[go: up one dir, main page]

WO2009149579A1 - Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert - Google Patents

Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert Download PDF

Info

Publication number
WO2009149579A1
WO2009149579A1 PCT/CN2008/001117 CN2008001117W WO2009149579A1 WO 2009149579 A1 WO2009149579 A1 WO 2009149579A1 CN 2008001117 W CN2008001117 W CN 2008001117W WO 2009149579 A1 WO2009149579 A1 WO 2009149579A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
information
encrypted
server
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2008/001117
Other languages
English (en)
Chinese (zh)
Inventor
胡志远
万志坤
骆志刚
金晓蓉
黄平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Shanghai Bell Co Ltd
Alcatel Lucent SAS
Original Assignee
Alcatel Lucent Shanghai Bell Co Ltd
Alcatel Lucent SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent Shanghai Bell Co Ltd, Alcatel Lucent SAS filed Critical Alcatel Lucent Shanghai Bell Co Ltd
Priority to PCT/CN2008/001117 priority Critical patent/WO2009149579A1/fr
Priority to CN200880129172.1A priority patent/CN102027704A/zh
Publication of WO2009149579A1 publication Critical patent/WO2009149579A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Definitions

  • the present invention relates to a method and apparatus for establishing secure communication in a communication network, and more particularly to a method and apparatus for establishing end-to-end secure communication in a store-and-forward mode based on an identity identification encryption algorithm.
  • a user before establishing communication, a user must establish a secure channel with the communication partner to agree on what encryption algorithm to use and encryption and decryption keys, and in the subsequent communication process, according to the agreed encryption algorithm and encryption, The decryption key is used for encrypted communication to ensure the security of communication.
  • both parties need to negotiate the relevant keys (such as session key, session key) and encryption algorithms.
  • the session key can be generated by a random number or by a random number and a seed key, and sent out before the communication parties communicate. Once the session is interrupted, if either of the communicating parties is offline, these negotiated security information such as the session key will be invalid.
  • the TLS mechanism and Kerberos currently only support the security protection of real-time online communication, and cannot solve the problem of communication data security protection of offline storage and forwarding systems.
  • a mutual handshake in order to establish a secure channel, a mutual handshake, a negotiation encryption, a MAC (Message Authentication Code) algorithm, and a three-way handshake of a secret key based on one session of the communication session are required.
  • a mutual handshake in order to establish a secure channel, a mutual handshake, a negotiation encryption, a MAC (Message Authentication Code) algorithm, and a three-way handshake of a secret key based on one session of the communication session are required.
  • a MAC Message Authentication Code
  • the first handshake (H1) the user C sends a Client hello message to the server S;
  • the second handshake H2 the server S sends a SeverHelloDone message to the user C for interacting with the user C, Serverhello, Certificate ,
  • the session key is generated by the KDC (key distribution center). Therefore, the KDC knows the session key of all users. Once the information is leaked by the KDC, the information security of the user cannot be guaranteed. True end-to-end secure communication.
  • the present invention provides a new solution, as follows:
  • the first user equipment (sending device) used by the first user performs encryption processing based on information to be transmitted to generate an encrypted process. And transmitting, to the storage and forwarding server, the second user equipment (receiving device) used by the second user, receiving, by the first user, Encrypted processed information of a user equipment, based on received
  • a second user equipment used by a first user of a communication network for performing identity-based encryption based on a second user equipment used by a second user offline by a store-and-forward server
  • the method for secure communication includes the following steps: performing encryption processing based on information to be sent to generate encrypted processed information, and transmitting the encrypted processed information to the storage and forwarding server.
  • an identity-based encryption technology for a first user equipment used by a first user to be forwarded via a store-and-forward server in a second user equipment used by a second user of the communication network
  • the method for decrypting the encrypted information comprising the steps of: receiving encrypted processed information from the first user equipment used by the first user that is forwarded via the storage and forwarding server; The encrypted processed information is decrypted to restore the original unencrypted information.
  • a second user equipment used by a first user of a communication network for performing identity-based encryption technology with a second user equipment used by a second user offline by a store-and-forward server comprising: a first sending device, configured to perform an encryption process based on information to be transmitted, to generate encrypted processed information, and send the encrypted processed information to the Store and forward server.
  • an identity-based encryption technology for a first user equipment used by a first user to be forwarded via a store-and-forward server in a second user equipment used by a second user of the communication network.
  • the decrypting device for decrypting the encrypted information comprising: receiving means, configured to receive the encrypted processed information from the first user equipment used by the first user and forwarded by the storage and forwarding server; decryption processing And means for performing decryption processing on the received encrypted information based on the received information to restore the original unencrypted processed information.
  • the information is generated by the private information generator based on the user's request, that is, the generation time of the private key is different from the generation time of the public key. Therefore, the first in the identity-based encryption algorithm system is not required before the secure channel is established.
  • the first user equipment used by the user and the second user equipment used by the second user perform interaction with the security information related to establishing secure communication. Therefore, by adopting the technical solution provided by the present invention, the problem of offline secure communication is solved.
  • FIG. 1 is a schematic diagram of a process in which a TLS algorithm in the prior art performs a three-way handshake between a user and a server for establishing a secure communication;
  • FIG. 2 is a schematic diagram of a topological structure of a communication network in accordance with an embodiment of the present invention
  • FIG. 3 is a diagram of a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server, in accordance with an embodiment of the present invention.
