CN104796251B - A kind of management method and equipment of key pair - Google Patents

A kind of management method and equipment of key pair Download PDF

Info

Publication number
CN104796251B
CN104796251B CN201510149815.0A CN201510149815A CN104796251B CN 104796251 B CN104796251 B CN 104796251B CN 201510149815 A CN201510149815 A CN 201510149815A CN 104796251 B CN104796251 B CN 104796251B
Authority
CN
China
Prior art keywords
key
public key
key pair
main
load
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510149815.0A
Other languages
Chinese (zh)
Other versions
CN104796251A (en
Inventor
孙鲁东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201510149815.0A priority Critical patent/CN104796251B/en
Publication of CN104796251A publication Critical patent/CN104796251A/en
Application granted granted Critical
Publication of CN104796251B publication Critical patent/CN104796251B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of management method of key pair and equipment, this method comprises: main KS obtains first key pair, in first key to adding the first key pair in Simultaneous Load, the first key is added in the first redundancy backup protocol massages to Simultaneous Load, and the first redundancy backup protocol massages are sent to standby KS;The first key is to including the first public key and the first private key;The main KS regularly updates key pair, obtains updated second key pair;The main KS adds second key pair in the second key pair Simultaneous Load, the second key pair Simultaneous Load is added in the second redundancy backup protocol massages, and the second redundancy backup protocol massages are sent to the standby KS;Wherein, second key pair includes the second public key and the second private key.In the embodiment of the present invention, without the manually configuring cipher key pair on standby KS, ease for use is improved.And by regularly updating key pair, security of system can be improved.

