CN108777678B - Network key interaction system, device and method - Google Patents

Network key interaction system, device and method Download PDF

Info

Publication number
CN108777678B
CN108777678B CN201810480420.2A CN201810480420A CN108777678B CN 108777678 B CN108777678 B CN 108777678B CN 201810480420 A CN201810480420 A CN 201810480420A CN 108777678 B CN108777678 B CN 108777678B
Authority
CN
China
Prior art keywords
information
key
interaction
timestamp
interactive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201810480420.2A
Other languages
Chinese (zh)
Other versions
CN108777678A (en
Inventor
杨俊�
刘芮青
崔宝江
姚绅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201810480420.2A priority Critical patent/CN108777678B/en
Publication of CN108777678A publication Critical patent/CN108777678A/en
Application granted granted Critical
Publication of CN108777678B publication Critical patent/CN108777678B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application provides a network key interaction system, a device and a method, wherein the system comprises a first device and a second device; the first equipment sends the generated first interaction information to the second equipment; receiving second interactive information sent by second equipment after receiving the first interactive information; generating a temporary transmission key based on first round information carried in the first interactive information and second round information carried in the second interactive information; after encrypting the randomly generated network key by using the temporary transmission key, carrying the network key in third interactive information and sending the third interactive information to the second equipment; and after receiving the third interactive information, the second device generates a temporary transmission key according to the first round information carried in the first interactive information and the second round information generated locally, and acquires the network key carried in the third interactive information by using the generated temporary transmission key. The system can negotiate the network key in a multi-handshake mode, and can be replaced in time when the network key is stolen, so that the security of wireless network communication is improved.