  • FIG. 4 is a flow chart of a method for decrypting information encrypted by an identity-based encryption technology from a user equipment 1 forwarded by a store-and-forward server in a user equipment 2, in accordance with an embodiment of the present invention
  • FIG. 5 is a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server according to an embodiment of the present invention.
  • Figure 6 is a block diagram of an apparatus for decrypting information encrypted by an identity-based encryption technique from user equipment 1 forwarded via a store-and-forward server.
  • the PKG includes a master secret for generating personal IBE private information.
  • the PKG accepts the request message from the IBE system user to generate the IBE private information, and returns the IBE private information to the user after being authenticated by the user in an agreed manner.
  • a PKG can have multiple users, each with a public identity that identifies itself.
  • PPS Public Parameter Server
  • IBE system A system that includes an identity-based encryption algorithm for a private information generator, a public parameter server, a transmitting device, a receiving device, and the like.
  • Uniform Resource Identifier Every available resource on the Web. For example, HTML documents, images, video clips, programs, etc. are all passed by a generic resource identifier
  • URI Uniform Resource Identifier
  • a URI is generally composed of three parts:
  • a user can correspond to multiple user equipments. For example, if a user applies for a QQ account, the user can log in at home according to the QQ account, or log in at the Internet cafe. When logging in at home, the user device corresponding to the user is a home computer, and when logging in at the Internet cafe, The user equipment corresponding to the user is a computer of the Internet cafe.
  • the user A is the first user
  • the corresponding user equipment is the user equipment 1 (ie, the first user equipment used by the first user);
  • the user B is the second user
  • the corresponding user equipment is the user equipment. 2 (ie the second user device used by the second user).
  • this correspondence is only an example, and those skilled in the art can understand that one user can correspond to multiple user equipments, that is, the following situations are used.
  • User A is the computer that is logged in to the computer with the MSN account.
  • the corresponding user device is the mobile phone.
  • User equipment includes computers, cell phones, PDAs, and the like.
  • a user's user identity information is a globally unique ID or a unique ID in a closed domain. This ID is any unique string that directly represents the user's identity. It can be used by name, ID number, E. -mail address, SIM card number, mobile phone number (bind with user identity), device serial number, for example, the unique identifier of the computer used by the user (eg motherboard serial number, CPU serial number, etc., or a combination thereof), registered by the user at the server The username, for example, the MSN account, the QQ account, etc., or a combination thereof. According to the standard identity ID, the domain (such as country code, area code) and other identifiers (such as SIM card number, mobile phone number, etc.) of the user can be parsed.
  • ID is any unique string that directly represents the user's identity. It can be used by name, ID number, E. -mail address, SIM card number, mobile phone number (bind with user identity), device serial number, for example, the unique identifier of the computer used by the user (eg
  • the user A of the above is the ID of the user A, that is, the user A, when the user device used by the user A is a computer, a mobile phone or a PDA, or another user device logs in to the MSN service.
  • MSN account number is the ID of the user A, that is, the user A, when the user device used by the user A is a computer, a mobile phone or a PDA, or another user device logs in to the MSN service.
  • CEK Content Encryption Key
  • C EK encryption can be based on symmetric key algorithms such as DES (Data Encryption Standard) and AES (Advanced Encryption). .
  • the user equipment 1 (the first user equipment used by the first user) and the user equipment 2 (the second user equipment used by the second user) are two terminal user equipments that establish secure communication, which may be computer terminals or mobile phones.
  • the application scenario of the terminal may be, for example, two end user devices using MSN or QQ chat software.
  • the store-and-forward server 3 detects that the state of the user equipment 2 is offline (the person skilled in the art can understand that the store-and-forward server can be subdivided into a message communication server (MCS) and message and media storage. Server (Message and Media Storage, MMS),
  • EIE080032PCT MCS and MMS can be integrated in the same server, or they can be two separate servers.
  • the MCS is mainly responsible for detecting the status of the user equipment, whether it is offline or online; and the MMS is mainly responsible for storing the encrypted ciphertext forwarded by the user equipment, and the storage and forwarding server 3 notifies the user equipment 1 that it is encrypted and sent to the user equipment 2.
  • the processed information needs to be sent to the store-and-forward server, that is, the user device 1 transmits the encrypted processed information to the store-and-forward server 3 via the communication link 4.
  • the user equipment 1 when the user equipment 1 is a computer, the user equipment 1 is connected to the router and connected to the access equipment (DSLAM), and finally logically connected to the store-and-forward server 3.
  • DSLAM access equipment
  • the user equipment 1 When the user equipment 1 is a mobile phone user, the mobile phone user needs to perform wireless communication with the base station, and then finally communicate with the storage and forwarding server through a communication device such as a base station, and the communication link 4 is summarized.
  • the store-and-forward server 3 detects that the user equipment 2 is online, the store-and-forward server 3 forwards the encrypted processed information stored therein to the second user equipment 2 via the communication link 5.
  • the link connection between the store-and-forward server 3 and the user equipment 2 is not expanded, but is summarized directly by the communication link 5.
  • FIG. 3 is a diagram of a user equipment 1 encrypting a CEK with a public key, encrypting information to be transmitted with a CEK, and transmitting the CEK encrypted by the public key and the CEK-encrypted information to the store-and-forward server, in accordance with an embodiment of the present invention.
  • the user equipment 1 acquires the unified resource identifier of the public parameter server of the user B. Since the identity related information of User B is well known, the identity related information includes location identification information. For example, when user B is a mobile phone user and the identity related information is a phone number, the identity related information of the user B includes location identification information.
