CN110224816B - Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment - Google Patents
Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment Download PDFInfo
- Publication number
- CN110224816B CN110224816B CN201910400861.1A CN201910400861A CN110224816B CN 110224816 B CN110224816 B CN 110224816B CN 201910400861 A CN201910400861 A CN 201910400861A CN 110224816 B CN110224816 B CN 110224816B
- Authority
- CN
- China
- Prior art keywords
- application
- card
- key
- communication
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 331
- 238000004891 communication Methods 0.000 title claims abstract description 327
- 238000000034 method Methods 0.000 title claims abstract description 66
- 230000006870 function Effects 0.000 claims description 27
- 239000000284 extract Substances 0.000 claims description 18
- 238000004422 calculation algorithm Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 abstract description 10
- 230000002035 prolonged effect Effects 0.000 abstract 1
- 238000005336 cracking Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 206010033799 Paralysis Diseases 0.000 description 2
- 241000700605 Viruses Species 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
- 230000033764 rhythmic process Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W52/00—Power management, e.g. Transmission Power Control [TPC] or power classes
- H04W52/02—Power saving arrangements
- H04W52/0209—Power saving arrangements in terminal devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Power Engineering (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to an anti-quantum computing application system based on a key card and a serial number, a near-field energy-saving communication method and a computer device, wherein the system comprises an application server, an application terminal and an application IC card, each member of the system is provided with the key card comprising a serial number pool, the application IC card and the application server are used for identity authentication, a first bill request message ciphertext is sent to the application server, a first bill request parameter comprises the number of application bills, the application total bill is received to obtain a session key, the first near-field communication message is sent to the application terminal, and the application terminal utilizes a position parameter to combine the serial number pool of the application terminal to extract the serial number communication key so as to realize near-field communication with the application terminal. The use of the key fob reduces the possibility of stealing the key by malicious software, the application terminal and the application IC card can obtain the shared key for encrypted communication with the application server only by looking up a table, the calculation amount is small, and the battery use time of the application terminal and the application IC card is prolonged rapidly.
Description
Technical Field
The invention relates to the technical field of intelligent application terminals, in particular to an anti-quantum computing application system based on a key fob and a serial number, a near-field energy-saving communication method and computer equipment.
Background
Along with the continuous development of information technology and social economy, the living standard of people is continuously improved, the living rhythm is gradually accelerated, and various scenes needing close-range identity authentication, such as entrance guard card swiping, traffic card swiping, work attendance and the like, appear in daily life. With the increasing number of intelligent devices, higher demands are being placed on the security of intelligent operations and data transmission. Data security is generally ensured by using asymmetric key encryption, which requires different keys to be used to perform encryption and decryption operations, respectively, one being published publicly, i.e. the public key, and the other being kept secret by the user himself, i.e. the private key. The information sender uses the public key to encrypt, and the information receiver uses the private key to decrypt; or the sender of the information may be de-encrypted with the private key and the receiver of the information may be de-encrypted with the public key. In a general identity authentication method, a key needs to be negotiated between application clients, and many services cannot be well supported because the application clients are often low-performance devices.
At present, the traditional communication encryption and transmission security are all dependent on complex mathematical algorithms. That is, the present digital cryptosystem is said to be secure because the computing power of the present computer is limited and the result is not computed in the time period where the demand exists. But this current state of security has become increasingly compromised by quantum computers. For example, for asymmetric key algorithms in classical cryptography, there are special quantum computer algorithms (shor algorithm, etc.) for cracking. In front of a quantum computer with high computing power, even advanced secret communication is possible to be deciphered and eavesdropped by the current communication means. Thus, it has been an urgent need to build a complete set of quantum communication network schemes that are practically available.
As is known by most people, quantum computers have great potential for password cracking. Most of the mainstream asymmetric (public key) encryption algorithms such as RSA encryption algorithm are based on two mathematical difficulties of factorization of large integers or calculation of discrete logarithms over finite fields. Their difficulty of cracking also depends on the efficiency of solving these problems. On a traditional computer, it is required to solve these two mathematical problems, and it takes an exponential time (i.e. the cracking time increases exponentially with the length of the public key), which is unacceptable in practical applications. The Xueer algorithm custom-designed for the quantum computer can perform integer factorization or discrete logarithm calculation in polynomial time (namely, the cracking time increases along with the increase of the length of the public key at the speed of the k th power, wherein k is a constant irrelevant to the length of the public key), thereby providing possibility for cracking of RSA and discrete logarithm encryption algorithms.
Problems of the prior art:
(1) In the prior art, the application server has no reliable protection measures. The application server is a central network element of the application system and has the Internet surfing capability, and is likely to be infected by virus Trojan so as to steal information; or is attacked to cause paralysis, resulting in paralysis of the entire application system scheme.
(2) In the prior art, an application terminal key is stored in an application terminal memory and exposed to the threat of a virus Trojan of an application terminal, so that the application terminal key can be stolen by malicious software or malicious operation.
(3) Because the quantum computer can quickly obtain the corresponding private key through the public key, the existing application system communication method based on the public and private keys is easy to crack by the quantum computer.
(4) If the public key and the private key are stored in the key fob, the low-power consumption application terminal is difficult to bear the calculated amount, so that the calculation is slow, and the rapid consumption of the electric quantity is easy to finish.
(5) If the symmetric key pool is stored in the key fob, the application server as the communication center needs to store a plurality of large-capacity symmetric key pools, which will consume the storage space of the application server greatly.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an anti-quantum computing application system based on a key fob and serial numbers, and a near field energy saving communication method and system and computer device.
An anti-quantum computing application system near field energy saving communication method based on a key fob and a serial number, wherein the anti-quantum computing application system comprises an application server and at least one application client in communication connection with the application server, the application client comprises an application terminal and an application IC card, the application IC card is implemented on the application IC card, the application IC card is provided with a key fob containing an application IC card serial number pool, the serial number pool comprises a serial number and paired information, the application IC card realizes near field communication with the application terminal by using a trusted session key, and the trusted session key acquisition step comprises the following steps:
the method comprises the steps of authenticating identity of an application server, and confirming that a first communication key generated by the application server is equal to a second communication key generated by an application IC card, wherein the first communication key is generated by calculating a random number extracted by using an application IC card address and a server random number; the second communication key is searched by combining the application IC card address with the random number extracted from the application IC card serial number pool and the server random number with a communication key table; the method comprises the steps of sending a first bill request message ciphertext to an application server, wherein the first bill request message ciphertext is encrypted by a second communication key to obtain a first bill request parameter, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
Receiving and storing a total bill sent by an application server, wherein the total bill consists of a plurality of sub-bills, the number of the sub-bills is the number of application bills, each sub-bill comprises an application IC card bill, an application terminal bill, a server second random number and a serial number pool of an application terminal, and the position parameters of application IC card information are recorded, wherein the application IC card bill and the application terminal bill comprise session keys encrypted by communication keys, and the communication keys comprise a third communication key between the application server and the application IC card and a fourth communication key between the application server and the application terminal; the third communication key/the fourth communication key is obtained by calculating the third random number of the application IC card/the first random number of the application terminal and the second random number of the server, wherein the third random number of the application IC card/the first random number of the application terminal are extracted through respective addresses;
extracting the sub-bill, extracting the corresponding serial number by the own address to calculate a random number, and obtaining a fifth communication key by combining the random number with a communication key table, wherein the fifth communication key decrypts the application IC card bill to obtain a session key;
and sending a first near field communication message to the application terminal, wherein the first near field communication message comprises a sequence number pool of the application terminal for recording the position parameter of the application IC card information, the application terminal extracts a sequence number according to the position parameter, and a sixth communication key is obtained by combining the sequence number with a communication key table, so that the session key is confirmed to realize near field communication.
An anti-quantum computing application system near field energy saving communication method based on a key fob and a serial number, wherein the anti-quantum computing application system comprises an application server and at least one application client in communication connection with the application server, the application client comprises an application terminal and an application IC card and is implemented in the application server, the application server is provided with the key fob comprising a serial number pool, the serial number pool comprises a serial number and a paired person, the serial number pool comprises an application server serial number pool, an application terminal serial number pool and an application IC card serial number pool, the application server is used for distributing a total bill to realize near field communication of the application IC card and the application terminal through a trusted session key, and the application server distributing the total bill comprises the following steps:
confirming that a first communication key generated by an application server is equal to a second communication key generated by an application IC card with the identity authentication of the application IC card, wherein the first communication key is generated by calculating a random number extracted by using an address of the application IC card and a server random number; the second communication key is searched by combining the random number extracted by the application IC card address with the server random number and a communication key table;
Receiving a first bill request message ciphertext, and decrypting the first bill request message ciphertext by using a first communication key to obtain a first request parameter, wherein the first bill request message ciphertext is encrypted by a second communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
checking whether information matched with an application IC card exists in a sequence number pool of an application terminal stored in an application server key card, extracting the sequence number of the application terminal, obtaining a first random number of the application terminal by using the sequence number, respectively obtaining corresponding communication keys by combining a third random number of the application IC card with the first random number of the application terminal and a second random number of the server, respectively encrypting a session key by using the communication keys so as to obtain an application IC card bill and an application terminal bill, and recording position parameters of the information of the application IC card in each sequence number pool containing the application IC card bill, the application terminal bill, the second random number of the server and the application terminal to form sub-bills, and forming a total bill by a plurality of sub-bills and sending the total bill to the application IC card.
