CN104283667B - A kind of data transmission method, apparatus and system - Google Patents

A kind of data transmission method, apparatus and system Download PDF

Info

Publication number
CN104283667B
CN104283667B CN201310269180.9A CN201310269180A CN104283667B CN 104283667 B CN104283667 B CN 104283667B CN 201310269180 A CN201310269180 A CN 201310269180A CN 104283667 B CN104283667 B CN 104283667B
Authority
CN
China
Prior art keywords
key
ciphertext
node
private key
kdc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310269180.9A
Other languages
Chinese (zh)
Other versions
CN104283667A (en
Inventor
陈强
李晋
宋刚
戴毓丰
李伟东
于江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Heilongjiang Co Ltd
Original Assignee
China Mobile Group Heilongjiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Heilongjiang Co Ltd filed Critical China Mobile Group Heilongjiang Co Ltd
Priority to CN201310269180.9A priority Critical patent/CN104283667B/en
Publication of CN104283667A publication Critical patent/CN104283667A/en
Application granted granted Critical
Publication of CN104283667B publication Critical patent/CN104283667B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of data transmission method, apparatus and system, wherein, the data transmission method for node includes:The request to be communicated using first key encryption node with private key generator, the first ciphertext is generated, first key is the symmetric key that KDC is in advance the node distribution;The first ciphertext is sent to KDC;The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtains this session key and the 3rd ciphertext;The 3rd ciphertext is forwarded to private key generator;Receive and use the 4th ciphertext that this session key decrypted private key maker is sent, using this session key, obtain open parameter and private key.Interior joint of the present invention uses the session key of one-time pad that different symmetric keys distributes for node to be communicated with private key generator using KDC, node bogus attack is effectively prevent, while ensure that the open parameter of private key server distribution and the security of node private key.