  • the IBE system may query the uniform resource identifier of the public parameter server corresponding to the user B.
  • step S11 the user equipment 1 locates the public parameter server by using the uniform resource identifier of the public parameter server.
  • step S12 the user equipment 1 performs mutual authentication with the public parameter server of the located user B.
  • the authentication of the user equipment 1 and the public parameter server may adopt a universal authentication method based on the network access authentication and the key agreement mechanism, that is, GBA (Generic).
  • the authentication process between the user equipment 1 and the public parameter server can be as follows: After receiving the public parameter request message from the user equipment 1 , the public parameter server checks whether there is a user A (using the user of User Equipment 1) corresponds to a valid pre-shared key (pre-shared key is a Unicode string), if there is no pre-shared key, the GBA process is initiated, the process is: BSF (bootstrap service) Function, Bootstrapping Server Function ) (Assume that the BSF and the public parameter server are combined into one physical device) Check whether there is a valid 5-way authentication vector (Authentication Vector) corresponding to User A (user using User Device 1).
  • BSF bootsstrap service
  • Bootstrapping Server Function a valid 5-way authentication vector
  • RAND Random Access Memory
  • CK Cipher Key
  • Kc Key
  • IK Integrity Key
  • the BSF has a 5-tuple or triplet authentication vector corresponding to User A, a set of authentication vectors is selected therefrom; if not, the BSF will obtain an authentication vector from the HSS (Home Subscriber Server) (please refer to 3GPP TS33 based) .220, 3GPP TS 33.102, 3GPP TS 33.103 and 3GPP TS 33.105 Diameter and MAP protocol), HSS will generate a 5-tuple or triplet authentication vector according to the capability of the terminal (User A), and then return to the BSF, where, The tuple authentication vector contains communication device authentication information (for example, RAND, RES), management device authentication information (for example, RAND, AUTN), and a security policy known by UE1 (for example, CK).
  • HSS Home Subscriber Server
  • the BSF and the user equipment 1 generate the pre-shared key in the same way (ie, the user equipment 1 derives the pre-shared key by IK, CK and other parameters in the same way as the BSF), and the BSF forwards the pre-shared key to Public parameter server.
  • User A and the public parameter server authenticate based on the pre-shared key using an associated authentication mechanism (such as HTTP Digest, PSK-TLS, etc.).
  • mutual authentication between user A and the public parameter server may also be based on PKIJBC or HTTP digest.
  • step S13 the user equipment 1 obtains the public parameters of the user B from the authenticated public parameter server.
  • Common parameters include elliptical algorithm curve identification, prime number, prime number,
  • the user equipment 1 encrypts the information to be sent by using the encrypted auxiliary information to generate information encrypted by the encrypted auxiliary information, and encrypts the encrypted auxiliary information with the obtained public key of the user B to generate a public information.
  • the encrypted auxiliary information after the key is encrypted, and the encrypted information encrypted by the encrypted auxiliary information and the encrypted auxiliary information encrypted by the public key are sent to the storage and forwarding server.
  • step S15 may be refined into the following sub-steps (not shown in FIG. 3):
  • the user equipment 1 generates the encryption assistance information randomly generated according to the local (for example, CEK, Content Encryption Key, content encryption key).
  • the information to be sent is encrypted to generate CEK-encrypted information.
  • different lengths of CE can be selected according to the length of the encryption algorithm.
  • step ⁇ the user equipment 1 transmits the CEK-encrypted information to the store-and-forward server.
  • step i the user equipment 1 encrypts the CEK with the user's public key to generate a CEK encrypted by the user B public key.
  • step ii the user equipment 1 transmits the CEK encrypted by the user B public key to the storage and forwarding server 3.
  • the user equipment 1 adds the CEK using the public key of the user B.
  • the information to be sent by the CEK is encrypted.
  • the CEK is based on a symmetric key encryption algorithm (such as the AES algorithm)
  • encrypting the information to be sent by the CEK can save the time required for encryption.
  • An asymmetric cryptosystem approach (such as a public-private key pair algorithm) requires a large amount of computation and is not suitable for encrypting large amounts of information.
  • the CEK itself has less information, so the CEK is encrypted with the public key in the asymmetric cryptosystem. Encrypting the information to be sent with CEK can also improve the efficiency as a whole, but because of the introduction of a new parameter CEK, it may bring Come to the complexity of the system.
  • step S 15 can be subdivided into the following sub-steps (shown in Figure 3):
  • Step S150 The user equipment 1 encrypts the information to be sent by using the acquired public key of the user B to generate information encrypted by the public key of the user B.
  • the user equipment 1 transmits the information encrypted by the public key of the user B to the store-and-forward server.
  • steps S10, S1, and S12 may be omitted, that is, corresponding to such a scenario, the user equipment 1 has previously established secure communication with the user B, and thus the user is stored in the user equipment 1.
  • the information of the public parameter server corresponding to B therefore, the user equipment 1 directly obtains the public parameters of the user B according to the information of the public parameter server corresponding to the user B stored therein.
  • steps S10, Sl1, S12 and S13 may each be omitted. That is, corresponding to such a scenario, the user equipment 1 has previously established secure communication with the user B, so the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter is not expired, and is still valid information. Therefore, in step S14, the user equipment 1 directly obtains the public key of the user B according to the public parameters of the user B and the identity related information of the user B.
  • the step of acquiring the encryption auxiliary information may be locally generated CEK information, or may be obtained from the outside, but for obtaining the situation from the outside, The security performance is not high, therefore, preferably, the auxiliary information is randomly generated from the local. It is to be noted that the acquisition step of the encryption auxiliary information is only required to be performed before the step of encrypting the information to be transmitted by using the CEK.
  • the store-and-forward server Before the store-and-forward server forwards the user device 1 to the user device 2, the store-and-forward server first detects whether the user device 2 is online. If the store-and-forward server detects that the user device 2 is online, it will store the data from the store-and-forward server. The information encrypted by the user equipment 1 of the user equipment 1 is forwarded to the user equipment 2. We understand that existing offline messages are also forwarded via the server.
  • step S20 the user B receives the encrypted auxiliary information from the user equipment 1 used by the user A, which is forwarded via the store-and-forward server.
  • the following uses the encrypted auxiliary information as the CEK as an example.
  • the encrypted information and the public key are used. Encrypted auxiliary information after encryption.
  • the store-and-forward server can simultaneously transmit the CEK-encrypted information and the CEK encrypted by the user B's public key to the user equipment 2, or can transmit the two separately.
  • the CEK can only be decrypted after the user equipment 2 receives the CEK encrypted by the user B's public key. Only after the user equipment 2 obtains the decrypted CEK can the received CEK encrypted information be decrypted.
  • the user equipment 2 After the user equipment 2 receives the CEK encrypted by the user B and the public key forwarded via the store-and-forward server, the user equipment 2 parses the public parameter server of the user B from the packet header of the information in step S21.
  • URI and locating the public parameter server of the user B according to the URI of the public parameter server of the user B, the user B and the public parameter server of the user B are mutually authenticated.
  • the specific authentication step refer to step S12 of FIG. 3 above.
  • User A and the public parameter server authentication process may be a general authentication method based on network access authentication and key agreement mechanism, GBA, PKI, ⁇ -based algorithm or HTTP digest, etc., and will not be described herein.
  • step S22 the user equipment 2 acquires the public parameters of the user B from the public parameter servers of the mutually authenticated user B.
  • User B's public parameters include the ellipse algorithm curve identifier, prime number, prime number, common base point, encrypted hash function, and so on.
  • the public parameter server of the user B also includes the policy information of the PKG, that is, in step S23, the user device 2 can obtain the URL of the user B's PKG from the public parameter server by interacting with the public parameter server.
  • step S24 the user equipment 2 locates the private information generator by using the uniform resource identifier of the private information generator.
  • step S25 the user equipment 2 and the private information generator perform mutual authentication.
  • the specific steps may refer to the authentication process of the user A and the public parameter server for step S12 in FIG. 3 above.
  • the authentication mechanism may be a universal authentication method based on network access authentication and key agreement mechanism, GBA, PKI, ⁇ -based algorithm or
  • step S26 the user equipment 2 acquires the private information of the user B from the mutually authenticated private information generator. Because the private information relates to the security of the user B, once the private information is leaked, it will cause immeasurable loss to the user B. Therefore, the private information should be transmitted to the user equipment 2 in a secure manner.
  • the encryption mechanism includes PKI, ⁇ , and the like.
  • private information is generated by the private information generator PKG and provided to the decrypted user. Is it necessary to generate a new private key for the session depending on whether the encrypted user uses a long-term public key or a short-term? Public key. This decision is influenced by system security policies and customer policies that enforce encryption.
  • PKG needs to maintain a database to store each private ID corresponding to the current system parameter configuration.
  • a key can be generated, used, revoked or removed after the end of its life cycle.
  • step S27 the user equipment 2 generates the private key of the user B according to the acquired public parameters of the user B, the private information of the user B, and the identity related information of the user B.
  • the user B's private key is also based on the IBE algorithm.
  • the specific algorithm for generating the user B's private key is related to the ietf organization (see http://www.ietf.org/rfc/rfc5091.txt http://wwwJetf.
  • step S28 the user equipment 2 decrypts the received CEK encrypted by the user B's public key using the private key of the user B to restore the CEK.
  • step S29 the user equipment 2 decrypts the received CEK-encrypted information with the restored CEK to restore the original information.
  • step S21 the user equipment 2 needs to rely on the steps.
  • the encrypted message obtained in S20 parses out the URI of User B's public parameter server.
  • the user equipment 2 can communicate directly with the IBE system to obtain the URI of the public parameter server corresponding to the user B, and further locate the public parameter server based on the URI of the obtained public parameter server. That is,
  • step S20 and step S21 there is no obvious sequence in step S20 and step S21.
  • the user equipment 2 completes the CEK-encrypted information of the user equipment 1 used by the user A forwarded via the store-and-forward server at the reception of step S20 and
  • the CEK encrypted by the public key also acquires the private key of the user B in step S27, and then proceeds to step S28, and uses the private key of the user B to decrypt the private key encrypted by the public key of the user B, Restore unencrypted CEK.
  • steps S21, S22 can all be omitted. That is, corresponding to such a scenario, the user equipment 2 has previously authenticated with the public parameter server, and the authentication has not expired, so step S21 can be omitted; and the user equipment 2 has acquired the user B from the public parameter server. The corresponding public parameter stores the public parameter corresponding to the user B in the user equipment 1, and the life cycle of the public parameter does not expire, and is still valid information. Therefore, step S22 can be omitted. Then, in step S23, the user equipment 2 directly obtains the uniform resource identifier of the private information generator from the public parameter server that has been mutually authenticated.
  • steps S23, S24, S25, S26 may be omitted.
  • the private information generator periodically updates the user's identity information with the corresponding private information, but the life cycle of a private message continues for a period of time. time. That is, there is a case where the user B has obtained the private information of the user B from the private information generator the previous time, and the private information has not expired, and is still valid. Therefore, in step S27, the user equipment 2 directly generates the private key of the user B according to the private information of the user B stored locally, the identity related information of the user B, and the public parameter of the user B stored locally.
  • the information to be sent in the user equipment 1 is encrypted