Description

A kind of management method and equipment of key pair
Technical field
The present invention relates to fields of communication technology, more particularly, to the management method and equipment of a kind of key pair.
Background technique
As shown in Figure 1, for GD VPN, (Group Domain Virtual Private Network, group domain are virtually privately owned Network) networking structure schematic diagram, GD VPN provides a kind of security model based on group.Group is the set of a security strategy, is belonged to In same group of all members share identical security strategy, KEK (Key Encryption Key, encryption key it is close Key), TEK (Traffic Encryption Key, encrypt the key of flow).Further, GD VPN is by KS (Key Server, key server) and GM (Group Member, group membership) composition, KS manage difference by dividing different group Security strategy, KEK, TEK etc., and GM obtains security strategy, KEK, TEK etc. from KS by being added corresponding group.
For the safety of the security strategy, KEK, TEK etc. that obtain GM verifying from KS, administrator's needs configure on KS Key pair (including public key and private key), and public key is sent to GM by KS.KS is sending the letter such as security strategy, KEK, TEK to GM When breath, signed using private key to information.GM when obtaining the information such as security strategy, KEK, TEK, using public key to sign into Row verifying, and determine that relevant information is legal when being verified, verifying, obstructed out-of-date determining relevant information is illegal.
It to improve the reliability of GD VPN network, and realizes load balancing, multiple KS can be disposed in GD VPN network, this A little KS are worked in a manner of redundancy backup.As shown in Fig. 2, be the networking structure schematic diagram of KS redundancy backup, it is standby being mutually redundant Part one group of KS in, including main KS and at least one for KS.Wherein, main KS is responsible for safeguarding security strategy, KEK, TEK of GM Etc. information, and the information such as the security strategy of GM, KEK, TEK are sent to standby KS.Main KS and all standby KS can receive GM's Registration.
Under above-mentioned networking structure, need to create key pair on a KS (such as main KS) by administrator, then by key It exports, then is imported on other KS (such as each standby KS) to from the KS.Aforesaid way needs administrator to create phase on each KS Same key pair, time-consuming and laborious, ease for use is poor.Also, due to being human configuration, key pair is not updated for a long time because will appear Situation influences security of system.
Summary of the invention
The embodiment of the present invention provides a kind of management method of key pair, this method be applied to include master secret server KS and In the group domain virtual private networks GD VPN of standby KS, it the described method comprises the following steps:
The main KS obtains first key pair, in first key to adding the first key pair in Simultaneous Load, the The first key is added in one redundancy backup protocol massages to Simultaneous Load, and the first redundancy backup protocol massages are sent out Give standby KS;The first key is to including the first public key and the first private key;
The main KS regularly updates key pair, obtains updated second key pair;
The main KS adds second key pair in the second key pair Simultaneous Load, in the second redundancy backup agreement report The second key pair Simultaneous Load is added in text, and the second redundancy backup protocol massages are sent to the standby KS;Its In, second key pair includes the second public key and the second private key.
Key pair is regularly updated in the main KS, after obtaining updated second key pair, the method is further wrapped Include: the main KS sends offline notification message to group membership GM, so that the GM is offline and again standby to the main KS or described KS registration;
When the GM is registered to the main KS again, second public key is sent to the GM by the main KS, so that Currently used public key is updated to second public key by the GM.
Key pair is regularly updated in the main KS, after obtaining updated second key pair, the method is further wrapped Include: main KS addition public key in updating Rekey message updates load, and updates in the public key and add described the in load Two public keys;The main KS sends the Rekey message for carrying second public key to GM, so that the GM is from the Rekey message In get second public key, currently used public key is updated to the public key and updates the second public key in load.
The method further includes: the main KS is using the private key for obtaining using before second key pair to described Second public key is signed, and is updated in load in the public key and added the signature so that the GM receive it is described When Rekey message, the signature in load is updated using public key described in the upper currently used public key verifications of this GM, if verifying is logical It crosses, then the second public key being updated to currently used public key in the public key update load.
The embodiment of the present invention provides a kind of master secret server KS, virtual applied to the group domain including the main KS and standby KS In private network GD VPN, the main KS is specifically included:
Module is obtained, for obtaining first key pair, and key pair is regularly updated, obtains updated second key pair; Wherein, the first key specifically includes the second public key to the first public key and the first private key, second key pair is specifically included With the second private key;
Sending module, in first key to adding the first key pair in Simultaneous Load, and it is standby in the first redundancy The first key is added to Simultaneous Load in part protocol massages, and the first redundancy backup protocol massages is sent to described Standby KS;And second key pair is added in the second key pair Simultaneous Load, and in the second redundancy backup protocol massages The second key pair Simultaneous Load is added, and the second redundancy backup protocol massages are sent to the standby KS.
The sending module is also used to regularly updating key pair, after obtaining updated second key pair, Xiang Zucheng Member GM sends offline notification message, so that the GM is offline and registers again to the standby KS of the main KS or described;In GM weight When newly registering to the main KS, second public key is sent to the GM, so that the GM updates currently used public key For second public key.
The sending module is also used to regularly updating key pair, after obtaining updated second key pair, is updating Public key is added in Rekey message and updates load, and is updated in load in the public key and added second public key;It is taken to GM transmission Rekey message with second public key will work as so that the GM gets second public key from the Rekey message The preceding public key used is updated to the second public key in the public key update load.
The sending module, further using the private key for obtaining using before second key pair to second public key It signs, and is updated in load in the public key and add the signature, so that the GM is receiving the Rekey message When, it if the verification passes then will be current using the signature that public key described in the upper currently used public key verifications of this GM updates in load The public key used is updated to the second public key in the public key update load.