Description

Network key interaction system, device and method
Technical Field
The present application relates to the field of data security, and in particular, to a network key interaction system, device, and method.
Background
With the continuous development of the technology of the internet of things, the application of the internet of things is more and more extensive, and the scale of the internet of things is more and more huge. The internet of things equipment generally adopts wireless network communication protocols such as a ZigBee protocol (ZigBee) and the like to communicate.
In the internet of things, in order to ensure the high efficiency of communication, the existing wireless network communication protocol is mainly realized by adopting a measure of not encrypting or slightly encrypting transmission data; the unencrypted data transmission mode, namely, the encryption link is cancelled in the communication process, so that the communication information is easy to steal, and multi-party benefits are easy to be damaged; the data transmission mode with less encryption mainly carries out data encryption transmission through a predefined key set by a factory; although the data security is guaranteed to a certain extent, the predefined key cannot be changed, and once stolen, the information can be leaked.
Therefore, the security of wireless network communication is poor, which is a problem to be solved urgently.
Disclosure of Invention
In view of this, an object of the present application is to provide a network key agreement system, device and method, which can implement encrypted transmission of a key and improve security of wireless network communication.
In a first aspect, an embodiment of the present application provides a network key agreement system, including: a first device and a second device that perform data communication;
the first device is used for generating first interaction information and sending the first interaction information to the second device; the first interaction information carries: a first round of information encrypted using a secure key; receiving second interactive information sent by the second equipment after receiving the first interactive information; generating a temporary transmission key based on the first round information and second round information carried in the second interactive information; encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information; carrying the network key encryption information in third interaction information, and sending the third interaction information to the second device; receiving fourth interactive information sent by the second equipment based on the third interactive information, verifying the fourth interactive information based on the randomly generated network key, and finishing the negotiation of the network key with the second equipment if the verification is passed;
the second device is configured to generate second interaction information after receiving the first interaction information, and send the second interaction information to the first device; the second interaction information carries: second round information encrypted using the secure key; receiving third interactive information sent by the first equipment according to the second interactive information; generating a temporary transmission key based on first round information and second round information carried in the first interactive information, and decrypting network key encryption information based on the temporary transmission key to obtain the network key; and generating the fourth interaction information based on the network key, and sending the fourth interaction information to the first equipment.
In a second aspect, an embodiment of the present application further provides a network key agreement device, configured in a network key agreement system formed by a first device and a second device; a first interaction module is installed in the first equipment; a second interaction module is installed in the second equipment;
the first interaction module is configured to: generating first interaction information and sending the first interaction information to the second interaction module; the first interaction information carries: a first round of information encrypted using a secure key; receiving second interaction information fed back by the second equipment according to the first interaction information; generating a temporary transmission key based on the first round information and the second round information carried in the second interactive information; encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information; carrying the network key encryption information and the equipment key encrypted by using the security key in third interaction information, and sending the third interaction information to the second interaction module; receiving fourth interaction information sent by the second interaction module based on the third interaction information, verifying the fourth interaction information based on the randomly generated network key, and finishing negotiation of the network key with the second interaction module if the verification is passed;
the second interaction module is used for generating second interaction information after receiving the first interaction information and sending the second interaction information to the first interaction module; the second interaction information carries: second round information encrypted using the secure key; receiving third interactive information sent by the first interactive module according to the second interactive information; generating a temporary transmission key based on first round information and second round information carried in the first interactive information, and decrypting network key encryption information based on the temporary transmission key to obtain the network key; and generating the fourth interaction information based on the network key, and sending the fourth interaction information to the first interaction module.
In a third aspect, a network key agreement method is provided, where the method is applied to a first device performing network key agreement, and the method includes:
generating first interaction information and sending the first interaction information to the second equipment; the first interaction information carries: a first round of information encrypted using a secure key;
receiving second interactive information sent by the second equipment after receiving the first interactive information; the second interaction information carries: second round information encrypted using a secure key;
generating a temporary transmission key based on the first round information and second round information carried in the second interactive information;
encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information;
carrying the network key encryption information in third interaction information, and sending the third interaction information to the second device;
receiving fourth interactive information sent by the second equipment based on the third interactive information; the fourth interaction information is generated based on the network key;
and verifying the fourth interactive information based on the network key, and if the fourth interactive information passes the verification, completing the negotiation of the network key with the second equipment.
In a fourth aspect, a network key agreement method is provided, where the method is applied to a second device performing network key agreement, and the method includes:
receiving first interactive information sent by first equipment, and generating second interactive information after receiving the first interactive information;
sending the second interaction information to the first device; the second interaction information carries: second round information encrypted using the secure key;
receiving third interactive information sent by the first equipment according to the second interactive information;
generating a temporary transmission key based on first round information and second round information carried in the first interactive information, and decrypting network key encryption information based on the temporary transmission key to obtain the network key;
and generating the fourth interaction information based on the network key, and sending the fourth interaction information to the first equipment.
The network key interaction system provided by the embodiment of the application adopts a Hash chain mechanism to transmit the network key and authenticate the identity information, and can realize encrypted transmission of the key and improve the security of wireless network communication with a non-encrypted data transmission mode and a less-encrypted data transmission mode in the prior art.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 shows a schematic structural diagram of a network key agreement system provided in an embodiment of the present application;
fig. 2 illustrates a flowchart for generating a temporary transport key according to an embodiment of the present application;
fig. 3 illustrates another flow chart for generating a temporary transmission key provided by an embodiment of the present application;
fig. 4 is a flowchart illustrating a network key agreement method according to an embodiment of the present application;
fig. 5 is a flowchart illustrating another network key agreement method provided in an embodiment of the present application;
fig. 6a shows a flowchart of a device discovery process provided by an embodiment of the present application;
fig. 6b shows a flowchart of a first process of key agreement provided by an embodiment of the present application;
fig. 6c is a flowchart illustrating a first process of key agreement provided by an embodiment of the present application;
fig. 6d shows a flowchart of a second process of key agreement provided by the embodiment of the present application;
fig. 6e shows a flowchart of a third process of key agreement provided by the embodiment of the present application;
fig. 6f is a flowchart illustrating a fourth process of key agreement provided by the embodiment of the present application;
fig. 7 shows a flowchart of a network key agreement system provided in an embodiment of the present application;
fig. 8 shows a schematic structural diagram of a computer device provided in an embodiment of the present application.
Detailed Description
Different from the prior art, embodiments of the present application provide a network key agreement system, which can negotiate a network key between a first device and a second device through multiple handshakes, then encrypt communication data between the first device and the second device using the network key, and can repeat a network key agreement process as needed to negotiate a new network key, so that even if the network key obtained through one negotiation is leaked during use, the first device and the second device can also replace an original network key by negotiating the new network key, so that the network key can be replaced in time when being stolen, and security of wireless network communication is improved.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, the present application is described in further detail with reference to the accompanying drawings and the detailed description. In the embodiment of the application, the system can be used in the internet of things and other wireless network devices. The system is described below.
Referring to fig. 1, an embodiment of the present application provides a network key agreement system, including: a first device and a second device that perform data communication;
the first equipment is used for generating first interaction information and sending the first interaction information to the second equipment; the first interaction information carries: a first round of information encrypted using a secure key; receiving second interactive information sent by second equipment after receiving the first interactive information; generating a temporary transmission key based on the first round information and the second round information carried in the second interactive information; encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information; carrying the network key encryption information in the third interactive information, and sending the third interactive information to the second equipment; receiving fourth interactive information sent by the second equipment based on the third interactive information, verifying the fourth interactive information based on a randomly generated network key, and finishing negotiation of the network key with the second equipment if the verification is passed;
the second equipment is used for generating second interactive information after receiving the first interactive information and sending the second interactive information to the first equipment; the second interaction information carries: second round information encrypted using a secure key; receiving third interactive information sent by the first equipment according to the second interactive information; generating a temporary transmission key based on the first round information and the second round information carried in the first interactive information, and decrypting the network key encryption information based on the temporary transmission key to obtain a network key; and generating fourth interaction information based on the network key, and sending the fourth interaction information to the first equipment.
In a specific implementation, the first device and the second device are both for wireless data communication; for example, in the internet of things, the first device may be an internet of things trust center server; the second device may be a device to be added to the internet of things, such as an intelligent lamp, an intelligent door lock, and the like; in other wireless networks, the first device and the second device are terminals and the like to perform data interaction, respectively. In addition, the initiator of the network key agreement may be any one of the parties performing data communication, that is, any one of the parties performing data communication may serve as the first device in the present application to initiate the process of the network key agreement.
The network key agreement system provided by the application comprises the following processes:
(1) when the first device initiates a network key negotiation process, first interaction information is generated and sent to the second device. Carrying first round information TrID encrypted by using a security key ks in the first interactive information; the security key ks is a key agreed in advance by the first device and the second device and is only used when network key negotiation is carried out; except for the network key negotiation process, the first device and the second device perform data interaction and use the network key obtained by the last negotiation key interaction process negotiation. The first round of information, the TrID, is randomly generated by the first device.
The generated first interaction information alpha satisfies the formula: α ═ (TrID) ks.
(2) And the second equipment receives the first interactive information sent by the first equipment, generates second interactive information and sends the second interactive information to the first equipment.
Specifically, the second interaction information carries second round information RsID encrypted by using the security key ks; this security key ks is the same as the security key ks used by the first interaction information. The second round information RsID is randomly generated by the second device.
The generated second mutual information beta satisfies the formula: β ═ s (RsID).
Here, after receiving the first interaction information sent by the first device, the second device also decrypts the encrypted first round information drid using the security key ks, and stores the first round information drid obtained after decryption.
(3) And the first equipment receives the second interactive information sent by the second equipment, and decrypts the encrypted second round information RsID carried in the second interactive information by using the security key ks to obtain the second round information RsID.
After obtaining the second round information RsID, the first device may generate the temporary transmission key Ktrans using the first round information RsID generated by the first device and the second round information RsID obtained from the second mutual information.
Specifically, in this embodiment of the present application, a specific method for generating a temporary transmission key Ktrans by a first device is further provided, in the method, a key bit mask KBM encrypted with a secure key ks is carried in second interaction information, the key bit mask KBM is stored in a second device in advance, and different devices correspond to different key bit masks KBM. The key bit mask KBM is actually a look-up table of key indices and device keys. The key bit mask KBM includes at least three key indexes KI, and each key index KI corresponds to a device key K. At this time, the second mutual information β satisfies the formula: β ═ RsID (kslI) (KBM) ks
After the first device receives the second interaction information sent by the second device, the first device decrypts the encrypted key bit mask KBM by using the security key ks to obtain the key bit mask KBM, and then assigns a key index KI from the key bit mask KBM.
After receiving the second interactive information, the first device generates a temporary transmission key Ktrans according to the following steps as shown in fig. 2:
s201: and connecting the first round of information and the second round of information carried in the second interactive information to form a character string.
When the specific implementation is performed, the first round information TrID and the second round information RsID are connected, and actually, the first round information TrID and the second round information RsID are spliced, and the splicing method can be specifically set according to actual needs.
For example, the first round information TrID is 32 bits; the second round information RsID is 32 bits, and to splice the first round information RsID and the second round information RsID into a 128-bit character string, any one of the following ways may be used for splicing:
TrID | | TrID | | RsID, TrID | | RsID | | TrID, RsID | | RsID | | TrID | | RsID, RsID | | RsID | | TrID | | TrID, RsID | | TrID | | RsID | | | TrID, RsID | | TrID | | TrID | | | RsID, RsID | | | | RsID … …, and the like, wherein "|" represents splicing.
That is, when the first round information TrID and the second round information RsID are concatenated to form a character string, the number is at least 1, and the position can be set as needed.
S202: and encrypting the character string by taking the device key k corresponding to the key index KI specified by the first device as an encryption key to generate a temporary transmission key Ktrans.
The preset encryption algorithm may be set according to actual use requirements, generally, a symmetric key encryption algorithm may be adopted, and the same device key k is used in the encryption process and the decryption process, and the preset encryption algorithm may be: advanced Encryption Standard (AES) Encryption algorithm, Data Encryption Standard (DES), and the like.
For example, 32-bit first round information trsid and 32-bit second round information RsID are connected in a manner of RsID | | | RsID to generate a 128-bit character string, and the character string is encrypted by using an AES algorithm and using a device key k corresponding to a key index KI specified by the first device as an encryption key, so that a generated temporary transmission key Ktrans satisfies the following formula: ktrans ═ AESk(TrID||TrID||RsID||RsID)。
After generating the temporary transmission key Ktrans, the first device uses the temporary transmission key Ktrans to pair the randomly generated network key KNWKAnd encrypting to generate network key encryption information Kit, wherein the network key encryption information Kit satisfies the following formula: AESKtransKNWK)。
In this example, it is the AES algorithm that is used to match the network key KNWKCarrying out encryption; in other embodiments, other encryption algorithms may be used to encrypt the network key K based on the temporary transport key KtransNWKAnd encrypting to generate the network key encryption information Kit.
After the first device generates the network key encryption information Kit, the first device encrypts a key index KI specified by the first device by using a security key ks, and then carries the network key encryption information Kit and the encrypted key index KI in third interaction information and sends the third interaction information to the second device. Wherein the third mutual information γ satisfies the formula: γ ═ (KI) ks | | | Kit.