  • the information to be sent is directly encrypted using the public key of the user B
  • the encrypted information forwarded to the store-and-forward server is used.
  • the ciphertext encrypted by the public key of the user B correspondingly, step S28 and step S29 may be replaced with step S28, and the user equipment 2 encrypts the received information encrypted by the public key of the user B by using the private key of the user B. Decryption is performed to restore the original unencrypted information, that is, the information to be sent by the user A.
  • EIE080032PCT 5 is a user equipment 1 encrypting a CEK with a public key, encrypting the information to be transmitted with the CEK, and transmitting the public key encrypted CEK and the CEK encrypted information to the store and forward server according to an embodiment of the present invention.
  • the first encryption device 10 shown in FIG. 5 is located in each terminal device of the user equipment 1 shown in FIG. 1 , and includes a server identifier acquisition device 100, a server location device 101, and a first public parameter acquisition device 102.
  • the server identification obtaining means 100 acquires the uniform resource identifier of the public parameter server of the user B. Since the identity related information of User B is well known, the identity related information includes location identification information. For example, when the user B is a mobile phone user and the identity related information is a phone number, the identity related information of the user B includes location identification information (+86), and the IBE system can query according to the location identification information indicated by the identity related information.
  • the server locating device 101 locates the common resource identifier of the public parameter server acquired in the device 100 by the server, and locates the public parameter server.
  • the first server authentication device 1020 performs mutual authentication with the public parameter server of the located user B.
  • the authentication of the first server authentication device 1020 and the public parameter server may adopt a universal authentication method based on the network access authentication and the key agreement mechanism, that is, GBA (Generic Bootstrapping Authentication) (3GPP TS 33.220), the first server authentication.
  • GBA Generic Bootstrapping Authentication
  • the key agreement process between the device 1020 and the public parameter server may be as follows: After receiving the public parameter request message from the first server authentication device 102, the public parameter server checks whether it has a user ⁇ (using the user device 1) User) corresponding to the valid pre-shared key, if there is no pre-shared key, start the GBA process, the process is: BSF (Bootstrapping Server Function) (assuming BSF and public parameter server are set to one physical device) to see if they are User A (using user equipment
  • the user of 1) corresponds to a valid five-factor authentication vector (including: RAND, CK, IK, AUTN, RES) or a triplet authentication vector (including: RAND, Kc, RES).
  • CK Cipher Key
  • Kc are mainly used for encryption
  • IK Integrity Key
  • the BSF has a 5-tuple or triplet authentication vector corresponding to User A, a set of authentication vectors is selected therefrom; if not, the BSF will obtain an authentication vector from the HSS (Home Subscriber Server) (please refer to 3GPP TS33 based) .220, 3 GPP TS 33.102, 3GPP TS 33.103 and 3GPP TS 33.105 Diameter and MAP protocol), HSS will be able to generate a quintuple or triplet authentication vector and then return it to the BSF, where
  • the quintuple authentication vector contains communication device authentication information (for example, RAND, RES), management device authentication information (for example, RAND, AUTN), and a security policy known by UE1 (for example, CK).
  • the BSF then generates a pre-shared key in the same manner as the first server authentication device 1020, and the BSF forwards the pre-shared key to the public parameter server.
  • the first server authentication device 1020 and the public parameter server perform authentication based on the pre-shared key using an associated authentication mechanism (such as HTTP Digest PSK-TLS).
  • mutual authentication between user A and the public parameter server may also be based on PKI, IBC or HTTP digest.
  • the second public parameter obtaining means 1021 then acquires the public parameters of the user B from the authenticated public parameter server.
  • Common parameters include elliptical algorithm curve identification, prime numbers, prime numbers, common base points, encrypted hash functions, and more.
  • the public key obtaining means 103 then generates the public key of the user B based on the public parameters of the user B and the identity related information of the user B.
  • the specific algorithm for generating User B's public key is related to the ietf organization (see http: ⁇ www.ietf.org/rfc/rfc5091.txt,
  • the first transmitting device 104 encrypts the information to be transmitted by using the encrypted auxiliary information to generate the encrypted information of the encrypted auxiliary information, and encrypts the encrypted auxiliary information with the acquired public key of the user B to generate a public key encrypted.
  • the first transmitting device 104 can be refined into the following sub-devices (not shown in FIG. 5):
  • a third encryption device based on locally generated encrypted auxiliary information (for example, CEK
  • the information to be sent is encrypted to generate CEK-encrypted information.
  • different lengths of CEK can be selected according to the length of the encryption algorithm.
  • the CEK-encrypted information transmitting apparatus the user equipment 1 transmits the CEK-encrypted information to the store-and-forward server.
  • the fourth encryption device the user equipment 1 encrypts the CEK with the public key of the user B to generate a CEK: encrypted by the user B public key.
  • the information transmitting apparatus encrypted by the public key transmits the CEK encrypted by the user B public key to the store-and-forward server 3.
  • the content transmitted by the CEK-encrypted information transmitting apparatus must be generated by the third encrypting apparatus, and the content transmitted by the public key-encrypted information transmitting apparatus must be transmitted by the fourth encrypting apparatus.
  • the CEK-encrypted information transmitting device and the public key-encrypted information transmitting device may be combined into one second transmitting device, that is, the second transmitting device simultaneously encrypts the CEK-encrypted information and the public-key encrypted CEK. Send to the store-and-forward server 3.
  • the user equipment 1 encrypts the CEK with the user B public key, and encrypts the information to be sent by the CEK, considering that the CEK is based on a symmetric key encryption algorithm (such as the AES algorithm), so the CEK is used to be sent. Encryption of information can save time in encryption.
  • An asymmetric cryptosystem approach (such as a public-private keying algorithm) requires a large amount of computation and is not suitable for encrypting large amounts of information.
