Authentication and key agreement with perfect forward secrecy
US-2017006469-A1 · Jan 5, 2017 · US
Private key generation method and system, and device
US11212088B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212088-B2 |
| Application number | US-201916564140-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 9, 2019 |
| Priority date | Mar 8, 2017 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of this application provide a private key generation method and system, and a device. The method includes: receiving, by a terminal device, a first response message sent by a first network device, where the first response message includes at least a first sub-private key, and the first sub-private key is generated based on a first parameter set sent by a second network device; receiving, by the terminal device, a second response message sent by the second network device, where the second response message includes at least a second sub-private key, and the second sub-private key is generated based on a second parameter set sent by the first network device; and synthesizing, by the terminal device, a joint private key based on at least the first sub-private key and the second sub-private key.
First claim
Opening claim text (preview).
What is claimed is: 1. A private key generation system, comprising: a first network device; a second network device; and a terminal device, wherein the first network device is configured to send a first response message to the terminal device, wherein the first response message comprises at least a first sub-private key, and the first sub-private key is generated based on a first parameter set sent by the second network device to the first network device; wherein the second network device is configured to send a second response message to the terminal device, wherein the second response message comprises at least a second sub-private key, and the second sub-private key is generated based on a second parameter set sent by the first network device to the second network device; and wherein the terminal device is configured to: synthesize a first joint private key based on at least the first sub-private key and the second sub-private key according to the following formula: SSK_1=SSK1+SSK2, wherein SSK_ 1 is the first joint private key, SSK 1 is the first sub-private key, and SSK 2 is the second sub-private key, determine a first joint public validation token, and synthesize a first joint public key based on the first joint public validation token and an identifier of the terminal device, wherein the first joint public key is paired with the first joint private key. 2. The system according to claim 1 , wherein: the terminal device is configured to send a first request to the first network device, wherein the first request comprises at least the identifier of the terminal device and an identifier of the second network device; the terminal device is configured to send a second request to the second network device, wherein the second request comprises at least the identifier of the terminal device and an identifier of the first network device; the first network device is configured to send a third request to the second network device based on the identifier of the second network device, wherein the third request comprises a first global public key and a first public validation token, the first global public key is generated by the first network device, and the first public validation token is generated by the first network device; the second network device is configured to send a fourth request to the first network device based on the identifier of the first network device, wherein the fourth request comprises a second global public key and a second public validation token, the second global public key is generated by the second network device, and the second public validation token is generated by the second network device; the first network device is configured to generate the first sub-private key based on the first parameter set, wherein the first parameter set comprises the identifier of the terminal device, the second global public key, and the second public validation token; and the second network device is configured to generate the second sub-private key based on the second parameter set, wherein the second parameter set comprises the identifier of the terminal device, the first global public key, and the first public validation token. 3. The system according to claim 1 , wherein: the terminal device is configured to send a first request to the first network device, wherein the first request comprises at least the identifier of the terminal device and an identifier of the second network device; the first network device is configured to send a third request to the second network device based on the identifier of the second network device, wherein the third request comprises the identifier of the terminal device, a first global public key, a first public validation token, the first global public key is generated by the first network device, and the first public validation token is generated by the first network device; the second network device is configured to generate the second sub-private key based on the identifier of the terminal device, the first global public key, and the first public validation token; the second network device is configured to return a third response message to the first network device, wherein the third response message comprises a second global public key and a second public validation token, the second global public key is generated by the second network device, and the second public validation token is generated by the second network device; and the first network device is configured to generate the first sub-private key based on the identifier of the terminal device, the second global public key, and the second public validation token. 4. The system according to claim 1 , wherein the first response message further comprises the first joint public validation token, and the terminal device is configured to obtain the first joint public validation token from the first response message. 5. The system according to claim 1 , wherein the first response message further comprises the first public validation token, and the terminal device is configured to calculate the first joint public validation token according to the following formula: PVT_ U 1=PVT1*PVT2, wherein PVT_U 1 is the first joint public validation token, PVT 1 is the first public validation token, and PVT 2 is the second public validation token. 6. The system according to claim 2 , wherein the terminal device is configured to synthesize the first sub-private key and the second sub-private key into a second joint private key according to the following formula: SSK_2=SSK1+SSK2+HS* v 0 mod q, wherein SSK_ 2 is the second joint private key; SSK 1 is the first sub-private key; wherein SSK 2 is the second sub-private key; HS is a hash parameter; wherein HS=hash(KPAK 1 ∥KPAK 2 ∥ID∥PVT_U 2 ), hash( ) is a hash function, KPAK 1 is the first global public key, KPAK 2 is the second global public key, ID is the identifier of the terminal device, and PVT_U 2 is a second joint public validation token; wherein q is a prime number; and wherein v 0 is a random number selected by the terminal device from a finite field F_q generated by the prime number q. 7. The system according to claim 6 , wherein the terminal device is further configured to: determine the second joint public validation token, and synthesize a second joint public key based on the second joint public validation token and the identifier of the terminal device, wherein the second joint public key is paired with the second joint private key. 8. The system according to claim 7 , wherein the first response message further comprises the first joint public validation token, and the terminal device is configured to obtain the second joint public validation token from the first response message. 9. A private key generation method, comprising: receiving, by a terminal device, a first response message sent by a first network device, wherein the first response message comprises at least a first sub-private key, and the first sub-private key is generated based on a first parameter set received from a second network device; receiving, by the terminal device, a second response message sent by the second network device, wherein the second response message comprises at least a second sub-private key, and the second sub-private key is generated based on a second parameter set received from the first network device; and synthesizing, by the terminal device, a first joint private key based on at least the first sub-private key and the second sub-private key according to the following formula: SSK_1=SSK1+SSK2, wherein SSK_ 1 is the first joint private key, SSK 1 is the first sub-private key, and SSK 2 is the second sub-private key, determining, by th
Assignees
Inventors
Classifications
- H04L9/0838Primary
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
Key distribution {or management, e.g. generation, sharing or updating, of cryptographic keys or passwords (network architectures or network communication protocols for supporting key management in a packet data network H04L63/06)} · CPC title
- H04L9/0861Primary
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
- H04L9/0866Primary
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212088B2 cover?
- Embodiments of this application provide a private key generation method and system, and a device. The method includes: receiving, by a terminal device, a first response message sent by a first network device, where the first response message includes at least a first sub-private key, and the first sub-private key is generated based on a first parameter set sent by a second network device; recei…
- Who is the assignee on this patent?
- Huawei Tech Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0838. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).