An anti-quantum computing application system near-field energy-saving communication method based on a key fob and a serial number, wherein the anti-quantum computing application system comprises an application server and at least one application client in communication connection with the application server, the application client comprises an application terminal and an application IC card, the application client is implemented in the application terminal, the application terminal is provided with the key fob comprising an application terminal serial number pool, the application terminal serial number pool comprises a serial number and a counterpart, the application terminal and the application IC card communicate near-field through a trusted session key, and the trusted session key acquisition step comprises the following steps:
Transmitting an application terminal address to the application IC card, and acquiring a total bill after identity authentication of the application IC card and an application server, wherein the total bill comprises a sub bill formed by the application IC card bill, the application terminal bill, a second random number of the server and a position parameter of a serial number pool of the application terminal for recording information of the application IC card;
receiving a first near field communication message sent by an application IC card, wherein the first near field communication message consists of an address of an application terminal, the address of the application IC card, a position parameter of a serial number pool of the application terminal for recording information of the application IC card M, a second random number of an application server, an application terminal bill and a first near field communication authentication code;
and extracting a serial number of the application terminal by combining the position parameter with the application terminal serial number pool to obtain a second random number of the application terminal, extracting a sixth communication key by combining the application terminal second random number with the application server second random number with the communication key table, decrypting the application terminal bill by using the sixth communication key, and further obtaining a trusted session key to realize near field communication.
The utility model provides an anti quantum computing application system near field energy saving communication method based on key fob and serial number, is implemented in anti quantum application system, and anti quantum computing application system includes application server and with at least one application client of application server communication connection, application client includes application terminal and application IC card, each member of anti quantum computing application system is furnished with the key fob that contains the serial number pond, the serial number pond includes serial number and paired person, the serial number pond of application server still contains application server serial number pond, application terminal serial number pond and application IC card serial number pond, application terminal and the application IC card near field communication through trusted session key, trusted session key obtains the step and includes:
The method comprises the steps of authenticating identities of an application IC card and an application server, and confirming that a first communication key generated by the application server is equal to a second communication key generated by the application IC card, wherein the first communication key is generated by calculating a random number extracted by using an address of the application IC card and a server random number; the second communication key is searched by combining the random number extracted by the application IC card address with the server random number and a communication key table;
the application IC card sends a first bill request message ciphertext to the application server, the first bill request message ciphertext encrypts a first bill request parameter by a second communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
the application server receives the first bill request message ciphertext and decrypts the first bill request message ciphertext by using the first communication key to obtain a first request parameter;
the application server checks whether information matched with the application IC card exists in a sequence number pool of an application terminal stored in a key card of the application server, extracts the sequence number of the application terminal, obtains a first random number of the application terminal by using the sequence number, respectively obtains a corresponding communication key by combining a third random number of the application IC card and the first random number of the application terminal with a second random number of the server, respectively encrypts a session key by using the communication key so as to obtain an application IC card bill and an application terminal bill, and each position parameter containing the information of the application IC card, the application terminal bill, the second random number of the server and the sequence number pool of the application terminal forms a sub bill, and a plurality of sub bills form a total bill and are sent to the application IC card;
The method comprises the steps that an application IC card receives and stores a total bill sent by an application server, wherein the total bill consists of a plurality of sub-bills, and the number of the sub-bills is the number of application bills;
the application IC card extracts the sub-bill and extracts the corresponding serial number according to the own address to calculate a random number, a fifth communication key is obtained by combining the random number with a communication key table, and the fifth communication key decrypts the application IC card bill to obtain a session key;
the application IC card sends a first near field communication message to the application terminal, the first near field communication message comprises a sequence number pool of the application terminal, the position parameter of the application IC card information is recorded, the application terminal extracts a sequence number according to the position parameter, and a sixth communication key is obtained by combining the sequence number with a communication key table, so that the session key is confirmed to realize near field communication.
In one embodiment, a method for generating a communication key generated by a server includes:
the communication key is generated for the application server, and the generation method comprises the following steps:
extracting an application IC card public key, an application terminal public key and an application server private key by utilizing the random number of the application IC card, the random number of the application terminal and the random number of the application server in combination with a pointer function, and respectively calculating and generating a corresponding communication key by utilizing the application IC card public key and the application terminal public key and the application server private key in combination with corresponding algorithms;
The communication key is generated for the application IC card/application terminal, and the generation method comprises the following steps:
and respectively extracting corresponding private key pointers by combining the random numbers of the application IC card/the application terminal and the random numbers of the application server with pointer functions, and extracting corresponding communication keys by combining the private key pointers with a communication key table.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of any of the methods described above when the computer program is executed.
An anti-quantum computing application system based on a key fob and a serial number comprises an application server and at least one application client in communication connection with the application server, wherein the application client comprises an application terminal and an application IC card, each member of the anti-quantum computing application system is provided with a key fob comprising a serial number pool, the serial number pool comprises a serial number and a paired person, the serial number pool of the application server also comprises an application server serial number pool, an application terminal serial number pool and an application IC card serial number pool, the application terminal and the application IC card communicate in close range through a trusted session key,
The application IC card is used for authenticating the identity of the application server, sending a first bill request message ciphertext to the application server, encrypting a first bill request parameter by a communication key, wherein the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills, and receiving an application total bill to acquire a session key to realize close-range communication with the application terminal;
the application server is used for receiving a first bill request message ciphertext, decrypting by using a first communication key to obtain a first request parameter, wherein the first request parameter comprises an application IC card address, an application terminal address and the number of application bills, checking whether information matched with the application IC card exists in a serial number pool of an application terminal stored in an application server key card, extracting an application terminal serial number, obtaining an application terminal first random number by using the serial number, respectively obtaining a corresponding communication key by combining an application IC card third random number and an application terminal first random number with a server second random number, respectively encrypting a session key by using the communication key to obtain an application IC card bill and an application terminal bill, forming sub-bills by using position parameters which respectively comprise the application IC card bill, the application terminal bill, the server second random number and the serial number pool of the application terminal record information of the application IC card, forming a total bill by using the plurality of sub-bills and sending the total bill to the application IC card;
The application terminal is used for receiving the first near field communication message sent by the application card, extracting the serial number of the application terminal by using the position parameter and combining the serial number pool of the application terminal to obtain the second random number of the application terminal, extracting the sixth communication key by using the second random number of the application terminal and the second random number of the application server and combining the communication key table, decrypting the application terminal bill by using the sixth communication key and further obtaining the trusted session key to realize near field communication.
The anti-quantum computing application system comprises an application server and at least one application client which is in communication connection with the application server, wherein the application client comprises an application terminal and an application IC card, each member of the anti-quantum computing application system is provided with a key card comprising a sequence number pool, the sequence number pool comprises a sequence number and a paired person, the sequence number pool of the application server also comprises an application server sequence number pool, an application terminal sequence number pool and an application IC card sequence number pool, the application terminal and the application IC card communicate in a short distance through a trusted session key, the application IC card and the application server identify authentication, and send a first bill request message ciphertext to the application server, the first bill request message ciphertext is encrypted by the communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills, and the application total short-distance acquisition session key is received to realize communication with the application terminal; the application terminal is used for receiving the first near field communication message sent by the application card, extracting the serial number of the application terminal by using the position parameter and combining the serial number pool of the application terminal to obtain the second random number of the application terminal, extracting the sixth communication key by using the second random number of the application terminal and the second random number of the application server and combining the communication key table, decrypting the application terminal bill by using the sixth communication key and further obtaining the trusted session key to realize near field communication. The anti-quantum computing application system members are all provided with the key card and store the key, the key card is an independent hardware device, the possibility of stealing the key by malicious software or malicious operation is greatly reduced, meanwhile, the public keys of the required application system members are extracted by combining the anti-quantum computing public keys disclosed by the shared user side with the asymmetric key pool, the public keys of the application system members are stored in the key card, the fact that the quantum computer cannot obtain the public keys of the users and further cannot obtain the corresponding private keys is guaranteed, therefore, the cracking risk of the quantum computer is reduced, the application terminal and the application IC card do not use the public keys and the private keys for calculation, the shared key for encrypted communication with the application server can be obtained only by looking up a table, and the computing amount is small and the speed is high; and can save energy for the device and prolong the service time of the battery of the application terminal and the application IC card.
Drawings
FIG. 1 is a networking diagram of an application system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of the structure of an application server key fob key region;
FIG. 3 is a schematic diagram of a sequence number pool according to the present invention;
FIG. 4 is a schematic diagram of the structure of a public key pool in the key zone of an application server key fob;
FIG. 5 is a schematic diagram of the structure of an application client key fob key region;
FIG. 6 is a schematic diagram of a symmetric key pool in an application client key fob key zone;
fig. 7 is a flowchart of obtaining a public and private key according to an embodiment of the present invention.
