包括第一接收单元、随机数生成单元、第一处理单元和第一发送单元,其中,第一接收单元,用于接收主站发送的第一报文,第一报文携带有主站和终端的ID,和,主站利用非加密算法对主站和终端的ID进行加密生成的第一私密信息;第一处理单元,用于验证第一私密信息的正确性,并在验证通过后通过随机数生成单元生成第一随机数,以及利用对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥,并利用非对称加密算法对第一会话密钥和主站的ID进行加密生成第二私密信息,以及将第一随机数和第二私密信息合并生成第一应答报文;第一发送单元,用于将第一应答报文发送给主站,以便主站基于对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,并在确定第二会话密钥与第一会话密钥相同后保存第一会话密钥以完成会话密钥协商。In order to achieve the above object, the fourth embodiment of the present invention proposes a terminal, including a first receiving unit, a random number generating unit, a first processing unit and a first sending unit, wherein the first receiving unit is used to receive the main The first message sent by the station, the first message carries the IDs of the master station and the terminal, and the first private information generated by the master station using a non-encryption algorithm to encrypt the IDs of the master station and the terminal; the first processing unit, Used to verify the correctness of the first private information, and after passing the verification, generate the first random number through the random number generation unit, and use a symmetric encryption algorithm to perform a key agreement operation on the first random number to generate the first session key, and Using an asymmetric encryption algorithm to encrypt the first session key and the ID of the primary station to generate second private information, and combining the first random number and the second private information to generate a first response message; a first sending unit, configured to Send the first response message to the primary station, so that the primary station performs a key negotiation operation on the first random number based on a symmetric encryption algorithm to generate a second session key, and determines that the second session key is the same as the first session key. Then save the first session key to complete the session key negotiation.
根据本发明实施例的终端,通过采用对称加密算法与非对称加密算法相结合的方式与主站进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。According to the terminal according to the embodiment of the present invention, the session key is obtained through session key negotiation with the main station by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, thereby ensuring the randomness, diversity and security of the session key generation. , thus providing a secure basis for subsequent data interaction and conducive to improving the security of data interaction.
为达到上述目的,本发明第五方面实施例提出了一种计算机可读存储介质,用于存储计算机程序,计算机程序被处理器执行时实现上述第一方面实施例的方法或者上述第二方面实施例的方法。In order to achieve the above object, a fifth embodiment of the present invention provides a computer-readable storage medium for storing a computer program. When the computer program is executed by a processor, the method of the first embodiment or the implementation of the second aspect is implemented. Example method.
根据本发明实施例的计算机可读存储介质,通过采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。According to the computer-readable storage medium of the embodiment of the present invention, the session key is obtained through session key negotiation by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, thereby ensuring the randomness, diversity and security of the session key generation. This provides a secure basis for subsequent data interaction and is conducive to improving the security of data interaction.
本发明附加的方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本发明的实践了解到。Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
附图说明Description of the drawings
图1为根据本发明第一个实施例的数据交互方法的流程图;Figure 1 is a flow chart of a data interaction method according to the first embodiment of the present invention;
图2为根据本发明第一个实施例的会话密钥协商的过程示意图;Figure 2 is a schematic diagram of the session key negotiation process according to the first embodiment of the present invention;
图3为根据本发明第一个实施例的主站对终端认证的流程图;Figure 3 is a flow chart of terminal authentication by the master station according to the first embodiment of the present invention;
图4为根据本发明第一个实施例的主站对终端认证的过程示意图;Figure 4 is a schematic diagram of the process of terminal authentication by the master station according to the first embodiment of the present invention;
图5为根据本发明第一个实施例的终端对主站认证的过程示意图;Figure 5 is a schematic diagram of the process of terminal authentication to the primary station according to the first embodiment of the present invention;
图6为根据本发明第二个实施例的数据交互方法的流程图;Figure 6 is a flow chart of a data interaction method according to the second embodiment of the present invention;
图7为根据本发明实施例的主站的示意图;Figure 7 is a schematic diagram of a master station according to an embodiment of the present invention;
图8为根据本发明实施例的终端的示意图。Figure 8 is a schematic diagram of a terminal according to an embodiment of the present invention.
具体实施方式Detailed ways
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,旨在用于解释本发明,而不能理解为对本发明的限制。Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals throughout represent the same or similar elements or elements with the same or similar functions. The embodiments described below with reference to the drawings are exemplary and are intended to explain the present invention and are not to be construed as limiting the present invention.
下面参考附图描述本发明实施例提出的数据交互方法、主站、终端及计算机可读存储介质。The following describes the data interaction method, main station, terminal and computer-readable storage medium proposed by the embodiment of the present invention with reference to the accompanying drawings.
在本申请中,主站与终端的交互过程可分成三步:第一步是主站与终端之间的会话密钥协商以获得会话密钥;第二步是使用协商获得的会话密钥进行认证操作;第三步是在认证通过后,使用协商获得的会话密钥进行数据传输。In this application, the interaction process between the master station and the terminal can be divided into three steps: the first step is the session key negotiation between the master station and the terminal to obtain the session key; the second step is to use the session key obtained through negotiation. Authentication operation; the third step is to use the negotiated session key for data transmission after the authentication is passed.
图1为根据本发明第一个实施例的数据交互方法的流程图,该流程图是从主站的角度描述的,该数据交互方法包括以下步骤:Figure 1 is a flow chart of a data interaction method according to the first embodiment of the present invention. The flow chart is described from the perspective of the master station. The data interaction method includes the following steps:
步骤S101,主站向终端发送第一报文,第一报文是主站利用非对称加密算法对主站和终端的ID进行加密生成第一私密信息,并将第一私密信息与主站和终端的ID合并生成的。Step S101, the master station sends a first message to the terminal. The first message is that the master station uses an asymmetric encryption algorithm to encrypt the IDs of the master station and the terminal to generate first private information, and combines the first private information with the master station and the terminal. Generated by merging the terminal IDs.
具体而言,参考图2所示,在进行会话密钥协商时,主站先获取自身的ID以及需要进行数据交互的终端的ID,并利用预置的非对称加密算法对自身和终端的ID进行加密生成第一私密信息,例如利用非对称密钥对中的私钥对自身和终端的ID进行数字签名形成签名S1即第一私密信息。然后,主站将自身的ID、终端的ID和第一私密信息进行合并生成第一报文发送给终端。Specifically, as shown in Figure 2, when performing session key negotiation, the master station first obtains its own ID and the ID of the terminal that needs to perform data interaction, and uses the preset asymmetric encryption algorithm to compare the IDs of itself and the terminal. Encryption is performed to generate the first private information. For example, the private key in the asymmetric key pair is used to digitally sign the IDs of itself and the terminal to form a signature S1, which is the first private information. Then, the master station combines its own ID, the terminal's ID and the first private information to generate a first message and sends it to the terminal.
