[go: up one dir, main page]

WO2009149579A1 - Secure communication method and apparatus based on ibe algorithm in the store and forward manner - Google Patents

Secure communication method and apparatus based on ibe algorithm in the store and forward manner Download PDF

Info

Publication number
WO2009149579A1
WO2009149579A1 PCT/CN2008/001117 CN2008001117W WO2009149579A1 WO 2009149579 A1 WO2009149579 A1 WO 2009149579A1 CN 2008001117 W CN2008001117 W CN 2008001117W WO 2009149579 A1 WO2009149579 A1 WO 2009149579A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
encrypted
server
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2008/001117
Other languages
French (fr)
Chinese (zh)
Inventor
胡志远
万志坤
骆志刚
金晓蓉
黄平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Alcatel Lucent SAS
Original Assignee
Alcatel Lucent Shanghai Bell Co Ltd
Alcatel Lucent SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent Shanghai Bell Co Ltd, Alcatel Lucent SAS filed Critical Alcatel Lucent Shanghai Bell Co Ltd
Priority to PCT/CN2008/001117 priority Critical patent/WO2009149579A1/en
Priority to CN200880129172.1A priority patent/CN102027704A/en
Publication of WO2009149579A1 publication Critical patent/WO2009149579A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Definitions

  • the present invention relates to a method and apparatus for establishing secure communication in a communication network, and more particularly to a method and apparatus for establishing end-to-end secure communication in a store-and-forward mode based on an identity identification encryption algorithm.
  • a user before establishing communication, a user must establish a secure channel with the communication partner to agree on what encryption algorithm to use and encryption and decryption keys, and in the subsequent communication process, according to the agreed encryption algorithm and encryption, The decryption key is used for encrypted communication to ensure the security of communication.
  • both parties need to negotiate the relevant keys (such as session key, session key) and encryption algorithms.
  • the session key can be generated by a random number or by a random number and a seed key, and sent out before the communication parties communicate. Once the session is interrupted, if either of the communicating parties is offline, these negotiated security information such as the session key will be invalid.
  • the TLS mechanism and Kerberos currently only support the security protection of real-time online communication, and cannot solve the problem of communication data security protection of offline storage and forwarding systems.
  • a mutual handshake in order to establish a secure channel, a mutual handshake, a negotiation encryption, a MAC (Message Authentication Code) algorithm, and a three-way handshake of a secret key based on one session of the communication session are required.
  • a mutual handshake in order to establish a secure channel, a mutual handshake, a negotiation encryption, a MAC (Message Authentication Code) algorithm, and a three-way handshake of a secret key based on one session of the communication session are required.
  • a MAC Message Authentication Code
  • the first handshake (H1) the user C sends a Client hello message to the server S;
  • the second handshake H2 the server S sends a SeverHelloDone message to the user C for interacting with the user C, Serverhello, Certificate ,
  • the session key is generated by the KDC (key distribution center). Therefore, the KDC knows the session key of all users. Once the information is leaked by the KDC, the information security of the user cannot be guaranteed. True end-to-end secure communication.
  • the present invention provides a new solution, as follows:
  • the first user equipment (sending device) used by the first user performs encryption processing based on information to be transmitted to generate an encrypted process. And transmitting, to the storage and forwarding server, the second user equipment (receiving device) used by the second user, receiving, by the first user, Encrypted processed information of a user equipment, based on received
  • a second user equipment used by a first user of a communication network for performing identity-based encryption based on a second user equipment used by a second user offline by a store-and-forward server
  • the method for secure communication includes the following steps: performing encryption processing based on information to be sent to generate encrypted processed information, and transmitting the encrypted processed information to the storage and forwarding server.
  • an identity-based encryption technology for a first user equipment used by a first user to be forwarded via a store-and-forward server in a second user equipment used by a second user of the communication network
  • the method for decrypting the encrypted information comprising the steps of: receiving encrypted processed information from the first user equipment used by the first user that is forwarded via the storage and forwarding server; The encrypted processed information is decrypted to restore the original unencrypted information.
  • a second user equipment used by a first user of a communication network for performing identity-based encryption technology with a second user equipment used by a second user offline by a store-and-forward server comprising: a first sending device, configured to perform an encryption process based on information to be transmitted, to generate encrypted processed information, and send the encrypted processed information to the Store and forward server.
  • an identity-based encryption technology for a first user equipment used by a first user to be forwarded via a store-and-forward server in a second user equipment used by a second user of the communication network.
  • the decrypting device for decrypting the encrypted information comprising: receiving means, configured to receive the encrypted processed information from the first user equipment used by the first user and forwarded by the storage and forwarding server; decryption processing And means for performing decryption processing on the received encrypted information based on the received information to restore the original unencrypted processed information.
  • the information is generated by the private information generator based on the user's request, that is, the generation time of the private key is different from the generation time of the public key. Therefore, the first in the identity-based encryption algorithm system is not required before the secure channel is established.
  • the first user equipment used by the user and the second user equipment used by the second user perform interaction with the security information related to establishing secure communication. Therefore, by adopting the technical solution provided by the present invention, the problem of offline secure communication is solved.
  • FIG. 1 is a schematic diagram of a process in which a TLS algorithm in the prior art performs a three-way handshake between a user and a server for establishing a secure communication;
  • FIG. 2 is a schematic diagram of a topological structure of a communication network in accordance with an embodiment of the present invention
  • FIG. 3 is a diagram of a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server, in accordance with an embodiment of the present invention.
  • FIG. 4 is a flow chart of a method for decrypting information encrypted by an identity-based encryption technology from a user equipment 1 forwarded by a store-and-forward server in a user equipment 2, in accordance with an embodiment of the present invention
  • FIG. 5 is a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server according to an embodiment of the present invention.
  • Figure 6 is a block diagram of an apparatus for decrypting information encrypted by an identity-based encryption technique from user equipment 1 forwarded via a store-and-forward server.
  • the PKG includes a master secret for generating personal IBE private information.
  • the PKG accepts the request message from the IBE system user to generate the IBE private information, and returns the IBE private information to the user after being authenticated by the user in an agreed manner.
  • a PKG can have multiple users, each with a public identity that identifies itself.
  • PPS Public Parameter Server
  • IBE system A system that includes an identity-based encryption algorithm for a private information generator, a public parameter server, a transmitting device, a receiving device, and the like.
  • Uniform Resource Identifier Every available resource on the Web. For example, HTML documents, images, video clips, programs, etc. are all passed by a generic resource identifier
  • URI Uniform Resource Identifier
  • a URI is generally composed of three parts:
  • a user can correspond to multiple user equipments. For example, if a user applies for a QQ account, the user can log in at home according to the QQ account, or log in at the Internet cafe. When logging in at home, the user device corresponding to the user is a home computer, and when logging in at the Internet cafe, The user equipment corresponding to the user is a computer of the Internet cafe.
  • the user A is the first user
  • the corresponding user equipment is the user equipment 1 (ie, the first user equipment used by the first user);
  • the user B is the second user
  • the corresponding user equipment is the user equipment. 2 (ie the second user device used by the second user).
  • this correspondence is only an example, and those skilled in the art can understand that one user can correspond to multiple user equipments, that is, the following situations are used.
  • User A is the computer that is logged in to the computer with the MSN account.
  • the corresponding user device is the mobile phone.
  • User equipment includes computers, cell phones, PDAs, and the like.
  • a user's user identity information is a globally unique ID or a unique ID in a closed domain. This ID is any unique string that directly represents the user's identity. It can be used by name, ID number, E. -mail address, SIM card number, mobile phone number (bind with user identity), device serial number, for example, the unique identifier of the computer used by the user (eg motherboard serial number, CPU serial number, etc., or a combination thereof), registered by the user at the server The username, for example, the MSN account, the QQ account, etc., or a combination thereof. According to the standard identity ID, the domain (such as country code, area code) and other identifiers (such as SIM card number, mobile phone number, etc.) of the user can be parsed.
  • ID is any unique string that directly represents the user's identity. It can be used by name, ID number, E. -mail address, SIM card number, mobile phone number (bind with user identity), device serial number, for example, the unique identifier of the computer used by the user (eg
  • the user A of the above is the ID of the user A, that is, the user A, when the user device used by the user A is a computer, a mobile phone or a PDA, or another user device logs in to the MSN service.
  • MSN account number is the ID of the user A, that is, the user A, when the user device used by the user A is a computer, a mobile phone or a PDA, or another user device logs in to the MSN service.
  • CEK Content Encryption Key
  • C EK encryption can be based on symmetric key algorithms such as DES (Data Encryption Standard) and AES (Advanced Encryption). .
  • the user equipment 1 (the first user equipment used by the first user) and the user equipment 2 (the second user equipment used by the second user) are two terminal user equipments that establish secure communication, which may be computer terminals or mobile phones.
  • the application scenario of the terminal may be, for example, two end user devices using MSN or QQ chat software.
  • the store-and-forward server 3 detects that the state of the user equipment 2 is offline (the person skilled in the art can understand that the store-and-forward server can be subdivided into a message communication server (MCS) and message and media storage. Server (Message and Media Storage, MMS),
  • EIE080032PCT MCS and MMS can be integrated in the same server, or they can be two separate servers.
  • the MCS is mainly responsible for detecting the status of the user equipment, whether it is offline or online; and the MMS is mainly responsible for storing the encrypted ciphertext forwarded by the user equipment, and the storage and forwarding server 3 notifies the user equipment 1 that it is encrypted and sent to the user equipment 2.
  • the processed information needs to be sent to the store-and-forward server, that is, the user device 1 transmits the encrypted processed information to the store-and-forward server 3 via the communication link 4.
  • the user equipment 1 when the user equipment 1 is a computer, the user equipment 1 is connected to the router and connected to the access equipment (DSLAM), and finally logically connected to the store-and-forward server 3.
  • DSLAM access equipment
  • the user equipment 1 When the user equipment 1 is a mobile phone user, the mobile phone user needs to perform wireless communication with the base station, and then finally communicate with the storage and forwarding server through a communication device such as a base station, and the communication link 4 is summarized.
  • the store-and-forward server 3 detects that the user equipment 2 is online, the store-and-forward server 3 forwards the encrypted processed information stored therein to the second user equipment 2 via the communication link 5.
  • the link connection between the store-and-forward server 3 and the user equipment 2 is not expanded, but is summarized directly by the communication link 5.
  • FIG. 3 is a diagram of a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server, in accordance with an embodiment of the present invention.
  • the user equipment 1 acquires the unified resource identifier of the public parameter server of the user B. Since the identity related information of User B is well known, the identity related information includes location identification information. For example, when user B is a mobile phone user and the identity related information is a phone number, the identity related information of the user B includes location identification information.
  • the IBE system may query the uniform resource identifier of the public parameter server corresponding to the user B.
  • step S11 the user equipment 1 locates the public parameter server by using the uniform resource identifier of the public parameter server.
  • step S12 the user equipment 1 performs mutual authentication with the public parameter server of the located user B.
  • the authentication of the user equipment 1 and the public parameter server may adopt a universal authentication method based on the network access authentication and the key agreement mechanism, that is, GBA (Generic).
  • the authentication process between the user equipment 1 and the public parameter server can be as follows: After receiving the public parameter request message from the user equipment 1 , the public parameter server checks whether there is a user A (using the user of User Equipment 1) corresponds to a valid pre-shared key (pre-shared key is a Unicode string), if there is no pre-shared key, the GBA process is initiated, the process is: BSF (bootstrap service) Function, Bootstrapping Server Function ) (Assume that the BSF and the public parameter server are combined into one physical device) Check whether there is a valid 5-way authentication vector (Authentication Vector) corresponding to User A (user using User Device 1).
  • BSF bootsstrap service
  • Bootstrapping Server Function a valid 5-way authentication vector
  • RAND Random Access Memory
  • CK Cipher Key
  • Kc Key
  • IK Integrity Key
  • the BSF has a 5-tuple or triplet authentication vector corresponding to User A, a set of authentication vectors is selected therefrom; if not, the BSF will obtain an authentication vector from the HSS (Home Subscriber Server) (please refer to 3GPP TS33 based) .220, 3GPP TS 33.102, 3GPP TS 33.103 and 3GPP TS 33.105 Diameter and MAP protocol), HSS will generate a 5-tuple or triplet authentication vector according to the capability of the terminal (User A), and then return to the BSF, where, The tuple authentication vector contains communication device authentication information (for example, RAND, RES), management device authentication information (for example, RAND, AUTN), and a security policy known by UE1 (for example, CK).
  • HSS Home Subscriber Server
  • the BSF and the user equipment 1 generate the pre-shared key in the same way (ie, the user equipment 1 derives the pre-shared key by IK, CK and other parameters in the same way as the BSF), and the BSF forwards the pre-shared key to Public parameter server.
  • User A and the public parameter server authenticate based on the pre-shared key using an associated authentication mechanism (such as HTTP Digest, PSK-TLS, etc.).
  • mutual authentication between user A and the public parameter server may also be based on PKIJBC or HTTP digest.
  • step S13 the user equipment 1 obtains the public parameters of the user B from the authenticated public parameter server.
  • Common parameters include elliptical algorithm curve identification, prime number, prime number,
  • the user equipment 1 encrypts the information to be sent by using the encrypted auxiliary information to generate information encrypted by the encrypted auxiliary information, and encrypts the encrypted auxiliary information with the obtained public key of the user B to generate a public information.
  • the encrypted auxiliary information after the key is encrypted, and the encrypted information encrypted by the encrypted auxiliary information and the encrypted auxiliary information encrypted by the public key are sent to the storage and forwarding server.
  • step S15 may be refined into the following sub-steps (not shown in FIG. 3):
  • the user equipment 1 generates the encryption assistance information randomly generated according to the local (for example, CEK, Content Encryption Key, content encryption key).
  • the information to be sent is encrypted to generate CEK-encrypted information.
  • different lengths of CE can be selected according to the length of the encryption algorithm.
  • step ⁇ the user equipment 1 transmits the CEK-encrypted information to the store-and-forward server.
  • step i the user equipment 1 encrypts the CEK with the user's public key to generate a CEK encrypted by the user B public key.
  • step ii the user equipment 1 transmits the CEK encrypted by the user B public key to the storage and forwarding server 3.
  • the user equipment 1 adds the CEK using the public key of the user B.
  • the information to be sent by the CEK is encrypted.
  • the CEK is based on a symmetric key encryption algorithm (such as the AES algorithm)
  • encrypting the information to be sent by the CEK can save the time required for encryption.
  • An asymmetric cryptosystem approach (such as a public-private key pair algorithm) requires a large amount of computation and is not suitable for encrypting large amounts of information.
  • the CEK itself has less information, so the CEK is encrypted with the public key in the asymmetric cryptosystem. Encrypting the information to be sent with CEK can also improve the efficiency as a whole, but because of the introduction of a new parameter CEK, it may bring Come to the complexity of the system.
  • step S 15 can be subdivided into the following sub-steps (shown in Figure 3):
  • Step S150 The user equipment 1 encrypts the information to be sent by using the acquired public key of the user B to generate information encrypted by the public key of the user B.
  • the user equipment 1 transmits the information encrypted by the public key of the user B to the store-and-forward server.
  • steps S10, S1, and S12 may be omitted, that is, corresponding to such a scenario, the user equipment 1 has previously established secure communication with the user B, and thus the user is stored in the user equipment 1.
  • the information of the public parameter server corresponding to B therefore, the user equipment 1 directly obtains the public parameters of the user B according to the information of the public parameter server corresponding to the user B stored therein.
  • steps S10, Sl1, S12 and S13 may each be omitted. That is, corresponding to such a scenario, the user equipment 1 has previously established secure communication with the user B, so the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter is not expired, and is still valid information. Therefore, in step S14, the user equipment 1 directly obtains the public key of the user B according to the public parameters of the user B and the identity related information of the user B.
  • the step of acquiring the encryption auxiliary information may be locally generated CEK information, or may be obtained from the outside, but for obtaining the situation from the outside, The security performance is not high, therefore, preferably, the auxiliary information is randomly generated from the local. It is to be noted that the acquisition step of the encryption auxiliary information is only required to be performed before the step of encrypting the information to be transmitted by using the CEK.
  • the store-and-forward server Before the store-and-forward server forwards the user device 1 to the user device 2, the store-and-forward server first detects whether the user device 2 is online. If the store-and-forward server detects that the user device 2 is online, it will store the data from the store-and-forward server. The information encrypted by the user equipment 1 of the user equipment 1 is forwarded to the user equipment 2. We understand that existing offline messages are also forwarded via the server.
  • step S20 the user B receives the encrypted auxiliary information from the user equipment 1 used by the user A, which is forwarded via the store-and-forward server.
  • the following uses the encrypted auxiliary information as the CEK as an example.
  • the encrypted information and the public key are used. Encrypted auxiliary information after encryption.
  • the store-and-forward server can simultaneously transmit the CEK-encrypted information and the CEK encrypted by the user B's public key to the user equipment 2, or can transmit the two separately.
  • the CEK can only be decrypted after the user equipment 2 receives the CEK encrypted by the user B's public key. Only after the user equipment 2 obtains the decrypted CEK can the received CEK encrypted information be decrypted.
  • the user equipment 2 After the user equipment 2 receives the CEK encrypted by the user B and the public key forwarded via the store-and-forward server, the user equipment 2 parses the public parameter server of the user B from the packet header of the information in step S21.
  • URI and locating the public parameter server of the user B according to the URI of the public parameter server of the user B, the user B and the public parameter server of the user B are mutually authenticated.
  • the specific authentication step refer to step S12 of FIG. 3 above.
  • User A and the public parameter server authentication process may be a general authentication method based on network access authentication and key agreement mechanism, GBA, PKI, ⁇ -based algorithm or HTTP digest, etc., and will not be described herein.
  • step S22 the user equipment 2 acquires the public parameters of the user B from the public parameter servers of the mutually authenticated user B.
  • User B's public parameters include the ellipse algorithm curve identifier, prime number, prime number, common base point, encrypted hash function, and so on.
  • the public parameter server of the user B also includes the policy information of the PKG, that is, in step S23, the user device 2 can obtain the URL of the user B's PKG from the public parameter server by interacting with the public parameter server.
  • step S24 the user equipment 2 locates the private information generator by using the uniform resource identifier of the private information generator.
  • step S25 the user equipment 2 and the private information generator perform mutual authentication.
  • the specific steps may refer to the authentication process of the user A and the public parameter server for step S12 in FIG. 3 above.
  • the authentication mechanism may be a universal authentication method based on network access authentication and key agreement mechanism, GBA, PKI, ⁇ -based algorithm or
  • step S26 the user equipment 2 acquires the private information of the user B from the mutually authenticated private information generator. Because the private information relates to the security of the user B, once the private information is leaked, it will cause immeasurable loss to the user B. Therefore, the private information should be transmitted to the user equipment 2 in a secure manner.
  • the encryption mechanism includes PKI, ⁇ , and the like.
  • private information is generated by the private information generator PKG and provided to the decrypted user. Is it necessary to generate a new private key for the session depending on whether the encrypted user uses a long-term public key or a short-term? Public key. This decision is influenced by system security policies and customer policies that enforce encryption.
  • PKG needs to maintain a database to store each private ID corresponding to the current system parameter configuration.
  • a key can be generated, used, revoked or removed after the end of its life cycle.
  • step S27 the user equipment 2 generates the private key of the user B according to the acquired public parameters of the user B, the private information of the user B, and the identity related information of the user B.
  • the user B's private key is also based on the IBE algorithm.
  • the specific algorithm for generating the user B's private key is related to the ietf organization (see http://www.ietf.org/rfc/rfc5091.txt http://wwwJetf.
  • step S28 the user equipment 2 decrypts the received CEK encrypted by the user B's public key using the private key of the user B to restore the CEK.
  • step S29 the user equipment 2 decrypts the received CEK-encrypted information with the restored CEK to restore the original information.
  • step S21 the user equipment 2 needs to rely on the steps.
  • the encrypted message obtained in S20 parses out the URI of User B's public parameter server.
  • the user equipment 2 can communicate directly with the IBE system to obtain the URI of the public parameter server corresponding to the user B, and further locate the public parameter server based on the URI of the obtained public parameter server. That is,
  • step S20 and step S21 there is no obvious sequence in step S20 and step S21.
  • the user equipment 2 completes the CEK-encrypted information of the user equipment 1 used by the user A forwarded via the store-and-forward server at the reception of step S20 and
  • the CEK encrypted by the public key also acquires the private key of the user B in step S27, and then proceeds to step S28, and uses the private key of the user B to decrypt the private key encrypted by the public key of the user B, Restore unencrypted CEK.
  • steps S21, S22 can all be omitted. That is, corresponding to such a scenario, the user equipment 2 has previously authenticated with the public parameter server, and the authentication has not expired, so step S21 can be omitted; and the user equipment 2 has acquired the user B from the public parameter server. The corresponding public parameter stores the public parameter corresponding to the user B in the user equipment 1, and the life cycle of the public parameter does not expire, and is still valid information. Therefore, step S22 can be omitted. Then, in step S23, the user equipment 2 directly obtains the uniform resource identifier of the private information generator from the public parameter server that has been mutually authenticated.
  • steps S23, S24, S25, S26 may be omitted.
  • the private information generator periodically updates the user's identity information with the corresponding private information, but the life cycle of a private message continues for a period of time. time. That is, there is a case where the user B has obtained the private information of the user B from the private information generator the previous time, and the private information has not expired, and is still valid. Therefore, in step S27, the user equipment 2 directly generates the private key of the user B according to the private information of the user B stored locally, the identity related information of the user B, and the public parameter of the user B stored locally.
  • the information to be sent in the user equipment 1 is encrypted
  • the information to be sent is directly encrypted using the public key of the user B
  • the encrypted information forwarded to the store-and-forward server is used.
  • the ciphertext encrypted by the public key of the user B correspondingly, step S28 and step S29 may be replaced with step S28, and the user equipment 2 encrypts the received information encrypted by the public key of the user B by using the private key of the user B. Decryption is performed to restore the original unencrypted information, that is, the information to be sent by the user A.
  • EIE080032PCT 5 is a user equipment 1 encrypting a CEK with a public key, encrypting the information to be transmitted with the CEK, and transmitting the public key encrypted CEK and the CEK encrypted information to the store and forward server according to an embodiment of the present invention.
  • the first encryption device 10 shown in FIG. 5 is located in each terminal device of the user equipment 1 shown in FIG. 1 , and includes a server identifier acquisition device 100, a server location device 101, and a first public parameter acquisition device 102.
  • the server identification obtaining means 100 acquires the uniform resource identifier of the public parameter server of the user B. Since the identity related information of User B is well known, the identity related information includes location identification information. For example, when the user B is a mobile phone user and the identity related information is a phone number, the identity related information of the user B includes location identification information (+86), and the IBE system can query according to the location identification information indicated by the identity related information.
  • the server locating device 101 locates the common resource identifier of the public parameter server acquired in the device 100 by the server, and locates the public parameter server.
  • the first server authentication device 1020 performs mutual authentication with the public parameter server of the located user B.
  • the authentication of the first server authentication device 1020 and the public parameter server may adopt a universal authentication method based on the network access authentication and the key agreement mechanism, that is, GBA (Generic Bootstrapping Authentication) (3GPP TS 33.220), the first server authentication.
  • GBA Generic Bootstrapping Authentication
  • the key agreement process between the device 1020 and the public parameter server may be as follows: After receiving the public parameter request message from the first server authentication device 102, the public parameter server checks whether it has a user ⁇ (using the user device 1) User) corresponding to the valid pre-shared key, if there is no pre-shared key, start the GBA process, the process is: BSF (Bootstrapping Server Function) (assuming BSF and public parameter server are set to one physical device) to see if they are User A (using user equipment
  • the user of 1) corresponds to a valid five-factor authentication vector (including: RAND, CK, IK, AUTN, RES) or a triplet authentication vector (including: RAND, Kc, RES).
  • CK Cipher Key
  • Kc are mainly used for encryption
  • IK Integrity Key
  • the BSF has a 5-tuple or triplet authentication vector corresponding to User A, a set of authentication vectors is selected therefrom; if not, the BSF will obtain an authentication vector from the HSS (Home Subscriber Server) (please refer to 3GPP TS33 based) .220, 3 GPP TS 33.102, 3GPP TS 33.103 and 3GPP TS 33.105 Diameter and MAP protocol), HSS will be able to generate a quintuple or triplet authentication vector and then return it to the BSF, where
  • the quintuple authentication vector contains communication device authentication information (for example, RAND, RES), management device authentication information (for example, RAND, AUTN), and a security policy known by UE1 (for example, CK).
  • the BSF then generates a pre-shared key in the same manner as the first server authentication device 1020, and the BSF forwards the pre-shared key to the public parameter server.
  • the first server authentication device 1020 and the public parameter server perform authentication based on the pre-shared key using an associated authentication mechanism (such as HTTP Digest PSK-TLS).
  • mutual authentication between user A and the public parameter server may also be based on PKI, IBC or HTTP digest.
  • the second public parameter obtaining means 1021 then acquires the public parameters of the user B from the authenticated public parameter server.
  • Common parameters include elliptical algorithm curve identification, prime numbers, prime numbers, common base points, encrypted hash functions, and more.
  • the public key obtaining means 103 then generates the public key of the user B based on the public parameters of the user B and the identity related information of the user B.
  • the specific algorithm for generating User B's public key is related to the ietf organization (see http: ⁇ www.ietf.org/rfc/rfc5091.txt,
  • the first transmitting device 104 encrypts the information to be transmitted by using the encrypted auxiliary information to generate the encrypted information of the encrypted auxiliary information, and encrypts the encrypted auxiliary information with the acquired public key of the user B to generate a public key encrypted.
  • the first transmitting device 104 can be refined into the following sub-devices (not shown in FIG. 5):
  • a third encryption device based on locally generated encrypted auxiliary information (for example, CEK
  • the information to be sent is encrypted to generate CEK-encrypted information.
  • different lengths of CEK can be selected according to the length of the encryption algorithm.
  • the CEK-encrypted information transmitting apparatus the user equipment 1 transmits the CEK-encrypted information to the store-and-forward server.
  • the fourth encryption device the user equipment 1 encrypts the CEK with the public key of the user B to generate a CEK: encrypted by the user B public key.
  • the information transmitting apparatus encrypted by the public key transmits the CEK encrypted by the user B public key to the store-and-forward server 3.
  • the content transmitted by the CEK-encrypted information transmitting apparatus must be generated by the third encrypting apparatus, and the content transmitted by the public key-encrypted information transmitting apparatus must be transmitted by the fourth encrypting apparatus.
  • the CEK-encrypted information transmitting device and the public key-encrypted information transmitting device may be combined into one second transmitting device, that is, the second transmitting device simultaneously encrypts the CEK-encrypted information and the public-key encrypted CEK. Send to the store-and-forward server 3.
  • the user equipment 1 encrypts the CEK with the user B public key, and encrypts the information to be sent by the CEK, considering that the CEK is based on a symmetric key encryption algorithm (such as the AES algorithm), so the CEK is used to be sent. Encryption of information can save time in encryption.
  • An asymmetric cryptosystem approach (such as a public-private keying algorithm) requires a large amount of computation and is not suitable for encrypting large amounts of information.
  • the CEK itself has less information, so the CEK is encrypted with the public key in the asymmetric cryptosystem.
  • the CEK encryption of the information to be sent as a whole can also improve efficiency, but because of the introduction of a new parameter CEK, the complexity of the system may be brought about.
  • we can also directly encrypt the information to be sent by the public key in the asymmetric cryptosystem that is, in a variant embodiment, the user equipment 1 directly uses the asymmetric cipher.
  • the public key in the system encrypts the information to be sent.
  • the first transmitting device 104 can be subdivided into the following sub-devices (shown in FIG. 5):
  • the second encrypting means encrypts the information to be transmitted by using the acquired public key of the user to generate the information encrypted by the user's public key.
  • the second transmitting device transmits the information encrypted by the user's public key to the storage forwarding server.
  • the user A accesses the public parameter server of the user B in the local area network through the VPN (Virtual Private Network), because the user A and the local area network are connected securely, at this time, the user A does not need to perform the interaction with the user B.
  • the first server authentication device 102 can be omitted, and the first common parameter acquisition device (not shown) directly obtains the public parameters of the user B from the public parameter server.
  • the server identification obtaining device 100, the server positioning device 101, and the first server authentication device 1020 may all be omitted, that is, corresponding to such a scenario, the user device 1 previously established secure communication with the user B. Therefore, the information of the public parameter server corresponding to the user B is stored in the user equipment 1. Therefore, the first public parameter obtaining means 102 directly acquires the public parameters of the user B according to the information of the public parameter server corresponding to the user B stored therein.
  • the server identification obtaining means 100, the server positioning means 101, the first server means 1020 and the second common parameter server 1021 may each be omitted. That is, corresponding to such a scenario, the user equipment 1 has previously established a secure communication with the user B, so the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter has not expired, and is still valid information. Therefore, public
  • the key obtaining means 103 directly acquires the public key of the user B according to the public parameter of the user B and the identity related information of the user B.
  • the first encryption device 10 further includes an encryption auxiliary information acquisition device, which may be locally generated CEK information, or may be externally acquired, but is secure for externally obtaining such a situation.
  • the performance is not high, therefore, preferably, the auxiliary information is randomly generated from the local.
  • the third encryption device encrypts the information to be sent according to the acquired CEK.
  • FIG. 6 in conjunction with FIG. 2 and FIG. 4, a block diagram of a device for decrypting information encrypted by the identity-based encryption technology from the user equipment 1 forwarded by the storage and forwarding server in the user equipment 2 of the present invention is specifically described. description.
  • the decryption device 20 shown in FIG. 6 is located in each terminal device exemplified by the user equipment 2 shown in FIG. 1, and includes a receiving device 200, a second server authentication device 201, a third public parameter obtaining device 202, and a generator identifier.
  • the acquisition device 2051; the decryption processing device 207 further includes an auxiliary information decryption device 2070 and an original information decryption device 2071.
  • the store-and-forward server Before the store-and-forward server forwards the user device 1 to the user device 2, the store-and-forward server first detects whether the user device 2 is online. If the store-and-forward server detects that the user device 2 is online, it will store the data from the store-and-forward server. The information encrypted by the user equipment 1 of the user equipment 1 is forwarded to the user equipment 2. We understand that existing offline messages are also forwarded via the server.
  • the information that the information sent by the user equipment 1 to the store-and-forward server is encrypted by the encrypted auxiliary information, and the encrypted auxiliary information encrypted by the public key is described as follows:
  • the receiving device 200 receives the encrypted auxiliary information from the user equipment 1 used by the user A, which is forwarded via the store-and-forward server, and the following is the encrypted auxiliary information.
  • the store-and-forward server can simultaneously transmit The CEK-encrypted information and the CEK encrypted by the user B's public key to the user equipment 2, and the two can also be transmitted separately.
  • the CEK can only be decrypted after the user equipment 2 receives the CEK encrypted by the user B's public key.
  • the received CEK-encrypted information can only be decrypted after the user equipment 2 has obtained the decrypted CEK.
  • the second server authentication device 201 receives the information packet header of the CEK encrypted by the public key of the user B.
  • the URI of the public parameter server of the user B is parsed, and the public parameter server of the user B is located according to the URI of the public parameter server of the user B.
  • the user B and the public parameter server of the user B perform mutual authentication, and the specific authentication step may be performed. Refer to the authentication process of the user A and the public parameter server for step S12 of FIG. 3 described above.
  • the mechanism for the authentication may be a universal authentication method based on network access authentication and key agreement mechanism, GBA, PKI, ⁇ -based algorithm or HTTP digest, etc., and will not be further described herein.
  • the third public parameter obtaining means 202 then acquires the public parameters of the user B from the public parameter server of the mutually authenticated user B.
  • User B's public parameters include the ellipse algorithm curve identifier, prime number, prime number, common base point, encrypted hash function, and so on.
  • the public parameter server of the user B also includes the policy information of the PKG, that is, the generator identifier obtaining means 203 can obtain the URL of the user B's PKG from the public parameter server by interacting with the public parameter server.
  • the generator identification locating device 204 user equipment 2 locates the private information generator through the uniform resource identifier of the private information generator.
  • the generator authentication device 2050 performs mutual authentication with the private information generator. Usually, because the privacy information of user B saved by the private information generator is used
  • the secure communication of the subscriber B is essential, and therefore mutual authentication between the generator authentication device 2050 and the private information generator PKG is required.
  • the specific steps may refer to the authentication process of the user A and the public parameter server for step S12 in FIG. 3 above.
  • the mechanism of the authentication may be a general authentication mode GBA, PKI, an IBE based algorithm, or an HTTP digest based on a network access authentication and a key agreement mechanism, and the like, and details are not described herein.
  • the second private information obtaining means 2051 acquires the private information of the user B from the mutually authenticated private information generator. Since the private information relates to the security of the user B, once the private information is leaked, it will cause immeasurable loss to the user B. Therefore, the private information should be transmitted to the user equipment 2 in a secure manner, for example, the encryption mechanism is PKL IBE.
  • private information is generated by the private information generator PKG and provided to the decrypted user. Is it necessary to generate a new private key for the session depending on whether the encrypted user uses a long-term public key or a short-term? Public key. This decision is influenced by system security policies and customer policies that enforce encryption.
  • PKG needs to maintain a database to store each private ID corresponding to the current system parameter configuration.
  • a key can be generated, used, revoked or removed after the end of its life cycle.
  • the private key obtaining means 206 generates the private key of the user B based on the acquired public parameters of the user B, the private information of the user B, and the identity related information of the user B.
  • the user B's private key is also based on the IBE algorithm.
  • the specific algorithm for generating the user B's private key is related to the ietf organization (see http://www.ietf.org/rfc/rfc5Q91.txt, http://wwwjetf).
  • the auxiliary information decrypting means 2070 decrypts the received CEK encrypted by the user B's public key using the private key of the user B to restore the CEK.
  • the original information decryption means 2071 decrypts the received CEK-encrypted information with the restored CEK to restore the original information.
  • the second server authentication apparatus 201 needs to resolve the URI of the public parameter server of the user B depending on the encrypted message acquired in the receiving apparatus 200.
  • the decryption device 20 can communicate directly with the IBE system to obtain the URI of the public parameter server corresponding to the user B, and further locate the public parameter server based on the URI of the acquired public parameter server. That is, there is no obvious sequence between the steps performed by the receiving device 200 and the second server authentication device 201 at this time, but only the receiving from the receiving device 200 is completed and the user A is forwarded via the store-and-forward server.
  • the public key encrypted CEK decrypts the private key to restore the unencrypted CEK.
  • both the second server authentication device 201 and the third public parameter acquisition device 202 may be omitted. That is, corresponding to such a scenario, the decryption device 20 has previously authenticated with the public parameter server, and the authentication has not expired, so the second server authentication device 201 can be omitted; and the decryption device 20 has been from the public parameter server.
  • the public parameter corresponding to the user B is obtained, and the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter is not expired, and is still valid information. Therefore, the third public parameter obtaining device 202 can omit .
  • the generator identification obtaining means 203 directly obtains the uniform resource identifier of the private information generator from the public parameter server that has been mutually authenticated.
  • generator identifier acquisition means 203, generator location means 204, generator authentication means 2050 and second private information acquisition means 2051 may be omitted.
  • the private information generator periodically updates the private information associated with the user's identity information, the life cycle of a private message lasts for a while. That is, there is a case where the user B has obtained the private information of the user B from the private information generator the previous time, and the private information has not expired, and is still valid. Therefore, the private key obtaining means 206 directly generates the private key of the user B according to the private information of the user B stored locally, the identity related information of the user B, and the public parameters of the locally stored user B.
  • EIE080032PCT In a modified embodiment, if the information to be sent in the user equipment 1 is encrypted, the information to be sent directly by the public key of the user B is encrypted, and the encrypted information forwarded to the storage and forwarding server is used.
  • User B's public key encrypted ciphertext correspondingly, auxiliary information decryption device 2070 and original information decryption device 2071 may be replaced with decryption processing device 207, and decryption processing device 207 uses user B's private key for the received user
  • the information encrypted by B's public key is decrypted to restore the original unencrypted information, that is, the information to be sent by user A.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Analysis (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The technical solution of the present invention is that: the first user device used by the first user performs an encryption process based on the information to be sent for generating the encryption processed information, and sends the encryption processed information to the store and forward server; the second user device used by the second user receives the encryption processed information forwarded by the store and forward server from the first user device used by the first user, and performs a decryption process based on the received encryption processed information to revert to the original unencrypted information. The problem about being unable to support the end to end secure communication in the store and forward manner when establishing a secure communication in the communication network in the prior art can be solved through the solution.