Detailed Description
In the short-range energy-saving communication scheme of the quantum-resistant computing application system, the quantum-resistant computing application system can be various systems needing short-range identity authentication, and comprises an application server and a plurality of application clients, wherein the application clients comprise application terminals and application IC cards, and are low-performance devices. The application server runs the business service program and the application client runs the business client program. The application system of the present embodiment may be, but is not limited to: access control system, traffic system of punching card, attendance system etc.. In the case of the above three application systems, the application servers are respectively: an access control system server, a traffic card swiping system server and an attendance checking system server; the application terminals are respectively as follows: an access card reader, a traffic card reader and an attendance card reader; the application IC cards are respectively as follows: access card, traffic card, attendance card. The physical form of the application IC card may be a smart card form key fob or a handset SDKEY form key fob.
The application system structure is as shown in fig. 1, and the application server S is used for issuing a key fob to the application terminal C and the application IC card M, and is also used for issuing a session key KS between the application IC card M and the application terminal C. The application server S and the application terminal C are connected using a wired network or a wireless network, and the application server S and the application IC card M are connected through the wireless network. The application IC card M and the application terminal C are connected using a near field communication (BLE/NFC/infrared).
In this embodiment, the application server address ID is IDs and the application server S uses the application server key fob.
The specific structure of the key area of the application server key fob is shown in fig. 2, and includes a public key pool and a private key pool. In the application server key fob, there is also stored an SQN value of each application client (application terminal C and application IC card M), the SQN being a serial number. When in initialization, the SQN values of different clients (the application terminal C and the application IC card M) are different and are true random numbers, and the serial number SQN values are respectively stored in the key fob of the application server and the key fob of the application client (the application terminal C and the application IC card M).
The sequence number SQN value exists in the form of a sequence number pool at each application client (application terminal C and application IC card M), as shown in fig. 3, the sequence number pool includes a sequence number and a partner; and the serial number pool of each application client also has one part in the application server key pool, namely the serial number pool matched with the application server comprises an application server serial number pool, an application terminal serial number pool and an application IC card serial number pool, and the serial number pools of the application terminal C and the application IC card M are named as an application terminal serial number pool and an application IC card serial number pool.
The public key pool in the application server key fob key zone is shown in fig. 4, and the public key pool includes a server public key pool and N application client public key pools of N application clients. The starting position of the public key pool of the server is Kp0, and the size of the public key pool is Ks0. The size of the application server private key pool is also Ks0. The starting positions of the N application client public key pools are Kp1, kp2, … …, kpN and N application client private keys respectivelyThe key pools are of sizes Ks1, ks2, … …, ksN, respectively. The size of each key pool is different from 1G to 4096G. Let the key numbers of the application servers be 1-m, the private key pools of the application servers be { S1, S2, … …, sm }, and the public key pools of the servers be { S1, S2, … …, sm }. According to the Diffie-Hellman protocol, a large prime number p and a number g are defined, g is the primitive root of modulo p, and the large prime number g and the number p are parameters of the Diffie-Hellman protocol (key exchange algorithm). The application server generates a true random large integer Si (i epsilon {1,2, … …, m }) according to the matched application server key fob, and uses the true random large integer Si as a private key of the application server key fob, and obtains an application server public key si=g through calculation si modp(i∈{1,2,……,m})。
The application client comprises an application terminal C and an application IC card M, which are low-performance devices. In this embodiment, the application terminal address ID is IDC, the application terminal key fob of the application terminal C is used, the application IC card address ID is IDM, and the application IC card key fob of the application IC card M is used. The specific structure of the key area of the application client key fob, i.e. the key area of the application terminal key fob and the key area of the application IC card key fob is shown in fig. 5, and includes a public key pool and a symmetric key pool of the application client (application terminal C or application IC card M). The specific structure of the symmetric key pool is shown in fig. 6. Let a certain application client (application terminal C or application IC card M) key number be 1-n, respectively, application client (application terminal C or application IC card M) private key pool be { C1, C2, … …, cn }, application client (application terminal C or application IC card M) public key pool be { C1, C2, … …, cn }, wherein cj=g is obtained according to Diffie-Hellman protocol cj modp, j e {1,2, … …, n }. The key fob issuer or application server calculates all the communication keys Kij for the application clients (application terminals C and/or application IC cards M),
the calculation mode is kij= (Si) cj modp,
Wherein Si is the public key of the application server, cj is the private key of the application client (application terminal C or application IC card M), all the communication keys Kij form a communication key table, and the application server S copies the communication key table (i.e. grey area in fig. 6) into the key fob corresponding to the application terminal C or application IC card M.
The present embodiment is a process in which the application terminal C and the application IC card M negotiate a key through the application server S and perform message authentication in the communication process.
The steps of the application server S negotiating the key with the application terminal C are as follows:
the application server S obtains the random number rs and the random number rc using the application server key fob. And obtaining a communication key Kc according to the random number rs and the random number rc. The process is shown in fig. 7, and the text is described as follows:
the application server S uses the random number rs in combination with a specific application server pointer function Fs to obtain an application server private key pointer Ps, and extracts an application server private key SKs from an application server private key pool in the application server key fob through the application server private key pointer Ps. The application server public key pointer Kss can be obtained by adding Ps to the starting position Ks0 of the application server public key pool, and the application server public key PKs can be extracted from the server public key pool in the application server key fob through the application server public key pointer Kss.
The application terminal private key pointer Pc is obtained by combining the random number rc with a specific application terminal pointer function Fc, the application terminal public key pointer Ksc is obtained by adding the application terminal private key pointer Pc to the application terminal public key pool starting position KsN in the application server key fob, and the application terminal public key PKc is extracted from the application server key pool in the application server key fob by the application terminal public key pointer Ksc.
Calculate the communication key as kc= (PKc) SKs mod p
Wherein PKc is an application terminal public key, SKs is an application server private key, and p is a large prime number.
The application server S communicates with the application terminal C using the communication key Kc as a key encryption message. After receiving the message file encrypted by the communication key Kc, the application terminal C calculates an application server private key pointer Ps and an application terminal private key pointer Pc according to the random number rs and the random number rc, and corresponds to a row i and a column j in a communication key table (i.e., gray area in fig. 6), and searches the communication key table to obtain the communication key Kc, and decrypts the encrypted message file by the communication key Kc to obtain the message file to realize information interaction.
The process of negotiating the secret key by the application terminal C and the application IC card M through the application server S and carrying out message authentication in the communication process comprises the following steps 1-5, and the text description is as follows:
And 1, authenticating identities of the application IC card M and the application server S.
Specifically, the authentication of the application IC card M and the application server S includes the following steps 1.1 to 1.4.
Step 1.1 the application IC card M sends the negotiation key basic information to the application server S.
Specifically: the application IC card M sends an application IC card address IDM and an application terminal address IDC to the application server S, and the steps include:
step 1.1.1 the application terminal C sends the application terminal address IDC to the application IC card M.
After receiving the application IC card M, step 1.1.2 sends the application terminal address IDC and the application IC card address IDM to the application server S.
Step 1.2 the application server S calculates a first communication key Kab using the first random number ra of the application IC card M and the first random number rb of the application server and creates a first message authentication code and sends the first message authentication code to the application IC card.
Specifically, the method comprises the steps of 1.2.1-1.2.4, and the steps are as follows:
step 1.2.1 after receiving the application terminal address IDC and the application IC card address IDM, the application server S extracts the sequence number SQN value of the application IC card M, i.e. the sequence number SQNM, according to the application IC card address IDM in combination with the sequence number pool of the application IC card stored in the application server key fob, and obtains the public key pointer N of the application IC card M according to the sequence number SQNM of the application IC card M SQNM ,
The method for obtaining the public key pointer comprises the following steps: randomly selecting a number value in the application IC card address IDM as the public key pointer N of the application IC card M by using the serial number SQNM of the application IC card M SQNM 。
Step 1.2.2 the application server S calculates a first random number ra of the application IC card
Public key pointer N using application IC card M SQNM Taking outPublic key PKM using IC card M SQNM First random number ra=kh (SQNM, PKM SQNM ) Wherein KH is a keyed HASH function, such as HMAC.
Step 1.2.3 the application server S calculates the first communication key Kab using the first random number ra of the application IC card M and the first random number rb of the application server.
The application server S generates a first random number rb of the application server by using a random number generator in the key fob of the application server, calculates a first communication key Kab according to the first random number ra of the application IC card M and the first random number rb of the application server, and obtains a communication key Kc according to the random number rs and the random number rc in the process similar to the process described above; the method comprises the following specific steps:
the application server S uses the first random number rb of the application server in combination with the application server pointer function Fs to obtain an application server private key pointer Ps, and extracts an application server private key SKs from the application server private key pool through the application server private key pointer Ps. The application server public key pointer Kss can be obtained by adding the application server private key pointer Ps to the application server public key pool starting position Ks0, and the application server public key PKs can be extracted from the public key pool by the application server public key pointer Kss.
The application server S uses the first random number ra of the application IC card M in combination with the application IC card pointer function Fm to obtain an application IC card private key pointer Pm, obtains an application IC card public key pointer Ksm by adding the application IC card private key pointer Pm to the application IC card public key pool start position KsN, and extracts the application IC card public key PKm from the public key pool by the application IC card public key pointer Ksm.