In addition, in another embodiment of the present application, after receiving a second interaction message sent by a second device, a first device also sends an indication message to the second device, where the indication message carries a first round of information, the rrid, and a defined time duration; the first round information TrID and the defined time duration are encrypted by using a security key ks, and the indication message satisfies the formula: (TrID identity time) ks.
And when the second device receives the indication message sent by the first device, decrypting the indication message by using the security key ks to obtain the first round of information TrID and the defined time length identification time, and if the first round of information TrID carried in the indication message is consistent with the first round of information TrID carried in the first interactive information, sending prompt information that the network key is interacting to an operator of the second device by the second device, wherein the execution time of the prompt information is the same as the defined time length identification time.
(4) The second device receives the third mutual information gamma sent by the first device. After receiving the third interactive information gamma, generating a temporary transmission key Ktrans according to the first round information carried in the first interactive information alpha and the locally generated second round information, and decrypting the network key encryption information Kit by using the generated temporary transmission key Ktrans to obtain KNWK
Specifically, as shown in fig. 3, an embodiment of the present application further provides a specific method for generating a temporary transmission key Ktrans by a second device according to a first round of information carried in first interaction information α and a second round of information generated locally, in the method, after receiving third interaction information γ, the second device first decrypts a key index KI specified by an encrypted first device by using a secure key ks, obtains the key index KI specified by the first device, and obtains a device secret k corresponding to the key index KI specified by the first device from a key bit mask KBM stored in the second device. The temporary transmission key Ktrans is then generated by:
s301: and connecting the first round information and the second round information carried in the first interactive information to form a character string.
S302: and the device key k corresponding to the key index KI specified by the first device and carried in the third interactive information is used as an encryption key to encrypt the character string by using a preset encryption algorithm, so as to generate a temporary transmission key Ktrans.
Here, the method for the second device to generate the character string using the first round information and the second round information is completely consistent with the method for the first device to generate the character string, and the method for the second device to generate the temporary transmission key Ktrans is also completely consistent with the method for the first device to generate the temporary transmission key Ktrans, which is described with reference to the embodiment corresponding to fig. 2 and is not described herein again.
After the second device generates the temporary transmission key Ktrans, the second device decrypts the network key encryption information Kit by using the temporary transmission key Ktrans to obtain the network key KNWK. The second device obtains the network key KNWKThen, based on the network key KNWKAnd generating fourth interactive information and sending the fourth interactive information to the first equipment.
Here, an embodiment of the present application further provides another specific implementation manner in which the second device sends the fourth interaction information to the first device:
in the above process (1), the first interaction information further carries a first timestamp T encrypted by using the security key ksi1
The second device uses the security key ks to encrypt the first timestamp T in process (2)i1Decrypting to obtain and store Ti1
The second device is in process (4) further configured to use the network key KNWKFor the first time stamp Ti1Encrypting to generate timestamp encryption information; and carrying the time stamp encryption information in fourth interaction information omega, and sending the fourth interaction information omega to the first device.
Wherein the fourth mutual information ω satisfies the following formula: ω ═ Ti1)KNWK
In addition, the fourth interaction information ω may also be generated based on other information interacted by the first device and the second device in the foregoing interaction process, for example, the first round information, the second round information, and the like. For example, using the network key KNWKAnd encrypting the first round of information TrID to generate fourth interactive information and sending the fourth interactive information to the first equipment. After receiving the fourth interactive information, the first device uses the network key KNWKThe fourth interactive information is decrypted to obtain the first round information TrID, and the obtained first round information TrID and the information generated by the first equipmentComparing the first round of information TrID; if the two are consistent, the network key K generated by the second equipment is describedNWKAnd a network key K generated by the first deviceNWKAnd if the two devices are the same, the network key negotiation of the first device and the second device is considered to be successful.
(5) After the first device receives the fourth interaction information omega sent by the second device, the first device uses the network key K generated by the first deviceNWKDecrypting the timestamp encryption information carried in the fourth interactive information omega to obtain a first timestamp Ti1(ii) a Then the first time stamp T is obtainedi1First time stamp T generated in process (1) with the first device itselfi1Carrying out comparison; at the acquired first time stamp Ti1With a first timestamp T generated by the first devicei1And if the two are consistent, the verification is passed. The network key agreement of the first device and the second device is successful.
In addition, in another embodiment of the present application, the following process may be further included:
(6) after the fourth mutual information ω is verified, the first device also sends a verification passing notification to the second device to inform the second device that the network key agreement is successful. After receiving the verification passing notification sent by the first device, the second device uses the successfully negotiated network key K when performing data interaction with the first device in the followingNWKAnd encrypting the interactive information.
In the embodiment of the application, a first round of information and a second round of information are interacted between a first device and a second device in an encrypted mode through multiple handshaking; after the first device obtains the first round of information and the second round of information, the encrypted network key to be negotiated is encrypted and then transmitted to the second device based on the first round of information and the second round of information; the second device can decrypt the encrypted network key based on the first round of information, the second round of information and the device key acquired from the first device in the same way as the first device to acquire the network key, so that the first device and the second device can replace the original network key by negotiating a new network key even if the network key acquired by negotiation is leaked in the using process, thereby being capable of replacing the original network key in time when the network key is stolen and improving the security of wireless network communication.
The embodiment of the present application further provides another network key agreement system, in which the identities of the first device and the second device need to be authenticated during the key agreement process. In particular, the method comprises the following steps of,
the first interaction information also carries first identity authentication information generated based on the first secret seed; the first identity authentication information is obtained by performing hash operation on the first secret seed for m-1 times;
the second device is further used for performing 1-time Hash operation on the first identity authentication information before generating the second interactive information, and detecting whether the first identity authentication information subjected to the 1-time Hash operation is consistent with the pre-acquired identity information of the first device; generating second interaction information after detecting that the first identity authentication information subjected to the Hash operation for 1 time is consistent with the identity information of the first equipment acquired in advance;
the identity information of the first equipment is obtained by carrying out hash operation on the first secret seed for m times by the first equipment;
and the number of the first and second groups,
the second interactive information also carries second identity authentication information and a key bit mask KBM which are generated based on a second secret seed, and the second identity authentication information is obtained by the second equipment through s-1 times of Hash operation on the second secret seed; the key bit mask is an encryption algorithm preset by the second device;
the first device is further configured to perform hash operation on the second identity authentication information for 1 time before generating the third interaction information, and detect whether the second identity authentication information on which the hash operation is performed for 1 time is consistent with the identity information of the second device acquired in advance; generating third interactive information after detecting that the second identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second equipment acquired in advance;
and the identity information of the second equipment is obtained by carrying out hash operation on the second secret seed for s times by the second equipment.
In a specific implementation, before performing network key agreement, the first device and the second device also interact with each other's identity information in a device discovery process, so that the first device obtains the identity information of the second device, and the second device obtains the identity information of the first device.
Specifically, the identity information of the first device is: and the first equipment carries out hash operation for m times according to the first secret seed generated randomly. The identity information of the first device is represented as: (ID, h)m(Si))。
The identity information of the second device is: and the second equipment performs hash operation for s times according to the randomly generated second secret seed to obtain the second secret seed. The identity information of the second device is represented as: (ID, h)s(St))。
After generating the identity information of the first device, the first device broadcasts the identity information to the outside, so that the second device can obtain the identity information of the first device according to the broadcast information of the first device and store the identity information of the first device; and after generating the identity information of the second device, the second device also sends the identity information of the second device to the first device, so that the first device can obtain the identity information of the second device according to the information sent by the second device and store the identity information of the second device.
In addition, the first device and the second device may not interact with each other's identity information through the device discovery process, but may pre-store each other's identity information; when the key interaction is carried out, the stored identity information is directly used.
In the process of network key negotiation:
a: in the process (1), the first device is further configured to generate first identity authentication information, carry the first identity authentication information in the first interaction information α, and then send the first interaction information α carrying the first identity authentication information to the second device.
The first device performs hash operation m-1 times by using the first secret seed when generating the first identity authentication information. The generated first authentication information may be denoted as hm-1(Si)。
After the first identity authentication information is carried in the first interaction information, the first interaction information α satisfies the following formula: α ═ (TrID) ks | | | hm-1(Si)。
B: in the above process (2), after receiving the first interaction information α carrying the first identity authentication information sent by the first device, the second device authenticates the identity of the first device based on the obtained identity information of the first device and the first identity authentication information carried in the first interaction information, and after the authentication is passed, the second interaction information β is generated.
Specifically, the second device performs hash operation on the first identity authentication information carried by the first interaction information α for 1 time, compares the first identity authentication information subjected to the hash operation for 1 time with the identity information of the first device stored in the second device, and if the first identity authentication information and the identity information are consistent, passes the identity authentication of the first device.
After the second device passes the identity authentication of the first device, the second device updates the identity information of the first device by using the first identity authentication information, that is, the original identity authentication information (ID, h)m(Si)), instead: (ID, h)m-1(Si))。
And the second equipment generates second identity authentication information before sending the second interactive information to the first equipment, and carries the second identity authentication information in the second interactive information.
And when the second identity authentication information is generated by the second equipment, the second identity authentication information is obtained by performing hash operation for s-1 times by using the second secret seed. The generated second authentication information may be denoted as hs-1(St)。
After the second identity authentication information is carried in the second interaction information, the second interaction information β satisfies the following formula: β ═ RsID (RsID) ks | | (KBM) ks | | | | hs-1(St)。
C: in the above process (3), after the first device receives the second mutual information β carrying the second identity authentication information, the identity of the second device is authenticated based on the obtained identity information of the second device and the second identity authentication information carried in the second mutual information, and the third mutual information γ is generated only after the authentication is passed.
Specifically, the first device performs hash operation on the second identity authentication information carried by the second interaction information β for 1 time, and compares the second identity authentication information subjected to hash operation for 1 time with the identity information of the second device stored in the first device, and if the two identity authentication information are consistent, it indicates that the identity authentication is passed. And after the identity authentication is passed, executing a step of generating a temporary transmission key Ktrans based on the first round information and the second round information carried in the second interactive information.
After the first device passes the identity authentication of the second device, the first device updates the identity information of the second device by using the second identity authentication information, that is, the original identity authentication information (ID, h)s(St)), instead: (ID, h)s-1(St))。
After the first device passes the authentication of the second device, the first secret seed is subjected to m-2 times of hash operation to generate third identity authentication information, and third interaction information gamma carrying the third identity authentication information is sent to the second device.
Wherein, the third identity authentication information is: h ism-2(Si);
The third mutual information γ at this time satisfies the following formula: γ ═ (KI) ks | | | Kit | | | hm-2(Si)。
D: in the above process (4), after the second device receives the third mutual information γ carrying the third authentication information, it shall be based on the current identity information of the first device and the third authentication information h carried in the third mutual informationm-2(Si), re-authenticating the identity of the first device. And after the authentication is passed, generating fourth interaction information omega.
Specifically, the second device authenticates the third identity authentication information h carried by the third interaction information γm-2And (Si) carrying out 1-time Hash calculation, comparing the third identity authentication information subjected to the 1-time Hash calculation with the identity information of the first equipment updated by using the first identity authentication information, and if the third identity authentication information and the first identity authentication information are consistent, indicating that the identity authentication is passed.
The second device is authenticating the identity of the first deviceAnd after the second identity authentication request is passed, performing hash operation on the second secret seed for s-2 times to generate fourth identity authentication information, carrying the fourth identity authentication information in fourth interaction information omega, and sending the fourth interaction information omega carrying the fourth identity authentication information to the first equipment. Wherein, the generated fourth identity authentication information is: h iss-2(St);
After the fourth identity authentication information is carried in the fourth interaction information ω, the fourth interaction information ω satisfies the following formula: ω ═ Ti1)KNWK||hs-2(St)。
E: in the above process (5), after the first device receives the fourth interaction information γ carrying the fourth authentication information, the first device performs the authentication based on the fourth authentication information carried in the fourth interaction information ω and the identity information of the second device updated by using the second authentication information. After the identity authentication is passed, the network key K is generated randomlyNWKAnd verifying the fourth interactive information.
Specifically, the first device performs hash calculation on the fourth identity authentication information carried by the fourth interaction information ω for 1 time, compares the fourth identity authentication information subjected to hash calculation for 1 time with the identity information of the second device updated by using the second identity authentication information, and if the fourth identity authentication information and the identity information are consistent, it indicates that the identity authentication is passed. After the identity authentication is passed, based on the randomly generated network key KNWKVerifying the fourth mutual information, and considering the network key K of the first equipment and the second equipment after the fourth mutual information passes the verificationNWKThe negotiation is successful.
In the embodiment of the application, the first device and the second device are subjected to handshake for multiple times, not only are the first round of information and the second round of information interacted in an encrypted manner, but also in the process of handshake for multiple times, the identities of the first device and the second device are authenticated by using the hash chain, and after the identities pass, subsequent corresponding operations can be executed, so that an attacker can be prevented from adding the identity of the fake first device or the second device into a network key negotiation process in the process of network key negotiation between the first device and the second device, and stealing a network key negotiated between the first device and the second device, thereby improving the security of wireless network communication.