  • the CEK itself has less information, so the CEK is encrypted with the public key in the asymmetric cryptosystem.
  • the CEK encryption of the information to be sent as a whole can also improve efficiency, but because of the introduction of a new parameter CEK, the complexity of the system may be brought about.
  • we can also directly encrypt the information to be sent by the public key in the asymmetric cryptosystem that is, in a variant embodiment, the user equipment 1 directly uses the asymmetric cipher.
  • the public key in the system encrypts the information to be sent.
  • the first transmitting device 104 can be subdivided into the following sub-devices (shown in FIG. 5):
  • the second encrypting means encrypts the information to be transmitted by using the acquired public key of the user to generate the information encrypted by the user's public key.
  • the second transmitting device transmits the information encrypted by the user's public key to the storage forwarding server.
  • the user A accesses the public parameter server of the user B in the local area network through the VPN (Virtual Private Network), because the user A and the local area network are connected securely, at this time, the user A does not need to perform the interaction with the user B.
  • the first server authentication device 102 can be omitted, and the first common parameter acquisition device (not shown) directly obtains the public parameters of the user B from the public parameter server.
  • the server identification obtaining device 100, the server positioning device 101, and the first server authentication device 1020 may all be omitted, that is, corresponding to such a scenario, the user device 1 previously established secure communication with the user B. Therefore, the information of the public parameter server corresponding to the user B is stored in the user equipment 1. Therefore, the first public parameter obtaining means 102 directly acquires the public parameters of the user B according to the information of the public parameter server corresponding to the user B stored therein.
  • the server identification obtaining means 100, the server positioning means 101, the first server means 1020 and the second common parameter server 1021 may each be omitted. That is, corresponding to such a scenario, the user equipment 1 has previously established a secure communication with the user B, so the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter has not expired, and is still valid information. Therefore, public
  • the key obtaining means 103 directly acquires the public key of the user B according to the public parameter of the user B and the identity related information of the user B.
  • the first encryption device 10 further includes an encryption auxiliary information acquisition device, which may be locally generated CEK information, or may be externally acquired, but is secure for externally obtaining such a situation.
  • the performance is not high, therefore, preferably, the auxiliary information is randomly generated from the local.
  • the third encryption device encrypts the information to be sent according to the acquired CEK.
  • FIG. 6 in conjunction with FIG. 2 and FIG. 4, a block diagram of a device for decrypting information encrypted by the identity-based encryption technology from the user equipment 1 forwarded by the storage and forwarding server in the user equipment 2 of the present invention is specifically described. description.
  • the decryption device 20 shown in FIG. 6 is located in each terminal device exemplified by the user equipment 2 shown in FIG. 1, and includes a receiving device 200, a second server authentication device 201, a third public parameter obtaining device 202, and a generator identifier.
  • the acquisition device 2051; the decryption processing device 207 further includes an auxiliary information decryption device 2070 and an original information decryption device 2071.
  • the store-and-forward server Before the store-and-forward server forwards the user device 1 to the user device 2, the store-and-forward server first detects whether the user device 2 is online. If the store-and-forward server detects that the user device 2 is online, it will store the data from the store-and-forward server. The information encrypted by the user equipment 1 of the user equipment 1 is forwarded to the user equipment 2. We understand that existing offline messages are also forwarded via the server.
  • the information that the information sent by the user equipment 1 to the store-and-forward server is encrypted by the encrypted auxiliary information, and the encrypted auxiliary information encrypted by the public key is described as follows:
  • the receiving device 200 receives the encrypted auxiliary information from the user equipment 1 used by the user A, which is forwarded via the store-and-forward server, and the following is the encrypted auxiliary information.
  • the store-and-forward server can simultaneously transmit The CEK-encrypted information and the CEK encrypted by the user B's public key to the user equipment 2, and the two can also be transmitted separately.
  • the CEK can only be decrypted after the user equipment 2 receives the CEK encrypted by the user B's public key.
  • the received CEK-encrypted information can only be decrypted after the user equipment 2 has obtained the decrypted CEK.
  • the second server authentication device 201 receives the information packet header of the CEK encrypted by the public key of the user B.
  • the URI of the public parameter server of the user B is parsed, and the public parameter server of the user B is located according to the URI of the public parameter server of the user B.
  • the user B and the public parameter server of the user B perform mutual authentication, and the specific authentication step may be performed. Refer to the authentication process of the user A and the public parameter server for step S12 of FIG. 3 described above.
  • the mechanism for the authentication may be a universal authentication method based on network access authentication and key agreement mechanism, GBA, PKI, ⁇ -based algorithm or HTTP digest, etc., and will not be further described herein.
  • the third public parameter obtaining means 202 then acquires the public parameters of the user B from the public parameter server of the mutually authenticated user B.
  • User B's public parameters include the ellipse algorithm curve identifier, prime number, prime number, common base point, encrypted hash function, and so on.
  • the public parameter server of the user B also includes the policy information of the PKG, that is, the generator identifier obtaining means 203 can obtain the URL of the user B's PKG from the public parameter server by interacting with the public parameter server.
  • the generator identification locating device 204 user equipment 2 locates the private information generator through the uniform resource identifier of the private information generator.
  • the generator authentication device 2050 performs mutual authentication with the private information generator. Usually, because the privacy information of user B saved by the private information generator is used