Description

A kind of data transmission method, apparatus and system
Technical field
The present invention relates to Internet of Things security fields, more particularly to a kind of data transmission method, apparatus and system.
Background technology
Internet of Things(The Internet of things)Be article by the information sensing devices such as radio frequency identification with mutually Networking connects, and realizes Weigh sensor and management.The core of Internet of Things and basis are still internet, are in the Internet-based The network of extension and extension on plinth, its user terminal extend and extend between any article and article, enter row information exchange And communication.Internet of Things mainly by substantial amounts of wireless sensor node, wireless sensor network and the Internet group into.Either sense All there is certain resource constraint in device node or sensor network, these limitations will directly influence the safety of Internet of Things in itself Mechanism.
In all security solutions, authenticated encryption technology is the basis of all safe practices, passes through authenticated encryption The demands for security such as sensor network certification, confidentiality, non-repudiation, integrality can be met.In wireless sensor network Certification and encryption are most important modules in security mechanism, and currently, key management in Wireless Sensor Network and agreement can be with It is divided into symmetric key Managed Solution and unsymmetrical key Managed Solution.
Unsymmetrical key Managed Solution, because sensor node has, computing capability is poor, memory capacity is low, finite energy etc. Particularity, simple unsymmetrical key mode are not suitable for disposing on sensor node.
For example there are E-G schemes and q-composite in symmetric key Managed Solution.
E-G schemes are made up of 3 stages.1st stage was the cipher key pre-distribution stage.Before deployment, deployment services device is raw first The big pool of keys and key identification for being P into a total number of keys, each node randomly select k (k in pool of keys<<P) individual difference Key, this random predistribution mode enables any two node, and with certain probability, there is shared key.2nd stage After shared key discovery phase random placements, if two adjacent nodes have shared key, one of those is just randomly selected Pair-wise key as both sides:Otherwise, entered for the 3rd stage.3rd stage was cipher key path establishment stage, node by with its The neighbor node that he has shared key establishes the cipher key path of both sides after some jumps.
In q-composite schemes, node is from total number of keys | S | pool of keys in randomly select in advance m it is different close Key, disposing latter two adjacent node at least needs shared q key directly to establish pair-wise key.If shared cipher key number is t(t>=q), then can be used one-way hash function establish pair-wise key K=hash (k1 | | k2 | | ..kz) (Ciphering Key Sequence Number is in advance about It is fixed).
Identity based encryption (identity- is also proposed in the cipher key pre-distribution scheme based on symmetric key system Based encryption, IBE) concept.IBE can use the identity information of message recipient as public key, to message It is encrypted.Compared with traditional public key encryption, IBE so can greatly simplify the reality of secure communication without certificate management It is existing.
Compared with unsymmetrical key management method, the great advantage of symmetric key is that amount of calculation is small.But it is obvious scarce Point is that must have a cipher key pre-distribution process, i.e., in advance stores symmetric key in node, to increasing and replacing node just Seem underaction.The ability for being resistant to man-in-the-middle attack the shortcomings that symmetric-key systems is used to have very much in the WSN of Internet of Things Limit, does not support the authentication to neighbor node, can not more resist and pretend to be attack, more close with increasing for capture node Key information will be exposed.
The content of the invention
In order to solve drawbacks described above present in prior art, the present invention proposes a kind of data transmission method, device and is System, the particularity of wireless sensor node is can adapt to, and algorithm is realized simply, so as to improve Internet of Things gathered data The security and efficiency of transmission of transmission.
One aspect of the present invention, there is provided a kind of data transmission method for node, comprise the following steps:
The request to be communicated using first key encryption node with private key generator, generate the first ciphertext;Wherein, it is described First key is the symmetric key that KDC is in advance the node distribution;
First ciphertext is sent to KDC;
The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtain the node and given birth to private key This session key grown up to be a useful person and the 3rd ciphertext;Wherein, the 3rd ciphertext is:It is in advance private key that KDC, which uses, What the symmetric key of maker distribution generated this session key;
The 3rd ciphertext is forwarded to private key generator;
Receive and use this session key decrypted private key maker send, use this session key the 4th Ciphertext, obtain open parameter and private key.
In the data transmission method for node that the embodiment of the present invention proposes, node is using KDC using not Same symmetric key is communicated for the session key of the one-time pad of node distribution with private key generator, effectively prevent node Bogus attack, while ensure that the open parameter of private key server distribution and the security of node private key.
The embodiment of the present invention also proposes a kind of data transmission method for KDC, comprises the following steps:
In advance different symmetric keys is distributed for each node and private key generator;
The first ciphertext that receiving node is sent, and decrypt institute using the first key that the node is distributed in symmetric key State the first ciphertext;
When first ciphertext is that the node request is communicated with private key generator, generation random parameter is as institute State this session key of node and private key generator;
It is using the second key that private key generator is distributed in symmetric key that the generation the 3rd of this session key is close Text;