In the negotiation system, in a multiple handshake process of key negotiation between a first device and a second device, not only the negotiation of a network key is performed and the identities of each other are verified, but also whether a network key negotiation channel is closed and the integrity of data is checked in the multiple handshake process, where:
the first device is further configured to generate first channel information based on the first secret seed and the first timestamp, and carry the first channel information and the first timestamp encrypted by using the secure key in the first interaction information;
after receiving the second interaction information, generating third channel information based on the network key and the third timestamp; carrying the third channel information and a third timestamp encrypted by using the security key in third interaction information;
the second device, further configured to, before generating the fourth interaction information:
generating first channel verification information based on the third identity authentication information by using a first timestamp carried in the first interaction information, and detecting whether the calculated first channel verification information is consistent with the first channel information carried in the first interaction information; after detecting that the first channel verification information is consistent with the first channel information carried in the first interaction information, confirming that the network key negotiation channel is not interrupted;
after confirming that the network key agreement channel is not interrupted, the second device is further configured to: decrypting the encrypted third timestamp carried in the third interactive information by using the security key to obtain a third timestamp; calculating to generate third channel verification information according to the obtained third timestamp and the network key; detecting whether the third channel verification information generated by calculation is consistent with third channel information carried in the third interaction information; and after the two are detected to be consistent, the data in the network key negotiation process is complete, and fourth interactive information is generated.
In the specific implementation:
i: in the above process (1) or process a, before generating the first interaction information α, the first device generates the first channel information MAC based on the first secret seed and the first timestampi1And carrying the first channel information in the first interaction information and sending the first channel information to the second device.
Here, an embodiment of the present application provides a method for generating first channel information MAC based on a first secret seed and a first timestampi1The specific method of (1) comprises:
the first equipment carries out m-2 times of Hash operation on the first secret seed, and carries out m-2 times of Hash operation on the first secret seed and the first time stamp Ti1Splicing, and performing hash operation on the spliced result for 1 time to obtain first channel information MACi1
Here, the first time stamp Ti1Is a time stamp of the current time acquired at the current time of the process of generating the first mutual information.
The first secret seed which is subjected to m-2 times of hash operation and a first time stamp Ti1Splicing is carried out, and the splicing mode can be specifically set according to actual needs.
For example: performing hash operation on the m-2 times of the first secret seed and the first timestamp T by adopting any one of the following modesi1Splicing: a: h ism-2(Si)||Ti1;b:Ti1||hm-2(Si);
Where "|" represents concatenation, where the first secret seed, having been hashed m-2 times, is compared to the first timestamp Ti1When splicing is performed, the positions and the number can be set according to the needs.
Taking the above a as an example, performing hash operation on the concatenation result for 1 time to obtain the first channel information MACi1Satisfies the following formula: MACi1=h(hm-2(Si)||Ti1)。
In addition, in order to realize the subsequent verification of the channel, a first timestamp encrypted by using the security key ks is carried in the first interaction information.
At this time, the first mutual information α satisfies the following formula:
α=(TrID)ks||hm-1(Si)||MACi1||(Ti1)ks。
II: in the above-mentioned process (2) or process B, after the second device receives the first interaction information α, the encrypted first timestamp T carried by the first interaction information α is marked with the security key ksi1Decrypting to obtain and store the first time stamp Ti1
III: in the above process (3) or process C, after receiving the second interaction information, the first device bases on the network key KNWKAnd a third timestamp for generating third channel information MACi2And the third channel information and a third timestamp encrypted by using the security key ks are carried in third interaction information.
The embodiment of the application also provides a method for generating the third channel information MACi2The method specifically comprises the following steps: the first device sends the network key KNWKAnd a third time stamp Ti2Splicing is carried out, and the spliced network key K isNWKAnd a third time stamp Ti2Performing a hash operation to generate a third channel information MACi2
It is noted here that the network key K is usedNWKAnd a third time stamp Ti2Splicing is carried out, and the splicing mode can be specifically set according to actual needs.
For example: any one of the following ways can be adopted for the network key KNWKAnd a third time stamp Ti2Splicing: a: kNWK||Ti2;b:Ti2||KNWK
Wherein "|" represents concatenation, where the network key K is concatenatedNWKAnd a third time stamp Ti2When splicing is carried out, the positions and the number can be set according to the requirements.
Taking the above b as an example, performing hash operation on the spliced result for 1 time to obtain third channel information MACi2Satisfies the following formula: MACi2=h(Ti2||KNWK)。
In addition, for the convenience of the implemented authentication process, a third timestamp encrypted by using the security key ks is also carried in the third interactive information.
The generated third mutual information γ satisfies the following formula:
γ=(KI)ks||Kit||hm-2(Si)||MACi2||(Ti2)ks。
IV: in the above-mentioned process (4) or the above-mentioned process D, after the second device receives the third interaction information sent by the first device and before the fourth interaction information is generated, the second device further bases on the first timestamp T carried in the first interaction informationi1And third identity authentication information h carried in the third interactive informationm-2(Si) generating first channel authentication information NACi1. And generates first channel authentication information NACi1And first channel information MAC carried in the first mutual informationi1Carrying out comparison; and if the two are consistent, the second device verifies that the network key negotiation channel is not interrupted from the process (1) to the process (4).
If the two are not consistent, the second device verifies that the network key negotiation channel is interrupted from the process (1) to the process (4), and the network key negotiation process is terminated.
Under the condition that the network key negotiation channel is not interrupted, the second equipment also can carry a third timestamp T according to the third interaction informationi2And a network key KNWKGenerating third channel verification information NACi2And the third channel verification information NAC is usedi2And third channel information MAC carried in the third interactive informationi2And comparing, and generating fourth interactive information after the data in the network key agreement process is confirmed to be complete under the condition that the two are consistent.
If the two are not consistent, the data of the network key agreement process is determined to be incomplete, and the network key agreement process is terminated.
In addition, in order to realize the subsequent verification, a fourth timestamp encrypted by using the security key ks is also carried in the fourth interactive information.
The generated fourth mutual information ω satisfies the following formula:
ω=(Ti1)KNWK||hs-2(St)||(Tt2)ks。
through the embodiment, the second device can determine that the key negotiation channel is uninterrupted in the key negotiation process, and the data interacted in the key negotiation process is complete, and only on the premise that the network key negotiation channel is uninterrupted and the data interacted in the key negotiation process is complete, the subsequent network key negotiation process can be executed.
In addition, in another embodiment of the present application, the first device may also verify whether the network key agreement channel is interrupted during the network key agreement process.
Specifically, the second device is further configured to generate second channel information based on the second secret seed, the second timestamp, and the first channel verification information before sending the second interaction information to the first device, and carry the second channel information and the second timestamp encrypted with the security key in the second interaction information;
the first device is further configured to calculate and generate second channel verification information based on fourth identity authentication information carried in the fourth interaction information, a second timestamp carried in the second interaction information, and first channel information generated by the first device after the fourth interaction information is received; detecting whether the second channel verification information generated by calculation is consistent with second channel information carried in second interaction information; and after detecting that the second channel verification information generated by calculation is consistent with the second channel information carried in the second interaction information, verifying the fourth interaction information.
In the concrete implementation:
the method comprises the following steps: in the above process (1), process a or process i, when the first device sends the first mutual information to the second device, the first device sends the first channel information MACi1And the first interactive information is carried in the first interactive information and is sent to the second equipment.
Secondly, the step of: in the above-mentioned process (2), process B or process ii, the second device is receiving the first deviceAfter the first mutual information is sent, the second mutual information is based on the second secret seed, the second time stamp and the first channel information MACi1Generating second channel information MACt1
The embodiment of the application also provides a method for generating the second channel information MACt1The specific method comprises the following steps:
the second equipment performs hash operation on the second secret seed for s-2 times, performs hash operation on the second secret seed for s-2 times and a second timestamp Tt1And first channel information MAC carried in the first mutual information alphai1Splicing, and performing hash operation on the spliced result for 1 time to generate second channel information MACt1
It should be noted here that the second secret seed and the second timestamp T are subjected to the hash operation s-2 timest1And a first channel information MACi1Splicing is carried out, and the splicing mode can be specifically set according to actual needs.
For example, the splicing can be performed in any one of the following manners:
a:hs-2(St)||Tt1||MACi1;b:Tt1||hs-2(St)||MACi1;c:MACi1||Tt1||hs-2(St) … …, etc., wherein "iil" represents a splice; here: at the second secret seed and the second time stamp T which are subjected to the hash operation for s-2 timest1And a first channel information MACi1When splicing is carried out, the positions and the number can be set according to the requirements.
Taking the above a as an example, performing hash operation on the concatenation result for 1 time to obtain the second channel information MACt1Satisfies the following formula: MACt1=h(hs-2(St)||Tt1||MACi1)。
At this time, the second mutual information β satisfies the following formula:
β=(RsID)ks||(KBM)ks||hs-1(St)||(Tt1)ks||MACt1
③: in the above process (3), process C or process iii, the first device receives the second mutual information βEncrypted second timestamp T carried by second interaction information beta using secure key kst1Decrypting to obtain and store the decrypted second time stamp Tt1. And MAC the second channel information carried in the second interactive informationt1And (5) storing.
Fourthly, the method comprises the following steps: in the above-mentioned process (4), process D or process iv, the second device may generate the fourth authentication information hs-2(St) is carried in the fourth mutual information, and the fourth mutual information is sent to the first device.
Fifthly: in the above-mentioned process (5) or process E, after receiving the fourth interaction information, the first device further authenticates the identity based on the fourth identity authentication information h carried in the fourth interaction informations-2(St) second time stamp T obtained in the third paragrapht1And the first channel information MAC generated by the current first devicei1Generating a second channel authentication information NACt1. Here the second channel authentication information NACt1Generating process of and second channel information MACi1The generation process is consistent, and will not be described herein again.
The first device also sends the second channel verification information NACt1And the second channel information MAC obtained in the third stept1And (6) carrying out comparison. And if the two are consistent, confirming that the network key negotiation channel is normal, and then verifying the fourth interactive information. If the two are not consistent, the network key negotiation process is interrupted.
In the embodiment of the application, in the multi-handshake process, the continuity of the channel is verified through the first channel information and the second channel verification information, and the integrity of data in the network key negotiation process is verified. Whether the network key negotiation channel is closed or not is checked, so that the information data are in interaction between the first equipment and the second equipment in the network key negotiation process and are not interrupted, and the data integrity is verified, so that no error interaction information occurs in the data in the interaction process, and the network key negotiation is further completed.
In another embodiment of the present application, in the network key agreement process, the aging of the exchanged data is also verified in each handshake process, so as to ensure the continuity and security of the verification.
In this embodiment: the first interactive information also carries a first time stamp encrypted by using the security key;
the second device is further configured to decrypt the encrypted first timestamp by using the security key, acquire the first timestamp, and detect whether a time difference between the first timestamp and the current time is smaller than a preset time difference threshold; generating second interaction information after detecting that the time difference between the first timestamp and the current time is smaller than a preset time difference threshold value;
and the number of the first and second groups,
the third interactive information also carries a third timestamp encrypted by using the security key;
a second device for further encrypting a third time stamp T using the security keyi2Decrypting to obtain a third timestamp, and detecting whether the time difference between the third timestamp and the current time is smaller than a preset time difference threshold value; generating fourth interaction information after detecting whether the time difference between the third timestamp and the current time is smaller than a preset time difference threshold value;
and the number of the first and second groups,
the second interactive information also carries a second time stamp encrypted by using the security key;
the first device is also used for encrypting a second time stamp T by using the security keyt1Decrypting to obtain a second time stamp, and detecting whether the time difference between the second time stamp and the current time is smaller than a preset time difference threshold value; generating a temporary transmission key after detecting whether the time difference between the second timestamp and the current time is smaller than a preset time difference threshold value;
the fourth interactive information also carries a fourth time stamp encrypted by using the security key;
the first device is further configured to decrypt the encrypted fourth timestamp by using the security key, acquire the fourth timestamp, and detect whether a time difference between the fourth timestamp and the current time is smaller than a preset time difference threshold; and after detecting whether the time difference between the fourth timestamp and the current time is smaller than a preset time difference threshold value, verifying the fourth interactive information.
In the specific implementation:
in the above-mentioned process (1), process a, process i, or process r, the first device further uses the security key to generate the first interaction information, and uses the first timestamp Ti1And after encryption, the first interactive information is carried in the first interactive information and is sent to the second equipment.
Secondly, in the above process (2), process B, process II, or process ±, the second device receives the timestamp T carried by the timestamp Ti1After the first mutual information alpha is obtained, the encrypted first time stamp T carried by the first mutual information alpha is processed by using the security key ksi1Decrypting to obtain the decrypted first time stamp Ti1Detecting the first time stamp Ti1Whether the time difference with the current time is less than a preset time difference threshold value. If the first time stamp T is detectedi1If the time difference between the current time and the current time is smaller than the preset time difference threshold value, the second device receives the first interactive information alpha effectively, and then executes a subsequent identity authentication process or a subsequent second interactive information generation process. If the first time stamp T is detectedi1If the time difference between the current time and the current time is greater than the preset time difference threshold, the second device receives the first interaction information alpha and is invalid, and the negotiation process of the current network key is ended.
The second device also uses the security key ks to generate a second interaction information with a second timestamp Tt1And encrypting to generate an encrypted second timestamp, and carrying the encrypted second timestamp in the second interaction information beta.
Thirdly, in the above process (3), process C, process III, or process III, the first device receives the second timestamp T carrying the encryptiont1After the second interaction information beta, the encrypted second time stamp T is encrypted using the security key kst1Obtaining the decrypted second time stamp Tt1Detecting the second time stamp Tt1Whether the time difference between the current time and the current time is smaller than a preset time difference threshold value or not; if the second time is detectedTimestamp Tt1And after the time difference between the current time and the current time is smaller than a preset time difference threshold value, generating a temporary transmission key, and executing a subsequent process of generating third interactive information. If the second time stamp T is detectedt1And if the time difference between the current time and the current time is greater than the preset time difference threshold value, ending the negotiation process of the current network key.
The first device may also use the security key ks to timestamp the third interaction information with the third timestamp Ti2And encrypting to generate an encrypted third timestamp, and carrying the encrypted third timestamp in the third interaction information gamma.
Fourthly, in the above process (4), process D, process iv, or process iv, the second device receives the third timestamp T carrying the encryptioni2After the third interaction information y, the encrypted third timestamp T is encrypted using the security key ksi2Obtaining a decrypted third timestamp Ti2Detecting the third time stamp Ti2Whether the time difference between the current time and the current time is smaller than a preset time difference threshold value or not; if the third timestamp T is detectedi2And generating fourth interactive information when the time difference between the current time and the current time is smaller than a preset time difference threshold value. If the third timestamp T is detectedi2And if the time difference between the current time and the current time is greater than the preset time difference threshold value, ending the negotiation process of the current network key.
The second device may also use the security key ks to generate a fourth interaction information with a fourth timestamp Tt2And encrypting to generate an encrypted fourth timestamp, and carrying the encrypted fourth timestamp in the fourth interaction information omega.
Fifthly, in the above process (5), process E or process (v), the first device receives the fourth timestamp T carrying the encryptiont2After the fourth interaction information omega, the encrypted fourth timestamp T is signed with the security key kst2Obtaining the decrypted fourth timestamp Tt2Detecting the fourth time stamp Tt2Whether the time difference between the current time and the current time is smaller than a preset time difference threshold value or not; if the fourth timestamp T is detectedt2The time difference between the current time and the current time is less thanAnd after a preset time difference threshold value, performing fourth interactive information verification. If the fourth timestamp T is detectedt2And if the time difference between the current time and the current time is greater than the preset time difference threshold value, ending the negotiation process of the current network key.
According to the embodiment of the application, in the process of network key agreement, the timestamp is encrypted by using the security key and then sent out. The detection of the time stamp avoids the situation that the information interaction is overtime, and an attacker intercepts a piece of information sent after the interaction information in the time, thereby further ensuring the security of wireless network communication.
Based on the same inventive concept, the embodiment of the present application further provides a network key agreement method corresponding to the network key agreement system, and since the principle of solving the problem of the method in the embodiment of the present application is similar to that of the network key agreement system in the embodiment of the present application, the implementation of the method can refer to the implementation of the system, and repeated details are not described again.
Referring to fig. 4, a network key agreement method provided in the embodiment of the present application is used for a first device performing network key agreement, and the method includes:
s401: generating first interaction information and sending the first interaction information to second equipment; the first interaction information carries: a first round of information encrypted using a secure key;
s402: receiving second interactive information sent by second equipment after receiving the first interactive information; the second interaction information carries: second round information encrypted using a secure key;
s403: generating a temporary transmission key based on the first round information and the second round information carried in the second interactive information;
s404: encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information;
s405: carrying the network key encryption information in the third interactive information, and sending the third interactive information to the second equipment;
s406: receiving fourth interactive information sent by the second equipment based on the third interactive information; fourth interaction information is generated based on the network key;
s407: and verifying the fourth interactive information based on the network key, and if the fourth interactive information passes the verification, completing the negotiation of the network key with the second equipment.
In the embodiment of the application, the first device firstly sends the first round information to the second device in an encrypted manner. After the first device obtains the first round of information and the second round of information, the encrypted network key to be negotiated is encrypted and then transmitted to the second device based on the first round of information and the second round of information; the first device and the second device can also replace the original network key by negotiating a new network key, so that the network key can be replaced in time when being stolen, and the security of wireless network communication is improved.
Optionally, in another embodiment of the present application, the second interaction information further carries a key bitmask encrypted with a secure key; the key bit mask comprises at least three key indexes; each key index corresponds to a device key;
decrypting the key bit mask by using the security key, and designating a key index from the obtained decrypted key bit mask;
the network key negotiation method further comprises the following steps:
generating a temporary transmission key based on the first round information and the second round information carried in the second interactive information, specifically comprising:
connecting the first round of information and the second round of information carried in the second interactive information to form a character string;
and encrypting the character string by using a preset encryption algorithm and taking the device key corresponding to the key index specified by the first device as an encryption key to generate a temporary transmission key.
The network key negotiation method further comprises the following steps:
encrypting the key index appointed by the first equipment by using the security key, and carrying the encrypted key index in the third interactive information;
optionally, in another embodiment of the present application, the first device is specifically configured to verify the fourth interaction information based on a randomly generated network key by:
decrypting the timestamp encryption information by using a network key generated by the first device to obtain a first timestamp;
comparing a first time stamp obtained by decrypting the time stamp encryption information with a first time stamp generated by the first device;
and when the first time stamp obtained by decrypting the time stamp encryption information is consistent with the first time stamp generated by the first equipment, the verification is passed.
Optionally, in another embodiment of the present application, the second interaction information further carries second identity authentication information generated based on a second secret seed, and the second identity authentication information is obtained by performing hash operation on the second secret seed for s-1 times by the second device;
the network key negotiation method further comprises the following steps:
before generating the third interactive information, performing hash operation on the second identity authentication information for 1 time;
detecting whether the second identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second equipment acquired in advance;
generating third interactive information after detecting that the second identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second equipment acquired in advance;
and the identity information of the second equipment is obtained by carrying out hash operation on the second secret seed for s times by the second equipment.
Optionally, in another embodiment of the present application, the network key agreement method further includes:
after detecting that the second identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second equipment acquired in advance, updating the identity information of the second equipment by using the second identity authentication information;
the fourth interactive information also carries fourth identity authentication information generated based on the second secret seed; the fourth identity authentication information is obtained by performing hash operation on the second secret seed for s-2 times;
before verifying the fourth interaction information, the network key agreement method further includes:
performing hash operation on the fourth identity authentication information for 1 time;
detecting whether the fourth identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second equipment obtained by updating the second identity authentication information;
and after detecting that the fourth identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second equipment obtained by updating the second identity authentication information, verifying the fourth interactive information.
Optionally, in another embodiment of the present application, the network key agreement method further includes:
generating first channel information based on the first secret seed and the first timestamp, and carrying the first channel information and the first timestamp encrypted by using the security key in the first interaction information;
after receiving the second interaction information, generating third channel information based on the network key and the third timestamp;
and carrying the third channel information and a third timestamp encrypted by using the security key in the third interaction information.
Optionally, in another embodiment of the present application, the generating the first channel verification information based on the first secret seed and the first timestamp specifically includes:
performing hash operation on the first secret seed for m-2 times;
and after splicing the first secret seed subjected to the m-2 times of hash operation with the first timestamp, performing the hash operation for 1 time to generate first channel verification information.
Generating third channel verification information based on the network key and the third timestamp, specifically including:
and after the third timestamp and the network key are spliced, performing hash operation for 1 time to generate third channel verification information.
Optionally, in another embodiment of the present application, the network key agreement method further includes:
after receiving the fourth interactive information, calculating and generating second channel verification information based on fourth identity authentication information carried in the fourth interactive information, a second timestamp carried in the second interactive information and first channel information generated by the first equipment;
detecting whether the second channel verification information generated by calculation is consistent with second channel verification information carried in second interaction information;
and after detecting that the second channel verification information generated by calculation is consistent with the second channel verification information carried in the second interaction information, verifying the fourth interaction information.
Optionally, in another embodiment of the present application, the second interaction information further carries a second timestamp encrypted by using the secure key;
the network key negotiation method further comprises the following steps:
decrypting the encrypted second timestamp by using the security key to obtain a second timestamp;
detecting whether the time difference between the second timestamp and the current time is smaller than a preset time difference threshold value or not;
generating a temporary transmission key after detecting whether the time difference between the second timestamp and the current time is smaller than a preset time difference threshold value;
the fourth interactive information also carries a fourth time stamp encrypted by using the security key;
the network key negotiation method further comprises the following steps:
decrypting the encrypted fourth timestamp by using the security key to obtain a fourth timestamp;
detecting whether the time difference between the fourth timestamp and the current time is smaller than a preset time difference threshold value or not;
and after detecting whether the time difference between the fourth timestamp and the current time is smaller than a preset time difference threshold value, verifying the fourth interactive information.
Referring to fig. 5, a network key agreement method provided in the embodiment of the present application is used for a second device performing network key agreement, and the method includes:
s501: receiving first interactive information sent by first equipment, and generating second interactive information after receiving the first interactive information;
s502: sending the second interaction information to the first equipment; the second interaction information carries: second round information encrypted using a secure key;
s503: receiving third interactive information sent by the first equipment according to the second interactive information;
s504: generating a temporary transmission key based on the first round information and the second round information carried in the first interactive information, and decrypting the network key encryption information based on the temporary transmission key to obtain a network key;
s505: and generating fourth interaction information based on the network key, and sending the fourth interaction information to the first equipment.
In the embodiment of the application, the second device sends the second round information to the first device in an encrypted manner. The second device can decrypt the encrypted network key based on the first round of information, the second round of information and the device key acquired from the first device in the same way as the first device to acquire the network key, so that the first device and the second device can replace the original network key by negotiating a new network key even if the network key acquired by negotiation is leaked in the using process, thereby being capable of replacing the original network key in time when the network key is stolen and improving the security of wireless network communication.
Optionally, in another embodiment of the present application, the second device stores a key bit mask in advance; the key bit mask comprises at least three key indexes; each key index corresponds to a device key;
the second interactive information also carries a key bit mask encrypted by using a security key;
the network key negotiation method further comprises the following steps:
after the third interactive information is received, decrypting the key index appointed by the encrypted first equipment carried in the third interactive information by using the security key to obtain the key index appointed by the first equipment; and generating a temporary transport key by:
connecting the first round of information and the second round of information carried in the first interactive information to form a character string;
and the device key corresponding to the key index specified by the first device and carried in the third interactive information is used as an encryption key to encrypt the character string by using a preset encryption algorithm, so as to generate a temporary transmission key.
Optionally, in another embodiment of the present application, the first interaction information further carries a first timestamp encrypted by using a security key;
generating and sending fourth interaction information to the first device based on the network key, specifically including:
encrypting the first timestamp by using a network key to generate timestamp encryption information;
and carrying the time stamp encryption information in fourth interaction information, and sending the fourth interaction information to the first equipment.
Optionally, in another embodiment of the present application, the first interaction information further carries first identity authentication information generated based on the first secret seed; the first identity authentication information is obtained by the first equipment performing hash operation on the first secret seed for m-1 times;
the network key negotiation method further comprises the following steps:
performing hash operation on the first identity authentication information for 1 time before generating the second interactive information;
detecting whether the first identity authentication information subjected to the Hash operation for 1 time is consistent with the identity information of the first equipment acquired in advance;
generating second interaction information after detecting that the first identity authentication information subjected to the Hash operation for 1 time is consistent with the identity information of the first equipment acquired in advance;
the identity information of the first device is obtained by performing hash operation on the first secret seed m times by the first device.
Optionally, in another embodiment of the present application, the network key agreement method further includes:
after detecting that the first identity authentication information subjected to the hash operation for 1 time is consistent with the pre-acquired identity information of the first equipment, updating the identity information of the first equipment by using the first identity authentication information;
the third interactive information also carries third identity authentication information generated based on the first secret seed; and the third identity authentication information is obtained by performing m-2 times of Hash operation on the first secret seed.
The method further comprises the following steps: performing hash operation on the third identity authentication information for 1 time before generating the fourth interactive information;
detecting whether the third identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the first equipment obtained by updating the first identity authentication information;
and generating fourth interactive information after detecting that the first identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the first equipment obtained by updating the first identity authentication information.
Optionally, in another embodiment of the present application, before generating the fourth interaction information, the network key agreement method further includes:
generating first channel verification information based on the third identity authentication information by using a first timestamp carried in the first interaction information;
detecting whether the calculated first channel verification information and the first channel information carried in the first interaction information are consistent or not;
after detecting that the first channel verification information is consistent with the first channel information carried in the first interaction information, confirming that the network key negotiation channel is not interrupted;
after confirming that the network key agreement channel is not interrupted, the network key agreement method further comprises the following steps:
decrypting the encrypted third timestamp carried in the third interactive information by using the security key to obtain a third timestamp;
calculating to generate third channel verification information according to the obtained third timestamp and the network key;
detecting whether the third channel verification information generated by calculation is consistent with third channel information carried in the third interaction information;
and after the two are detected to be consistent, the data in the network key negotiation process is complete, and fourth interactive information is generated.
Optionally, in another embodiment of the present application, before sending the second interaction information to the first device, the network key agreement method further includes:
generating second channel information based on the second secret seed, the second timestamp and the first channel information;
and carrying the second channel information and a second time stamp encrypted by using the security key in the second interaction information.
Optionally, in another embodiment of the present application, generating the second channel information based on the second secret seed, the second timestamp, and the first channel information specifically includes:
performing hash operation on the second secret seed for s-2 times;