Calculate the first communication key kab= (PKm) SKs mod p, this first communication key is the communication key between the application server S and the application IC card M.
Step 1.2.3 the application server S makes a first message authentication code
The application server S combines the first communication key Kab, the first random number ra of the application IC card, the first random number rb of the application server, the application server address IDS to produce a first message authentication code MACba, the first message authentication code MACba is according to the formula MACba = MAC Kab, ra IDS is calculated, wherein the first message authentication code MAC is a keyed HASH function, such as HMAC.
Step 1.2.4 the application server S transmits a first message containing a first message authentication code to the application IC card M.
The application server S sends a first message IDM IDS rb MACba to the application IC card M, specifically, the first message includes a first message authentication code MACba, an application server address IDS, an application IC card address IDM, and a first random number rb of the application server.
Step 1.3, the application IC card M obtains a second communication key Kab ' by using the second random number ra ' of the application IC card and the first random number rb of the application server in combination with the communication key table, obtains a second message authentication code by using the second communication key Kab ', and realizes the identity authentication of the application IC card M to the application server S by using the second message authentication code.
Specifically, the method comprises the steps of 1.3.1-1.3.3, and the steps are as follows:
step 1.3.1 after the application IC card M receives the first message IDM IDS rb MACba of the message sent from the application server S, the second random number ra ' of the application IC card is calculated in the same manner as in step 1.2, a corresponding random number pointer is calculated according to the second random number ra ' of the application IC card and the random number rb of the application server, and then the communication key table is checked to obtain the second communication key Kab ',
the specific process is as follows:
step 1.3.1.1, according to the application IC card address IDM and the sequence number pool in the application IC card key card, the sequence number SQN value of the application IC card M, namely the sequence number SQNM is taken out, and according to the sequence number SQNM, the public key pointer N of the application IC card M is obtained SQNM Using public key pointers N of application IC cards M SQNM Public key PKM for taking out application IC card M SQNM Calculating a second random number ra' =kh (SQNM, PKM SQNM ) Wherein KH is a keyed HASH function, such as HMAC.
Step 1.3.1.2 the application IC card M uses the random number rb of the application server in combination with the application server pointer function Fs to obtain the application server private key pointer Ps;
the application IC card M uses the second random number ra' of the application IC card to combine with the application IC card pointer function Fm to obtain an application IC card private key pointer Pm;
step 1.3.1.3 application server private key pointer Ps and application IC card private key pointer Pm correspond to row i and column j in the communication key table (i.e. gray area in fig. 6), and the second communication key Kab' is obtained by looking up the communication key table.
Step 1.3.2 comparing the second message authentication code with the first message authentication code
Then obtaining a new MAC value, namely a second message authentication code MAcba 'according to a formula, MACba' =mac { Kab ', ra' |||rb IDS. The application IC card M compares the obtained first message authentication code MACba with the own second message authentication code MACba ', if the same, the verification is successful, the application IC card M completely trusts the identity of the application server S, and confirms that the second communication key is equal to the first communication key, i.e. Kab' =kab.
Step 1.3.3 the application IC card M sends a second message containing a third message authentication code to the application server S.
The application IC card M further calculates a second random number ra 'of the application IC card obtained by using the serial number SQNM and a second communication key Kab' to obtain a third message authentication code macab=mac { Kab ', ra' |||rb }, and sends a second message IDM IDS MACab to the application server S, and performs a self-addition operation on the sequence number SQNM, i.e., sqnm=sqnm+1. When the sequence number is equal to the unsigned integer maximum value, the sequence number becomes 0 after the self-addition operation. Wherein the second message comprises a third message authentication code MACab, an application server address IDS, and an application IC card address IDM.
Step 1.4 the application server S implements the identity authentication of the application IC card M by the application server S.
After the application server S receives the second message IDM IDS MACab of the message combination from the application IC card M, the application server S extracts the SQN value SQNM of the serial number SQN of the application IC card M according to the application IC card address IDM in combination with the serial number pool of the application IC card stored in the application server key card, and calculates the first random number ra=kh (SQNM, PKM) of the application IC card SQNM ) And obtains a first communication key kab= (PKm) SKs mod p, then calculated to get a fourth message authenticationThe codes MACab ', MACab ' =mac { Kab, ra||rb }, and compares the obtained third message authentication code MACab with the fourth message authentication code MACab ', if the third message authentication code MACab ' and the fourth message authentication code MACab ' are the same, the verification is successful, and the application server S completely trusts the identity of the application IC card M. The application server S performs a self-addition operation on the sequence number SQNM where the client exists, i.e., sqnm=sqnm+1.
Step 2, the application IC card M applies for the total bill from the application server S
Step 2.1 the application IC card M sends the first ticket request message ciphertext to the application server S.
Step 2.1.1, the application IC card M combines the application IC card address IDM, the application terminal address IDC and the number Num of application notes into a first note request message REQms, wherein the first note request message REQms is IDM IDC Num;
Step 2.1.2, using the second communication key Kab 'and the first ticket request message REQms obtained in step 1.3 to make a first ticket request message authentication code mac_reqms, specifically, a formula of mac_reqms=mac (Kab', REQms);
step 2.1.3, encrypting a first bill request parameter { REQms|MAC_REQms } by using a second communication key Kab 'to obtain a first bill request message ciphertext { REQms|MAC_REQms } Kab', wherein the first bill request parameter { REQms|MAC_REQms } specifically comprises a first bill request message REQms and a first bill request message authentication code MAC_REQms;
the application IC card M transmits the first ticket request message ciphertext { reqms|macreqms } Kab' to the application server S.
And 3, the application server S generates a total bill and sends a first bill generation message ciphertext containing the total bill to the application IC card M.
Receiving a first bill request message ciphertext, and decrypting the first bill request message ciphertext by using a first communication key to obtain a first request parameter, wherein the first bill request message ciphertext is encrypted by a second communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
checking whether information matched with an application IC card exists in a serial number pool of an application terminal stored in an application server key card, obtaining a corresponding application terminal serial number according to different conditions (the information matched with the application IC card exists/does not exist in the application server key card), obtaining an application terminal first random number according to the serial number, respectively utilizing the application IC card third random number and the application terminal first random number to be combined with a server second random number to calculate and obtain a corresponding communication key, respectively encrypting a session key by utilizing the communication key to obtain an application IC card bill and an application terminal bill, and recording position parameters of the information of the application IC card in the serial number pool of each application IC card bill, the application terminal bill, the server second random number and the application terminal to form a sub bill, and transmitting the sub bills to the application IC card.
The method comprises the following specific steps:
step 3.1, the application server S receives a first bill request message ciphertext { REQms||MAC_REQms } Kab' from the application IC card M;
step 3.2, after the identity authentication of the application server S and the application IC card M, the first communication key Kab and the second communication key Kab 'in step 1.2 are confirmed to be equal, and the first ticket request parameter { reqms|macjreqms } Kab' is obtained by decrypting the first ticket request message ciphertext { reqms|macjreqms } by using the first communication key Kab;
step 3.3, the application server S carries out message authentication on the first bill request message authentication code MAC_REQms, and if the message authentication is successful, the first bill request message REQms is analyzed to obtain the number Num of the application IC card M application bills;
step 3.4 the application server S obtains the second random number rs of the application server, the first random number rc of the application terminal C, the third random number rm of the application IC card M
According to the sequence number pool comprising the sequence number and the paired person, wherein the sequence number corresponds to the paired person one by one, the application server S checks whether the sequence number pool with the application terminal C stored in the application server key fob has information paired with the application IC card M or not, so as to determine whether the application IC card M applies for authentication with the application terminal C for the first time. If the application is the first application, namely the application IC card M is not paired with the application terminal C, the application server S randomly takes out a kth serial number SQNCk which is not paired with other application IC cards M from a serial number pool of the application terminal C, and records information of the application IC card M of a paired person, namely an application IC card address IDM, at a kth position of the serial number pool of the application terminal C; if the application is not the first application, that is, the application IC card M and the application terminal C are already paired, the kth serial number SQNCk of the application terminal C is taken out from the serial number pool of the application terminal C according to the address information IDM of the application IC card M of the paired person, so as to sum up, and K is named as the serial number pool of the application terminal to record the position parameter of the application IC card information.
After the application server S obtains the sequence number SQNCk, the public key pointer N of the application terminal C is obtained according to the sequence number SQNCk of the application terminal C SQNCk According to the public key pointer N of the application terminal C SQNCk Taking out public key PKC of application terminal C SQNCk Public key PKC using application terminal C SQNCk The first random number rc of the application terminal C is calculated, i.e. rc=kh (SQNCk, PKC SQNCk ) Wherein KH is a keyed HASH function, such as HMAC.