This session key is encrypted using first key and the 3rd ciphertext generates the second ciphertext;
Second ciphertext is sent to the node.
In the data transmission method for KDC that the embodiment of the present invention proposes, KDC's device uses Different symmetric keys is the session key that node and private key generator distribute one-time pad, effectively prevent that node is counterfeit to attack Hit, while ensure that the open parameter of private key generator PKG distributions and the security of node private key.
The embodiment of the present invention also proposes a kind of data transmission method for private key generator, comprises the following steps:
Receive and use the second secret key decryption node forward KDC generation the 3rd ciphertext, obtain with it is described This session key of node;Wherein, second key is that KDC is the symmetrical of private key generator distribution in advance Key;
It is using this session key that generation the 4th after the open parameter previously generated and the private key encryption of the node is close Text;
4th ciphertext is sent to the node.
In the data transmission method for private key generator that the embodiment of the present invention proposes, private key generator passes through key point The session key for the one-time pad that central apparatus uses pre-assigned different symmetric key to distribute for node is sent out, is carried out with node Communication, effectively prevent node bogus attack, while ensure that the open parameter of private key server distribution and the safety of node private key Property.
As the preferred of above-mentioned technical proposal, the generation side of the private key of the open parameter previously generated and the node Method includes:
Choose field element a, b ∈ Fp, meet elliptic curve equation E:y2≡x3+ ax+b (mod p), wherein, Δ=4a3+ 27b2≠0(mod p);
E (F are calculated according to p and a, b value and elliptic curve equation Ep) point set;
In E (Fp) put to concentrate and choose basic point G, utilize the regular rank for solving G points of elliptic curve addition rule and again point;
Master keys of the random number s as system is generated, the private key of open parameter and node is calculated according to the rank of G points and s.
The embodiment of the present invention proposes a kind of node, including:
The first ciphertext module is generated, for the request to be communicated using first key encryption node with private key generator, Generate the first ciphertext;Wherein, the first key is the symmetric key that KDC is in advance the node distribution;
First sending module, for sending first ciphertext to KDC;
First receiving module, for the second ciphertext for receiving and being returned using first key decruption key Distribution Center, obtain Obtain this session key and the 3rd ciphertext of the node and private key generator;Wherein, the 3rd ciphertext is:Key is distributed Center is generated this session key using the symmetric key distributed in advance for private key generator;
Second sending module, for forwarding the 3rd ciphertext to private key generator;
Second receiving module, for receive and using this session key decrypted private key maker send, use this 4th ciphertext of session key, obtain open parameter and private key.
The embodiment of the present invention proposes a kind of KDC, including:
Distribute module, for being that each node and private key generator distribute different symmetric keys in advance;
3rd receiving module, the first ciphertext sent for receiving node, and using distributing to the section in symmetric key The first key of point decrypts first ciphertext;
Session key module is generated, for being that the node request is communicated with private key generator when first ciphertext When, generation random parameter is as the node and this session key of private key generator;
The 3rd ciphertext module is generated, for using distributing to the second key of private key generator in symmetric key by this meeting Talk about key encryption the 3rd ciphertext of generation;
The second ciphertext module is generated, for encrypting this session key and the 3rd ciphertext generation second using first key Ciphertext;
3rd sending module, for second ciphertext to be sent to the node.
The embodiment of the present invention proposes a kind of private key generator, including:
4th receiving module, the KDC for receiving and being forwarded using the second secret key decryption node generate the Three ciphertexts, obtain this session key with the node;Wherein, second key is that KDC is private key in advance The symmetric key of maker distribution;
Generate the 4th ciphertext module, for using this session key by the open parameter previously generated and the node The 4th ciphertext is generated after private key encryption;
4th sending module, for the 4th ciphertext to be sent to the node.
As the preferred of above-mentioned technical proposal, described device also includes:
Generation module, for choosing field element a, b ∈ Fp, meet elliptic curve equation E:y2≡x3+ ax+b (mod p), its In, Δ=4a3+27b2≠0(mod p);E (F are calculated according to p and a, b value and elliptic curve equation Ep) point set;In E (Fp) point set Middle selection basic point G, utilize the regular rank for solving G points of elliptic curve addition rule and again point;Generate masters of the random number s as system Key, the private key of open parameter and node is calculated according to the rank of G points and s.
The present invention also proposes a kind of data transmission system, including node, KDC and private key generator, wherein, The node is used for:
The request to be communicated using first key encryption node with private key generator, generate the first ciphertext;Wherein, it is described First key is the symmetric key that KDC is in advance the node distribution;
First ciphertext is sent to KDC;
The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtain the node and given birth to private key This session key grown up to be a useful person and the 3rd ciphertext;Wherein, the 3rd ciphertext is:It is in advance private key that KDC, which uses, What the symmetric key of maker distribution generated this session key;
The 3rd ciphertext is forwarded to private key generator;
Receive and use this session key decrypted private key maker send, use this session key the 4th Ciphertext, obtain open parameter and private key;
The KDC is used for:
In advance different symmetric keys is distributed for each node and private key generator;
The first ciphertext that receiving node is sent, and decrypt institute using the first key that the node is distributed in symmetric key State the first ciphertext;
When first ciphertext is that the node request is communicated with private key generator, generation random parameter is as institute State this session key of node and private key generator;
It is using the second key that private key generator is distributed in symmetric key that the generation the 3rd of this session key is close Text;
This session key is encrypted using first key and the 3rd ciphertext generates the second ciphertext;
Second ciphertext is sent to the node;
The private key generator is used for:
Receive and use the 3rd ciphertext of KDC's generation that node described in the second secret key decryption forwards, obtain with This session key of the node;Wherein, second key is that KDC is what private key generator distributed in advance Symmetric key;
It is using this session key that generation the 4th after the open parameter previously generated and the private key encryption of the node is close Text;
4th ciphertext is sent to the node.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages can be by the explanations write Specifically noted structure is realized and obtained in book, claims and accompanying drawing.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the data transmission method flow chart for node that the embodiment of the present invention proposes;
Fig. 2 is the data transmission method flow chart for KDC that the embodiment of the present invention proposes;
Fig. 3 is the data transmission method flow chart for private key generator that the embodiment of the present invention proposes;
Fig. 4 is the method flow diagram of the private key of the open parameter of private key generator PKG generations and node in the embodiment of the present invention;
Fig. 5 is the structural representation for the node that the embodiment of the present invention proposes;
Fig. 6 is the structural representation for the KDC that the embodiment of the present invention proposes;
Fig. 7 is the structural representation for the private key generator that the embodiment of the present invention proposes.
Embodiment
The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing, it will be appreciated that described herein preferred real Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.
As shown in figure 1, a kind of data transmission method for node that the embodiment of the present invention proposes, comprises the following steps:
Step S101:The request to be communicated using first key encryption node with private key generator, generate the first ciphertext; Wherein, the first key is the symmetric key that KDC is in advance the node distribution;
Step S102:First ciphertext is sent to KDC;
Step S103:The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtains the section This session key and the 3rd ciphertext of point and private key generator;Wherein, the 3rd ciphertext is:KDC uses The symmetric key for private key generator distribution generates this session key in advance;
Step S104:The 3rd ciphertext is forwarded to private key generator;
Step S105:Receive and use this session key decrypted private key maker send, use this session key 4th ciphertext of encryption, obtain open parameter and private key.
In the data transmission method for node that the embodiment of the present invention proposes, node is using KDC using not Same symmetric key is communicated for the session key of the one-time pad of node distribution with private key generator, effectively prevent node Bogus attack, while ensure that the open parameter of private key server distribution and the security of node private key.
As shown in Fig. 2 a kind of data transmission method for KDC that the embodiment of the present invention proposes, including with Lower step:
Step S201:In advance different symmetric keys is distributed for each node and private key generator;
Step S202:The first ciphertext that receiving node is sent, and using distributing to the first of the node in symmetric key First ciphertext described in secret key decryption;
Step S203:When first ciphertext is that the node request is communicated with private key generator, generation is random Parameter is as the node and this session key of private key generator;
Step S204:This session key is given birth to using the second key that private key generator is distributed in symmetric key Into the 3rd ciphertext;
Step S205:This session key is encrypted using first key and the 3rd ciphertext generates the second ciphertext;
Step S206:Second ciphertext is sent to the node.
In the data transmission method for KDC that the embodiment of the present invention proposes, KDC's device uses Different symmetric keys is the session key that node and private key generator distribute one-time pad, effectively prevent that node is counterfeit to attack Hit, while ensure that the open parameter of private key generator PKG distributions and the security of node private key.
As shown in figure 3, a kind of data transmission method for private key generator that the embodiment of the present invention proposes, including it is following Step:
Step S301:The 3rd ciphertext that the KDC for receiving and using the second secret key decryption node to forward generates, Obtain this session key with the node;Wherein, second key is that KDC is private key generator in advance The symmetric key of distribution;
Step S302:Will be raw after the open parameter previously generated and the private key encryption of the node using this session key Into the 4th ciphertext;
Step S303:4th ciphertext is sent to the node.
In the data transmission method for private key generator that the embodiment of the present invention proposes, private key generator passes through key point The session key for the one-time pad that central apparatus uses pre-assigned different symmetric key to distribute for node is sent out, is carried out with node Communication, effectively prevent node bogus attack, while ensure that the open parameter of private key server distribution and the safety of node private key Property.
Wherein, scheme as shown in Figure 4 can be used during the private key of the open parameter of private key generator PKG generations and node:
Choose a prime number finite field Fp, then choose FpA upper elliptic curve E, it is a Big prime n to make its rank, or It is a Big prime n and another small integer product.Then one rank n of selection point G, generation system parameter T=(p, a, b, G,Ppub,q,h,H1,H2).This parametric variable is disclosed systematic parameter.Detailed process is as follows:
