CN111865564A

CN111865564A - IPSec communication establishing method and system

Info

Publication number: CN111865564A
Application number: CN202010746781.4A
Authority: CN
Inventors: 孙希发
Original assignee: Beijing Inspur Data Technology Co Ltd
Current assignee: Beijing Inspur Data Technology Co Ltd
Priority date: 2020-07-29
Filing date: 2020-07-29
Publication date: 2020-10-30

Abstract

The application discloses a method for establishing IPSec communication, which comprises the following steps: selecting encryption parameter information and an encryption key through information exchange with a response end; after generating a public and private key pair of an initiating end, sending a certificate generation request to a CA; generating first data through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key and combining identity information of an initiating terminal; obtaining a first digital signature after encryption by using an initiator private key and sending the first digital signature to a response end so that the response end verifies the first digital signature based on CerTA after acquiring the CerTA from CA; and when receiving the second digital signature sent by the response end, acquiring CertB from the CA to verify the second digital signature, and after the second digital signature passes the verification, performing negotiation establishment of IPSec SA to complete establishment of IPSec communication. By applying the scheme of the application, the bandwidth is saved. The application also provides an IPSec communication establishing system which has corresponding effects.

Description

IPSec communication establishing method and system

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method and a system for establishing IPSec communication.

Background

With the rapid development of communication infrastructure construction and internet technology, various industries increase the flow speed of company information by means of the internet technology, and improve comprehensive competitiveness. VPN is the mainstream cryptographic communication protocol in the industry at present to solve secure interconnection between different networks. The IPSec VPN has a high utilization rate in the current VPN technology, and IPSec (Internet protocol security) works in a network layer, and protects and authenticates IP packets between devices participating in IPSec. IPSec is not tied to any particular encryption or authentication algorithm, key technology, or security algorithm and is a framework for open standards, so IPSec can be applied to a variety of algorithms without modifying existing IPSec standards.

IPSec provides data confidentiality, integrity, and authentication of origin for participating peers at the IP layer, and may provide a secure path between a pair of gateways, a pair of hosts, or a gateway and a host. IPSec provides mainly four functions: confidentiality, which means that the sender can encrypt the data packet before transmitting it over the network. Data integrity, means that the recipient can confirm that the data was not altered in any way while being transmitted over the Internet. Origin authentication, which refers to the fact that a receiver can authenticate the origin of a data packet, guarantee and prove the validity of the origin of information, can be used to authenticate peers at both ends of a tunnel during the initialization process of VPN tunnel establishment. Anti-replay protection ensures that each packet is unique and not duplicated.

SA (Security Association) is one of the most important concepts in IPSec. It provides necessary algorithm identification and algorithm related parameter for authentication and encryption processing of IP message in communication. Parameters such as encryption algorithm, key, mode and the like required in subsequent communication are stored in the SA, so that the establishment of the SA is a necessary precondition in IPSec communication. IKE (Internet Key Exchange protocol) is a protocol that establishes SA security attributes between IPSec communication endpoints, and allows dynamic Exchange and negotiation of SAs between IPSec communication endpoints, and by using IKE, SAs can be dynamically established and deleted within the negotiation time. In practice, the safer IKEv1 is usually adopted. The communication process of IKEv1 may be divided into two phases, phase 2 being an IKE SA negotiation and an IPSec SA negotiation. The SA negotiation of phase 1 is to protect the IKE communications and the SA negotiation of phase 2 is to protect the IPSec communications. Phase 1 of IKEv1 typically employs a master mode that is more secure for authentication.

Fig. 1 is a communication flow diagram of IKEv1 phase 1, showing (i) an initiator sending a proposed set of encryption parameters to a responder. Secondly, the responder selects adaptive local parameters and replies confirmation information to the initiator. And thirdly, the initiator sends Diffie-Hellman exchange information to the responder. Fourthly, the responder replies Diffie-Hellman exchange information to the initiator. So far, both communication parties can generate consistent authentication key and encryption key, and the subsequent fifthly and sixthly can exchange data in an encryption connection mode. The initiator sends encrypted identity authentication information and hash information to finish origin authentication and verify data integrity. Sixthly, the responder replies identity authentication information and hash information to finish origin authentication and data integrity verification of the responder.