步骤S102,主站接收终端发送的第一应答报文,第一应答报文中携带有终端生成的第一随机数,和,终端基于对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥、并基于非对称加密算法对第一会话密钥和主站的ID进行加密生成的第二私密信息。Step S102: The master station receives the first response message sent by the terminal. The first response message carries the first random number generated by the terminal, and the terminal performs a key negotiation operation on the first random number based on the symmetric encryption algorithm to generate the second random number. A session key, and second private information generated by encrypting the first session key and the ID of the primary station based on an asymmetric encryption algorithm.
具体而言,继续参考图2所示,在终端接收到主站发送的第一报文后,终端验证第一私密信息的正确性,例如利用预置的非对称密钥对中的公钥验证签名S1的正确性。在验证通过后,终端生成第一随机数R1,并利用预置的对称加密算法对第一随机数R1进行密钥协商操作生成第一会话密钥,以及利用预置的非对称加密算法对第一会话密钥和主站的ID进行加密生成第二私密信息,例如利用对称密钥对第一随机数R1采用预置的密钥协商算法进行操作,生成第一会话密钥Ks,并利用非对称密钥对中的私钥对第一会话密钥Ks和主站的ID进行数字签名形成签名S2即第二私密信息。然后,将第一随机数R1和第二私密信息合并成第一应答报文发送给主站。Specifically, continuing to refer to Figure 2, after the terminal receives the first message sent by the master station, the terminal verifies the correctness of the first private information, for example, using the public key in the preset asymmetric key pair. Correctness of signature S1. After passing the verification, the terminal generates the first random number R1, uses the preset symmetric encryption algorithm to perform a key negotiation operation on the first random number R1 to generate the first session key, and uses the preset asymmetric encryption algorithm to perform key negotiation on the first session key. A session key and the ID of the primary station are encrypted to generate the second private information. For example, a symmetric key is used to operate the first random number R1 using a preset key agreement algorithm to generate the first session key Ks, and the first random number R1 is generated using a non-symmetric key. The private key in the symmetric key pair digitally signs the first session key Ks and the ID of the primary station to form a signature S2, which is the second private information. Then, the first random number R1 and the second private information are combined into a first response message and sent to the main station.
步骤S103,主站验证第二私密信息和主站的ID的正确性,并在验证通过后利用对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,以及确定第二会话密钥与第一会话密钥是否相同,并在相同时保存第一会话密钥以完成会话密钥协商。Step S103: The primary station verifies the correctness of the second private information and the ID of the primary station, and after passing the verification, uses a symmetric encryption algorithm to perform a key negotiation operation on the first random number to generate a second session key, and determines the second session Whether the key is the same as the first session key, and if they are the same, the first session key is saved to complete the session key negotiation.
具体而言,主站在接收到终端发送的第一应答报文后,先验证第二私密信息和主站的ID的正确性,例如利用预置的非对称密钥对中的公钥验证签名S2的正确性,在验证通过后,对比接收到的终端发送的主站的ID和在步骤S101中获取的自身的ID是否相同,如果相同,则说明主站的ID正确。然后,主站利用预置的对称加密算法对第一随机数R1进行密钥协商操作生成第二会话密钥Ks’,例如利用对称密钥对第一随机数R1采用预置的与终端相同的密钥协商算法进行操作,生成第二会话密钥Ks’,并判断第二会话密钥Ks’与第一会话密钥Ks是否相同,如果相同,则保存第一会话密钥Ks,以便后续相互认证时使用,至此完成主站与终端之间的会话密钥协商。Specifically, after receiving the first response message sent by the terminal, the master station first verifies the correctness of the second private information and the ID of the master station, for example, using the public key in the preset asymmetric key pair to verify the signature. For the correctness of S2, after passing the verification, compare the received ID of the master station sent by the terminal and its own ID obtained in step S101 to see if they are the same. If they are the same, it means that the ID of the master station is correct. Then, the master station uses a preset symmetric encryption algorithm to perform a key negotiation operation on the first random number R1 to generate the second session key Ks'. For example, the main station uses a symmetric key to use the same preset key as the terminal for the first random number R1. The key agreement algorithm operates, generates the second session key Ks', and determines whether the second session key Ks' is the same as the first session key Ks. If they are the same, the first session key Ks is saved for subsequent mutual exchange. Used during authentication, the session key negotiation between the master station and the terminal is completed.
根据本发明实施例的数据交互方法,通过采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商获得会话密钥,保证了会话密钥产生的随机性、多样性及安全性,从而为后续数据交互提供了安全基础,有利于提高数据交互的安全性。According to the data interaction method of the embodiment of the present invention, the session key is obtained through session key negotiation by using a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm, thereby ensuring the randomness, diversity and security of the session key generation. This provides a secure basis for subsequent data interaction and is conducive to improving the security of data interaction.
根据本发明的一个实施例,参考图3所示,在会话密钥协商完成后,数据交互方法还包括以下步骤:According to an embodiment of the present invention, with reference to Figure 3, after the session key negotiation is completed, the data interaction method further includes the following steps:
步骤201,主站向终端发送第二报文,第二报文是主站利用第一会话密钥对主站生成的第二随机数进行加密生成第一加密密文,并将第一加密密文和第二随机数合并生成的。Step 201: The master station sends a second message to the terminal. In the second message, the master station uses the first session key to encrypt the second random number generated by the master station to generate a first encrypted ciphertext, and adds the first encrypted ciphertext to the terminal. generated by merging the text and the second random number.
具体地,在会话密钥协商完成后,可利用协商获得的第一会话密钥Ks由主站对终端进行认证操作。参考图4所示,此时主站可先生成第二随机数R2,并利用第一会话密钥Ks对第二随机数R2进行加密,得到第一加密密文,然后将第一加密密文和第二随机数R2合并生成第二报文发送给终端。Specifically, after the session key negotiation is completed, the primary station can use the first session key Ks obtained through the negotiation to perform an authentication operation on the terminal. Referring to Figure 4, at this time, the main station can first generate the second random number R2, and use the first session key Ks to encrypt the second random number R2 to obtain the first encrypted ciphertext, and then convert the first encrypted ciphertext into It is combined with the second random number R2 to generate a second message and sends it to the terminal.
步骤202,主站接收终端发送的第二应答报文,第二应答报文携带有终端利用非对称加密算法对第一随机数和第二随机数进行加密生成的第三私密信息。Step 202: The master station receives a second response message sent by the terminal. The second response message carries third private information generated by the terminal using an asymmetric encryption algorithm to encrypt the first random number and the second random number.