and after splicing the second secret seed subjected to the hash operation for s-2 times, the second timestamp and the first channel information, performing the hash operation for 1 time to generate second channel information.
Optionally, in another embodiment of the present application, the first interaction information further carries a first timestamp encrypted by using a security key;
the network key negotiation method further comprises the following steps:
first time stamp T encrypted using a secure key pairi1Decrypting to obtain a first time stamp;
detecting whether the time difference between the first timestamp and the current time is smaller than a preset time difference threshold value or not;
generating second interaction information after detecting that the time difference between the first timestamp and the current time is smaller than a preset time difference threshold value;
the third interactive information also carries a third timestamp encrypted by using the security key;
the network key negotiation method further comprises the following steps:
decrypting the encrypted third timestamp by using the security key to obtain a third timestamp;
detecting whether the time difference between the third timestamp and the current time is smaller than a preset time difference threshold value or not;
and generating fourth interactive information after detecting whether the time difference between the third timestamp and the current time is smaller than a preset time difference threshold value.
The present application further provides a specific example of a network key agreement system: see fig. 6 a-6 f and fig. 7.
Device discovery procedure, as shown in fig. 6a and 7:
s601: the first equipment carries out hash operation for m times by utilizing the first secret seed to obtain the identity information (ID, h) of the first equipmentm(Si)). S603 is performed.
S602; the second equipment performs hash operation s times by using the second secret seed to obtain the identity information (ID, h) of the second equipments(St)). S604 is performed.
S603: the first device broadcasts its identity information (ID, h) to the outside worldm(Si))。
S604: the second device sends its identity information (ID, h) to the first devices(St))。
S605: the second device obtains the first device identity information (ID, h) according to the information broadcast by the first devicem(Si))。
S606: the first equipment obtains the second equipment identity information (ID, h) according to the information sent by the second equipments(St))。
The first process of key agreement, see fig. 6b and fig. 7:
s607: the first equipment performs m-2 times of Hash operation by using the first secret seed, splices the operation result with the first timestamp, performs 1 time of Hash operation on the spliced result, and generates first channel information MACi1(ii) a Jumping to S611.
Wherein, MACi1Satisfies the following conditions: MACi1=h(hm-2(Si)||Ti1)
S608: the first equipment performs hash operation for m-1 times by using the first secret seed to generate first identity authentication information h of the first equipmentm-1(Si). Jumping to S611.
S609: the first equipment encrypts the first round information TrID by using a preset security key ks to obtain encrypted first round information: (TrID) ks. Jumping to S611.
S610: the first device uses the secure key ks to match the current first timestamp Ti1Encrypting to obtain an encrypted first time stamp (T)i1) ks. Jumping to S611.
S611: the encrypted first time stamp (TrID) ks and first channel verification information MACi1First identity authentication information hk-1(Si) and an encrypted first timestamp (T)i1) ks are spliced to generate first interaction information alpha;
wherein the first mutual information α satisfies: α ═ (TrID) ks | | | hm-1(Si)||MACi1||(Ti1)ks。
Here, S611 is executed only after S607-S610 are all executed, and the above steps S607 to S610 have no execution sequence.
S612: and sending the first interactive information alpha to the second equipment.
The second process of key agreement, see fig. 6c and fig. 7:
s614: the second device receives the first interaction information alpha sent by the first device.
S615: decrypting the encrypted first timestamp (T) in the first interaction information alpha using the secure key ksi1) ks, obtaining the decrypted first timestamp Ti1
S616: detecting a first timestamp Ti1Whether the difference with the current time is smaller than a preset time difference threshold value or not; if not, the process goes to S617, and if so, the process goes to S618.
S617: and ending the current network key negotiation process.
S618: the first identity authentication information h carried in the first mutual information alpha is identifiedm-1(Si) performing a hash operation to obtain hm(Si);
S619: h obtained by detection operationm(Si) whether identity information of the first device stored in the device discovery process is consistent; if not, jumping to S617; if yes, jumping to S620 and S621, S622, S623, S624, S625。
S620: the second device updates the identity information of the first device to (ID, h)m-1(Si)). Jump to S626.
S621: the second equipment performs hash operation on the second secret seed for s-2 times, performs hash operation on the second secret seed for s-2 times and a second timestamp Tt1And first channel information MAC in the first mutual information alphai1Splicing, and performing hash operation on the spliced result for 1 time to generate second channel information MACt1
Wherein, MACt1Satisfies the following conditions: MACt1=h(hs-2(St)||Tt1||MACi1)。
Jump to S626.
S622: the second equipment performs hash operation s-1 times by using the second secret seed to generate second identity authentication information h of the second equipments-1(St). Jump to S626.
S623: the second device encrypts the second round information RsID by using a preset security key ks to obtain encrypted second round information: (RsID) ks. Jump to S626.
S624: the second device encrypts a preset key bit mask KBM in the second device by using a preset security key ks to obtain an encrypted key bit mask: (KBM) ks. Jump to S626.
S625: the second device uses the preset security key ks to timestamp the second time Tt1Encrypting to obtain encrypted second time stamp (T)t1) ks. Jump to S626.
S626: encrypting the second round information to obtain (RsID) ks, and verifying the information MAC with the second channelt1Second identity authentication information hs-1(St), an encrypted Key Bit Mask (KBM) ks and a second timestamp T encrypted using a secure key kst1And splicing the information, generating second mutual information beta and sending the second mutual information beta to the first equipment.
Wherein the second mutual information β satisfies:
β=(RsID)ks||(KBM)ks||hs-1(St)||(Tt1)ks||MACt1
here, S626 is executed only after all of steps S620-S625 are executed, and there is no execution sequence from step S620 to step S625.
The third process of key agreement, see fig. 6d and fig. 7:
s627: and the first equipment receives second interaction information sent by the second equipment.
S628: the first device decrypts the encrypted second timestamp (T) carried in the second mutual information beta using the secure key kst1) ks, obtaining a second timestamp Tt1
S629: the first device will detect the second timestamp Tt1Whether the difference with the current time is smaller than a preset time difference threshold value or not; if not, jumping to S630; if yes, go to S631.
S630: the network key agreement procedure is ended.
S631: the first equipment carries out Hash operation on the second identity authentication information in the second interaction information beta for 1 time to obtain hs(St). Jump to S632.
S632: h obtained by detection operations(St) whether identity information of the second device is consistent. If not, jumping to S630; if yes, go to S633, S638, S639, and S641.
S633: the first device updates the identity information of the second device to (ID, h)s-1(St))。
S634: the first device decrypts the second timestamp T in the second mutual information beta using the secure key kst1And second round information RsID, and stores the second round information RsID.
S635: the first device decrypts an encrypted Key Bit Mask (KBM) ks in the second interaction information β using the security key ks to obtain a key bit mask KBM, and specifies a key index KI from the key bit mask KBM. Jumping to S636 and S640.
S636: and splicing the second round information RsID and the first round information TrID into a 128-bit character string, and encrypting the character string by using an AES algorithm based on the equipment key k as an encryption key to generate a temporary transmission key Ktrans.
Wherein temporarilyThe transmission key Ktrans satisfies: ktrans ═ AESk(TrID||TrID||RsID||RsID)。
Jump to S637.
S637: the first device uses the temporary transmission key Ktrans to pair a randomly generated network key KNWKAnd encrypting to generate the network key encryption information Kit.
Wherein, the network key encryption information Kit satisfies: AESKtrans(KNWK)。
Jump to S642.
S638: network key KNWKAnd a third time stamp Ti2Spliced to generate third channel information MACi2
Wherein the third channel information MACi2Satisfies the following conditions: MACi2=h(Ti2||KNWK)
Jump to S642.
S639: performing hash operation for m-2 times by using the first secret seed to generate third identity authentication information h of the first equipmentm-2(Si). Jump to S642.
S640: the key index KI is encrypted using the secure key ks. Jump to S642.
S641: third timestamp T using secure key ksi2Encrypting to obtain an encrypted third time stamp (T)i2) ks. Jump to S642.
S642: the network key encryption information Kit and the third channel information MACi2A third timestamp T encrypted using the secure key ksi2And splicing the key index KI encrypted by using the security key ks and the third identity authentication information to obtain third interaction information gamma.
The third mutual information γ satisfies: γ ═ (KI) ks | | | Kit | | | hm-2(Si)||MACi2||(Ti2)ks。
Here, S642 is executed only after S637-S641 is executed, and the above steps S637-S641 are not executed in sequence.
The fourth process of key agreement, as shown in fig. 6e and fig. 7:
s643: and the second equipment receives the third interactive information sent by the first equipment.
S644: the second device decrypts the encrypted third timestamp (T) in the third mutual information gamma using the secure key ksi2) ks, obtaining a decrypted third timestamp Ti2
S645: detecting a third timestamp Ti2Whether the difference with the current time is smaller than a preset time difference threshold value or not; if not, go to S646, and if so, go to S647.
S646: and ending the current network key negotiation process.
S647: based on a first time stamp T carried in the first interaction informationi1And third identity authentication information h carried in the third interactive informationm-2(Si) generating first channel authentication information NACi1
S648: detecting first channel authentication information NACi1And first channel information MAC carried in the first mutual informationi1Whether it is consistent: if not, jumping to S646; if yes, go to S649.
S649: based on a third timestamp T carried in the third interactive informationi2And a network key KNWKGenerating third channel verification information NACi2
S650: detecting third channel authentication information NACi2And third channel information MAC carried in the third interactive informationi2Whether the two are consistent; if not, jumping to S646; if yes, go to S651.
S651: for the third identity authentication information h carried in the third mutual information gammam-2(Si) performing hash operation for 1 time to obtain hm-1(Si)。
S652: h obtained by detection operationm-1(Si) whether identity information of the first device updated in the key agreement process is consistent; if not, jumping to S646; if so, go to S653, S654, S655, and S656.
S653: performing hash operation s-2 times by using the second secret seed to generate fourth identity authentication information hs-2(St). Jump to S655.
S654: using a network key KNWKFor the first time stamp Ti1Encrypting to generate time stamp encrypted information (T)i1)KNWK. Jump to S655.
S655: pairing the fourth timestamp T with the secure key kst2Encrypting to obtain an encrypted fourth time stamp (T)t2) ks. Jump to S656.
S656: authenticating the fourth identity authentication information hs-2(St), time stamp encryption information (T)i1)KNWKWith the encrypted fourth time stamp (T)t2) ks are spliced to obtain fourth interaction information omega.
Wherein the fourth mutual information ω satisfies: ω ═ Ti1)KNWK||hs-2(St)||(Tt2)ks。
Here, S656 is executed only after S653-S655 are all executed, and the above steps S653-S655 have no execution sequence.
In another embodiment, S650 may be performed first, and when the detection result of S650 is yes, S648 is performed. In addition, S650 and S648 may also be executed out of order.
The fifth process of key agreement, as shown in fig. 6f and fig. 7:
s657: and the first equipment receives fourth interactive information sent by the second equipment.
S658: the first device decrypts the encrypted fourth timestamp (T) in the fourth interaction information omega using the secure key kst2) ks, obtaining a decrypted fourth timestamp Tt2
S659: detecting a fourth timestamp Tt2Whether the difference with the current time is smaller than a preset time difference threshold value or not; if not, the process goes to S662, and if so, the process goes to S660.
S660: the first device uses the network key K generated by the local terminalNWKDecrypting timestamp encrypted information (T)i1)KNWKObtaining a first time stamp Ti1
S661: the first device will detect S660 the resulting first timestamp Ti1First time stamp T generated by first process of key agreementi1Whether the two are consistent; if not, jumpingGo to S662; if yes, go to S663.
S662: the network key agreement procedure is ended.
S663: the first device will authenticate information h based on the fourth identitys-2(St), second time stamp T obtained by third process of key agreementt1And the first channel information MAC generated by the current first devicei1Generating a second channel authentication information NACt1
S664: detecting second channel authentication information NACt1Whether the second channel verification information obtained in the third process of key agreement is consistent or not; if not, the process goes to S662. If yes, go to S665.
S665: and feeding back key negotiation success information to the second equipment.
S666: the network key agreement is ended.
Corresponding to the network key agreement method in fig. 4, an embodiment of the present application further provides a computer device 800, as shown in fig. 8, the device includes a memory 81, a processor 82, and a computer program stored in the memory 81 and executable on the processor 82, wherein the processor 82 implements the steps of the network key agreement method when executing the computer program.
Specifically, the memory 81 and the processor 82 can be a general memory 81 and a general processor 82, which are not specifically limited herein, and when the processor 82 runs a computer program stored in the memory 81, the network key agreement method can be executed, and a hash chain mechanism is used to perform transmission of a network key and authentication of identity information.
Corresponding to the network key agreement method in fig. 4, an embodiment of the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the network key agreement method.
Specifically, the storage medium can be a general storage medium, such as a mobile disk, a hard disk, and the like, and when a computer program on the storage medium is executed, the network key agreement method can be executed, a hash chain mechanism is adopted to perform transmission of a network key and authentication of identity information, and compared with a data transmission mode in which encryption is not performed and a data transmission mode in which encryption is less performed in the prior art, encryption transmission of the key can be realized, and security of wireless network communication is improved.
The computer program product of the network key interaction system and the network key interaction device provided in the embodiments of the present application includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A network key agreement system, comprising: a first device and a second device that perform data communication;
the first device is used for generating first interaction information and sending the first interaction information to the second device; the first interaction information carries: a first round of information encrypted using a secure key; receiving second interactive information sent by the second equipment after receiving the first interactive information; generating a temporary transmission key based on the first round information and second round information carried in the second interactive information; encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information; carrying the network key encryption information in third interaction information, and sending the third interaction information to the second device; receiving fourth interactive information sent by the second equipment based on the third interactive information, verifying the fourth interactive information based on the randomly generated network key, and finishing the negotiation of the network key with the second equipment if the verification is passed;
the second device is configured to generate second interaction information after receiving the first interaction information, and send the second interaction information to the first device; the second interaction information carries: second round information encrypted using the secure key; receiving third interactive information sent by the first equipment according to the second interactive information; generating a temporary transmission key based on first round information and second round information carried in the first interactive information, and decrypting network key encryption information based on the temporary transmission key to obtain the network key; generating the fourth interaction information based on the network key, and sending the fourth interaction information to the first device;
the second device stores a key bit mask in advance; the key bit mask comprises at least three key indexes; each key index corresponds to a device key;
the second interaction information also carries a key bit mask encrypted by using the security key;
the first device is further configured to decrypt the key bit mask by using a secure key after receiving the second interaction information, and specify a key index from the obtained decrypted key bit mask; and generating a temporary transport key by:
connecting the first round of information with the second round of information carried in the second interactive information to form a character string;
encrypting the character string by using a preset encryption algorithm and using an equipment key corresponding to a key index specified by the first equipment as an encryption key to generate the temporary transmission key;
encrypting the key index appointed by the first device by using the security key, and carrying the encrypted key index in the third interactive information;
the second device is further configured to decrypt, after receiving the third interaction information, the key index specified by the encrypted first device using the secure key to obtain the key index specified by the first device; and generating the temporary transport key by:
connecting the first round of information carried in the first interactive information with the second round of information to form a character string;
and the temporary transmission key generation unit is configured to encrypt the character string by using the preset encryption algorithm and using an equipment key corresponding to the key index specified by the first equipment and carried in the third interactive information as an encryption key, so as to generate the temporary transmission key.
2. The system according to claim 1, wherein the first interaction information further carries a first timestamp encrypted with the secure key;
the second device is specifically configured to generate and send fourth interaction information to the first device based on the network key through the following steps;
encrypting the first timestamp by using the network key to generate timestamp encryption information;
carrying the time stamp encryption information in the fourth interaction information, and sending the fourth interaction information to the first device;
the first device is specifically configured to verify the fourth interaction information based on the randomly generated network key by:
decrypting the timestamp encryption information by using a network key generated by the first device to obtain the first timestamp;