Step S401:Choose field element a, b ∈ Fp, meet equation E:y2≡x3+ ax+b (mod p), wherein, Δ=4a3+ 27b2≠0(mod p)。
Step S402:Corresponding E (F are calculated according to the p of selection and a, b value and elliptic curve Ep) point set.Detailed process is such as Under:
If x values are gathering { 0,1,2 ..., p-1 }, bring into elliptic curve equation E, solve y=d (mod p), solve Process be quadratic residue solution procedure.Quadratic residue definition is shaped like y2≡ d (mod p) congruence expression, wherein p>1.If this Congruence expression has solution, then d is referred to as mould p quadratic residue;If this congruence expression, without solution, d is referred to as mould p quadratic non-residue.Utilize Europe Diagnostic method is drawn to determine whether to solve:If p is odd prime and the aliquant d of p,:
D is that the necessary and sufficient condition of mould p quadratic residue is:d(p-1)/2=1(mod p)
The two non-time remaining necessary and sufficient condition that d is mould p are:d(p-1)/2=-1(mod p);
For prime number p=3mod4, quadratic residue d square root is:±d(p+1)/4mod p;
Step S403:After obtaining point collected explanations or commentaries, in curve E (Fp) on choose basic point G=(xg,yg), utilize elliptic curve addition Rule and the again rank of point rule solution G points.Solution procedure is as follows:
Addition rule:P(x1,y1)+Q(x2,y2)=S (x3,y3), wherein:
x32-x1-x2
y3=λ (x1-x3)-y1
Rule is put again:P(x1,y1)+P(x1,y1)=2P (x1,y1)=S (x3,y3), wherein:
x32-2x1
y3=λ (x1-x3)-y1
A is the coefficient of first order in elliptic curve equation.In solution, x3,y3, λ takes mod p.2G, 3G ... are obtained respectively NG=0 (for infinite point), n are the rank of required G points.Meanwhile parameter meets following limitation:H=E (Fp)/q,E(Fp)≠p,pB ≠ 1 (mod q), wherein, 1≤B < 20, h≤4, p, q should also meet p=2mod3 and p=6q-1.
Step S404:Generate a random number*, s is the master key of system, and calculates Ppub=s*G (utilizes times point Rule);For any given character string ID ∈ { 0,1 } *, Hash hash functions H is selected1:{0,1}*→G1 *, this Hash letter The several elements identity ID of user being mapped in G1;H2:G1→{0,1}n, this Hash function decision M (plaintext space) It is { 0,1 }n, it is therefore an objective to character sign is converted into centrifugal pump, is easy to encryption, decipherment algorithm processing;By corresponding to mark management Identify IDidIt is mapped to elliptic curve E (Fp) on point Pid, and private key PID corresponding to generationid=s*Pid.Further, it is also possible to according to The identification information that each node is sent is verified, the private key record of corresponding each node is then generated in PKG.
Step S405:Open systematic parameter T=(p, a, b, G, Ppub,q,h,H1,H2)。
The elliptic curve addition rule proposed in the embodiment of the present invention and the method for putting rule solution G point ranks again, are improved The difficulty cracked to the key of IBE algorithms generation.
Hereinafter, with reference to node, KDC(KDC)And private key generator(PKG)To enter to the embodiment of the present invention Row description:
First, system initialization:
System initialization is mainly used in realizing certifications of the KDC to sensor node and PKG, PKG discloses parameter and node is private The generation of key.
1st, sensor node and PKG are registered on KDC
1)KDC KDC is through certifying authority.
2)During sensor node registration, KDC is the different symmetric key of each sensor node of system distribution, and KDC knows each The key of sensor node.Each sensor node can use this key and KDC secure communications;
Such as KDC and sensor node A symmetric key is KA-KDC;KDC and private key generator PKG symmetric key is KPKG-KDC;ID, PGK of KDC memory nodes ID and corresponding symmetric key KA-KDC、KPKG-KDC
3)Certified node ID information is passed through K by KDCPKG-KDCEncryption is sent to PKG, after PKG decryption in database Memory node id information.
2nd, PKG discloses the generation of parameter and node private key, and the process refers to above, will not be repeated here.
2nd, the distribution of sensor node and PKG session key:
1st, when sensor node A will be communicated with PKG, IBE open parameter and the A by PKG generations private key are transmitted When, A has KA-KDC, ID;KDC has KA-KDCAnd KPKG-KDC;PKG has KPKG-KDC, IBE open parameter and by PKG generate A Private key.
2nd, A uses KA-KDCEncryption wants and the solicited message of PKG communications, passes through KA-KDC(A, PKG)It is sent to KDC.
3rd, after KDC receives request, the K of preservation is utilizedA-KDCIt is decrypted, it is known that A wants and PKG is communicated.KDC is generated Random parameter R1, the session key that R1 is communicated as this A with PKG.
4th, the symmetric key encryption of A and PKG known to KDC utilizations, by KA-KDC(R1, KPKG-KDC(A, R1)) it is sent to A.
5th, after A receives the ciphertext of KDC transmissions, K is utilizedA-KDCDecryption, obtains this session key R1 and KPKG-KDC(A, R1). A is by KPKG-KDC(A, R1) is sent to PKG.
6th, PKG utilizes K after receiving ciphertextPKG-KDCIt is decrypted, obtains R1.
3rd, PKG discloses the encryption and decryption of parameter, the distribution of private key and collection information:
1st, PKG will be sent to sensor section using session key R1 after openly parameter and the private key encryption by the A of PKG generations Point A.
2nd, sensor node A by the use of IBE algorithms and the open parameter obtained, using the ID of aggregation node as public key, it is right Collection information is encrypted, and ciphertext hop-by-hop is transferred to and collects node.
3rd, aggregation node utilizes is decrypted from the PGK private keys obtained, obtains original text.
The data-selected scheme that the embodiment of the present invention proposes is authenticated registering by sensor node and PKG in KDC first, KDC uses different symmetric keys to distribute the session key of one-time pad for node, effectively prevent counterfeit behavior;In view of passing The particularity of sensor node, employs Identity based encryption algorithm IBE, and public key is the identity ID of other side, generation it is close Key only has node oneself to have, and after a node is cracked, involves the safety less than other nodes, does not influence the safety of the whole network, Unrelated with the scale of network, this ensure that the strong robustness of network, and point rule has solved G points by addition rule and again Rank, the security of algorithm is improved, so as to ensure that the privacy of information, security, reliability.
By the embodiment of the present invention propose data transmission method, improve Internet of Things gathered data transmission security and Efficiency of transmission, reliable support is provided for data transmission of internet of things safety guarantee.
Correspondingly, the embodiment of the present invention also proposes a kind of node, as shown in figure 5, including:
The first ciphertext module 501 is generated, is asked for what is communicated using first key encryption node with private key generator Ask, generate the first ciphertext;Wherein, the first key is the symmetric key that KDC is in advance the node distribution;
First sending module 502, for sending first ciphertext to KDC;
First receiving module 503, for receiving and using the second ciphertext of first key decruption key Distribution Center return, Obtain this session key and the 3rd ciphertext of the node and private key generator;Wherein, the 3rd ciphertext is:Key point Hair center is generated this session key using the symmetric key distributed in advance for private key generator;
Second sending module 504, for forwarding the 3rd ciphertext to private key generator;
Second receiving module 505, for receive and using this session key decrypted private key maker send, use this 4th ciphertext of secondary session key, obtain open parameter and private key.
As shown in fig. 6, the embodiment of the present invention also proposes a kind of KDC, including:
Distribute module 601, for being that each node and private key generator distribute different symmetric keys in advance;
3rd receiving module 602, the first ciphertext sent for receiving node, and it is described using being distributed in symmetric key The first key of node decrypts first ciphertext;
Session key module 603 is generated, for being that the node request is carried out with private key generator when first ciphertext During communication, generation random parameter is as the node and this session key of private key generator;
The 3rd ciphertext module 604 is generated, for incite somebody to action this using the second key that private key generator is distributed in symmetric key Secondary session key generates the 3rd ciphertext;
The second ciphertext module 605 is generated, for encrypting this session key and the generation of the 3rd ciphertext using first key Second ciphertext;
3rd sending module 606, for second ciphertext to be sent to the node.
As shown in fig. 7, the embodiment of the present invention also proposes a kind of private key generator, including:
4th receiving module 701, the KDC for receiving and being forwarded using the second secret key decryption node are generated The 3rd ciphertext, obtain and this session key of the node;Wherein, second key is that KDC is in advance The symmetric key of private key generator distribution;
Generate the 4th ciphertext module 702, for using this session key by the open parameter previously generated and the section The 4th ciphertext is generated after the private key encryption of point;
4th sending module 703, for the 4th ciphertext to be sent to the node.
The private key generator also includes:
Generation module, for choosing an elliptic curve in prime number finite field, it is a Big prime n to make its rank, either One Big prime n and another small integer product;The basic point on elliptic curve is selected, the rank n of basic point is calculated, produces the public affairs Open the private key of parameter and node.
The embodiment of the present invention also proposes a kind of data transmission system, including node, KDC and private key generator, Wherein, the node is used for:
The request to be communicated using first key encryption node with private key generator, generate the first ciphertext;Wherein, it is described First key is the symmetric key that KDC is in advance the node distribution;
First ciphertext is sent to KDC;
The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtain the node and given birth to private key This session key grown up to be a useful person and the 3rd ciphertext;Wherein, the 3rd ciphertext is:It is in advance private key that KDC, which uses, What the symmetric key of maker distribution generated this session key;
The 3rd ciphertext is forwarded to private key generator;
Receive and use this session key decrypted private key maker send, use this session key the 4th Ciphertext, obtain open parameter and private key;
The KDC is used for:
In advance different symmetric keys is distributed for each node and private key generator;
The first ciphertext that receiving node is sent, and decrypt institute using the first key that the node is distributed in symmetric key State the first ciphertext;
When first ciphertext is that the node request is communicated with private key generator, generation random parameter is as institute State this session key of node and private key generator;
It is using the second key that private key generator is distributed in symmetric key that the generation the 3rd of this session key is close Text;
This session key is encrypted using first key and the 3rd ciphertext generates the second ciphertext;
Second ciphertext is sent to the node;
The private key generator is used for:
Receive and use the 3rd ciphertext of KDC's generation that node described in the second secret key decryption forwards, obtain with This session key of the node;Wherein, second key is that KDC is what private key generator distributed in advance Symmetric key;
It is using this session key that generation the 4th after the open parameter previously generated and the private key encryption of the node is close Text;
4th ciphertext is sent to the node.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more Usable storage medium(Including but not limited to magnetic disk storage and optical memory etc.)The shape of the computer program product of upper implementation Formula.
The present invention is with reference to method according to embodiments of the present invention, equipment(System)And the flow of computer program product Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
Obviously, those skilled in the art can carry out the essence of various changes and modification without departing from the present invention to the present invention God and scope.So, if these modifications and variations of the present invention belong to the scope of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to comprising including these changes and modification.

Claims (7)

1. a kind of data transmission method for node, it is characterised in that comprise the following steps:
The request to be communicated using first key encryption node with private key generator, generate the first ciphertext;Wherein, described first Key is the symmetric key that KDC is in advance the node distribution;
First ciphertext is sent to KDC;
The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtains the node and private key generator This session key and the 3rd ciphertext;Wherein, the 3rd ciphertext is:KDC is generated using advance for private key What the symmetric key of device distribution generated this session key;
The 3rd ciphertext is forwarded to private key generator;
It is receiving and use that this session key decrypted private key maker is sent, use this session key it is the 4th close Text, obtain open parameter and private key.
2. a kind of data transmission method for KDC, it is characterised in that comprise the following steps:
In advance different symmetric keys is distributed for each node and private key generator;
The first ciphertext that receiving node is sent, and decrypt described the using the first key that the node is distributed in symmetric key One ciphertext;
When first ciphertext is that the node request is communicated with private key generator, generation random parameter is as the section This session key of point and private key generator;
This session key is generated into the 3rd ciphertext using the second key that private key generator is distributed in symmetric key;
This session key is encrypted using first key and the 3rd ciphertext generates the second ciphertext;
Second ciphertext is sent to the node.
3. a kind of data transmission method for private key generator, it is characterised in that comprise the following steps:
The 3rd ciphertext that the KDC for receiving and using the second secret key decryption node to forward generates, is obtained and the node This session key;Wherein, second key is the symmetric key that KDC is in advance private key generator distribution;
The 4th ciphertext will be generated after the open parameter previously generated and the private key encryption of the node using this session key;
4th ciphertext is sent to the node.
A kind of 4. node, it is characterised in that including:
The first ciphertext module is generated, for the request to be communicated using first key encryption node with private key generator, generation First ciphertext;Wherein, the first key is the symmetric key that KDC is in advance the node distribution;
First sending module, for sending first ciphertext to KDC;
First receiving module, for the second ciphertext for receiving and being returned using first key decruption key Distribution Center, obtain institute State this session key and the 3rd ciphertext of node and private key generator;Wherein, the 3rd ciphertext is:KDC This session key is generated using the symmetric key distributed in advance for private key generator;
Second sending module, for forwarding the 3rd ciphertext to private key generator;
Second receiving module, for receive and using this session key decrypted private key maker send, using this session 4th ciphertext of key encryption, obtain open parameter and private key.
A kind of 5. KDC, it is characterised in that including:
Distribute module, for being that each node and private key generator distribute different symmetric keys in advance;
3rd receiving module, the first ciphertext sent for receiving node, and using distributing to the node in symmetric key First key decrypts first ciphertext;
Session key module is generated, for when first ciphertext is that node request is communicated with private key generator, Random parameter is generated as the node and this session key of private key generator;
The 3rd ciphertext module is generated, for using the second key that private key generator is distributed in symmetric key that this session is close Key encryption the 3rd ciphertext of generation;
The second ciphertext module is generated, for encrypting this session key using first key and the generation of the 3rd ciphertext is second close Text;
3rd sending module, for second ciphertext to be sent to the node.
A kind of 6. private key generator, it is characterised in that including:
4th receiving module, the KDC for receiving and being forwarded using the second secret key decryption node generate the 3rd close Text, obtain this session key with the node;Wherein, second key is that KDC is private key generation in advance The symmetric key of device distribution;
Generate the 4th ciphertext module, for using this session key by the open parameter previously generated and the private key of the node The 4th ciphertext is generated after encryption;
4th sending module, for the 4th ciphertext to be sent to the node.
A kind of 7. data transmission system, it is characterised in that including node, KDC and private key generator, wherein, it is described Node is used for:
The request to be communicated using first key encryption node with private key generator, generate the first ciphertext;Wherein, described first Key is the symmetric key that KDC is in advance the node distribution;
First ciphertext is sent to KDC;
The second ciphertext for receiving and using first key decruption key Distribution Center to return, obtains the node and private key generator This session key and the 3rd ciphertext;Wherein, the 3rd ciphertext is:KDC is generated using advance for private key What the symmetric key of device distribution generated this session key;
The 3rd ciphertext is forwarded to private key generator;
It is receiving and use that this session key decrypted private key maker is sent, use this session key it is the 4th close Text, obtain open parameter and private key;
The KDC is used for:
In advance different symmetric keys is distributed for each node and private key generator;
The first ciphertext that receiving node is sent, and decrypt described the using the first key that the node is distributed in symmetric key One ciphertext;
When first ciphertext is that the node request is communicated with private key generator, generation random parameter is as the section This session key of point and private key generator;
This session key is generated into the 3rd ciphertext using the second key that private key generator is distributed in symmetric key;
This session key is encrypted using first key and the 3rd ciphertext generates the second ciphertext;
Second ciphertext is sent to the node;
The private key generator is used for:
Receive and use the 3rd ciphertext of KDC's generation that node described in the second secret key decryption forwards, obtain with it is described This session key of node;Wherein, second key is that KDC is the symmetrical of private key generator distribution in advance Key;
The 4th ciphertext will be generated after the open parameter previously generated and the private key encryption of the node using this session key;
4th ciphertext is sent to the node.
CN201310269180.9A 2013-07-01 2013-07-01 A kind of data transmission method, apparatus and system Active CN104283667B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310269180.9A CN104283667B (en) 2013-07-01 2013-07-01 A kind of data transmission method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310269180.9A CN104283667B (en) 2013-07-01 2013-07-01 A kind of data transmission method, apparatus and system

Publications (2)

Publication Number Publication Date
CN104283667A CN104283667A (en) 2015-01-14
CN104283667B true CN104283667B (en) 2017-11-21

Family

ID=52258181

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310269180.9A Active CN104283667B (en) 2013-07-01 2013-07-01 A kind of data transmission method, apparatus and system

Country Status (1)

Country Link
CN (1) CN104283667B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104967517B (en) * 2015-07-24 2018-03-20 电子科技大学 A kind of network data convergence method for wireless senser
CN106067874B (en) * 2016-05-20 2019-07-12 深圳市金立通信设备有限公司 It is a kind of by the method for data record to server end, terminal and server
CN114339745B (en) * 2021-12-28 2024-01-26 中国电信股份有限公司 Key distribution method, system and related equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166919A (en) * 2011-12-13 2013-06-19 ***通信集团黑龙江有限公司 Method and system for internet of things information transmission

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7181015B2 (en) * 2001-07-31 2007-02-20 Mcafee, Inc. Method and apparatus for cryptographic key establishment using an identity based symmetric keying technique

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103166919A (en) * 2011-12-13 2013-06-19 ***通信集团黑龙江有限公司 Method and system for internet of things information transmission

Also Published As

Publication number Publication date
CN104283667A (en) 2015-01-14

Similar Documents

Publication Publication Date Title
Li et al. Attribute based encryption with privacy protection and accountability for CloudIoT
CN106357396B (en) Digital signature method and system and quantum key card
Zhao et al. An efficient certificateless aggregate signature scheme for the Internet of Vehicles
Shim et al. A secure data aggregation scheme based on appropriate cryptographic primitives in heterogeneous wireless sensor networks
Rahulamathavan et al. User collusion avoidance scheme for privacy-preserving decentralized key-policy attribute-based encryption
Borisov et al. DP5: A private presence service
US9490979B2 (en) System and method for providing credentials
Tseng et al. Identity-based encryption with cloud revocation authority and its applications
Li et al. Provably secure certificate-based signature scheme without pairings
Du et al. An efficient certificateless aggregate signature scheme without pairings for healthcare wireless sensor network
CN104811302B (en) Mix based on the elliptic curve without certificate and sign decryption method
Karati et al. Provably secure and lightweight identity-based authenticated data sharing protocol for cyber-physical cloud environment
Li et al. Cryptanalysis and improvement for certificateless aggregate signature
Gu et al. Conjugacy systems based on nonabelian factorization problems and their applications in cryptography
Zhang et al. An efficient certificateless generalized signcryption scheme
Liu et al. Offline/online attribute‐based encryption with verifiable outsourced decryption
Li et al. Certificateless online/offline signcryption scheme
Zhang A lightweight data aggregation protocol with privacy-preserving for healthcare wireless sensor networks
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
CN104283667B (en) A kind of data transmission method, apparatus and system
Liao et al. Security analysis of a certificateless provable data possession scheme in cloud
Kim et al. An efficient identity-based broadcast signcryption scheme for wireless sensor networks
CN107204845A (en) Can be across the asymmetric group key agreement method of cluster in wireless sensor network
Chandrasekaran et al. TF‐CPABE: An efficient and secure data communication with policy updating in wireless body area networks
Battagliola et al. Provably unforgeable threshold EdDSA with an offline participant and trustless setup

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant