CN102684883A - Distribution-type online social network key distribution privacy authority method - Google Patents
Distribution-type online social network key distribution privacy authority method Download PDFInfo
- Publication number
- CN102684883A CN102684883A CN2012101609677A CN201210160967A CN102684883A CN 102684883 A CN102684883 A CN 102684883A CN 2012101609677 A CN2012101609677 A CN 2012101609677A CN 201210160967 A CN201210160967 A CN 201210160967A CN 102684883 A CN102684883 A CN 102684883A
- Authority
- CN
- China
- Prior art keywords
- key
- privacy
- assistant
- user
- protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a distribution-type online social network key distribution privacy authority method which relates to three basic roles of Peer, a key generator centre (KGC) and a privacy authority (PA), wherein the Peer refers to common users in an online social network, and the common users are liable to suffer from various types of attacks, especially privacy prying attacks, so that the related privacy of the common users needs an effective protection mechanism; the KGC is used for providing Peer registration and key issuing services which are generally provided by online social network service providers, for example, famous social network websites; and the PA is used for providing privacy protection services related to keys to special users. The distribution-type online social network key distribution privacy authority method disclosed by the invention has the beneficial effects that in order to ensure the safety of key distribution, a system provides a safe key distribution method under an environment without reliable channel guarantee and can effectively defend the replay attacks, man-in-the-middle attacks, interior attacks and the like; and in order to realize system maintenance robustness, the system provides a mechanism of verifying and isolating malicious PA online, and if too much PA is isolated, the key distribution becomes ineffective, and then the system continuously approves new PA to perform equivalent supplement when the malicious PA is isolated.
Description
Technical field
The invention belongs to community network secret protection field, relate to a distributed online community network key distribution method for secret protection.
Background technology
Along with rapid development of network technology, and people are to the making earnest efforts of community network day by day, and the safety of distributed online community network and secret protection problem also become increasingly conspicuous.
Traditional P KI system adopts is the application scenarios that comes can not well adapt to distributed online community network to the pattern that all members carry out authentication and issue digital certificate through an authority's certificate verification center CA.
For fear of the huge expense of the certificate management aspect of PKI, progressively be incorporated in the distributed online community network based on the IBC system of identity, can not only effectively simplify key management, service such as authentication and authentication more flexibly can also be provided.But there is following several weak point in existing IBC scheme: 1. existing most schemes all are to adopt off-line pre-authentication pattern, perhaps suppose the existence of a safe lane; 2. key produces the center and can pretend even frame certain user through the mode of obtaining private key.This has just caused a series of actual demands: under the distributed online community network environment of reality; Need a kind ofly at non-safe lane or be called the scheme of secure distribution user key under the open channel, and need user's personal secrets rank further be promoted.
Summary of the invention
The objective of the invention is to propose a kind of key distribution secret protection scheme based on open network to distributed online community network.
A distributed online community network key distribution method for secret protection relates to Peer, key generation center KGC (Key Generator Center) and three kinds of basic roles of privacy of user protection assistant PA (Privacy Authority); Wherein, Described Peer is the domestic consumer in the online community network; They receive various attack easily, and particularly privacy is spied upon attack, to their effective protection mechanism of relevant privacy needs; Described key produces center KGC and is responsible for providing Peer registration and key to issue service, is generally provided by online social network service provider, like some well-known community network websites; Described privacy of user protection assistant PA is responsible for the specific user provides key relevant secret protection service.
Further, for the legitimacy of online verification privacy of user protection assistant PA, can set a test subscriber and gather T and accomplish online verification family secret protection assistant PA.
Suppose that simultaneously privacy of user protection assistant PA is that friend by Peer serves as, privacy of user protection assistant PA need be as reliability key produces center KGC and fail safe.
Distributed online community network key distribution method for secret protection is specially:
Step 1: key produces center KGC selecting system private key and system safety parameter; All n privacy of user protection assistant PA unite execution distributed generation of a thresholding key s and shared procedure, make any k privacy of user protection assistant PA utilize the key fragment that has separately just can recover s;
Step 2: Peer produces center KGC to key and registers, and registration produces center KGC through the back key and produces a unique sign ID for each Peer
AWith evidence Proof
A
Step 3: when needing to generate key, Peer A sends the key application at every turn, sign ID
A, evidence Proof
AGive KGC with a random number N;
Step 4: key produces center KGC A is carried out authentication registration, and checking produces a part key through the back, adds that the N that back is received sends to A together;
Step 5: A selects the secret protection assistant PA of certain customers to provide key to assist distribution services at random, and sends to the privacy of user protection assistant PA of its appointment: key is assisted application, sign ID
A, evidence Proof
AWith a random number N;
Step 6: privacy of user protection assistant PA carries out authentication to A, through after also produce a part key, add that the N that back is received sends to A together;
Step 7: A accumulative total makes up this k key and utilizes it to produce the private key of oneself after receiving k the part key from privacy of user protection assistant PA.