Description

存储转发方式下基于 IBE算法的  IBE algorithm based on store-and-forward mode

安全通信的方法和裝置 技术领域  Method and device for secure communication

本发明涉及通信网络中建立安全通信的方法和装置, 尤其涉及 基于身份标识加密算法建立存储转发方式下的端到端的安全通信的 方法和装置。 背景技术  The present invention relates to a method and apparatus for establishing secure communication in a communication network, and more particularly to a method and apparatus for establishing end-to-end secure communication in a store-and-forward mode based on an identity identification encryption algorithm. Background technique

在现有技术中, 用户在建立通信以前, 必须与通信对方建立安 全通道, 以约定使用怎样的加密算法及加密、 解密密钥, 并在以后 的通信过程中, 按照约定的加密算法和加密、 解密密钥进行加密通 信, 以保障通信的安全。  In the prior art, before establishing communication, a user must establish a secure channel with the communication partner to agree on what encryption algorithm to use and encryption and decryption keys, and in the subsequent communication process, according to the agreed encryption algorithm and encryption, The decryption key is used for encrypted communication to ensure the security of communication.

在现有技术中建立安全通道的加密方案中比较成熟的方案, 例 ^口 TLS(Transport Layer Security, 传输层安全)和 Kerberos , 目前无法 解决基于存储转发的 (即离线的) 端到端的安全保护问题。  In the prior art, a relatively mature scheme for establishing a secure channel encryption scheme, such as TLS (Transport Layer Security) and Kerberos, cannot solve the end-to-end security protection based on store-and-forward (ie, offline). problem.