Currently, the mainstream methods for performing origin authentication include pre-shared key and RSA signature. The pre-shared key is easy to configure manually, but does not scale well, and distribution of the pre-shared key is difficult to guarantee confidentiality.

Using RSA signatures, the hash number hash _ I and hash number hash _ R are used not only for authentication, but also for digital signatures. Specifically, the authentication key and the identity information are sent to a hash algorithm from the local of the initiator, and a hash _ I is formed through operation. And then encrypting the hash _ I by using a local private key to obtain a digital signature. The digital signature needs to be sent to the remote end together with the digital certificate, and the public key for decrypting the digital signature is included in the digital certificate. The authentication of the initiator by the peer at the remote end, i.e. the responder, is divided into two steps. First, the public key included in the digital certificate is used to decrypt the digital signature, and hash _ I is generated. And then, the responder independently generates a hash _ I according to the storage information, and if the independently generated hash _ I is equal to the hash _ I obtained by decryption, the initiator obtains the authentication of the response end. Then the authentication process will be in the opposite direction, i.e. the responder needs to get the authentication of the initiator, in the same way as the process of # v.

However, each time a session of IPSec communication is established, the digital certificates need to be exchanged once, which consumes network bandwidth. For example, sessions of IPSec communication need to be established many times a day, and the number of endpoints in practical applications is also large, which makes the consumption of network bandwidth more obvious.

In summary, how to effectively establish IPSec communication and reduce the consumption of network bandwidth is a technical problem that needs to be solved by those skilled in the art.

Disclosure of Invention

The invention aims to provide a method and a system for establishing IPSec communication, which are used for effectively establishing the IPSec communication and reducing the consumption of network bandwidth.

In order to solve the technical problems, the invention provides the following technical scheme:

an IPSec communication establishing method is applied to an initiating end and comprises the following steps:

determining selected encryption parameter information and an encryption key through information exchange with a response end;

after generating a public and private key pair of an initiator, sending a certificate generation request to a CA (certificate Authority) so that the CA generates a digital certificate Certa based on public key information of the initiator;

generating first data through a first algorithm by using an authentication key consisting of the encryption parameter information and the encryption key and combining identity information of an initiating terminal;

encrypting the first data by using an initiator private key to obtain a first digital signature, and sending the first digital signature to the response end so that the response end verifies the first digital signature based on the digital certificate CertA after obtaining the digital certificate CertA from the CA;

when a second digital signature sent by a response end is received, a digital certificate certB based on public key information of the response end is obtained from CA, and the second digital signature is verified based on the digital certificate certB;

after the second digital signature passes verification, performing negotiation establishment of IPSec SA to complete establishment of IPSec communication;

the second digital signature is obtained by encrypting second data by using a response end private key by the response end, and the second data is generated by the response end through a first algorithm by using an authentication key consisting of the encryption parameter information and the encryption key and combining identity information of the response end.

Preferably, the method further comprises the following steps:

obtaining a pseudo-random number nA generated by an initiating terminal and a pseudo-random number nB generated by a responding terminal through information exchange with the responding terminal;

correspondingly, the generating the first data by the first algorithm by using the authentication key composed of the encryption parameter information and the encryption key and combining the identity information of the originating terminal includes:

generating first data through a first algorithm by using an authentication key consisting of the encryption parameter information, the encryption key, the pseudo-random number nA and the pseudo-random number nB and combining identity information of an initiating terminal;

the second data is generated by the response end through a first algorithm by using an authentication key consisting of the encryption parameter information, the encryption key, the pseudo-random number nA and the pseudo-random number nB and combining identity information of the response end.

Preferably, the obtaining of the pseudo-random number nA generated by the initiator and the pseudo-random number nB generated by the responder through information exchange with the responder includes:

generating and storing a pseudo-random number nA, encrypting and sending the pseudo-random number nA to a response end so as to enable the response end to store the pseudo-random number nA;

receiving a pseudo-random number nB generated, stored and encrypted and sent by a response end;

the pseudo random number nB is saved.

Preferably, the determining the selected encryption parameter information and the encryption key through information exchange with the response end includes:

sending a group of suggested encryption parameters to a response end, and determining selected encryption parameter information according to feedback information of the response end;

the encryption key is determined by a Diffie-Hellman exchange with the responding peer.

Preferably, the identity information of the responding end is the device information of the responding end, the identity information of the initiating end is the device information of the initiating end, and the first algorithm is a hash algorithm.

An IPSec communication establishing method is applied to a response end and comprises the following steps:

determining selected encryption parameter information and an encryption key through information exchange with an initiating terminal;

when a first digital signature sent by an initiator is received, acquiring a digital certificate CertA from a CA, and verifying the first digital signature based on the digital certificate CertA;

the first digital signature is obtained by encrypting first data by an initiating terminal by using a private key of the initiating terminal; the first data is generated by the initiating terminal through a first algorithm by using an authentication key consisting of the encryption parameter information and the encryption key and combining with the identity information of the initiating terminal; the digital certificate certA is generated based on the public key information of the initiator after the CA receives the certificate generation request sent by the initiator;

after the first digital signature passes verification, generating a public and private key pair of a response end, and sending a certificate generation request to a CA (certificate Authority) so that the CA generates a digital certificate CertB based on public key information of the response end;

generating second data through a first algorithm by using an authentication key consisting of the encryption parameter information and the encryption key and combining identity information of a response end;

encrypting the second data by using a response end private key to obtain a second digital signature, and sending the second digital signature to the initiating end so that the initiating end verifies the second digital signature based on the digital certificate CertB after obtaining the digital certificate CertB from the CA;

after the second digital signature is verified, a negotiated establishment of IPSec SA is performed to complete the establishment of IPSec communication.

Preferably, the method further comprises the following steps:

obtaining a pseudo-random number nA generated by an initiating terminal and a pseudo-random number nB generated by a responding terminal through information exchange with the initiating terminal;

correspondingly, the generating of the second data through the first algorithm by using the authentication key composed of the encryption parameter information and the encryption key and combining the identity information of the response end includes:

generating second data through a first algorithm by using an authentication key consisting of the encryption parameter information, the encryption key, the pseudo-random number nA and the pseudo-random number nB and combining identity information of a response end;

the first data is generated by the initiator through a first algorithm by using an authentication key consisting of the encryption parameter information, the encryption key, the pseudo-random number nA and the pseudo-random number nB, and combining identity information of the initiator.

Preferably, the obtaining of the pseudo-random number nA generated by the initiator and the pseudo-random number nB generated by the responder by information exchange with the initiator includes:

the receiving and initiating end generates, stores and encrypts the sent pseudo-random number nA,

saving the pseudo random number nA;

a pseudo-random number nB is generated and stored and sent cryptographically to the initiator so that the initiator stores the pseudo-random number nB.

An IPSec communication establishing system is applied to an initiating end and comprises the following components:

the first interaction module is used for determining selected encryption parameter information and an encryption key through information exchange with the response end;

the public and private key pair generation module is used for sending a certificate generation request to the CA after generating a public and private key pair of an initiator so that the CA generates a digital certificate CertA based on public key information of the initiator;

the first data generation module is used for generating first data through a first algorithm by using an authentication key consisting of the encryption parameter information and the encryption key and combining the identity information of the initiating terminal;

the first digital signature generation module is used for encrypting the first data by using an initiator private key to obtain a first digital signature and sending the first digital signature to the response end so that the response end verifies the first digital signature based on the digital certificate Certa after acquiring the digital certificate Certa from CA;

the second digital signature verification module is used for acquiring a digital certificate certB based on public key information of the response terminal from CA when receiving a second digital signature sent by the response terminal, and verifying the second digital signature based on the digital certificate certB;

the IPSec SA negotiation establishing module is used for performing negotiation establishment of the IPSec SA to complete establishment of IPSec communication after the second digital signature passes verification;