Based on the above-mentioned technical proposal, in the embodiment of the present invention, under the scene of KS redundancy backup, main KS is automatically by acquisition Key pair is synchronized to standby KS, without the manually configuring cipher key pair on standby KS, improves ease for use.And by regularly updating key It is right, security of system can be improved.
Detailed description of the invention
Fig. 1 is GD VPN networking structure schematic diagram in the prior art;
Fig. 2 is the networking structure schematic diagram of KS redundancy backup in the prior art;
Fig. 3 is a kind of management method flow diagram of key pair provided in an embodiment of the present invention;
Fig. 4 is the structural schematic diagram of the main KS provided in the embodiment of the present invention a kind of.
Specific embodiment
Aiming at the problems existing in the prior art, the embodiment of the present invention provides a kind of management method of key pair, is with Fig. 2 The application scenarios schematic diagram of the embodiment of the present invention, this method are applied to the GD including main KS and standby KS (one or more is for KS) It in VPN, and further include one or more GM in the GD VPN.As shown in figure 3, the management method of the key pair specifically can wrap Include following steps:
Step 301, main KS obtains first key pair, in first key to adding first key pair in Simultaneous Load, the First key is added in one redundancy backup protocol massages to Simultaneous Load, and the first redundancy backup protocol massages is sent to standby KS.Wherein, the first key is to including the first public key and the first private key.
Wherein, first key is to being key pair of the initial configuration on main KS, and first key is to can be administrator's craft The key pair of creation, or the key pair that main KS is automatically created does not need manual intervention.In administrator's manual creation first When key pair, administrator can input the order comprising first key pair on main KS, obtain first from the order by main KS Key pair.Automatically create first key clock synchronization in main KS, can by administrator by hand on main KS input key pair generating algorithm, The parameters such as key pair length are then generated the first key pair of the key pair length by main KS using the key pair generating algorithm.
Step 302, main KS regularly updates (period of update can be controlled by the configuration of main KS) key pair, after obtaining update The second key pair, add the second key pair in the second key pair Simultaneous Load, add in the second redundancy backup protocol massages Add the second key pair Simultaneous Load, and the second redundancy backup protocol massages are sent to standby KS.Wherein, second key pair is specific Including the second public key and the second private key.
Wherein, the second key pair is the key pair obtained after being updated to currently used key pair, the second key pair It can be the key pair that administrator updates on main KS, or the key pair that main KS is automatically created does not need manual intervention. Manual when updating the second key pair on main KS in administrator, administrator can input the life comprising the second key pair on main KS It enables, obtains the second key pair from the order by main KS.It, can be by administrator's craft when main KS automatically creates the second key pair The parameters such as key pair generating algorithm, key pair length, update cycle are inputted on main KS, are based on the update cycle, by main KS benefit The second key pair of the key pair length is generated with the key pair generating algorithm.
In the embodiment of the present invention, by being extended to existing redundancy backup agreement, so that in redundancy backup agreement report Key pair Simultaneous Load can be carried in text.Wherein it is possible to key pair Simultaneous Load is only carried in redundancy backup protocol massages, No longer carry other information.Alternatively, on the basis of carrying existing information in redundancy backup protocol massages, in redundancy backup agreement In message carry key pair Simultaneous Load, for example, carried in the real-time synchronization message based on redundancy backup agreement it is to be synchronized to On the basis of the information (such as security strategy, KEK, TEK) of standby KS, the synchronous load of the key pair comprising key pair can also be carried Lotus.
Based on this, first key can individually carry in the first redundancy backup protocol massages Simultaneous Load, and the One redundancy backup protocol massages are transmitted between main KS and standby KS;Second key pair Simultaneous Load can be carried individually In second redundancy backup protocol massages, and the second redundancy backup protocol massages are transmitted between main KS and standby KS.Alternatively, the One key pair Simultaneous Load can carry standby in the first redundancy for having carried other information (such as security strategy, KEK, TEK) In part protocol massages, and the first redundancy backup protocol massages are transmitted between main KS and standby KS;Second key pair is synchronous to be carried Lotus can carry in the second redundancy backup protocol massages for having carried other information (such as security strategy, KEK, TEK), and Second redundancy backup protocol massages are transmitted between main KS and standby KS.
In the embodiment of the present invention, in key pair Simultaneous Load, (i.e. above-mentioned first key is to, the second key for key pair It is right) data can using standard DER (Distinguished Encoding Rules, can distinguish coding rule) encode, And its content can defer to PKCS (Public-Key Cryptography Standards, public key cryptography standard) #1 mark It is quasi-.
In the embodiment of the present invention, for security reasons, passing through redundancy backup protocol massages, (i.e. above-mentioned first is superfluous Remaining backup protocol message, the second redundancy backup protocol massages) transmitting key pair information when, main KS can also pass through IKE (Internet Key Exchange, Internet Key Exchange) SA (Security Association, Security Association) Redundancy backup protocol massages are protected, so that the information to the key pair in redundancy backup protocol massages is carried out compared with high safety The protection of property.
In the embodiment of the present invention, key pair is regularly updated in main KS, after obtaining updated second key pair, main KS is also Second public key of the second cipher key pair can be notified to GM, thus by GM using second public key to the Rekey being successfully received Signature in (update) message is verified.Based on this, main KS can be public by the second of the second cipher key pair in the following way Key is notified to GM.
Mode one, after key pair automatically updates, main KS actively sends offline notification message to GM, lays equal stress on so that GM is offline Newly registered to main KS or standby KS.
When GM is registered to main KS again, the second public key is sent to GM by main KS, and GM obtains the second public key, will be currently used Public key be updated to the second public key, and the signature in the Rekey message being successfully received is verified using the second public key.Or Person, when GM is registered to standby KS again, the second public key is sent to GM by standby KS, and GM obtains the second public key, by currently used public affairs Key is updated to the second public key, and is verified using the second public key to the signature in the Rekey message being successfully received.