为了建立安全通道, 通信双方需要协商所需要的相关密钥 (如 会话密钥, session key )和加密算法。 会话密钥可以是由一个随机数 或由一个随机数和种子密钥产生的, 并在通信双方进行通信之前分 发出去。 一旦会话中断, 如通信的双方中任一方离线, 这些协商好 的安全信息如会话密钥就失效。 TLS机制和 Kerberos 目前只支持实 时在线通信的安全保护, 还不能解决离线的存储和转发系统的通信 数据安全保护问题。  In order to establish a secure channel, both parties need to negotiate the relevant keys (such as session key, session key) and encryption algorithms. The session key can be generated by a random number or by a random number and a seed key, and sent out before the communication parties communicate. Once the session is interrupted, if either of the communicating parties is offline, these negotiated security information such as the session key will be invalid. The TLS mechanism and Kerberos currently only support the security protection of real-time online communication, and cannot solve the problem of communication data security protection of offline storage and forwarding systems.

具体地, 对于 TLS算法, 其为了建立安全通道, 需要进行基于 一个会话的通信双方相互认证、 协商加密和 MAC ( Message Authentication Code ) 算法以及保密密钥的三次握手。  Specifically, for the TLS algorithm, in order to establish a secure channel, a mutual handshake, a negotiation encryption, a MAC (Message Authentication Code) algorithm, and a three-way handshake of a secret key based on one session of the communication session are required.

具体如图 1所示, 第一次握手 (handshake)Hl , 用户 C向服务器 S发送 Client hello消息; 第二次握手 H2, 服务器 S向用户 C发送 SeverHelloDone消息, 用于与用户 C交互 Serverhello , Certificate,  Specifically, as shown in FIG. 1, the first handshake (H1), the user C sends a Client hello message to the server S; the second handshake H2, the server S sends a SeverHelloDone message to the user C for interacting with the user C, Serverhello, Certificate ,

1 EIE080032PCT ServerKeyExchange, CertificateRequest信息; 第三次握手 H3, 用户 C 向服务器 S 发送 Finished 消息, 同时交互 Certificate, ClientKeyExchange, Certificate Verify信息, 通过 3次握手, 才建立 安全通道。 1 EIE080032PCT ServerKeyExchange, CertificateRequest information; Third handshake H3, User C sends a Finished message to Server S, and simultaneously exchanges Certificate, ClientKeyExchange, and Certificate Verify information to establish a secure channel through 3 handshakes.

因此而一旦任一端用户离线, 会话就中断, 该安全通道就会中 断。  Therefore, once any user is offline, the session is interrupted and the secure channel is interrupted.

对于 Kerberos算法, 会话密钥由 KDC(key distribution center,密 钥分发中心)产生, 因此, KDC会知道所有用户通信的会话密钥, 一 旦 KDC发生信息泄漏, 就无法保障用户的信息安全, 无法实现真正 的端到端的安全通信。  For the Kerberos algorithm, the session key is generated by the KDC (key distribution center). Therefore, the KDC knows the session key of all users. Once the information is leaked by the KDC, the information security of the user cannot be guaranteed. True end-to-end secure communication.

此外,在现有的安全通信的应用领域,例如 QQ和 MSN shelK我 们知道,传统的 MSN messenger是以明文传输消息的, MSN shell 增 加了密文传输信息的功能) , 均支持在线的消息加密算法, 其中, MSN shell是基于 RSA算法对消息进行加密。 但是, 通信双方协商 的密钥及加密算法仅对双方的本次在线有效, 一旦用户下线后重新 上线, 该用户之前与对方协商的密钥和加密算法不再有效。 因此, 一旦一方处于离线状态, 汉方的消息传输只能以明文的方式进行传 输, 因此, 在现有的安全通信的即时消息的应用领域, 也不存在端 到端的 (即用户到用户) 消息存储转发的安全通信的机制。  In addition, in the existing application fields of secure communication, such as QQ and MSN shelK, we know that the traditional MSN messenger transmits messages in clear text, and the MSN shell adds the function of transmitting ciphertext information. Both support online message encryption algorithms. The MSN shell encrypts the message based on the RSA algorithm. However, the key and encryption algorithm negotiated by the two parties are valid only for the current online. Once the user goes offline and goes online again, the key and encryption algorithm negotiated by the user with the other party is no longer valid. Therefore, once a party is offline, the message transmission of the Chinese side can only be transmitted in clear text. Therefore, in the field of application of instant messaging for existing secure communication, there is no end-to-end (ie user-to-user) message. A mechanism for storing and forwarding secure communications.

也即, 现有技术的主要缺点在于: 不能支持存储和转发系统的 与离线用户的端到端的安全通信。 发明内容  That is, the main disadvantages of the prior art are: The end-to-end secure communication with the offline user of the storage and forwarding system cannot be supported. Summary of the invention

鉴于现有技术存在上述问题, 本发明提供了一种新的解决方案, 具体如下: 第一用户使用的第一用户设备 (发送设备) 基于待发送 的信息进行加密处理以生成经加密处理后的信息, 并将所述经加密 处理的信息发送至所述存储转发服务器; 第二用户使用的第二用户 设备 (接收设备) 接收经由所述存储转发服务器转发的来自所述第 一用户使用的第一用户设备的经加密处理后的信息, 基于已接收的  In view of the above problems in the prior art, the present invention provides a new solution, as follows: The first user equipment (sending device) used by the first user performs encryption processing based on information to be transmitted to generate an encrypted process. And transmitting, to the storage and forwarding server, the second user equipment (receiving device) used by the second user, receiving, by the first user, Encrypted processed information of a user equipment, based on received

2 EIE080032PCT 所述经加密处理后的信息进行解密处理, 以还原出原始未经加密处 理的信息。 2 EIE080032PCT The encrypted processed information is subjected to decryption processing to restore the original unencrypted processed information.

根据本发明的第一方面, 提供了一种通信网络的第一用户使用 的第一用户设备中用于经由存储转发服务器与离线的第二用户使用 的第二用户设备进行基于身份标识加密技术的安全通信的方法, 其 中, 包括以下步骤: 基于待发送的信息进行加密处.理, 以生成经加 密处理后的信息, 并将所述经加密处理的信息发送至所述存储转发 服务器。  According to a first aspect of the present invention, there is provided a second user equipment used by a first user of a communication network for performing identity-based encryption based on a second user equipment used by a second user offline by a store-and-forward server The method for secure communication includes the following steps: performing encryption processing based on information to be sent to generate encrypted processed information, and transmitting the encrypted processed information to the storage and forwarding server.

根据本发明的第二方面, 提供了一种通信网络的第二用户使用 的第二用户设备中用于对经由存储转发服务器转发的来自第一用户 使用的第一用户设备的基于身份标识加密技术加密后的信息进行解 密的方法, 其中, 包括以下步骤: 接收经由所述存储转发服务器转 发的来自所述第一用户使用的第一用户设备的经加密处理后的信 息; 基于已接收的所述经加密处理后的信息进行解密处理, 以还原 出原始未经加密处理的信息。  According to a second aspect of the present invention, there is provided an identity-based encryption technology for a first user equipment used by a first user to be forwarded via a store-and-forward server in a second user equipment used by a second user of the communication network The method for decrypting the encrypted information, comprising the steps of: receiving encrypted processed information from the first user equipment used by the first user that is forwarded via the storage and forwarding server; The encrypted processed information is decrypted to restore the original unencrypted information.

根据本发明的第三方面, 提供了一种通信网络的第一用户使用 的第一用户设备中用于经由存储转发服务器与离线的第二用户使用 的第二用户设备进行基于身份标识加密技术的安全通信的第一加密 装置, 其中, 包括: 第一发送装置, 用于基于待发送的信息进行加 密处理, 以生成经加密处理后的信息, 并将所述经加密处理的信息 发送至所述存储转发服务器。  According to a third aspect of the present invention, there is provided a second user equipment used by a first user of a communication network for performing identity-based encryption technology with a second user equipment used by a second user offline by a store-and-forward server. a first encryption device for secure communication, comprising: a first sending device, configured to perform an encryption process based on information to be transmitted, to generate encrypted processed information, and send the encrypted processed information to the Store and forward server.

根据本发明的第四方面, 提供了一种通信网络的第二用户使用 的第二用户设备中用于对经由存储转发服务器转发的来自第一用户 使用的第一用户设备的基于身份标识加密技术加密后的信息进行解 密的解密装置, 其中, 包括: 接收装置, 用于接收经由所述存储转 发服务器转发的来自所述第一用户使用的第一用户设备的经加密处 理后的信息; 解密处理装置, 用于基于已接收的所述经加密处理后 的信息进行解密处理, 以还原出原始未经加密处理的信息。  According to a fourth aspect of the present invention, there is provided an identity-based encryption technology for a first user equipment used by a first user to be forwarded via a store-and-forward server in a second user equipment used by a second user of the communication network. The decrypting device for decrypting the encrypted information, comprising: receiving means, configured to receive the encrypted processed information from the first user equipment used by the first user and forwarded by the storage and forwarding server; decryption processing And means for performing decryption processing on the received encrypted information based on the received information to restore the original unencrypted processed information.

因为基于身份标识加密算法中,与用于解密的密钥相关的私密信  Because of the private letter associated with the key used for decryption in the identity-based encryption algorithm

3 EIE080032PCT 息是基于用户的请求由私密信息生成器生成的, 也即, 私钥的生成 时间与公钥的生成时间不同, 因此, 在建立安全通道之前, 不需要 基于身份标识加密算法系统中的第一用户使用的第一用户设备和第 二用户使用的第二用户设备进行与建立安全通信相关的安全信息的 交互, 因此, 通过采用本发明提供的技术方案, 解决了离线的安全 通信的问题。 附图说明 3 EIE080032PCT The information is generated by the private information generator based on the user's request, that is, the generation time of the private key is different from the generation time of the public key. Therefore, the first in the identity-based encryption algorithm system is not required before the secure channel is established. The first user equipment used by the user and the second user equipment used by the second user perform interaction with the security information related to establishing secure communication. Therefore, by adopting the technical solution provided by the present invention, the problem of offline secure communication is solved. DRAWINGS

通过参照附图阅读以下所作的对非限制性实施例的详细描述,本发 明的其它特征、 目的和优点将会变得更明显。  Other features, objects, and advantages of the present invention will become apparent from the Detailed Description of the Description.

图 1为现有技术中的 TLS算法为了建立安全通信的用户与服务器 三次握手的过程的示意图;  1 is a schematic diagram of a process in which a TLS algorithm in the prior art performs a three-way handshake between a user and a server for establishing a secure communication;

图 2 为根据本发明的一个具体实施例通信网络的拓朴结构示意 图;  2 is a schematic diagram of a topological structure of a communication network in accordance with an embodiment of the present invention;

图 3为根据本发明的一个具体实施例的, 用户设备 1用公钥加 密 CEK, 用 CEK加密待发送的信息, 并将经公钥加密的 CEK和经 CEK加密的信息发送至存储转发服务器的方法流程图;  3 is a diagram of a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server, in accordance with an embodiment of the present invention. Method flow chart;

图 4为根据本发明的一个具体实施例的, 用户设备 2 中用于对 经由存储转发服务器转发的来自用户设备 1 的基于身份标识加密技 术加密后的信息进行解密的方法流程图;  4 is a flow chart of a method for decrypting information encrypted by an identity-based encryption technology from a user equipment 1 forwarded by a store-and-forward server in a user equipment 2, in accordance with an embodiment of the present invention;

图 5为根据本发明的一个具体实施例的, 用户设备 1 用公钥加 密 CEK, 用 CEK加密待发送的信息, 并将经公钥加密的 CEK和经 CEK加密的信息发送至存储转发服务器的装置框图;  5 is a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server according to an embodiment of the present invention. Device block diagram;

图 6为用于对经由存储转发服务器转发的来自用户设备 1 的基 于身份标识加密技术加密后的信息进行解密的装置框图。  Figure 6 is a block diagram of an apparatus for decrypting information encrypted by an identity-based encryption technique from user equipment 1 forwarded via a store-and-forward server.

在附图中,相同和相似的附图标记代表相同或相似的装置或方法 步骤。  In the figures, identical and similar reference numerals indicate the same or similar device or method steps.

4 EIE080032PCT 具体实施方式 4 EIE080032PCT detailed description

在结合附图对具体实施例进行说明之前,首先对本文中出现的部分 概念进行解释, 以便理解。  Before explaining the specific embodiments in conjunction with the drawings, some of the concepts presented herein are first explained for understanding.

私密信息生成器 (PKG, Private Key Generator ) : PKG中包括 用于生成个人的 IBE私密信息的主秘密。 PKG接受来自 IBE系统用 户的生成 IBE私密信息的请求消息, 在以约定方式与用户认证后, 向用户返回 IBE私密信息。 一个 PKG可以拥有多个用户, 每个用户 拥有用来标识自己身份的某种公开标识。  Private Key Generator (PKG): The PKG includes a master secret for generating personal IBE private information. The PKG accepts the request message from the IBE system user to generate the IBE private information, and returns the IBE private information to the user after being authenticated by the user in an agreed manner. A PKG can have multiple users, each with a public identity that identifies itself.

公共参数服务器 (PPS, Public Parameter Server ) :用于提供在 IBE(Identity-Based Encryption 基于身份标识的加密算法)系统中公 共共享的加密素材, 包括公共参数和 PKG的策略信息。  Public Parameter Server (PPS): Used to provide encrypted material that is shared publicly in the IBE (Identity-Based Encryption) system, including public parameters and PKG policy information.

IBE系统: 包括私密信息生成器、 公共参数服务器、 发送设备、 接收设备等的基于身份标识的加密算法的系统。  IBE system: A system that includes an identity-based encryption algorithm for a private information generator, a public parameter server, a transmitting device, a receiving device, and the like.

统一资源标识(URI ) : Web上每种可用的资源。 例如, HTML 文档、 图像、 视频片段、 程序等,均由一个通过通用资源标志符  Uniform Resource Identifier (URI): Every available resource on the Web. For example, HTML documents, images, video clips, programs, etc. are all passed by a generic resource identifier

( Universal /Uniform Resource Identifier, 简称" URI" ) 进行定位。  (Universal / Uniform Resource Identifier, referred to as "URI") for positioning.

URI—般由三部分組成:  A URI is generally composed of three parts:

- 访问资源的命名机制。  - Access to the naming mechanism of the resource.

- 存放资源的主机名。  - The host name where the resource is stored.

- 资源自身的名称, 由路径表示。  - The name of the resource itself, represented by the path.

用户与用户设备: 一个用户可以对应多个用户设备。 例如, 一 个用户申请一个 QQ账号, 则该用户可以根据该 QQ账号,在家里登 录, 也可以在网吧登录, 则在家里登录时, 该用户对应的用户设备 为家里的电脑, 在网吧登录时, 该用户对应的用户设备为网吧的电 脑。 在下文的描述中, 用户 A即第一用户, 其对应的用户设备为用 户设备 1(即第一用户使用的第一用户设备); 用户 B即第二用户, 其 对应的用户设备为用户设备 2 (即第二用户使用的第二用户设备) 。 在下文的描述中, 这种对应关系仅为一个示例, 本领域技术人员可 以理解, 一个用户可以对应多个用户设备, 即存在以下情形, 当用  User and User Equipment: A user can correspond to multiple user equipments. For example, if a user applies for a QQ account, the user can log in at home according to the QQ account, or log in at the Internet cafe. When logging in at home, the user device corresponding to the user is a home computer, and when logging in at the Internet cafe, The user equipment corresponding to the user is a computer of the Internet cafe. In the following description, the user A is the first user, and the corresponding user equipment is the user equipment 1 (ie, the first user equipment used by the first user); the user B is the second user, and the corresponding user equipment is the user equipment. 2 (ie the second user device used by the second user). In the following description, this correspondence is only an example, and those skilled in the art can understand that one user can correspond to multiple user equipments, that is, the following situations are used.

5 EIE080032PCT 户 A是用 MSN账号在电脑上登录对应的用户设备是电脑,当用户 A 用相同的 MSN账号登录手机使用移动 MSN业务时, 其对应的用户 设备是手机。 用户设备包括计算机、 手机、 PDA等等。 5 EIE080032PCT User A is the computer that is logged in to the computer with the MSN account. When user A logs in to the mobile phone with the same MSN account and uses the mobile MSN service, the corresponding user device is the mobile phone. User equipment includes computers, cell phones, PDAs, and the like.

用户身份相关信息: 一个用户具有的用户身份信息是全球唯一 的 ID或是一个封闭域内唯一的一个 ID, 这个 ID是直接表示用户身 份的任何唯一的字符串, 可以用姓名、 身份证号、 E-mail地址、 SIM 卡号、 手机号 (与用户身份绑定) 、 设备序列号、 例如, 用户使用 的计算机的唯一标识(例如主板序列号, CPU序列号等或其组合) , 用户在服务器注册的用户名, 例如, MSN账号, QQ账号等或其組 合来表示。 且根据标准的身份 ID可以解析出该用户所处的域(如国 家代码、 区号) 、 其他标识 (如 SIM卡号、 手机号设备号等) 。  User identity related information: A user's user identity information is a globally unique ID or a unique ID in a closed domain. This ID is any unique string that directly represents the user's identity. It can be used by name, ID number, E. -mail address, SIM card number, mobile phone number (bind with user identity), device serial number, for example, the unique identifier of the computer used by the user (eg motherboard serial number, CPU serial number, etc., or a combination thereof), registered by the user at the server The username, for example, the MSN account, the QQ account, etc., or a combination thereof. According to the standard identity ID, the domain (such as country code, area code) and other identifiers (such as SIM card number, mobile phone number, etc.) of the user can be parsed.

仍以上文的用户 A为例, 不论用户 A使用的用户设备是电脑, 还是手机或者 PDA, 或者其他用户设备登录 MSN业务时, 用户 A 的身份相关信息均为用户 A的 ID,也即用户 A的 MSN账号。  For example, the user A of the above is the ID of the user A, that is, the user A, when the user device used by the user A is a computer, a mobile phone or a PDA, or another user device logs in to the MSN service. MSN account number.

CEK ( Content Encryption Key, 内容加密密钥)是对称密钥, 可 以用于对待发送的信息进行加密, C EK加密可以基于对称密钥算法 如 DES ( Data Encryption Standard ) 、 AES ( Advanced Encryption ) 等算法。  CEK (Content Encryption Key) is a symmetric key that can be used to encrypt information to be sent. C EK encryption can be based on symmetric key algorithms such as DES (Data Encryption Standard) and AES (Advanced Encryption). .