具体地,继续参考图4所示,在终端接收到主站发送的第二报文后,终端先利用预置的对称加密算法对第一加密密文进行解密得到第三随机数R3,例如利用对称密钥对第一加密密文进行解密得到第三随机数R3,并判断第三随机数R3与第二随机数R2是否相同,如果相同,则利用预置的非对称加密算法对第一随机数R1和第二随机数R2进行加密生成第三私密信息,例如利用非对称密钥对中的私钥对第一随机数R1和第二随机数R2进行数字签名形成签名S3即第三私密信息。然后,根据第三私密信息生成第二应答报文发送给主站。Specifically, continuing to refer to Figure 4, after the terminal receives the second message sent by the master station, the terminal first uses a preset symmetric encryption algorithm to decrypt the first encrypted ciphertext to obtain the third random number R3, for example, using The symmetric key decrypts the first encrypted ciphertext to obtain the third random number R3, and determines whether the third random number R3 and the second random number R2 are the same. If they are the same, use the preset asymmetric encryption algorithm to The number R1 and the second random number R2 are encrypted to generate the third private information. For example, the private key in the asymmetric key pair is used to digitally sign the first random number R1 and the second random number R2 to form the signature S3, which is the third private information. . Then, a second response message is generated according to the third private information and sent to the main station.
步骤203,主站验证第三私密信息的正确性,并在验证通过后完成主站对终端的认证。Step 203: The main station verifies the correctness of the third private information, and completes the authentication of the terminal by the main station after passing the verification.
具体而言,在主站接收到终端发送的第二应答报文后,主站验证第三私密信息的正确性,例如利用第二随机数R2和会话协商时产生的第一随机数R1验证签名S3的正确性,在验证通过后,主站对终端认证成功,后续利用会话密钥协商中生成的第一会话密钥Ks进行数据传输等。Specifically, after the primary station receives the second response message sent by the terminal, the primary station verifies the correctness of the third private information, for example, using the second random number R2 and the first random number R1 generated during session negotiation to verify the signature. The correctness of S3, after passing the verification, the master station successfully authenticates the terminal, and subsequently uses the first session key Ks generated in the session key negotiation for data transmission, etc.
根据本发明实施例的数据交互方法,通过采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商和主站对终端的认证操作,以便在主站与终端之间建立安全链接,从而实现对两者之间的通信安全进行保护。According to the data interaction method of the embodiment of the present invention, a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm is used to perform session key negotiation and the primary station's authentication operation on the terminal, so as to establish a secure link between the primary station and the terminal. In this way, the communication security between the two can be protected.
根据本发明的一个实施例,在会话密钥协商完成后,数据交互方法还包括以下步骤:主站向终端发送第三报文,第三报文是主站利用非对称加密算法对第一随机数进行加密生成的第四私密信息和利用第一会话密钥对第一随机数进行加密生成的第二加密密文合并生成的,以便终端在验证第四私密信息和第一随机数正确后完成终端对主站的认证。According to an embodiment of the present invention, after the session key negotiation is completed, the data interaction method further includes the following steps: the master station sends a third message to the terminal, and the third message is the master station using an asymmetric encryption algorithm to The fourth private information generated by encrypting the number and the second encrypted ciphertext generated by encrypting the first random number using the first session key are combined and generated, so that the terminal can complete the process after verifying that the fourth private information and the first random number are correct. Authentication of the terminal to the main station.
具体地,在会话密钥协商完成后,可利用协商获得的第一会话密钥Ks由终端对主站进行认证操作。参考图5所示,此时主站可先利用预置的非对称加密算法对第一随机数R1进行加密生成的第四私密信息,并利用第一会话密钥Ks对第一随机数R1进行加密生成的第二加密密文,例如利用非对称密钥对中的私钥对第一随机数R1进行数字签名形成签名S4即第四私密信息,并利用第一会话密钥Ks对第一随机数R1进行加密生成的第二加密密文。然后,将第四私密信息和第二加密密文合并生成第三报文发送给终端。Specifically, after the session key negotiation is completed, the terminal can use the first session key Ks obtained through the negotiation to perform an authentication operation on the primary station. Referring to Figure 5, at this time, the main station can first use the preset asymmetric encryption algorithm to encrypt the fourth private information generated by the first random number R1, and use the first session key Ks to encrypt the first random number R1. The second encrypted ciphertext generated by encryption, for example, uses the private key in the asymmetric key pair to digitally sign the first random number R1 to form the signature S4, which is the fourth private information, and uses the first session key Ks to digitally sign the first random number R1. Number R1 is encrypted to generate the second encrypted ciphertext. Then, the fourth private information and the second encrypted ciphertext are combined to generate a third message and sent to the terminal.
终端在接收到主站发送的第三报文后,先利用预置的非对称加密算法验证第四私密信息的正确性,例如利用非对称密钥对中的公钥验证签名S4的正确性,在验证通过后,利用第一会话密钥Ks验证第一随机数R1的正确性,并在验证通过后,终端对主站认证成功,后续利用会话密钥协商中生成的第一会话密钥Ks进行数据传输等。After receiving the third message sent by the master station, the terminal first uses the preset asymmetric encryption algorithm to verify the correctness of the fourth private information, for example, uses the public key in the asymmetric key pair to verify the correctness of the signature S4, After the verification is passed, the first session key Ks is used to verify the correctness of the first random number R1. After the verification is passed, the terminal successfully authenticates the master station and subsequently uses the first session key Ks generated in the session key negotiation. Perform data transfer, etc.
根据本发明实施例的数据交互方法,通过采用对称加密算法与非对称加密算法相结合的方式进行会话密钥协商和主站对终端的认证操作,以便在主站与终端之间建立安全链接,从而实现对两者之间的通信安全进行保护。According to the data interaction method of the embodiment of the present invention, a combination of a symmetric encryption algorithm and an asymmetric encryption algorithm is used to perform session key negotiation and the primary station's authentication operation on the terminal, so as to establish a secure link between the primary station and the terminal. In this way, the communication security between the two can be protected.
需要说明的是,在实际应用中,可以根据实际应用安全需求来选择相应的认证方式。例如,仅通过主站对终端进行认证,或者仅通过终端对主站进行认证,或者同时通过主站对终端进行认证和通过终端对主站进行认证,认证方式越多安全性越高。It should be noted that in actual applications, the corresponding authentication method can be selected according to the actual application security requirements. For example, the terminal is authenticated only through the main station, or the main station is authenticated only through the terminal, or the terminal is authenticated through the main station and the main station is authenticated through the terminal at the same time. The more authentication methods, the higher the security.
根据本发明的一个实施例,在认证完成后,数据交互方法还包括以下步骤:主站利用第一会话密钥进行数据的加解密处理,并判断第一会话密钥的生命周期是否达到预设生命周期;如果是,主站则重新发起会话密钥协商。进一步地,根据本发明的一个实施例,主站判断第一会话密钥的生命周期是否达到预设生命周期,包括:主站判断第一会话密钥的使用次数是否达到预设次数;如果是,则判定第一会话密钥的生命周期达到预设生命周期。According to an embodiment of the present invention, after the authentication is completed, the data interaction method further includes the following steps: the master station uses the first session key to perform data encryption and decryption processing, and determines whether the life cycle of the first session key reaches the preset value. Life cycle; if yes, the master reinitiates session key negotiation. Further, according to an embodiment of the present invention, the main station determines whether the life cycle of the first session key reaches the preset life cycle, including: the main station determines whether the number of uses of the first session key reaches the preset number of times; if so , then it is determined that the life cycle of the first session key reaches the preset life cycle.
具体地,为了保证主站与终端之间会话的安全,在使用协商的会话密钥进行数据加密、解密处理时,可对会话密钥设置生命周期限制,例如当会话密钥的使用次数达到一定次数限制后,会话密钥失效,此时需要由主站重新发起一次会话密钥协商流程,以协商新的会话密钥。例如设置会话密钥的生命周期为10000次,那么会话密钥最多能使用10000次,10000次达到后,需要重新进行会话密钥协商,之后才能再次进行通信,从而保证了会话密钥的失效和安全。Specifically, in order to ensure the security of the session between the master station and the terminal, when using the negotiated session key for data encryption and decryption, a life cycle limit can be set on the session key. For example, when the session key is used a certain number of times, After the number of times is limited, the session key becomes invalid. At this time, the master station needs to re-initiate a session key negotiation process to negotiate a new session key. For example, if the life cycle of the session key is set to 10,000 times, then the session key can be used up to 10,000 times. After 10,000 times is reached, the session key negotiation needs to be re-negotiated before communication can be carried out again, thus ensuring the expiration of the session key and Safety.
在实际应用中,也可以设置主站与终端之间的通信次数,当通信次数达到次数限制后,会话密钥失效,此时由主站重新发起一次会话密钥协商流程。In practical applications, you can also set the number of communications between the master station and the terminal. When the number of communications reaches the limit, the session key becomes invalid. At this time, the master station re-initiates the session key negotiation process.
根据本发明实施例的数据交互方法,通过会话密钥协商、主站与终端之间的安全认证以及会话密钥生命周期的限制来保障主站与终端之间数据交互的安全性,并且在进行会话密钥协商以及主站与终端之间的安全认证时,采用对称加密算法和非对称加密算法相结合的方式,例如涉及签名、对称加密等安全机制,保证了主站与终端之间链接建立的安全性,从而实现对主站与终端之间通信安全的保护,大大提高了数据交互的安全性。同时,在进行会话密钥协商时,采用密钥协商算法分散出会话密钥,保证了密钥产生的随机性和多样性。According to the data interaction method of the embodiment of the present invention, the security of data interaction between the main station and the terminal is ensured through session key negotiation, security authentication between the main station and the terminal, and restriction of the session key life cycle, and is carried out Session key negotiation and security authentication between the master station and the terminal use a combination of symmetric encryption algorithms and asymmetric encryption algorithms, such as signatures, symmetric encryption and other security mechanisms to ensure the establishment of a link between the master station and the terminal. The security of the communication between the main station and the terminal is protected, and the security of data interaction is greatly improved. At the same time, when performing session key negotiation, the key agreement algorithm is used to disperse the session key, ensuring the randomness and diversity of key generation.
上文是从主站的角度对本发明提出的数据交互方法进行了解释说明,下文将从终端的角度对本发明提出的数据交互方法进行解释说明。The above is an explanation of the data interaction method proposed by the present invention from the perspective of the main station, and the following is an explanation of the data interaction method proposed by the present invention from the perspective of the terminal.
图6为根据本发明第二个实施例的数据交互方法的流程图,该流程图是从终端的角度描述的,该数据交互方法包括以下步骤:Figure 6 is a flow chart of a data interaction method according to the second embodiment of the present invention. The flow chart is described from the perspective of a terminal. The data interaction method includes the following steps:
步骤301,终端接收主站发送的第一报文,第一报文携带有主站和终端的ID,和,主站利用非加密算法对主站和终端的ID进行加密生成的第一私密信息。Step 301: The terminal receives the first message sent by the master station. The first message carries the IDs of the master station and the terminal, and the master station uses a non-encryption algorithm to encrypt the IDs of the master station and the terminal to generate first private information. .
步骤302,终端验证第一私密信息的正确性,并在验证通过后生成第一随机数,以及利用对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥,并利用非对称加密算法对第一会话密钥和主站的ID进行加密生成第二私密信息,以及将第一随机数和第二私密信息合并生成第一应答报文发送给主站,以便主站基于对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,并在确定第二会话密钥与第一会话密钥相同后保存第一会话密钥以完成会话密钥协商。Step 302: The terminal verifies the correctness of the first private information, and after passing the verification, generates a first random number, and uses a symmetric encryption algorithm to perform a key negotiation operation on the first random number to generate a first session key, and uses an asymmetric The encryption algorithm encrypts the first session key and the ID of the primary station to generate second private information, and combines the first random number and the second private information to generate a first response message and sends it to the primary station, so that the primary station can encrypt based on symmetric The algorithm performs a key agreement operation on the first random number to generate a second session key, and after determining that the second session key is the same as the first session key, saves the first session key to complete the session key agreement.
根据本发明的一个实施例,在会话密钥协商完成后,数据交互方法还包括:终端接收主站发送的第二报文,第二报文携带有主站生成的第二随机数和主站利用第一会话密钥对第二随机数进行加密生成的第一加密密文;终端对第一加密密文进行解密获得第三随机数,并确定第三随机数与第二随机数是否相同,以及在相同时利用非对称加密算法对第一随机数和第二随机数进行加密生成第三私密信息,并根据第三私密信息生成第二应答报文发送给主站,以便主站在验证第三私密信息正确后完成主站对终端的认证。According to an embodiment of the present invention, after the session key negotiation is completed, the data interaction method further includes: the terminal receives a second message sent by the master station, and the second message carries a second random number generated by the master station and a second message sent by the master station. The first encrypted ciphertext is generated by encrypting the second random number using the first session key; the terminal decrypts the first encrypted ciphertext to obtain the third random number, and determines whether the third random number is the same as the second random number, And at the same time, the first random number and the second random number are encrypted using an asymmetric encryption algorithm to generate third private information, and a second response message is generated based on the third private information and sent to the main station, so that the main station can verify the third private information. After the three private information are correct, the authentication of the terminal by the main station is completed.
根据本发明的一个实施例,在会话密钥协商完成后,数据交互方法还包括:终端接收主站发送的第三报文,第三报文携带有主站利用非对称加密算法对第一随机数进行加密生成的第四私密信息和利用第一会话密钥对第一随机数进行加密的第二加密密文;终端验证第四私密信息和第一随机数的正确性,并在验证通过后完成终端对主站的认证。According to an embodiment of the present invention, after the session key negotiation is completed, the data interaction method further includes: the terminal receives a third message sent by the master station, and the third message carries the first random message sent by the master station using an asymmetric encryption algorithm. The fourth private information generated by encrypting the first random number and the second encrypted ciphertext using the first session key to encrypt the first random number; the terminal verifies the correctness of the fourth private information and the first random number, and after passing the verification Complete the authentication of the terminal to the main station.