An IPSec communication establishing system is applied to a response end and comprises the following components:

the second interactive module is used for determining the selected encryption parameter information and the encryption key through information exchange with the initiating terminal;

the first digital signature verification module is used for acquiring a digital certificate Certa from a CA (certificate Authority) when receiving a first digital signature sent by an initiator, and verifying the first digital signature based on the digital certificate Certa;

the public and private key pair generation module is used for generating a public and private key pair of a response end after the first digital signature passes verification, and sending a certificate generation request to a CA (certificate Authority) so that the CA generates a digital certificate CertB based on public key information of the response end;

the second data generation module is used for generating second data through a first algorithm by utilizing an authentication key consisting of the encryption parameter information and the encryption key and combining the identity information of the response end;

the second digital signature generation module is used for encrypting the second data by using a response end private key to obtain a second digital signature and sending the second digital signature to the initiating end so that the initiating end verifies the second digital signature based on the digital certificate CertB after obtaining the digital certificate CertB from the CA;

and the IPSec SA negotiation establishing module is used for performing IPSec SA negotiation establishment to complete the establishment of IPSec communication after the second digital signature is verified.

By applying the technical scheme provided by the embodiment of the invention, the interaction of the digital certificate between the initiating terminal and the response terminal is not required to be carried out each time the IPSec communication is established as in the traditional scheme through the trusted automatic certificate issuing and acquiring mechanism. Specifically, the initiator determines the selected encryption parameter information and the encryption key through information exchange with the responder, and after the initiator generates a public and private key pair of the initiator, the initiator sends a certificate generation request to the CA, so that the CA generates a digital certificate CertA based on the initiator public key information. The CA may perform trusted certificate issuance. And then, the initiating terminal generates first data through a first algorithm by using the authentication key and combining the identity information of the initiating terminal, encrypts the first data by using a private key of the initiating terminal to obtain a first digital signature and sends the first digital signature to the responding terminal. It can be seen that the originating peer does not need to send the digital certificate to the responding peer along with the first digital signature. The responder can verify the first digital signature based on the digital certificate CertA after acquiring the digital certificate CertA from the CA. The authentication process in the opposite direction is the same as that in the same way, namely when the initiating terminal receives the second digital signature sent by the responding terminal, the initiating terminal acquires the digital certificate CertB based on the public key information of the responding terminal from the CA, verifies the second digital signature based on the digital certificate CertB, and after the second digital signature is verified, the negotiation establishment of the IPSec SA can be carried out so as to complete the establishment of the IPSec communication. It should be noted that, because the initiating end of the present application can obtain the digital certificate CertB based on the public key information of the responding end from the CA, and the responding end can obtain the digital certificate CertA from the CA, the digital certificate does not need to be obtained from the CA as long as IPSec communication is established subsequently within the validity period of the digital certificate, so that the scheme of the present application effectively reduces information interaction and saves bandwidth. And the digital certificates of all the nodes are managed in a centralized way through the CA, so that the unified management and configuration distribution of the digital certificates are facilitated.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic communication flow diagram of IKEv1 phase 1;

fig. 2 is a flowchart of an implementation of a method for establishing IPSec communication in the present invention;

FIG. 3 is a diagram illustrating the composition of an authentication key in accordance with one embodiment;

fig. 4 is a flowchart illustrating an implementation of the method for establishing IPSec communication applied to a responding end in the present invention;

fig. 5 is a schematic structural diagram of an IPSec communication establishment system according to the present invention.

Detailed Description

The core of the invention is to provide a method for establishing IPSec communication, which effectively reduces information interaction and saves bandwidth. And facilitates uniform management and configuration distribution of digital certificates.