图 2为根据本发明的一个具体实施例的通信网络的拓朴结构示 意图。 其中用户设备 1 (第一用户使用的第一用户设备)和用户设备 2 (第二用户使用的第二用户设备)是建立安全通信的两个终端用户 设备, 可以是计算机终端, 也可以是手机终端, 其应用场景例如可 以是使用 MSN或 QQ聊天软件的两个终端用户设备。 当用户设备 1 的对等通信终端也即用户设备 2处于离线的状态时 (对应了两种场 景, i ) 用户设备 2始终没有登录; ii ) 用户设备 2原本处于在线状 态, 由于网络连接问题等原因被迫下线) , 存储转发服务器 3检测 到用户设备 2的状态为离线 (本领域技术人员可以理解, 存储转发 服务器可以细分为消息通信服务器 ( Message Communication Server, MCS )和消息和媒体存储服务器( Message and Media Storage, MMS ),  2 is a schematic illustration of a topology of a communication network in accordance with an embodiment of the present invention. The user equipment 1 (the first user equipment used by the first user) and the user equipment 2 (the second user equipment used by the second user) are two terminal user equipments that establish secure communication, which may be computer terminals or mobile phones. The application scenario of the terminal may be, for example, two end user devices using MSN or QQ chat software. When the peer-to-peer communication terminal of the user equipment 1, that is, the user equipment 2 is in an offline state (corresponding to two scenarios, i) the user equipment 2 is never logged in; ii) the user equipment 2 is originally online, due to network connection problems, etc. The reason is forced to go offline. The store-and-forward server 3 detects that the state of the user equipment 2 is offline (the person skilled in the art can understand that the store-and-forward server can be subdivided into a message communication server (MCS) and message and media storage. Server (Message and Media Storage, MMS),

6 EIE080032PCT 其中 MCS和 MMS可以集成在同一个服务器中, 也可以是分立的两 个服务器。 MCS主要负责检测用户设备的状态, 是离线还是在线; 而 MMS主要负责存储由用户设备转发的经加密处理的密文), 则存 储转发服务器 3告知用户设备 1其发送给用户设备 2的经加密处理 后的信息需要发送至存储转发服务器, 也即, 用户设备 1通过通信 链路 4将经过加密处理的信息发送至存储转发服务器 3。本领域技术 人员应能理解, 当用户设备 1为计算机时, 该用户设备 1要与路由 器相连, 并接到接入设备 (DSLAM ) 中, 最终与存储转发服务器 3 逻辑连接。 当用户设备 1为手机用户时, 该手机用户需要与基站进 行无线通信, 再通过基站等通信设备最终与存储转发服务器逻辑连 以下的描述中, 以通信链路 4进行概括。 当存储转发服务器 3检测 到用户设备 2上线时, 存储转发服务器 3将保存在其中的经过加密 处理的信息通过通信链路 5转发至笫二用户设备 2。 同理, 在下文的 描述中, 也不对存储转发服务器 3与用户设备 2之间的链路连接进 行展开, 而是直接以通信链路 5进行概括。 6 EIE080032PCT MCS and MMS can be integrated in the same server, or they can be two separate servers. The MCS is mainly responsible for detecting the status of the user equipment, whether it is offline or online; and the MMS is mainly responsible for storing the encrypted ciphertext forwarded by the user equipment, and the storage and forwarding server 3 notifies the user equipment 1 that it is encrypted and sent to the user equipment 2. The processed information needs to be sent to the store-and-forward server, that is, the user device 1 transmits the encrypted processed information to the store-and-forward server 3 via the communication link 4. Those skilled in the art should understand that when the user equipment 1 is a computer, the user equipment 1 is connected to the router and connected to the access equipment (DSLAM), and finally logically connected to the store-and-forward server 3. When the user equipment 1 is a mobile phone user, the mobile phone user needs to perform wireless communication with the base station, and then finally communicate with the storage and forwarding server through a communication device such as a base station, and the communication link 4 is summarized. When the store-and-forward server 3 detects that the user equipment 2 is online, the store-and-forward server 3 forwards the encrypted processed information stored therein to the second user equipment 2 via the communication link 5. Similarly, in the following description, the link connection between the store-and-forward server 3 and the user equipment 2 is not expanded, but is summarized directly by the communication link 5.

图 3为根据本发明的一个具体实施例的, 用户设备 1用公钥加 密 CEK, 用 CEK加密待发送的信息, 并将经公钥加密的 CEK和经 CEK加密的信息发送至存储转发服务器的方法流程图。  3 is a diagram of a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server, in accordance with an embodiment of the present invention. Method flow chart.

在步骤 S10中, 用户设备 1获取用户 B的公共参数服务器的统 一资源标识。 因为用户 B的身份相关信息是公知的, 而该身份相关 信息包括位置标识信息。 例如, 当用户 B为手机用户,其身份相关信 息为电话号码时, 该用户 B的身份相关信息包括位置标识信息  In step S10, the user equipment 1 acquires the unified resource identifier of the public parameter server of the user B. Since the identity related information of User B is well known, the identity related information includes location identification information. For example, when user B is a mobile phone user and the identity related information is a phone number, the identity related information of the user B includes location identification information.

( +86 ) , 根据该身份相关信息所指示的位置标识信息, IBE系统可 以查询该用户 B所对应的公共参数服务器的统一资源标识。  (+86), according to the location identification information indicated by the identity related information, the IBE system may query the uniform resource identifier of the public parameter server corresponding to the user B.

则在步骤 S11中, 用户设备 1通过公共参数服务器的统一资源 标识, 定位公共参数服务器。  Then, in step S11, the user equipment 1 locates the public parameter server by using the uniform resource identifier of the public parameter server.

在步骤 S12中, 用户设备 1与已定位的用户 B的公共参数服务 器进行相互认证。  In step S12, the user equipment 1 performs mutual authentication with the public parameter server of the located user B.

7 EIE080032PCT 具体地, 用户设备 1与公共参数服务器的认证可以采用基于网 络接入认证和密钥协商机制的通用认证方式即 GBA ( Generic 7 EIE080032PCT Specifically, the authentication of the user equipment 1 and the public parameter server may adopt a universal authentication method based on the network access authentication and the key agreement mechanism, that is, GBA (Generic).

Bootstrapping Authentication ) ( 3 GPP TS33.220 ) , 用户设备 1和公 共参数服务器之间的认证过程可以如下所示: 公共参数服务器接收 到来自用户设备 1的公共参数请求消息后,查看自己是否存有用户 A(使 用用户设备 1的用户)相对应的有效的预共享密钥(预共享密钥是一个 Unicode 字符串) , 如果没有预共享密钥则启动 GBA过程, 其过程是: BSF (自举服务功能, Bootstrapping Server Function ) (假设 BSF和公 共参数服务器合设为一个物理设备) 查看自己是否有用户 A (使用用 户设备 1的用户)相对应的有效的五元组认证矢量 (Authentication Vector, 包括: RAND, CK, IK, AUTN, RES )或三元组认证矢量(包括: RAND Kc、 RES )。 其中, CK ( Cipher Key ) 、 Kc主要用于加密而 IK ( Integrity Key )主要用于完整性检查。 如果 BSF存有与用户 A相对应 的五元组或三元組认证矢量, 则从中选择一组认证矢量; 如果没有, 则 BSF将向 HSS (归属用户服务器)获得认证矢量(请参考基于 3GPP TS33.220, 3GPP TS 33.102、 3GPP TS 33.103以及 3GPP TS 33.105的 Diameter and MAP协议) , HSS会根据终端(用户 A )的能力生成五元 组或三元组认证矢量, 然后返回给 BSF, 其中, 五元组认证矢量包含通 信设备认证信息 (譬如, RAND、 RES ) 、 管理设备认证信息 (譬如, RAND, AUTN ) 以及 UE1 已知的安全策略(譬如, CK ) 。 然后 BSF 和用户设备 1以相同的方式生成预共享密钥 (即用户设备 1以与 BSF 相同的方式, 由 IK, CK及其他参数推导出预共享密钥) , BSF把预共 享密钥转发给公共参数服务器。 用户 A和公共参数服务器就会基于 该预享密钥采用相关的认证机制(如 HTTP Digest, PSK-TLS等)进 行认证。 Bootstrapping Authentication ) ( 3 GPP TS 33.220 ) , the authentication process between the user equipment 1 and the public parameter server can be as follows: After receiving the public parameter request message from the user equipment 1 , the public parameter server checks whether there is a user A (using the user of User Equipment 1) corresponds to a valid pre-shared key (pre-shared key is a Unicode string), if there is no pre-shared key, the GBA process is initiated, the process is: BSF (bootstrap service) Function, Bootstrapping Server Function ) (Assume that the BSF and the public parameter server are combined into one physical device) Check whether there is a valid 5-way authentication vector (Authentication Vector) corresponding to User A (user using User Device 1). RAND, CK, IK, AUTN, RES) or triple authentication vector (including: RAND Kc, RES). Among them, CK (Cipher Key) and Kc are mainly used for encryption and IK (Integrity Key) is mainly used for integrity check. If the BSF has a 5-tuple or triplet authentication vector corresponding to User A, a set of authentication vectors is selected therefrom; if not, the BSF will obtain an authentication vector from the HSS (Home Subscriber Server) (please refer to 3GPP TS33 based) .220, 3GPP TS 33.102, 3GPP TS 33.103 and 3GPP TS 33.105 Diameter and MAP protocol), HSS will generate a 5-tuple or triplet authentication vector according to the capability of the terminal (User A), and then return to the BSF, where, The tuple authentication vector contains communication device authentication information (for example, RAND, RES), management device authentication information (for example, RAND, AUTN), and a security policy known by UE1 (for example, CK). Then the BSF and the user equipment 1 generate the pre-shared key in the same way (ie, the user equipment 1 derives the pre-shared key by IK, CK and other parameters in the same way as the BSF), and the BSF forwards the pre-shared key to Public parameter server. User A and the public parameter server authenticate based on the pre-shared key using an associated authentication mechanism (such as HTTP Digest, PSK-TLS, etc.).

此外,用户 A与公共参数服务器的相互认证也可以是基于 PKIJBC 或 HTTP digest等。  In addition, mutual authentication between user A and the public parameter server may also be based on PKIJBC or HTTP digest.

然后在步骤 S13中,用户设备 1从经过认证的公共参数服务器中获 取用户 B的公共参数。公共参数包括椭圆算法曲线标识、质数、 素数、  Then in step S13, the user equipment 1 obtains the public parameters of the user B from the authenticated public parameter server. Common parameters include elliptical algorithm curve identification, prime number, prime number,

8 EIE080032PCT 公共基点、 加密的哈希函数等。 8 EIE080032PCT Common base point, encrypted hash function, etc.

然后进入步骤 S14,用户设备 1根据用户 B的公共参数、用户 B 的身份相关信息, 生成用户 B的公钥。 生成用户 B的公钥的具体算 法在 ietf组织的相关标准 (参见 http:〃 www.ietf.org/rfc/rfc5091 ixt, http://www.ietf.org/internet-drafts/draft-ietf-smime-bfibecms-08.txt , http://www.ietf.org/internet-drafts/draft-ietf-smime-ibearch-06.txt ) 中 的相关规定, 在此不予赘述。  Then, proceeding to step S14, the user equipment 1 generates the public key of the user B according to the public parameters of the user B and the identity related information of the user B. The specific algorithm for generating User B's public key is related to the ietf organization (see http:〃 www.ietf.org/rfc/rfc5091 ixt, http://www.ietf.org/internet-drafts/draft-ietf-smime The relevant provisions in -bfibecms-08.txt, http://www.ietf.org/internet-drafts/draft-ietf-smime-ibearch-06.txt) are not described here.

然后进入步骤 S15, 用户设备 1用加密辅助信息对待发送的信息 进行加密, 以生成经加密辅助信息加密后的信息, 并用已获取的用 户 B的公钥对加密辅助信息进行加密, 以生成经公钥加密后的加密 辅助信息, 以及将经加密辅助信息加密后的信息与经公钥加密后的 加密辅助信息发送至所述存储转发服务器。  Then, proceeding to step S15, the user equipment 1 encrypts the information to be sent by using the encrypted auxiliary information to generate information encrypted by the encrypted auxiliary information, and encrypts the encrypted auxiliary information with the obtained public key of the user B to generate a public information. The encrypted auxiliary information after the key is encrypted, and the encrypted information encrypted by the encrypted auxiliary information and the encrypted auxiliary information encrypted by the public key are sent to the storage and forwarding server.

具体地,步骤 S15可以细化为以下几个子步骤(图 3中未示出 ): 步骤 α中, 用户设备 1根据本地随机生成的加密辅助信息 (例 如是 CEK, Content Encryption Key, 内容加密密钥)对待发送的信息 进行加密, 以生成经 CEK加密后的信息。 其中, 可以根据加密算法 的长度的不同, 选择不同的长度的 CE:。  Specifically, step S15 may be refined into the following sub-steps (not shown in FIG. 3): In step α, the user equipment 1 generates the encryption assistance information randomly generated according to the local (for example, CEK, Content Encryption Key, content encryption key). The information to be sent is encrypted to generate CEK-encrypted information. Among them, different lengths of CE can be selected according to the length of the encryption algorithm.

步骤 β中, 用户设备 1将经 CEK加密后的信息发送至存储转发 服务器。  In step β, the user equipment 1 transmits the CEK-encrypted information to the store-and-forward server.

步骤 i中, 用户设备 1用用户 Β的公钥对 CEK进行加密, 以生 成经用户 B公钥加密后的 CEK。  In step i, the user equipment 1 encrypts the CEK with the user's public key to generate a CEK encrypted by the user B public key.

步骤 ii中,用户设备 1将经用户 B公钥加密后的 CEK发送至存 储转发服务器 3。  In step ii, the user equipment 1 transmits the CEK encrypted by the user B public key to the storage and forwarding server 3.

通过上述的描述,本领域技术人员可以理解,步驟 β承接步骤 α, 步骤 ii承接步骤1, 此外, 在一个变化的实施例中, 可以先进行步骤 α, 再进行步骤 i, 再进行步骤 β, 再进行步骤 ii; 优选地, 步骤 β和 步骤 ii可以同时进行, 即同时将经 CEK加密后的信息和经公钥加密 后的 CEK发送至存储转发服务器 3。  Through the above description, those skilled in the art can understand that the step β takes the step α, the step ii takes the step 1, and in a modified embodiment, the step α can be performed first, then the step i is performed, and then the step β is performed. Step ii is further performed; preferably, step β and step ii can be performed simultaneously, that is, the CEK-encrypted information and the public key-encrypted CEK are simultaneously sent to the store-and-forward server 3.

上述的实施例中,用户设备 1使用用户 B的公钥对 CEK进行加  In the above embodiment, the user equipment 1 adds the CEK using the public key of the user B.

9 EIE080032PCT 密, 用 CEK对待发送的信息进行加密, 是考虑到 CEK是基于对称 密钥加密算法(如 AES算法), 因此用 CEK对待发送的信息进行加 密可以节省加密所需的时间。 而非对称密码体制方法 (如公私密钥 对算法) 所需的计算量很大, 不适合加密大数据量的信息。 而 CEK 本身的信息量比较少, 因此用非对称密码体制中的公钥加密 CEK, 而用 CEK加密待发送的信息整体上也可以提高效率, 但是因为引入 了一个新的参数 CEK, 可能会带来系统的复杂度。 于是, 在不考虑 系统代价的条件下, 我们也可以直接用非对称密码体制中的公钥对 待发送的信息进行加密, 也即, 在一个变化的实施例中, 用户设备 1 直接用非对称密码体制中的公钥对待发送的信息进行加密。 则步骤 S 15可以细分为以下几个子步骤(图 3中为示出): 9 EIE080032PCT Confidential, the information to be sent by the CEK is encrypted. Considering that the CEK is based on a symmetric key encryption algorithm (such as the AES algorithm), encrypting the information to be sent by the CEK can save the time required for encryption. An asymmetric cryptosystem approach (such as a public-private key pair algorithm) requires a large amount of computation and is not suitable for encrypting large amounts of information. The CEK itself has less information, so the CEK is encrypted with the public key in the asymmetric cryptosystem. Encrypting the information to be sent with CEK can also improve the efficiency as a whole, but because of the introduction of a new parameter CEK, it may bring Come to the complexity of the system. Thus, without considering the system cost, we can also directly encrypt the information to be sent by the public key in the asymmetric cryptosystem, that is, in a variant embodiment, the user equipment 1 directly uses the asymmetric cipher. The public key in the system encrypts the information to be sent. Then step S 15 can be subdivided into the following sub-steps (shown in Figure 3):

步骤 S150, 用户设备 1用已获取的用户 B的公钥, 对所述待发 送的信息进行加密, 以生成经用户 B的公钥加密后的信息。  Step S150: The user equipment 1 encrypts the information to be sent by using the acquired public key of the user B to generate information encrypted by the public key of the user B.

然后进入步骤 S151, 用户设备 1将经用户 B的公钥加密后的信 息发送至所述存储转发服务器。  Then, proceeding to step S151, the user equipment 1 transmits the information encrypted by the public key of the user B to the store-and-forward server.

在上述的实施例中, 当用户 A与用户 B的公共参数服务器之间 进行相互认证成功后, 则可以认为用户 A与用户 B的公共参数服务 器之间是互信的。 但是, 用户 A通过 VPN(Virtual Private Network虚 拟私人网络)访问局域网内的用户 B的公共参数服务器, 则因为用户 A与局域网之间属于安全连接, 则此时, 用户 A不需要进行与用户 B的相互认证, 也即, 在一个变化的实施例中, 步骤 S12的用户设 备 1与已定位的用户 B的公共参数服务器进行相互认证的步骤可以 省略, 则在步骤 S 13中, 用户设备 1从直接从公共参数服务器中获取 用户 B的公共参数。  In the above embodiment, after mutual authentication between user A and user B's public parameter server is successful, it can be considered that user A and user B's public parameter server are mutually trusted. However, the user A accesses the public parameter server of the user B in the local area network through the VPN (Virtual Private Network), because the user A and the local area network are connected securely, at this time, the user A does not need to perform the interaction with the user B. Mutual authentication, that is, in a modified embodiment, the step of mutual authentication by the user equipment 1 of step S12 and the public parameter server of the located user B may be omitted, then in step S13, the user equipment 1 is directly Get the public parameters of User B from the public parameter server.

在另一个变化的实施例中, 步骤 S10、 Sl l、 S12均可以省略, 也即, 对应了这样的场景, 用户设备 1此前与用户 B建立了安全通 信, 因此在用户设备 1中存储了用户 B对应的公共参数服务器的信 息, 因此, 用户设备 1直接根据其存储的用户 B对应的公共参数服 务器的信息获取用户 B的公共参数。  In another modified embodiment, steps S10, S1, and S12 may be omitted, that is, corresponding to such a scenario, the user equipment 1 has previously established secure communication with the user B, and thus the user is stored in the user equipment 1. The information of the public parameter server corresponding to B, therefore, the user equipment 1 directly obtains the public parameters of the user B according to the information of the public parameter server corresponding to the user B stored therein.

10 EIE080032PCT 在另一个变化的实施例中, 步骤 S10、 Sl l、 S12和 S13均可以 省略。 也即, 对应了这样的场景, 用户设备 1此前与用户 B建立了 安全通信, 因此在用户设备 1中存储了用户 B对应的公共参数, 且 该公共参数的生命周期没有过期, 仍是有效信息, 因此, 在步骤 S14 中, 用户设备 1直接根据用户 B的公共参数、 用户 B的身份相关信 息, 获取用户 B的公钥。 10 EIE080032PCT In another variant embodiment, steps S10, Sl1, S12 and S13 may each be omitted. That is, corresponding to such a scenario, the user equipment 1 has previously established secure communication with the user B, so the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter is not expired, and is still valid information. Therefore, in step S14, the user equipment 1 directly obtains the public key of the user B according to the public parameters of the user B and the identity related information of the user B.

在另一个变化的实施例中, 在步骤 S15之前还包括, 加密辅助 信息的获取步骤, 可以是本地随机生成的 CEK信息, 也可以是从外 部获取的, 但是对于从外部获取这种情形, 其安全性能不高, 因此, 优选地, 辅助信息从本地随机生成。 值得注意的是, 该加密辅助信 息的获取步骤只要保证是在用 CEK加密待发送的信息的步骤之前即 可。  In another modified embodiment, before step S15, the step of acquiring the encryption auxiliary information may be locally generated CEK information, or may be obtained from the outside, but for obtaining the situation from the outside, The security performance is not high, therefore, preferably, the auxiliary information is randomly generated from the local. It is to be noted that the acquisition step of the encryption auxiliary information is only required to be performed before the step of encrypting the information to be transmitted by using the CEK.