comparing the first timestamp obtained by decrypting the timestamp encryption information with a first timestamp generated by the first device;
and when the first timestamp obtained by decrypting the timestamp encrypted information is consistent with the first timestamp generated by the first equipment, the verification is passed.
3. The system according to claim 1, wherein the first interaction information further carries first identity authentication information generated based on a first secret seed; the first identity authentication information is obtained by performing hash operation on the first secret seed for m-1 times by the first equipment;
the second device is further configured to perform, before generating second interaction information, hash operation on the first identity authentication information for 1 time, and detect whether the first identity authentication information on which the hash operation is performed for 1 time is consistent with the identity information of the first device acquired in advance; generating the second interaction information after detecting that the first identity authentication information subjected to the hash operation for 1 time is consistent with the pre-acquired identity information of the first device;
the identity information of the first device is obtained by performing hash operation on the first secret seed m times by the first device;
and the number of the first and second groups,
the second interactive information also carries second identity authentication information generated based on a second secret seed, and the second identity authentication information is obtained by the second equipment through s-1 times of hash operation on the second secret seed;
the first device is further configured to perform hash operation on the second identity authentication information for 1 time before generating third interaction information, and detect whether the second identity authentication information on which the hash operation is performed for 1 time is consistent with identity information of the second device acquired in advance; generating third interactive information after detecting that second identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the second device acquired in advance;
and the identity information of the second equipment is obtained by the second equipment performing hash operation on the second secret seed s times.
4. The system according to claim 3, wherein the second device is further configured to update the identity information of the first device using the first identity authentication information after detecting that the first identity authentication information subjected to the hash operation for 1 time is consistent with the previously acquired identity information of the first device;
the third interactive information also carries third identity authentication information generated based on the first secret seed; the third identity authentication information is obtained by performing hash operation on the first secret seed for m-2 times;
the second device is further configured to perform, before the fourth interaction information is generated, hash operation on the third identity authentication information for 1 time, and detect whether the third identity authentication information on which the hash operation is performed for 1 time is consistent with the identity information of the first device obtained by updating the first identity authentication information; generating the fourth interactive information after detecting that the first identity authentication information subjected to the hash operation for 1 time is consistent with the identity information of the first device obtained by updating the first identity authentication information;
and the number of the first and second groups,
the first device is further configured to update the identity information of the second device using the second identity authentication information after detecting that the second identity authentication information subjected to the hash operation for 1 time is consistent with the pre-acquired identity information of the second device;
the fourth interactive information also carries fourth identity authentication information generated based on a second secret seed; the fourth identity authentication information is obtained by performing hash operation on the second secret seed for s-2 times;
the first device is further configured to perform, before verifying the fourth interaction information, hash operation on the fourth identity authentication information for 1 time, and detect whether the fourth identity authentication information on which the hash operation is performed for 1 time is consistent with identity information of the second device obtained by updating the second identity authentication information; and after detecting that fourth identity authentication information subjected to the hash operation for 1 time is consistent with identity information of the second equipment obtained by updating the second identity authentication information, verifying the fourth interactive information.
5. The system of claim 4,
the first device is further configured to generate first channel information based on a first secret seed and a first timestamp, and carry the first channel information and the first timestamp encrypted by using the secure key in the first interaction information;
after receiving the second interaction information, generating third channel information based on the network key and a third timestamp; carrying the third channel information and a third timestamp encrypted by using the security key in the third interactive information;
the second device, further configured to, before generating the fourth interaction information:
generating first channel verification information based on third identity authentication information by using a first timestamp carried in the first interaction information, and detecting whether the calculated first channel verification information is consistent with the first channel information carried in the first interaction information; after detecting that the first channel verification information is consistent with the first channel information carried in the first interaction information, confirming that the network key negotiation channel is not interrupted;
after confirming that the network key agreement channel is not interrupted, the second device is further configured to: decrypting the encrypted third timestamp carried in the third interactive information by using the security key to obtain a third timestamp; calculating to generate third channel verification information according to the obtained third timestamp and the network key; detecting whether the third channel verification information generated by calculation is consistent with third channel information carried in the third interaction information; and after the two are detected to be consistent, the data in the network key negotiation process is complete, and the fourth interactive information is generated.
6. The system of claim 5, wherein the first device is specifically configured to generate the first channel information based on the first secret seed and the first timestamp according to the following steps:
performing hash operation on the first secret seed for m-2 times;
splicing the first secret seed subjected to m-2 times of hash operation with the first timestamp, and then performing 1 time of hash operation to generate the first channel information;
the first device is specifically configured to generate third channel information based on the network key and the third timestamp according to the following steps:
and after splicing the third timestamp and the network key, performing hash operation for 1 time to generate third channel information.
7. The system according to claim 6, wherein the second device is further configured to generate second channel information based on a second secret seed, a second timestamp, and the first channel information before sending the second interaction information to the first device, and to carry the second channel information and a second timestamp encrypted using the security key in the second interaction information;
the first device is further configured to calculate and generate second channel verification information based on fourth identity authentication information carried in the fourth interaction information, a second timestamp carried in the second interaction information, and first channel information generated by the first device after receiving the fourth interaction information; detecting whether the second channel verification information generated by calculation is consistent with second channel information carried in the second interaction information; and after detecting that the second channel verification information generated by calculation is consistent with the second channel information carried in the second interaction information, verifying the fourth interaction information.
8. The system according to claim 7, wherein the second device is specifically configured to generate the second channel information based on the second secret seed, the second timestamp, and the first channel information by:
performing hash operation on the second secret seed for m-2 times;
and after splicing the second secret seed subjected to the m-2 times of hash operation, the second timestamp and the first channel information, performing the hash operation for 1 time to generate the second channel information.
9. The system according to claim 1, wherein the first interaction information further carries a first timestamp encrypted with the secure key;
the second device is further configured to decrypt the encrypted first timestamp by using the security key, acquire the first timestamp, and detect whether a time difference between the first timestamp and the current time is smaller than a preset time difference threshold; generating the second interaction information after detecting that the time difference between the first timestamp and the current time is smaller than a preset time difference threshold value;
and the number of the first and second groups,
the third interactive information also carries a third timestamp encrypted by using the security key;
the second device is further configured to decrypt the encrypted third timestamp by using the security key, acquire the third timestamp, and detect whether a time difference between the third timestamp and the current time is smaller than a preset time difference threshold; generating the fourth interaction information after detecting that the time difference between the third timestamp and the current time is smaller than a preset time difference threshold;
and the number of the first and second groups,
the second interaction information also carries a second time stamp encrypted by using the security key;
the first device is further configured to decrypt the encrypted second timestamp by using the security key, acquire the second timestamp, and detect whether a time difference between the second timestamp and the current time is smaller than a preset time difference threshold; generating a temporary transmission key after detecting that the time difference between the second timestamp and the current time is smaller than a preset time difference threshold;
the fourth interactive information also carries a fourth timestamp encrypted by using the security key;
the first device is further configured to decrypt the encrypted fourth timestamp by using the security key, acquire the fourth timestamp, and detect whether a time difference between the fourth timestamp and the current time is smaller than a preset time difference threshold; and after detecting that the time difference between the fourth timestamp and the current time is smaller than a preset time difference threshold value, verifying the fourth interactive information.
10. A network key agreement device is used in a network key agreement system composed of a first device and a second device; a first interaction module is installed in the first equipment; a second interaction module is installed in the second equipment;
the first interaction module is configured to: generating first interaction information and sending the first interaction information to the second interaction module; the first interaction information carries: a first round of information encrypted using a secure key; receiving second interaction information fed back by the second equipment according to the first interaction information; generating a temporary transmission key based on the first round information, second round information carried in the second interactive information and a device key appointed by the first device; encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information; carrying the network key encryption information in third interaction information, and sending the third interaction information to the second interaction module; receiving fourth interaction information sent by the second interaction module based on the third interaction information, verifying the fourth interaction information based on the randomly generated network key, and finishing negotiation of the network key with the second interaction module if the verification is passed;
the second interaction module is used for generating second interaction information after receiving the first interaction information and sending the second interaction information to the first interaction module; the second interaction information carries: second round information encrypted using the secure key; receiving third interactive information sent by the first interactive module according to the second interactive information; generating a temporary transmission key based on the obtained device key appointed by the first device, the first round of information and the second round of information carried in the first interaction information, and decrypting network key encryption information based on the temporary transmission key to obtain the network key; generating and sending fourth interaction information to the first interaction module based on the network key;
the second device stores a key bit mask in advance; the key bit mask comprises at least three key indexes; each key index corresponds to a device key;
the second interaction information also carries a key bit mask encrypted by using the security key;
the first interaction module is further configured to decrypt the key bit mask by using a secure key after receiving the second interaction information, and specify a key index from the obtained decrypted key bit mask; and generating a temporary transport key by:
connecting the first round of information with the second round of information carried in the second interactive information to form a character string;
encrypting the character string by using a preset encryption algorithm and using an equipment key corresponding to a key index specified by the first equipment as an encryption key to generate the temporary transmission key;
encrypting the key index appointed by the first device by using the security key, and carrying the encrypted key index in the third interactive information;
the second interaction module is further configured to decrypt, after receiving the third interaction information, the key index specified by the encrypted first device using the secure key, and obtain the key index specified by the first device; and generating the temporary transport key by:
connecting the first round of information carried in the first interactive information with the second round of information to form a character string;
and the temporary transmission key generation unit is configured to encrypt the character string by using the preset encryption algorithm and using an equipment key corresponding to the key index specified by the first equipment and carried in the third interactive information as an encryption key, so as to generate the temporary transmission key.
11. A network key agreement method, characterized by a first device for performing network key agreement, the method comprising:
generating first interaction information and sending the first interaction information to second equipment; the first interaction information carries: a first round of information encrypted using a secure key;
receiving second interactive information sent by the second equipment after receiving the first interactive information; the second interaction information carries: second round information encrypted using a secure key;
generating a temporary transmission key based on the first round information and second round information carried in the second interactive information;
encrypting the randomly generated network key by using the temporary transmission key to generate network key encryption information;
carrying the network key encryption information in third interaction information, and sending the third interaction information to the second device;
receiving fourth interactive information sent by the second equipment based on the third interactive information; the fourth interaction information is generated based on the network key;
verifying the fourth interactive information based on the network key, and if the fourth interactive information passes the verification, completing the negotiation of the network key with the second equipment;
the second device stores a key bit mask in advance; the key bit mask comprises at least three key indexes; each key index corresponds to a device key;
the second interaction information also carries a key bit mask encrypted by using the security key;
the method further comprises the following steps:
after receiving the second interaction information, decrypting the key bit mask by using a security key, and designating a key index from the obtained decrypted key bit mask; and generating a temporary transport key by:
connecting the first round of information with the second round of information carried in the second interactive information to form a character string;
encrypting the character string by using a preset encryption algorithm and using an equipment key corresponding to a key index specified by the first equipment as an encryption key to generate the temporary transmission key;
and encrypting the key index specified by the first device by using the security key, and carrying the encrypted key index in the third interactive information.
12. A network key agreement method, characterized by a second device for performing network key agreement, the method comprising:
receiving first interaction information sent by first equipment; the first interactive information carries first round information;
after receiving the first interactive information, generating second interactive information;
sending the second interaction information to the first device; the second interaction information carries: second round information encrypted using a secure key;
receiving third interactive information sent by the first equipment according to the second interactive information;
generating a temporary transmission key based on the first round of information and the second round of information carried in the first interactive information, and decrypting network key encryption information based on the temporary transmission key to obtain the network key;
generating fourth interaction information based on the network key, and sending the fourth interaction information to the first equipment;
the second device stores a key bit mask in advance; the key bit mask comprises at least three key indexes; each key index corresponds to a device key;
the second interaction information also carries a key bit mask encrypted by using the security key;
after the third interactive information is received, decrypting the key index specified by the encrypted first device by using the security key to obtain the key index specified by the first device; and generating the temporary transport key by:
connecting the first round of information carried in the first interactive information with the second round of information to form a character string;
and the temporary transmission key generation unit is configured to encrypt the character string by using a preset encryption algorithm and using an equipment key corresponding to the key index specified by the first equipment and carried in the third interactive information as an encryption key, so as to generate the temporary transmission key.
CN201810480420.2A 2018-05-18 2018-05-18 Network key interaction system, device and method Expired - Fee Related CN108777678B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810480420.2A CN108777678B (en) 2018-05-18 2018-05-18 Network key interaction system, device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810480420.2A CN108777678B (en) 2018-05-18 2018-05-18 Network key interaction system, device and method