Mode two, after key pair automatically updates, main KS need to GM send Rekey message when, main KS Rekey report Public key is added in text and updates load, and is updated in load in public key and added the second public key.Main KS sends to GM and carries the second public key Rekey message currently used public key is updated to the public key more so that GM gets the second public key from Rekey message The second public key in new load, and the signature in the Rekey message received is verified using second public key.
Further, for mode two, main KS can also be using the private key for obtaining using before the second key pair (before i.e. The first private key or the second private key used) the second public key (the second public key of the second i.e. currently available cipher key pair) is carried out Signature, and updated in load in public key and add the signature.GM is upper currently used using this GM when receiving Rekey message Public key verifications public key updates the signature in load, if the verification passes, then currently used public key is updated to public key and updates load The second public key in lotus.
In the embodiment of the present invention, by being extended to Rekey message, public key is carried in Rekey message and updates load, The second public key is sent to GM by Rekey message, it is smoothly transitted into GM in the transmission process of Rekey message using new The second public key.Further, which, which updates, may include a signature and the second new public key in load.Wherein, it signs The value of field is signature of original private key to the second new public key.The second new public key field can encode for the DER of standard, Defer to PKCS#1 standard.For GM when handling Rekey message, if wherein updating load comprising public key, GM is by verifying wherein Signature determine whether to trust the second new public key.If the verification passes, then the second new public key verifications Rekey can be used in GM Signature in message, and the signature in the Rekey message being successfully received is verified using the second new public key.
In the embodiment of the present invention, for main KS after obtaining updated second key pair, main KS will utilize the second private key pair The Rekey message for being sent to GM is signed;By GM when receiving Rekey message, the second public key pair of this GM acquisition is utilized Signature in Rekey message is verified.
Wherein, by the information such as strategy safe to carry, KEK, TEK in Rekey message.
Based on the above-mentioned technical proposal, in the embodiment of the present invention, under the scene of KS redundancy backup, main KS is automatically by acquisition Key pair is synchronized to standby KS, without the manually configuring cipher key pair on standby KS, improves ease for use.And by regularly updating key It is right, security of system can be improved.
Based on inventive concept same as the above method, a kind of master secret server is additionally provided in the embodiment of the present invention KS, applied to include the main KS and standby KS group domain virtual private networks GD VPN in, as shown in figure 4, the main KS is specific Include:
Module 11 is obtained, for obtaining first key pair, and key pair is regularly updated, obtains updated second key It is right;Wherein, the first key specifically includes the second public affairs to the first public key and the first private key, second key pair is specifically included Key and the second private key;
Sending module 12, in first key to adding the first key pair in Simultaneous Load, and in the first redundancy The first key is added in backup protocol message to Simultaneous Load, and the first redundancy backup protocol massages are sent to institute State standby KS;And second key pair is added in the second key pair Simultaneous Load, and in the second redundancy backup protocol massages Middle addition the second key pair Simultaneous Load, and the second redundancy backup protocol massages are sent to the standby KS.
The sending module 12 is also used to regularly updating key pair, after obtaining updated second key pair, to group Member GM sends offline notification message, so that the GM is offline and registers again to the standby KS of the main KS or described;In the GM Again to the main KS register when, second public key is sent to the GM so that the GM by currently used public key more It is newly second public key.
The sending module 12 is also used to regularly updating key pair, after obtaining updated second key pair, more Addition public key updates load in new Rekey message, and updates in load in the public key and add second public key;It is sent to GM The Rekey message of second public key is carried, so that the GM gets second public key from the Rekey message, it will Currently used public key is updated to the second public key in the public key update load.
The sending module 12, it is further public to described second using the private key for obtaining using before second key pair Key is signed, and is updated in load in the public key and added the signature, so that the GM is receiving the Rekey message When, it if the verification passes then will be current using the signature that public key described in the upper currently used public key verifications of this GM updates in load The public key used is updated to the second public key in the public key update load.
Wherein, the modules of apparatus of the present invention can integrate in one, can also be deployed separately.Above-mentioned module can close And be a module, multiple submodule can also be further split into.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by Software adds the mode of required general hardware platform to realize, naturally it is also possible to which by hardware, but in many cases, the former is more Good embodiment.Based on this understanding, technical solution of the present invention substantially in other words contributes to the prior art Part can be embodied in the form of software products, which is stored in a storage medium, if including Dry instruction is used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes this hair Method described in bright each embodiment.It will be appreciated by those skilled in the art that attached drawing is the schematic diagram of a preferred embodiment, Module or process in attached drawing are not necessarily implemented necessary to the present invention.It will be appreciated by those skilled in the art that in embodiment Device in module can according to embodiment describe be distributed in the device of embodiment, corresponding change position can also be carried out In the one or more devices for being different from the present embodiment.The module of above-described embodiment can be merged into a module, can also be with It is further split into multiple submodule.The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.With Upper disclosed several specific embodiments only of the invention, still, the present invention is not limited to this, any those skilled in the art Member can think of variation should all fall into protection scope of the present invention.