以下, 参照图 4, 结合图 2, 对本发明的用户设备 2中用于对经 由存储转发服务器转发的来自用户设备 1的基于身份标识加密技术 加密后的信息进行解密的方法流程图进行具体描述。  Hereinafter, with reference to FIG. 4, a flowchart of a method for decrypting information encrypted by the identity-based encryption technology from the user equipment 1 forwarded by the store-and-forward server in the user equipment 2 of the present invention will be specifically described with reference to FIG.

在存储转发服务器将来自用户设备 1的转发至用户设备 2之前, 存储转发服务器首先检测用户设备 2是否上线, 若存储转发服务器 检测到用户设备 2上线后, 其将存储在存储转发服务器中的来自用 户设备 1的经用户设备 1加密处理后的信息转发至用户设备 2。我们 理解, 现有的离线消息也是经由服务器进行转发。  Before the store-and-forward server forwards the user device 1 to the user device 2, the store-and-forward server first detects whether the user device 2 is online. If the store-and-forward server detects that the user device 2 is online, it will store the data from the store-and-forward server. The information encrypted by the user equipment 1 of the user equipment 1 is forwarded to the user equipment 2. We understand that existing offline messages are also forwarded via the server.

首先, 对用户设备 1发送至存储转发服务器的信息是经加密辅 助信息加密后的信息以及经公钥加密后的加密辅助信息的这种情形 进行描述:  First, the case where the information transmitted by the user equipment 1 to the store-and-forward server is encrypted by the encrypted auxiliary information and the encrypted auxiliary information encrypted by the public key is described as follows:

在步骤 S20中, 用户 B接收经由存储转发服务器转发的, 来自 用户 A使用的用户设备 1的, 经加密辅助信息, 以下以加密辅助信 息为 CEK为例进行说明, 加密后的信息以及经公钥加密后的加密辅 助信息。  In step S20, the user B receives the encrypted auxiliary information from the user equipment 1 used by the user A, which is forwarded via the store-and-forward server. The following uses the encrypted auxiliary information as the CEK as an example. The encrypted information and the public key are used. Encrypted auxiliary information after encryption.

具体地, 用户设备 2获取经 CEK加密后的信息的子步骤与获取 经用户 B的公钥加密的 CEK的子步骤之间没有明显的先后顺序,也  Specifically, there is no obvious sequence between the sub-steps of the user equipment 2 acquiring the CEK-encrypted information and the sub-steps of acquiring the CEK encrypted by the user B's public key.

11 EIE080032PCT 即,存储转发服务器可以同时将经 CEK加密后的信息和经用户 B的 公钥加密的 CEK同时发送至用户设备 2, 也可以对两者分开进行发 送。但是,只有在用户设备 2接收到经用户 B的公钥加密的 CEK后, 才可以开始对 CEK进行解密。 而只有在用户设备 2得到经解密的 CEK后, 才能够对接收到的经 CEK加密后的信息进行解密。 11 EIE080032PCT That is, the store-and-forward server can simultaneously transmit the CEK-encrypted information and the CEK encrypted by the user B's public key to the user equipment 2, or can transmit the two separately. However, the CEK can only be decrypted after the user equipment 2 receives the CEK encrypted by the user B's public key. Only after the user equipment 2 obtains the decrypted CEK can the received CEK encrypted information be decrypted.

在用户设备 2从接收到的经由存储转发服务器转发的经用户 B 的和公钥加密后的 CEK后, 在步骤 S21中, 用户设备 2从该信息的 信息包头中解析出用户 B的公共参数服务器的 URI, 并根据用户 B 的公共参数服务器的 URI定位用户 B的公共参数服务器, 则用户 B 与用户 B的公共参数服务器进行相互认证, 具体的认证的步骤可以 参考上述图 3的针对步骤 S12的用户 A与公共参数服务器的认证过 程。 本领域技术人员应能理解, 所述认证的机制可以是基于网络接 入认证和密钥协商机制的通用认证方式 GBA、 PKI、 基于 ΙΒΕ算法或 HTTP digest等等, 在此不予赘述。  After the user equipment 2 receives the CEK encrypted by the user B and the public key forwarded via the store-and-forward server, the user equipment 2 parses the public parameter server of the user B from the packet header of the information in step S21. URI, and locating the public parameter server of the user B according to the URI of the public parameter server of the user B, the user B and the public parameter server of the user B are mutually authenticated. For the specific authentication step, refer to step S12 of FIG. 3 above. User A and the public parameter server authentication process. It should be understood by those skilled in the art that the authentication mechanism may be a general authentication method based on network access authentication and key agreement mechanism, GBA, PKI, 基于-based algorithm or HTTP digest, etc., and will not be described herein.

然后在步骤 S22中, 用户设备 2从经过相互认证的用户 B的公 共参数服务器中获取用户 B的公共参数。 用户 B的公共参数包括椭 圆算法曲线标识、 质数、 素数、 公共基点、 加密的哈希函数等。  Then in step S22, the user equipment 2 acquires the public parameters of the user B from the public parameter servers of the mutually authenticated user B. User B's public parameters include the ellipse algorithm curve identifier, prime number, prime number, common base point, encrypted hash function, and so on.

此外, 用户 B的公共参数服务器中还包括 PKG的策略信息, 也 即, 在步骤 S23中, 用户设备 2通过与公共参数服务器的交互, 可 以从公共参数服务器中获取用户 B的 PKG的 URL  In addition, the public parameter server of the user B also includes the policy information of the PKG, that is, in step S23, the user device 2 can obtain the URL of the user B's PKG from the public parameter server by interacting with the public parameter server.

在步骤 S24中, 用户设备 2通过私密信息生成器的统一资源标 识, 定位私密信息生成器。  In step S24, the user equipment 2 locates the private information generator by using the uniform resource identifier of the private information generator.

在步骤 S25中, 用户设备 2与私密信息生成器进行相互认证。 通常情况下, 因为私密信息生成器保存的用户 B的私密信息对于用 户 B的安全通信至关重要, 因此, 需要进行用户设备 2与私密信息 生成器 PKG之间的相互认证。 该相互认证的过程, 具体的步骤可以 参考上述图 3的针对步骤 S12的用户 A与公共参数服务器的认证过 程。 本领域技术人员应能理解, 所述认证的机制可以是基于网络接 入认证和密钥协商机制的通用认证方式 GBA、 PKI、 基于 ΙΒΕ算法或  In step S25, the user equipment 2 and the private information generator perform mutual authentication. In general, since the private information of User B held by the private information generator is critical to the secure communication of User B, mutual authentication between the User Equipment 2 and the Private Information Generator PKG is required. For the mutual authentication process, the specific steps may refer to the authentication process of the user A and the public parameter server for step S12 in FIG. 3 above. Those skilled in the art should understand that the authentication mechanism may be a universal authentication method based on network access authentication and key agreement mechanism, GBA, PKI, 基于-based algorithm or

12 EIE080032PCT HTTP digest等等, 在此不予赘述。 12 EIE080032PCT HTTP digest and so on, will not be described here.

在步驟 S26中, 用户设备 2从经过相互认证的私密信息生成器 中获取用户 B的私密信息。因为私密信息涉及到用户 B的信息安全, 一旦私密信息泄漏, 会对用户 B造成不可估量的损失, 因此, 私密 信息应以安全的方式传送给用户设备 2, 例如加密机制有 PKI、 ΙΒΕ 等。  In step S26, the user equipment 2 acquires the private information of the user B from the mutually authenticated private information generator. Because the private information relates to the security of the user B, once the private information is leaked, it will cause immeasurable loss to the user B. Therefore, the private information should be transmitted to the user equipment 2 in a secure manner. For example, the encryption mechanism includes PKI, ΙΒΕ, and the like.

在 ΙΒΕ系统中,私密信息是由私密信息生成器 PKG生成并提供 给解密的用户的, 是否需要为本次会话产生一个新的私钥取决于加 密的用户使用的是一个长期公钥还是一个短期公钥。 而这一决策受 系统安全策略和执行加密的客户策略的影响。  In the system, private information is generated by the private information generator PKG and provided to the decrypted user. Is it necessary to generate a new private key for the session depending on whether the encrypted user uses a long-term public key or a short-term? Public key. This decision is influenced by system security policies and customer policies that enforce encryption.

PKG需要维护一个数据库, 存放当前系统参数配置下发布的每 个私密对应的 ID。 一个密钥可以被产生、 使用、 撤销或在生命周期 结束后被移去。  PKG needs to maintain a database to store each private ID corresponding to the current system parameter configuration. A key can be generated, used, revoked or removed after the end of its life cycle.

在步骤 S27中, 用户设备 2根据已获取的用户 B的公共参数, 用户 B的私密信息和用户 B的身份相关信息, 生成用户 B的私钥。 获取用户 B的私钥也是基于 IBE算法的, 生成用户 B的私钥的具体 算法在 ietf组织的相关标准(参见 http://www.ietf.org/rfc/rfc5091.txt http://wwwJetf.org/internet-drafts/draft-ietf-smime-bfibecms-Q8.txt , http://wwwjetf.org/internet-drafts/draft-ietf-smime-ibearch-06.txt ) 中 均有相关规定, 在此不予赘述。  In step S27, the user equipment 2 generates the private key of the user B according to the acquired public parameters of the user B, the private information of the user B, and the identity related information of the user B. The user B's private key is also based on the IBE algorithm. The specific algorithm for generating the user B's private key is related to the ietf organization (see http://www.ietf.org/rfc/rfc5091.txt http://wwwJetf. There are provisions in org/internet-drafts/draft-ietf-smime-bfibecms-Q8.txt, http://wwwjetf.org/internet-drafts/draft-ietf-smime-ibearch-06.txt ) Do not repeat them.

在步骤 S28中, 用户设备 2使用用户 B的私钥, 对已接收的经 用户 B的公钥加密后的 CEK进行私钥解密, 以还原出 CEK。  In step S28, the user equipment 2 decrypts the received CEK encrypted by the user B's public key using the private key of the user B to restore the CEK.

在步骤 S29中, 用户设备 2用已还原出的 CEK, 对已接收的经 CEK加密后的信息进行解密, 以还原出原信息。  In step S29, the user equipment 2 decrypts the received CEK-encrypted information with the restored CEK to restore the original information.

在上述的实施例中, 步骤 S21中, 用户设备 2需要依赖在步骤 In the above embodiment, in step S21, the user equipment 2 needs to rely on the steps.

S20中获取的经加密的消息解析出用户 B的公共参数服务器的 URI。 但是, 在一个变化的实施例中, 用户设备 2可以直接与 IBE系统进 行通信以获取用户 B所对应的公共参数服务器的 URI, 并进一步根 据该获取的公共参数服务器的 URI定位该公共参数服务器。 也即, The encrypted message obtained in S20 parses out the URI of User B's public parameter server. However, in a variant embodiment, the user equipment 2 can communicate directly with the IBE system to obtain the URI of the public parameter server corresponding to the user B, and further locate the public parameter server based on the URI of the obtained public parameter server. That is,

13 EIE080032PCT 此时步骤 S20和步骤 S21并没有明显的先后顺序, 但是, 只有在用 户设备 2既完成了步骤 S20的接收经由存储转发服务器转发的来自 用户 A使用的用户设备 1的经 CEK加密后的信息以及经公钥加密后 的 CEK, 也在步骤 S27中获取了用户 B的私钥, 才能进入步骤 S28 , 用用户 B的私钥, 对经用户 B的公钥加密后的 CEK进行私钥解密, 以还原出未经加密的 CEK。 13 EIE080032PCT At this time, there is no obvious sequence in step S20 and step S21. However, only the user equipment 2 completes the CEK-encrypted information of the user equipment 1 used by the user A forwarded via the store-and-forward server at the reception of step S20 and The CEK encrypted by the public key also acquires the private key of the user B in step S27, and then proceeds to step S28, and uses the private key of the user B to decrypt the private key encrypted by the public key of the user B, Restore unencrypted CEK.

在另一个变化的实施例中, 步骤 S21、 S22均可以省略。 也即, 对应了这样的场景, 用户设备 2此前已经与公共参数服务器进行了 相互认证, 且该认证仍未失效, 所以步骤 S21可以省略; 并且用户 设备 2已从公共参数服务器中获取了用户 B对应的公共参数, 则在 用户设备 1 中存储了用户 B对应的公共参数, 且该公共参数的生命 周期没有过期, 仍是有效信息, 因此, 步骤 S22可以省略。 则在步 骤 S23中, 用户设备 2直接从已经过相互认证的公共参数服务器中 获取私密信息生成器的统一资源标识。  In another variant embodiment, steps S21, S22 can all be omitted. That is, corresponding to such a scenario, the user equipment 2 has previously authenticated with the public parameter server, and the authentication has not expired, so step S21 can be omitted; and the user equipment 2 has acquired the user B from the public parameter server. The corresponding public parameter stores the public parameter corresponding to the user B in the user equipment 1, and the life cycle of the public parameter does not expire, and is still valid information. Therefore, step S22 can be omitted. Then, in step S23, the user equipment 2 directly obtains the uniform resource identifier of the private information generator from the public parameter server that has been mutually authenticated.

在一个变化的实施例中, 步骤 S23、 S24、 S25、 S26可以省略. 虽然私密信息生成器定期对与用户的身份信息与其对应的私密信息 进行更新, 但是, 一个私密信息的生命周期会持续一段时间。 也即, 存在这样的情形, 用户 B在前一次已从私密信息生成器中获取了用 户 B的私密信息, 且该私密信息未过期, 仍是有效的。 因此, 在步 骤 S27中, 用户设备 2直接根据本地存储的用户 B的私密信息, 用 户 B的身份相关信息和本地存储的用户 B的公共参数生成用户 B的 私钥。  In a variant embodiment, steps S23, S24, S25, S26 may be omitted. Although the private information generator periodically updates the user's identity information with the corresponding private information, but the life cycle of a private message continues for a period of time. time. That is, there is a case where the user B has obtained the private information of the user B from the private information generator the previous time, and the private information has not expired, and is still valid. Therefore, in step S27, the user equipment 2 directly generates the private key of the user B according to the private information of the user B stored locally, the identity related information of the user B, and the public parameter of the user B stored locally.

在一个变化的实施例中, 若用户设备 1 中对待发送的信息进行 的加密处理是直接使用用户 B的公钥对待发送的信息进行加密, 且 转发至存储转发服务器的经加密处理的信息为使用用户 B的公钥加 密的密文,则对应地,步骤 S28和步驟 S29可以替换为步骤 S28,, 用 户设备 2用用户 B的私钥, 对已接收的经用户 B的公钥加密后的信 息进行解密, 以还原出原始的未加密的信息, 也即用户 A待发送的 信息。  In a variant embodiment, if the information to be sent in the user equipment 1 is encrypted, the information to be sent is directly encrypted using the public key of the user B, and the encrypted information forwarded to the store-and-forward server is used. Correspondingly, the ciphertext encrypted by the public key of the user B, correspondingly, step S28 and step S29 may be replaced with step S28, and the user equipment 2 encrypts the received information encrypted by the public key of the user B by using the private key of the user B. Decryption is performed to restore the original unencrypted information, that is, the information to be sent by the user A.

14 EIE080032PCT 图 5为根据本发明的一个具体实施例的, 用户设备 1用公钥加 密 CEK, 用 CEK加密待发送的信息, 并将经公钥加密的 CEK和经 CEK加密的信息发送至存储转发服务器的装置框图。 14 EIE080032PCT 5 is a user equipment 1 encrypting a CEK with a public key, encrypting the information to be transmitted with the CEK, and transmitting the public key encrypted CEK and the CEK encrypted information to the store and forward server according to an embodiment of the present invention. Device block diagram.

以下, 参照图 5并结合图 2对本发明的第三方面的各个具体实 施例进行描述, 其中, 对图 3所作说明在此一并作为参考。 图 5所 示的第一加密装置 10位于以图 1所示用户设备 1为例的各个终端设 备中, 其中, 包括服务器标识获取装置 100、 服务器定位装置 101、 第一公共参数获取装置 102,公钥获取装置 103和第一发送装置 104; 其中,第一公共参数获取装置 102还包括第一服务器认证装置 1020、 第二公共参数获取装置 1021。  Hereinafter, various specific embodiments of the third aspect of the present invention will be described with reference to FIG. 5 in conjunction with FIG. 2, wherein the description of FIG. 3 is hereby incorporated by reference. The first encryption device 10 shown in FIG. 5 is located in each terminal device of the user equipment 1 shown in FIG. 1 , and includes a server identifier acquisition device 100, a server location device 101, and a first public parameter acquisition device 102. The key obtaining device 103 and the first transmitting device 104; wherein the first common parameter obtaining device 102 further includes a first server authentication device 1020 and a second common parameter obtaining device 1021.

首先, 服务器标识获取装置 100获取用户 B的公共参数服务器 的统一资源标识。 因为用户 B的身份相关信息是公知的, 而该身份 相关信息包括位置标识信息。 例如, 当用户 B为手机用户,其身份相 关信息为电话号码时, 该用户 B的身份相关信息包括位置标识信息 ( +86 ) , 根据该身份相关信息所指示的位置标识信息, IBE系统可 以查询该用户 B所对应的公共参数服务器的统一资源标识。  First, the server identification obtaining means 100 acquires the uniform resource identifier of the public parameter server of the user B. Since the identity related information of User B is well known, the identity related information includes location identification information. For example, when the user B is a mobile phone user and the identity related information is a phone number, the identity related information of the user B includes location identification information (+86), and the IBE system can query according to the location identification information indicated by the identity related information. The uniform resource identifier of the public parameter server corresponding to the user B.

服务器定位装置 101通过服务器表示获取装置 100中获取的公 共参数服务器的统一资源标识, 定位公共参数服务器。  The server locating device 101 locates the common resource identifier of the public parameter server acquired in the device 100 by the server, and locates the public parameter server.

第一服务器认证装置 1020与已定位的用户 B的公共参数服务器 进行相互认证。  The first server authentication device 1020 performs mutual authentication with the public parameter server of the located user B.