Publications (2)

Publication Number Publication Date
CN108777678A CN108777678A (en) 2018-11-09
CN108777678B true CN108777678B (en) 2020-12-11

Family

ID=64027191

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810480420.2A Expired - Fee Related CN108777678B (en) 2018-05-18 2018-05-18 Network key interaction system, device and method

Country Status (1)

Country Link
CN (1) CN108777678B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499828B (en) * 2020-10-23 2024-04-30 京东方科技集团股份有限公司 Communication method, internet of things terminal, gateway equipment and Internet of things system
CN112600667B (en) * 2020-11-25 2023-04-07 广东电网有限责任公司电力科学研究院 Key negotiation method, device, equipment and storage medium
CN112512064B (en) * 2020-12-02 2024-02-13 普联技术有限公司 Wireless distribution network method, wireless gateway and equipment to be accessed
CN112737774B (en) * 2020-12-28 2023-04-07 苏州科达科技股份有限公司 Data transmission method, device and storage medium in network conference
CN117938984A (en) * 2024-01-29 2024-04-26 数盾信息科技股份有限公司 Network data transmission method and device based on high-speed encryption algorithm

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150849A (en) * 2006-09-18 2008-03-26 华为技术有限公司 Method for binding management secret key, system, mobile node and communication node
US7574600B2 (en) * 2004-03-24 2009-08-11 Intel Corporation System and method for combining user and platform authentication in negotiated channel security protocols
CN104980928A (en) * 2014-04-03 2015-10-14 华为终端有限公司 Method, equipment and system used for establishing secure connection
CN106817352A (en) * 2015-11-30 2017-06-09 深圳市中兴微电子技术有限公司 Broadcasting packet encryption method and device
CN107046531A (en) * 2017-03-06 2017-08-15 国网湖南省电力公司 The data processing method and system of the data access Power Information Network of monitoring terminal
CN107493168A (en) * 2017-09-07 2017-12-19 中国电子科技集团公司第三十研究所 Quanta identity authentication method and its application process during quantum key distribution

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574600B2 (en) * 2004-03-24 2009-08-11 Intel Corporation System and method for combining user and platform authentication in negotiated channel security protocols
CN101150849A (en) * 2006-09-18 2008-03-26 华为技术有限公司 Method for binding management secret key, system, mobile node and communication node
CN104980928A (en) * 2014-04-03 2015-10-14 华为终端有限公司 Method, equipment and system used for establishing secure connection
CN106817352A (en) * 2015-11-30 2017-06-09 深圳市中兴微电子技术有限公司 Broadcasting packet encryption method and device
CN107046531A (en) * 2017-03-06 2017-08-15 国网湖南省电力公司 The data processing method and system of the data access Power Information Network of monitoring terminal
CN107493168A (en) * 2017-09-07 2017-12-19 中国电子科技集团公司第三十研究所 Quanta identity authentication method and its application process during quantum key distribution

Also Published As

Publication number Publication date
CN108777678A (en) 2018-11-09

Similar Documents

Publication Publication Date Title
CN108777678B (en) Network key interaction system, device and method
CN110166242B (en) Message transmission method and device
CN102812684B (en) Implement the system and method for computer strategy
KR100520116B1 (en) A method for discributing the key to mutual nodes to code a key on mobile ad-hoc network and network device using thereof
US9491174B2 (en) System and method for authenticating a user
CN108449756B (en) System, method and device for updating network key
KR100479260B1 (en) Method for cryptographing wireless data and apparatus thereof
CN106788989B (en) Method and equipment for establishing secure encrypted channel
US7464265B2 (en) Methods for iteratively deriving security keys for communications sessions
EP4231680A1 (en) Identity authentication system, method and apparatus, device, and computer readable storage medium
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
US11750580B2 (en) Systems and methods for encryption in network communication
CN112291179B (en) Method, system and device for realizing equipment authentication
KR20190040443A (en) Apparatus and method for creating secure session of smart meter
EP4262136A1 (en) Identity authentication method and apparatus, storage medium, program, and program product
WO2022135383A1 (en) Identity authentication method and apparatus
US8666073B2 (en) Safe handover method and system
KR101595056B1 (en) System and method for data sharing of intercloud enviroment
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
US12050901B2 (en) Over-the-air updating method, update server, terminal device, and internet of things system
US10491385B2 (en) Information processing system, information processing method, and recording medium for improving security of encrypted communications
US20230107953A1 (en) Over-the-air updating method, update server, terminal device, and internet of things system
WO2022135418A1 (en) Identity authentication method and apparatus
WO2022135385A1 (en) Identity authentication method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201211

CF01 Termination of patent right due to non-payment of annual fee