根据本发明的一个实施例,在认证完成后,数据交互方法还包括:终端利用第一会话密钥进行数据的加解密处理。According to an embodiment of the present invention, after the authentication is completed, the data interaction method further includes: the terminal uses the first session key to perform data encryption and decryption processing.
需要说明的是,关于本申请中应用于终端的数据交互方法的详细描述,请参考本申请中关于应用于主站的数据交互方法的描述,具体这里不再赘述。It should be noted that for a detailed description of the data interaction method applied to the terminal in this application, please refer to the description of the data interaction method applied to the master station in this application, which will not be described again here.
根据本发明实施例的数据交互方法,通过会话密钥协商、主站与终端之间的安全认证以及会话密钥生命周期的限制来保障主站与终端之间数据交互的安全性,并且在进行会话密钥协商以及主站与终端之间的安全认证时,采用对称加密算法和非对称加密算法相结合的方式,例如涉及签名、对称加密等安全机制,保证了主站与终端之间链接建立的安全性,从而实现对主站与终端之间通信安全的保护,大大提高了数据交互的安全性。同时,在进行会话密钥协商时,采用密钥协商算法分散出会话密钥,保证了密钥产生的随机性和多样性。According to the data interaction method of the embodiment of the present invention, the security of data interaction between the main station and the terminal is ensured through session key negotiation, security authentication between the main station and the terminal, and restriction of the session key life cycle, and is carried out Session key negotiation and security authentication between the master station and the terminal use a combination of symmetric encryption algorithms and asymmetric encryption algorithms, such as signatures, symmetric encryption and other security mechanisms to ensure the establishment of a link between the master station and the terminal. The security of the communication between the main station and the terminal is protected, and the security of data interaction is greatly improved. At the same time, when performing session key negotiation, the key agreement algorithm is used to disperse the session key, ensuring the randomness and diversity of key generation.
另外,本发明还提出了一种主站和一种终端。In addition, the present invention also provides a main station and a terminal.
图7为根据本发明实施例的主站的示意图,参考图7所示,该主站包括第一发送单元11、第一接收单元12和第一处理单元13,其中,第一发送单元11用于向终端发送第一报文,第一报文是第一处理单元13利用非对称加密算法对主站和终端的ID进行加密生成第一私密信息,并将第一私密信息与主站和终端的ID合并生成的;第一接收单元12用于接收终端发送的第一应答报文,第一应答报文中携带有终端生成的第一随机数,和,终端基于对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥、并基于非对称加密算法对第一会话密钥和主站的ID进行加密生成的第二私密信息;第一处理单元13用于验证第二私密信息和主站的ID的正确性,并在验证通过后利用对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,以及确定第二会话密钥与第一会话密钥是否相同,并在相同时保存第一会话密钥以完成会话密钥协商。Figure 7 is a schematic diagram of a master station according to an embodiment of the present invention. Referring to Figure 7, the master station includes a first sending unit 11, a first receiving unit 12 and a first processing unit 13, where the first sending unit 11 is In order to send the first message to the terminal, the first message is that the first processing unit 13 uses an asymmetric encryption algorithm to encrypt the IDs of the main station and the terminal to generate the first private information, and combines the first private information with the main station and the terminal. The first receiving unit 12 is used to receive the first response message sent by the terminal, the first response message carries the first random number generated by the terminal, and the terminal performs the first random number based on the symmetric encryption algorithm. Perform key agreement operation to generate a first session key, and encrypt the first session key and the ID of the primary station based on an asymmetric encryption algorithm to generate second private information; the first processing unit 13 is used to verify the second private information. information and the correctness of the ID of the primary station, and after passing the verification, use a symmetric encryption algorithm to perform a key negotiation operation on the first random number to generate a second session key, and determine whether the second session key is the same as the first session key. The same, and when the same, save the first session key to complete the session key negotiation.
根据本发明的一个实施例,主站还包括第二发送单元、第二接收单元、随机数生成单元和第二处理单元,其中,第二发送单元用于在会话密钥协商完成后向终端发送第二报文,第二报文是第二处理单元利用第一会话密钥对随机数生成单元生成的第二随机数进行加密生成第一加密密文、并将第一加密密文和第二随机数合并生成的;第二接收单元用于接收终端发送的第二应答报文,第二应答报文携带有终端利用非对称加密算法对第一随机数和第二随机数进行加密生成的第三私密信息;第二处理单元,用于验证第三私密信息的正确性,并在验证通过后完成主站对终端的认证。According to an embodiment of the present invention, the main station further includes a second sending unit, a second receiving unit, a random number generating unit and a second processing unit, wherein the second sending unit is used to send a message to the terminal after the session key negotiation is completed. The second message is that the second processing unit uses the first session key to encrypt the second random number generated by the random number generation unit to generate the first encrypted ciphertext, and combines the first encrypted ciphertext and the second Generated by merging random numbers; the second receiving unit is used to receive a second response message sent by the terminal, and the second response message carries a third random number generated by the terminal using an asymmetric encryption algorithm to encrypt the first random number and the second random number. Three private information; the second processing unit is used to verify the correctness of the third private information, and complete the authentication of the terminal by the main station after the verification is passed.
根据本发明的一个实施例主站还包括第三发送单元和第三处理单元,其中,第三发送单元,用于在会话密钥协商完成后向终端发送第三报文,第三报文是第三处理单元利用非对称加密算法对第一随机数进行加密生成的第四私密信息和利用第一会话密钥对第一随机数进行加密生成的第二加密密文合并生成的,以便终端在验证第四私密信息和第一随机数正确后完成终端对主站的认证。According to an embodiment of the present invention, the master station further includes a third sending unit and a third processing unit, wherein the third sending unit is used to send a third message to the terminal after the session key negotiation is completed, and the third message is The third processing unit uses an asymmetric encryption algorithm to encrypt the first random number and generates the fourth private information and the second encrypted ciphertext generated by using the first session key to encrypt the first random number, so that the terminal can After verifying that the fourth private information and the first random number are correct, the terminal authenticates the main station.
根据本发明的一个实施例,主站还包括:第四处理单元,用于利用第一会话密钥进行数据的加解密处理,并判断第一会话密钥的生命周期是否达到预设生命周期,如果是,则由第一发送单元重新发起会话密钥协商。According to an embodiment of the present invention, the main station further includes: a fourth processing unit, used to use the first session key to perform data encryption and decryption processing, and determine whether the life cycle of the first session key reaches the preset life cycle, If yes, the first sending unit reinitiates session key negotiation.
根据本发明的一个实施例,第四处理单元判断第一会话密钥的使用次数是否达到预设次数,如果是,则判定第一会话密钥的生命周期达到预设生命周期。According to an embodiment of the present invention, the fourth processing unit determines whether the number of uses of the first session key reaches a preset number of times, and if so, determines that the life cycle of the first session key reaches the preset life cycle.