Claims (6)

1. a kind of management method of key pair, it is virtually privately owned that this method is applied to the group domain including master secret server KS and standby KS In network G D VPN, which is characterized in that the described method comprises the following steps:
The main KS obtains first key pair, superfluous first in first key to adding the first key pair in Simultaneous Load The first key is added in remaining backup protocol message to Simultaneous Load, and the first redundancy backup protocol massages are sent to Standby KS;The first key is to including the first public key and the first private key;
The main KS regularly updates key pair, obtains updated second key pair;
The main KS adds second key pair in the second key pair Simultaneous Load, in the second redundancy backup protocol massages The second key pair Simultaneous Load is added, and the second redundancy backup protocol massages are sent to the standby KS;Wherein, institute Stating the second key pair includes the second public key and the second private key;
Main KS addition public key in updating Rekey message updates load, and updates in load described in addition in the public key Second public key;The main KS sends the Rekey message for carrying second public key to GM, so that the GM is reported from the Rekey Second public key is got in text, and currently used public key is updated to the second public key in the public key update load.
2. the method as described in claim 1, which is characterized in that regularly update key pair in the main KS, obtain updated After second key pair, the method further includes:
The main KS sends offline notification message to group membership GM, so that the GM is offline and again standby to the main KS or described KS registration;
When the GM is registered to the main KS again, second public key is sent to the GM by the main KS, so that described Currently used public key is updated to second public key by GM.
3. the method as described in claim 1, which is characterized in that the method further includes:
The main KS signs to second public key using the private key for obtaining using before second key pair, and in institute It states in public key update load and adds the signature, so that the GM is when receiving the Rekey message, it is upper current using this GM Currently used public key is then updated to by the signature that public key described in the public key verifications used updates in load if the verification passes The public key updates the second public key in load.
4. a kind of master secret server KS, applied to include the main KS and standby KS group domain virtual private networks GD VPN in, It is characterized in that, the main KS is specifically included:
Module is obtained, for obtaining first key pair, and key pair is regularly updated, obtains updated second key pair;Wherein, The first key specifically includes the second public key and second to the first public key and the first private key, second key pair is specifically included Private key;
Sending module, for adding the first key pair in Simultaneous Load, and being assisted in the first redundancy backup in first key The first key is added to Simultaneous Load in view message, and the first redundancy backup protocol massages is sent to described standby KS;And second key pair is added in the second key pair Simultaneous Load, and add in the second redundancy backup protocol massages Add the second key pair Simultaneous Load, and the second redundancy backup protocol massages are sent to the standby KS;
The sending module is also used to regularly updating key pair, after obtaining updated second key pair, is updating Public key is added in Rekey message and updates load, and is updated in load in the public key and added second public key;It is taken to GM transmission Rekey message with second public key will work as so that the GM gets second public key from the Rekey message The preceding public key used is updated to the second public key in the public key update load.
5. main KS as claimed in claim 4, which is characterized in that
The sending module is also used to regularly updating key pair, after obtaining updated second key pair, to group membership GM Offline notification message is sent, so that the GM is offline and registers again to the standby KS of the main KS or described;The GM again to When the main KS is registered, second public key is sent to the GM, so that currently used public key is updated to institute by the GM State the second public key.
6. main KS as claimed in claim 4, which is characterized in that
The sending module further carries out second public key using the private key for obtaining using before second key pair Signature, and updated in load in the public key and add the signature, so that the GM is when receiving the Rekey message, it is sharp The signature that the public key described in the upper currently used public key verifications of this GM updates in load if the verification passes then will be currently used Public key be updated to the public key and update the second public key in load.
CN201510149815.0A 2015-03-31 2015-03-31 A kind of management method and equipment of key pair Active CN104796251B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510149815.0A CN104796251B (en) 2015-03-31 2015-03-31 A kind of management method and equipment of key pair