Further, privacy of user protection assistant PA authentication protocol mode is:
Step 1: key produces center KGC and id information is provided for the member in the selected Peer T set, supplies the usefulness of certain particular user secret protection assistant PA of its challenge;
Step 2: the member among the T submits part key application challenge to privacy of user protection assistant PA respectively, whether has the legitimate secret fragment that produces center KGC from key in the hope of test subscriber's secret protection assistant PA;
Step 3: the member returning part key of privacy of user protection assistant PA in T;
Step 4: the member among the T will submit to key to produce its legitimacy of center KGC checking by the part key information that privacy of user protects assistant PA to obtain; If legal number surpasses (N-1)/3+1; Can assert that then privacy of user protection assistant PA authentication passes through; And set member's number that N is the T set, and pass through if this PA is unverified, think that then this PA is malicious user secret protection assistant PA and takes quarantine measures.
Beneficial effect of the present invention is: realize the distribution of safe key, system should provide safe cryptographic key distribution method under the environment that no trusted channel guarantees, and can effectively resist Replay Attack, man-in-the-middle attack and internal attack etc.; Realize the system maintenance robustness; The mechanism that system provides a kind of online discriminating malicious user secret protection assistant PA and isolates; If segregate privacy of user protection assistant PA is too much, can cause the inefficacy of key distribution, therefore; In user-isolated secret protection assistant PA, also need the new privacy of user protection assistant PA of constantly approval to carry out equivalent and replenish.
Description of drawings
Fig. 1 is a distributed online community network key distribution method for secret protection sketch map according to the invention;
Fig. 2 is a PA authentication protocol sketch map of the present invention
Embodiment
As shown in Figure 1, distributed online community network key distribution method for secret protection is specially:
Step 1: key produces center KGC selecting system private key and system safety parameter; All n privacy of user protection assistant PA unite execution distributed generation of a thresholding key s and shared procedure, make any k privacy of user protection assistant PA utilize the key fragment that has separately just can recover s;
Step 2: Peer produces center KGC to key and registers, and registration produces center KGC through the back key and produces a unique sign ID for each Peer
AWith evidence Proof
A
Step 3: when needing to generate key, Peer A sends the key application at every turn, sign ID
A, evidence Proof
AGive KGC with a random number N;
Step 4: key produces center KGC A is carried out authentication registration, and checking produces a part key through the back, adds that the N that back is received sends to A together;
Step 5: A selects the secret protection assistant PA of certain customers to provide key to assist distribution services at random, and sends to the privacy of user protection assistant PA of its appointment: key is assisted application, sign ID
A, evidence Proof
AWith a random number N;
Step 6: privacy of user protection assistant PA carries out authentication to A, through after also produce a part key, add that the N that back is received sends to A together;
Step 7: A accumulative total makes up this k key and utilizes it to produce the private key of oneself after receiving k the part key from privacy of user protection assistant PA.
As shown in Figure 2, PA authentication protocol mode is:
Step 1: key produces center KGC and id information is provided for the member in the selected Peer T set, supplies the usefulness of certain particular user secret protection assistant PA of its challenge;
Step 2: the member among the T submits part key application challenge to privacy of user protection assistant PA respectively, whether has the legitimate secret fragment that produces center KGC from key in the hope of test subscriber's secret protection assistant PA;
Step 3: the member returning part key of privacy of user protection assistant PA in T;
Step 4: the member among the T will submit to key to produce its legitimacy of center KGC checking by the part key information that privacy of user protects assistant PA to obtain; If legal number surpasses (N-1)/3+1; Can assert that then privacy of user protection assistant PA authentication passes through; And set member's number that N is the T set, and pass through if this PA is unverified, think that then this PA is malicious user secret protection assistant PA and takes quarantine measures.
Claims (4)
1. a distributed online community network key distribution method for secret protection relates to Peer, key generation center KGC and three kinds of basic roles of privacy of user protection assistant PA; Wherein, Described Peer is the domestic consumer in the online community network; They receive various attack easily, and particularly privacy is spied upon attack, to their effective protection mechanism of relevant privacy needs; Described key produces center KGC and is responsible for providing Peer registration and key to issue service, is generally provided by online social network service provider, like some well-known community network websites; Described privacy of user protection assistant PA is responsible for the specific user provides key relevant secret protection service.
2. a kind of distributed online community network key distribution method for secret protection as claimed in claim 1; It is characterized in that; For the legitimacy of online verification privacy of user protection assistant PA, can set a test subscriber and gather T and accomplish online verification family secret protection assistant PA.
3. a kind of distributed online community network key distribution method for secret protection as claimed in claim 1 is characterized in that distributed online community network key distribution method for secret protection is specially:
Step 1: key produces center KGC selecting system private key and system safety parameter; All n privacy of user protection assistant PA unite execution distributed generation of a thresholding key s and shared procedure, make any k privacy of user protection assistant PA utilize the key fragment that has separately just can recover s;
Step 2: Peer produces center KGC to key and registers, and registration produces center KGC through the back key and produces a unique sign ID for each Peer
AWith evidence Proof
A
Step 3: when needing to generate key, Peer A sends the key application at every turn, sign ID
A, evidence Proof
AGive KGC with a random number N;
Step 4: key produces center KGC A is carried out authentication registration, and checking produces a part key through the back, adds that the N that back is received sends to A together;
Step 5: A selects the secret protection assistant PA of certain customers to provide key to assist distribution services at random, and sends to the privacy of user protection assistant PA of its appointment: key is assisted application, sign ID
A, evidence Proof
AWith a random number N;
Step 6: privacy of user protection assistant PA carries out authentication to A, through after also produce a part key, add that the N that back is received sends to A together;
Step 7: A accumulative total makes up this k key and utilizes it to produce the private key of oneself after receiving k the part key from privacy of user protection assistant PA.