The application server S obtains the random number rs by using the application server key fob, and obtains the application IC card random number rm, which is the third random number of the application IC card, by using the same method as in step 1.2,
the method comprises the following steps:
after receiving the application IC card address IDM, the application server S takes out the sequence number SQN value of the application IC card M, namely the sequence number SQNM, from the sequence number pool of the application IC card according to the application IC card address IDM, and obtains the public key pointer N of the application IC card M according to the sequence number SQNM SQNM The method for obtaining the public key pointer comprises the following steps: randomly selecting a number value in the application IC card address IDM as the public key pointer N of the application IC card M by using the serial number SQNM of the application IC card M SQNM . Public key pointer N using application IC card M SQNM Public key PKM for taking out application IC card M SQNM Calculating to obtain random number rm=kh (SQNM, PKM SQNM ) The random number rm of the application IC card is a third random number of the application IC card.
Step 3.5, the application server S can calculate a communication key Km between the application server S and the application IC card M by using the third random number rm of the application IC card and the second random number rs of the application server, where the communication key Km is a third communication key, and the specific steps are as follows:
the application server S uses the second random number rs of the application server to combine with the application server pointer function Fs to obtain an application server private key pointer Ps, and the application server private key SKs is extracted from the application server private key pool through the application server private key pointer Ps. The application server public key pointer Kss can be obtained by adding the application server private key pointer Ps to the application server public key pool starting position Ks0, and the application server public key PKs can be extracted from the public key pool by the application server public key pointer Kss.
The application server S obtains an application IC card private key pointer Pm by using the third random number rm of the application IC card M in combination with the application IC card pointer function Fm, obtains an application IC card public key pointer Ksm by adding the application IC card private key pointer Pm to the application IC card public key pool start position KsN, and extracts the application IC card public key PKm from the public key pool by the application IC card public key pointer Ksm.
Calculate the communication key km= (PKm) between the application server S and the application IC card M SKs mod p, the communication key Km between the application server S and the application IC card M is a third communication key.
Similarly, a communication key Kc of the application server S and the application terminal C is calculated by using the first random number rc of the application terminal C and the second random number rs of the application server, and the communication key Kc of the application server S and the application terminal C is named as a fourth communication key.
And 3.6, the application server S randomly selects a random number Kmc as a session key by using the application server key fob, and respectively makes an application IC card bill Tm and an application terminal bill Tc by using the session key Kmc.
Specifically, the application IC card ticket tm= { Kmc |idc|rm } Km is composed of a communication key Km between the application server S and the application IC card M, that is, a third communication key encryption application IC card parameter { Kmc |idc|rm }, where the application IC card parameter includes the session key Kmc, an address IDC of the application terminal, and a third random number rm of the application IC card;
the application terminal bill Tc= { Kmc |IDM|rc } Kc is the same, namely the application terminal bill Tc is formed by a communication key Kc of an application server S and an application terminal C, namely a fourth communication key encryption application terminal bill parameter { Kmc |IDM|rc } and the application terminal bill parameter { Kmc |IDM|rc } comprises a session key Kmc, an address IDM of an application IC card and a first random number rc of the application terminal;
Step 3.7 application Server S makes Total notes
The serial number pool of the application terminal C records the position parameter k of the information of the application IC card M of the paired person, the second random number rs of the application server, the application IC card bill Tm and the application terminal bill Tc to form a sub bill named as a sub bill TICKET, the sub TICKET is one of TICKETs TICKET which the application IC card M applies to the application server S, the sub-notes are denoted { k|rs|tm|tc }.
Since the number of ticket notes applied by the application IC card M is Num, the number of ticket notes that the application server S needs to generate is also Num. After each generation of one sub-TICKET, the application server S performs a self-addition operation on the sequence numbers SQNCk and SQNM, i.e. sqnck=sqnck+1, sqnm=sqnm+1. Next, the next sub-TICKET is generated again in the above steps using the updated sequence numbers SQNCk and SQNM until a Num sub-TICKET is generated, obtaining the total TICKET denoted Σ { TICKET }. Therefore, according to the number of ticket notes applied by the application IC card M, the number of ticket notes required to be generated by the application server S is one or more. In this embodiment, the total TICKET Σ { TICKET } is a TICKET applied by the application IC card M.
And 3.8, the application server S generates a total bill and sends a first bill generation message ciphertext containing the total bill to the application IC card M.
The application server S applies the IC card address IDM combining the application terminal address IDC and the total bill sigma { TICKET }, to form the first a TICKET generates a message RESPsm, IDM IDC Σ { ticet }. Generating a first bill generation message authentication code (MAC_RESPsm) by using a first communication key (Kab) and a first bill generation message (RESPsm), wherein the specific formula is as follows: mac_respsm=mac (Kab, RESPsm), and then encrypts a combination respsm|mac_respsm of the first ticket generation message RESPsm and the first ticket generation message authentication code mac_respsm with the first communication key Kab to obtain a first ticket generation message ciphertext { respsm|mac_respsm } Kab and sends the first ticket generation message ciphertext { respsm|mac_respsm } Kab to the application IC card M.
Step 4, using IC card M to obtain total bill
After receiving a first bill generation message ciphertext { RESPsm|MAC_RESPsm } Kab from an application server S, taking out a second communication key Kab' to decrypt the first bill generation message ciphertext { RESPsm|MAC_RESPsm } Kab, carrying out message authentication on a first bill generation message authentication code MAC_RESPsm, analyzing the first bill generation message RESPsm if the message authentication is successful, further obtaining a first bill generation message RESPsm by using an IC card M, namely IDM|IDC||Sigma { TICET } parameter values, obtaining a total bill Sigma { TICKET } and storing the total bill Sigma { TICKET } in an application IC card key fob.
Step 5, near field communication between the application IC card M and the application terminal C
And 5.1, the application IC card M extracts the sub-TICKET, extracts the corresponding serial number by the own address, further calculates the random number rm 'of the application IC card, wherein the random number rm' of the application IC card is the fourth random number of the application IC card, and enables the application IC card to be combined with a communication key table to obtain a fifth communication key Km between the application IC card M and the application server S, the fifth communication key Km decrypts the sub-TICKET TICKET, a trusted session key Kmc is obtained, a first near-field communication authentication code is formed by using the session key Kmc, and a first near-field communication message containing the first near-field communication authentication code is transmitted to the application terminal C.
The method specifically comprises the following steps:
and 5.1.1, the application IC card M takes out a first sub-bill TICKET from the total bill sigma { TICKET }, wherein the sub-bill TICKET records the position parameter k of the information of the application IC card M of the paired person, the second random number rs of the application server, the application IC card bill Tm and the application terminal bill Tc from a serial number pool of the application terminal C, and the sub-bill is expressed as { k|rs|Tm|Tc }.
Step 5.1.2 applying the IC card M to obtain a fourth random number rm 'of the applied IC card'
The application IC card M takes out the serial number SQNM of the corresponding application IC card according to the address IDM of the application IC card;
Obtaining the public key pointer N of the application IC card according to the serial number SQNM of the application IC card SQNM Obtaining the public key pointer N of the application IC card SQNM The method of (1) comprises: randomly selecting a number value in the application IC card address IDM as the public key pointer N of the application IC card M by using the serial number SQNM of the application IC card M SQNM ;
Public key pointer N according to application IC card M SQNM Public key PKM for taking out application IC card M SQNM The fourth random number rm' =kh (SQNM, PKM SQNM )。
Step 5.1.3 obtaining a fifth communication Key Km between the application IC card M and the application Server S
According to the fourth random number rm' of the application IC card and the second random number rs of the application server analyzed from the TICKET, a corresponding application IC card private key pointer and an application server private key pointer can be obtained through calculation, and then a fifth communication key Km between the application IC card M and the application server S can be obtained through checking a communication key table;
step 5.1.4 validates the session key Kmc.
And decrypting the application IC card bill Tm in the sub-bill TICKET by using a fifth communication key Km between the application IC card M and the application server S, wherein Tm is { Kmc I IDC I rm } Km, and obtaining a session key Kmc and a third random number rm of the application IC card. The decrypted third random number rm of the application IC card is compared with the fourth random number rm ' of the application IC card calculated by the application IC card M to confirm whether the third random number rm ' of the application IC card is equal to the fourth random number rm ' of the application IC card, and the session key Kmc is confirmed.
Step 5.1.5 constructs a first short-range communication authentication code MACmc using the session key Kmc, the third random number rm of the application IC card, the first random rc of the application terminal, and the address IDM of the application IC card.
The specific formula is as follows: MACmc = MAC (Kmc, rm rc IDM;
wherein the random rc of the application terminal is that the application IC card M takes out the sequence number SQN value of the application terminal C, namely the sequence number SQNC, according to the address IDC of the application terminal, and obtains the public key pointer N of the application terminal C according to the sequence number SQNC SQNC In which the public key pointer N of the application terminal C is obtained SQNC The method of (1) comprises: randomly selecting a numerical value in an address IDC of an application terminal C as a public key pointer N of the application terminal C by using a serial number SQNC of the application terminal C SQNC . Using public key pointers of application terminals CN SQNC Taking out public key PKM of application terminal C SQNC The random number rc=kh (SQNC, PKM) of the application terminal C is calculated SQNC )。
And 5.1.6, the application IC card M sends a first near field communication message IDC I IDM I k I rs I Tc I MACMc to the application terminal C.