具体地, 第一服务器认证装置 1020与公共参数服务器的认证可 以采用基于网络接入认证和密钥协商机制的通用认证方式即 GBA ( Generic Bootstrapping Authentication ) ( 3 GPP TS33.220 ) , 第一服 务器认证装置 1020和公共参数服务器之间的密钥协商过程可以如下 所示: 公共参数服务器接收到来自第一服务器认证装置 102的公共参 数请求消息后, 查看自己是否存有用户 Α (使用用户设备 1的用户)相 对应的有效的预共享密钥, 如果没有预共享密钥则启动 GBA过程, 其 过程是: BSF ( Bootstrapping Server Function ) (假设 BSF和公共参数 服务器合设为一个物理设备)查看自己是否有用户 A (使用用户设备  Specifically, the authentication of the first server authentication device 1020 and the public parameter server may adopt a universal authentication method based on the network access authentication and the key agreement mechanism, that is, GBA (Generic Bootstrapping Authentication) (3GPP TS 33.220), the first server authentication. The key agreement process between the device 1020 and the public parameter server may be as follows: After receiving the public parameter request message from the first server authentication device 102, the public parameter server checks whether it has a user Α (using the user device 1) User) corresponding to the valid pre-shared key, if there is no pre-shared key, start the GBA process, the process is: BSF (Bootstrapping Server Function) (assuming BSF and public parameter server are set to one physical device) to see if they are User A (using user equipment

15 EIE080032PCT 1的用户)相对应的有效的五元组认证矢量(Authentication Vector, 包 括: RAND, CK, IK, AUTN, RES )或三元组认证矢量 (包括: RAND、 Kc、 RES )。 其中, CK ( Cipher Key )、 Kc主要用于加密而 IK ( Integrity Key )主要用于完整性检查。如果 BSF存有与用户 A相对应的五元组或 三元组认证矢量, 则从中选择一组认证矢量; 如果没有, 则 BSF将向 HSS (归属用户服务器)获得认证矢量(请参考基于 3GPP TS33.220、 3 GPP TS 33.102、 3GPP TS 33.103以及 3GPP TS 33.105的 Diameter and MAP协议) , HSS会 #居终端 (用户 A ) 的能力生成五元组或三元组 认证矢量, 然后返回给 BSF, 其中, 五元组认证矢量包含通信设备认证 信息(譬如, RAND、 RES )、管理设备认证信息(譬如, RAND、 AUTN ) 以及 UE1 已知的安全策略(譬如, CK ) 。 然后 BSF和第一服务器认 证装置 1020以相同的方式生成预共享密钥, BSF把预共享密钥转发给 公共参数服务器。 第一服务器认证装置 1020和公共参数服务器就会 基于该预享密钥采用相关的认证机制(如 HTTP Digest PSK-TLS等) 进行认证。 15 EIE080032PCT The user of 1) corresponds to a valid five-factor authentication vector (including: RAND, CK, IK, AUTN, RES) or a triplet authentication vector (including: RAND, Kc, RES). Among them, CK (Cipher Key) and Kc are mainly used for encryption and IK (Integrity Key) is mainly used for integrity check. If the BSF has a 5-tuple or triplet authentication vector corresponding to User A, a set of authentication vectors is selected therefrom; if not, the BSF will obtain an authentication vector from the HSS (Home Subscriber Server) (please refer to 3GPP TS33 based) .220, 3 GPP TS 33.102, 3GPP TS 33.103 and 3GPP TS 33.105 Diameter and MAP protocol), HSS will be able to generate a quintuple or triplet authentication vector and then return it to the BSF, where The quintuple authentication vector contains communication device authentication information (for example, RAND, RES), management device authentication information (for example, RAND, AUTN), and a security policy known by UE1 (for example, CK). The BSF then generates a pre-shared key in the same manner as the first server authentication device 1020, and the BSF forwards the pre-shared key to the public parameter server. The first server authentication device 1020 and the public parameter server perform authentication based on the pre-shared key using an associated authentication mechanism (such as HTTP Digest PSK-TLS).

此外,用户 A与公共参数服务器的相互认证也可以是基于 PKI、IBC 或 HTTP digest等。  In addition, mutual authentication between user A and the public parameter server may also be based on PKI, IBC or HTTP digest.

然后第二公共参数获取装置 1021从经过认证的公共参数服务器中 获取用户 B的公共参数。 公共参数包括椭圆算法曲线标识、 质数、 素 数、 公共基点、 加密的哈希函数等。  The second public parameter obtaining means 1021 then acquires the public parameters of the user B from the authenticated public parameter server. Common parameters include elliptical algorithm curve identification, prime numbers, prime numbers, common base points, encrypted hash functions, and more.

然后公钥获取装置 103根据用户 B的公共参数、 用户 B的身份 相关信息,生成用户 B的公钥。生成用户 B的公钥的具体算法在 ietf 组织的相关标准 (参见 http:〃 www.ietf.org/rfc/rfc5091.txt,  The public key obtaining means 103 then generates the public key of the user B based on the public parameters of the user B and the identity related information of the user B. The specific algorithm for generating User B's public key is related to the ietf organization (see http:〃 www.ietf.org/rfc/rfc5091.txt,

http://wwwjetf.org/internet-drafts/draft-ietf-smime-bfibecms-08.txt, http://wwwJetf.org/internet-drafts/draft-ietf-smime-ibearch-06.txt ) 中 的相关规定, 在此不予赘述。 Http://wwwjetf.org/internet-drafts/draft-ietf-smime-bfibecms-08.txt, http://wwwJetf.org/internet-drafts/draft-ietf-smime-ibearch-06.txt ) The relevant regulations are not described here.

然后第一发送装置 104用加密辅助信息对待发送的信息进行加 密, 以生成经加密辅助信息加密后的信息, 并用已获取的用户 B的 公钥对加密辅助信息进行加密, 以生成经公钥加密后的加密辅助信  Then, the first transmitting device 104 encrypts the information to be transmitted by using the encrypted auxiliary information to generate the encrypted information of the encrypted auxiliary information, and encrypts the encrypted auxiliary information with the acquired public key of the user B to generate a public key encrypted. Encrypted auxiliary letter

16 EIE080032PCT 息, 以及将经加密辅助信息加密后的信息与经公钥加密后的加密辅 助信息发送至所述存储转发服务器。 16 EIE080032PCT Information, and the encrypted information encrypted by the encrypted auxiliary information and the encrypted auxiliary information encrypted by the public key are sent to the store-and-forward server.

具体地, 第一发送装置 104可以细化为以下几个子装置 (图 5 中未示出) :  Specifically, the first transmitting device 104 can be refined into the following sub-devices (not shown in FIG. 5):

第三加密装置,根据本地随机生成的加密辅助信息(例如是 CEK a third encryption device, based on locally generated encrypted auxiliary information (for example, CEK

Content Encryption Key, 内容加密密钥) 对待发送的信息进行加密, 以生成经 CEK加密后的信息。 其中, 可以根据加密算法的长度的不 同, 选择不同长度的 CEK。 Content Encryption Key, the information to be sent is encrypted to generate CEK-encrypted information. Among them, different lengths of CEK can be selected according to the length of the encryption algorithm.

经 CEK加密的信息发送装置, 用户设备 1将经 CEK加密后的信 息发送至存储转发服务器。  The CEK-encrypted information transmitting apparatus, the user equipment 1 transmits the CEK-encrypted information to the store-and-forward server.

第四加密装置, 用户设备 1用用户 B的公钥对 CEK进行加密, 以生成经用户 B公钥加密后的 CEK:。  The fourth encryption device, the user equipment 1 encrypts the CEK with the public key of the user B to generate a CEK: encrypted by the user B public key.

经公钥加密的信息发送装置, 用户设备 1将经用户 B公钥加密 后的 CEK发送至存储转发服务器 3。  The information transmitting apparatus encrypted by the public key transmits the CEK encrypted by the user B public key to the store-and-forward server 3.

通过上述的描述, 本领域技术人员可以理解, 经 CEK加密的信 息发送装置所发送的内容必需由第三加密装置生成, 经公钥加密的 信息发送装置所发送的内容必需由第四加密装置, 但是第三加密装 置和经 CEK加密的信息发送装置所执行的步骤与第四加密装置和经 公钥加密的信息发送装置所执行的步骤之间并没有明显的先后顺 序。 优选地, 经 CEK加密的信息发送装置和经公钥加密的信息发送 装置可以合并为一个第二发送装置, 即该第二发送装置同时将经 CEK加密后的信息和经公钥加密后的 CEK发送至存储转发服务器 3。  Through the above description, those skilled in the art can understand that the content transmitted by the CEK-encrypted information transmitting apparatus must be generated by the third encrypting apparatus, and the content transmitted by the public key-encrypted information transmitting apparatus must be transmitted by the fourth encrypting apparatus. However, there is no obvious sequence between the steps performed by the third encryption means and the CEK-encrypted information transmitting means and the steps performed by the fourth encryption means and the public key-encrypted information transmitting means. Preferably, the CEK-encrypted information transmitting device and the public key-encrypted information transmitting device may be combined into one second transmitting device, that is, the second transmitting device simultaneously encrypts the CEK-encrypted information and the public-key encrypted CEK. Send to the store-and-forward server 3.

上述的实施例中, 用户设备 1用用户 B公钥对 CEK进行加密, 用 CEK对待发送的信息进行加密, 是考虑到 CEK是基于对称密钥 加密算法(如 AES算法), 因此用 CEK对待发送的信息进行加密可 以节省加密所需的时间。 而非对称密码体制方法 (如公私密钥队算 法) 所需的计算量很大, 不适合加密大数据量的信息。 而 CEK本身 的信息量比较少, 因此用非对称密码体制中的公钥加密 CEK, 而用  In the above embodiment, the user equipment 1 encrypts the CEK with the user B public key, and encrypts the information to be sent by the CEK, considering that the CEK is based on a symmetric key encryption algorithm (such as the AES algorithm), so the CEK is used to be sent. Encryption of information can save time in encryption. An asymmetric cryptosystem approach (such as a public-private keying algorithm) requires a large amount of computation and is not suitable for encrypting large amounts of information. The CEK itself has less information, so the CEK is encrypted with the public key in the asymmetric cryptosystem.

17 EIE080032PCT C E K加密待发送的信息整体上也可以提高效率, 但是因为引入了一 个新的参数 CEK, 可能会带来系统的复杂度。 于是, 在不考虑系统 代价的条件下, 我们也可以直接用非对称密码体制中的公钥对待发 送的信息进行加密, 也即, 在一个变化的实施例中, 用户设备 1直 接用非对称密码体制中的公钥对待发送的信息进行加密。 则, 第一 发送装置 104可以细分为以下几个子装置(图 5中为示出): 17 EIE080032PCT The CEK encryption of the information to be sent as a whole can also improve efficiency, but because of the introduction of a new parameter CEK, the complexity of the system may be brought about. Thus, without considering the system cost, we can also directly encrypt the information to be sent by the public key in the asymmetric cryptosystem, that is, in a variant embodiment, the user equipment 1 directly uses the asymmetric cipher. The public key in the system encrypts the information to be sent. Then, the first transmitting device 104 can be subdivided into the following sub-devices (shown in FIG. 5):

第二加密装置,用已获取的用户 Β的公钥, 对所述待发送的信息 进行加密, 以生成经用户 Β的公钥加密后的信息。  The second encrypting means encrypts the information to be transmitted by using the acquired public key of the user to generate the information encrypted by the user's public key.

第二发送装置将经用户 Β的公钥加密后的信息发送至所述存储 转发服务器。  The second transmitting device transmits the information encrypted by the user's public key to the storage forwarding server.

在上述的实施例中, 当用户 Α与用户 B的公共参数服务器之间 进行相互认证成功后, 则可以认为用户 A与用户 B的公共参数服务 器之间是互信的。 但是, 用户 A通过 VPN(Virtual Private Network虚 拟私人网络)访问局域网内的用户 B的公共参数服务器, 则因为用户 A与局域网之间属于安全连接, 则此时, 用户 A不需要进行与用户 B的相互认证, 也即, 在一个变化的实施例中, 第一服务器认证装 置 102可以省略, 则第一公共参数获取装置(图中未示出)直接从公 共参数服务器中获取用户 B的公共参数。  In the above embodiment, after the mutual authentication between the user and the public parameter server of the user B is successful, it can be considered that the user A and the public parameter server of the user B are mutually trusted. However, the user A accesses the public parameter server of the user B in the local area network through the VPN (Virtual Private Network), because the user A and the local area network are connected securely, at this time, the user A does not need to perform the interaction with the user B. Mutual authentication, that is, in a variant embodiment, the first server authentication device 102 can be omitted, and the first common parameter acquisition device (not shown) directly obtains the public parameters of the user B from the public parameter server.

在另一个变化的实施例中,服务器标识获取装置 100、服务器定 位装置 101和第一服务器认证装置 1020均可以省略, 也即, 对应了 这样的场景, 用户设备 1此前与用户 B建立了安全通信, 因此在用 户设备 1中存储了用户 B对应的公共参数服务器的信息, 因此, 第 一公共参数获取装置 102直接根据其存储的用户 B对应的公共参数 服务器的信息获取用户 B的公共参数。  In another variant embodiment, the server identification obtaining device 100, the server positioning device 101, and the first server authentication device 1020 may all be omitted, that is, corresponding to such a scenario, the user device 1 previously established secure communication with the user B. Therefore, the information of the public parameter server corresponding to the user B is stored in the user equipment 1. Therefore, the first public parameter obtaining means 102 directly acquires the public parameters of the user B according to the information of the public parameter server corresponding to the user B stored therein.

在另一个变化的实施例中,服务器标识获取装置 100、服务器定 位装置 101、 第一服务器装置 1020和, 第二公共参数服务器 1021 均可以省略。 也即, 对应了这样的场景, 用户设备 1此前与用户 B 建立了安全通信, 因此在用户设备 1 中存储了用户 B对应的公共参 数, 且该公共参数的生命周期没有过期, 仍是有效信息, 因此, 公  In another variant embodiment, the server identification obtaining means 100, the server positioning means 101, the first server means 1020 and the second common parameter server 1021 may each be omitted. That is, corresponding to such a scenario, the user equipment 1 has previously established a secure communication with the user B, so the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter has not expired, and is still valid information. Therefore, public

18 EIE080032PCT 钥获取装置 103直接根据用户 B的公共参数、 用户 B的身份相关信 息, 获取用户 B的公钥。 18 EIE080032PCT The key obtaining means 103 directly acquires the public key of the user B according to the public parameter of the user B and the identity related information of the user B.

在另一个变化的实施例中, 第一加密装置 10还包括加密辅助信 息获取装置, 可以是本地随机生成的 CEK信息, 也可以是从外部获 取的, 但是对于从外部获取这种情形, 其安全性能不高, 因此, 优 选地, 辅助信息从本地随机生成。 则第三加密装置根据获取的 CEK 对待发送的信息进行加密。  In another variant embodiment, the first encryption device 10 further includes an encryption auxiliary information acquisition device, which may be locally generated CEK information, or may be externally acquired, but is secure for externally obtaining such a situation. The performance is not high, therefore, preferably, the auxiliary information is randomly generated from the local. Then, the third encryption device encrypts the information to be sent according to the acquired CEK.

以下, 参照图 6, 结合图 2和图 4, 对本发明的用户设备 2中用 于对经由存储转发服务器转发的来自用户设备 1的基于身份标识加 密技术加密后的信息进行解密的装置框图进行具体描述。  Hereinafter, with reference to FIG. 6, in conjunction with FIG. 2 and FIG. 4, a block diagram of a device for decrypting information encrypted by the identity-based encryption technology from the user equipment 1 forwarded by the storage and forwarding server in the user equipment 2 of the present invention is specifically described. description.

以下, 参照图 6并结合图 2对本发明的第四方面的各个具体实 施例进行描述, 其中, 对图 4所作说明在此一并作为参考。 图 6所 示的解密装置 20位于以图 1所示用户设备 2为例的各个终端设备中, 其中, 包括接收设备 200, 第二服务器认证装置 201、 第三公共参数 获取装置 202、 生成器标识获取装置 203、 生成器定位装置 204、 第 一私密信息获取装置 205、 私钥获取装置 206和解密处理装置 207 ; 其中, 第一私密信息获取装置 205还包括生成器认证装置 2050和第 二私密信息获取装置 2051 ; 解密处理装置 207还包括辅助信息解密 装置 2070和原始信息解密装置 2071。  Hereinafter, various specific embodiments of the fourth aspect of the present invention will be described with reference to FIG. 6 in conjunction with FIG. 2, wherein the description of FIG. 4 is hereby incorporated by reference. The decryption device 20 shown in FIG. 6 is located in each terminal device exemplified by the user equipment 2 shown in FIG. 1, and includes a receiving device 200, a second server authentication device 201, a third public parameter obtaining device 202, and a generator identifier. The obtaining device 203, the generator locating device 204, the first private information obtaining device 205, the private key obtaining device 206, and the decrypting processing device 207; wherein the first private information obtaining device 205 further includes a generator authentication device 2050 and second private information. The acquisition device 2051; the decryption processing device 207 further includes an auxiliary information decryption device 2070 and an original information decryption device 2071.

在存储转发服务器将来自用户设备 1的转发至用户设备 2之前, 存储转发服务器首先检测用户设备 2是否上线, 若存储转发服务器 检测到用户设备 2上线后, 其将存储在存储转发服务器中的来自用 户设备 1的经用户设备 1加密处理后的信息转发至用户设备 2。我们 理解, 现有的离线消息也是经由服务器进行转发。  Before the store-and-forward server forwards the user device 1 to the user device 2, the store-and-forward server first detects whether the user device 2 is online. If the store-and-forward server detects that the user device 2 is online, it will store the data from the store-and-forward server. The information encrypted by the user equipment 1 of the user equipment 1 is forwarded to the user equipment 2. We understand that existing offline messages are also forwarded via the server.

首先, 对用户设备 1发送至存储转发服务器的信息是经加密辅 助信息加密后的信 , 、以及经公钥加密后的加密辅助信息的这种情形 进行描述:  First, the information that the information sent by the user equipment 1 to the store-and-forward server is encrypted by the encrypted auxiliary information, and the encrypted auxiliary information encrypted by the public key is described as follows:

首先, 接收装置 200接收经由存储转发服务器转发的, 来自用 户 A使用的用户设备 1的, 经加密辅助信息, 以下以加密辅助信息  First, the receiving device 200 receives the encrypted auxiliary information from the user equipment 1 used by the user A, which is forwarded via the store-and-forward server, and the following is the encrypted auxiliary information.

19 EIE080032PCT 为 CEK为例进行说明, 加密后的信息以及经公钥加密后的加密辅助 信息。 19 EIE080032PCT For the CEK as an example, the encrypted information and the encrypted auxiliary information encrypted by the public key are described.

具体地, 接收装置 200所执行的获取经 CEK加密后的信息的子 步骤与获取经用户 B的公钥加密的 CEK的子步驟之间没有明显的先 后顺序, 也即, 存储转发服务器可以同时将经 CEK加密后的信息和 经用户 B的公钥加密的 CEK同时发送至用户设备 2, 也可以对两者 分开进行发送。 但是, 只有在用户设备 2接收到经用户 B的公钥加 密的 CEK后, 才可以开始对 CEK进行解密。 而只有在用户设备 2 得到经解密的 CEK后, 才能够对接收到的经 CEK加密后的信息进 行解密。  Specifically, there is no obvious sequence between the sub-step of acquiring the CEK-encrypted information performed by the receiving device 200 and the sub-step of acquiring the CEK encrypted by the user B's public key, that is, the store-and-forward server can simultaneously The CEK-encrypted information and the CEK encrypted by the user B's public key are simultaneously transmitted to the user equipment 2, and the two can also be transmitted separately. However, the CEK can only be decrypted after the user equipment 2 receives the CEK encrypted by the user B's public key. The received CEK-encrypted information can only be decrypted after the user equipment 2 has obtained the decrypted CEK.