4. a kind of distributed online community network key distribution method for secret protection as claimed in claim 3 is characterized in that, privacy of user protection assistant PA authentication protocol mode is:
Step 1: key produces center KGC and id information is provided for the member in the selected Peer T set, supplies the usefulness of certain particular user secret protection assistant PA of its challenge;
Step 2: the member among the T submits part key application challenge to privacy of user protection assistant PA respectively, whether has the legitimate secret fragment that produces center KGC from key in the hope of test subscriber's secret protection assistant PA;
Step 3: the member returning part key of privacy of user protection assistant PA in T;
Step 4: the member among the T will submit to key to produce its legitimacy of center KGC checking by the part key information that privacy of user protects assistant PA to obtain; If legal number surpasses (N-1)/3+1; Can assert that then privacy of user protection assistant PA authentication passes through; And set member's number that N is the T set, and pass through if this PA is unverified, think that then this PA is malicious user secret protection assistant PA and takes quarantine measures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101609677A CN102684883A (en) | 2012-05-23 | 2012-05-23 | Distribution-type online social network key distribution privacy authority method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012101609677A CN102684883A (en) | 2012-05-23 | 2012-05-23 | Distribution-type online social network key distribution privacy authority method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102684883A true CN102684883A (en) | 2012-09-19 |
Family
ID=46816286
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012101609677A Pending CN102684883A (en) | 2012-05-23 | 2012-05-23 | Distribution-type online social network key distribution privacy authority method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102684883A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027556A (en) * | 2016-06-30 | 2016-10-12 | 宇龙计算机通信科技(深圳)有限公司 | Multi-party communication method and device |
-
2012
- 2012-05-23 CN CN2012101609677A patent/CN102684883A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027556A (en) * | 2016-06-30 | 2016-10-12 | 宇龙计算机通信科技(深圳)有限公司 | Multi-party communication method and device |
| CN106027556B (en) * | 2016-06-30 | 2020-04-07 | 宇龙计算机通信科技(深圳)有限公司 | Multi-party communication method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Irshad et al. | A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework | |
| CN102664885B (en) | Identity authentication method based on biological feature encryption and homomorphic algorithm | |
| US8533482B2 (en) | Method for generating a key pair and transmitting a public key or request file of a certificate in security | |
| Wang et al. | A smart card based efficient and secured multi-server authentication scheme | |
| Shao et al. | On security against the server in designated tester public key encryption with keyword search | |
| Lin et al. | A new strong-password authentication scheme using one-way hash functions | |
| CN104125199B (en) | A kind of anonymous authentication method and system based on attribute | |
| CN102355663B (en) | Credible inter-domain rapid authentication method on basis of separation mechanism network | |
| CN110071812A (en) | A kind of editable can link, the ring signatures method of non-repudiation | |
| CN105187405A (en) | Reputation-based cloud computing identity management method | |
| US10091189B2 (en) | Secured data channel authentication implying a shared secret | |
| Siddiqui et al. | An improved lightweight PUF–PKI digital certificate authentication scheme for the Internet of Things | |
| EP2827529B1 (en) | Method, device, and system for identity authentication | |
| WO2015158228A1 (en) | Server, user equipment, and method for user equipment to interact with server | |
| Yao et al. | An Improved and Privacy‐Preserving Mutual Authentication Scheme with Forward Secrecy in VANETs | |
| CN103312672A (en) | Identity authentication method and system | |
| Thakur et al. | Cryptographically secure privacy-preserving authenticated key agreement protocol for an IoT network: A step towards critical infrastructure protection | |
| CN110945833B (en) | Method and system for multi-mode identification network privacy protection and identity management | |
| Hussain et al. | An improved authentication scheme for digital rights management system | |
| US9716707B2 (en) | Mutual authentication with anonymity | |
| CN102291396A (en) | Anonymous authentication algorithm for remote authentication between credible platforms | |
| Nasiri et al. | Using Combined One-Time Password for Prevention of Phishing Attacks. | |
| CN102684883A (en) | Distribution-type online social network key distribution privacy authority method | |
| Alzahrani et al. | SKIA‐SH: A Symmetric Key‐Based Improved Lightweight Authentication Scheme for Smart Homes | |
| Chen et al. | Threshold identity authentication signature: Impersonation prevention in social network services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Yang Tao Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Yang Tao Document name: Notification of Publication of the Application for Invention |
|
| DD01 | Delivery of document by public notice |
Addressee: Yang Tao Document name: Notification of Passing Examination on Formalities |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120919 |