In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Referring to fig. 2, fig. 2 is a flowchart of an implementation of a method for establishing IPSec communication in the present invention, where the method is applied to an initiating end, and includes:

step S201: and determining the selected encryption parameter information and the encryption key through information exchange with the response end.

Step S201 belongs to the first phase of IKE, i.e., IKE SA phase. By determining the selected encryption parameter information and the encryption key through the step, the subsequent steps of the IKE SA phase and the second phase of the IKE can carry out data interaction in an encryption connection mode.

Specifically, step S201 may specifically include:

determining an encryption key through Diffie-Hellman exchange with a response end;

the initiator may send a set of proposed encryption parameters to the responder, which may include information such as encryption algorithm, hash algorithm, authentication method, SA lifetime, etc. After the response end receives the information, the response end may select the parameters local to the adaptation response end, and reply the feedback information to the originating end, where it can be understood that the feedback information may carry the selected encryption parameter information determined by the response end.

The initiating end may send the Diffie-Hellman exchange message to the responding end, which replies with the Diffie-Hellman exchange message to the initiating end. After the above operation, the two communication parties can generate a consistent authentication key and an encryption key, and the subsequent two parties can exchange data in an encryption connection mode.

Step S202: and after generating a public and private key pair of the initiator, sending a certificate generation request to the CA so that the CA generates a digital certificate CertA based on the public key information of the initiator.

In the scheme of the application, through the trusted automatic certificate issuing and acquiring mechanism, interaction of the digital certificate between the initiating terminal and the responding terminal is not required to be carried out every time IPSec communication is established as in the conventional scheme.

Specifically, after the originating terminal generates a public and private key pair of the originating terminal, it sends a certificate generation request to a CA (certificate Authority), and the CA generates a digital certificate CertA based on the originating terminal public key information and stores it locally in the CA.

It should be emphasized that, in step S202 of the present application, it is described that the originating terminal sends a certificate generation request to the CA, so that the CA generates the digital certificate CertA based on the public key information of the originating terminal, and when the scheme of the present application is executed again subsequently within the validity period of the digital certificate CertA, and IPSec communication between the originating terminal and the responding terminal is established, there is no need to repeatedly generate the digital certificate CertA and the digital certificate CertB, because after this execution, the originating terminal stores the digital certificate CertB of the responding terminal, and the responding terminal also stores the digital certificate CertA of the originating terminal.

Step S203: and generating first data through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key and combining identity information of an initiating terminal.

The encryption parameter information and the encryption key are determined by exchanging information with the responder in step S201, and the authentication key and the identity information of the initiator are input to a first algorithm, which is typically a hash algorithm, so as to generate first data. Of course, in other embodiments, other types of algorithms may be selected as needed as long as the purpose of the present application can be achieved, that is, the algorithms can be subsequently used for verification. The specific content of the identity information of the initiating terminal and the specific content of the identity information of the responding terminal can be set and adjusted according to actual needs, for example, in practical applications, the identity information of the responding terminal can be the device information of the responding terminal, the identity information of the initiating terminal can be the device information of the initiating terminal, and of course, other identity information for endpoint distinction can be selected in other embodiments.

Further, in an embodiment of the present invention, it is considered that the identity information is relatively fixed, so that the randomness of the generated first digital signature and the second digital signature is relatively weak, which reduces the security of the scheme to a certain extent. Therefore, in this embodiment, the method further includes:

correspondingly, step S203 may specifically be:

generating first data through a first algorithm by using an authentication key consisting of encryption parameter information, an encryption key, a pseudo-random number nA and a pseudo-random number nB and combining identity information of an initiating terminal;

the second data is generated by the response end through a first algorithm by using an authentication key consisting of encryption parameter information, an encryption key, a pseudo-random number nA and a pseudo-random number nB and combining identity information of the response end.