The first near field communication message idc|idm|k|rs|tc|macmc is composed of an address IDC of an application terminal, an address IDM of an application IC card, a position parameter k of information of a partner application IC card M recorded in a serial number pool of the application terminal C, a second random number rs of an application server, an application terminal ticket Tc and a first near field communication authentication code MACmc.
Step 5.2 application terminal C acknowledges session key Kmc
Receiving a first near field communication message sent by an application IC card, wherein the first near field communication message consists of an address of an application terminal, the address of the application IC card, a position parameter of a serial number pool of the application terminal for recording information of the application IC card M, a second random number of an application server, an application terminal bill and a first near field communication authentication code;
and extracting a serial number of the application terminal by combining the position parameter with the application terminal serial number pool to obtain a second random number of the application terminal, extracting a sixth communication key by combining the application terminal second random number with the application server second random number with the communication key table, decrypting the application terminal bill by using the sixth communication key, and further obtaining a trusted session key to realize near field communication.
The method comprises the following specific steps:
step 5.2.1, the application terminal C receives the first short-range communication message IDC, k, rs, tc, MACmc from the application IC card M.
Step 5.2.2 confirms the session key Kmc and transmits the third near field communication authentication code containing the session key Kmc to the application IC card M.
The k-th unit of the serial number pool of the application terminal C is found by using the position parameter k of the serial number pool record partner application IC card M information, there are cases as follows:
If the k unit of the serial number pool of the application terminal C has the information of the paired person, namely the information of the application IC card M, checking whether the information of the application IC card M, namely the ID value is equal to the address IDM of the application IC card M; if the k-th element of the sequence number pool of the application terminal C does not have the partner information, there is no operation. When the k-th unit has the information of the paired person, the k-th unit of the sequence number pool of the application terminal C is utilized to take out the sequence number SQNCk of the application terminal C, the second random number rc 'of the application terminal C is calculated, the second random number rc' of the application terminal C and the second random number rs of the application server are utilized to calculate and obtain the corresponding application terminal private key pointer, the application server private key pointer and then the communication key Kc between the application terminal C and the application server S is obtained by looking up the communication key table, and the communication key Kc between the application terminal C and the application server S is named as a sixth communication key. Using a communication key between the application terminal C and the application server S Kc decrypts the application terminal ticket Tc i.e { Kmc |idm||rc } Kc, the session key Kmc and the first random number rc of the application terminal C can be obtained. The decrypted first random number rc of the application terminal C and the second random number rc 'of the application terminal C calculated by the application terminal C are compared to confirm whether the first random number rc and the second random number rc' are equal, and the session key Kmc is confirmed.
The application terminal C forms a second short-distance communication authentication code MACmc' by using the session key Kmc, the random rm of the application IC card, the random rc of the application terminal obtained by decryption, and the information ID of the application IC card M, and the specific formula is as follows: MACmc' =mac (Kmc, rm rc ID; wherein the random number rm of the application IC card is a sequence number SQNM which is a sequence number SQN value of the application IC card M is extracted by the application terminal C according to the address IDM of the application IC card, and a public key pointer N of the application IC card M is obtained according to the sequence number SQNM SQNM In which a public key pointer N of an application IC card M is obtained SQNM The method of (1) comprises: randomly selecting a number value in the application IC card address IDM as the public key pointer N of the application IC card M by using the serial number SQNM of the application IC card SQNM . Public key pointer N using application IC card M SQNM Public key PKM for taking out application IC card M SQNM Calculating to obtain random number rm=kh (SQNM, PKM SQNM )。
The application terminal C compares the calculated second close range communication authentication code MACMC 'with the first close range communication authentication code MACMC obtained by decrypting the first close range communication message, if the calculated second close range communication authentication code MACMC' and the first close range communication authentication code MACMC are equal, the ID is trusted, and the information ID of the application IC card M is equal to the address ID of the application IC card M.
If the k unit of the sequence pool does not have the partner information, the information of the partner application IC card M, namely the application IC card address IDM, is recorded at the k position of the sequence pool of the application terminal C.
The sequence number SQNCk of the application terminal C is self-added, that is, sqnck=sqnck+1, and the session key Kmc, the random number rm of the application IC card M, and the random number rc of the application terminal C are used to obtain the third close-range communication authentication code MACcm, which has the specific formula: maccm=mac (Kmc, rm||rc), the application terminal C transmits the second short-range communication message IDC IDM MACcm to the application IC card M.
And 5.3, the application IC card M performs identity authentication with the application terminal C by using the own side session key, and after the authentication is passed, the two parties perform secure communication by using the session key Kmc as an encryption key.
After receiving the second near field communication message IDC IDM MACcm from the application terminal C, the application IC card M obtains a fourth near field communication authentication code MACcm' by using the own session key Kmc, the random number rm of the application IC card M, and the random number rc of the application terminal C, and the specific formula is as follows: MACcm '=mac (Kmc, rm||rc), compares the calculated fourth close range communication authentication code MACcm' with the third close range communication authentication code MACcm from the application terminal C, if equal, the application terminal C is trusted. The parties may use session key Kmc as an encryption key for secure communications. Finally, performing self-adding operation on the sequence number SQNCk of the application terminal C, namely sqnck=sqnck+1. After the application IC card M completes the authentication and key negotiation process with the application terminal C, deleting the local current first sub-bill TICKET, and taking the next sub-bill TICKET as the new current first sub-bill TICKET.
The utility model provides an anti quantum computing application system near field energy saving communication system based on key fob and serial number, is applied to above-mentioned anti quantum computing application system near field energy saving communication method based on key fob and serial number, anti quantum computing application system include application server and with at least one application client of application server communication connection, the application client includes application terminal and application IC card, each member of anti quantum computing application system is furnished with the key fob that contains the serial number pond, the serial number pond includes serial number and paired person, the serial number pond of application server still contains application server serial number pond, application terminal serial number pond and application IC card serial number pond, application terminal and the application IC card is through trusted session key near field communication, wherein:
the application IC card is used for authenticating the identity of the application server, sending a first bill request message ciphertext to the application server, encrypting a first bill request parameter by a communication key, wherein the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills, and receiving an application total bill to acquire a session key to realize close-range communication with the application terminal;
The application server is used for receiving the ciphertext of the first bill request message, decrypting the ciphertext by using the first communication key to obtain a first request parameter, wherein the first request parameter comprises an application IC card address, an application terminal address and the number of application bills, checking whether information matched with the application IC card exists in a serial number pool of an application terminal stored in an application server key card, extracting a position parameter of the serial number pool of the application terminal for recording the information of the application IC card, extracting a third random number of the application IC card and the first random number of the application terminal by combining the position parameter and the application IC card address with the serial number pool in the application server key card, calculating and obtaining a corresponding communication key by using the third random number of the application IC card/the first random number of the application terminal and the second random number of the server, encrypting the session key respectively by using the communication key to obtain an application IC card bill and an application terminal bill, forming a plurality of sub-forming bills, and transmitting the sub-forming bills to the application IC card;
the application terminal is used for receiving the first near field communication message sent by the application card, extracting the serial number of the application terminal by using the position parameter and combining the serial number pool of the application terminal to obtain the second random number of the application terminal, extracting the sixth communication key by using the second random number of the application terminal and the second random number of the application server and combining the communication key table, decrypting the application terminal bill by using the sixth communication key and further obtaining the trusted session key to realize near field communication.
A computer device includes a processor, a memory, and a memory connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The nonvolatile storage medium stores an operating system and a computer program. And the processor of the computer equipment realizes the steps of any quantum-resistant computing application system near-field energy-saving communication method based on the key fob and the serial number when executing the computer program.
The key fob is an identity authentication and encryption and decryption product combining cryptography technology, hardware security isolation technology and quantum physics technology (in the case of carrying a quantum random number generator). The embedded chip and the operating system of the key fob can provide the functions of secure storage of keys, cryptographic algorithms, and the like. Because of its independent data processing capability and good security, the key fob becomes a secure carrier for private keys and key pools. Each key fob may be protected by a hardware PIN code, which forms two necessary factors for the user to use the key fob, namely so-called "two-factor authentication", and the user may log into the system only by simultaneously obtaining the key fob and the user PIN code, which have stored the relevant authentication information. Even if the PIN code of the user is revealed, the identity of the legal user cannot be imitated as long as the key fob held by the user is not stolen; if the key fob of the user is lost, the pick-up cannot impersonate the identity of the legitimate user because the user PIN code is not known. In a word, the key fob makes the secret information such as the key not appear in the disk and the memory of the host in a plaintext form, thereby effectively ensuring the safety of the secret information.
The application system members are all provided with key fobs, the key fobs are independent hardware devices, and the possibility of stealing the key by malicious software or malicious operations is greatly reduced. Meanwhile, each member utilizes the public key of quantum computing resistant disclosed by the sharing user side and combines the asymmetric key pool to extract the public key of the member of the required application system, and the public key of the member of the application system is stored in the key fob, so that the quantum computer cannot obtain the public key of the user and further cannot obtain the corresponding private key, and therefore the risk of being cracked by the quantum computer is reduced.
The low-power consumption application terminal and the application IC card do not use public keys and private keys for calculation, and can obtain a shared key for encrypted communication with the application server only by looking up a table, so that the calculation amount is small and the speed is high; and can save energy for the device and prolong the service time of the battery of the application terminal and the application IC card.
The application server serving as the communication center does not need to store a plurality of large-capacity symmetric key pools, and only needs to store a plurality of groups of public key pools, so that the storage space of the application server is greatly saved. According to the above embodiment, when the application server newly adds the nth application terminal, according to the symmetric key pool method, the same key amount as the nth application terminal, that is, m×n, needs to be newly stored; only the key quantity of the public key pool corresponding to the Nth application terminal needs to be newly increased and stored, namely N, and the newly increased key quantity is greatly reduced. The above-described embodiments thus save significantly the storage space of the application server.
The Diffie-Hellman protocol used in the above described embodiments may also be replaced by its elliptic version, i.e. ECDH (Elliptic Curve Diffie-Hellman), with the same effect.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
Claims (9)
1. The quantum computing application system comprises an application server and at least one application client in communication connection with the application server, wherein the application client comprises an application terminal and an application IC card and is implemented on the application IC card, and the quantum computing application system is characterized in that the application IC card is provided with a key card comprising an application IC card serial number pool, the serial number pool comprises a serial number and paired information, the application IC card realizes near field communication with the application terminal by using a trusted session key, and the trusted session key obtaining step comprises the following steps:
The method comprises the steps of authenticating identity of an application server, and confirming that a first communication key generated by the application server is equal to a second communication key generated by an application IC card, wherein the first communication key is generated by calculating a random number extracted by using an application IC card address and a server random number; the second communication key is searched by combining the application IC card address with the random number extracted from the application IC card serial number pool and the server random number with a communication key table; the method comprises the steps of sending a first bill request message ciphertext to an application server, wherein the first bill request message ciphertext is obtained by encrypting a first bill request parameter by a second communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
receiving and storing a total bill sent by an application server, wherein the total bill consists of a plurality of sub-bills, the number of the sub-bills is the number of application bills, each sub-bill comprises an application IC card bill, an application terminal bill, a server second random number and a serial number pool of an application terminal, and position parameters of application IC card information are recorded, wherein the application IC card bill and the application terminal bill both comprise session keys encrypted by communication keys, and the communication keys comprise a third communication key between the application server and the application IC card and a fourth communication key between the application server and the application terminal; the third communication key/the fourth communication key is obtained by calculating the third random number of the application IC card/the first random number of the application terminal and the second random number of the server, wherein the third random number of the application IC card/the first random number of the application terminal are extracted through respective addresses;
Extracting the sub-bill, extracting the corresponding serial number by the own address to calculate a random number, and obtaining a fifth communication key by combining the random number with a communication key table, wherein the fifth communication key decrypts the application IC card bill to obtain a session key;
the method comprises the steps that a first near field communication message is sent to an application terminal, the first near field communication message comprises a sequence number pool of the application terminal, the position parameter of application IC card information is recorded, the application terminal extracts a sequence number according to the position parameter, a sixth communication key is obtained by combining the sequence number with a communication key table, and further the conversation key is confirmed to realize near field communication;
the communication key is generated for the application server, and the generation method comprises the following steps:
extracting an application IC card public key, an application terminal public key and an application server private key by utilizing the random number of the application IC card, the random number of the application terminal and the random number of the application server in combination with a pointer function, and respectively calculating and generating a corresponding communication key by utilizing the application IC card public key and the application terminal public key and the application server private key in combination with corresponding algorithms;
the communication key is generated for the application IC card, and the generation method comprises the following steps:
extracting corresponding private key pointers by combining the random numbers of the application IC card and the random numbers of the application server with pointer functions respectively, and extracting corresponding communication keys by combining the private key pointers with a communication key table;
The communication key is generated for the application terminal, and the generation method comprises the following steps:
and respectively extracting corresponding private key pointers by combining the random numbers of the application terminal and the random numbers of the application server with pointer functions, and extracting corresponding communication keys by combining the private key pointers with a communication key table.
2. The quantum computing application system comprises an application server and at least one application client which is in communication connection with the application server, wherein the application client comprises an application terminal and an application IC card and is implemented in the application server, the quantum computing application system is characterized in that the application server is provided with a key fob comprising a sequence number pool, the sequence number pool comprises a sequence number and a counterpart, the sequence number pool comprises an application server sequence number pool, an application terminal sequence number pool and an application IC card sequence number pool, the application server is used for distributing a total bill to realize the short-distance communication between the application IC card and the application terminal through a trusted session key, and the application server distributing the total bill comprises the following steps:
confirming that a first communication key generated by an application server is equal to a second communication key generated by an application IC card with the identity authentication of the application IC card, wherein the first communication key is generated by calculating a random number extracted by using an address of the application IC card and a server random number; the second communication key is searched by combining the random number extracted by the application IC card address with the server random number and a communication key table;
Receiving a first bill request message ciphertext, and decrypting the first bill request message ciphertext by using a first communication key to obtain a first request parameter, wherein the first bill request message ciphertext is obtained by encrypting the first bill request parameter by using a second communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
checking whether information matched with an application IC card exists in a sequence number pool of an application terminal stored in an application server key card, extracting the sequence number of the application terminal, obtaining a first random number of the application terminal by using the sequence number, respectively obtaining corresponding communication keys by combining a third random number of the application IC card with a first random number of the application terminal and a second random number of the server, respectively encrypting a session key by using the communication keys so as to obtain an application IC card bill and an application terminal bill, and recording position parameters of the information of the application IC card in each sequence number pool containing the application IC card bill, the application terminal bill, the second random number of the server and the application terminal to form sub-bills, and forming a total bill by a plurality of sub-bills and sending the total bill to the application IC card;
the communication key is generated for the application server, and the generation method comprises the following steps:
extracting an application IC card public key, an application terminal public key and an application server private key by utilizing the random number of the application IC card, the random number of the application terminal and the random number of the application server in combination with a pointer function, and respectively calculating and generating a corresponding communication key by utilizing the application IC card public key and the application terminal public key and the application server private key in combination with corresponding algorithms;
The communication key is generated for the application IC card, and the generation method comprises the following steps:
extracting corresponding private key pointers by combining the random numbers of the application IC card and the random numbers of the application server with pointer functions respectively, and extracting corresponding communication keys by combining the private key pointers with a communication key table;
the communication key is generated for the application terminal, and the generation method comprises the following steps:
and respectively extracting corresponding private key pointers by combining the random numbers of the application terminal and the random numbers of the application server with pointer functions, and extracting corresponding communication keys by combining the private key pointers with a communication key table.
3. An anti-quantum computing application system near-field energy-saving communication method based on a key fob and a serial number, wherein the anti-quantum computing application system comprises an application server and at least one application client in communication connection with the application server, the application client comprises an application terminal and an application IC card and is implemented on the application terminal, the method is characterized in that the application terminal is provided with the key fob comprising an application terminal serial number pool, the application terminal serial number pool comprises a serial number and a paired person, the application terminal and the application IC card are communicated near-field through a trusted session key, and the trusted session key acquisition step comprises the following steps:
Transmitting an application terminal address to the application IC card, and acquiring a total bill after identity authentication of the application IC card and an application server, wherein the total bill comprises a sub bill formed by the application IC card bill, the application terminal bill, a second random number of the server and a position parameter of a serial number pool of the application terminal for recording information of the application IC card;
receiving a first near field communication message sent by an application IC card, wherein the first near field communication message consists of an address of an application terminal, the address of the application IC card, a position parameter of a serial number pool of the application terminal for recording information of the application IC card, a second random number of an application server, an application terminal bill and a first near field communication authentication code;
extracting a serial number of the application terminal by combining the position parameter with the application terminal serial number pool to obtain a second random number of the application terminal, extracting a sixth communication key by combining the application terminal second random number with the application server second random number with the communication key table, decrypting an application terminal bill by using the sixth communication key, and further obtaining a trusted session key to realize near field communication;
the communication key is generated for the application server, and the generation method comprises the following steps:
Extracting an application IC card public key, an application terminal public key and an application server private key by utilizing the random number of the application IC card, the random number of the application terminal and the random number of the application server in combination with a pointer function, and respectively calculating and generating a corresponding communication key by utilizing the application IC card public key and the application terminal public key and the application server private key in combination with corresponding algorithms;
the communication key is generated for the application IC card, and the generation method comprises the following steps:
extracting corresponding private key pointers by combining the random numbers of the application IC card and the random numbers of the application server with pointer functions respectively, and extracting corresponding communication keys by combining the private key pointers with a communication key table;
the communication key is generated for the application terminal, and the generation method comprises the following steps:
and respectively extracting corresponding private key pointers by combining the random numbers of the application terminal and the random numbers of the application server with pointer functions, and extracting corresponding communication keys by combining the private key pointers with a communication key table.