需要说明的是,关于本申请中主站的详细描述,请参考本申请中关于数据交互方法的描述,具体这里不再赘述。It should be noted that, for the detailed description of the main station in this application, please refer to the description of the data interaction method in this application, and the details will not be repeated here.
根据本发明实施例的主站,通过会话密钥协商、主站与终端之间的安全认证以及会话密钥生命周期的限制来保障主站与终端之间数据交互的安全性,并且在进行会话密钥协商以及主站与终端之间的安全认证时,采用对称加密算法和非对称加密算法相结合的方式,例如涉及签名、对称加密等安全机制,保证了主站与终端之间链接建立的安全性,从而实现对主站与终端之间通信安全的保护,大大提高了数据交互的安全性。同时,在进行会话密钥协商时,采用密钥协商算法分散出会话密钥,保证了密钥产生的随机性和多样性。According to the master station according to the embodiment of the present invention, the security of data interaction between the master station and the terminal is guaranteed through session key negotiation, security authentication between the master station and the terminal, and the restriction of the session key life cycle, and during the session Key negotiation and security authentication between the master station and the terminal use a combination of symmetric encryption algorithms and asymmetric encryption algorithms, such as signatures, symmetric encryption and other security mechanisms, to ensure that the link between the master station and the terminal is established. Security, thereby protecting the communication security between the main station and the terminal, and greatly improving the security of data interaction. At the same time, when performing session key negotiation, the key agreement algorithm is used to disperse the session key, ensuring the randomness and diversity of key generation.
图8为根据本发明实施例的终端的示意图,参考图8所示,该终端包括第一接收单元21、随机数生成单元22、第一处理单元23和第一发送单元24,其中,第一接收单元21用于接收主站发送的第一报文,第一报文携带有主站和终端的ID,和,主站利用非加密算法对主站和终端的ID进行加密生成的第一私密信息;第一处理单元23用于验证第一私密信息的正确性,并在验证通过后通过随机数生成单元22生成第一随机数,以及利用对称加密算法对第一随机数进行密钥协商操作生成第一会话密钥,并利用非对称加密算法对第一会话密钥和主站的ID进行加密生成第二私密信息,以及将第一随机数和第二私密信息合并生成第一应答报文;第一发送单元24于将第一应答报文发送给主站,以便主站基于对称加密算法对第一随机数进行密钥协商操作生成第二会话密钥,并在确定第二会话密钥与第一会话密钥相同后保存第一会话密钥以完成会话密钥协商。Figure 8 is a schematic diagram of a terminal according to an embodiment of the present invention. Referring to Figure 8, the terminal includes a first receiving unit 21, a random number generating unit 22, a first processing unit 23 and a first sending unit 24, wherein the first The receiving unit 21 is configured to receive a first message sent by the master station. The first message carries the IDs of the master station and the terminal, and the master station uses a non-encryption algorithm to encrypt the IDs of the master station and the terminal to generate a first secret. Information; the first processing unit 23 is used to verify the correctness of the first private information, and after passing the verification, generate a first random number through the random number generation unit 22, and use a symmetric encryption algorithm to perform a key agreement operation on the first random number Generate a first session key, use an asymmetric encryption algorithm to encrypt the first session key and the ID of the primary station to generate second private information, and combine the first random number and the second private information to generate a first response message ; The first sending unit 24 sends the first response message to the main station, so that the main station performs a key negotiation operation on the first random number based on the symmetric encryption algorithm to generate a second session key, and determines the second session key. After being the same as the first session key, the first session key is saved to complete the session key negotiation.
根据本发明的一个实施例,终端还包括第二接收单元、第二处理单元和第二发送单元,其中,第二接收单元用于接收主站在会话密钥协商完成后发送的第二报文,第二报文携带有主站生成的第二随机数和主站利用第一会话密钥对第二随机数进行加密生成的第一加密密文;第二处理单元,用于对第一加密密文进行解密获得第三随机数,并确定第三随机数与第二随机数是否相同,以及在相同时利用非对称加密算法对第一随机数和第二随机数进行加密生成第三私密信息,并根据第三私密信息生成第二应答报文;第二发送单元,用于将第二应答报文发送给主站,以便主站在验证第三私密信息正确后完成主站对终端的认证。According to an embodiment of the present invention, the terminal further includes a second receiving unit, a second processing unit and a second sending unit, wherein the second receiving unit is used to receive a second message sent by the master station after the session key negotiation is completed. , the second message carries the second random number generated by the master station and the first encrypted ciphertext generated by the master station using the first session key to encrypt the second random number; the second processing unit is used to encrypt the first Decrypt the ciphertext to obtain a third random number, determine whether the third random number and the second random number are the same, and use an asymmetric encryption algorithm to encrypt the first random number and the second random number to generate the third private information if they are the same. , and generate a second response message based on the third private information; the second sending unit is used to send the second response message to the main station, so that the main station can complete the authentication of the terminal after verifying that the third private information is correct. .
根据本发明的一个实施例,终端还包括第三接收单元和第三处理单元,其中,第三接收单元,用于接收主站发送的第三报文,第三报文携带有主站利用非对称加密算法对第一随机数进行加密生成的第四私密信息和利用第一会话密钥对第一随机数进行加密的第二加密密文;第三处理单元,用于验证第四私密信息和第一随机数的正确性,并在验证通过后完成终端对主站的认证。According to an embodiment of the present invention, the terminal further includes a third receiving unit and a third processing unit, wherein the third receiving unit is used to receive a third message sent by the master station, and the third message carries a non-transformation message used by the master station. The fourth private information generated by encrypting the first random number using the symmetric encryption algorithm and the second encrypted ciphertext using the first session key to encrypt the first random number; a third processing unit for verifying the fourth private information and The correctness of the first random number, and after passing the verification, the terminal authenticates the main station.
根据本发明的一个实施例,终端还包括:第四处理单元,用于利用第一会话密钥进行数据的加解密处理。According to an embodiment of the present invention, the terminal further includes: a fourth processing unit, configured to use the first session key to perform data encryption and decryption processing.
需要说明的是,关于本申请中终端的详细描述,请参考本申请中关于数据交互方法的描述,具体这里不再赘述。It should be noted that, for a detailed description of the terminal in this application, please refer to the description of the data interaction method in this application, which will not be described again here.