在接收装置 200从接收到的经由存储转发服务器转发的经用户 B的和公钥加密后的 CEK后, 第二服务器认证装置 201从接收到的 经用户 B的公钥加密后的 CEK的信息包头中解析出用户 B的公共参 数服务器的 URI, 并根据用户 B的公共参数服务器的 URI定位用户 B的公共参数服务器, 则用户 B与用户 B的公共参数服务器进行相 互认证, 具体的认证的步骤可以参考上述图 3的针对步骤 S12的用 户 A与公共参数服务器的认证过程。 本领域技术人员应能理解, 所 述认证的机制可以是基于网絡接入认证和密钥协商机制的通用认证 方式 GBA、 PKI、 基于 ΙΒΕ算法或 HTTP digest等等, 在此不予赘述。  After the receiving device 200 receives the CEK encrypted by the user B and the public key forwarded via the store-and-forward server, the second server authentication device 201 receives the information packet header of the CEK encrypted by the public key of the user B. The URI of the public parameter server of the user B is parsed, and the public parameter server of the user B is located according to the URI of the public parameter server of the user B. Then, the user B and the public parameter server of the user B perform mutual authentication, and the specific authentication step may be performed. Refer to the authentication process of the user A and the public parameter server for step S12 of FIG. 3 described above. It should be understood by those skilled in the art that the mechanism for the authentication may be a universal authentication method based on network access authentication and key agreement mechanism, GBA, PKI, 基于-based algorithm or HTTP digest, etc., and will not be further described herein.

然后第三公共参数获取装置 202从经过相互认证的用户 B的公 共参数服务器中获取用户 B的公共参数。 用户 B的公共参数包括椭 圆算法曲线标识、 质数、 素数、 公共基点、 加密的哈希函数等。  The third public parameter obtaining means 202 then acquires the public parameters of the user B from the public parameter server of the mutually authenticated user B. User B's public parameters include the ellipse algorithm curve identifier, prime number, prime number, common base point, encrypted hash function, and so on.

此外, 用户 B的公共参数服务器中还包括 PKG的策略信息, 也 即, 生成器标识获取装置 203通过与公共参数服务器的交互, 可以 从公共参数服务器中获取用户 B的 PKG的 URL  In addition, the public parameter server of the user B also includes the policy information of the PKG, that is, the generator identifier obtaining means 203 can obtain the URL of the user B's PKG from the public parameter server by interacting with the public parameter server.

然后, 生成器标识定位装置 204用户设备 2通过私密信息生成 器的统一资源标识, 定位私密信息生成器。  Then, the generator identification locating device 204 user equipment 2 locates the private information generator through the uniform resource identifier of the private information generator.

然后, 生成器认证装置 2050与私密信息生成器进行相互认证。 通常情况下, 因为私密信息生成器保存的用户 B的私密信息对于用  Then, the generator authentication device 2050 performs mutual authentication with the private information generator. Usually, because the privacy information of user B saved by the private information generator is used

20 EIE080032PCT 户 B的安全通信至关重要, 因此, 需要进行生成器认证装置 2050与 私密信息生成器 PKG之间的相互认证。 该相互认证的过程, 具体的 步驟可以参考上述图 3的针对步骤 S12的用户 A与公共参数服务器 的认证过程。 本领域技术人员应能理解, 所述认证的机制可以是基 于网络接入认证和密钥协商机制的通用认证方式 GBA、PKI、基于 IBE 算法或 HTTP digest等等, 在此不予赘述。 20 EIE080032PCT The secure communication of the subscriber B is essential, and therefore mutual authentication between the generator authentication device 2050 and the private information generator PKG is required. For the process of mutual authentication, the specific steps may refer to the authentication process of the user A and the public parameter server for step S12 in FIG. 3 above. It should be understood by those skilled in the art that the mechanism of the authentication may be a general authentication mode GBA, PKI, an IBE based algorithm, or an HTTP digest based on a network access authentication and a key agreement mechanism, and the like, and details are not described herein.

然后, 第二私密信息获取装置 2051从经过相互认证的私密信息 生成器中获取用户 B的私密信息。 因为私密信息涉及到用户 B的信 息安全, 一旦私密信息泄漏, 会对用户 B造成不可估量的损失, 因 此, 私密信息应以安全的方式传送给用户设备 2, 例如加密机制有 PKL IBE等。  Then, the second private information obtaining means 2051 acquires the private information of the user B from the mutually authenticated private information generator. Since the private information relates to the security of the user B, once the private information is leaked, it will cause immeasurable loss to the user B. Therefore, the private information should be transmitted to the user equipment 2 in a secure manner, for example, the encryption mechanism is PKL IBE.

在 IBE系统中,私密信息是由私密信息生成器 PKG生成并提供 给解密的用户的, 是否需要为本次会话产生一个新的私钥取决于加 密的用户使用的是一个长期公钥还是一个短期公钥。 而这一决策受 系统安全策略和执行加密的客户策略的影响。  In the IBE system, private information is generated by the private information generator PKG and provided to the decrypted user. Is it necessary to generate a new private key for the session depending on whether the encrypted user uses a long-term public key or a short-term? Public key. This decision is influenced by system security policies and customer policies that enforce encryption.

PKG需要维护一个数据库, 存放当前系统参数配置下发布的每 个私密对应的 ID。 一个密钥可以被产生、 使用、 撤销或在生命周期 结束后被移去。  PKG needs to maintain a database to store each private ID corresponding to the current system parameter configuration. A key can be generated, used, revoked or removed after the end of its life cycle.

然后, 私钥获取装置 206根据已获取的用户 B的公共参数, 用 户 B的私密信息和用户 B的身份相关信息, 生成用户 B的私钥。 获 取用户 B的私钥也是基于 IBE算法的, 生成用户 B的私钥的具体算 法在 ietf组织的相关标准 (参见 http://www.ietf.org/rfc/rfc5Q91.txt, http://wwwjetf.org/intemet-drafts/draft-ietf-smime-bfibecms-08.txt, http:〃 www.ietf.org/interne1:-drafts/draft-ietf-smime-ibearch-06.txt ) 中 均有相关规定, 在此不予赘述。  Then, the private key obtaining means 206 generates the private key of the user B based on the acquired public parameters of the user B, the private information of the user B, and the identity related information of the user B. The user B's private key is also based on the IBE algorithm. The specific algorithm for generating the user B's private key is related to the ietf organization (see http://www.ietf.org/rfc/rfc5Q91.txt, http://wwwjetf). .org/intemet-drafts/draft-ietf-smime-bfibecms-08.txt, http:〃 www.ietf.org/interne1:-drafts/draft-ietf-smime-ibearch-06.txt ) , I will not repeat them here.

然后, 辅助信息解密装置 2070使用用户 B的私钥, 对已接收的 经用户 B的公钥加密后的 CEK进行私钥解密, 以还原出 CEK。  Then, the auxiliary information decrypting means 2070 decrypts the received CEK encrypted by the user B's public key using the private key of the user B to restore the CEK.

最后,原始信息解密装置 2071用已还原出的 CEK,对已接收的 经 CEK加密后的信息进行解密, 以还原出原信息。  Finally, the original information decryption means 2071 decrypts the received CEK-encrypted information with the restored CEK to restore the original information.

21 EIE080032PCT 在上述的实施例中, 第二服务器认证装置 201需要依赖接收装 置 200中获取的经加密的消息解析出用户 B的公共参数服务器的 URI。 但是, 在一个变化的实施例中, 解密装置 20可以直接与 IBE 系统进行通信以获取用户 B所对应的公共参数服务器的 URI, 并进 一步根据该获取的公共参数服务器的 URI定位该公共参数服务器。 也即, 此时接收装置 200和第二服务器认证装置 201所执行的步骤 之间并没有明显的先后顺序, 但是, 只有既完成了接收装置 200的 接收经由存储转发服务器转发的来自用户 A使用的用户设备 1的经 CEK加密后的信息以及经公钥加密后的 CEK, 私钥获取装置 206也 获取了用户 B的私钥, 解密处理装置 207才能用用户 B的私钥, 对 经用户 B的公钥加密后的 CEK进行私钥解密, 以还原出未经加密的 CEK。 21 EIE080032PCT In the above embodiment, the second server authentication apparatus 201 needs to resolve the URI of the public parameter server of the user B depending on the encrypted message acquired in the receiving apparatus 200. However, in a variant embodiment, the decryption device 20 can communicate directly with the IBE system to obtain the URI of the public parameter server corresponding to the user B, and further locate the public parameter server based on the URI of the acquired public parameter server. That is, there is no obvious sequence between the steps performed by the receiving device 200 and the second server authentication device 201 at this time, but only the receiving from the receiving device 200 is completed and the user A is forwarded via the store-and-forward server. The CEK encrypted information of the user equipment 1 and the CEK encrypted by the public key, the private key obtaining means 206 also acquires the private key of the user B, and the decryption processing means 207 can use the private key of the user B for the user B. The public key encrypted CEK decrypts the private key to restore the unencrypted CEK.

在另一个变化的实施例中, 第二服务器认证装置 201和第三公 共参数获取装置 202均可以省略。 也即, 对应了这样的场景, 解密 装置 20此前已经与公共参数服务器进行了相互认证, 且该认证仍未 失效, 所以第二服务器认证装置 201可以省略; 并且解密装置 20已 从公共参数服务器中获取了用户 B对应的公共参数, 则在用户设备 1 中存储了用户 B对应的公共参数, 且该公共参数的生命周期没有 过期, 仍是有效信息, 因此, 第三公共参数获取装置 202可以省略。 则生成器标识获取装置 203直接从已经过相互认证的公共参数服务 器中获取私密信息生成器的统一资源标识。  In another variant embodiment, both the second server authentication device 201 and the third public parameter acquisition device 202 may be omitted. That is, corresponding to such a scenario, the decryption device 20 has previously authenticated with the public parameter server, and the authentication has not expired, so the second server authentication device 201 can be omitted; and the decryption device 20 has been from the public parameter server. The public parameter corresponding to the user B is obtained, and the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter is not expired, and is still valid information. Therefore, the third public parameter obtaining device 202 can omit . Then, the generator identification obtaining means 203 directly obtains the uniform resource identifier of the private information generator from the public parameter server that has been mutually authenticated.

在一个变化的实施例中, 生成器标识获取装置 203、生成器定位 装置 204、生成器认证装置 2050和第二私密信息获取装置 2051可以 省略。 虽然私密信息生成器定期对与用户的身份信息与其对应的私 密信息进行更新, 但是, 一个私密信息的生命周期会持续一段时间。 也即, 存在这样的情形, 用户 B在前一次已从私密信息生成器中获 取了用户 B的私密信息, 且该私密信息未过期, 仍是有效的。 因此, 私钥获取装置 206直接根据本地存储的用户 B的私密信息, 用户 B 的身份相关信息和本地存储的用户; B的公共参数生成用户 B的私钥。  In a variant embodiment, generator identifier acquisition means 203, generator location means 204, generator authentication means 2050 and second private information acquisition means 2051 may be omitted. Although the private information generator periodically updates the private information associated with the user's identity information, the life cycle of a private message lasts for a while. That is, there is a case where the user B has obtained the private information of the user B from the private information generator the previous time, and the private information has not expired, and is still valid. Therefore, the private key obtaining means 206 directly generates the private key of the user B according to the private information of the user B stored locally, the identity related information of the user B, and the public parameters of the locally stored user B.

22 EIE080032PCT 在一个变化的实施例中, 若用户设备 1 中对待发送的信息进行 的加密处理是直接用用户 B的公钥对待发送的信息进行加密, 且转 发至存储转发服务器的经加密处理的信息为用用户 B的公钥加密的 密文, 则对应地, 辅助信息解密装置 2070和原始信息解密装置 2071 可以替换为解密处理装置 207, 解密处理装置 207用用户 B的私钥, 对已接收的经用户 B的公钥加密后的信息进行解密, 以还原出原始 的未加密的信息, 也即用户 A待发送的信息。 22 EIE080032PCT In a modified embodiment, if the information to be sent in the user equipment 1 is encrypted, the information to be sent directly by the public key of the user B is encrypted, and the encrypted information forwarded to the storage and forwarding server is used. User B's public key encrypted ciphertext, correspondingly, auxiliary information decryption device 2070 and original information decryption device 2071 may be replaced with decryption processing device 207, and decryption processing device 207 uses user B's private key for the received user The information encrypted by B's public key is decrypted to restore the original unencrypted information, that is, the information to be sent by user A.

以上对本发明的实施例进行了描述, 但是本发明并不局限于特 定的系统、 设备和具体协议, 本领域内技术人员可以在所附权利要 求的范围内做出各种变形或修改。  The embodiments of the present invention have been described above, but the present invention is not limited to the specific systems, equipment, and specific protocols, and various modifications and changes can be made by those skilled in the art within the scope of the appended claims.

23 EIE080032PCT 23 EIE080032PCT

Claims

权 利 要 求 书 Claim 1. 一种通信网络的第一用户使用的第一用户设备中用于经由存 储转发服务器与离线的第二用户使用的第二用户设备进行基于身份 标识加密技术的安全通信的方法, 其中, 包括以下步骤: A method for performing secure communication based on identity encryption technology in a first user equipment used by a first user of a communication network by a second user equipment used by a second user of the offline by a store-and-forward server, wherein The following steps: C. 基于待发送的信息进行加密处理, 以生成经加密处理后的信 息, 并将所述经加密处理的信息发送至所述存储转发服务器。  C. Performing an encryption process based on the information to be transmitted to generate the encrypted processed information, and transmitting the encrypted processed information to the store-and-forward server. 2. 根据权利要求 1所述的方法, 其特征在于, 所述步骤 c包括: cl . 用已获取的所述第二用户的公钥,对所述待发送的信息进行 加密, 以生成经所述公钥加密后的信息;  The method according to claim 1, wherein the step c comprises: cl. encrypting the information to be sent by using the obtained public key of the second user to generate a solution The information after the public key is encrypted; c2. 将所述经公钥加密后的信息发送至所述存储转发服务器。 C2. Send the public key encrypted information to the store-and-forward server. 3. 根据权利要求 1所述的方法, 其特征在于, 所述步骤 c之前 还包括以下步骤: The method according to claim 1, wherein the step c further comprises the following steps: - 获取加密辅助信息;  - Obtain encrypted auxiliary information; 其中, 所述步骤 C还包括:  The step C further includes: c,. 用已获取的加密辅助信息对所述待发送的信息进行加密, 以 生成经所述加密辅助信息加密后的信息, 并用已获取的所述第二用 户的公钥对所述加密辅助信息进行加密, 以生成经所述公钥加密后 的加密辅助信息, 以及将经所述加密辅助信息加密后的信息与经所 述公钥加密后的加密辅助信息发送至所述存储转发服务器。  And encrypting the information to be sent by using the obtained encryption auxiliary information to generate information encrypted by the encrypted auxiliary information, and using the obtained public key of the second user to obtain the encryption auxiliary The information is encrypted to generate encrypted auxiliary information encrypted by the public key, and the encrypted information encrypted by the encrypted auxiliary information and the encrypted auxiliary information encrypted by the public key are sent to the storage and forwarding server. 4. 根据权利要求 2或 3所述的方法, 其特征在于, 所述步骤 c 之前还包括:  The method according to claim 2 or 3, wherein before the step c, the method further comprises: a. 从公共参数服务器中获取公共参数;  a. Obtain public parameters from the public parameter server; b. 根据所述公共参数以及所述第二用户的身份相关信息, 获取 所述第二用户的公钥。  Obtaining, according to the public parameter and the identity related information of the second user, the public key of the second user. 5. 根据权利要求 4所述的方法, 其特征在于, 所述步骤 a之前 还包括:  The method according to claim 4, wherein before the step a, the method further comprises: - 获取所述公共参数服务器的统一资源标识;  - obtaining a uniform resource identifier of the public parameter server; - 通过所述公共参数服务器的统一资源标识,定位所述公共参数  - locating the public parameter by using a uniform resource identifier of the public parameter server 24 EIE080032PCT 服务器; 24 EIE080032PCT server; 其中, 所述步骤 a还包括: 从已定位的公共参数服务器获取公 共参数。  The step a further includes: obtaining a public parameter from the located public parameter server. 6. 根据权利要求 4或 5所述的方法, 其中, 所述步骤 a还包括 以下步骤:  The method according to claim 4 or 5, wherein the step a further comprises the following steps: al . 与所述公共参数服务器进行相互认证;  Al. mutual authentication with the public parameter server; a2. 从经过相互认证的公共参数服务器中获取所述第二用户的 公共参数。  A2. Acquire the public parameters of the second user from the mutually authenticated public parameter server. 7. 根据权利要求 4至 6中任一项所述的方法, 其特征在于, 所 述第二用户的身份相关信息包括第二用户的 ID。  The method according to any one of claims 4 to 6, wherein the identity related information of the second user comprises an ID of the second user. 8. 根据权利要求 4至 7中任一项所述的方法, 其特征在于, 所 述公共参数包括椭圆算法曲线标识、 质数、 素数、 公共基点、 加密 的哈希函数。  The method according to any one of claims 4 to 7, wherein the common parameters include an elliptical algorithm curve identifier, a prime number, a prime number, a common base point, and an encrypted hash function. 9. 一种通信网络的第二用户使用的第二用户设备中用于对经由 存储转发服务器转发的来自第一用户使用的第一用户设备的基于身 份标识加密技术加密后的信息进行解密的方法, 其中, 包括以下步  9. A method for decrypting information encrypted by an identity-based encryption technology of a first user device used by a first user forwarded via a store-and-forward server in a second user device used by a second user of the communication network , including the following steps C. 接收经由所述存储转发服务器转发的来自所述第一用户设 备的经加密处理后的信息; C. receiving encrypted processed information from the first user device forwarded via the store-and-forward server; D. 基于已接收的所述经加密处理后的信息进行解密处理, 以还 原出原始未经加密处理的信息。  D. Perform decryption processing based on the received encrypted processed information to restore original unencrypted processed information. 10. 根据权利要求 9所述的方法, 其特征在于, 所述步骤 D还 包括: 用已获取的所述第二用户的私钥, 对已接收的所述经公钥加 密后的信息进行私钥解密, 以还原出原始未加密信息。  The method according to claim 9, wherein the step D further comprises: privately receiving the public key encrypted information that has been received by using the acquired private key of the second user Key decryption to restore the original unencrypted information. 11. 根据权利要求 9所述的方法, 其特征在于, 所述步骤 C还 包括: 接收经由所述存储转发服务器转发的来自所述第一用户使用 的第一用户设备的经加密辅助信息加密后的信息以及经公钥加密后 的加密辅助信息;  The method according to claim 9, wherein the step C further comprises: receiving encrypted encrypted auxiliary information from the first user equipment used by the first user, which is forwarded by the storage and forwarding server, after being encrypted Information and encrypted auxiliary information encrypted by public key; 其中, 所述步骤 D还包括以下步骤:  The step D further includes the following steps: 25 EIE080032PCT Dl . 用已获取的所述笫二用户的私钥, 对已接收的所述经公钥 加密后的加密辅助信息进行私钥解密, 以还原出未经加密的加密辅 助信息; 25 EIE080032PCT Dl. Using the obtained private key of the second user, performing private key decryption on the received encrypted auxiliary information encrypted by the public key to restore unencrypted encrypted auxiliary information; D2. 用所述已还原出的未经加密的加密辅助信息, 对已接收的 所述经加密辅助信息加密后的信息进行解密, 以还原出原始未加密 信息。  D2. Decrypt the received information encrypted by the encrypted auxiliary information by using the restored unencrypted encryption auxiliary information to restore the original unencrypted information. 12. 根据权利要求 10或 1 1所述的方法, 其特征在于, 在所述步 骤 D之前还包括以下步驟:  12. The method according to claim 10 or 11, wherein before the step D, the following steps are further included: A. 从公共参数服务器中获取公共参数;  A. Obtain public parameters from the public parameter server; B. 根据已获取的公共参数、 已获取的所述第二用户的私密信息 和所述第二用户的身份相关信息, 获取所述第二用户的私钥。  B. Acquiring the private key of the second user according to the obtained public parameter, the acquired private information of the second user, and the identity related information of the second user. 13. 根据权利要求 12所述的方法, 其中, 所述步骤 A之前还包 括以下步骤:  13. The method according to claim 12, wherein the step A further comprises the following steps: - 与所述公共参数服务器进行相互认证;  - mutual authentication with the public parameter server; 其中, 所述步骤 A还包括: 从经过相互认证的公共参数服务器 中获取所述第二用户的公共参数。  The step A further includes: acquiring a public parameter of the second user from a public parameter server that has been mutually authenticated. 14. 根据权利要求 12或 13所述的方法, 其特征在于, 所述步骤 A之后, 步骤 B之前还包括以下步骤:  The method according to claim 12 or 13, wherein after the step A, the step B further comprises the following steps: I . 从私密信息生成器中获取所述第二用户的私密信息。  I. Obtain the private information of the second user from the private information generator. 15. 根据权利要求 14所述的方法, 其特征在于, 所述步骤 A之 后, 步骤 I之前还包括以下步骤:  The method according to claim 14, wherein after the step A, the step I further comprises the following steps: - 从所述公共参数服务器中获取私密信息生成器的统一资源标 识;  - obtaining a uniform resource identifier of the private information generator from the public parameter server; - 通过所述私密信息生成器的统一资源标识,定位所述私密信息 生成器;  - locating the private information generator by using a uniform resource identifier of the private information generator; 其中, 所述步骤 I还包括: 从已定位的私密信息生成器中获取所 述第二用户的私密信息。  The step I further includes: obtaining the private information of the second user from the located private information generator. 16. 根据权利要求 14所述的方法, 其中, 所述步骤 I还包括以 下步骤:  16. The method according to claim 14, wherein the step I further comprises the following steps: - 与所述私密信息生成器进行相互认证;  - mutual authentication with the private information generator; 26 EIE080032PCT - 从经过相互认证的所述私密信息生成器中获取所述第二用户 的私密信息。 26 EIE080032PCT - obtaining private information of the second user from the private information generator that has been mutually authenticated. 17. 根据权利要求 12至 16中任一项所述的方法, 其特征在于, 所述第二用户的身份相关信息包括第二用户的 ID。  The method according to any one of claims 12 to 16, wherein the identity related information of the second user comprises an ID of the second user. 18. 根据权利要求 12至 17中任一项所述的方法, 其特征在于, 所述公共参数包括椭圆算法曲线标识、 质数、 素数、 公共基点、 加 密的哈希函数。  The method according to any one of claims 12 to 17, wherein the common parameters include an elliptical algorithm curve identifier, a prime number, a prime number, a common base point, and an encrypted hash function. 19. 一种通信网络的第一用户使用的第一用户设备中用于经由 存储转发服务器与离线的第二用户使用的第二用户设备进行基于身 份标识加密技术的安全通信的第一加密装置, 其中, 包括:  19. A first encryption device for performing secure communication based on identity encryption technology in a first user device used by a first user of a communication network for use by a second user device used by a second user offline by a store-and-forward server, Among them, including: 第一发送装置, 用于基于待发送的信息进行加密处理, 以生成 经加密处理后的信息, 并将所述经加密处理的信息发送至所述存储 转发服务器。  And a first sending device, configured to perform an encryption process based on the information to be sent, to generate the encrypted processed information, and send the encrypted processed information to the storage forwarding server. 20. 根据权利要求 19所述的第一加密装置, 其特征在于, 所述 第一发送装置还包括:  The first encryption device according to claim 19, wherein the first transmitting device further comprises: 第二加密装置, 用已获取的所述第二用户的公钥, 对所述待发 送的信息进行加密, 以生成经所述公钥加密后的信息;  a second encryption device, configured to encrypt the information to be sent by using the acquired public key of the second user, to generate information encrypted by the public key; 第二发送装置, 将所述经公钥加密后的信息发送至所述存储转 发服务器。  The second transmitting device sends the public key encrypted information to the storage forwarding server. 21. 根据权利要求 19所述的第一加密装置, 其特征在于, 还包 括:  The first encryption device according to claim 19, further comprising: 辅助信息获取装置, 用于获取加密辅助信息;  An auxiliary information obtaining device, configured to obtain encrypted auxiliary information; 其中, 所述第一发送装置还用于, 用已获取的加密辅助信息对 所述待发送的信息进行加密, 以生成经所述加密辅助信息加密后的 信息, 并用已获取的所述第二用户的公钥对所述加密辅助信息进行 加密, 以生成经所述公钥加密后的加密辅助信息, 以及将经所述加 密辅助信息加密后的信息与经所述公钥加密后的加密辅助信息发送 至所述存储转发服务器。  The first sending device is further configured to: encrypt the information to be sent by using the obtained encrypted auxiliary information, to generate information encrypted by the encrypted auxiliary information, and use the acquired second The public key of the user encrypts the encrypted auxiliary information to generate encrypted auxiliary information encrypted by the public key, and the encrypted information encrypted by the encrypted auxiliary information and the encrypted auxiliary encrypted by the public key Information is sent to the store-and-forward server. 22. 根据权利要求 20或 21所述的第一加密装置, 其特征在于,  22. The first encryption device according to claim 20 or 21, wherein 27 EIE080032PCT 还包括: 27 EIE080032PCT Also includes: 第一公共参数获取装置, 用于从公共参数服务器中获取公共参 数;  a first public parameter obtaining device, configured to obtain a public parameter from a public parameter server; 公钥获取装置, 用于根据所述公共参数以及所述第二用户的身 份相关信息, 获取所述第二用户的公钥。  The public key obtaining means is configured to acquire the public key of the second user according to the public parameter and the identity related information of the second user. 23. 根据权利要求 22所述的第一加密装置, 其特征在于, 还包 括:  The first encryption device according to claim 22, further comprising: 服务器标识获取装置, 用于获取所述公共参数服务器的统一资 源标识;  a server identifier obtaining device, configured to acquire a unified resource identifier of the public parameter server; 服务器定位装置, 用于通过所述公共参数服务器的统一资源标 识, 定位所述公共参数服务器;  a server positioning device, configured to locate the public parameter server by using a uniform resource identifier of the public parameter server; 其中, 所述第一公共参数获取装置还用于, 从已定位的公共参 数服务器获取公共参数。  The first public parameter obtaining apparatus is further configured to acquire a public parameter from the located public parameter server. 24. 根据权利要求 22或 23所述的第一加密装置, 其中, 所述第 一公共参数获取装置还包:  The first encryption device according to claim 22 or 23, wherein the first common parameter acquisition device further comprises: 第一服务器认证装置, 用于与所述公共参数服务器进行相互认 证;  a first server authentication device, configured to perform mutual authentication with the public parameter server; 第二公共参数获取装置, 用于从经过相互认证的公共参数服务 器中获取所述第二用户的公共参数。  And a second common parameter obtaining means, configured to acquire the common parameter of the second user from the mutually authenticated public parameter server. 25. 根据权利要求 22至 24中任一项所述的第一加密装置,其特 征在于, 所述第二用户的身份相关信息包括第二用户的 ID。  The first encryption device according to any one of claims 22 to 24, wherein the identity related information of the second user comprises an ID of the second user. 26. 根据权利要求 22至 25中任一项所述的第一加密装置,其特 征在于, 所述公共参数包括椭圆算法曲线标识、 质数、 素数、 公共 基点、 加密的哈希函数。  The first encryption apparatus according to any one of claims 22 to 25, wherein the common parameters include an elliptical algorithm curve identifier, a prime number, a prime number, a common base point, and an encrypted hash function. 27. 一种通信网络的第二用户使用的第二用户设备中用于对经 由存储转发服务器转发的来自第一用户使用的第一用户设备的基于 身份标识加密技术加密后的信息进行解密的解密装置, 其中, 包括: 接收装置, 用于接收经由所述存储转发服务器转发的来自所述 第一用户使用的第一用户设备的经加密处理后的信息;  27. Decryption of a second user device used by a second user of a communication network for decrypting information encrypted by an identity-based encryption technology of a first user device used by a first user forwarded via a store-and-forward server The device, comprising: receiving means, configured to receive encrypted processed information from a first user equipment used by the first user, which is forwarded by the storage and forwarding server; 28 EIE080032PCT 解密处理装置, 用于基于已接收的所述经加密处理后的信息进 行解密处理, 以还原出原始未经加密处理的信息。 28 EIE080032PCT The decryption processing means is configured to perform decryption processing based on the received encrypted processed information to restore the original unencrypted processed information. 28. 根据权利要求 27所述的解密装置, 其特征在于, 所述解密 处理装置还用于: 用已获取的所述第二用户的私钥, 对已接收的所 述经公钥加密后的信息进行私钥解密, 以还原出原始未加密信息。  The decryption device according to claim 27, wherein the decryption processing device is further configured to: encrypt the received public key by using the obtained private key of the second user The information is decrypted by the private key to restore the original unencrypted information. 29. 根据权利要求 27所述的解密装置, 其特征在于, 所述接收 装置还用于: 接收经由所述存储转发服务器转发的来自所述第一用 户使用的第一用户设备的经加密辅助信息加密后的信息以及经公钥 加密后的加密辅助信息;  The decrypting apparatus according to claim 27, wherein the receiving apparatus is further configured to: receive encrypted auxiliary information from the first user equipment used by the first user, which is forwarded via the storage and forwarding server The encrypted information and the encrypted auxiliary information encrypted by the public key; 其中, 所述解密处理装置还包括:  The decryption processing device further includes: 辅助信息解密装置, 用于用已获取的所述第二用户的私钥, 对 已接收的所述经公钥加密后的加密辅助信息进行私钥解密, 以还原 出未经加密的加密辅助信息;  The auxiliary information decrypting device is configured to decrypt the encrypted public auxiliary key encrypted by the public key with the acquired private key of the second user to restore the encrypted auxiliary information without being encrypted. ; 原始信息解密装置, 用于用所述已还原出的未经加密的加密辅 助信息, 对已接收的所述经加密辅助信息加密后的信息进行解密, 以还原出原始未加密信息。  The original information decryption means is configured to decrypt the received information encrypted by the encrypted auxiliary information by using the restored unencrypted encryption auxiliary information to restore the original unencrypted information. 30. 根据权利要求 28或 29所述的解密装置, 其特征在于, 还包 括:  The decryption device according to claim 28 or 29, further comprising: 第三公共参数获取装置, 用于从公共参数服务器中获取公共参 数;  a third public parameter obtaining device, configured to obtain a public parameter from a public parameter server; 私钥获取装置, 用于根据已获取的公共参数、 已获取的所述第 二用户的私密信息和所述第二用户的身份相关信息, 获取所述第二 用户的私钥。  The private key obtaining means is configured to obtain the private key of the second user according to the acquired public parameter, the acquired private information of the second user, and the identity related information of the second user. 31. 根据权利要求 30所述的解密装置, 其中, 还包括:  The decryption device according to claim 30, further comprising: 第二服务器认证装置, 用于与所述公共参数服务器进行相互认 证;  a second server authentication device, configured to perform mutual authentication with the public parameter server; 其中, 所述第三公共参数获取装置还用于, 从经过相互认证的 公共参数服务器中获取所述第二用户的公共参数。  The third public parameter obtaining apparatus is further configured to acquire the public parameter of the second user from a public parameter server that has been mutually authenticated. 32. 根据权利要求 30或 31所述的解密装置, 其特征在于, 还包 括:  The decryption device according to claim 30 or 31, further comprising: 29 EIE080032PCT 第一私密信息获取装置, 从私密信息生成器中获取所述第二用 户的私密信息。 29 EIE080032PCT The first private information obtaining device acquires the private information of the second user from the private information generator. 33. 根据权利要求 32所述的解密装置, 其特征在于, 还包括: 生成器标识获取装置, 用于从所述公共参数服务器中获取私密 信息生成器的统一资源标识;  The decryption device according to claim 32, further comprising: a generator identifier obtaining means, configured to obtain a uniform resource identifier of the private information generator from the public parameter server; 生成器定位装置, 用于通过所述私密信息生成器的统一资源标 识, 定位所述私密信息生成器;  a generator locating device, configured to locate the private information generator by using a uniform resource identifier of the private information generator; 其中, 第一私密信息获取装置还用于, 从已定位的私密信息生 成器中获取所述第二用户的私密信息。  The first private information obtaining apparatus is further configured to obtain the private information of the second user from the located private information generator. 34. 根据权利要求 32所述的解密装置, 其中, 所述第一私密信 息获取装置还包括:  The decryption device according to claim 32, wherein the first private information obtaining device further comprises: 生成器认证装置, 用于与所述私密信息生成器进行相互认证; 第二私密信息获取装置, 用于从经过相互认证的所述私密信息 生成器中获取所述第二用户的私密信息。  a generator authentication device, configured to perform mutual authentication with the private information generator; and a second private information obtaining device, configured to acquire private information of the second user from the mutually authenticated private information generator. 35. 根据权利要求 30至 34中任一项所述的解密装置,其特征在 于, 所述第二用户的身份相关信息包括第二用户的 ID。  The decryption apparatus according to any one of claims 30 to 34, wherein the identity related information of the second user includes an ID of the second user. 36. 根据权利要求 30至 35中任一项所述的解密装置,其特征在 于, 所述公共参数包括椭圆算法曲线标识、 质数、 素数、 公共基点、 加密的哈希函数。  The decryption apparatus according to any one of claims 30 to 35, wherein the common parameters include an elliptical algorithm curve identifier, a prime number, a prime number, a common base point, and an encrypted hash function. 37. 一种用于经由存储转发服务器与离线的第二用户使用的第 二用户设备进行基于身份标识加密技术的安全通信的通信网络的第 一用户使用的第一用户设备, 其特征在于, 包括权利要求 19至 26 中任一项用于经由存储转发服务器与离线的第二用户使用的第二用 户设备进行基于身份标识加密技术的安全通信的第一加密装置。  37. A first user equipment for use by a first user of a communication network for secure communication based on identity encryption technology with a second user equipment used by a second user of an offline forwarding and forwarding server, characterized in that it comprises A first encryption apparatus for performing secure communication based on identity encryption technology via a store-and-forward server with a second user device used by an offline second user, according to any one of claims 19 to 26. 38. 一种用于对经由存储转发服务器转发的来自第一用户使用 的第一用户设备的基于身份标识加密技术加密后的信息进行解密的 通信网络的第二用户使用的第二用户设备, 其特征在于, 包括权利 要求 27至 36中任一项用于对经由存储转发服务器转发的来自第一 用户使用的第一用户设备的基于身份标识加密技术加密后的信息进 行解密的解密装置。  38. A second user equipment for use by a second user of a communication network for decrypting information encrypted by an identity-based encryption technology of a first user device used by a first user, forwarded via a store-and-forward server, A decryption apparatus for decrypting information encrypted by an identity-based encryption technology from a first user device used by a first user, which is forwarded via a store-and-forward server, according to any one of claims 27 to 36. 30 EIE080032PCT  30 EIE080032PCT
PCT/CN2008/001117 2008-06-10 2008-06-10 Secure communication method and apparatus based on ibe algorithm in the store and forward manner Ceased WO2009149579A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2008/001117 WO2009149579A1 (en) 2008-06-10 2008-06-10 Secure communication method and apparatus based on ibe algorithm in the store and forward manner
CN200880129172.1A CN102027704A (en) 2008-06-10 2008-06-10 Secure communication method and apparatus based on IBE algorithm in the store and forward manner

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2008/001117 WO2009149579A1 (en) 2008-06-10 2008-06-10 Secure communication method and apparatus based on ibe algorithm in the store and forward manner

Publications (1)

Publication Number Publication Date
WO2009149579A1 true WO2009149579A1 (en) 2009-12-17

Family

ID=41416329

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/001117 Ceased WO2009149579A1 (en) 2008-06-10 2008-06-10 Secure communication method and apparatus based on ibe algorithm in the store and forward manner

Country Status (2)

Country Link
CN (1) CN102027704A (en)
WO (1) WO2009149579A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113141333A (en) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 Communication method, device, server, system and storage medium for network access device
CN117118598A (en) * 2023-03-14 2023-11-24 荣耀终端有限公司 A data sharing method, electronic device and computer cluster
WO2025001828A1 (en) * 2023-06-28 2025-01-02 华为技术有限公司 Security processing method, apparatus and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070162554A1 (en) * 2006-01-12 2007-07-12 International Business Machines Corporation Generating a public key and a private key in an instant messaging server
CN101044741A (en) * 2005-07-08 2007-09-26 松下电器产业株式会社 Secure Peer-to-Peer Messaging Service

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101044741A (en) * 2005-07-08 2007-09-26 松下电器产业株式会社 Secure Peer-to-Peer Messaging Service
US20070162554A1 (en) * 2006-01-12 2007-07-12 International Business Machines Corporation Generating a public key and a private key in an instant messaging server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
X.BOYEN ET AL.: "Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems", RFC 5091, December 2007 (2007-12-01), pages 3 - 8,32-35 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113141333A (en) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 Communication method, device, server, system and storage medium for network access device
CN117118598A (en) * 2023-03-14 2023-11-24 荣耀终端有限公司 A data sharing method, electronic device and computer cluster
WO2025001828A1 (en) * 2023-06-28 2025-01-02 华为技术有限公司 Security processing method, apparatus and storage medium

Also Published As

Publication number Publication date
CN102027704A (en) 2011-04-20

Similar Documents

Publication Publication Date Title
CN101512537B (en) Method and system for securely handling authentication keying material in an ad hoc wireless network
EP2039199B1 (en) User equipment credential system
CN101371550B (en) Method and system for automatically and freely providing user of mobile communication terminal with service access warrant of on-line service
CN102082796B (en) Method for encrypting channels and simplified method and system for encrypting channels based on HTTP (hyper text transport protocol)
WO2010078755A1 (en) Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
WO2006032214A1 (en) Method for realizng transmission of syncml synchronous data
CN101459506A (en) Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
CN109075973B (en) Method for carrying out unified authentication on network and service by using ID-based cryptography
CN111050322A (en) GBA-based client registration and key sharing method, device and system
CN102404347A (en) Mobile internet access authentication method based on public key infrastructure
WO2008080800A2 (en) Securing communication
US8769281B2 (en) Method and apparatus for securing communication between a mobile node and a network
CN116321158B (en) Certificate-based local UE authentication
CN110808834A (en) Quantum key distribution method and quantum key distribution system
EP1933498B1 (en) Method, system and device for negotiating about cipher key shared by ue and external equipment
CN115766172A (en) Message forwarding method, device, equipment and medium based on DPU and national password
CN114386020B (en) Quantum-safe fast secondary identity authentication method and system
CN101483863B (en) Instant message transmitting method, system and WAPI terminal
CN114762294B (en) Authentication enhancements
Mosko et al. Mobile sessions in content-centric networks
WO2009149579A1 (en) Secure communication method and apparatus based on ibe algorithm in the store and forward manner
CN115567299B (en) A message transmission method and system based on end-to-end encryption
CN110933673B (en) An access authentication method for IMS network
CN101207480A (en) A cross-domain multi-gatekeeper end-to-end session key negotiation method
Lu et al. Research on Quantum SSL Based on National Cryptography

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880129172.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08772943

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08772943

Country of ref document: EP

Kind code of ref document: A1