4. The utility model provides an anti quantum computing application system near field energy saving communication method based on key fob and serial number, is implemented in anti quantum computing application system, and anti quantum computing application system includes application server and at least one application client end of being connected with application server communication, application client end includes application terminal and application IC card, characterized in that, each member of anti quantum computing application system is furnished with the key fob that contains the serial number pond, the serial number pond includes serial number and counterparty, the serial number pond of application server still contains application server serial number pond, application terminal serial number pond and application IC card serial number pond, application terminal and application IC card pass through trusted session key near field communication, trusted session key obtains the step and includes:
The method comprises the steps of authenticating identities of an application IC card and an application server, and confirming that a first communication key generated by the application server is equal to a second communication key generated by the application IC card, wherein the first communication key is generated by calculating a random number extracted by using an address of the application IC card and a server random number; the second communication key is searched by combining the random number extracted by the application IC card address with the server random number and a communication key table;
the application IC card sends a first bill request message ciphertext to the application server, the first bill request message ciphertext is obtained by encrypting a first bill request parameter by a second communication key, and the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills;
the application server receives the first bill request message ciphertext and decrypts the first bill request message ciphertext by using the first communication key to obtain a first request parameter;
the application server checks whether information matched with the application IC card exists in a sequence number pool of an application terminal stored in a key card of the application server, extracts the sequence number of the application terminal, obtains a first random number of the application terminal by using the sequence number, respectively obtains a corresponding communication key by combining a third random number of the application IC card and the first random number of the application terminal with a second random number of the server, respectively encrypts a session key by using the communication key so as to obtain an application IC card bill and an application terminal bill, and each position parameter containing the information of the application IC card, the application terminal bill, the second random number of the server and the sequence number pool of the application terminal forms a sub bill, and a plurality of sub bills form a total bill and are sent to the application IC card;
The method comprises the steps that an application IC card receives and stores a total bill sent by an application server, wherein the total bill consists of a plurality of sub-bills, and the number of the sub-bills is the number of application bills;
the application IC card extracts the sub-bill and extracts the corresponding serial number according to the own address to calculate a random number, a fifth communication key is obtained by combining the random number with a communication key table, and the fifth communication key decrypts the application IC card bill to obtain a session key;
the application IC card sends a first short-range communication message to the application terminal, wherein the first short-range communication message comprises a serial number pool of the application terminal for recording the position parameter of the information of the application IC card;
the application terminal extracts a serial number according to the position parameter, and obtains a sixth communication key by combining the serial number with a communication key table, so as to confirm the session key to realize near field communication;
the communication key is generated for the application server, and the generation method comprises the following steps:
extracting an application IC card public key, an application terminal public key and an application server private key by utilizing the random number of the application IC card, the random number of the application terminal and the random number of the application server in combination with a pointer function, and respectively calculating and generating a corresponding communication key by utilizing the application IC card public key and the application terminal public key and the application server private key in combination with corresponding algorithms;
The communication key is generated for the application IC card, and the generation method comprises the following steps:
extracting corresponding private key pointers by combining the random numbers of the application IC card and the random numbers of the application server with pointer functions respectively, and extracting corresponding communication keys by combining the private key pointers with a communication key table;
the communication key is generated for the application terminal, and the generation method comprises the following steps:
and respectively extracting corresponding private key pointers by combining the random numbers of the application terminal and the random numbers of the application server with pointer functions, and extracting corresponding communication keys by combining the private key pointers with a communication key table.
5. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of claim 1 when executing the computer program.
6. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of claim 2 when the computer program is executed.
7. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of claim 3 when the computer program is executed.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of claim 4 when the computer program is executed.
9. An anti-quantum computing application system based on a key fob and a serial number, the anti-quantum computing application system comprises an application server and at least one application client in communication connection with the application server, the application client comprises an application terminal and an application IC card, the anti-quantum computing application system is characterized in that each member of the anti-quantum computing application system is provided with a key fob comprising a serial number pool, the serial number pool comprises a serial number and a paired person, the serial number pool of the application server also comprises an application server serial number pool, an application terminal serial number pool and an application IC card serial number pool, and the application terminal and the application IC card communicate in a short distance through a trusted session key, wherein:
the application IC card is used for authenticating the identity of the application server, sending a first bill request message ciphertext to the application server, wherein the first bill request message ciphertext is obtained by encrypting a first bill request parameter by a communication key, the first bill request parameter comprises an application IC card address, an application terminal address and the number of application bills, and receiving an application total bill acquisition session key to realize near-field communication with the application terminal;
The application server is used for receiving a first bill request message ciphertext, decrypting by using a first communication key to obtain a first request parameter, wherein the first request parameter comprises an application IC card address, an application terminal address and the number of application bills, checking whether information matched with the application IC card exists in a serial number pool of an application terminal stored in an application server key card, extracting an application terminal serial number, obtaining an application terminal first random number by using the serial number, respectively obtaining a corresponding communication key by combining an application IC card third random number and an application terminal first random number with a server second random number, respectively encrypting a session key by using the communication key to obtain an application IC card bill and an application terminal bill, forming sub-bills by using position parameters which respectively comprise the application IC card bill, the application terminal bill, the server second random number and the serial number pool of the application terminal record information of the application IC card, forming a total bill by using the plurality of sub-bills and sending the total bill to the application IC card;
the application terminal is used for receiving the first near field communication message sent by the application IC card, extracting the serial number of the application terminal by using the position parameter and the application terminal serial number pool to obtain the second random number of the application terminal, extracting the sixth communication key by using the second random number of the application terminal and the second random number of the application server and the communication key table, decrypting the application terminal bill by using the sixth communication key and further obtaining the trusted session key to realize near field communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910400861.1A CN110224816B (en) | 2019-05-15 | 2019-05-15 | Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910400861.1A CN110224816B (en) | 2019-05-15 | 2019-05-15 | Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110224816A CN110224816A (en) | 2019-09-10 |
| CN110224816B true CN110224816B (en) | 2023-09-05 |
Family
ID=67821232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910400861.1A Active CN110224816B (en) | 2019-05-15 | 2019-05-15 | Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110224816B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113950049B (en) * | 2021-09-28 | 2023-10-03 | 天翼物联科技有限公司 | Quantum security method, system, device and medium of Internet of things based on SIM card |
| CN114155632B (en) * | 2021-11-30 | 2023-10-31 | 深圳市同创新佳科技有限公司 | Method for distributing encryption communication keys of networking hotel electronic door locks |
| CN114095183B (en) * | 2022-01-23 | 2022-05-03 | 杭州字节信息技术有限公司 | Client dual authentication method, terminal equipment and storage medium |
| CN115296847B (en) * | 2022-07-06 | 2024-02-13 | 杭州涂鸦信息技术有限公司 | Flow control method, flow control device, computer equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003132253A (en) * | 2001-10-22 | 2003-05-09 | Kddi Corp | Service reservation and provision method for mutually authenticating using tickets, program thereof, and recording medium recording the program |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
-
2019
- 2019-05-15 CN CN201910400861.1A patent/CN110224816B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003132253A (en) * | 2001-10-22 | 2003-05-09 | Kddi Corp | Service reservation and provision method for mutually authenticating using tickets, program thereof, and recording medium recording the program |
| WO2018076365A1 (en) * | 2016-10-31 | 2018-05-03 | 美的智慧家居科技有限公司 | Key negotiation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110224816A (en) | 2019-09-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220094545A1 (en) | Low power encryption in motion | |
| Namasudra et al. | Time efficient secure DNA based access control model for cloud computing environment | |
| US6535980B1 (en) | Keyless encryption of messages using challenge response | |
| CN105871869B (en) | Hash function and false identity anonymous bidirectional authentication method are based in mobile social networking | |
| CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
| CN110224816B (en) | Anti-quantum computing application system based on key fob and serial number, near-field energy-saving communication method and computer equipment | |
| CN109728906B (en) | Anti-quantum-computation asymmetric encryption method and system based on asymmetric key pool | |
| CN110380845B (en) | Quantum secret communication alliance chain transaction method, system and equipment based on group symmetric key pool | |
| CN109921905B (en) | Anti-quantum computation key negotiation method and system based on private key pool | |
| CN109951513B (en) | Quantum-resistant computing smart home quantum cloud storage method and system based on quantum key card | |
| CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
| CN111416715A (en) | Quantum secret communication identity authentication system and method based on secret sharing | |
| CN110213056B (en) | Anti-quantum computing energy-saving communication method and system and computer equipment | |
| CN114125833A (en) | Multi-factor authentication key agreement method for intelligent equipment communication | |
| CN111404664A (en) | Quantum secret communication identity authentication system and method based on secret sharing and multiple mobile devices | |
| Guo et al. | A Secure and Efficient Mutual Authentication and Key Agreement Protocol with Smart Cards for Wireless Communications. | |
| CN110380859B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool pair and DH protocol | |
| CN113225302A (en) | Data sharing system and method based on proxy re-encryption | |
| CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
| CN102594551A (en) | Method for reliable statistics of privacy data on radio frequency identification (RFID) tag | |
| CN111245609A (en) | Secret sharing and random number based quantum secret communication key distribution and negotiation system and method thereof | |
| CN110266483B (en) | Quantum communication service station key negotiation method, system and device based on asymmetric key pool pair and QKD | |
| CN110430047B (en) | Anti-quantum computing energy-saving equipment key negotiation method and system based on asymmetric key and MQV | |
| CN110519214B (en) | Application system short-distance energy-saving communication method, system and equipment based on online and offline signature and auxiliary verification signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |