KEY DISTRIBUTING METHOD, PUBLIC KEY OF KEY DISTRIBUTION CENTRE ONLINE UPDATING METHOD AND DEVICE
First Claim
1. A key distribution method, wherein a key distribution center has a public-private key pair, and the method comprises:
- receiving, by the key distribution center, a key request message forwarded via a carrier device from a first communication entity, the key request message comprising a temporary public key of a first communication entity;
searching, by the key distribution center, a database for whether the first communication entity and a second communication entity both have registered a security service, and generating a session key for communication between the first communication entity and the second communication entity if they both have registered the security service;
encrypting, by the key distribution center, the session key using the temporary public key of the first communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message;
returning, by the key distribution center, the key response message to the first communication entity via the carrier device;
receiving, by the key distribution center, a key request message forwarded via the carrier device from the second communication entity, the key request message comprising a temporary public key of the second communication entity;
encrypting, by the key distribution center, the session key for communication between the second communication entity and the first communication entity using the temporary public key of the second communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message; and
returning, by the key distribution center, the key response message formed using the temporary public key of the second communication entity to the second communication entity via the carrier device.
1 Assignment
0 Petitions
Accused Products
Abstract
A key distributing method, a public key of key distribution centre online updating method, a key distribution centre, a communication entity and a key management system. The system includes: communication entities, a carrying device, a key distribution centre and a database, wherein the carrying device carries or transports the information during the key distributing course and the public key online updating course, the database stores whether each communication entity registered secret service; the database connects with the key distribution centre, the key distribution centre connects with the carrying device, and the carrying device connects with each communication entity. Using the cipher technology of public key, a key distribution system is provided based on principle of three-element peer authentication (TePA). The system safely distributes the communication key to each pair entities to enable keys have PFS attribute, reduces the key management complexity of the system, and realizes online updating of the public key of the trusted third party i.e. key distribution centre.
49 Citations
21 Claims
-
1. A key distribution method, wherein a key distribution center has a public-private key pair, and the method comprises:
-
receiving, by the key distribution center, a key request message forwarded via a carrier device from a first communication entity, the key request message comprising a temporary public key of a first communication entity; searching, by the key distribution center, a database for whether the first communication entity and a second communication entity both have registered a security service, and generating a session key for communication between the first communication entity and the second communication entity if they both have registered the security service; encrypting, by the key distribution center, the session key using the temporary public key of the first communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message; returning, by the key distribution center, the key response message to the first communication entity via the carrier device; receiving, by the key distribution center, a key request message forwarded via the carrier device from the second communication entity, the key request message comprising a temporary public key of the second communication entity; encrypting, by the key distribution center, the session key for communication between the second communication entity and the first communication entity using the temporary public key of the second communication entity, and calculating a signature using the private key of the key distribution center, to form a key response message; and returning, by the key distribution center, the key response message formed using the temporary public key of the second communication entity to the second communication entity via the carrier device. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
2. A key distribution method, wherein communication entities obtain a public key of a key distribution center before secure communication, and the method comprises:
-
generating, by a first communication entity and a second communication entity, their respective temporary public-private key pairs; sending, by each of the first communication entity and the second communication entity, a key request message using its generated temporary public key to the key distribution center via a carrier device, the key request message comprising the temporary public key of the corresponding communication entity; receiving, a key response message sent from the key distribution center via the carrier device, the key response message comprising a session key for communication between the first communication entity and the second communication entity; and performing, by each of the first communication entity and the second communication entity, signature verification on the key response message using the public key of the key distribution center, and decrypting the key response message using its temporary private key if the verification is passed, to obtain the session key. - View Dependent Claims (3, 19, 20, 21)
-
-
9. A key distribution center, wherein the key distribution center having a public-private key pair, and the key distribution center comprises:
-
a first reception unit, adapted to receive a key request message forwarded via a carrier device from the first communication entity, the key request message comprising a temporary public key of a first communication entity and information about a second communication entity that the first communication entity is to communicate with, and receive a second key request message forwarded via the carrier device from the second communication entity, the second key request message comprising a temporary public key of the second communication entity and information about the first communication entity that the second communication entity is to communicate with; a querying unit, adapted to search a database for whether the first communication entity and the second communication entity both have registered a security service, and send a query result; a first generation unit, adapted to generate a session key for communication between the first communication entity and the second communication entity upon reception of the query result sent by the querying unit that the first communication entity and the second communication entity both have registered the security service; an encryption unit, adapted to encrypt the session key generated by the generation unit using the temporary public key of the first communication entity and calculate a signature using the private key of the key distribution center, to form a key response message, and, encrypt the session key for communication between the second communication entity and the first communication entity using the temporary public key of the second communication entity and calculate a signature using the private key of the key distribution center, to form a key response message; and a first sending unit, adapted to return the key response message formed by the encryption unit using the temporary public key of the first communication entity to the first communication entity via the carrier device, and return the key response message formed using the temporary public key of the second communication entity to the second communication entity via the carrier device. - View Dependent Claims (10, 11)
-
-
12. A communication entity, wherein the communication entity is adapted to obtain a public key of a key distribution center before secure communication, and the communication entity comprises:
-
a generation unit, adapted to generate a temporary public-private key pair; a sending unit, adapted to send a key request message using the generated temporary public key to a key distribution center via a carrier device, the key request message comprising the temporary public key of the communication entity and information about a corresponding communication entity that the communication entity is to communicate with; a reception unit, adapted to receive a key response message sent from the key distribution center, the key response message comprising a session key for communication between the communication entity and the corresponding communication entity that the communication entity is to communicate with; and a verification unit, adapted to perform signature verification on the key response message using the public key of the key distribution center, and decrypt the key response message using the temporary private key of the communication entity if the verification is passed, to obtain the session key. - View Dependent Claims (13, 14, 15)
-
-
16. A key management system, comprising a communication entity, a carrier device, a key distribution center and a database, wherein:
-
the carrier device is adapted to transport a key request message, a key response message, a public-key update notification or a public-key update confirmation message during key distribution process and public-key update processes; the database is adapted to store whether the communication entity has registered a security service and support the key distribution center;
or, to return a list of communication entities that have registered the security service to the key distribution center;the key distribution center is connected with the carrier device and the database, and is adapted to determine whether to generate a session key according to a result from searching the database upon reception of the key request message forwarded via the carrier device, encrypt and sign the generated session key to form a key response message, and send the key response message to the communication entity via the carrier device;
or, to search the database to obtain the list of communication entities that have registered the security service, send the generated public-key update notification message to the communication entity via the carrier device, and receive the public-key update confirmation message via the carrier device that is sent from the communication entity; andthe communication entity is adapted to generate a temporary public-private key pair, send the key request message to the key distribution center via the carrier device, and perform signature verification on and decrypt the received key response message using a public key of the key distribution center and the temporary private key of the communication entity to obtain the session key;
or, to update a stored public key upon reception of the public key update notification message via the carrier device that is sent from the key distribution center, and send the public-key update confirmation message to the key distribution center via the carrier device after finishing updating the stored public key. - View Dependent Claims (17, 18)
-
Specification