  • the secure communication of the subscriber B is essential, and therefore mutual authentication between the generator authentication device 2050 and the private information generator PKG is required.
  • the specific steps may refer to the authentication process of the user A and the public parameter server for step S12 in FIG. 3 above.
  • the mechanism of the authentication may be a general authentication mode GBA, PKI, an IBE based algorithm, or an HTTP digest based on a network access authentication and a key agreement mechanism, and the like, and details are not described herein.
  • the second private information obtaining means 2051 acquires the private information of the user B from the mutually authenticated private information generator. Since the private information relates to the security of the user B, once the private information is leaked, it will cause immeasurable loss to the user B. Therefore, the private information should be transmitted to the user equipment 2 in a secure manner, for example, the encryption mechanism is PKL IBE.
  • private information is generated by the private information generator PKG and provided to the decrypted user. Is it necessary to generate a new private key for the session depending on whether the encrypted user uses a long-term public key or a short-term? Public key. This decision is influenced by system security policies and customer policies that enforce encryption.
  • PKG needs to maintain a database to store each private ID corresponding to the current system parameter configuration.
  • a key can be generated, used, revoked or removed after the end of its life cycle.
  • the private key obtaining means 206 generates the private key of the user B based on the acquired public parameters of the user B, the private information of the user B, and the identity related information of the user B.
  • the user B's private key is also based on the IBE algorithm.
  • the specific algorithm for generating the user B's private key is related to the ietf organization (see http://www.ietf.org/rfc/rfc5Q91.txt, http://wwwjetf).
  • the auxiliary information decrypting means 2070 decrypts the received CEK encrypted by the user B's public key using the private key of the user B to restore the CEK.
  • the original information decryption means 2071 decrypts the received CEK-encrypted information with the restored CEK to restore the original information.
  • the second server authentication apparatus 201 needs to resolve the URI of the public parameter server of the user B depending on the encrypted message acquired in the receiving apparatus 200.
  • the decryption device 20 can communicate directly with the IBE system to obtain the URI of the public parameter server corresponding to the user B, and further locate the public parameter server based on the URI of the acquired public parameter server. That is, there is no obvious sequence between the steps performed by the receiving device 200 and the second server authentication device 201 at this time, but only the receiving from the receiving device 200 is completed and the user A is forwarded via the store-and-forward server.
  • the public key encrypted CEK decrypts the private key to restore the unencrypted CEK.
  • both the second server authentication device 201 and the third public parameter acquisition device 202 may be omitted. That is, corresponding to such a scenario, the decryption device 20 has previously authenticated with the public parameter server, and the authentication has not expired, so the second server authentication device 201 can be omitted; and the decryption device 20 has been from the public parameter server.
  • the public parameter corresponding to the user B is obtained, and the public parameter corresponding to the user B is stored in the user equipment 1, and the life cycle of the public parameter is not expired, and is still valid information. Therefore, the third public parameter obtaining device 202 can omit .
  • the generator identification obtaining means 203 directly obtains the uniform resource identifier of the private information generator from the public parameter server that has been mutually authenticated.
  • generator identifier acquisition means 203, generator location means 204, generator authentication means 2050 and second private information acquisition means 2051 may be omitted.
  • the private information generator periodically updates the private information associated with the user's identity information, the life cycle of a private message lasts for a while. That is, there is a case where the user B has obtained the private information of the user B from the private information generator the previous time, and the private information has not expired, and is still valid. Therefore, the private key obtaining means 206 directly generates the private key of the user B according to the private information of the user B stored locally, the identity related information of the user B, and the public parameters of the locally stored user B.
  • EIE080032PCT In a modified embodiment, if the information to be sent in the user equipment 1 is encrypted, the information to be sent directly by the public key of the user B is encrypted, and the encrypted information forwarded to the storage and forwarding server is used.
  • User B's public key encrypted ciphertext correspondingly, auxiliary information decryption device 2070 and original information decryption device 2071 may be replaced with decryption processing device 207, and decryption processing device 207 uses user B's private key for the received user
  • the information encrypted by B's public key is decrypted to restore the original unencrypted information, that is, the information to be sent by user A.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Analysis (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Selon l’invention un premier équipement d’utilisateur d’un premier utilisateur effectue un chiffrement basé sur des informations en attente d’envoi et génère des informations après que ce chiffrement a été effectué, puis envoie lesdites informations chiffrées au serveur de stockage et de transfert; un deuxième équipement d’utilisateur d’un deuxième utilisateur reçoit les informations chiffrées en provenance du premier équipement d’utilisateur utilisé par le premier utilisateur via ledit serveur de stockage et de transfert, et effectue un déchiffrement basé sur les informations chiffrées reçues, afin de restaurer le protocole technique des informations originales avant chiffrement. Ce protocole permet de résoudre les problèmes liés à l’état actuel de la technique concernant l’incapacité de prendre en charge les communications sécurisées de bout en bout d’un mode de stockage et de transfert dans la mise en place de communications sécurisées au sein de réseaux de communications.
PCT/CN2008/001117 2008-06-10 2008-06-10 Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert Ceased WO2009149579A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2008/001117 WO2009149579A1 (fr) 2008-06-10 2008-06-10 Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert
CN200880129172.1A CN102027704A (zh) 2008-06-10 2008-06-10 存储转发方式下基于ibe算法的安全通信的方法和装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2008/001117 WO2009149579A1 (fr) 2008-06-10 2008-06-10 Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert

Publications (1)

Publication Number Publication Date
WO2009149579A1 true WO2009149579A1 (fr) 2009-12-17

Family

ID=41416329

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/001117 Ceased WO2009149579A1 (fr) 2008-06-10 2008-06-10 Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert

Country Status (2)

Country Link
CN (1) CN102027704A (fr)
WO (1) WO2009149579A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113141333A (zh) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 入网设备的通信方法、设备、服务器、系统及存储介质
CN117118598A (zh) * 2023-03-14 2023-11-24 荣耀终端有限公司 一种数据分享的方法、电子设备及计算机集群
WO2025001828A1 (fr) * 2023-06-28 2025-01-02 华为技术有限公司 Procédé de traitement de sécurité, appareil et support de stockage

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070162554A1 (en) * 2006-01-12 2007-07-12 International Business Machines Corporation Generating a public key and a private key in an instant messaging server
CN101044741A (zh) * 2005-07-08 2007-09-26 松下电器产业株式会社 安全的对等消息业务

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101044741A (zh) * 2005-07-08 2007-09-26 松下电器产业株式会社 安全的对等消息业务
US20070162554A1 (en) * 2006-01-12 2007-07-12 International Business Machines Corporation Generating a public key and a private key in an instant messaging server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
X.BOYEN ET AL.: "Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems", RFC 5091, December 2007 (2007-12-01), pages 3 - 8,32-35 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113141333A (zh) * 2020-01-18 2021-07-20 佛山市云米电器科技有限公司 入网设备的通信方法、设备、服务器、系统及存储介质
CN117118598A (zh) * 2023-03-14 2023-11-24 荣耀终端有限公司 一种数据分享的方法、电子设备及计算机集群
WO2025001828A1 (fr) * 2023-06-28 2025-01-02 华为技术有限公司 Procédé de traitement de sécurité, appareil et support de stockage

Also Published As

Publication number Publication date
CN102027704A (zh) 2011-04-20

Similar Documents

Publication Publication Date Title
CN101512537B (zh) 在自组无线网络中安全处理认证密钥资料的方法和系统
EP2039199B1 (fr) Système de références d'équipement utilisateur
CN101371550B (zh) 自动安全地向移动通信终端的用户供给在线服务的服务访问凭证的方法和系统
CN102082796B (zh) 一种基于http的产生会话密钥的方法及系统
WO2010078755A1 (fr) Procédé et système de transmission de courriers électroniques, terminal d’authentification wlan et d’infrastructure de confidentialité (wapi) associé
WO2006032214A1 (fr) Procede de transmission de donnees synchrones syncml
CN101459506A (zh) 密钥协商方法、用于密钥协商的系统、客户端及服务器
CN109075973B (zh) 一种使用基于id的密码术进行网络和服务统一认证的方法
CN111050322A (zh) 基于gba的客户端注册和密钥共享方法、装置及系统
CN102404347A (zh) 一种基于公钥基础设施的移动互联网接入认证方法
WO2008080800A2 (fr) Sécurisation de communication
US8769281B2 (en) Method and apparatus for securing communication between a mobile node and a network
CN116321158B (zh) 基于证书的本地ue认证
CN110808834A (zh) 量子密钥分发方法和量子密钥分发系统
EP1933498B1 (fr) Procede, systeme et dispositif de negociation a propos d'une cle de chiffrement partagee par equipement utilisateur et equipement externe
CN115766172A (zh) 基于dpu和国密的报文转发方法、装置、设备及介质
CN114386020B (zh) 基于量子安全的快速二次身份认证方法及系统
CN101483863B (zh) 即时消息的传送方法、系统及wapi终端
CN114762294B (zh) 认证的增强
Mosko et al. Mobile sessions in content-centric networks
WO2009149579A1 (fr) Dispositif et procédé de communication sécurisée basée sur l’algorithme ibe avec un mode de stockage et transfert
CN115567299B (zh) 一种基于端到端加密的消息传输方法及系统
CN110933673B (zh) 一种ims网络的接入认证方法
CN101207480A (zh) 一种跨域多网守端到端会话密钥协商方法
Lu et al. Research on Quantum SSL Based on National Cryptography

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880129172.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08772943

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08772943

Country of ref document: EP

Kind code of ref document: A1