根据本发明实施例的终端,通过会话密钥协商、主站与终端之间的安全认证以及会话密钥生命周期的限制来保障主站与终端之间数据交互的安全性,并且在进行会话密钥协商以及主站与终端之间的安全认证时,采用对称加密算法和非对称加密算法相结合的方式,例如涉及签名、对称加密等安全机制,保证了主站与终端之间链接建立的安全性,从而实现对主站与终端之间通信安全的保护,大大提高了数据交互的安全性。同时,在进行会话密钥协商时,采用密钥协商算法分散出会话密钥,保证了密钥产生的随机性和多样性。The terminal according to the embodiment of the present invention ensures the security of data interaction between the main station and the terminal through session key negotiation, security authentication between the main station and the terminal, and restriction of the life cycle of the session key, and performs session encryption. During key negotiation and security authentication between the master station and the terminal, a combination of symmetric encryption algorithm and asymmetric encryption algorithm is used, such as involving signatures, symmetric encryption and other security mechanisms to ensure the security of the link establishment between the master station and the terminal. , thus realizing the protection of communication security between the main station and the terminal, and greatly improving the security of data interaction. At the same time, when performing session key negotiation, the key agreement algorithm is used to disperse the session key, ensuring the randomness and diversity of key generation.
此外,本发明的实施例还提出了一种计算机可读存储介质,用于存储计算机程序,计算机程序被处理器执行时实现上述的数据交互方法。In addition, embodiments of the present invention also provide a computer-readable storage medium for storing a computer program. When the computer program is executed by a processor, the above-mentioned data interaction method is implemented.
根据本发明实施例的可读存储介质,通过会话密钥协商、主站与终端之间的安全认证以及会话密钥生命周期的限制来保障主站与终端之间数据交互的安全性,并且在进行会话密钥协商以及主站与终端之间的安全认证时,采用对称加密算法和非对称加密算法相结合的方式,例如涉及签名、对称加密等安全机制,保证了主站与终端之间链接建立的安全性,从而实现对主站与终端之间通信安全的保护,大大提高了数据交互的安全性。同时,在进行会话密钥协商时,采用密钥协商算法分散出会话密钥,保证了密钥产生的随机性和多样性。According to the readable storage medium of the embodiment of the present invention, the security of data interaction between the primary station and the terminal is ensured through session key negotiation, security authentication between the primary station and the terminal, and restriction of the life cycle of the session key, and in When conducting session key negotiation and security authentication between the main station and the terminal, a combination of symmetric encryption algorithm and asymmetric encryption algorithm is used, such as involving signatures, symmetric encryption and other security mechanisms to ensure the link between the main station and the terminal. Establishing security to protect the communication security between the main station and the terminal, greatly improving the security of data interaction. At the same time, when performing session key negotiation, the key agreement algorithm is used to disperse the session key, ensuring the randomness and diversity of key generation.
需要说明的是,在流程图中表示或在此以其他方式描述的逻辑和/或步骤,例如,可以被认为是用于实现逻辑功能的可执行指令的定序列表,可以具体实现在任何计算机可读介质中,以供指令执行系统、装置或设备(如基于计算机的系统、包括处理器的系统或其他可以从指令执行系统、装置或设备取指令并执行指令的系统)使用,或结合这些指令执行系统、装置或设备而使用。就本说明书而言,"计算机可读介质"可以是任何可以包含、存储、通信、传播或传输程序以供指令执行系统、装置或设备或结合这些指令执行系统、装置或设备而使用的装置。计算机可读介质的更具体的示例(非穷尽性列表)包括以下:具有一个或多个布线的电连接部(电子装置),便携式计算机盘盒(磁装置),随机存取存储器(RAM),只读存储器(ROM),可擦除可编辑只读存储器(EPROM或闪速存储器),光纤装置,以及便携式光盘只读存储器(CDROM)。另外,计算机可读介质甚至可以是可在其上打印所述程序的纸或其他合适的介质,因为可以例如通过对纸或其他介质进行光学扫描,接着进行编辑、解译或必要时以其他合适方式进行处理来以电子方式获得所述程序,然后将其存储在计算机存储器中。It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered to be a sequenced list of executable instructions for implementing logical functions, which may be embodied in any computer. in a readable medium for use by, or in conjunction with, an instruction execution system, apparatus, or device (such as a computer-based system, a system including a processor, or other system that can retrieve and execute instructions from the instruction execution system, apparatus, or device) Used by instruction execution systems, devices or equipment. For the purposes of this specification, a "computer-readable medium" may be any device that can contain, store, communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. More specific examples (non-exhaustive list) of computer readable media include the following: electrical connections with one or more wires (electronic device), portable computer disk cartridges (magnetic device), random access memory (RAM), Read-only memory (ROM), erasable and programmable read-only memory (EPROM or flash memory), fiber optic devices, and portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium may even be paper or other suitable medium on which the program may be printed, as the paper or other medium may be optically scanned, for example, and subsequently edited, interpreted, or otherwise suitable as necessary. process to obtain the program electronically and then store it in computer memory.
应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that various parts of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if it is implemented in hardware, as in another embodiment, it can be implemented by any one or a combination of the following technologies known in the art: a logic gate circuit with a logic gate circuit for implementing a logic function on a data signal. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGA), field programmable gate arrays (FPGA), etc.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, reference to the terms "one embodiment," "some embodiments," "an example," "specific examples," or "some examples" or the like means that specific features are described in connection with the embodiment or example. , structures, materials or features are included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。在本发明的描述中,“多个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。In addition, the terms “first” and “second” are used for descriptive purposes only and cannot be understood as indicating or implying relative importance or implicitly indicating the quantity of indicated technical features. Therefore, features defined as "first" and "second" may explicitly or implicitly include at least one of these features. In the description of the present invention, "plurality" means at least two, such as two, three, etc., unless otherwise expressly and specifically limited.
在本发明中,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”、“固定”等术语应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或成一体;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通或两个元件的相互作用关系,除非另有明确的限定。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。In the present invention, unless otherwise clearly stated and limited, the terms "installation", "connection", "connection", "fixing" and other terms should be understood in a broad sense. For example, it can be a fixed connection or a detachable connection. , or integrated into one; it can be a mechanical connection or an electrical connection; it can be a direct connection or an indirect connection through an intermediate medium; it can be an internal connection between two elements or an interactive relationship between two elements, unless otherwise specified restrictions. For those of ordinary skill in the art, the specific meanings of the above terms in the present invention can be understood according to specific circumstances.
尽管上面已经示出和描述了本发明的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本发明的限制,本领域的普通技术人员在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。Although the embodiments of the present invention have been shown and described above, it can be understood that the above-mentioned embodiments are illustrative and should not be construed as limitations of the present invention. Those of ordinary skill in the art can make modifications to the above-mentioned embodiments within the scope of the present invention. The embodiments are subject to changes, modifications, substitutions and variations.
Claims (12)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010800673.0A CN112134694B (en) | 2020-08-11 | 2020-08-11 | Data interaction method, master station, terminal and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010800673.0A CN112134694B (en) | 2020-08-11 | 2020-08-11 | Data interaction method, master station, terminal and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112134694A CN112134694A (en) | 2020-12-25 |
| CN112134694B true CN112134694B (en) | 2024-01-23 |
Family
ID=73850279
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010800673.0A Active CN112134694B (en) | 2020-08-11 | 2020-08-11 | Data interaction method, master station, terminal and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112134694B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884659B (en) * | 2022-07-08 | 2022-10-25 | 北京智芯微电子科技有限公司 | Key agreement method, gateway, terminal device, storage medium |
| CN115202952B (en) * | 2022-09-15 | 2022-11-29 | 北京智芯微电子科技有限公司 | Method and system for testing cost control function of electric energy meter, test host and storage medium |
| CN116132043B (en) * | 2023-04-20 | 2023-06-23 | 北京智芯微电子科技有限公司 | Session key agreement method, device and equipment |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009065226A (en) * | 2007-09-04 | 2009-03-26 | Kddi Corp | Authenticated key exchange system, authenticated key exchange method and program |
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| KR20130015384A (en) * | 2011-08-03 | 2013-02-14 | 이윤규 | Data processing terminal, method of processing data therof, data processing system and method of processing data thereof |
| CN103095696A (en) * | 2013-01-09 | 2013-05-08 | 中国电力科学研究院 | Identity authentication and key agreement method suitable for electricity consumption information collection system |
| WO2014069778A1 (en) * | 2012-10-31 | 2014-05-08 | 삼성에스디에스 주식회사 | Id-based encryption and decryption method, and apparatus for executing same |
| US8966267B1 (en) * | 2014-04-08 | 2015-02-24 | Cloudflare, Inc. | Secure session capability using public-key cryptography without access to the private key |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| CN106850207A (en) * | 2017-02-28 | 2017-06-13 | 南方电网科学研究院有限责任公司 | CA-free identity authentication method and system |
| CN107508796A (en) * | 2017-07-28 | 2017-12-22 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| WO2018046014A1 (en) * | 2016-09-12 | 2018-03-15 | 中国移动通信有限公司研究院 | Information processing method, apparatus, electronic device and computer storage medium |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| WO2018119852A1 (en) * | 2016-12-29 | 2018-07-05 | Gemalto Smart Cards Technology Co., Ltd. | Method for mutual authentication between device and secure element |
| CN108809645A (en) * | 2018-07-24 | 2018-11-13 | 南方电网科学研究院有限责任公司 | Key negotiation method and device and power distribution automation system |
| CN109756329A (en) * | 2019-01-15 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation shared key machinery of consultation and system based on private key pond |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005050908A1 (en) * | 2003-10-29 | 2005-06-02 | Argelcom Limited | A secure cryptographic communication system using kem-dem |
-
2020
- 2020-08-11 CN CN202010800673.0A patent/CN112134694B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2009065226A (en) * | 2007-09-04 | 2009-03-26 | Kddi Corp | Authenticated key exchange system, authenticated key exchange method and program |
| CN101459506A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Cipher key negotiation method, system, customer terminal and server for cipher key negotiation |
| KR20130015384A (en) * | 2011-08-03 | 2013-02-14 | 이윤규 | Data processing terminal, method of processing data therof, data processing system and method of processing data thereof |
| WO2014069778A1 (en) * | 2012-10-31 | 2014-05-08 | 삼성에스디에스 주식회사 | Id-based encryption and decryption method, and apparatus for executing same |
| CN103095696A (en) * | 2013-01-09 | 2013-05-08 | 中国电力科学研究院 | Identity authentication and key agreement method suitable for electricity consumption information collection system |
| US8966267B1 (en) * | 2014-04-08 | 2015-02-24 | Cloudflare, Inc. | Secure session capability using public-key cryptography without access to the private key |
| CN105871873A (en) * | 2016-04-29 | 2016-08-17 | 国家电网公司 | Security encryption authentication module for power distribution terminal communication and method thereof |
| WO2018046014A1 (en) * | 2016-09-12 | 2018-03-15 | 中国移动通信有限公司研究院 | Information processing method, apparatus, electronic device and computer storage medium |
| CN106603485A (en) * | 2016-10-31 | 2017-04-26 | 美的智慧家居科技有限公司 | Secret key negotiation method and device |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
| WO2018119852A1 (en) * | 2016-12-29 | 2018-07-05 | Gemalto Smart Cards Technology Co., Ltd. | Method for mutual authentication between device and secure element |
| CN106850207A (en) * | 2017-02-28 | 2017-06-13 | 南方电网科学研究院有限责任公司 | CA-free identity authentication method and system |
| CN107508796A (en) * | 2017-07-28 | 2017-12-22 | 北京明朝万达科技股份有限公司 | A kind of data communications method and device |
| CN108809645A (en) * | 2018-07-24 | 2018-11-13 | 南方电网科学研究院有限责任公司 | Key negotiation method and device and power distribution automation system |
| CN109756329A (en) * | 2019-01-15 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation shared key machinery of consultation and system based on private key pond |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112134694A (en) | 2020-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210323427A1 (en) | Electric Vehicle Charging Station System | |
| US10516654B2 (en) | System, apparatus and method for key provisioning delegation | |
| US10680835B2 (en) | Secure authentication of remote equipment | |
| CN108881224A (en) | Encryption method and related device for power distribution automation system | |
| CN112134694B (en) | Data interaction method, master station, terminal and computer readable storage medium | |
| CN101783800B (en) | Embedded system safety communication method, device and system | |
| CN112118223A (en) | Authentication method of master station and terminal, master station, terminal and storage medium | |
| CN108462573B (en) | A Flexible Quantum-Secure Mobile Communication Method | |
| CN114422115B (en) | A method, system, device and readable storage medium for power grid data encryption transmission | |
| CN111600854A (en) | Method for establishing security channel between intelligent terminal and server | |
| CN103685323A (en) | Method for realizing intelligent home security networking based on intelligent cloud television gateway | |
| CN103138939A (en) | Secret key use time management method based on credible platform module under cloud storage mode | |
| CN109450854A (en) | A kind of distribution terminal communication security protection method and system | |
| CN114244502B (en) | Signature key generation method, device and computer equipment based on SM9 algorithm | |
| CN101420686A (en) | Industrial wireless network security communication implementation method based on cipher key | |
| WO2021208549A1 (en) | Method and device for charging authentication | |
| WO2015003512A1 (en) | Concentrator, ammeter, and message processing method therefor | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| CN108960552A (en) | A kind of charging method and relevant device based on Spot Price | |
| CN114553404A (en) | Power distribution longitudinal encryption method and system based on quantum encryption | |
| CN118713833A (en) | Quantum-resistant security enhancements for the Open Identity Connection Protocol | |
| CN118450383A (en) | Network access method and system | |
| CN116015906B (en) | Node authorization method, node communication method and device for privacy calculation | |
| CN115834070B (en) | Lightweight fog-assisted V2G network anonymous identity authentication system, method and equipment | |
| CN105656623A (en) | Device for enhancing security of intelligent substation IED |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |