Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Key agreement system, method, and apparatus
US11483142B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11483142-B2 |
| Application number | US-202017107218-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 30, 2020 |
| Priority date | May 30, 2018 |
| Publication date | Oct 25, 2022 |
| Grant date | Oct 25, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A key agreement system, method, and apparatus are provided. The method includes: generating, by a first device, a private-public key pair, sending a public key in the private-public key pair to a second device, and receiving a ciphertext and a commitment value; obtaining, by the first device, a first result, obtaining an original key based on a private key in the private-public key pair and the ciphertext, determining a second bit string based on some bits in the original key, calculating a second result based on the second bit string and the first result, and sending the second result to the second device; and receiving, by the first device, an opening value, performing authentication on the second device based on the opening value and the commitment value to obtain an authentication result, and generating a session key used to communicate with the second device.
First claim
Opening claim text (preview).
What is claimed is: 1. A key agreement system comprising: a first device and a second device each having a hardware processor, wherein the first device is configured to: generate a private-public key pair by using a key generation algorithm, and send a public key in the private-public key pair to the second device; the second device is configured to: select an original key based on the received public key by using an encapsulation algorithm, obtain a ciphertext based on the public key and the original key by using the encapsulation algorithm, obtain a commitment value and an opening value based on a first bit string and a random number by using a commitment algorithm, send the ciphertext and the commitment value to the first device, wherein the first bit string is a random bit string, and determine a second bit string based on a part of bits in the original key, and determine a first result based on the first bit string and the second bit string; the first device is further configured to: obtain the original key based on a private key in the private-public key pair and the received ciphertext by using a decapsulation algorithm, determine the second bit string based on the part of bits in the original key, determine a second result based on the second bit string and the first result, and send the second result to the second device; the second device is further configured to, in response to the first bit string being the same as the received second result; send the opening value to the first device, and generate a session key used to communicate with the first device, wherein that the first bit string is the same as the second result indicates that the second device successfully authenticates the first device; and the first device is further configured to: authenticate the second device based on the received opening value and commitment value to obtain an authentication result, wherein the authentication result indicates that the first device successfully authenticates the second device, and generates a session key used to communicate with the second device. 2. The system according to claim 1 , wherein the second device is configured to determine the first bit string and the second result by using a first algorithm, to obtain the first result; and the first device is configured to determine the second bit string and the first result by using the first algorithm, to obtain the second result, wherein the first algorithm is any one or a combination of an exclusive OR operation, a modulo addition operation, a modulo subtraction operation, or a modulo multiplication operation. 3. The system according to claim 1 , wherein the first device is further configured to: delete the private-public key pair after generating the session key used to communicate with the second device; and re-generate a private-public key pair during an initiation of a key agreement again with the second device or an initiation of a key agreement with a third device. 4. The system according to claim 1 , wherein the second device is further configured to: delete the public key after generating the session key used to communicate with the first device; and generate a private-public key pair during an initiation of a key agreement again with the first device or an initiation of a key agreement with the third device. 5. The system according to claim 1 , wherein the first device is further configured to generate the session key used to communicate with the second device, based on one or more of the following parameters: an identifier of the first device, an identifier of the second device, the public key, the ciphertext, the commitment value, the opening value, the original key, or the second result; and the second device is further configured to generate, based on the one or more parameters, the session key used to communicate with the first device, wherein the session key used to communicate with the second device is the same as the session key used to communicate with the first device. 6. A key agreement method comprising: generating, by a first device, a private-public key pair by using a key generation algorithm, and sending a public key in the private-public key pair to a second device; and receiving, by the first device, a ciphertext and a commitment value, wherein the ciphertext is obtained based on the public key and an original key by using an encapsulation algorithm, the original key is selected based on the public key by using the encapsulation algorithm, and the commitment value is obtained based on a first bit string and a random number by using a commitment algorithm, wherein the first bit string is a random bit string; obtaining, by the first device, a first result, wherein the first result is determined based on the first bit string and a second bit string, and the second bit string is determined based on a part of bits in the original key; obtaining, by the first device, the original key based on a private key in the private-public key pair and the ciphertext by using a decapsulation algorithm, and determining the second bit string based on the part of bits in the original key; determining, by the first device, a second result based on the second bit string and the first result, and sending the second result to the second device; receiving, by the first device, an opening value, wherein the opening value is sent by the second device to the first device in response to the first bit string being the same as the second result, and the opening value is obtained based on the first bit string and the random number by using the commitment algorithm; and performing, by the first device, authentication on the second device based on the opening value and the commitment value, to obtain an authentication result, wherein the authentication result indicates that the first device successfully authenticates the second device; and generating a session key used to communicate with the second device. 7. The method according to claim 6 , wherein the determining the second result based on the second bit string and the first result comprises: determining the second result using a first algorithm based on the second bit string and the first result, wherein the first algorithm is any one or a combination of an exclusive OR operation, a modulo addition operation, a modulo subtraction operation, or a modulo multiplication operation. 8. The method according to claim 6 , wherein after the first device generates the session key used to communicate with the second device, the method further comprises: deleting, by the first device, the private-public key pair; and re-generating, by the first device, a private-public key pair during an initiation of a key agreement again with the second device or an initiation of a key agreement with a third device. 9. The method according to claim 6 , wherein that the first device generates the session key used to communicate with the second device comprises: generating, by the first device, the session key used to communicate with the second device, based on one or more of the following parameters: an identifier of the first device, an identifier of the second device, the public key, the ciphertext, the commitment value, the opening value, the original key, or the second result. 10. A key agreement method comprising: receiving, by a second device, a public key, wherein the public key is a public key in a private-public key pair generated by using a key generation algorithm; selecting, by the second device, an original key based on the public key by using an encapsulation algorithm, obtaining a ciphertext based on the public key and the original key by using the encapsulation a
Assignees
Inventors
Classifications
involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation · CPC title
using challenge-response · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11483142B2 cover?
- A key agreement system, method, and apparatus are provided. The method includes: generating, by a first device, a private-public key pair, sending a public key in the private-public key pair to a second device, and receiving a ciphertext and a commitment value; obtaining, by the first device, a first result, obtaining an original key based on a private key in the private-public key pair and the…
- Who is the assignee on this patent?
- Huawei Int Pte Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0825. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 25 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).