For easy understanding, refer to fig. 3, which is a schematic diagram illustrating the composition of the authentication key in this embodiment. After step S201, the initiating side and the responding side both store the same cookie, that is, both store the selected encryption parameter information and the encryption key. In the embodiment of fig. 3, the encryption parameter information is represented by cA and cB, i.e., cookie a and cookie b, and it should be noted that cA and cB are stored in both the initiating side and the responding side. cA and cB have different characteristics for different communication partners. For the initiator, cA is the initiator cookie, cB is the responder cookie, and for the responder, cA is the responder cookie, cB is the initiator cookie. The encryption key is shown in figure 3 as dhK.

In a typical embodiment, the authentication key is composed based on cA, cB, and dhK. In this embodiment, the initiator obtains the pseudo-random number nA generated by the initiator and the pseudo-random number nB generated by the responder through information exchange with the responder. In the scheme of the application, the initiating terminal and the responding terminal both form the authentication key by cA, cB, dhK and nA, nB, so that the randomness and the complexity of the authentication key are increased, and the safety of the scheme is improved.

Further, in an embodiment of the present invention, the operation of obtaining the pseudo-random number nA generated by the initiator and the pseudo-random number nB generated by the responder through information exchange with the responder may specifically include:

the pseudo random number nB is saved.

In the embodiment, after the initiation end generates and stores the pseudo-random number nA, the pseudo-random number nA is encrypted and sent to the response end, and correspondingly, after the response end generates and stores the pseudo-random number nB, the pseudo-random number nB is encrypted and sent to the initiation end, so that the interaction process of the pseudo-random numbers nA and nB is also encrypted, and the safety of the scheme is further improved.

Step S204: the first data are encrypted by using an initiator private key to obtain a first digital signature, and the first digital signature is sent to the response end, so that the response end verifies the first digital signature based on the digital certificate certA after obtaining the digital certificate certA from the CA.

After the originating terminal generates the public-private key pair of the originating terminal and obtains the first data in step S202, the first data may be encrypted by using the private key to obtain a first digital signature in step S204, and the first digital signature is sent to the responding terminal.

The responder receives the first digital signature, and can request the digital certificate Certa of the initiator from the CA according to the information in the first digital signature, so as to verify the first digital signature based on the digital certificate Certa. Of course, as described above, if the responder already stores the digital certificate CertA of the initiator and is within the valid period of the digital certificate CertA of the initiator, the digital certificate CertA does not need to be acquired from the CA.

It is understood that, in practical applications, the digital certificate may be uniformly managed based on the CA, for example, setting a uniform expiration time.

When the responder verifies the first digital signature, specifically, the responder may decrypt the first digital signature based on the public key information of the initiator in the digital certificate CertA, for example, data after decrypting the first digital signature is referred to as data 1, and meanwhile, the responder may independently generate the data 1, so as to compare the data 1 with the decrypted data 1, and if the two are consistent, the verification is passed. The process of independently generating the data 1 by the response end is consistent with the process of generating the data 1 by the initiating end, that is, the response end can generate the first data by the first algorithm by using the authentication key and combining the identity information of the initiating end.

Step S205: and when receiving a second digital signature sent by the response end, acquiring a digital certificate certB based on the public key information of the response end from the CA, and verifying the second digital signature based on the digital certificate certB.

After the responder verifies that the first digital signature passes, a second digital signature is generated and sent to the initiator. The second digital signature is a second digital signature obtained by encrypting second data by using a response end private key by the response end, and the second data is second data generated by the response end through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key in combination with identity information of the response end.

When the initiator receives the second digital signature sent by the responder, the initiator can acquire a digital certificate CertB based on the public key information of the responder from the CA and verify the second digital signature based on the digital certificate CertB. Of course, if the initiator already stores the digital certificate CertB of the responder and the digital certificate CertB is within the valid period of the digital certificate CertB, the digital certificate CertB does not need to be acquired from the CA.

The process of generating and sending the second digital signature by the responder and verifying by the initiator is the same as the process of generating and sending the first digital signature by the initiator and verifying by the responder, and the description is not repeated here.

Step S206: after the second digital signature verification passes, a negotiated setup of IPSec SAs is performed to complete the setup of IPSec communication.

After the second digital signature verification passes, the second phase of IKE communication may be performed, i.e., the negotiation setup of IPSec SAs. Specifically, the initiation segment sends the suggested value of the SA parameter, which mainly includes an encryption algorithm, a hash algorithm, an encapsulation protocol, a life cycle of the SA, and the like, and the response end sends the locally matched parameter value selected from the suggested value of the SA and replies to the initiation end. The initiating terminal sends the confirmation information to the responding terminal, and the subsequent communication adopts the newly established IPSec SA to complete the communication.

Corresponding to the above embodiments, the embodiments of the present invention further provide a method for establishing IPSec communication, which is applied to a response end and can be referred to in correspondence with the above.

As shown in fig. 4, the method comprises the following steps:

step S401: determining selected encryption parameter information and an encryption key through information exchange with an initiating terminal;

step S402: when a first digital signature sent by an initiator is received, acquiring a digital certificate CertA from a CA, and verifying the first digital signature based on the digital certificate CertA;

the first digital signature is obtained by encrypting the first data by the initiating terminal by using a private key of the initiating terminal; the first data is generated by the originating terminal through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key and combining identity information of the originating terminal; the digital certificate certA is generated based on the public key information of the initiator after the CA receives the certificate generation request sent by the initiator;

step S403: after the first digital signature passes verification, generating a public and private key pair of a response end, and sending a certificate generation request to a CA (certificate Authority) so that the CA generates a digital certificate CertB based on public key information of the response end;

step S404: generating second data through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key and combining identity information of a response end;

step S405: encrypting the second data by using a private key of the response terminal to obtain a second digital signature, and sending the second digital signature to the initiating terminal so that the initiating terminal verifies the second digital signature based on the digital certificate certB after acquiring the digital certificate certB from the CA;

step S406: after the second digital signature is verified, a negotiated establishment of IPSec SA is made to complete the establishment of IPSec communication.

In one embodiment of the present invention, the method further comprises:

accordingly, step S404 includes:

generating second data through a first algorithm by using an authentication key consisting of encryption parameter information, an encryption key, a pseudo-random number nA and a pseudo-random number nB and combining identity information of a response end;

the first data is generated by the initiator through a first algorithm by using an authentication key consisting of encryption parameter information, an encryption key, a pseudo-random number nA and a pseudo-random number nB and combining identity information of the initiator.

In one embodiment of the present invention, obtaining a pseudo-random number nA generated by an initiator and a pseudo-random number nB generated by a responder by exchanging information with the initiator includes:

storing the pseudo-random number nA;

the pseudo-random number nB is generated and stored and sent to the initiator in an encrypted manner so that the initiator stores the pseudo-random number nB.

In one embodiment of the present invention, step S401 includes:

receiving a group of suggested encryption parameters sent by an initiating terminal, and sending feedback information to the initiating terminal so that the initiating terminal determines selected encryption parameter information based on the feedback information;

the encryption key is determined by a Diffie-Hellman exchange with the originating end.

Corresponding to the above method embodiment, the embodiment of the present invention further provides a system for establishing IPSec communication, which is applied to an initiating end and can be referred to in correspondence with the above.

Referring to fig. 5, a schematic structural diagram of an IPSec communication establishing system is shown, which includes:

a first interaction module 501, configured to determine selected encryption parameter information and an encryption key through information exchange with a response end;

a public and private key pair generating module 502, configured to send a certificate generation request to a CA after generating a public and private key pair of an initiator, so that the CA generates a digital certificate CertA based on initiator public key information;

a first data generating module 503, configured to generate first data through a first algorithm by using an authentication key that is formed by encryption parameter information and an encryption key, and in combination with identity information of an originating terminal;

the first digital signature generation module 504 is configured to encrypt the first data by using a private key of the initiating terminal to obtain a first digital signature, and send the first digital signature to the responding terminal, so that the responding terminal verifies the first digital signature based on the digital certificate CertA after obtaining the digital certificate CertA from the CA;

a second digital signature verification module 505, configured to, when receiving a second digital signature sent by a response end, obtain a digital certificate CertB based on public key information of the response end from a CA, and verify the second digital signature based on the digital certificate CertB;

an IPSec SA negotiation establishing module 506, configured to perform negotiation establishment of the IPSec SA after the second digital signature verification passes, so as to complete establishment of IPSec communication;

the second digital signature is obtained by encrypting second data by using a response end private key by the response end, and the second data is generated by the response end through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key in combination with identity information of the response end.

In one embodiment of the present invention, the method further comprises:

the first pseudo-random number construction module is used for obtaining a pseudo-random number nA generated by an initiator and a pseudo-random number nB generated by a response end through information exchange with the response end;

correspondingly, the first data generating module 503 is specifically configured to:

In an embodiment of the present invention, the first pseudo random number constructing module is specifically configured to:

the pseudo random number nB is saved.

In an embodiment of the present invention, the first interaction module 501 is specifically configured to:

the embodiment of the invention also provides a system for establishing the IPSec communication, which is applied to a response end and can be correspondingly referred to with the above, and the system comprises the following steps:

the first digital signature verification module is used for acquiring a digital certificate CertA from a CA when receiving a first digital signature sent by an initiator, and verifying the first digital signature based on the digital certificate CertA;

the public and private key pair generation module is used for generating a public and private key pair of the response end after the first digital signature passes verification, and sending a certificate generation request to the CA so that the CA generates a digital certificate CertB based on public key information of the response end;

the second data generation module is used for generating second data through a first algorithm by using an authentication key consisting of encryption parameter information and an encryption key and combining the identity information of the response end;

the second digital signature generation module is used for encrypting the second data by using the private key of the response terminal to obtain a second digital signature, and sending the second digital signature to the initiating terminal, so that the initiating terminal verifies the second digital signature based on the digital certificate CertB after acquiring the digital certificate CertB from the CA

And the IPSec SA negotiation establishing module is used for performing negotiation establishment of the IPSec SA to complete the establishment of IPSec communication after the second digital signature is verified.

In an embodiment of the present invention, the apparatus further comprises a first pseudo random number construction module configured to:

correspondingly, the second data generation module is specifically configured to:

storing the pseudo-random number nA;

In a specific embodiment of the present invention, the second interaction module is specifically configured to:

It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. The principle and the implementation of the present invention are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present invention. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.

Claims

1. A method for establishing IPSec communication is applied to an initiating end and comprises the following steps:

2. The method for establishing IPSec communication according to claim 1, further comprising:

3. The method for establishing IPSec communication according to claim 2, wherein the obtaining of the pseudo-random number nA generated by the initiator and the pseudo-random number nB generated by the responder by information exchange with the responder comprises:

the pseudo random number nB is saved.

4. The method for establishing IPSec communication according to claim 1, wherein the determining the selected encryption parameter information and the encryption key by information exchange with the responder comprises:

5. The method for establishing IPSec communication according to claim 1, wherein the identity information of the responding end is the device information of the responding end, the identity information of the initiating end is the device information of the initiating end, and the first algorithm is a hash algorithm.

6. A method for establishing IPSec communication is applied to a response end and comprises the following steps:

7. The method for establishing IPSec communication according to claim 6, further comprising:

8. The method of establishing IPSec communication according to claim 7, wherein the obtaining of the pseudo-random number nA generated by the initiator and the pseudo-random number nB generated by the responder by information exchange with the initiator comprises:

saving the pseudo random number nA;

9. An IPSec communication establishment system, which is applied to an initiating end, includes:

10. An IPSec communication establishment system, applied to a response end, includes:

and the IPSec SA negotiation establishing module is used for performing negotiation establishment of the IPSec SA to complete establishment of IPSec communication after the second digital signature is verified.