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510149815.0A CN104796251B (en) 2015-03-31 2015-03-31 A kind of management method and equipment of key pair

Publications (2)

Publication Number Publication Date
CN104796251A CN104796251A (en) 2015-07-22
CN104796251B true CN104796251B (en) 2019-06-07

Family

ID=53560784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510149815.0A Active CN104796251B (en) 2015-03-31 2015-03-31 A kind of management method and equipment of key pair

Country Status (1)

Country Link
CN (1) CN104796251B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106255103A (en) * 2016-07-29 2016-12-21 华为技术有限公司 A kind of method of data synchronization and equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7827262B2 (en) * 2005-07-14 2010-11-02 Cisco Technology, Inc. Approach for managing state information by a group of servers that services a group of clients
CN102904901A (en) * 2012-10-29 2013-01-30 杭州华三通信技术有限公司 Method for synchronizing IPsec SA, group member and group secret server

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7362868B2 (en) * 2000-10-20 2008-04-22 Eruces, Inc. Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data
US8300831B2 (en) * 2010-04-26 2012-10-30 International Business Machines Corporation Redundant key server encryption environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7827262B2 (en) * 2005-07-14 2010-11-02 Cisco Technology, Inc. Approach for managing state information by a group of servers that services a group of clients
CN102904901A (en) * 2012-10-29 2013-01-30 杭州华三通信技术有限公司 Method for synchronizing IPsec SA, group member and group secret server

Also Published As

Publication number Publication date
CN104796251A (en) 2015-07-22

Similar Documents

Publication Publication Date Title
US20240113877A1 (en) Blockchain-implemented method and system
KR101936080B1 (en) Ksi-based authentication and communication method for secure smart home environment and system therefor
CN109257182B (en) Privacy protection method based on homomorphic cryptography commitment and zero knowledge range certification
CN103118027B (en) The method of TLS passage is set up based on the close algorithm of state
CN110943957B (en) Safety communication system and method for vehicle intranet
CN105871538B (en) Quantum key distribution system, quantum key delivering method and device
CN103621126B (en) The method and apparatus that machine to machine service is provided
CN103338215B (en) The method setting up TLS passage based on the close algorithm of state
CN114730420A (en) System and method for generating signatures
CN101409619B (en) Flash memory card and method for implementing virtual special network key exchange
CN105721153B (en) Key exchange system and method based on authentication information
CN105873031A (en) Authentication and key negotiation method of distributed unmanned aerial vehicle based on trusted platform
CN103959735A (en) Systems and methods for providing secure multicast intra-cluster communication
US20190394029A1 (en) Authenticating Secure Channel Establishment Messages Based on Shared-Secret
DE112019001441T5 (en) FORGETTABLE PSEUDO ACCIDENT FUNCTION IN A KEY MANAGEMENT SYSTEM
CN106130716A (en) Cipher key exchange system based on authentication information and method
CN106341232A (en) Anonymous entity identification method based on password
CN111756530B (en) Quantum service mobile engine system, network architecture and related equipment
CN109474613A (en) A kind of Expressway Information publication private network security hardened system of identity-based certification
CN103634788A (en) Certificateless multi-proxy signcryption method with forward secrecy
CN109587100A (en) A kind of cloud computing platform user authentication process method and system
CN106060073A (en) Channel key negotiation method
CN113411187A (en) Identity authentication method and system, storage medium and processor
Elemam et al. Formal verification for a PMQTT protocol
CN116527279A (en) Verifiable federal learning device and method for secure data aggregation in industrial control network

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant